The following Fedora EPEL 7 Security updates need testing:
Age URL
309
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
101
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-925e9374c9
python-pymongo-3.0.3-1.el7
71
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
35
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-f82c6fc04a
p7zip-15.09-4.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-4181488d68
lighttpd-1.4.39-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-864da6c179
nghttp2-1.6.0-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e21e03e52f
mono-2.10.8-9.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-3e181e41ca
openvpn-2.3.10-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-039bf0137a
salt-2015.5.8-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e04c714f9d
gajim-0.16.5-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ec85678f0c
nodejs-ws-1.0.1-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-dd35749dd3
wordpress-4.4.1-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-43613cf75a
keepassx-0.4.4-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e34ffdd692
prosody-0.9.9-2.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-273a82f7db
owncloud-8.0.10-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8da165e1bb
mbedtls-2.2.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
dcap-2.47.10-1.el7
elementary-1.16.1-1.el7
erlang-R16B-03.12.el7
evas-generic-loaders-1.16.0-1.el7
mbedtls-2.2.1-1.el7
moodle-3.0.2-1.el7
ocserv-0.10.11-1.el7
owncloud-8.0.10-1.el7
perl-Date-Holidays-DE-1.7-1.el7
prosody-0.9.9-2.el7
python-fedora-0.7.1-2.el7
python-ivi-0.14.9-3.el7
python-jwt-1.4.0-2.el7
python-unittest2-1.1.0-4.el7
radicale-1.1.1-1.el7
rubygem-therubyracer-0.11.0-13.el7
Details about builds:
================================================================================
dcap-2.47.10-1.el7 (FEDORA-EPEL-2016-27b9e753cb)
Client Tools for dCache
--------------------------------------------------------------------------------
Update Information:
New release with IPv6 fixes.
--------------------------------------------------------------------------------
================================================================================
elementary-1.16.1-1.el7 (FEDORA-EPEL-2016-a94e03f83a)
Basic widget set that is easy to use based on EFL
--------------------------------------------------------------------------------
Update Information:
Initial port to epel7
--------------------------------------------------------------------------------
================================================================================
erlang-R16B-03.12.el7 (FEDORA-EPEL-2016-3ba210f393)
General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:
* Enable crash dump creation during a large distrubution error
--------------------------------------------------------------------------------
================================================================================
evas-generic-loaders-1.16.0-1.el7 (FEDORA-EPEL-2016-1fbb757afe)
Set of generic loaders for Evas
--------------------------------------------------------------------------------
Update Information:
Initial port to epel7
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.2.1-1.el7 (FEDORA-EPEL-2016-8da165e1bb)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.2.1 Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released ----
- Rebase mbedTLS to 2.2.0 Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl.1.2.18-released
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297437 - mbedtls, polarssl: potential double free during certificate
generation
https://bugzilla.redhat.com/show_bug.cgi?id=1297437
--------------------------------------------------------------------------------
================================================================================
moodle-3.0.2-1.el7 (FEDORA-EPEL-2016-551b68b67a)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
ocserv-0.10.11-1.el7 (FEDORA-EPEL-2016-e0b981da6b)
OpenConnect SSL VPN server
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
================================================================================
owncloud-8.0.10-1.el7 (FEDORA-EPEL-2016-273a82f7db)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
This update provides the new upstream patch release of ownCloud (7.0.12 for EPEL
6, 8.0.10 for all other distributions). It also adds a 'well-known' redirect for
WebDAV (alongside the existing ones for CalDAV and CardDAV) - if you don't know
what this is, don't worry. These are bugfix updates which include fixes for some
security vulnerabilities rated 'low' and 'medium' by upstream. For full
details
on the changes, see the [upstream
changelog](https://www.owncloud.org/changelog)
and the security advisories: [OC-
SA-2016-001](https://owncloud.org/security/advisory/?id=oc-sa-2016-001), [OC-
SA-2016-002](https://owncloud.org/security/advisory/?id=oc-sa-2016-002), [OC-
SA-2016-003](https://owncloud.org/security/advisory/?id=oc-sa-2016-003), [OC-
SA-2016-004](https://owncloud.org/security/advisory/?id=oc-sa-2016-004).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297360 - CVE-2016-1500 owncloud: disclosure of files that begin with
