The following Fedora EPEL 7 Security updates need testing:
Age URL
370
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
145
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294
cinnamon-3.6.7-5.el7
111
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
109
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
46
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897
dosbox-0.74.3-2.el7
38
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aabd063c30
squirrelmail-1.4.23-1.el7.20190710
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ad7b11b384
igraph-0.7.1-12.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-643d621522
jhead-3.03-4.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-4e6da66b9f
python-django-1.11.23-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5f75a76f4e
kf5-kconfig-5.52.0-1.el7.1
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aa84623a4e
libmspack-0.5-0.0.7.alpha.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-26e64681f6
hostapd-2.9-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6e2a2d877a
nfdump-1.6.18-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-dc74f471c9
ansible-2.8.4-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
composer-1.9.0-1.el7
iscan-firmware-20190508-1.el7
mock-core-configs-31.1-1.el7
nghttp2-1.31.1-2.el7
php-composer-ca-bundle-1.2.3-1.el7
php-composer-spdx-licenses-1.5.2-1.el7
python-kombu-4.6.4-1.el7
rdfind-1.4.1-1.el7
rust-1.37.0-1.el7
sleuthkit-4.6.7-1.el7
xxhash-0.7.1-1.el7
Details about builds:
================================================================================
composer-1.9.0-1.el7 (FEDORA-EPEL-2019-c160c784fe)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.9.0** - 2019-08-02 * Breaking: artifact repositories with URLs
containing port numbers and requiring authentication now require you to
configure http-basic auth for the `host:port` pair explicitly * Added a `--no-
cache` flag available on all commands to run with the cache disabled * Added
PHP_BINARY as env var pointing to the PHP process when executing Composer
scripts as shell scripts * Added a `use-github-api` config option which can
set the `no-api` flag on all GitHub VCS repositories declared * Added a static
helper you can preprend to a script to avoid process timeouts,
`"Composer\\Config::disableProcessTimeout"` * Added
Event::getOriginatingEvent
to retrieve an event's original event when a script handler forwards to another
one * Added support for autoloading directly from a phar file * Fixed
loading order of plugins to always initialize them in order of dependencies *
Fixed various network-mount related issues * Fixed --ignore-platform-reqs not
ignoring conflict rules against platform packages
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 3 2019 Remi Collet <remi(a)remirepo.net> - 1.9.0-1
- update to 1.9.0
--------------------------------------------------------------------------------
================================================================================
iscan-firmware-20190508-1.el7 (FEDORA-EPEL-2019-d0c7d04b37)
Firmware for Epson flatbed scanners
--------------------------------------------------------------------------------
Update Information:
Checked all firmwares, added GT-S650/GT-X830 firmwares dated 2019-05-08
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 19 2019 Simone Caronni <negativo17(a)gmail.com> - 20190508-1
- Check all firmwares, add GT-S650/GT-X830 firmwares dated 2019-05-08.
