The following Fedora EPEL 7 Security updates need testing:
Age URL
579
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
321
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
319
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
28
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1f5dbc1cd7
cacti-1.2.10-1.el7 cacti-spine-1.2.10-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-471d8a7abd
sympa-6.2.54-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b3684de763
mbedtls-2.7.14-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4fdca9429c
seamonkey-2.53.1-2.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fbd804208a
monit-5.26.0-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b8f44a854a
weechat-2.7.1-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b467e9784b
php-horde-Horde-Form-2.0.20-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
composer-1.10.1-1.el7
inxi-3.0.38-1.el7
timeshift-20.03-1.el7
Details about builds:
================================================================================
composer-1.10.1-1.el7 (FEDORA-EPEL-2020-578ce0f1ff)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.10.1** - 2020-03-13 * Fixed path repository warning on empty path
when using wildcards * Fixed superfluous warnings when generating optimized
autoloaders ---- **Version 1.10.0** - 2020-03-10 * Added `bearer` auth
config to authenticate using `Authorization: Bearer <token>` headers * Added
`plugin-api-version` in composer.lock so third-party tools can know which
Composer version was used to generate a lock file * Fixed composer fund
command and funding info parsing to be more useful * Fixed issue where --no-
dev autoload generation was excluding some packages which should not have been
excluded * Fixed 1.10-RC regression in create project's handling of absolute
paths ---- **Version 1.10.0-RC** - 2020-02-14 * Breaking: `composer global
exec ...` now executes the process in the current working directory instead of
executing it in the global directory. * Warning: Added a warning when class
names are being loaded by a PSR-4 or PSR-0 rule only due to classmap
optimization, but would not otherwise be autoloadable. Composer 2.0 will stop
autoloading these classes so make sure you fix your autoload configs. * Added
new funding key to composer.json to describe ways your package's maintenance can
be funded. This reads info from GitHub's FUNDING.yml by default so better
configure it there so it shows on GitHub and Composer/Packagist * Added
`composer fund` command to show funding info of your dependencies * Added
support for --format=json output for show command when showing a single package
* Added support for configuring suggestions using config command, e.g. `composer
config suggest.foo/bar some text` * Added support for configuring fine-grained
preferred-install using config command, e.g. `composer config preferred-
install.foo/* dist` * Added `@putenv` script handler to set environment
variables from composer.json for following scripts * Added `lock` option that
can be set to false, in which case no composer.lock file will be generated *
Added --add-repository flag to create-project command which will persist the
repo given in --repository into the composer.json of the package being installed
* Added support for IPv6 addresses in NO_PROXY * Added package homepage
display in the show command * Added debug info about HTTP authentications *
Added Symfony 5 compatibility * Added --fixed flag to require command to make
it use a fixed constraint instead of a ^x.y constraint when adding the
requirement * Fixed exclude-from-classmap matching subsets of directories e.g.
foo/ was excluding foobar/ * Fixed archive command to persist file permissions
inside the zip files * Fixed init/require command to avoid suggesting packages
which are already selected in the search results * Fixed create-project UX
issues * Fixed filemtime for vendor/composer/* files is now only changing when
the files actually change * Fixed issues detecting docker environment with an
active open_basedir
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 14 2020 Remi Collet <remi(a)remirepo.net> - 1.10.1-1
- update to 1.10.1
* Wed Mar 11 2020 Remi Collet <remi(a)remirepo.net> - 1.10.0-1
- update to 1.10.0
--------------------------------------------------------------------------------
================================================================================
inxi-3.0.38-1.el7 (FEDORA-EPEL-2020-5ae105d416)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.38.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 16 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.0.38-1
- Update to 3.0.38
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.37-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
timeshift-20.03-1.el7 (FEDORA-EPEL-2020-7e106e25f9)
System restore tool for Linux
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-10174
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 15 2020 Samuel Rakitni��an <samuel.rakitnican(a)gmail.com> 20.03-1
- Update to 20.03
- Rework the uninstall script removal
* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 19.08.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sat Sep 28 2019 Richard Shaw <hobbes1069(a)gmail.com> - 19.08.1-1
- Update to 19.08.1.
- Add patch to deal with abstract class compile error.
* Sat Mar 9 2019 Samuel Rakitni��an <samuel.rakitnican(a)gmail.com> 19.01-1
- Update to 19.01
- Remove upstream gcc optimisation flag -O3 (Since timeshift 18.8)
* Sun Mar 3 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 18.6.1-4
- Fix build errors with newer vala, remove --threads from makefile
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 18.6.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 18.6.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1811684 - CVE-2020-10174 timeshift: Arbitrary local code execution due to
unsafe usage of temporary directory in /tmp/timeshift
https://bugzilla.redhat.com/show_bug.cgi?id=1811684
--------------------------------------------------------------------------------