The following Fedora EPEL 7 Security updates need testing:
Age URL
49
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a
unrtf-0.21.9-8.el7
43
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-15b7dc35af
pass-1.7.2-1.el7
24
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ccbe8e3c4d
knot-resolver-2.4.0-1.el7
17
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d2e0971e9b
uwsgi-2.0.17.1-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3f07844689
znc-1.7.1-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d8d62b4f6c
suricata-4.0.5-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8de40d24ca
redis-3.2.12-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f19460105c
pam_yubico-2.26-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5b5c4b0050
rust-1.27.2-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-2.6.2-1.el7
bibutils-6.6-1.el7
cmake3-3.12.0-1.el7
ghc-hs-bibutils-6.6.0.0-1.el7
mbedtls-2.7.5-1.el7
pandoc-citeproc-0.3.0.1-4.el7
python-openidc-client-0.6.0-1.20180605gitcd8d91c.el7
ravada-0.3.0-0.1.beta6.el7
seamonkey-2.49.4-2.el7
supybot-fedora-0.4.2-1.el7
Details about builds:
================================================================================
ansible-2.6.2-1.el7 (FEDORA-EPEL-2018-ee87ded9b6)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.2. See
https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v...
for full details.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 28 2018 Kevin Fenzi <kevin(a)scrye.com> - 2.6.2-1
- Update to 2.6.2. Fixes bug #1609486
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1609486 - ansible-2.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1609486
--------------------------------------------------------------------------------
================================================================================
bibutils-6.6-1.el7 (FEDORA-EPEL-2018-f9d6ff695a)
Bibliography conversion tools
--------------------------------------------------------------------------------
Update Information:
Update to bibutils-6.6 - Security fix for CVE-2018-10773 CVE-2018-10774
CVE-2018-10775
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 23 2018 Vasiliy N. Glazov <vascom2(a)gmail.com> 6.6-1
- Update to 6.6
- Drop patch
- Clean spec
* Fri Jun 29 2018 Jens Petersen <petersen(a)redhat.com> - 6.5-1
- update to version 6.5
- build with LDFLAGS (#1541039)
* Wed Jun 6 2018 Jens Petersen <petersen(a)redhat.com> - 6.3-1
- update to 6.3 which addresses CVE-2018-10773 CVE-2018-10774 CVE-2018-10775
(#1577259)
* Mon Feb 19 2018 Jens Petersen <petersen(a)redhat.com> - 6.2-4
- BR gcc
* Wed Feb 14 2018 Jens Petersen <petersen(a)redhat.com> - 6.2-3
- fix the build with CFLAGS and LDFLAGS
* Fri Feb 2 2018 Jens Petersen <petersen(a)redhat.com> - 6.2-2
- using distro LDFLAGS (#1541039)
* Sat Jan 13 2018 Jens Petersen <petersen(a)redhat.com> - 6.2-1
- update to 6.2
* Mon Jan 19 2015 Jens Petersen <petersen(a)redhat.com> - 5.5-1
- update to 5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1577280 - CVE-2018-10775 bibutils: NULL pointer dereference in _fields_add
function in fields.c in libbibcore.a
https://bugzilla.redhat.com/show_bug.cgi?id=1577280
[ 2 ] Bug #1577268 - CVE-2018-10774 bibutils: Out-of-bounds Read in isiin_keyword
function in isiin.c in libbibutils.a
https://bugzilla.redhat.com/show_bug.cgi?id=1577268
[ 3 ] Bug #1577258 - CVE-2018-10773 bibutils: NULL pointer deference in addsn function
in serialno.c in libbibcore.a
https://bugzilla.redhat.com/show_bug.cgi?id=1577258
--------------------------------------------------------------------------------
================================================================================
cmake3-3.12.0-1.el7 (FEDORA-EPEL-2018-967292a205)
Cross-platform make system
--------------------------------------------------------------------------------
Update Information:
- Update to cmake-3.12.0 - Use %_metainfodir
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 27 2018 Antonio Trande <sagitter(a)fedoraproject.org> - 3.12.0-1
- Update to cmake-3.12.0
- Use %_metainfodir
--------------------------------------------------------------------------------
================================================================================
ghc-hs-bibutils-6.6.0.0-1.el7 (FEDORA-EPEL-2018-f9d6ff695a)
Haskell bindings to bibutils
--------------------------------------------------------------------------------
Update Information:
Update to bibutils-6.6 - Security fix for CVE-2018-10773 CVE-2018-10774
CVE-2018-10775
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 24 2018 Jens Petersen <petersen(a)redhat.com> - 6.6.0.0-1
- update to 6.6.0.0
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.2.0.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.2.0.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 24 2018 Jens Petersen <petersen(a)redhat.com> - 6.2.0.1-1
- update to 6.2.0.1
* Wed Jan 10 2018 Jens Petersen <petersen(a)redhat.com> - 5.5-8
- provide bundled(bibutils)
* Wed Aug 2 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.5-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.5-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 24 2017 Jens Petersen <petersen(a)redhat.com> - 5.5-5
- refresh to cabal-rpm-0.11.1
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Feb 3 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
5.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Jan 19 2015 Jens Petersen <petersen(a)redhat.com> - 5.5-1
- update to 5.5
- somehow under ghc-7.8 the bibutils system library is not found (#1190127)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
5.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
5.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Aug 6 2013 Adam Williamson <awilliam(a)redhat.com> - 5.0-3
- rebuild for new libbibutils
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1577280 - CVE-2018-10775 bibutils: NULL pointer dereference in _fields_add
function in fields.c in libbibcore.a
https://bugzilla.redhat.com/show_bug.cgi?id=1577280
[ 2 ] Bug #1577268 - CVE-2018-10774 bibutils: Out-of-bounds Read in isiin_keyword
function in isiin.c in libbibutils.a
https://bugzilla.redhat.com/show_bug.cgi?id=1577268
[ 3 ] Bug #1577258 - CVE-2018-10773 bibutils: NULL pointer deference in addsn function
