The following Fedora EPEL 7 Security updates need testing: Age URL 829 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 591 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 173 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 71 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 69 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4 tnef-1.4.14-1.el7 68 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-83ccfea1c9 yara-3.6.0-1.el7 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30c96f21ef mosquitto-1.4.12-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b316d2bb3b ansible-2.3.1.0-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-340bb46b1d capnproto-0.5.3.1-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aae1e22f1 lxc-1.0.10-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d9786818e4 python-nbxmpp-0.5.6-1.el7 gajim-0.16.8-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0f533bdb08 chromium-59.0.3071.86-3.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing RackTables-0.20.13-1.el7 chromium-59.0.3071.86-3.el7 collectl-4.2.0-1.el7 configsnap-0.12-2.el7 duplicity-0.7.13-1.el7 gajim-0.16.8-1.el7 golang-github-hashicorp-go-sockaddr-0-0.2.gitaf174a6.el7 nagios-4.3.2-3.el7 nrpe-3.1.1-1.el7 php-erusev-parsedown-1.6.2-2.el7 python-nbxmpp-0.5.6-1.el7 rubygem-async_sinatra-1.3.0-1.el7 Details about builds: ================================================================================ RackTables-0.20.13-1.el7 (FEDORA-EPEL-2017-f478b4ca39) A data-center asset management system -------------------------------------------------------------------------------- Update Information: Rebase to v0.20.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1450545 - RackTables-0.20.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1450545 -------------------------------------------------------------------------------- ================================================================================ chromium-59.0.3071.86-3.el7 (FEDORA-EPEL-2017-0f533bdb08) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Chromium 59. Add smaller logo files. Fix lots of security bugs: Security fix for CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5086, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1459037 - CVE-2017-5085 chromium-browser: inappropriate javascript execution on webui pages https://bugzilla.redhat.com/show_bug.cgi?id=1459037 [ 2 ] Bug #1459036 - CVE-2017-5083 chromium-browser: ui spoofing in blink https://bugzilla.redhat.com/show_bug.cgi?id=1459036 [ 3 ] Bug #1459035 - CVE-2017-5082 chromium-browser: insufficient hardening in credit card editor https://bugzilla.redhat.com/show_bug.cgi?id=1459035 [ 4 ] Bug #1459034 - CVE-2017-5081 chromium-browser: extension verification bypass https://bugzilla.redhat.com/show_bug.cgi?id=1459034 [ 5 ] Bug #1459033 - CVE-2017-5080 chromium-browser: use after free in credit card autofill https://bugzilla.redhat.com/show_bug.cgi?id=1459033 [ 6 ] Bug #1459032 - CVE-2017-5079 chromium-browser: ui spoofing in blink https://bugzilla.redhat.com/show_bug.cgi?id=1459032 [ 7 ] Bug #1459031 - CVE-2017-5078 chromium-browser: possible command injection in mailto handling https://bugzilla.redhat.com/show_bug.cgi?id=1459031 [ 8 ] Bug #1459030 - CVE-2017-5077 chromium-browser: heap buffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1459030 [ 9 ] Bug #1459029 - CVE-2017-5076 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1459029 [ 10 ] Bug #1459028 - CVE-2017-5086 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1459028 [ 11 ] Bug #1459027 - CVE-2017-5075 chromium-browser: information leak in csp reporting https://bugzilla.redhat.com/show_bug.cgi?id=1459027 [ 12 ] Bug #1459025 - CVE-2017-5074 chromium-browser: use after free in apps bluetooth https://bugzilla.redhat.com/show_bug.cgi?id=1459025 [ 13 ] Bug #1459024 - CVE-2017-5073 chromium-browser: use after free in print preview https://bugzilla.redhat.com/show_bug.cgi?id=1459024 [ 14 ] Bug #1459023 - CVE-2017-5072 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1459023 [ 15 ] Bug #1459022 - CVE-2017-5071 chromium-browser: out of bounds read in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1459022 [ 16 ] Bug #1459021 - CVE-2017-5070 chromium-browser: type confusion in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1459021 -------------------------------------------------------------------------------- ================================================================================ collectl-4.2.0-1.el7 (FEDORA-EPEL-2017-be5da19ffb) A utility to collect various Linux performance data -------------------------------------------------------------------------------- Update Information: - updated to 4.2.0 - http://collectl.sourceforge.net/Releases.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1460836 - collectl-4.2.0.src is available https://bugzilla.redhat.com/show_bug.cgi?id=1460836 -------------------------------------------------------------------------------- ================================================================================ configsnap-0.12-2.el7 (FEDORA-EPEL-2017-c70e657c65) Record and compare system state -------------------------------------------------------------------------------- Update Information: Update to 0.12 -------------------------------------------------------------------------------- ================================================================================ duplicity-0.7.13-1.el7 (FEDORA-EPEL-2017-b68be42958) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information: https://launchpad.net/duplicity/0.7-series/0.7.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1460834 - duplicity-0.7.