The following Fedora EPEL 7 Security updates need testing:
Age URL
1031
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
794
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
376
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
274
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
271
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
105
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23
libmspack-0.6-0.1.alpha.el7
43
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece
nagios-4.3.4-5.el7
32
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d704442ae7
qpid-cpp-1.37.0-1.el7
25
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f2055d3f62
shellinabox-2.20-5.el7
23
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30026fdcc1
hostapd-2.6-7.el7
19
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-ae06399a6b
heimdal-7.5.0-1.el7
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-263dafc1ae
python-mistune-0.8.3-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-957aa05f33
heketi-5.0.1-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c3fbd2a463
thunderbird-enigmail-1.9.9-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3970cc8703
global-6.5.6-3.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b
monit-5.25.1-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-753e392fc4
xrdp-0.9.5-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2e2d08b1ff
awstats-7.6-4.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5ac9ee4e7f
lighttpd-1.4.48-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-49ca8440a1
gifsicle-1.90-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
R-littler-0.3.3-1.el7
awstats-7.6-4.el7
fedmsg-1.1.0-1.el7
flashrom-1.0-1.el7
getdns-1.3.0-1.el7
gifsicle-1.90-1.el7
lighttpd-1.4.48-1.el7
mozilla-https-everywhere-2017.12.6-2.el7
paper-icon-theme-1.4.0-1.el7
python-amqp-1.4.9-1.el7
python-rpm-macros-3-18.el7
python3-backports-ssl_match_hostname-3.5.0.1-1.el7
python3-docker-pycreds-0.2.1-1.el7
python36-3.6.3-6.el7
sscg-2.3.1-1.el7
xxhash-0.6.4-1.el7
Details about builds:
================================================================================
R-littler-0.3.3-1.el7 (FEDORA-EPEL-2018-83fe70f855)
littler: R at the Command-Line via 'r'
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
================================================================================
awstats-7.6-4.el7 (FEDORA-EPEL-2018-2e2d08b1ff)
Advanced Web Statistics
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-1000501
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1529349 - CVE-2017-1000501 awstat: Two path traversal issues in awstat.pl
https://bugzilla.redhat.com/show_bug.cgi?id=1529349
--------------------------------------------------------------------------------
================================================================================
fedmsg-1.1.0-1.el7 (FEDORA-EPEL-2018-68d88c6dd7)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
# v1.1.0 ## Deprecations - Using URLs for the CA and CRL settings
(`ca_cert_location` and `crl_location` respectively) is now deprecated and
will be removed in a future release. Please use filesystem paths instead.
## Features - Allow the CA and CRL configuration options to be file paths
([\#484](https://github.com/fedora-infra/fedmsg/pull/484)). - All
configuration settings now have defaults and validators
([\#488](https://github.com/fedora-infra/fedmsg/pull/488)). - Strengthen
"legacy protection" in fedmsg.meta by catching KeyErrors
([\#493](https://github.com/fedora-infra/fedmsg/pull/493)). ## Bug fixes -
Remove the duplicate dependency on `cryptography` from the main install
requires ([\#486](https://github.com/fedora-infra/fedmsg/pull/486)). -
Adjust the x509 signing API to return text instead of bytes
([\#495](https://github.com/fedora-infra/fedmsg/issues/495)). ## Development
improvements - Alter how the tests determine if cryptography is available to
work better with old versions of pyOpenSSL ([\#482](https://github.com
/fedora-infra/fedmsg/pull/482)).
