The following Fedora EPEL 7 Security updates need testing: Age URL 673 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 435 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 154 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 138 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 80 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6 compat-guile18-1.8.8-14.el7 17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b2e637ff5a python-wikitcms-2.1.10-1.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0fa3a954b0 borgbackup-1.0.9-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bb32162e83 php-swiftmailer-5.4.5-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92129d651d exim-4.88-2.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-770d2afc7d mingw-flac-1.3.2-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fbb2447c6e php-PHPMailer-5.2.22-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-80cfb13391 moodle-3.2.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d29bf8e34 php-ZendFramework2-2.4.11-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing ansible-review-0.13.0-2.el7 bitlbee-3.5-1.el7 collectd-5.7.0-1.el7 cowsay-3.04-4.el7 golang-github-onsi-ginkgo-1.1.0-11.el7 golang-github-onsi-gomega-1.0-0.1.git2152b45.el7 moodle-3.2.1-1.el7 ocserv-0.11.6-4.el7 perl-Number-Bytes-Human-0.11-1.el7 php-PHPMailer-5.2.22-1.el7 php-ZendFramework2-2.4.11-1.el7 php-tcpdf-6.2.13-1.el7 python-productmd-1.4-1.el7 stoken-0.91-1.el7 Details about builds: ================================================================================ ansible-review-0.13.0-2.el7 (FEDORA-EPEL-2017-725e09e9a9) Reviews Ansible playbooks, roles and inventory and suggests improvements -------------------------------------------------------------------------------- Update Information: RHBZ#1410896: depend on python-flake8 ---- upstream release 0.13.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1410896 - ansible-review doesn't work, unless I manually install python2-flake8 https://bugzilla.redhat.com/show_bug.cgi?id=1410896 [ 2 ] Bug #1405253 - ansible-review-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1405253 -------------------------------------------------------------------------------- ================================================================================ bitlbee-3.5-1.el7 (FEDORA-EPEL-2017-af619b306b) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information: Update to the latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411171 - bitlbee-3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1411171 -------------------------------------------------------------------------------- ================================================================================ collectd-5.7.0-1.el7 (FEDORA-EPEL-2017-a024a859e3) Statistics collection daemon for filling RRD files -------------------------------------------------------------------------------- Update Information: Update to 5.7.0. Fixes bug #1410193 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1410193 - write_http plugin broken on collect 5.6.0/5.6.1, fixed in 5.6.2 https://bugzilla.redhat.com/show_bug.cgi?id=1410193 -------------------------------------------------------------------------------- ================================================================================ cowsay-3.04-4.el7 (FEDORA-EPEL-2017-c9ddd271bc) Configurable speaking/thinking cow -------------------------------------------------------------------------------- Update Information: Require perl-Encode -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411168 - Missing dependency perl-Encode for cowsay package https://bugzilla.redhat.com/show_bug.cgi?id=1411168 -------------------------------------------------------------------------------- ================================================================================ golang-github-onsi-ginkgo-1.1.0-11.el7 (FEDORA-EPEL-2017-d205e9dda2) A Golang BDD Testing Framework -------------------------------------------------------------------------------- Update Information: Add missing Provides ---- Bump to upstream 7f8ab55aaf3b86885aa55b762e803744d1674700 ---- Polish spec file, enable devel and unit-test for epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214619 - Tracker for golang-github-onsi-ginkgo https://bugzilla.redhat.com/show_bug.cgi?id=1214619 -------------------------------------------------------------------------------- ================================================================================ golang-github-onsi-gomega-1.0-0.1.git2152b45.el7 (FEDORA-EPEL-2017-8b92aa8270) Ginkgo's Preferred Matcher Library -------------------------------------------------------------------------------- Update Information: Bump to upstream 2152b45fa28a361beba9aab0885972323a444e28 ---- Polish spec file, enable devel and unit-test for epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248013 - Tracker for golang-github-onsi-gomega https://bugzilla.redhat.com/show_bug.cgi?id=1248013 -------------------------------------------------------------------------------- ================================================================================ moodle-3.2.1-1.el7 (FEDORA-EPEL-2017-80cfb13391) A Course Management System -------------------------------------------------------------------------------- Update Information: 3.2.