The following Fedora EPEL 7 Security updates need testing: Age URL 809 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 571 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 153 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 51 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 49 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4 tnef-1.4.14-1.el7 48 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e2fae7fb04 squirrelmail-1.4.22-16.el7 21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-828e5e0986 lynis-2.5.0-1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2acdfa3ad8 struts-1.3.10-14.1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6acdeb07a7 chicken-4.12.0-2.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c97810a9a7 jbig2dec-0.12-4.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4269265615 menu-cache-1.0.1-2.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-692b72b3c9 chromium-58.0.3029.110-2.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a9209fb240 wordpress-4.7.5-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3ad7cbb1a1 moodle-3.1.6-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0b04702c2 compat-tidy-0.99.0-37.20091203.el7 libopkele-2.0.4-9.el7 mod_auth_openid-0.8-2.el7 psi-plus-0.16-0.22.20141205git440.el7 tidy-5.4.0-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing cjdns-19.1-4.el7 cobbler-2.8.1-1.el7 compat-tidy-0.99.0-37.20091203.el7 libopkele-2.0.4-9.el7 mod_auth_openid-0.8-2.el7 module-build-service-1.3.22-2.el7 perl-HTTP-Headers-Fast-0.20-3.el7 perl-IO-TieCombine-1.005-4.el7 php-cs-fixer-2.2.4-1.el7 psi-plus-0.16-0.22.20141205git440.el7 python-fedmsg-rabbitmq-serializer-0.0.5-4.el7 python-idstools-0.6.1-1.el7 python-openidc-client-0-3.20170523git77cb3ee.el7 tidy-5.4.0-1.el7 Details about builds: ================================================================================ cjdns-19.1-4.el7 (FEDORA-EPEL-2017-39be513ab9) The privacy-friendly network without borders -------------------------------------------------------------------------------- Update Information: Call sodium_init(), include mkpasswd (but not in /usr/bin). EL7 users will want this to update to protocol 19. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1455317 - cjdroute and others fail to call sodium_init() https://bugzilla.redhat.com/show_bug.cgi?id=1455317 -------------------------------------------------------------------------------- ================================================================================ cobbler-2.8.1-1.el7 (FEDORA-EPEL-2017-478a4e6751) Boot server configurator -------------------------------------------------------------------------------- Update Information: Update to 2.8.1: Feature improvements: - Signature added for: sles 12sp2 - Signature added for: fedora 26 - Signature added for: ubuntu 17.04 - Signature added for: freebsd 10.3 - Signature added for: freebsd 11.0 - Signature added for: xen server 7.0 - Signature added for: xen server 7.1 Bugfixes: - Cleanup distro_signatures - Use $bind_master in secondary.template (#1720) - Add zonename to metadata in manage_bind (#1700) - Update cobbler.wsgi to Django >=1.4 API - Add some input validation to repo configuration (#1741) - Fix handling of multiple bridge interfaces (#1735) - Added warnings in kickstart samples (#1737) - Fix the auto-build when using autodiscovery (#1753) - Fixes to setup.py so that python setup.py install now works again on Debian/Ubuntu (#1750) - Replication now works with Cobbler using non standard ports (#1637) - Generalize names for named/dhcpd executables in cobbler check (#1672) - No more manual symlinks required for Python dist-packages on Debian/Ubuntu (#1751) - Code cleanup in kickgen.py, setup.py, etc - Fixes to several API calls relating to mgmtclass, file and package - RHEL7 still needs to use the nameserver option - Master interface now inherits MTU setting from slave interface - Don't add multiple (bond) slave interfaces to dhcpd.conf - Grub legacy loaders updated to the latest versions available - Enable the source tree to be cloned on Windows systems (#1722) - Minor SuSE AutoYast improvements -------------------------------------------------------------------------------- References: [ 1 ] Bug #1442353 - Replication now works with Cobbler using non standard ports, fixes #1637 https://bugzilla.redhat.com/show_bug.cgi?id=1442353 [ 2 ] Bug #1404826 - cobbler_web is broken with django 1.8.8 (with patch) https://bugzilla.redhat.com/show_bug.cgi?id=1404826 -------------------------------------------------------------------------------- ================================================================================ compat-tidy-0.99.0-37.20091203.el7 (FEDORA-EPEL-2017-c0b04702c2) Compatibility utility and library to clean up and pretty print HTML/XHTML/XML -------------------------------------------------------------------------------- Update Information: Update to latest stable version of tidy, and provide a compat-tidy package for those packages (like php-extras) not ready to use the newer version yet. