The following Fedora EPEL 7 Security updates need testing: Age URL 610 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 372 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 90 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 74 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-03fb3c1531 banshee-2.6.2-11.el7 dbus-sharp-0.7.0-15.el7 dbus-sharp-glib-0.5.0-13.el7 gdata-sharp-1.4.0.2-18.el7 gio-sharp-0.3-14.el7 gkeyfile-sharp-0.1-19.el7 gnome-sharp-2.24.2-12.el7 gtk-sharp-beans-2.14.0-17.el7 gtk-sharp2-2.12.26-3.el7 gtk-sharp3-2.99.3-16.el7 gudev-sharp-0.1-18.el7 libappindicator-12.10.0-11.el7 libgpod-0.8.3-14.el7 libyui-bindings-1.1.0-7.el7 mono-4.2.4-7.el7 mono-addins-1.1-3.el7 mono-cecil-0.9.6-6.el7 mono-zeroconf-0.9.0-16.el7 notify-sharp-0.4.0-0.26.20100411svn.el7 notify-sharp3-3.0.3-2.el7 nunit-3.5-1.el7 nunit2-2.6.4-14.el7 pinta-1.6-5.el7 taglib-sharp-2.1.0.0-3.el7 17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6 compat-guile18-1.8.8-14.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-181efcf9c4 tre-0.8.0-18.20140228gitc2f5d13.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e26faf9489 python-simplejson-3.5.3-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2fcbc39837 chromium-54.0.2840.90-3.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing chromium-54.0.2840.90-3.el7 php-horde-Horde-Core-2.27.2-1.el7 php-horde-Horde-Service-Weather-2.5.0-1.el7 pidgin-groupchat-typing-notifications-0-2.git33a75f9.el7 prosody-0.9.11-1.el7 python-ase-3.12.0-21.el7 python-epdb-0.15-1.el7 python-pytg-0.4.10-3.el7 suricata-3.1.3-1.el7 Details about builds: ================================================================================ chromium-54.0.2840.90-3.el7 (FEDORA-EPEL-2016-2fcbc39837) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5189, CVE-2016-5186, CVE-2016-5191, CVE-2016-5190, CVE-2016-5193, CVE-2016-5194 Security fix for CVE-2016-5198 Update to new stable, 54.0.2840.90. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384365 - CVE-2016-5194 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1384365 [ 2 ] Bug #1384364 - CVE-2016-5193 chromium-browser: scheme bypass https://bugzilla.redhat.com/show_bug.cgi?id=1384364 [ 3 ] Bug #1384362 - CVE-2016-5190 chromium-browser: use after free in internals https://bugzilla.redhat.com/show_bug.cgi?id=1384362 [ 4 ] Bug #1384361 - CVE-2016-5191 chromium-browser: universal xss in bookmarks https://bugzilla.redhat.com/show_bug.cgi?id=1384361 [ 5 ] Bug #1384360 - CVE-2016-5186 chromium-browser: out of bounds read in devtools https://bugzilla.redhat.com/show_bug.cgi?id=1384360 [ 6 ] Bug #1384358 - CVE-2016-5189 chromium-browser: url spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1384358 [ 7 ] Bug #1384357 - CVE-2016-5192 chromium-browser: cross-origin bypass in blink https://bugzilla.redhat.com/show_bug.cgi?id=1384357 [ 8 ] Bug #1384355 - CVE-2016-5188 chromium-browser: ui spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1384355 [ 9 ] Bug #1384354 - CVE-2016-5187 chromium-browser: url spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1384354 [ 10 ] Bug #1384352 - CVE-2016-5185 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1384352 [ 11 ] Bug #1384350 - CVE-2016-5184 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1384350 [ 12 ] Bug #1384349 - CVE-2016-5183 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1384349 [ 13 ] Bug #1384348 - CVE-2016-5182 chromium-browser: heap overflow in blink https://bugzilla.redhat.com/show_bug.cgi?id=1384348 [ 14 ] Bug #1384347 - CVE-2016-5181 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1384347 [ 15 ] Bug #1391356 - CVE-2016-5198 chromium-browser: out of bounds memory access in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1391356 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Core-2.27.2-1.el7 (FEDORA-EPEL-2016-8bf75551d3) Horde Core Framework libraries -------------------------------------------------------------------------------- Update Information: **Horde_Core 2.27.2** * [mjr] Prevent building invalid HTML when building an email from a SMART_REPLY (Bug #14500). ---- **Horde_Core 2.27.1** * [jan] Allow administrators to log in if preference backend is not available. * [mjr] Log message headers on error when sending email via ActiveSync. * [jan] Fix warning if an old locale is longer than 255 characters (Bug #14489). * [jan] Fix abbreviated Norwegian month names in JavaScript to include trailing dot (Bug #14488). * [jan] Fix reading session data from the command line with PHP 7. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Service-Weather-2.5.0-1.el7 (FEDORA-EPEL-2016-6ac96ee499) Horde Weather Provider -------------------------------------------------------------------------------- Update Information: **Horde_Service_Weather 2.5.0** * [mjr] Replace defunct data source for surface station data (Bug #14502). ---- ** Horde_Service_Weather 2.4.1** * [jan] Update location of METAR stations. -------------------------------------------------------------------------------- ================================================================================ pidgin-groupchat-typing-notifications-0-2.git33a75f9.el7 (FEDORA-EPEL-2016-33073b2523) Adds typing notifications for group chats in Pidgin -------------------------------------------------------------------------------- Update Information: Initial upload. -------------------------------------------------------------------------------- ================================================================================ prosody-0.9.11-1.el7 (FEDORA-EPEL-2016-efbe2e6951) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Prosody 0.9.11 ============== A summary of changes in this release: * HTTP parser: Improve buffering of incoming HTTP data and add size limits (#603) * sessionmanager: Fix for an issue which caused people to be kicked from conferences if mod_smacks was enabled (#648) * Dependencies: Workaround for compatibility with LuaSec 0.6 (#749) * MUC: Accept missing form as "instant room" request (#377) * C2S: Fix issues with destroying disconnected connections (#590, #641) * mod_privacy: Fix selection of the top resource(s) (#694) * mod_presence: Make sure both users get each others presence after adding each other (#673) * mod_http_files: Fix traceback when serving a non- wildcard path (#611) * mod_http_files: Preserve a trailing slash in paths (#639) * util.datamanager: Fix error handling (#632) * net.server_event: Fix internal socket API to allow writing from socket.ondrain callback (#661) * net.server_event: Fix timeout (commit) * net.server_event: Fix traceback due to write during TLS handshake (commit) * net.server_event: Fix buffer length check (commit) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1391802 - prosody-0.9.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1391802 -------------------------------------------------------------------------------- ================================================================================ python-ase-3.12.0-21.el7 (FEDORA-EPEL-2016-2f2ccf14db) Atomic Simulation Environment -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ python-epdb-0.15-1.el7 (FEDORA-EPEL-2016-5e871cdf9f) Extended Python debugger -------------------------------------------------------------------------------- Update Information: Update to 0.15 -------------------------------------------------------------------------------- ================================================================================ python-pytg-0.4.10-3.el7 (FEDORA-EPEL-2016-952ce47753) Python package that communicates with the Telegram CLI -------------------------------------------------------------------------------- Update Information: - Exclude ppc64 s390x for dependence -------------------------------------------------------------------------------- ================================================================================ suricata-3.1.3-1.el7 (FEDORA-EPEL-2016-4d9f018c45) Intrusion Detection System -------------------------------------------------------------------------------- Update Information: This release improves DNS logging accuracy. Other than that it is mostly a collection of smaller fixes. -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
