The following Fedora EPEL 7 Security updates need testing:
Age URL
809
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
571
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
153
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
51
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
49
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4
tnef-1.4.14-1.el7
48
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
28
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e2fae7fb04
squirrelmail-1.4.22-16.el7
21
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-828e5e0986
lynis-2.5.0-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2acdfa3ad8
struts-1.3.10-14.1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6acdeb07a7
chicken-4.12.0-2.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c97810a9a7
jbig2dec-0.12-4.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4269265615
menu-cache-1.0.1-2.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-692b72b3c9
chromium-58.0.3029.110-2.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a9209fb240
wordpress-4.7.5-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3ad7cbb1a1
moodle-3.1.6-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0b04702c2
compat-tidy-0.99.0-37.20091203.el7 libopkele-2.0.4-9.el7 mod_auth_openid-0.8-2.el7
psi-plus-0.16-0.22.20141205git440.el7 tidy-5.4.0-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cjdns-19.1-4.el7
cobbler-2.8.1-1.el7
compat-tidy-0.99.0-37.20091203.el7
libopkele-2.0.4-9.el7
mod_auth_openid-0.8-2.el7
module-build-service-1.3.22-2.el7
perl-HTTP-Headers-Fast-0.20-3.el7
perl-IO-TieCombine-1.005-4.el7
php-cs-fixer-2.2.4-1.el7
psi-plus-0.16-0.22.20141205git440.el7
python-fedmsg-rabbitmq-serializer-0.0.5-4.el7
python-idstools-0.6.1-1.el7
python-openidc-client-0-3.20170523git77cb3ee.el7
tidy-5.4.0-1.el7
Details about builds:
================================================================================
cjdns-19.1-4.el7 (FEDORA-EPEL-2017-39be513ab9)
The privacy-friendly network without borders
--------------------------------------------------------------------------------
Update Information:
Call sodium_init(), include mkpasswd (but not in /usr/bin). EL7 users will want
this to update to protocol 19.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1455317 - cjdroute and others fail to call sodium_init()
https://bugzilla.redhat.com/show_bug.cgi?id=1455317
--------------------------------------------------------------------------------
================================================================================
cobbler-2.8.1-1.el7 (FEDORA-EPEL-2017-478a4e6751)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
Update to 2.8.1: Feature improvements: - Signature added for: sles 12sp2 -
Signature added for: fedora 26 - Signature added for: ubuntu 17.04 -
Signature added for: freebsd 10.3 - Signature added for: freebsd 11.0 -
Signature added for: xen server 7.0 - Signature added for: xen server 7.1
Bugfixes: - Cleanup distro_signatures - Use $bind_master in
secondary.template (#1720) - Add zonename to metadata in manage_bind (#1700)
- Update cobbler.wsgi to Django >=1.4 API - Add some input validation to
repo configuration (#1741) - Fix handling of multiple bridge interfaces
(#1735) - Added warnings in kickstart samples (#1737) - Fix the auto-build
when using autodiscovery (#1753) - Fixes to setup.py so that python setup.py
install now works again on Debian/Ubuntu (#1750) - Replication now works with
Cobbler using non standard ports (#1637) - Generalize names for named/dhcpd
executables in cobbler check (#1672) - No more manual symlinks required for
Python dist-packages on Debian/Ubuntu (#1751) - Code cleanup in kickgen.py,
setup.py, etc - Fixes to several API calls relating to mgmtclass, file and
package - RHEL7 still needs to use the nameserver option - Master
interface now inherits MTU setting from slave interface - Don't add multiple
(bond) slave interfaces to dhcpd.conf - Grub legacy loaders updated to the
latest versions available - Enable the source tree to be cloned on Windows
systems (#1722) - Minor SuSE AutoYast improvements
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1442353 - Replication now works with Cobbler using non standard ports, fixes