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue() https://bugzilla.redhat.com/show_bug.cgi?id=1228297 [ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters https://bugzilla.redhat.com/show_bug.cgi?id=1312881 [ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline https://bugzilla.redhat.com/show_bug.cgi?id=1312877 -------------------------------------------------------------------------------- ================================================================================ libopkele-2.0.4-9.el7 (FEDORA-EPEL-2017-c0b04702c2) C++ implementation of the OpenID decentralized identity system -------------------------------------------------------------------------------- Update Information: Update to latest stable version of tidy, and provide a compat-tidy package for those packages (like php-extras) not ready to use the newer version yet. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue() https://bugzilla.redhat.com/show_bug.cgi?id=1228297 [ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters https://bugzilla.redhat.com/show_bug.cgi?id=1312881 [ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline https://bugzilla.redhat.com/show_bug.cgi?id=1312877 -------------------------------------------------------------------------------- ================================================================================ mod_auth_openid-0.8-2.el7 (FEDORA-EPEL-2017-c0b04702c2) OpenID authentication for apache -------------------------------------------------------------------------------- Update Information: Update to latest stable version of tidy, and provide a compat-tidy package for those packages (like php-extras) not ready to use the newer version yet. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue() https://bugzilla.redhat.com/show_bug.cgi?id=1228297 [ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters https://bugzilla.redhat.com/show_bug.cgi?id=1312881 [ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline https://bugzilla.redhat.com/show_bug.cgi?id=1312877 -------------------------------------------------------------------------------- ================================================================================ module-build-service-1.3.22-2.el7 (FEDORA-EPEL-2017-7fe5f569b6) The Module Build Service for Modularity -------------------------------------------------------------------------------- Update Information: New version 1.3.22. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435222 - module-build-service-1.3.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1435222 -------------------------------------------------------------------------------- ================================================================================ perl-HTTP-Headers-Fast-0.20-3.el7 (FEDORA-EPEL-2017-f951efb08d) Faster implementation of HTTP::Headers -------------------------------------------------------------------------------- Update Information: HTTP::Headers::Fast is a perl class for parsing/writing HTTP headers. -------------------------------------------------------------------------------- ================================================================================ perl-IO-TieCombine-1.005-4.el7 (FEDORA-EPEL-2017-f1773b75bb) Produce tied (and other) separate but combined variables -------------------------------------------------------------------------------- Update Information: This package allows you to tie separate variables into a combined whole, using ties and other magic. This can be very useful when, say, you want a unified output from various different things that return data in different ways (STDIN/ERR, scalars, handles, etc). -------------------------------------------------------------------------------- ================================================================================ php-cs-fixer-2.2.4-1.el7 (FEDORA-EPEL-2017-7515ce7351) A tool to automatically fix PHP code style -------------------------------------------------------------------------------- Update Information: Changelog for **version 2.2.4** * bug #2682 DoctrineAnnotationIndentationFixer - fix handling nested annotations (edhgoose, julienfalque) * bug #2700 Fix Doctrine Annotation end detection (julienfalque) * bug #2715 OrderedImportsFixer - handle indented groups (pilgerone) * bug #2732 HeaderCommentFixer - fix handling blank lines (s7b4) * bug #2745 Fix Doctrine Annotation newlines (julienfalque) * bug #2752 FixCommand - fix typo in warning message (mnapoli) * bug #2757 GeckoPHPUnit is not dev dependency (keradus) * bug #2759 Update gitattributes (SpacePossum) * bug #2763 Fix describe command with PSR-0 fixer (julienfalque) * bug #2768 Tokens::ensureWhitespaceAtIndex - clean up comment check, add check for T_OPEN (SpacePossum) * bug #2783 Tokens::ensureWhitespaceAtIndex - Fix handling line endings (SpacePossum) * minor #2663 Use colors for keywords in commands output (julienfalque, keradus) * minor #2706 Update README (SpacePossum) * minor #2714 README.rst - fix wrong value in example (mleko) * minor #2721 Update phpstorm article link to a fresh blog post (valeryan) * minor #2727 PHPUnit - use speedtrap (keradus) * minor #2728 SelfUpdateCommand - verify that it's possible to replace current file (keradus) * minor #2729 DescribeCommand - add decorated output test (julienfalque) * minor #2731 BracesFixer - properly pass config in utest dataProvider (keradus) * minor #2738 Upgrade tests to use new, namespaced PHPUnit TestCase class (keradus) * minor #2743 Fixing example and description for GeneralPhpdocAnnotationRemoveFixer (kubawerlos) * minor #2744 AbstractDoctrineAnnotationFixerTestCase - split fixers test cases (julienfalque) * minor #2755 Fix compatibility with PHPUnit 5.4.x (keradus) * minor #2758 Readme - improve CI integration guidelines (keradus) * minor #2769 Psr0Fixer - remove duplicated example (julienfalque) * minor #2775 NoExtraConsecutiveBlankLinesFixer - remove duplicate code sample. (SpacePossum) * minor #2778 AutoReview - watch that code samples are unique (keradus) * minor #2787 Add warnings about missing dom ext and require json ext (keradus) * minor #2792 Use composer-require-checker (keradus) * minor #2796 Update .gitattributes (SpacePossum) * minor #2800 PhpdocTypesFixerTest - Fix typo in covers annotation (SpacePossum) -------------------------------------------------------------------------------- ================================================================================ psi-plus-0.16-0.22.20141205git440.el7 (FEDORA-EPEL-2017-c0b04702c2) Jabber client based on Qt -------------------------------------------------------------------------------- Update Information: Update to latest stable version of tidy, and provide a compat-tidy package for those packages (like php-extras) not ready to use the newer version yet. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue() https://bugzilla.redhat.com/show_bug.cgi?id=1228297 [ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters https://bugzilla.redhat.com/show_bug.cgi?id=1312881 [ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline https://bugzilla.redhat.com/show_bug.cgi?id=1312877 -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-rabbitmq-serializer-0.0.5-4.el7 (FEDORA-EPEL-2017-6ce9a893d9) fedmsg consumer to serialize bus messages into a rabbitmq worker queue -------------------------------------------------------------------------------- Update Information: New package for Fedora -------------------------------------------------------------------------------- ================================================================================ python-idstools-0.6.1-1.el7 (FEDORA-EPEL-2017-52970a3b1b) Snort and Suricata Rule and Event Utilities -------------------------------------------------------------------------------- Update Information: upstream update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1452025 - [abrt] python3-idstools: rule.py:208:parse:TypeError: cannot use a string pattern on a bytes-like object https://bugzilla.redhat.com/show_bug.cgi?id=1452025 -------------------------------------------------------------------------------- ================================================================================ python-openidc-client-0-3.20170523git77cb3ee.el7 (FEDORA-EPEL-2017-bf248479c9) Python OpenID Connect client with token caching and management -------------------------------------------------------------------------------- Update Information: python-openidc-client-0-3.20170523git77cb3ee update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437845 - python-openidc-client-v0.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1437845 -------------------------------------------------------------------------------- ================================================================================ tidy-5.4.0-1.el7 (FEDORA-EPEL-2017-c0b04702c2) Utility to clean up and pretty print HTML/XHTML/XML -------------------------------------------------------------------------------- Update Information: Update to latest stable version of tidy, and provide a compat-tidy package for those packages (like php-extras) not ready to use the newer version yet. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1228297 - CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue() https://bugzilla.redhat.com/show_bug.cgi?id=1228297 [ 2 ] Bug #1312881 - tidy: Use-after-free caused by mishandling control characters https://bugzilla.redhat.com/show_bug.cgi?id=1312881 [ 3 ] Bug #1312877 - tidy: Out-of-bounds heap read in TextEndsWithNewline https://bugzilla.redhat.com/show_bug.cgi?id=1312877 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx