The following Fedora EPEL 7 Security updates need testing:
Age URL
414
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
176
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
43
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-785fc9a2ea
dropbear-2016.72-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-34b85c63ee
drupal7-block_class-2.3-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1036441cdb
ReviewBoard-2.5.4-1.el7 python-djblets-0.9.3-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-caf6ebac81
ansible1.9-1.9.6-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-56e02a47c7
ansible-2.0.2.0-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d398cc4c6c
roundcubemail-1.1.5-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-017aadcc97
php-getid3-1.9.12-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aad55a428b
w3m-0.5.3-20.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c731bc5ec0
cacti-0.8.8g-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
Lmod-6.3.1-1.el7
cacti-0.8.8g-1.el7
engauge-digitizer-7.2-1.el7
epson-inkjet-printer-escpr-1.5.2-3.1lsb3.2.el7
epson-inkjet-printer-escpr-1.6.5-1.1lsb3.2.el7
goaccess-0.9.8-1.el7
osbs-client-0.22-1.el7
quassel-0.12.4-1.el7
Details about builds:
================================================================================
Lmod-6.3.1-1.el7 (FEDORA-EPEL-2016-4cbda99dcc)
Environmental Modules System in Lua
--------------------------------------------------------------------------------
Update Information:
Update to 6.3.1 - protects it from user changes to LUA_PATH and LUA_CPATH by
using these values at configuration time. - Fixed bug with Capital Letters in a
version string. - Do not overwrite MODULEPATH (bug #1326075)
--------------------------------------------------------------------------------
================================================================================
cacti-0.8.8g-1.el7 (FEDORA-EPEL-2016-c731bc5ec0)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 0.8.8g Release notes:
http://www.cacti.net/release_notes_0_8_8g.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259276 - Version of cacti in repos' is pretty old for EL6 and EL7
https://bugzilla.redhat.com/show_bug.cgi?id=1259276
[ 2 ] Bug #1082936 - CVE-2014-2327 CVE-2014-2326 CVE-2014-2328 cacti: multiple flaws
reported by Deutsche Telekom [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1082936
[ 3 ] Bug #1004548 - Tree not collapsing in graph mode in version 0.8.8b
https://bugzilla.redhat.com/show_bug.cgi?id=1004548
[ 4 ] Bug #1323943 - CVE-2016-3659 cacti: SQL injection vulnerability in graph_view.php
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1323943
[ 5 ] Bug #1317550 - CVE-2016-3172 cacti: SQL injection vulnerability in /cacti/tree.php
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1317550
[ 6 ] Bug #1306530 - CVE-2016-2313 cacti: authentication bypass [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1306530
[ 7 ] Bug #1295782 - CVE-2015-8604 cacti: SQL injection in graps_new.php via cg_g
parameter [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1295782
[ 8 ] Bug #1291779 - CVE-2015-8369 cacti: SQL injection in graph.php [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1291779
[ 9 ] Bug #1291223 - CVE-2015-8377 cacti: SQL injection in graphs_new.php [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1291223
[ 10 ] Bug #1242868 - CVE-2015-4634 cacti: multiple SQL injection flaws fixed in Cacti
0.8.8e [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1242868
[ 11 ] Bug #1233833 - CVE-2015-4454 CVE-2015-2665 cacti: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1233833
[ 12 ] Bug #1230297 - CVE-2015-4342 cacti: SQL Injection and Location header injection
from cdef id [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1230297
[ 13 ] Bug #1129764 - cacti: remote code execution and SQL injection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1129764
[ 14 ] Bug #1121468 - cacti: cross-site scripting issues [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1121468
[ 15 ] Bug #1128298 - cacti-spine not available
https://bugzilla.redhat.com/show_bug.cgi?id=1128298
[ 16 ] Bug #1123884 - %post scriptlet error on install
https://bugzilla.redhat.com/show_bug.cgi?id=1123884
--------------------------------------------------------------------------------
================================================================================
engauge-digitizer-7.2-1.el7 (FEDORA-EPEL-2016-8cc7dc8e14)
Convert graphs or map files into numbers
--------------------------------------------------------------------------------
Update Information:
- Update to 7.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1279184 - engauge on el6: not built for missing BR package, log4cpp.