#1637
https://bugzilla.redhat.com/show_bug.cgi?id=1442353
[ 2 ] Bug #1404826 - cobbler_web is broken with django 1.8.8 (with patch)
https://bugzilla.redhat.com/show_bug.cgi?id=1404826
--------------------------------------------------------------------------------
================================================================================
compat-tidy-0.99.0-37.20091203.el7 (FEDORA-EPEL-2017-c0b04702c2)
Compatibility utility and library to clean up and pretty print HTML/XHTML/XML
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version of tidy, and provide a compat-tidy package for
those packages (like php-extras) not ready to use the newer version yet.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in
ParseValue()
https://bugzilla.redhat.com/show_bug.cgi?id=1228297
[ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters
https://bugzilla.redhat.com/show_bug.cgi?id=1312881
[ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline
https://bugzilla.redhat.com/show_bug.cgi?id=1312877
--------------------------------------------------------------------------------
================================================================================
libopkele-2.0.4-9.el7 (FEDORA-EPEL-2017-c0b04702c2)
C++ implementation of the OpenID decentralized identity system
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version of tidy, and provide a compat-tidy package for
those packages (like php-extras) not ready to use the newer version yet.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in
ParseValue()
https://bugzilla.redhat.com/show_bug.cgi?id=1228297
[ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters
https://bugzilla.redhat.com/show_bug.cgi?id=1312881
[ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline
https://bugzilla.redhat.com/show_bug.cgi?id=1312877
--------------------------------------------------------------------------------
================================================================================
mod_auth_openid-0.8-2.el7 (FEDORA-EPEL-2017-c0b04702c2)
OpenID authentication for apache
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version of tidy, and provide a compat-tidy package for
those packages (like php-extras) not ready to use the newer version yet.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in
ParseValue()
https://bugzilla.redhat.com/show_bug.cgi?id=1228297
[ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters
https://bugzilla.redhat.com/show_bug.cgi?id=1312881
[ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline
https://bugzilla.redhat.com/show_bug.cgi?id=1312877
--------------------------------------------------------------------------------
================================================================================
module-build-service-1.3.22-2.el7 (FEDORA-EPEL-2017-7fe5f569b6)
The Module Build Service for Modularity
--------------------------------------------------------------------------------
Update Information:
New version 1.3.22.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1435222 - module-build-service-1.3.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1435222
--------------------------------------------------------------------------------
================================================================================
perl-HTTP-Headers-Fast-0.20-3.el7 (FEDORA-EPEL-2017-f951efb08d)
Faster implementation of HTTP::Headers
--------------------------------------------------------------------------------
Update Information:
HTTP::Headers::Fast is a perl class for parsing/writing HTTP headers.
--------------------------------------------------------------------------------
================================================================================
perl-IO-TieCombine-1.005-4.el7 (FEDORA-EPEL-2017-f1773b75bb)
Produce tied (and other) separate but combined variables
--------------------------------------------------------------------------------
Update Information:
This package allows you to tie separate variables into a combined whole, using
ties and other magic. This can be very useful when, say, you want a unified
output from various different things that return data in different ways
(STDIN/ERR, scalars, handles, etc).
