The following Fedora EPEL 7 Security updates need testing:
Age URL
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2748/nodejs-0.10...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2825/nginx-1.6.2...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2861/nodejs-qs-0...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2870/nodejs-send...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2992/check-mk-1....
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3070/phpMyAdmin-...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3062/golang-1.3....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3236/python-oaut...
The following builds have been pushed to Fedora EPEL 7 updates-testing
R-3.1.1-7.el7
beesu-2.7-22.el7
elk-2.3.22-9.el7
fedmsg-0.11.0-1.el7
golang-github-kr-fs-0-0.1.git2788f0d.el7
guacamole-server-0.8.4-4.el7
igraph-0.7.1-1.el7
inxi-2.2.14-1.el7
libqtxdg-0.5.3-4.el7
octave-control-2.6.5-2.el7
perl-Data-Munge-0.08-1.el7
perl-Devel-CheckCompiler-0.05-2.el7
perl-LWP-Protocol-PSGI-0.07-1.el7
perl-Module-Build-XSUtil-0.14-2.el7
perl-Redis-1.976-1.el7
perl-Test-XML-0.08-2.el7
php-pear-Net-URL2-2.0.9-1.el7
php-phpunit-environment-1.1.0-1.el7
python-fedmsg-meta-fedora-infrastructure-0.3.5-1.el7
python-oauth2-1.5.211-8.el7
python-sphinxcontrib-issuetracker-0.11-2.el7
python-urllib2_kerberos-0.1.6-14.el7
rubygem-openssl_cms-0.0.2-1.20140212git7fea071.el7
scalapack-2.0.2-5.el7
wkhtmltopdf-0.12.1-1.el7
xfce4-session-4.10.1-7.el7
Details about builds:
================================================================================
R-3.1.1-7.el7 (FEDORA-EPEL-2014-3258)
A language for data analysis and graphics
--------------------------------------------------------------------------------
Update Information:
Fix java Requires/BuildRequires to be more permissive.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2014 Orion Poplawski <orion(a)cora.nwra.com> - 3.1.1-7
- Just BR/R java instead of java-1.5.0-gcj (bug #1110684)
* Tue Sep 16 2014 David Sommerseth <davids(a)redhat.com> - 3.1.1-6
- Setting ulimit when running make check, to avoid segfault due to too small stack (needed
on PPC64)
* Tue Aug 26 2014 David Tardon <dtardon(a)redhat.com> - 3.1.1-5
- rebuild for ICU 53.1
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.1.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110684 - R-java update has new dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1110684
--------------------------------------------------------------------------------
================================================================================
beesu-2.7-22.el7 (FEDORA-EPEL-2014-3204)
Graphical wrapper for su
--------------------------------------------------------------------------------
Update Information:
EL7 build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150620 - build for epel7 or not?
https://bugzilla.redhat.com/show_bug.cgi?id=1150620
--------------------------------------------------------------------------------
================================================================================
elk-2.3.22-9.el7 (FEDORA-EPEL-2014-3234)
FP-LAPW Code
--------------------------------------------------------------------------------
Update Information:
build against new openmpi on fc21 + epel7 package
--------------------------------------------------------------------------------
================================================================================
fedmsg-0.11.0-1.el7 (FEDORA-EPEL-2014-3244)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
New fedmsg.meta.msg2long_form API. Other IRC-related bugfixes and enhancements.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2014 Ralph Bean <rbean(a)redhat.com> - 0.11.0-1
- Fix harmless error about twisted.words at daemon startup.
- Optional shortening of links in IRC.
- IRC bot now reconnects when dropped.
- New fedmsg.meta.msg2long_form API.
--------------------------------------------------------------------------------
================================================================================
golang-github-kr-fs-0-0.1.git2788f0d.el7 (FEDORA-EPEL-2014-3225)
Provides Go filesystem-related functions
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148447 - Review Request: golang-github-kr-fs - Provides Go
filesystem-related functions
https://bugzilla.redhat.com/show_bug.cgi?id=1148447
--------------------------------------------------------------------------------
================================================================================
guacamole-server-0.8.4-4.el7 (FEDORA-EPEL-2014-3229)
Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
Add proper Epoch also to subpackages.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2014 Simone Caronni <negativo17(a)gmail.com> - 1:0.8.4-4
- Also add epoch to the various components.