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406545 - file upload in courses broken in 3.1.3 https://bugzilla.redhat.com/show_bug.cgi?id=1406545 [ 2 ] Bug #1287978 - Please release 3.0 https://bugzilla.redhat.com/show_bug.cgi?id=1287978 [ 3 ] Bug #1390195 - CVE-2016-7919 moodle: Information disclosure in the Administration panel function [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1390195 -------------------------------------------------------------------------------- ================================================================================ ocserv-0.11.6-4.el7 (FEDORA-EPEL-2017-63c298b073) OpenConnect SSL VPN server -------------------------------------------------------------------------------- Update Information: Reverted the libnl3 removal; the actual issue is compatibility with -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411021 - http-parser update breaks ocserv https://bugzilla.redhat.com/show_bug.cgi?id=1411021 -------------------------------------------------------------------------------- ================================================================================ perl-Number-Bytes-Human-0.11-1.el7 (FEDORA-EPEL-2017-07220aab98) Convert byte count to human readable format -------------------------------------------------------------------------------- Update Information: Updte to latest upstream release 0.11 (rhbz#1411308) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411308 - perl-Number-Bytes-Human-0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1411308 -------------------------------------------------------------------------------- ================================================================================ php-PHPMailer-5.2.22-1.el7 (FEDORA-EPEL-2017-fbb2447c6e) PHP email transport class with a lot of features -------------------------------------------------------------------------------- Update Information: **Version 5.2.22** (January 5th 2017) * **SECURITY** Fix [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223), local file disclosure vulnerability if content passed to `msgHTML()` is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to `msgHTML()` without a `$basedir` will not import images with relative URLs, and relative URLs containing `..` will be ignored. * Add simple contact form example * Emoji in test content ---- **Version 5.2.21** (December 28th 2016) * Fix missed number update in version file - no functional changes ---- **Version 5.2.20** (December 28th 2016) * **SECURITY** Critical security update for CVE-2016-10045 please update now! Thanks to [Dawid Golunski](https://legalhackers.com) and Paul Buonopane (Zenexer). ---- ** Version 5.2.19** (December 26th 2016) * Minor cleanup ---- ** Version 5.2.18** (December 24th 2016) * **SECURITY** Critical security update for CVE-2016-10033 please update now! Thanks to [Dawid Golunski](https://legalhackers.com). * Add ability to extract the SMTP transaction ID from some common SMTP success messages * Minor documentation tweaks ---- ** Version 5.2.17** (December 9th 2016) * This is officially the last feature release of 5.2. Security fixes only from now on; use PHPMailer 6.0! * Allow DKIM private key to be provided as a string * Provide mechanism to allow overriding of boundary and message ID creation * Improve Brazilian Portuguese, Spanish, Swedish, Romanian, and German translations * PHP 7.1 support for Travis-CI * Fix some language codes * Add security notices * Improve DKIM compatibility in older PHP versions * Improve trapping and capture of SMTP connection errors * Improve passthrough of error levels for debug output * PHPDoc cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409489 - CVE-2016-10033 phpmailer: Parameter injection via mail() function https://bugzilla.redhat.com/show_bug.cgi?id=1409489 -------------------------------------------------------------------------------- ================================================================================ php-ZendFramework2-2.4.11-1.el7 (FEDORA-EPEL-2017-3d29bf8e34) Zend Framework 2 -------------------------------------------------------------------------------- Update Information: Fixes [ZF2016-04](https://framework.zend.com/security/advisory/ZF2016-04) / [CVE-2016-10034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10034) vulnerability -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409591 - CVE-2016-10034 php-zendframework: Parameter injection in setFrom() function https://bugzilla.redhat.com/show_bug.cgi?id=1409591 -------------------------------------------------------------------------------- ================================================================================ php-tcpdf-6.2.13-1.el7 (FEDORA-EPEL-2017-6abc8bcafa) PHP class for generating PDF documents and barcodes -------------------------------------------------------------------------------- Update Information: Add a simple classmap autoloader. -------------------------------------------------------------------------------- ================================================================================ python-productmd-1.4-1.el7 (FEDORA-EPEL-2017-1caec80253) Library providing parsers for metadata related to OS installation -------------------------------------------------------------------------------- Update Information: * Fixes working with legacy metadata files. * Miscelaneous bug fixes. * Fixed Python 3 compatibility -------------------------------------------------------------------------------- ================================================================================ stoken-0.91-1.el7 (FEDORA-EPEL-2017-5001c5d418) Token code generator compatible with RSA SecurID 128-bit (AES) token -------------------------------------------------------------------------------- Update Information: Small bug fixes. -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
