Fedora EPEL 7 Update: php-behat-mink-1.8.1-1.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-ce525d7280
2020-04-05 00:42:23.420822
--------------------------------------------------------------------------------
Name : php-behat-mink
Product : Fedora EPEL 7
Version : 1.8.1
Release : 1.el7
URL : http://mink.behat.org/
Summary : Browser controller/emulator abstraction for PHP
Description :
One of the most important parts in the web is a browser. Browser is the window
through which web users interact with web applications and other users. Users
are always talking with web applications through browsers.
So, in order to test that our web application behaves correctly, we need a way
to simulate this interaction between the browser and the web application in our
tests. We need a Mink.
Mink is an open source browser controller/emulator for web applications,
written in PHP.
Read Mink at a Glance [1] to learn more about Mink and why you need it.
Autoloader: /usr/share/php/Behat/Mink/autoload.php
[1] http://mink.behat.org/en/latest/at-a-glance.html
--------------------------------------------------------------------------------
Update Information:
1.8.1 / 2020-03-11 ================== Bug fixes: * Fixed the phpdoc of
`NodeElement::getValue`. This method actually returns `null` in some cases
(unchecked checkbox for instance) 1.8.0 / 2020-03-11 ================== New
features: * Auto-start the session on first call to `visit`.
`Mink::getSession()` will no longer start the session automatically. * Added
support for `symfony/css-selector` 4 and 5 Bug fixes: * Fixed the message when
reporting the deprecation of `ExpectationException::getSession()` * Fixed
support for XPath selectors using `|` inside strings or conditions rather than
as a top-level union * Fixed compatibility with PHP 7.2 not allowing to use
`count` on strings Testsuite: * Added PHP 7.1, 7.2, 7.3 and 7.4 in the CI *
Removed HHVM from CI as they stopped supporting PHP compatibility Driver
testsuite: * The driver testsuite is no longer part of this package. Use
`mink/driver-testsuite` to run driver tests instead. Misc: * Changed phpdoc
types from `Boolean` to `boolean` to be compatible with psalm type checking
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2020 Shawn Iwinski <shawn(a)iwin.ski> - 1.8.1-1
- Update to 1.8.1 (RHBZ #1812690)
- Obsolete test suite sub-package
- Testsuite as source to ensure proper version/commit
- Conditionally use range dependencies
- Conditionally drop Symfony 2 interoperability
- Conditionally use PHPUnit 7
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Sep 22 2017 Shawn Iwinski <shawn(a)iwin.ski> - 1.7.1-5
- Fix autoloader for Symfony 3
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1812690 - php-behat-mink-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1812690
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-behat-mink' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month
Fedora EPEL 7 Update: php-behat-mink-browserkit-driver-1.3.4-2.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-237351e3ea
2020-04-05 00:42:23.420807
--------------------------------------------------------------------------------
Name : php-behat-mink-browserkit-driver
Product : Fedora EPEL 7
Version : 1.3.4
Release : 2.el7
URL : http://mink.behat.org/en/latest/drivers/browserkit.html
Summary : Symfony BrowserKit driver for Mink framework
Description :
BrowserKitDriver provides a bridge for the Symfony BrowserKit [1] component.
BrowserKit is a browser emulator provided by the Symfony project [2].
Autoloader: /usr/share/php/Behat/Mink/Driver/autoload-browserkit.php
[1] http://symfony.com/components/BrowserKit
[2] http://symfony.com/
--------------------------------------------------------------------------------
Update Information:
1.3.4 / 2020-03-11 ================== BC Break: * Changed the return value for
`getValue` on a select without any options to an empty string rather than `null`
to respect the common contract between Mink drivers Bug fixes: * Changed
phpdoc types from `Boolean` to `boolean` to be compatible with psalm type
checking * Improved compatibility with the HTML5 parsing of the symfony/dom-
crawler component in 4.4+ * Removed usages of APIs deprecated in symfony/dom-
crawler 4.4 * Send the configured headers when submitting forms Testsuite: *
Removed HHVM from CI as they dropped support for PHP compatibility * Added CI on
PHP 7.2, 7.3 and 7.4 1.3.3 / 2018-05-02 ================== * Added Symfony 4.0
compatibility.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2020 Shawn Iwinski <shawn(a)iwin.ski> - 1.3.4-2
- Conditional Symfony 2 or not
- Fix autoloader for PHP < 5.4
- Add test suite BuildRequires
* Tue Mar 17 2020 Shawn Iwinski <shawn(a)iwin.ski> - 1.3.4-1
- Update to 1.3.4 (RHBZ #1574132)
- Testsuite as source to ensure proper version/commit
- Conditionally use range dependencies
- Drop Symfony 2 interoperability
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574132 - php-behat-mink-browserkit-driver-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574132
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-behat-mink-browserkit-driver' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month
[SECURITY] Fedora EPEL 7 Update: ckeditor-4.14.0-1.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-7c64d8ca18
2020-04-05 00:42:23.420791
--------------------------------------------------------------------------------
Name : ckeditor
Product : Fedora EPEL 7
Version : 4.14.0
Release : 1.el7
URL : http://ckeditor.com/
Summary : WYSIWYG text editor to be used inside web pages
Description :
CKEditor is a text editor to be used inside web pages. It's a WYSIWYG editor,
which means that the text being edited on it looks as similar as possible to
the results users have when publishing it. It brings to the web common editing
features found on desktop editing applications like Microsoft Word and
OpenOffice.