".v" due to unchecked return value [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1297360
[ 2 ] Bug #1297354 - CVE-2016-1498 owncloud: reflected XSS in OCS provider discovery
[epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1297354
--------------------------------------------------------------------------------
================================================================================
perl-Date-Holidays-DE-1.7-1.el7 (FEDORA-EPEL-2016-ee1305ce72)
Perl module to determine German holidays
--------------------------------------------------------------------------------
Update Information:
Date::Holidays::DE v1.7 ======================= - Added reformation day as
one-time common federal holiday in 2017 - Thanks to Christoph Biedl
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297365 - Upgrade perl-Date-Holidays-DE to 1.7
https://bugzilla.redhat.com/show_bug.cgi?id=1297365
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.9-2.el7 (FEDORA-EPEL-2016-e34ffdd692)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.9 ============= A summary of changes: Security fixes
-------------- * Fix path traversal vulnerability in mod_http_files
(CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets
(CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix
traceback when deleting a user in some configurations (issue #496) * MUC:
restrict_room_creation could prevent users from joining rooms (issue #458) *
MUC: fix occasional dropping of iq stanzas sent privately between occupants *
Fix a potential memory leak in mod_pep Additions --------- * Add http:list()
command to telnet to view active HTTP services * Simplify IPv4/v6 address
selection code for outgoing s2s * Add support for importing SCRAM hashes from
ejabberd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use of weak PRNG in generation of dialback
secrets
https://bugzilla.redhat.com/show_bug.cgi?id=1296984
[ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in
mod_http_files
https://bugzilla.redhat.com/show_bug.cgi?id=1296983
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.7.1-2.el7 (FEDORA-EPEL-2016-50448945cd)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
Fix a regression in the config parser.
--------------------------------------------------------------------------------
================================================================================
python-ivi-0.14.9-3.el7 (FEDORA-EPEL-2016-916a2ecad2)
Python Interchangeable Virtual Instrument Library
--------------------------------------------------------------------------------
Update Information:
- New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1294275 - Review Request: python-ivi - Python Interchangeable Virtual
Instrument Library
https://bugzilla.redhat.com/show_bug.cgi?id=1294275
--------------------------------------------------------------------------------
================================================================================
python-jwt-1.4.0-2.el7 (FEDORA-EPEL-2016-8464f51438)
JSON Web Token implementation in Python
--------------------------------------------------------------------------------
Update Information:
Initial build for epel7.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297170 - EPEL7 builds for python-jwt
https://bugzilla.redhat.com/show_bug.cgi?id=1297170
--------------------------------------------------------------------------------
================================================================================
python-unittest2-1.1.0-4.el7 (FEDORA-EPEL-2016-2bcdb58647)
The new features in unittest backported to Python 2.4+
--------------------------------------------------------------------------------
Update Information:
Fix tests building on EPEL-7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1210244 - Please update to the latest unittest2 1.1.0
https://bugzilla.redhat.com/show_bug.cgi?id=1210244
--------------------------------------------------------------------------------
================================================================================
radicale-1.1.1-1.el7 (FEDORA-EPEL-2015-8212)
A simple CalDAV (calendar) and CardDAV (contact) server
--------------------------------------------------------------------------------
Update Information:
Fix policycore-utils and python-pam dependencies on el6/el7/fc22, Switch
conditionally back to python2 to support el6/el7 ---- fix policycore-utils and
python-pam dependencies, switch conditionally back to python2 to support el6/el7
---- Switch conditionally back to python2 to support el6/el7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296382 - Package not available in epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1296382
--------------------------------------------------------------------------------
================================================================================
rubygem-therubyracer-0.11.0-13.el7 (FEDORA-EPEL-2016-a355fbef61)
Embed the V8 Javascript interpreter into Ruby
--------------------------------------------------------------------------------
Update Information:
Add explicit Requires for rubygem-ref ---- Bring packge to EPEL7
--------------------------------------------------------------------------------