in serialno.c in libbibcore.a
https://bugzilla.redhat.com/show_bug.cgi?id=1577258
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.7.5-1.el7 (FEDORA-EPEL-2018-e9a8615099)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.7.5 - Security Advisory 2018-02 (CVE-2018-0497) Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released Security Advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-
advisory-2018-02
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 27 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 2.7.5-1
- Update to 2.7.5
- Security Advisory 2018-02 (CVE-2018-0497)
--------------------------------------------------------------------------------
================================================================================
pandoc-citeproc-0.3.0.1-4.el7 (FEDORA-EPEL-2018-f9d6ff695a)
Citeproc support for pandoc
--------------------------------------------------------------------------------
Update Information:
Update to bibutils-6.6 - Security fix for CVE-2018-10773 CVE-2018-10774
CVE-2018-10775
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 28 2018 Jens Petersen <petersen(a)redhat.com> - 0.3.0.1-4
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1577280 - CVE-2018-10775 bibutils: NULL pointer dereference in _fields_add
function in fields.c in libbibcore.a
https://bugzilla.redhat.com/show_bug.cgi?id=1577280
[ 2 ] Bug #1577268 - CVE-2018-10774 bibutils: Out-of-bounds Read in isiin_keyword
function in isiin.c in libbibutils.a
https://bugzilla.redhat.com/show_bug.cgi?id=1577268
[ 3 ] Bug #1577258 - CVE-2018-10773 bibutils: NULL pointer deference in addsn function
in serialno.c in libbibcore.a
https://bugzilla.redhat.com/show_bug.cgi?id=1577258
--------------------------------------------------------------------------------
================================================================================
python-openidc-client-0.6.0-1.20180605gitcd8d91c.el7 (FEDORA-EPEL-2018-0f7f599417)
Python OpenID Connect client with token caching and management
--------------------------------------------------------------------------------
Update Information:
Rebase to 0.6.0 ---- python-openidc-client-v0.4.0 is available Add Requests
AuthBase wrapper Allow specifying to not get new tokens in auther
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 5 2018 Patrick Uiterwijk <puiterwijk(a)redhat.com> -
0.6.0-1.20180605gitcd8d91c
- Rebase to 0.6.0
* Sat Mar 24 2018 Patrick Uiterwijk <puiterwijk(a)redhat.com> -
0.5.0-1.20180324git188c560
- Fixes python3 compatibility
- Rebase to 0.5.0
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.4.0-2.20171113git54dee6e
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Nov 13 2017 Mohan Boddu <mboddu(a)bhujji.com> - 0.4.0-1.20171113git54dee6e
- Add Requests AuthBase wrapper
- Allow specifying to not get new tokens in auther
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
0-4.20170523git77cb3ee
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1583437 - python-openidc-client-v0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1583437
[ 2 ] Bug #1455728 - python-openidc-client-v0.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1455728
--------------------------------------------------------------------------------
================================================================================
ravada-0.3.0-0.1.beta6.el7 (FEDORA-EPEL-2018-7ab3f99f58)
Remote Virtual Desktops Manager
--------------------------------------------------------------------------------
Update Information:
Pre-release 0.3.0 beta6
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 27 2018 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.3.0-0.1.beta6
- Pre-release 0.3.0 beta6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1609338 - RFE - Please provide update to Ravada Ravada 0.3.0-rc1
https://bugzilla.redhat.com/show_bug.cgi?id=1609338
--------------------------------------------------------------------------------
================================================================================
seamonkey-2.49.4-2.el7 (FEDORA-EPEL-2018-52b5b56d0a)
Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.49.4 Based on the Firefox/Thunderbird ESR (extension support
release) code version 52.9.1 Fixes various security issues, see
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ and
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ for
more info.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 28 2018 Dmitry Butskoy <Dmitry(a)Butskoy.name> 2.49.4-2
- fix applying of patch for mozbz#1324096
* Fri Jul 27 2018 Dmitry Butskoy <Dmitry(a)Butskoy.name> 2.49.4-1
- update to 2.49.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1609286 - seamonkey-2.49.4.source is available
https://bugzilla.redhat.com/show_bug.cgi?id=1609286
--------------------------------------------------------------------------------
================================================================================
supybot-fedora-0.4.2-1.el7 (FEDORA-EPEL-2018-d7c27f6395)
Plugin for Supybot to interact with Fedora services
--------------------------------------------------------------------------------
Update Information:
Fix .whoowns, latest upstream tag.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 28 2018 Rick Elrod <relrod(a)redhat.com> - 0.4.2-1
- Fix .whoowns, latest upstream tag.
* Thu Jul 26 2018 Rick Elrod <relrod(a)redhat.com> - 0.4.1-1
- Karma bug fix, latest upstream tag.
* Thu Jul 26 2018 Rick Elrod <relrod(a)redhat.com> - 0.4-1
- Bump to latest upstream to remove pkgdb support.
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.5-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 21 2018 Iryna Shcherbina <ishcherb(a)redhat.com> - 0.3.5-8
- Update Python 2 dependency declarations to new packaging standards
(See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.5-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.5-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3.5-4
-
https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_...
* Tue May 3 2016 Patrick Uiterwijk <puiterwijk(a)redhat.com> - 0.3.5-3
- Update upstream url
* Fri Feb 5 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
--------------------------------------------------------------------------------