--------------------------------------------------------------------------------
Update Information:
## CKEditor 4.14 **Security Updates:** *
[CVE-2020-9281](https://nvd.nist.gov/vuln/detail/CVE-2020-9281) Fixed XSS
vulnerability in the HTML data processor reported by [Micha��
Bentkowski](https://twitter.com/securitymb) of Securitum. Issue
summary: It was possible to execute XSS inside CKEditor after persuading the
victim to: (i) switch CKEditor to source mode, then (ii) paste a specially
crafted HTML code, prepared by the attacker, into the opened CKEditor source
area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted
HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG
mode. * [CVE-2020-9440](https://nvd.nist.gov/vuln/detail/CVE-2020-9440) Fixed
XSS vulnerability in the WebSpellChecker Dialog plugin reported by [Pham Van
Khanh](https://twitter.com/rskvp93) from Viettel Cyber Security. Issue
summary: It was possible to execute XSS using CKEditor after persuading the
victim to: (i) switch CKEditor to source mode, then (ii) paste a specially
crafted HTML code, prepared by the attacker, into the opened CKEditor source
area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content
outside CKEditor editable area. **An upgrade is highly recommended!** New
features: * [#2374](https://github.com/ckeditor/ckeditor4/issues/2374): Added
support for pasting rich content from LibreOffice Writer with the [Paste from
LibreOffice](https://ckeditor.com/cke4/addon/pastefromlibreoffice) plugin. *
[#2583](https://github.com/ckeditor/ckeditor4/issues/2583): Changed
[emoji](https://ckeditor.com/cke4/addon/emoji) suggestion box to show the
matched emoji name instead of an ID. *
[#3748](https://github.com/ckeditor/ckeditor4/issues/3748): Improved the [color
button](https://ckeditor.com/cke4/addon/colorbutton) state to reflect the
selected editor content colors. *
[#3661](https://github.com/ckeditor/ckeditor4/issues/3661): Improved the
[Print](https://ckeditor.com/cke4/addon/print) plugin to respect styling
rendered by the [Preview](https://ckeditor.com/cke4/addon/preview) plugin. *
[#3547](https://github.com/ckeditor/ckeditor4/issues/3547): Active
[dialog](https://ckeditor.com/cke4/addon/dialog) tab now has the `aria-
selected="true"` attribute. *
[#3441](https://github.com/ckeditor/ckeditor4/issues/3441): Improved [`widget.ge
tClipboardHtml()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITO...