https://bugzilla.redhat.com/show_bug.cgi?id=1279184
--------------------------------------------------------------------------------
================================================================================
epson-inkjet-printer-escpr-1.5.2-3.1lsb3.2.el7 (FEDORA-EPEL-2016-c66c4cdeec)
Drivers for Epson inkjet printers
--------------------------------------------------------------------------------
Update Information:
Roll back to earlier version due to segfaults in the 1.6.x series.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1327002 - Printer prints only half of the page, epson-escpr crashes
https://bugzilla.redhat.com/show_bug.cgi?id=1327002
[ 2 ] Bug #1326572 - [abrt] epson-inkjet-printer-escpr: XFIFOClose(): epson-escpr killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1326572
[ 3 ] Bug #1252376 - [abrt] epson-inkjet-printer-escpr: set_pips_parameter():
epson-escpr killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1252376
--------------------------------------------------------------------------------
================================================================================
epson-inkjet-printer-escpr-1.6.5-1.1lsb3.2.el7 (FEDORA-EPEL-2016-2b83caa4e1)
Drivers for Epson inkjet printers
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.5. ---- Update to 1.6.4. Make sure drivers are properly detected
on Fedora platform.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1327002 - Printer prints only half of the page, epson-escpr crashes
https://bugzilla.redhat.com/show_bug.cgi?id=1327002
[ 2 ] Bug #1326572 - [abrt] epson-inkjet-printer-escpr: XFIFOClose(): epson-escpr killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1326572
[ 3 ] Bug #1252376 - [abrt] epson-inkjet-printer-escpr: set_pips_parameter():
epson-escpr killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1252376
[ 4 ] Bug #1323033 - Epson inkjet driver RPM does not advertise the printers it
supports
https://bugzilla.redhat.com/show_bug.cgi?id=1323033
--------------------------------------------------------------------------------
================================================================================
goaccess-0.9.8-1.el7 (FEDORA-EPEL-2016-e7474e15f3)
Real-time web log analyzer and interactive viewer
--------------------------------------------------------------------------------
Update Information:
== Changes to GoAccess 0.9.8 - Monday, February 29, 2016 == - Added a more
complete list of static extensions to the config file. - Added Android 6.0
Marshmallow to the list of OSs. - Added the ability to scroll through panels
on TAB with option to disable it --no-tab-scroll. - Added the first and
last log dates to the overall statistics panel. - Ensure GoAccess links
correctly against libtinfo. - Ensure static content is case-insensitive
verified. - Fixed bandwidth overflow issue (numbers > 2GB on non-x86_64 arch).
- Fixed broken HTML layout when html-method/protocol is missing in config file.
- Refactored parsing and display of available modules/panels. == Changes to
GoAccess 0.9.7 - Monday, December 21, 2015 == - Added Squid native log format
to the config file. - Fixed int overflow when getting total bandwidth using
the on-disk storage. - Fixed issue where a timestamp was stored as date under
the visitors panel. - Fixed issue where config dialog fields were not cleared
out on select. - Fixed issue where "Virtual Hosts" menu item wasn't shown
in
the HTML sidebar.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1293320 - goaccess-0.9.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1293320
--------------------------------------------------------------------------------
================================================================================
osbs-client-0.22-1.el7 (FEDORA-EPEL-2016-472acd2ac0)
Python command line client for OpenShift Build Service
--------------------------------------------------------------------------------
Update Information:
New upstream release. ---- New upstream release. ---- New upstream release.
---- New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329027 - osbs-client-0.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1329027
--------------------------------------------------------------------------------
================================================================================
quassel-0.12.4-1.el7 (FEDORA-EPEL-2016-7436010ccd)
A modern distributed IRC system
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------