The following Fedora EPEL 7 Security updates need testing: Age URL 551 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 313 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 76 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e0c08a1414 php-PHPMailer-5.2.16-2.el7 32 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 30 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-4b8dd3488d knot-1.6.8-1.el7 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-62fd4a9900 phpMyAdmin-4.4.15.8-2.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c1dbac22db elog-3.1.1-7.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2a2061ee5f php-adodb-5.15-10.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7e2d0ee701 wordpress-4.6.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-12c4b7b928 php-horde-Horde-Core-2.26.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c7c4c1e885 php-horde-Horde-Mime-Viewer-2.2.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-175e2d3d7c php-horde-Horde-Text-Filter-2.3.5-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f71c0650c3 php-horde-horde-5.2.12-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-77f23b948f GraphicsMagick-1.3.25-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0e40142bd3 pdns-3.4.10-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6d70ae9a57 chromium-53.0.2785.101-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing am-utils-6.2.0-20.el7 chromium-53.0.2785.101-1.el7 gitolite3-3.6.6-1.el7 kbibtex-0.6-4.el7 pdns-3.4.10-1.el7 perl-MCE-1.805-1.el7 php-ircmaxell-random-lib-1.2.0-1.el7 python-arrow-0.8.0-3.el7 python-fmn-rules-0.9.1-1.el7 python-pyvmomi-6.0.0.2016.6-1.el7 python3-dateutil-2.4.2-3.el7 Details about builds: ================================================================================ am-utils-6.2.0-20.el7 (FEDORA-EPEL-2016-8bddd3a8a4) Automount utilities including an updated version of Amd -------------------------------------------------------------------------------- Update Information: - sync with updtream git and add a couple of bug fixes. -------------------------------------------------------------------------------- ================================================================================ chromium-53.0.2785.101-1.el7 (FEDORA-EPEL-2016-6d70ae9a57) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Stable update to 53.0.2785.101. Security fix for CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160, CVE-2016-5167 Also applies fix for chrome-remote-desktop where HOME env variable was not properly set via systemd service. ---- Remove fedora only Requires, use bundled harfbuzz because el7 system lib is too old. ---- Disabled hidpi option in Chromium. Cleanup widevine handling so that third party addon package can exist. Add Requires(post) for selinux deps. Fix provides/requires to not include private libs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1372229 - CVE-2016-5167 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1372229 [ 2 ] Bug #1372228 - CVE-2016-5160 chromium-browser: extensions web accessible resources bypass https://bugzilla.redhat.com/show_bug.cgi?id=1372228 [ 3 ] Bug #1372227 - CVE-2016-5166 chromium-browser: smb relay attack via save page as https://bugzilla.redhat.com/show_bug.cgi?id=1372227 [ 4 ] Bug #1372225 - CVE-2016-5165 chromium-browser: script injection in devtools https://bugzilla.redhat.com/show_bug.cgi?id=1372225 [ 5 ] Bug #1372224 - CVE-2016-5164 chromium-browser: universal xss using devtools https://bugzilla.redhat.com/show_bug.cgi?id=1372224 [ 6 ] Bug #1372223 - CVE-2016-5163 chromium-browser: address bar spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1372223 [ 7 ] Bug #1372222 - CVE-2016-5162 chromium-browser: extensions web accessible resources bypass https://bugzilla.redhat.com/show_bug.cgi?id=1372222 [ 8 ] Bug #1372221 - CVE-2016-5161 chromium-browser: type confusion in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372221 [ 9 ] Bug #1372220 - CVE-2016-5159 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372220 [ 10 ] Bug #1372219 - CVE-2016-5158 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372219 [ 11 ] Bug #1372218 - CVE-2016-5157 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372218 [ 12 ] Bug #1372217 - CVE-2016-5156 chromium-browser: use after free in event bindings https://bugzilla.redhat.com/show_bug.cgi?id=1372217 [ 13 ] Bug #1372216 - CVE-2016-5155 chromium-browser: address bar spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1372216 [ 14 ] Bug #1372215 - CVE-2016-5154 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372215 [ 15 ] Bug #1372214 - CVE-2016-5153 chromium-browser: use after destruction in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372214 [ 16 ] Bug #1372213 - CVE-2016-5152 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372213 [ 17 ] Bug #1372212 - CVE-2016-5151 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372212 [ 18 ] Bug #1372210 - CVE-2016-5150 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372210 [ 19 ] Bug #1372209 - CVE-2016-5149 chromium-browser: script injection in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1372209 [ 20 ] Bug #1372208 - CVE-2016-5148 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372208 [ 21 ] Bug #1372207 - CVE-2016-5147 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372207 -------------------------------------------------------------------------------- ================================================================================ gitolite3-3.6.6-1.el7 (FEDORA-EPEL-2016-6360cc4342) Highly flexible server for git directory version tracker -------------------------------------------------------------------------------- Update Information: 3.6.6 -------------------------------------------------------------------------------- ================================================================================ kbibtex-0.6-4.el7 (FEDORA-EPEL-2016-3002eb68d2) A BibTeX editor for KDE -------------------------------------------------------------------------------- Update Information: Update to 0.6. Build with poppler 0.26.5. -------------------------------------------------------------------------------- ================================================================================ pdns-3.4.10-1.el7 (FEDORA-EPEL-2016-0e40142bd3) A modern, advanced and high performance authoritative-only nameserver -------------------------------------------------------------------------------- Update Information: - Update to 3.4.10 - CVE-2016-5426, CVE-2016-5427 Security advisory: https://docs.powerdns.com/md/security/powerdns-advisory-2016-01/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1374719 - CVE-2016-5426, CVE-2016-5427 pdns https://bugzilla.redhat.com/show_bug.cgi?id=1374719 -------------------------------------------------------------------------------- ================================================================================ perl-MCE-1.805-1.el7 (FEDORA-EPEL-2016-f256b77852) Many-core Engine for Perl providing parallel processing capabilities -------------------------------------------------------------------------------- Update Information: Current upstream release, containing many enhancements and bug-fixes over 1.6x but retaining compatibility with it. Update to 1.8x series recommended by upstream for stability reasons. -------------------------------------------------------------------------------- ================================================================================ php-ircmaxell-random-lib-1.2.0-1.el7 (FEDORA-EPEL-2016-6b9093de70) A Library For Generating Secure Random Numbers -------------------------------------------------------------------------------- Update Information: Bugfix release. -------------------------------------------------------------------------------- ================================================================================ python-arrow-0.8.0-3.el7 (FEDORA-EPEL-2016-acd7c86957) Better dates and times for Python -------------------------------------------------------------------------------- Update Information: A python34 rpm for EPEL7. -------------------------------------------------------------------------------- ================================================================================ python-fmn-rules-0.9.1-1.el7 (FEDORA-EPEL-2016-4be6c1d91a) Message processing rules for Fedora Notifications -------------------------------------------------------------------------------- Update Information: Update to 0.9.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1374536 - python-fmn-rules-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1374536 -------------------------------------------------------------------------------- ================================================================================ python-pyvmomi-6.0.0.2016.6-1.el7 (FEDORA-EPEL-2016-51739f0007) VMware vSphere Python SDK -------------------------------------------------------------------------------- Update Information: Version 6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1374086 - Please update https://bugzilla.redhat.com/show_bug.cgi?id=1374086 -------------------------------------------------------------------------------- ================================================================================ python3-dateutil-2.4.2-3.el7 (FEDORA-EPEL-2016-6ec9b3631f) Powerful extensions to the standard datetime module -------------------------------------------------------------------------------- Update Information: Bring this back for python34 in epel7. -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