ns_widget.html#method-getClipboardHtml) support for dragging and dropping
multiple [widgets](https://ckeditor.com/cke4/addon/widget). Fixed Issues: *
[#3587](https://github.com/ckeditor/ckeditor4/issues/3587): [Edge, IE] Fixed:
[Widget](https://ckeditor.com/cke4/addon/widget) with form input elements loses
focus during typing. *
[#3705](https://github.com/ckeditor/ckeditor4/issues/3705): [Safari] Fixed:
Safari incorrectly removes blocks with the [`editor.extractSelectedHtml()`](http
s://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_editor.html#method-
extractSelectedHtml) method after selecting all content. *
[#1306](https://github.com/ckeditor/ckeditor4/issues/1306): Fixed: The
[Font](https://ckeditor.com/cke4/addon/font) plugin creates nested HTML `<span>`
tags when reapplying the same font multiple times. *
[#3498](https://github.com/ckeditor/ckeditor4/issues/3498): Fixed: The editor
throws an error during the copy operation when a
[widget](https://ckeditor.com/cke4/addon/widget) is partially selected. *
[#2517](https://github.com/ckeditor/ckeditor4/issues/2517): [Chrome, Firefox,
Safari] Fixed: Inserting a new image when the selection partially covers an
existing [enhanced image](https://ckeditor.com/cke4/addon/image2) widget throws
an error. * [#3007](https://github.com/ckeditor/ckeditor4/issues/3007): [Chrome,
Firefox, Safari] Fixed: Cannot modify the editor content once the selection is
released over a [widget](https://ckeditor.com/cke4/addon/widget). *
[#3698](https://github.com/ckeditor/ckeditor4/issues/3698): Fixed: Cutting the
selected text when a [widget](https://ckeditor.com/cke4/addon/widget) is
partially selected merges paragraphs. API Changes: *
[#3387](https://github.com/ckeditor/ckeditor4/issues/3387): Added the [CKEDITOR.
ui.richCombo.select()](https://ckeditor.com/docs/ckeditor4/latest/api/CKE...
i_richCombo.html#method-select) method. *
[#3727](https://github.com/ckeditor/ckeditor4/issues/3727): Added new
`textColor` and `bgColor` commands that apply the selected color chosen by the
[Color Button](https://ckeditor.com/cke4/addon/colorbutton) plugin. *
[#3728](https://github.com/ckeditor/ckeditor4/issues/3728): Added new `font` and
`fontSize` commands that apply the selected font style chosen by the
[Font](https://ckeditor.com/cke4/addon/colorbutton) plugin. *
[#3842](https://github.com/ckeditor/ckeditor4/issues/3842): Added the [`editor.g
etSelectedRanges()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDI...
tor.html#method-getSelectedRanges) alias. *
[#3775](https://github.com/ckeditor/ckeditor4/issues/3775): Widget [mask](https:
//ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_plugins_widget.html#property-
mask) and [parts](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_plugin
s_widget.html#property-parts) can now be refreshed dynamically via API calls.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 20 2020 Shawn Iwinski <shawn(a)iwin.ski> - 4.14.0-1
- Update to 4.14.0 (RHBZ #1810020)
- CVE-2020-9281 (RHBZ #1814825,1814826,1814827)
- CVE-2020-9440
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.13.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1810020 - ckeditor-4.14.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1810020
[ 2 ] Bug #1814826 - CVE-2020-9281 ckeditor: XSS in the HTML Data Processor allows remote attackers to inject arbitrary web script through a crafted "protected" comment [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1814826
[ 3 ] Bug #1814827 - CVE-2020-9281 ckeditor: XSS in the HTML Data Processor allows remote attackers to inject arbitrary web script through a crafted "protected" comment [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1814827
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update ckeditor' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month
Fedora EPEL 7 Update: php-theseer-autoload-1.25.9-1.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-b6dc3c583d
2020-04-05 00:42:23.420775
--------------------------------------------------------------------------------
Name : php-theseer-autoload
Product : Fedora EPEL 7
Version : 1.25.9
Release : 1.el7
URL : https://github.com/theseer/Autoload
Summary : A tool and library to generate autoload code
Description :
The PHP AutoloadBuilder CLI tool phpab is a command line application
to automate the process of generating an autoload require file with
the option of creating static require lists as well as phar archives.
--------------------------------------------------------------------------------
Update Information:
**Release 1.25.9** * Merge PR
[#89](https://github.com/theseer/Autoload/pull/89): Throw an exception if the
template file cannot be read * Update ConsoleTools, Fixes
[#91](https://github.com/theseer/Autoload/issues/91) - Zeta Components
ConsoleTools uses PHP syntax deprecated in PHP 7.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 20 2020 Remi Collet <remi(a)remirepo.net> - 1.25.9-1
- update to 1.25.9
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-theseer-autoload' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month
Fedora EPEL 7 Update: msgpack-3.1.0-4.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-0cb190ad4a
2020-04-05 00:42:23.420753
--------------------------------------------------------------------------------
Name : msgpack
Product : Fedora EPEL 7
Version : 3.1.0
Release : 4.el7
URL : http://msgpack.org
Summary : Binary-based efficient object serialization library
Description :
MessagePack is a binary-based efficient object serialization
library. It enables to exchange structured objects between many
languages like JSON. But unlike JSON, it is very fast and small.
