The following Fedora EPEL 7 Security updates need testing: Age URL 515 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 277 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 40 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e0c08a1414 php-PHPMailer-5.2.16-2.el7 17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6eebbe7e97 p7zip-16.02-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-76bb0cb040 php-doctrine-common-2.5.3-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d6a70b113f collectd-5.5.2-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-42ecf5c111 v8-3.14.5.10-25.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ac6030a9e9 cryptopp-5.6.2-10.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c4204e07c1 nodejs-0.10.46-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-cfff493617 lighttpd-1.4.41-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing gnudos-1.9-1.el7 lxqt-wallet-3.0.0-1.el7 mate-session-manager-1.14.0-2.el7 mozilla-noscript-2.9.0.13-1.el7 nwipe-0.18-1.el7 pagure-2.3.4-1.el7 php-league-flysystem-1.0.26-1.el7 Details about builds: ================================================================================ gnudos-1.9-1.el7 (FEDORA-EPEL-2016-04e9f16421) The GnuDOS library for GNU/Linux -------------------------------------------------------------------------------- Update Information: Bug fixes -------------------------------------------------------------------------------- ================================================================================ lxqt-wallet-3.0.0-1.el7 (FEDORA-EPEL-2016-f08257b92c) Create a kwallet like functionality for LXQt -------------------------------------------------------------------------------- Update Information: initial package, rhbz#1356657 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1356657 - Review Request: lxqt-wallet - Create a kwallet like functionality for LXQt https://bugzilla.redhat.com/show_bug.cgi?id=1356657 [ 2 ] Bug #1362317 - lxqt-wallet-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1362317 -------------------------------------------------------------------------------- ================================================================================ mate-session-manager-1.14.0-2.el7 (FEDORA-EPEL-2016-337d7baaeb) MATE Desktop session manager -------------------------------------------------------------------------------- Update Information: do not spam logs during session ending -------------------------------------------------------------------------------- References: [ 1 ] Bug #1354191 - Logout mate session throws Gtk-CRITICAL error in journal https://bugzilla.redhat.com/show_bug.cgi?id=1354191 -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-2.9.0.13-1.el7 (FEDORA-EPEL-2016-e8355dcace) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: * Added missing "s" in noscript.mandatory/about:feeds * Updated DNT implementation to match the most recent spec about navigator.doNotTrack values (thanks Francois Merier) * [XSS] Better compatibility with Unionbank's website (thanks Brent for reporting) * Fixed bug 1278735 (JavaScript disabled in private windows) * Fixed JSON viewer not working * about:feed in the mandatory whitelist to fix bug 1272139 * [XSS] Disable JavaScript on FTP-served pages when a potential DOM XSS threat is detected (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed DOS through script-triggered ClickToPlay confirmation dialogs in a loop (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed placeholder links might be potentially used as XSS vectors if stars were properly aligned (thanks Emanuel Bronshtein @e3amn2l for reporting) * [Surrogate] Updated google- analytics.com replacement (thanks noscriptsplox) * [XSS] Fixed regression (thanks Masato Kinugawa for report) * [XSS] Fixed infrastructure issue preventing one filter from being automatically synchronized with Mozilla's source code as designed (thanks .mario and Maxim Rupp for reporting) * [XSS] Added filtering for a potential CSRF vector (thanks Masato Kinugawa for reporting) * Fixed placeholder activation in Gecko 45 and above * [XSS] Compatibility exception for the Printfriendly add-on * Removed msn.com from the default whitelist, since it seems to be unable to support HTTPS consistently * Fixed incompatibility with Firefox below version 38 * Tentative fix for an issue with explicit ports in HTTPS upgraded URLs * [HTTPS] Removed legacy redirection methods when redirectTo() is available in HTTP channels, fixing YouTube embedding problem * Replaced newChannel() with newChannel2() on Gecko 48 * [HTTPS] Limit httpsDefWhitelist effect to document loads * [XSS] Reduced eval aliasing checks false positives -------------------------------------------------------------------------------- References: [ 1 ] Bug #1362319 - mozilla-noscript-2.9.0.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1362319 -------------------------------------------------------------------------------- ================================================================================ nwipe-0.18-1.el7 (FEDORA-EPEL-2016-f44f42b44c) Securely erase disks using a variety of recognized methods -------------------------------------------------------------------------------- Update Information: Update to 0.18 upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1360763 - nwipe-0.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1360763 -------------------------------------------------------------------------------- ================================================================================ pagure-2.3.4-1.el7 (FEDORA-EPEL-2016-88fbf35cb9) A git-centered forge -------------------------------------------------------------------------------- Update Information: CVE-2016-1000037 plus some new features -------------------------------------------------------------------------------- ================================================================================ php-league-flysystem-1.0.26-1.el7 (FEDORA-EPEL-2016-35b71627af) Filesystem abstraction: Many filesystems, one API -------------------------------------------------------------------------------- Update Information: **Version 1.0.26** - 2016-08-03 * [Filesystem] Added an option to disable asserts. -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