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
20130319-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
20130319-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
20130319-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
20130319-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
20130319-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
20130319-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> -
20130319-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
20130319-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1720152 - Missing firmware for GT-S650 / Epson Perfection V19 / V39
https://bugzilla.redhat.com/show_bug.cgi?id=1720152
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-31.1-1.el7 (FEDORA-EPEL-2019-440f2c2b2c)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
added Fedora 31
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 19 2019 Miroslav Such�� <msuchy(a)redhat.com> 31.1-1
- add fedora 31 configs and rawhide is now 32
- Add local-source repo definition to Fedora Rawhide (miro(a)hroncok.cz)
* Mon Aug 19 2019 Miroslav Such�� <msuchy(a)redhat.com>
- add fedora 31 configs and rawhide is now 32
- Add local-source repo definition to Fedora Rawhide (miro(a)hroncok.cz)
* Thu Aug 8 2019 Miroslav Such�� <msuchy(a)redhat.com> 30.5-1
- disable updates-modulare repos for now
- buildrequire systemd-srpm-macros to get _sysusersdir
- removed info about metadata expire (khoidinhtrinh(a)gmail.com)
- added updates-modular to 29 and 30 (khoidinhtrinh(a)gmail.com)
- replace groupadd using sysusers.d
- core-configs: epel-7 profiles to use mirrorlists (praiskup(a)redhat.com)
- EOL Fedora 28
- do not protect packages in chroot [GH#286]
- Fix value for dist for OpenMandriva 4.0 configs (ngompa13(a)gmail.com)
- Add initial OpenMandriva distribution targets (ngompa13(a)gmail.com)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1742867 - Update for Fedora 31 branching
https://bugzilla.redhat.com/show_bug.cgi?id=1742867
--------------------------------------------------------------------------------
================================================================================
nghttp2-1.31.1-2.el7 (FEDORA-EPEL-2019-1a711333e8)
Experimental HTTP/2 client, server and proxy
--------------------------------------------------------------------------------
Update Information:
- backport security fixes from nghttp2-1.39.2 (CVE-2019-9511 and CVE-2019-9513)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 19 2019 Kamil Dudka <kdudka(a)redhat.com> 1.31.1-2
- backport security fixes from nghttp2-1.39.2 (CVE-2019-9511 and CVE-2019-9513)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1741965 - CVE-2019-9513 nghttp2: HTTP/2: flood using PRIORITY frames
resulting in excessive resource consumption [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1741965
[ 2 ] Bug #1741950 - CVE-2019-9511 CVE-2019-9516 CVE-2019-9517 nghttp2: various flaws
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1741950
--------------------------------------------------------------------------------
================================================================================
php-composer-ca-bundle-1.2.3-1.el7 (FEDORA-EPEL-2019-c160c784fe)
Lets you find a path to the system CA
--------------------------------------------------------------------------------
Update Information:
**Version 1.9.0** - 2019-08-02 * Breaking: artifact repositories with URLs
containing port numbers and requiring authentication now require you to
configure http-basic auth for the `host:port` pair explicitly * Added a `--no-
cache` flag available on all commands to run with the cache disabled * Added
PHP_BINARY as env var pointing to the PHP process when executing Composer
scripts as shell scripts * Added a `use-github-api` config option which can
set the `no-api` flag on all GitHub VCS repositories declared * Added a static
helper you can preprend to a script to avoid process timeouts,
`"Composer\\Config::disableProcessTimeout"` * Added
Event::getOriginatingEvent
to retrieve an event's original event when a script handler forwards to another
one * Added support for autoloading directly from a phar file * Fixed
loading order of plugins to always initialize them in order of dependencies *
Fixed various network-mount related issues * Fixed --ignore-platform-reqs not
ignoring conflict rules against platform packages
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 3 2019 Remi Collet <remi(a)remirepo.net> - 1.2.3-1
- update to 1.2.3
- run upstream test suite
- switch from symfony/class-loader to fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
php-composer-spdx-licenses-1.5.2-1.el7 (FEDORA-EPEL-2019-c160c784fe)
SPDX licenses list and validation library
--------------------------------------------------------------------------------
Update Information:
**Version 1.9.0** - 2019-08-02 * Breaking: artifact repositories with URLs
containing port numbers and requiring authentication now require you to
configure http-basic auth for the `host:port` pair explicitly * Added a `--no-
cache` flag available on all commands to run with the cache disabled * Added
PHP_BINARY as env var pointing to the PHP process when executing Composer
scripts as shell scripts * Added a `use-github-api` config option which can