--------------------------------------------------------------------------------
Update Information:
New release for EPEL7
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Aug 22 2018 Daiki Ueno <dueno(a)redhat.com> - 3.1.0-1
- new upstream release
- cmake configuration files no longer rely on nonexistent static libraries
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 7 2018 Daiki Ueno <dueno(a)redhat.com> - 3.0.1-1
- new upstream release
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Feb 3 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 1.4.2-4
- Switch to %ldconfig_scriptlets
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Feb 21 2017 Daiki Ueno <dueno(a)redhat.com> - 1.4.2-1
- new upstream release
- avoid FTBFS with GCC7
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1793715 - Update to a recent release
https://bugzilla.redhat.com/show_bug.cgi?id=1793715
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update msgpack' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month
Fedora EPEL 7 Update: python-colander-1.7.0-2.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-a105194954
2020-04-05 00:42:23.420626
--------------------------------------------------------------------------------
Name : python-colander
Product : Fedora EPEL 7
Version : 1.7.0
Release : 2.el7
URL : https://pypi.python.org/pypi/colander
Summary : A simple schema-based serialization and deserialization library
Description :
An extensible package which can be used to:
- deserialize and validate a data structure composed of strings, mappings,
and lists.
- serialize an arbitrary data structure to a data structure composed of
strings, mappings, and lists.
Please see http://docs.pylonsproject.org/projects/colander/en/latest/ for
further documentation.
--------------------------------------------------------------------------------
Update Information:
Add Requires for python2-iso8601. Fixes bug #1811130
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 19 2020 Kevin Fenzi <kevin(a)scrye.com> - 1.7.0-2
- Add Requires for python2-iso8601. Fixes bug #1811130
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1811130 - Colander needs to require python-iso8601
https://bugzilla.redhat.com/show_bug.cgi?id=1811130
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-colander' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month
[SECURITY] Fedora EPEL 6 Update: ckeditor-4.14.0-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-9190462510
2020-04-05 00:39:01.042785
--------------------------------------------------------------------------------
Name : ckeditor
Product : Fedora EPEL 6
Version : 4.14.0
Release : 1.el6
URL : http://ckeditor.com/
Summary : WYSIWYG text editor to be used inside web pages
Description :
CKEditor is a text editor to be used inside web pages. It's a WYSIWYG editor,
which means that the text being edited on it looks as similar as possible to
the results users have when publishing it. It brings to the web common editing
features found on desktop editing applications like Microsoft Word and
OpenOffice.
--------------------------------------------------------------------------------
Update Information:
## CKEditor 4.14 **Security Updates:** *
[CVE-2020-9281](https://nvd.nist.gov/vuln/detail/CVE-2020-9281) Fixed XSS
vulnerability in the HTML data processor reported by [Micha��
Bentkowski](https://twitter.com/securitymb) of Securitum. Issue
summary: It was possible to execute XSS inside CKEditor after persuading the
victim to: (i) switch CKEditor to source mode, then (ii) paste a specially
crafted HTML code, prepared by the attacker, into the opened CKEditor source
area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted
HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG
mode. * [CVE-2020-9440](https://nvd.nist.gov/vuln/detail/CVE-2020-9440) Fixed
XSS vulnerability in the WebSpellChecker Dialog plugin reported by [Pham Van
Khanh](https://twitter.com/rskvp93) from Viettel Cyber Security. Issue
summary: It was possible to execute XSS using CKEditor after persuading the
victim to: (i) switch CKEditor to source mode, then (ii) paste a specially
crafted HTML code, prepared by the attacker, into the opened CKEditor source
area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content
outside CKEditor editable area. **An upgrade is highly recommended!** New
features: * [#2374](https://github.com/ckeditor/ckeditor4/issues/2374): Added
support for pasting rich content from LibreOffice Writer with the [Paste from
LibreOffice](https://ckeditor.com/cke4/addon/pastefromlibreoffice) plugin. *
[#2583](https://github.com/ckeditor/ckeditor4/issues/2583): Changed
[emoji](https://ckeditor.com/cke4/addon/emoji) suggestion box to show the
matched emoji name instead of an ID. *
[#3748](https://github.com/ckeditor/ckeditor4/issues/3748): Improved the [color
button](https://ckeditor.com/cke4/addon/colorbutton) state to reflect the
selected editor content colors. *
[#3661](https://github.com/ckeditor/ckeditor4/issues/3661): Improved the
[Print](https://ckeditor.com/cke4/addon/print) plugin to respect styling
rendered by the [Preview](https://ckeditor.com/cke4/addon/preview) plugin. *
[#3547](https://github.com/ckeditor/ckeditor4/issues/3547): Active
[dialog](https://ckeditor.com/cke4/addon/dialog) tab now has the `aria-
selected="true"` attribute. *
[#3441](https://github.com/ckeditor/ckeditor4/issues/3441): Improved [`widget.ge
tClipboardHtml()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITO...