--------------------------------------------------------------------------------
================================================================================
php-cs-fixer-2.2.4-1.el7 (FEDORA-EPEL-2017-7515ce7351)
A tool to automatically fix PHP code style
--------------------------------------------------------------------------------
Update Information:
Changelog for **version 2.2.4** * bug #2682 DoctrineAnnotationIndentationFixer
- fix handling nested annotations (edhgoose, julienfalque) * bug #2700 Fix
Doctrine Annotation end detection (julienfalque) * bug #2715 OrderedImportsFixer
- handle indented groups (pilgerone) * bug #2732 HeaderCommentFixer - fix
handling blank lines (s7b4) * bug #2745 Fix Doctrine Annotation newlines
(julienfalque) * bug #2752 FixCommand - fix typo in warning message (mnapoli) *
bug #2757 GeckoPHPUnit is not dev dependency (keradus) * bug #2759 Update
gitattributes (SpacePossum) * bug #2763 Fix describe command with PSR-0 fixer
(julienfalque) * bug #2768 Tokens::ensureWhitespaceAtIndex - clean up comment
check, add check for T_OPEN (SpacePossum) * bug #2783
Tokens::ensureWhitespaceAtIndex - Fix handling line endings (SpacePossum) *
minor #2663 Use colors for keywords in commands output (julienfalque, keradus) *
minor #2706 Update README (SpacePossum) * minor #2714 README.rst - fix wrong
value in example (mleko) * minor #2721 Update phpstorm article link to a fresh
blog post (valeryan) * minor #2727 PHPUnit - use speedtrap (keradus) * minor
#2728 SelfUpdateCommand - verify that it's possible to replace current file
(keradus) * minor #2729 DescribeCommand - add decorated output test
(julienfalque) * minor #2731 BracesFixer - properly pass config in utest
dataProvider (keradus) * minor #2738 Upgrade tests to use new, namespaced
PHPUnit TestCase class (keradus) * minor #2743 Fixing example and description
for GeneralPhpdocAnnotationRemoveFixer (kubawerlos) * minor #2744
AbstractDoctrineAnnotationFixerTestCase - split fixers test cases (julienfalque)
* minor #2755 Fix compatibility with PHPUnit 5.4.x (keradus) * minor #2758
Readme - improve CI integration guidelines (keradus) * minor #2769 Psr0Fixer -
remove duplicated example (julienfalque) * minor #2775
NoExtraConsecutiveBlankLinesFixer - remove duplicate code sample. (SpacePossum)
* minor #2778 AutoReview - watch that code samples are unique (keradus) * minor
#2787 Add warnings about missing dom ext and require json ext (keradus) * minor
#2792 Use composer-require-checker (keradus) * minor #2796 Update .gitattributes
(SpacePossum) * minor #2800 PhpdocTypesFixerTest - Fix typo in covers annotation
(SpacePossum)
--------------------------------------------------------------------------------
================================================================================
psi-plus-0.16-0.22.20141205git440.el7 (FEDORA-EPEL-2017-c0b04702c2)
Jabber client based on Qt
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version of tidy, and provide a compat-tidy package for
those packages (like php-extras) not ready to use the newer version yet.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in
ParseValue()
https://bugzilla.redhat.com/show_bug.cgi?id=1228297
[ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters
https://bugzilla.redhat.com/show_bug.cgi?id=1312881
[ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline
https://bugzilla.redhat.com/show_bug.cgi?id=1312877
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-rabbitmq-serializer-0.0.5-4.el7 (FEDORA-EPEL-2017-6ce9a893d9)
fedmsg consumer to serialize bus messages into a rabbitmq worker queue
--------------------------------------------------------------------------------
Update Information:
New package for Fedora
--------------------------------------------------------------------------------
================================================================================
python-idstools-0.6.1-1.el7 (FEDORA-EPEL-2017-52970a3b1b)
Snort and Suricata Rule and Event Utilities
--------------------------------------------------------------------------------
Update Information:
upstream update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1452025 - [abrt] python3-idstools: rule.py:208:parse:TypeError: cannot use a
string pattern on a bytes-like object
https://bugzilla.redhat.com/show_bug.cgi?id=1452025
--------------------------------------------------------------------------------
================================================================================
python-openidc-client-0-3.20170523git77cb3ee.el7 (FEDORA-EPEL-2017-bf248479c9)
Python OpenID Connect client with token caching and management
--------------------------------------------------------------------------------
Update Information:
python-openidc-client-0-3.20170523git77cb3ee update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437845 - python-openidc-client-v0.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1437845
--------------------------------------------------------------------------------
================================================================================
tidy-5.4.0-1.el7 (FEDORA-EPEL-2017-c0b04702c2)
Utility to clean up and pretty print HTML/XHTML/XML
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version of tidy, and provide a compat-tidy package for
those packages (like php-extras) not ready to use the newer version yet.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in
ParseValue()
https://bugzilla.redhat.com/show_bug.cgi?id=1228297
[ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters
https://bugzilla.redhat.com/show_bug.cgi?id=1312881
[ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline
https://bugzilla.redhat.com/show_bug.cgi?id=1312877
--------------------------------------------------------------------------------