The following Fedora EPEL 7 Security updates need testing:
Age URL
447
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
188
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
186
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
123
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897
dosbox-0.74.3-2.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-821ac0b641
mingw-libidn2-2.2.0-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-19535181a5
java-latest-openjdk-13.0.1.9-2.rolling.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-458a052bdb
rssh-2.3.4-15.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-0d0c37fcca
hostapd-2.9-2.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-e6e7d521d9
chromium-78.0.3904.70-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ec3a3dac15
libmp4v2-2.1.0-0.18.trunkREV507.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
composer-1.9.1-1.el7
golang-1.13.3-1.el7
mod_perl-2.0.11-1.el7
perl-DateTime-Format-Flexible-0.32-1.el7
perl-PerlIO-utf8_strict-0.007-10.el7
perl-URI-Fetch-0.13-11.el7
perl-XML-Atom-0.42-6.el7
perl-XML-Feed-0.59-4.el7
perl-XML-RSS-LibXML-0.3105-9.el7
php-horde-Horde-Core-2.31.11-1.el7
php-horde-Horde-Util-2.5.9-1.el7
proftpd-1.3.5e-7.el7
putty-0.73-1.el7
python-productmd-1.23-1.el7
sockperf-3.6-1.el7
Details about builds:
================================================================================
composer-1.9.1-1.el7 (FEDORA-EPEL-2019-112a88cfc6)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.9.1** 2019-11-01 * Fixed various credential handling issues with
gitlab and github * Fixed credentials being present in git remotes in Composer
cache and vendor directory when not using SSH keys * Fixed `composer why` not
listing replacers as a reason something is present * Fixed various PHP 7.4
compatibility issues * Fixed root warnings always present in Docker
containers, setting COMPOSER_ALLOW_SUPERUSER is not necessary anymore * Fixed
GitHub access tokens leaking into debug-verbosity output * Fixed several edge
case issues detecting GitHub, Bitbucket and GitLab repository types * Fixed
Composer asking if you want to use a composer.json in a parent directory when
ran in non-interactive mode * Fixed classmap autoloading issue finding classes
located within a few non-PHP context blocks (?>...<?php)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 2 2019 Remi Collet <remi(a)remirepo.net> - 1.9.1-1
- update to 1.9.1
--------------------------------------------------------------------------------
================================================================================
golang-1.13.3-1.el7 (FEDORA-EPEL-2019-50f0062140)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
* Rebase to 1.13.3 * Security fix for CVE-2019-17596
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 30 2019 Jakub ��ajka <jcajka(a)redhat.com> - 1.13.3-1
- Rebase to go1.13.3
- Fix for CVE-2019-17596
- Resolves: BZ#1763311
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1763310 - CVE-2019-17596 golang: invalid public key causes panic in
dsa.Verify
https://bugzilla.redhat.com/show_bug.cgi?id=1763310
--------------------------------------------------------------------------------
================================================================================
mod_perl-2.0.11-1.el7 (FEDORA-EPEL-2019-553a56f5e2)
An embedded Perl interpreter for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
This release fixes a crash in ap_server_config_defines() seen on a start-up. It
also corrects somes tests.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 7 2019 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.0.11-1
- 2.0.11 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1758758 - mod_perl-2.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1758758
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-Format-Flexible-0.32-1.el7 (FEDORA-EPEL-2019-3bbcd02fe6)
Flexibly parse strings and turn them into DateTime objects
--------------------------------------------------------------------------------
Update Information:
This erratum brings a perl-DateTime-Format-Flexible package for parsing natural
language texts into DateTime objects.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1763496 - [RFE] EPEL-7 branch for perl-DateTime-Format-Flexible
https://bugzilla.redhat.com/show_bug.cgi?id=1763496
--------------------------------------------------------------------------------
================================================================================
perl-PerlIO-utf8_strict-0.007-10.el7 (FEDORA-EPEL-2019-7cd1caeed7)
Fast and correct UTF-8 I/O
--------------------------------------------------------------------------------
Update Information:
This erratum brings a perl-PerlIO-utf8_strict package, a strict-behavin UTF-8
Perl layer.
