The following Fedora EPEL 7 Security updates need testing:
Age URL
492
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
233
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
231
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-de07c8591e
cacti-1.2.8-1.el7 cacti-spine-1.2.8-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-39eb4afe6e
libuv-1.34.0-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-936f369393
wordpress-5.1.4-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b3b252ad49
drupal7-l10n_update-2.3-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c44b218d4a
drupal7-webform-4.21-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-575f933e1c
drupal7-7.69-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3221ff1dea
htmldoc-1.8.28-6.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-79.0.3945.88-1.el7
git-tools-2019.11-1.el7
libwebsockets-3.2.1-1.el7
openhantek-3.0.1-1.el7
Details about builds:
================================================================================
chromium-79.0.3945.88-1.el7 (FEDORA-EPEL-2019-70830cf7ad)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2019-13767 ---- Update to Chromium 79. Fixes the usual
giant pile of bugs and security issues. This time, the list is: CVE-2019-13725
CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730
CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737
CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742
CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747
CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752
CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757
CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763
CVE-2019-13764
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 17 2019 Tom Callaway <spot(a)fedoraproject.org> - 79.0.3945.88-1
- update to 79.0.3945.88
* Tue Dec 10 2019 Tom Callaway <spot(a)fedoraproject.org> - 79.0.3945.79-1
- update to 79.0.3945.79
* Wed Dec 4 2019 Tom Callaway <spot(a)fedoraproject.org> - 79.0.3945.56-2
- fix lib provides filtering
* Tue Dec 3 2019 Tom Callaway <spot(a)fedoraproject.org> - 79.0.3945.56-1
- update to current beta (rawhide only)
- switch to upstream patch for clock_nanosleep fix
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1784989 - CVE-2019-13767 chromium-browser: Use after free in media picker
https://bugzilla.redhat.com/show_bug.cgi?id=1784989
[ 2 ] Bug #1782007 - CVE-2019-13762 chromium-browser: Insufficient policy enforcement in
downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1782007
[ 3 ] Bug #1782006 - CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1782006
[ 4 ] Bug #1782005 - CVE-2019-13759 chromium-browser: Incorrect security UI in
interstitials
https://bugzilla.redhat.com/show_bug.cgi?id=1782005
[ 5 ] Bug #1782003 - CVE-2019-13756 chromium-browser: Incorrect security UI in printing
https://bugzilla.redhat.com/show_bug.cgi?id=1782003
[ 6 ] Bug #1781999 - CVE-2019-13752 sqlite: fts3: improve shadow table corruption
detection
https://bugzilla.redhat.com/show_bug.cgi?id=1781999
[ 7 ] Bug #1782002 - CVE-2019-13755 chromium-browser: Insufficient policy enforcement in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1782002
[ 8 ] Bug #1782000 - CVE-2019-13753 sqlite: fts3: incorrectly removed corruption check
https://bugzilla.redhat.com/show_bug.cgi?id=1782000
[ 9 ] Bug #1782001 - CVE-2019-13754 chromium-browser: Insufficient policy enforcement in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1782001
[ 10 ] Bug #1781998 - CVE-2019-13751 sqlite: fts3: improve detection of corrupted
records
https://bugzilla.redhat.com/show_bug.cgi?id=1781998
[ 11 ] Bug #1781997 - CVE-2019-13750 sqlite: dropping of shadow tables not restricted in
defensive mode
https://bugzilla.redhat.com/show_bug.cgi?id=1781997
[ 12 ] Bug #1781992 - CVE-2019-13746 chromium-browser: Insufficient policy enforcement
in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781992
[ 13 ] Bug #1781995 - CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781995
[ 14 ] Bug #1781991 - CVE-2019-13745 chromium-browser: Insufficient policy enforcement
in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1781991
[ 15 ] Bug #1781994 - CVE-2019-13748 chromium-browser: Insufficient policy enforcement
in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1781994
[ 16 ] Bug #1781993 - CVE-2019-13747 chromium-browser: Uninitialized Use in rendering
https://bugzilla.redhat.com/show_bug.cgi?id=1781993
[ 17 ] Bug #1781989 - CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781989
[ 18 ] Bug #1781987 - CVE-2019-13740 chromium-browser: Incorrect security UI in sharing
https://bugzilla.redhat.com/show_bug.cgi?id=1781987
[ 19 ] Bug #1781990 - CVE-2019-13743 chromium-browser: Incorrect security UI in external