set the `no-api` flag on all GitHub VCS repositories declared * Added a static
helper you can preprend to a script to avoid process timeouts,
`"Composer\\Config::disableProcessTimeout"` * Added
Event::getOriginatingEvent
to retrieve an event's original event when a script handler forwards to another
one * Added support for autoloading directly from a phar file * Fixed
loading order of plugins to always initialize them in order of dependencies *
Fixed various network-mount related issues * Fixed --ignore-platform-reqs not
ignoring conflict rules against platform packages
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 1 2019 Remi Collet <remi(a)remirepo.net> - 1.5.2-1
- update to 1.5.2 (SPDX 3.6)
--------------------------------------------------------------------------------
================================================================================
python-kombu-4.6.4-1.el7 (FEDORA-EPEL-2019-20323cc050)
An AMQP Messaging Framework for Python
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version 4.6.4 (rhbz#1742743)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 19 2019 Fabian Affolter <mail(a)fabian-affolter.ch> - 1:4.6.4-1
- Update to latest upstream version 4.6.4 (rhbz#1742743)
* Mon Aug 19 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1:4.6.3-4
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:4.6.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 2 2019 Nils Philippsen <nils(a)redhat.com> - 1:4.6.3-2
- Don't indiscriminately require Python 2 packages to fix FTBFS on Rawhide
* Sat Jun 15 2019 Fabian Affolter <mail(a)fabian-affolter.ch> - 1:4.6.3-1
- Update to latest upstream version 4.6.3 (rhbz#1717745)
* Fri Jun 14 2019 Fabian Affolter <mail(a)fabian-affolter.ch> - 1:4.6.2-1
- Update to latest upstream version 4.6.2 (rhbz#1717745)
* Sat Jun 8 2019 Fabian Affolter <mail(a)fabian-affolter.ch> - 1:4.6.1-2
- Update to latest upstream version 4.6.1 (rhbz#1717745)
* Thu May 30 2019 Fabian Affolter <mail(a)fabian-affolter.ch> - 1:4.6.0-1
- Update to latest upstream version 4.6.0
* Thu May 30 2019 Fabian Affolter <mail(a)fabian-affolter.ch> - 1:4.5.0-1
- Update to latest upstream version 4.5.0 (rhbz#1673119)
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:4.2.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1742743 - python-kombu-4.6.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1742743
--------------------------------------------------------------------------------
================================================================================
rdfind-1.4.1-1.el7 (FEDORA-EPEL-2019-9c39ea3cd4)
Program that finds duplicate files
--------------------------------------------------------------------------------
Update Information:
update to 1.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 19 2019 Gerd Pokorra <gp(a)zimt.uni-siegen.de> 1.4.1-1
- update to 1.4.1
--------------------------------------------------------------------------------
================================================================================
rust-1.37.0-1.el7 (FEDORA-EPEL-2019-1b3d004a68)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Update to Rust 1.37.0: - Referring to `enum` variants through `type` aliases -
Built-in Cargo support for vendored dependencies - Using unnamed `const` items
for macros - Profile-guided optimization - Choosing a default binary in Cargo
projects - `#[repr(align(N))]` on `enum`s - Library changes See the [blog
post](https://blog.rust-lang.org/2019/08/15/Rust-1.37.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1370-2019-08-15) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 15 2019 Josh Stone <jistone(a)redhat.com> - 1.37.0-1
- Update to 1.37.0.
- Disable HTTP/2 support, lacking in system libcurl.
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.36.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
sleuthkit-4.6.7-1.el7 (FEDORA-EPEL-2019-e1ddf9b607)
The Sleuth Kit (TSK)
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.7
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 19 2019 Nicolas Chauvet <kwizart(a)gmail.com> - 4.6.7-1
- Update to 4.6.7
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.6.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1735533 - CVE-2019-1010065 sleuthkit: Opening crafted disk image triggers
crash in tsk/fs/hfs_dent.c:237 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1735533
[ 2 ] Bug #1735532 - CVE-2019-1010065 sleuthkit: Opening crafted disk image triggers
crash in tsk/fs/hfs_dent.c:237 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1735532
--------------------------------------------------------------------------------
================================================================================
xxhash-0.7.1-1.el7 (FEDORA-EPEL-2019-86233aded1)
Extremely fast hash algorithm
--------------------------------------------------------------------------------
Update Information:
xxhash 0.7.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 17 2019 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.7.1-1
- Update to version 0.7.1
* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1742760 - xxhash-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1742760
--------------------------------------------------------------------------------