--------------------------------------------------------------------------------
================================================================================
perl-URI-Fetch-0.13-11.el7 (FEDORA-EPEL-2019-9da4e873b0)
Smart URI fetching/caching
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-7 build of perl-XML-Feed and its dependencies perl-URI-
Fetch, perl-XML-Atom and perl-XML-RSS-LibXML.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1748209 - Please add CPAN's XML::Feed to EPEL-6 and EPEL-7
https://bugzilla.redhat.com/show_bug.cgi?id=1748209
--------------------------------------------------------------------------------
================================================================================
perl-XML-Atom-0.42-6.el7 (FEDORA-EPEL-2019-9da4e873b0)
Atom feed and API implementation
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-7 build of perl-XML-Feed and its dependencies perl-URI-
Fetch, perl-XML-Atom and perl-XML-RSS-LibXML.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1748209 - Please add CPAN's XML::Feed to EPEL-6 and EPEL-7
https://bugzilla.redhat.com/show_bug.cgi?id=1748209
--------------------------------------------------------------------------------
================================================================================
perl-XML-Feed-0.59-4.el7 (FEDORA-EPEL-2019-9da4e873b0)
Syndication feed parser and auto-discovery
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-7 build of perl-XML-Feed and its dependencies perl-URI-
Fetch, perl-XML-Atom and perl-XML-RSS-LibXML.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1748209 - Please add CPAN's XML::Feed to EPEL-6 and EPEL-7
https://bugzilla.redhat.com/show_bug.cgi?id=1748209
--------------------------------------------------------------------------------
================================================================================
perl-XML-RSS-LibXML-0.3105-9.el7 (FEDORA-EPEL-2019-9da4e873b0)
XML::RSS with XML::LibXML
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-7 build of perl-XML-Feed and its dependencies perl-URI-
Fetch, perl-XML-Atom and perl-XML-RSS-LibXML.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1748209 - Please add CPAN's XML::Feed to EPEL-6 and EPEL-7
https://bugzilla.redhat.com/show_bug.cgi?id=1748209
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.31.11-1.el7 (FEDORA-EPEL-2019-f63d89dd72)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.31.11** * [mjr] Fix UTF-8 encoding of ActiveSync SmartReply
requests (Bug #14957).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 4 2019 Remi Collet <remi(a)remirepo.net> - 2.31.11-1
- update to 2.31.11
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Util-2.5.9-1.el7 (FEDORA-EPEL-2019-41e8debc7e)
Horde Utility Libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Util 2.5.9** * [mjr] PHP 7.4 compatibility fixes (Remi Collet , PR #2).
* [jan] Fix wrapping if the wrapping break adds indention.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 4 2019 Remi Collet <remi(a)remirepo.net> - 2.5.9-1
- update to 2.5.9
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.5e-7.el7 (FEDORA-EPEL-2019-85dcdba126)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update includes a back-ported fix from upstream to support rebuilding the
package to work with MySQL version 8. Note that this updated build is not linked
with MySQL 8 itself but will work with the existing MySQL version in the base
operating system, i.e. will not work out of the box with MySQL 8.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 23 2019 Paul Howarth <paul(a)city-fan.org> - 1.3.5e-7
- Fix build compatibility with MySQL 8 (#1764401)
https://github.com/proftpd/proftpd/issues/824
https://github.com/proftpd/proftpd/pull/825
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1764401 - Please build an EPEL7 build of proftpd version 1.3.6b
https://bugzilla.redhat.com/show_bug.cgi?id=1764401
--------------------------------------------------------------------------------
================================================================================
putty-0.73-1.el7 (FEDORA-EPEL-2019-1946200e23)
SSH, Telnet and Rlogin client
--------------------------------------------------------------------------------
Update Information:
This is new version fixing multiple vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 30 2019 Jaroslav ��karvada <jskarvad(a)redhat.com> - 0.73-1
- New version
Resolves: rhbz#1756746
* Fri Aug 16 2019 Jaroslav ��karvada <jskarvad(a)redhat.com> - 0.72-1
- New version
Resolves: rhbz#1742144
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.71-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1767984 - putty: multiple vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1767984
--------------------------------------------------------------------------------
================================================================================
python-productmd-1.23-1.el7 (FEDORA-EPEL-2019-7e68278263)
Library providing parsers for metadata related to OS installation
--------------------------------------------------------------------------------
Update Information:
New upstream version with support for metadata about extra files.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2019 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 1.23-1
- Add class for representing extra files in the compose (lsedlar(a)redhat.com)
- Add tests for multiple variants in one .treeinfo (riehecky(a)fnal.gov)
--------------------------------------------------------------------------------
================================================================================
sockperf-3.6-1.el7 (FEDORA-EPEL-2019-939532abc2)
Network benchmarking utility for testing latency and throughput
--------------------------------------------------------------------------------
Update Information:
sockperf v3.6 New: * Add round-trip-time (rtt) support Fixes: * Fix
SocketXtreme client TCP is not terminated * Fix expected max packet seqno
calculation * Fix std::exception deprecated warnings * Update Sockperf's manual
page * Fix vmazcopyread support in sockperf * Move zcopy free_packets outside
msg_recvfrom * socketxtreme cleanup in msg recv
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 4 2019 Michal Schmidt <mschmidt(a)redhat.com> - 3.6-1
- Upstream release 3.6.
- Plus a couple of fixes from upstream git.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644766 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1644766
--------------------------------------------------------------------------------