The following Fedora EPEL 7 Security updates need testing: Age URL 800 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 563 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 145 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 41 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4 tnef-1.4.14-1.el7 40 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e2fae7fb04 squirrelmail-1.4.22-16.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f057518fbd proftpd-1.3.5e-2.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9250b82d1c php-horde-ingo-3.2.15-1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-828e5e0986 lynis-2.5.0-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bb8576affa radicale-1.1.2-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-650d7b9356 python-fedora-0.9.0-1.el7 python-openidc-client-0-3.20170327git5456800.el7 bodhi-2.6.2-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2acdfa3ad8 struts-1.3.10-14.1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6acdeb07a7 chicken-4.12.0-2.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c97810a9a7 jbig2dec-0.12-4.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4269265615 menu-cache-1.0.1-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-692b72b3c9 chromium-58.0.3029.110-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a9209fb240 wordpress-4.7.5-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing certbot-0.14.1-2.el7 chromium-58.0.3029.110-2.el7 clinfo-2.1.17.02.09-1.el7 jboss-jacc-1.5-api-1.0.0-7.el7 jboss-jaxb-2.2-api-1.0.4-14.el7 layla-fonts-2.0-1.el7 lightdm-autologin-greeter-1.0-1.el7 petsc-3.7.6-3.el7 php-justinrainbow-json-schema5-5.2.1-1.el7 piglit-1.0.20170515-4.GITa969d23f.el7 python-acme-0.14.1-1.el7 python-certbot-apache-0.14.1-1.el7 root-6.08.06-7.el7 sedutil-1.12-4.el7 spec-version-maven-plugin-1.2-9.el7 wordpress-4.7.5-1.el7 xpa-2.1.18-1.el7 Details about builds: ================================================================================ certbot-0.14.1-2.el7 (FEDORA-EPEL-2017-acdfbe8cfa) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information: * Update to 0.14.1 * Tweaks to the renew timer (bz#1444814 bz#1441846) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441846 - Improvements to timer randomization https://bugzilla.redhat.com/show_bug.cgi?id=1441846 [ 2 ] Bug #1448431 - python-certbot-apache-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448431 [ 3 ] Bug #1448423 - python-acme-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448423 [ 4 ] Bug #1444814 - certbot: error: argument --pre-hook: expected one argument https://bugzilla.redhat.com/show_bug.cgi?id=1444814 [ 5 ] Bug #1448430 - certbot-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448430 -------------------------------------------------------------------------------- ================================================================================ chromium-58.0.3029.110-2.el7 (FEDORA-EPEL-2017-692b72b3c9) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443850 - CVE-2017-5069 chromium-browser: cross-origin bypass in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443850 [ 2 ] Bug #1443849 - CVE-2017-5067 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1443849 [ 3 ] Bug #1443848 - CVE-2017-5066 chromium-browser: incorrect signature handing in networking https://bugzilla.redhat.com/show_bug.cgi?id=1443848 [ 4 ] Bug #1443847 - CVE-2017-5065 chromium-browser: incorrect ui in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443847 [ 5 ] Bug #1443845 - CVE-2017-5064 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443845 [ 6 ] Bug #1443841 - CVE-2017-5063 chromium-browser: heap overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1443841 [ 7 ] Bug #1443840 - CVE-2017-5062 chromium-browser: use after free in chrome apps https://bugzilla.redhat.com/show_bug.cgi?id=1443840 [ 8 ] Bug #1443839 - CVE-2017-5061 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1443839 [ 9 ] Bug #1443838 - CVE-2017-5060 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1443838 [ 10 ] Bug #1443837 - CVE-2017-5059 chromium-browser: type confusion in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443837 [ 11 ] Bug #1443836 - CVE-2017-5058 chromium-browser: heap use after free in print preview https://bugzilla.redhat.com/show_bug.cgi?id=1443836 [ 12 ] Bug #1443835 - CVE-2017-5057 chromium-browser: type confusion in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1443835 [ 13 ] Bug #1448031 - CVE-2017-5068 chromium-browser: race condition in webrtc https://bugzilla.redhat.com/show_bug.cgi?id=1448031 -------------------------------------------------------------------------------- ================================================================================ clinfo-2.1.17.02.09-1.el7 (FEDORA-EPEL-2017-24bc2e0645) Enumerate OpenCL platforms and devices -------------------------------------------------------------------------------- Update Information: New build of the package in the newly created branch. -------------------------------------------------------------------------------- ================================================================================ jboss-jacc-1.5-api-1.0.0-7.el7 (FEDORA-EPEL-2017-0484b8c3a3) JACC 1.5 API (JSR-115) -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ jboss-jaxb-2.2-api-1.0.4-14.el7 (FEDORA-EPEL-2017-85f375b70f) Java Architecture for XML Binding 2.2 -------------------------------------------------------------------------------- Update Information: fix FTBFS -------------------------------------------------------------------------------- ================================================================================ layla-fonts-2.0-1.el7 (FEDORA-EPEL-2017-11da7bd396) A collection of traditional Arabic fonts -------------------------------------------------------------------------------- Update Information: - Fixed fonts. They work on MacOS now - Changed Latin letters and numbers -------------------------------------------------------------------------------- ================================================================================ lightdm-autologin-greeter-1.0-1.el7 (FEDORA-EPEL-2017-ef27585979) Autologin greeter using LightDM -------------------------------------------------------------------------------- Update Information: Initial import -------------------------------------------------------------------------------- References: [ 1 ] Bug #1451134 - Review Request: lightdm-autologin-greeter - Autologin greeter using LightDM https://bugzilla.redhat.com/show_bug.cgi?id=1451134 -------------------------------------------------------------------------------- ================================================================================ petsc-3.7.6-3.el7 (FEDORA-EPEL-2017-f2fdec614e) Portable Extensible Toolkit for Scientific Computation -------------------------------------------------------------------------------- Update Information: - Update to 3.7.6 - Install petscvariables/petscrules - Install pkgconfig files -------------------------------------------------------------------------------- ================================================================================ php-justinrainbow-json-schema5-5.2.1-1.el7 (FEDORA-EPEL-2017-a67b399334) A library to validate a json schema -------------------------------------------------------------------------------- Update Information: **Version 5.2.1** * fix #353 Validation of JSON-Schema * fix #405 fix bug when applying defaults * fix #408 SchemaStorage::addSchema() should call BaseConsstraint::arrayToObjectRecursive() on the provide schemas * fix #409 [BUGFIX] Cast empty schema arrays to object * fix #411 [BUGFIX] Split $objectDefinition into $schema and $properties * fix #415 Issue-414: Allow The Option of T or space for Date time. * fix #416 Testcase for minProperties with properties defined + Fix Test * fix #419 [BUGFIX] Split "uri" format into "uri" & "uri-reference", fix meta-schema bug * fix #421 [BUGFIX] Tweak phpdocumentor dependency to avoid install conflicts -------------------------------------------------------------------------------- ================================================================================ piglit-1.0.20170515-4.GITa969d23f.el7 (FEDORA-EPEL-2017-d1c6009b42) Collection of automated tests for OpenGL implementations -------------------------------------------------------------------------------- Update Information: Update to the latest upstream to test Vulcan cards -------------------------------------------------------------------------------- ================================================================================ python-acme-0.14.1-1.el7 (FEDORA-EPEL-2017-acdfbe8cfa) Python library for the ACME protocol -------------------------------------------------------------------------------- Update Information: * Update to 0.14.1 * Tweaks to the renew timer (bz#1444814 bz#1441846) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441846 - Improvements to timer randomization https://bugzilla.redhat.com/show_bug.cgi?id=1441846 [ 2 ] Bug #1448431 - python-certbot-apache-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448431 [ 3 ] Bug #1448423 - python-acme-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448423 [ 4 ] Bug #1444814 - certbot: error: argument --pre-hook: expected one argument https://bugzilla.redhat.com/show_bug.cgi?id=1444814 [ 5 ] Bug #1448430 - certbot-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448430 -------------------------------------------------------------------------------- ================================================================================ python-certbot-apache-0.14.1-1.el7 (FEDORA-EPEL-2017-acdfbe8cfa) The apache plugin for certbot -------------------------------------------------------------------------------- Update Information: * Update to 0.14.1 * Tweaks to the renew timer (bz#1444814 bz#1441846) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441846 - Improvements to timer randomization https://bugzilla.redhat.com/show_bug.cgi?id=1441846 [ 2 ] Bug #1448431 - python-certbot-apache-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448431 [ 3 ] Bug #1448423 - python-acme-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448423 [ 4 ] Bug #1444814 - certbot: error: argument --pre-hook: expected one argument https://bugzilla.redhat.com/show_bug.cgi?id=1444814 [ 5 ] Bug #1448430 - certbot-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448430 -------------------------------------------------------------------------------- ================================================================================ root-6.08.06-7.el7 (FEDORA-EPEL-2017-1544bb535d) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: Backport python 3 compatibility fixes from upstream. Fix for macro scope issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437135 - Upstream Bug in python3-jupyroot https://bugzilla.redhat.com/show_bug.cgi?id=1437135 [ 2 ] Bug #1448289 - variables declared in gROOT->Macro lost from scope https://bugzilla.redhat.com/show_bug.cgi?id=1448289 [ 3 ] Bug #1451362 - CMake config refers to the wrong libJupyROOT.so https://bugzilla.redhat.com/show_bug.cgi?id=1451362 -------------------------------------------------------------------------------- ================================================================================ sedutil-1.12-4.el7 (FEDORA-EPEL-2017-d63e5b3caf) Tools to manage the activation and use of self encrypting drives -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- ================================================================================ spec-version-maven-plugin-1.2-9.el7 (FEDORA-EPEL-2017-482698ccc4) Spec Version Maven Plugin -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ wordpress-4.7.5-1.el7 (FEDORA-EPEL-2017-a9209fb240) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.7.5** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: * Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. * Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas. * Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. * A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. * A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing. * A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team. Thank you to the reporters of these issues for practicing responsible disclosure. In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the [release notes](https://codex.wordpress.org/Version_4.7.5) or consult the [list of changes](https://core.trac.wordpress.org/query?status=cl osed&milestone=4.7.5&group=component&col=id&col=summary&col=component&col=status &col=owner&col=type&col=priority&col=keywords&order=priority). -------------------------------------------------------------------------------- ================================================================================ xpa-2.1.18-1.el7 (FEDORA-EPEL-2017-c7112c6e96) The X Public Access messaging system -------------------------------------------------------------------------------- Update Information: New package "xpa" -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