ns_widget.html#method-getClipboardHtml) support for dragging and dropping
multiple [widgets](https://ckeditor.com/cke4/addon/widget). Fixed Issues: *
[#3587](https://github.com/ckeditor/ckeditor4/issues/3587): [Edge, IE] Fixed:
[Widget](https://ckeditor.com/cke4/addon/widget) with form input elements loses
focus during typing. *
[#3705](https://github.com/ckeditor/ckeditor4/issues/3705): [Safari] Fixed:
Safari incorrectly removes blocks with the [`editor.extractSelectedHtml()`](http
s://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_editor.html#method-
extractSelectedHtml) method after selecting all content. *
[#1306](https://github.com/ckeditor/ckeditor4/issues/1306): Fixed: The
[Font](https://ckeditor.com/cke4/addon/font) plugin creates nested HTML `<span>`
tags when reapplying the same font multiple times. *
[#3498](https://github.com/ckeditor/ckeditor4/issues/3498): Fixed: The editor
throws an error during the copy operation when a
[widget](https://ckeditor.com/cke4/addon/widget) is partially selected. *
[#2517](https://github.com/ckeditor/ckeditor4/issues/2517): [Chrome, Firefox,
Safari] Fixed: Inserting a new image when the selection partially covers an
existing [enhanced image](https://ckeditor.com/cke4/addon/image2) widget throws
an error. * [#3007](https://github.com/ckeditor/ckeditor4/issues/3007): [Chrome,
Firefox, Safari] Fixed: Cannot modify the editor content once the selection is
released over a [widget](https://ckeditor.com/cke4/addon/widget). *
[#3698](https://github.com/ckeditor/ckeditor4/issues/3698): Fixed: Cutting the
selected text when a [widget](https://ckeditor.com/cke4/addon/widget) is
partially selected merges paragraphs. API Changes: *
[#3387](https://github.com/ckeditor/ckeditor4/issues/3387): Added the [CKEDITOR.
ui.richCombo.select()](https://ckeditor.com/docs/ckeditor4/latest/api/CKE...
i_richCombo.html#method-select) method. *
[#3727](https://github.com/ckeditor/ckeditor4/issues/3727): Added new
`textColor` and `bgColor` commands that apply the selected color chosen by the
[Color Button](https://ckeditor.com/cke4/addon/colorbutton) plugin. *
[#3728](https://github.com/ckeditor/ckeditor4/issues/3728): Added new `font` and
`fontSize` commands that apply the selected font style chosen by the
[Font](https://ckeditor.com/cke4/addon/colorbutton) plugin. *
[#3842](https://github.com/ckeditor/ckeditor4/issues/3842): Added the [`editor.g
etSelectedRanges()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDI...
tor.html#method-getSelectedRanges) alias. *
[#3775](https://github.com/ckeditor/ckeditor4/issues/3775): Widget [mask](https:
//ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_plugins_widget.html#property-
mask) and [parts](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_plugin
s_widget.html#property-parts) can now be refreshed dynamically via API calls.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 20 2020 Shawn Iwinski <shawn(a)iwin.ski> - 4.14.0-1
- Update to 4.14.0 (RHBZ #1810020)
- CVE-2020-9281 (RHBZ #1814825,1814826,1814827)
- CVE-2020-9440
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.13.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1810020 - ckeditor-4.14.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1810020
[ 2 ] Bug #1814826 - CVE-2020-9281 ckeditor: XSS in the HTML Data Processor allows remote attackers to inject arbitrary web script through a crafted "protected" comment [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1814826
[ 3 ] Bug #1814827 - CVE-2020-9281 ckeditor: XSS in the HTML Data Processor allows remote attackers to inject arbitrary web script through a crafted "protected" comment [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1814827
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update ckeditor' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month
Fedora EPEL 6 Update: php-theseer-autoload-1.25.9-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-fc3f668790
2020-04-05 00:39:01.042497
--------------------------------------------------------------------------------
Name : php-theseer-autoload
Product : Fedora EPEL 6
Version : 1.25.9
Release : 1.el6
URL : https://github.com/theseer/Autoload
Summary : A tool and library to generate autoload code
Description :
The PHP AutoloadBuilder CLI tool phpab is a command line application
to automate the process of generating an autoload require file with
the option of creating static require lists as well as phar archives.