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1460834 -------------------------------------------------------------------------------- ================================================================================ gajim-0.16.8-1.el7 (FEDORA-EPEL-2017-d9786818e4) Jabber client written in PyGTK -------------------------------------------------------------------------------- Update Information: Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat invites * Fix encoding problems with newer GnuPG versions * Fix old messages randomly reappearing in the chat window * Fix some problems with IBB filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to your own resources * Improve reliability of delivery recipes * Many minor bugfixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456365 - CVE-2016-10376 gajim: XEP-0146 makes it possible to extract plain-text from OTR sessions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1456365 -------------------------------------------------------------------------------- ================================================================================ golang-github-hashicorp-go-sockaddr-0-0.2.gitaf174a6.el7 (FEDORA-EPEL-2017-915e1038c6) IP Address/UNIX Socket convenience functions for Go -------------------------------------------------------------------------------- Update Information: Remove cyclic dep ---- First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1410393 - Review Request: golang-github-hashicorp-go-sockaddr - IP Address/UNIX Socket convenience functions for Go https://bugzilla.redhat.com/show_bug.cgi?id=1410393 -------------------------------------------------------------------------------- ================================================================================ nagios-4.3.2-3.el7 (FEDORA-EPEL-2017-0f6d46ab05) Host/service/network monitoring program -------------------------------------------------------------------------------- Update Information: Update to latest in git ---- Updated from 4.3.1 maint to 4.3.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1005974 - nagios-4.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1005974 [ 2 ] Bug #1084934 - Unable to reload nagios under systemd https://bugzilla.redhat.com/show_bug.cgi?id=1084934 [ 3 ] Bug #1201849 - Support an environment file in the systemd unit file https://bugzilla.redhat.com/show_bug.cgi?id=1201849 [ 4 ] Bug #1218320 - Install the Nagios checkresults directory with group-writable permissions https://bugzilla.redhat.com/show_bug.cgi?id=1218320 [ 5 ] Bug #1426816 - Nagios RPM 4.2.4 forgot to reload systemd in postinstall https://bugzilla.redhat.com/show_bug.cgi?id=1426816 [ 6 ] Bug #1428111 - Broken links in the View Trends and the View Histogram menu https://bugzilla.redhat.com/show_bug.cgi?id=1428111 -------------------------------------------------------------------------------- ================================================================================ nrpe-3.1.1-1.el7 (FEDORA-EPEL-2017-f37341bbab) Host/service/network monitoring agent for Nagios -------------------------------------------------------------------------------- Update Information: Update to 3.1.1 ---- Move to using original nirik nrpe service file for systemd. It worked and the others dont ---- update to 3.1.0 ---- Fix npre pid. Fix systemd ---- Update to 3.0.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #970997 - Allow multiple packets to be received https://bugzilla.redhat.com/show_bug.cgi?id=970997 [ 2 ] Bug #1236081 - nrpe: /var/run/nrpe owner mismatch https://bugzilla.redhat.com/show_bug.cgi?id=1236081 [ 3 ] Bug #1275870 - NRPE initscript does not read PID file when calling status/killproc https://bugzilla.redhat.com/show_bug.cgi?id=1275870 [ 4 ] Bug #1318773 - nrpe.service sets User/Group, prevents normal .cfg user/group setting https://bugzilla.redhat.com/show_bug.cgi?id=1318773 [ 5 ] Bug #1359858 - NRPE causes SELinux denials https://bugzilla.redhat.com/show_bug.cgi?id=1359858 [ 6 ] Bug #1411705 - allowed_hosts doesn't work, if one of the hostnames can't be resolved by dns https://bugzilla.redhat.com/show_bug.cgi?id=1411705 [ 7 ] Bug #1412214 - NRPE systemd service file does not support reload command https://bugzilla.redhat.com/show_bug.cgi?id=1412214 [ 8 ] Bug #1190708 - nrpe.service does not support reload for systemd https://bugzilla.redhat.com/show_bug.cgi?id=1190708 -------------------------------------------------------------------------------- ================================================================================ php-erusev-parsedown-1.6.2-2.el7 (FEDORA-EPEL-2017-31c3d3bc90) Markdown parser in PHP -------------------------------------------------------------------------------- Update Information: Markdown parser in PHP -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458581 - Review Request: php-erusev-parsedown - Markdown parser in PHP https://bugzilla.redhat.com/show_bug.cgi?id=1458581 -------------------------------------------------------------------------------- ================================================================================ python-nbxmpp-0.5.6-1.el7 (FEDORA-EPEL-2017-d9786818e4) Python library for non-blocking use of Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat invites * Fix encoding problems with newer GnuPG versions * Fix old messages randomly reappearing in the chat window * Fix some problems with IBB filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to your own resources * Improve reliability of delivery recipes * Many minor bugfixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456365 - CVE-2016-10376 gajim: XEP-0146 makes it possible to extract plain-text from OTR sessions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1456365 -------------------------------------------------------------------------------- ================================================================================ rubygem-async_sinatra-1.3.0-1.el7 (FEDORA-EPEL-2017-a10211b632) A Sinatra plugin for running on async webservers -------------------------------------------------------------------------------- Update Information: Upstream release 1.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1454503 - rubygem-async_sinatra-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1454503 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