protocol handling
https://bugzilla.redhat.com/show_bug.cgi?id=1781990
[ 20 ] Bug #1781985 - CVE-2019-13738 chromium-browser: Insufficient policy enforcement
in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1781985
[ 21 ] Bug #1781988 - CVE-2019-13741 chromium-browser: Insufficient validation of
untrusted input in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1781988
[ 22 ] Bug #1781986 - CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781986
[ 23 ] Bug #1781984 - CVE-2019-13737 chromium-browser: Insufficient policy enforcement
in autocomplete
https://bugzilla.redhat.com/show_bug.cgi?id=1781984
[ 24 ] Bug #1781983 - CVE-2019-13736 chromium-browser: Integer overflow in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1781983
[ 25 ] Bug #1781982 - CVE-2019-13764 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781982
[ 26 ] Bug #1781981 - CVE-2019-13735 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781981
[ 27 ] Bug #1781980 - CVE-2019-13734 sqlite: fts3: improve shadow table corruption
detection
https://bugzilla.redhat.com/show_bug.cgi?id=1781980
[ 28 ] Bug #1781979 - CVE-2019-13732 chromium-browser: Use after free in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1781979
[ 29 ] Bug #1781978 - CVE-2019-13730 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781978
[ 30 ] Bug #1781975 - CVE-2019-13727 chromium-browser: Insufficient policy enforcement
in WebSockets
https://bugzilla.redhat.com/show_bug.cgi?id=1781975
[ 31 ] Bug #1781977 - CVE-2019-13729 chromium-browser: Use after free in WebSockets
https://bugzilla.redhat.com/show_bug.cgi?id=1781977
[ 32 ] Bug #1781976 - CVE-2019-13728 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781976
[ 33 ] Bug #1781974 - CVE-2019-13726 chromium-browser: Heap buffer overflow in password
manager
https://bugzilla.redhat.com/show_bug.cgi?id=1781974
[ 34 ] Bug #1782021 - CVE-2019-13744 chromium-browser: Insufficient policy enforcement
in cookies
https://bugzilla.redhat.com/show_bug.cgi?id=1782021
[ 35 ] Bug #1782017 - CVE-2019-13758 chromium-browser: Insufficient policy enforcement
in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1782017
[ 36 ] Bug #1781973 - CVE-2019-13725 chromium-browser: Use after free in Bluetooth
https://bugzilla.redhat.com/show_bug.cgi?id=1781973
[ 37 ] Bug #1782008 - CVE-2019-13763 chromium-browser: Insufficient policy enforcement
in payments
https://bugzilla.redhat.com/show_bug.cgi?id=1782008
[ 38 ] Bug #1782004 - CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1782004
--------------------------------------------------------------------------------
================================================================================
git-tools-2019.11-1.el7 (FEDORA-EPEL-2019-6c9bd69e8c)
Assorted git-related scripts and tools
--------------------------------------------------------------------------------
Update Information:
New upstream release 2019.11 (#1777999)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 19 2019 Greg Bailey <gbailey(a)lxpro.com> - 2019.11-1
- New upstream release 2019.11 (#1777999)
- several performance improvements
- use ISO datetime format
- refactor git calls into a convenience class
- improve documentation
- add several TODO and FIXME notes as a roadmap draft
- remove outdated benchmarks
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1777999 - git-tools-2019.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1777999
--------------------------------------------------------------------------------
================================================================================
libwebsockets-3.2.1-1.el7 (FEDORA-EPEL-2019-d39091e23b)
A lightweight C library for Websockets
--------------------------------------------------------------------------------
Update Information:
Update to 3.2.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 19 2019 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.2.1-1
- Update to 3.2.1
* Mon Sep 2 2019 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.2.0-1
- Update to 3.2.0
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 9 2019 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.1.0-2
- devel requires libev-devel
* Sat Feb 9 2019 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.1.0-1
- Update to 3.1.0
- Enable new features/functionality
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
openhantek-3.0.1-1.el7 (FEDORA-EPEL-2019-d08cc0cf56)
Hantek and compatible USB digital signal oscilloscope
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 19 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.0.1-1
- Update to 3.0.1
--------------------------------------------------------------------------------