--------------------------------------------------------------------------------
Update Information:
**Release 1.25.9** * Merge PR
[#89](https://github.com/theseer/Autoload/pull/89): Throw an exception if the
template file cannot be read * Update ConsoleTools, Fixes
[#91](https://github.com/theseer/Autoload/issues/91) - Zeta Components
ConsoleTools uses PHP syntax deprecated in PHP 7.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 20 2020 Remi Collet <remi(a)remirepo.net> - 1.25.9-1
- update to 1.25.9
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-theseer-autoload' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month
Fedora EPEL 6 Update: php-behat-gherkin-4.6.2-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-6d41882ce2
2020-04-04 04:25:55.702989
--------------------------------------------------------------------------------
Name : php-behat-gherkin
Product : Fedora EPEL 6
Version : 4.6.2
Release : 1.el6
URL : http://behat.org/
Summary : Gherkin DSL parser for PHP
Description :
Gherkin DSL parser for PHP.
Autoloader: /usr/share/php/Behat/Gherkin/autoload.php
--------------------------------------------------------------------------------
Update Information:
## 4.6.2 / 2020-03-17 * Fixed issues due to incorrect cache key ## 4.6.1 /
2020-02-27 * Fix AZ translations * Correctly filter features, now that the base
path is correctly set ## 4.6.0 / 2019-01-16 * Updated translations (including
'Example' as synonym for 'Scenario' in `en`) ## 4.5.1 / 2017-08-30 * Fix
regression in `PathsFilter` ## 4.5.0 / 2017-08-30 * Sync i18n with Cucumber
Gherkin * Drop support for HHVM tests on Travis * Add `TableNode::fromList()`
method (thanks @TravisCarden) * Add `ExampleNode::getOutlineTitle()` method
(thanks @duxet) * Use realpath, so the feature receives the cwd prefixed (thanks
@glennunipro) * Explicitly handle non-two-dimensional arrays in TableNode
(thanks @TravisCarden) * Fix to line/linefilter scenario runs which take
relative paths to files (thanks @generalconsensus)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 18 2020 Shawn Iwinski <shawn(a)iwin.ski> - 4.6.2-1
- Update to 4.6.2 (RHBZ #1808131)
* Tue Mar 17 2020 Shawn Iwinski <shawn(a)iwin.ski> - 4.6.1-2
- Conditional Symfony 2 or not
* Tue Mar 17 2020 Shawn Iwinski <shawn(a)iwin.ski> - 4.6.1-1
- Update to 4.6.1 (RHBZ #1808131)
- Conditionally use range dependencies
- Drop Symfony 2 interoperability
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1808131 - php-behat-gherkin-4.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1808131
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-behat-gherkin' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month
[SECURITY] Fedora EPEL 7 Update: tor-0.3.5.10-1.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-33500a2742
2020-04-04 00:43:49.500407
--------------------------------------------------------------------------------
Name : tor
Product : Fedora EPEL 7
Version : 0.3.5.10
Release : 1.el7
URL : https://www.torproject.org
Summary : Anonymizing overlay network for TCP
Description :
The Tor network is a group of volunteer-operated servers that allows people to
improve their privacy and security on the Internet. Tor's users employ this
network by connecting through a series of virtual tunnels rather than making a
direct connection, thus allowing both organizations and individuals to share
information over public networks without compromising their privacy. Along the
same line, Tor is an effective censorship circumvention tool, allowing its
users to reach otherwise blocked destinations or content. Tor can also be used
as a building block for software developers to create new communication tools
with built-in privacy features.
This package contains the Tor software that can act as either a server on the
Tor network, or as a client to connect to the Tor network.
--------------------------------------------------------------------------------
Update Information:
update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2019 Marcel H��rry <mh+fedora(a)scrit.ch> - 0.3.5.10-1
- update to latest upstream release
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update tor' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 1 month