[EPEL-devel] Fedora EPEL 7 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Sep 17 01:53:41 UTC 2015
The following Fedora EPEL 7 Security updates need testing:
Age URL
308 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3989 cross-binutils-2.23.88.0.1-2.el7.1
192 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
88 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6813 chicken-4.9.0.1-4.el7
34 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7613 zabbix20-2.0.15-1.el7
21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7800 python-django-1.6.11-3.el7
15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7874 onionshare-0.7.1-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7909 pdns-3.4.6-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7960 php-doctrine-cache-1.4.2-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7962 php-doctrine-annotations-1.2.7-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7964 php-doctrine-doctrine-bundle-1.5.2-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8100 wordpress-4.3.1-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8113 php-ZendFramework2-2.4.8-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
argus-3.0.8-3.el7
caja-extensions-1.10.1-1.el7
cube-4.3.2-2.el7
dar-2.4.18-1.el7
davix-0.5.0-1.el7
future-0.15.2-2.el7
jnettop-0.13.0-16.el7
libmaxminddb-1.1.1-5.el7
mylvmbackup-0.16-1.el7
php-ZendFramework2-2.4.8-1.el7
php-pear-Mail-Mime-1.10.0-1.el7
pyrrd-0.1.0-1.el7
reposurgeon-3.29-1.el7
tomcat-native-1.1.33-1.el7
weechat-1.3-1.el7
wordpress-4.3.1-1.el7
Details about builds:
================================================================================
argus-3.0.8-3.el7 (FEDORA-EPEL-2015-8092)
Network transaction audit tool
--------------------------------------------------------------------------------
Update Information:
argus-3.0.8-3.el7 - Introduce new systemd-rpm macros in argus spec file, BZ
850029 - Missing argus client: ragraph, BZ 1152650 - Add cron.daily rotation of
argus data file, BZ 1219565 - remove executable permission bits from
argus.service, BZ 1252117
--------------------------------------------------------------------------------
================================================================================
caja-extensions-1.10.1-1.el7 (FEDORA-EPEL-2015-8099)
Set of extensions for caja file manager
--------------------------------------------------------------------------------
Update Information:
caja-extensions-1.10.1-1.fc21 - update to 1.10.1 release caja-
extensions-1.10.1-1.fc22 - update to 1.10.1 release caja-
extensions-1.10.1-1.el7 - update to 1.10.1 release caja-
extensions-1.10.1-1.fc23 - update to 1.10.1 release - enable gajim sendto
plugin
--------------------------------------------------------------------------------
================================================================================
cube-4.3.2-2.el7 (FEDORA-EPEL-2015-8093)
CUBE Uniform Behavioral Encoding generic presentation component
--------------------------------------------------------------------------------
Update Information:
cube-4.3.2-2.fc22 - Make separate libs package (for scorep) - Don't BR Java
stuff cube-4.3.2-2.el6 - Make separate libs package (for scorep) - Don't BR
Java stuff cube-4.3.2-2.el7 - Make separate libs package (for scorep) - Don't
BR Java stuff cube-4.3.2-2.fc23 - Make separate libs package (for scorep) -
Don't BR Java stuff
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1240311 - Please make a libs package
https://bugzilla.redhat.com/show_bug.cgi?id=1240311
--------------------------------------------------------------------------------
================================================================================
dar-2.4.18-1.el7 (FEDORA-EPEL-2015-8098)
Software for making/restoring incremental CD/DVD backups
--------------------------------------------------------------------------------
Update Information:
New upstream version dar-2.4.18-1.fc23 - New upstream version
dar-2.4.18-1.el7 - new upstream version dar-2.4.18-1.el6 - new upstream
version dar-2.4.18-1.el5 - new upstream version dar-2.4.18-1.fc22 - New
upstream version dar-2.4.18-1.fc21 - new upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258281 - dar-2.4.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1258281
--------------------------------------------------------------------------------
================================================================================
davix-0.5.0-1.el7 (FEDORA-EPEL-2015-8085)
Toolkit for Http-based file management
--------------------------------------------------------------------------------
Update Information:
Update to davix 0.5.0, see release note for details
--------------------------------------------------------------------------------
================================================================================
future-0.15.2-2.el7 (FEDORA-EPEL-2015-8089)
Easy, clean, reliable Python 2/3 compatibility
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250884 - Review Request: future - Easy, clean, reliable Python 2/3 compatibility
https://bugzilla.redhat.com/show_bug.cgi?id=1250884
--------------------------------------------------------------------------------
================================================================================
jnettop-0.13.0-16.el7 (FEDORA-EPEL-2015-8079)
Network traffic tracker
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 7 release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259307 - epel 7 version of jnettop
https://bugzilla.redhat.com/show_bug.cgi?id=1259307
--------------------------------------------------------------------------------
================================================================================
libmaxminddb-1.1.1-5.el7 (FEDORA-EPEL-2015-8087)
C library for the MaxMind DB file format
--------------------------------------------------------------------------------
Update Information:
C library for the MaxMind DB file format
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258874 - Review Request: libmaxminddb - C library for the MaxMind DB file format
https://bugzilla.redhat.com/show_bug.cgi?id=1258874
--------------------------------------------------------------------------------
================================================================================
mylvmbackup-0.16-1.el7 (FEDORA-EPEL-2015-8081)
Utility for creating MySQL backups via LVM snapshots
--------------------------------------------------------------------------------
Update Information:
# Version 0.16 - SNMP support. - BUG#1351000: fixed crash when specifying both
--help and $mail_report_on was set to 'always'.