--------------------------------------------------------------------------------
================================================================================
igraph-0.7.1-1.el7 (FEDORA-EPEL-2014-3215)
Library for creating and manipulating graphs
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.1 in EPEL 6 and EPEL7
--------------------------------------------------------------------------------
================================================================================
inxi-2.2.14-1.el7 (FEDORA-EPEL-2014-3208)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 2.2.14
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2014 Vasiliy N. Glazov <vascom2(a)gmail.com> 2.2.14-1
- Update to 2.2.14
--------------------------------------------------------------------------------
================================================================================
libqtxdg-0.5.3-4.el7 (FEDORA-EPEL-2014-3218)
Qt4 implementation of desktop specifications
--------------------------------------------------------------------------------
Update Information:
Provide qt4 support (#1147204)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 Rex Dieter <rdieter(a)fedoraproject.org> - 0.5.3-4
- Provide qt4 support (#1147204)
- rename libqtxdg-qt4 -> libqtxdg, libqtxdg-qt4-devel -> libqtxdg to ease/simplify
upgrade path
- use %find_lang for translations
- -devel: drop cmake dep
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun May 11 2014 Lubomir Rintel <lkundrak(a)v3.sk> - 0.5.3-1
- Update to a later upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1147204 - libqtxdg: Please update version
https://bugzilla.redhat.com/show_bug.cgi?id=1147204
--------------------------------------------------------------------------------
================================================================================
octave-control-2.6.5-2.el7 (FEDORA-EPEL-2014-3230)
Computer-Aided Control System Design (CACSD) Tools for Octave
--------------------------------------------------------------------------------
Update Information:
The Octave control systems package contains functions for analyzing
and designing automatic control systems and algorithms.
--------------------------------------------------------------------------------
================================================================================
perl-Data-Munge-0.08-1.el7 (FEDORA-EPEL-2014-3250)
Utility functions for working with perl data structures and code references
--------------------------------------------------------------------------------
Update Information:
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1149978 - Review Request: perl-Data-Munge - Utility functions for working
with perl data structures and code references
https://bugzilla.redhat.com/show_bug.cgi?id=1149978
--------------------------------------------------------------------------------
================================================================================
perl-Devel-CheckCompiler-0.05-2.el7 (FEDORA-EPEL-2014-3226)
Check the compiler's availability
--------------------------------------------------------------------------------
Update Information:
This is the first Fedora/EPEL release of perl-Devel-CheckCompiler.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150117 - Review Request: perl-Devel-CheckCompiler - Check the compiler's
availability
https://bugzilla.redhat.com/show_bug.cgi?id=1150117
--------------------------------------------------------------------------------
================================================================================
perl-LWP-Protocol-PSGI-0.07-1.el7 (FEDORA-EPEL-2014-3253)
Override LWP's HTTP/HTTPS backend with your own PSGI application
--------------------------------------------------------------------------------
Update Information:
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1149645 - Review Request: perl-LWP-Protocol-PSGI - Override LWP's
HTTP/HTTPS backend with your own PSGI application
https://bugzilla.redhat.com/show_bug.cgi?id=1149645
--------------------------------------------------------------------------------
================================================================================
perl-Module-Build-XSUtil-0.14-2.el7 (FEDORA-EPEL-2014-3224)
A Module::Build class for building XS modules
--------------------------------------------------------------------------------
Update Information:
This is the first Fedora/EPEL release of perl-Module-Build-XSUtil.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150121 - Review Request: perl-Module-Build-XSUtil - A Module::Build class
for building XS modules
https://bugzilla.redhat.com/show_bug.cgi?id=1150121
--------------------------------------------------------------------------------
================================================================================
perl-Redis-1.976-1.el7 (FEDORA-EPEL-2014-3251)
Perl binding for Redis database
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.976.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2014 David Dick <ddick(a)cpan.org> - 1.976-1
- Upgrade to 1.976.
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.975-2
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150530 - perl-Redis-1.976 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1150530
--------------------------------------------------------------------------------
================================================================================
perl-Test-XML-0.08-2.el7 (FEDORA-EPEL-2014-3254)
Compare XML in perl tests
--------------------------------------------------------------------------------
Update Information:
This is the first Fedora/EPEL release of perl-Test-XML.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148580 - Review Request: perl-Test-XML - Compare XML in perl tests
https://bugzilla.redhat.com/show_bug.cgi?id=1148580
--------------------------------------------------------------------------------
================================================================================
php-pear-Net-URL2-2.0.9-1.el7 (FEDORA-EPEL-2014-3228)
Class for parsing and handling URL
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog:
Version 2.0.9
* Fixed #20418: Incorrect normalization of URI with missing authority
* Upd: Test for RFC 3986 Section 1.1.2 Examples
* Upd: Travis CI - PHP 5.6 added
Version 2.0.8
* Fixed #20420: Inconsistent setAuthority and getAuthority
* Fixed #20423: URI with IPv6 or IPvFuture not parsed
* Imp: Test for RFC 3986 Section 1.1.2 Examples
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2014 Remi Collet <remi(a)fedoraproject.org> - 2.0.9-1
- Update to 2.0.8 (stable)
* Wed Oct 8 2014 Remi Collet <remi(a)fedoraproject.org> - 2.0.8-1
- Update to 2.0.8 (stable)
--------------------------------------------------------------------------------
================================================================================
php-phpunit-environment-1.1.0-1.el7 (FEDORA-EPEL-2014-3241)
Handle HHVM/PHP environments
--------------------------------------------------------------------------------
Update Information:
* Add Console::hasColorSupport()
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2014 Remi Collet <remi(a)fedoraproject.org> - 1.1.0-1
- update to 1.1.0
- enable test suite
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.3.5-1.el7 (FEDORA-EPEL-2014-3249)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Fix to anitya processor.
Bugfixes to anitya and pkgdb processors.
New koschei and anitya processors.
Handle new pkgdb messages, certain legacy messages, and new bugzilla messages. git
messages now return the full patch via a call to msg2long_form
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.5-1
- Further fixes to anitya.
* Wed Oct 8 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.4-1
- Fixes to pkgdb and anitya processors.
* Fri Oct 3 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.3-1
- New koschei and anitya processors.
* Mon Sep 29 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.2-1
- Latest upstream.
- Handle different types of legacy messages.
- git messages now return the full patch via a call to msg2long_form.
- future-proofing against new types of bugzilla messages.
* Thu Aug 28 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.1-1
- Latest upstream with the new conglomerator api.
- Also, fixes to copr messages.
- New threading lock put around fas cache regeneration.
- Bump up the BR version on fedmsg.
--------------------------------------------------------------------------------
================================================================================
python-oauth2-1.5.211-8.el7 (FEDORA-EPEL-2014-3236)
Python support for improved oauth
--------------------------------------------------------------------------------
Update Information:
Actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson).
Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski.
Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2014 Tom Callaway <spot(a)fedoraproject.org> - 1.5.211-8
- actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson)
* Fri Sep 12 2014 Tom Callaway <spot(a)fedoraproject.org> - 1.5.211-7
- Fix CVE-2013-4346 and CVE-2013-4347 (thanks to Philippe Makowski)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5.211-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5.211-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1007746 - CVE-2013-4346 python-oauth2: _check_signature() ignores the nonce
value when validating signed urls
https://bugzilla.redhat.com/show_bug.cgi?id=1007746
[ 2 ] Bug #1007758 - CVE-2013-4347 python-oauth2: Uses poor PRNG in nonce
https://bugzilla.redhat.com/show_bug.cgi?id=1007758
--------------------------------------------------------------------------------
================================================================================
python-sphinxcontrib-issuetracker-0.11-2.el7 (FEDORA-EPEL-2014-3235)
Sphinx integration with different issue trackers
--------------------------------------------------------------------------------
Update Information:
A Sphinx extension to reference issues in issue trackers, either explicitly with an
"issue" role or optionally implicitly by issue ids like #10 in plain text.
Currently the following issue trackers are supported:
* GitHub
* BitBucket
* Launchpad
* Google Code
* Debian BTS
* Jira
A simple API is provided to add support for other issue trackers. If you added support
for a new tracker, please consider sending a patch to make your work available to other
users of this extension.
--------------------------------------------------------------------------------
================================================================================
python-urllib2_kerberos-0.1.6-14.el7 (FEDORA-EPEL-2014-2753)
Kerberos over HTTP Negotiate/SPNEGO support for urllib2
--------------------------------------------------------------------------------
Update Information:
Fix logging format for Python 2.6 (#1065576)
First EPEL7 package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1065576 - Add additional patches to urllib2_kerberos
https://bugzilla.redhat.com/show_bug.cgi?id=1065576
--------------------------------------------------------------------------------
================================================================================
rubygem-openssl_cms-0.0.2-1.20140212git7fea071.el7 (FEDORA-EPEL-2014-3252)
OpenSSL with CMS functions
--------------------------------------------------------------------------------
Update Information:
OpenSSL with Cryptographic Message Syntax functions for Ruby 2.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1132008 - Review Request: rubygem-openssl_cms - OpenSSL with CMS functions
https://bugzilla.redhat.com/show_bug.cgi?id=1132008
--------------------------------------------------------------------------------
================================================================================
scalapack-2.0.2-5.el7 (FEDORA-EPEL-2014-3255)
A subset of LAPACK routines redesigned for heterogeneous computing
--------------------------------------------------------------------------------
Update Information:
Build for epel7.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150469 - please build scalapack/blacs for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1150469
--------------------------------------------------------------------------------
================================================================================
wkhtmltopdf-0.12.1-1.el7 (FEDORA-EPEL-2014-3211)
Simple shell utility to convert html to pdf
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 27 2014 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 0.12.1-1
- 0.12.1
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.12.0-1.2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.12.0-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Jun 3 2014 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 0.12.0-1
- 0.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139360 - Update wkhtmltopdf to 0.12.1 in EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1139360
--------------------------------------------------------------------------------
================================================================================
xfce4-session-4.10.1-7.el7 (FEDORA-EPEL-2014-3212)
Xfce session manager
--------------------------------------------------------------------------------
Update Information:
Update to fix bashisms
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2014 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 4.10.1-7
- Add patch for fixing bashisms. Fixes bug 1150207
--------------------------------------------------------------------------------