--------------------------------------------------------------------------------
================================================================================
flashrom-1.0-1.el7 (FEDORA-EPEL-2018-b59317f7a6)
Simple program for reading/writing flash chips content
--------------------------------------------------------------------------------
Update Information:
flashrom 1.0.0 ============== New major user-visible features
------------------------------- * Support layouts for read and erase commands
* New command line switch --noverify-all (-N) allows flashing of individual
regions without reading the whole flash chip (particular useful with locked down
Intel ME firmware) * New command line switch --ifd to read the layout from an
Intel Firmware Descriptor on flash * We got rid of the delay-loop calibration
(if the OS provides an accurate timer through clock_gettime()) * Reading speed
of USB programmers should have increased (reading bigger chunks at once, we
reduce the overhead) * Support Intel 100 series PCHs (Sunrise Point, coupled
with Skylake and Kaby Lake) and C620 series PCHs (Lewisburg paired with
Workstation/Server versions of the former) New programmers ---------------
* Intel 100 series / C620 series PCHs * Intel I210 NICs (EEPROM and SPI) *
AMD Merlin Falcon (FP4) New chips --------- * W25Q128.W Infrastructural
improvements and fixes -------------------------------------- * Replace the
calibrated delay-loop with a loop over clock_gettime() if applicable * Switch
to Git as VCS
--------------------------------------------------------------------------------
================================================================================
getdns-1.3.0-1.el7 (FEDORA-EPEL-2018-ce3359efa5)
Modern asynchronous API to the DNS
--------------------------------------------------------------------------------
Update Information:
Updated to 1.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1462043 - getdns-1.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1462043
--------------------------------------------------------------------------------
================================================================================
gifsicle-1.90-1.el7 (FEDORA-EPEL-2018-49ca8440a1)
Powerful program for manipulating GIF images and animations
--------------------------------------------------------------------------------
Update Information:
Update to 1.90 - Fixes CVE-2017-1000421
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1530541 - CVE-2017-1000421 gifsicle: use-after-free in the read_gif function
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1530541
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.48-1.el7 (FEDORA-EPEL-2018-5ac9ee4e7f)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
1.4.48
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1530548 - Update to lighttpd 1.4.48
https://bugzilla.redhat.com/show_bug.cgi?id=1530548
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-2017.12.6-2.el7 (FEDORA-EPEL-2018-457497cc85)
HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
- remove some unnecessary files - ruleset updates
--------------------------------------------------------------------------------
================================================================================
paper-icon-theme-1.4.0-1.el7 (FEDORA-EPEL-2018-8c19ed35f9)
Modern freedesktop icon theme
--------------------------------------------------------------------------------
Update Information:
* Initial rpm release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1529758 - Review Request: paper-icon-theme - Modern freedesktop icon theme
https://bugzilla.redhat.com/show_bug.cgi?id=1529758
--------------------------------------------------------------------------------
================================================================================
python-amqp-1.4.9-1.el7 (FEDORA-EPEL-2018-73496795c8)
Low-level AMQP client for Python (fork of amqplib)
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.9 ---- Update to 1.4.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1448466 - please update to 1.4.9
https://bugzilla.redhat.com/show_bug.cgi?id=1448466
--------------------------------------------------------------------------------
================================================================================
python-rpm-macros-3-18.el7 (FEDORA-EPEL-2017-ddd7d1e59d)
The unversioned Python RPM macros
--------------------------------------------------------------------------------
Update Information:
The python36 package for EPEL.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528580 - FTBFS on rhel7
https://bugzilla.redhat.com/show_bug.cgi?id=1528580
--------------------------------------------------------------------------------
================================================================================
python3-backports-ssl_match_hostname-3.5.0.1-1.el7 (FEDORA-EPEL-2018-41c236b1ad)
The ssl.match_hostname() function from Python 3
--------------------------------------------------------------------------------
Update Information:
- Initial EPEL7 package
--------------------------------------------------------------------------------
================================================================================
python3-docker-pycreds-0.2.1-1.el7 (FEDORA-EPEL-2018-153463d0af)
Python bindings for the docker credentials store API
--------------------------------------------------------------------------------
Update Information:
- Initial EPEL7 package
--------------------------------------------------------------------------------
================================================================================
python36-3.6.3-6.el7 (FEDORA-EPEL-2017-ddd7d1e59d)
Interpreter of the Python programming language
--------------------------------------------------------------------------------
Update Information:
The python36 package for EPEL.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528580 - FTBFS on rhel7
https://bugzilla.redhat.com/show_bug.cgi?id=1528580
--------------------------------------------------------------------------------
================================================================================
sscg-2.3.1-1.el7 (FEDORA-EPEL-2018-052bbde6e0)
Simple SSL certificate generator
--------------------------------------------------------------------------------
Update Information:
Update to SSCG 2.3.1 Bring EPEL 7 up to date with Fedora by bundling popt.
--------------------------------------------------------------------------------
================================================================================
xxhash-0.6.4-1.el7 (FEDORA-EPEL-2018-82bf990923)
Extremely fast hash algorithm
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------