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework2-2.4.8-1.el7 (FEDORA-EPEL-2015-8113)
Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystem
storage adapter of Zend\Cache was creating directories with a liberal umask that
could lead to local arbitrary code execution and/or local privilege escalation.
This release contains a patch that ensures the directories are created using
permissions of 0775 and files using 0664 (essentially umask 0002). **Bug
fixed** from upstream [Changelog](http://framework.zend.com/changelog/2.4.8) *
validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 as
non-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto-
attaching NonEmpty validators in favor of explicit attachment * ensure fallback
values work as per pre-2.4 behavior * update the InputFilterInterface::add()
docblock to match implementations * Fix how missing optoinal fields are
validated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmpty
annotations, per zend-inputfilter#26 * fix typos in aria attribute names of
AbstractHelper * fixes the ContentType header to properly handle encoded
parameter values * fixes the Sender header to allow mailbox addresses without
TLDs * fixes parsing of messages that contain an initial blank line before
headers * fixes the SetCookie header to allow multiline values (as they are
always encoded * fixes DefaultRenderingStrategy errors due to controllers
returning non-view model results
--------------------------------------------------------------------------------
================================================================================
php-pear-Mail-Mime-1.10.0-1.el7 (FEDORA-EPEL-2015-8080)
Classes to create MIME messages
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog: ** Version 1.10.0** * Add possibility to add externally
created Mail_mimePart objects as attachments [alec] * Add possibility to set
preamble text for multipart messages [alec] **Version 1.9.0** * Bug 20921:
Make Mail_mimePart::encodeHeaderValue() a static method [alec] * Bug 20931:
Really remove unset headers [alec] * Request 18772: Added methods for creating
text/calendar messages [alec] * Drop PHP4 support, Fix warnings on PHP7 [alec] *
Request 20564: Added possibility to unset headers [alec] * Request 20563: Added
isMultipart() method [alec] * Request 20565: Accept also a file pointer in
Mail_mimePart::encodeToFile(), Mail_mime::get() and Mail_mime::saveMessageBody()
[alec]
--------------------------------------------------------------------------------
================================================================================
pyrrd-0.1.0-1.el7 (FEDORA-EPEL-2015-8088)
A Pure Python Wrapper for RRDTool
--------------------------------------------------------------------------------
Update Information:
pyrrd-0.1.0-1.el7 - First build for EPEL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #494238 - Review Request: pyrrd - A Pure Python Wrapper for RRDTool
https://bugzilla.redhat.com/show_bug.cgi?id=494238
--------------------------------------------------------------------------------
================================================================================
reposurgeon-3.29-1.el7 (FEDORA-EPEL-2015-8111)
SCM Repository Manipulation Tool
--------------------------------------------------------------------------------
Update Information:
# 3.29: 2015-09-02 * Now included: git aliases that allow git to work with
action stamps. * **The new `repomapper` tool helps prepare contributor maps.** *
Use of branchify/branchify_map is now less likely to produce invalid resets. *
`branchify_map` has been changed to handle subdirectories better. `branchify_map
reset` actually works now. * Prevent a crash on empty SVN comments produced by
dumpfiltering. * `assign` command with no selection set or arguments lists
assignments. * New `--user-ignores` option on Subversion reads passes through
.gitignores. * `repotool initialize` now generates an easier-to-read conversion
makefile (Fedora: Used to be conversion.mk in /usr/share/doc/reposurgeon).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259536 - reposurgeon-3.29 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1259536
--------------------------------------------------------------------------------
================================================================================
tomcat-native-1.1.33-1.el7 (FEDORA-EPEL-2015-8078)
Tomcat native library
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.33
--------------------------------------------------------------------------------
================================================================================
weechat-1.3-1.el7 (FEDORA-EPEL-2015-8077)
Portable, fast, light and extensible IRC client
--------------------------------------------------------------------------------
Update Information:
weechat-1.3-1.fc23 - new upstream version (#1254000) weechat-1.3-1.el7 -
new upstream version (#1254000) weechat-1.3-1.fc22 - new upstream version
(#1254000) weechat-1.3-1.fc21 - new upstream version (#1254000)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1254000 - weechat-1.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1254000
--------------------------------------------------------------------------------
================================================================================
wordpress-4.3.1-1.el7 (FEDORA-EPEL-2015-8100)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.3.1 Security and Maintenance Release** [Upstream
announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress
4.3.1 is now available. This is a security release for all previous versions and
we strongly encourage you to update your sites immediately. This release
addresses three issues, including two cross-site scripting vulnerabilities and a
potential privilege escalation. * WordPress versions 4.3 and earlier are
vulnerable to a cross-site scripting vulnerability when processing shortcode
tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *
A separate cross-site scripting vulnerability was found in the user list table.
Reported by Ben Bidner of the WordPress security team. * Finally, in certain
cases, users without proper permissions could publish private posts and make
them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check
Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see
the [release notes](https://codex.wordpress.org/Version_4.3.1) or consult the
[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st
op_rev=33647).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1
https://bugzilla.redhat.com/show_bug.cgi?id=1263657
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list