Fedora EPEL 7 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 833  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087   dokuwiki-0-0.24.20140929c.el7
 595  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f   mcollective-2.8.4-1.el7
 178  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d   libbsd-0.8.3-1.el7
  75  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe   mod_cluster-1.3.3-10.el7
  73  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4   tnef-1.4.14-1.el7
  72  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378   python-XStatic-jquery-ui-1.12.0.1-1.el7
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-340bb46b1d   capnproto-0.5.3.1-1.el7
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aae1e22f1   lxc-1.0.10-2.el7
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d9786818e4   python-nbxmpp-0.5.6-1.el7 gajim-0.16.8-1.el7
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a8886eb42e   cross-binutils-2.28-1.el7 cross-gcc-7.0.1-0.4.el7.1.1
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30baf73207   chromium-59.0.3071.104-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    chromium-59.0.3071.104-1.el7
    cross-binutils-2.28-1.el7
    cross-gcc-7.0.1-0.4.el7.1.1
    inxi-2.3.21-1.el7
    libmediainfo-0.7.96-1.el7
    lynis-2.5.1-2.el7
    mediainfo-0.7.96-1.el7
    mock-1.4.2-1.el7
    php-jsonlint-1.6.1-1.el7
    tlp-1.0-1.el7
    vtun-3.0.4-1.el7
    waiverdb-0.2.1-1.el7

Details about builds:


================================================================================
 chromium-59.0.3071.104-1.el7 (FEDORA-EPEL-2017-30baf73207)
 A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:

Update to .104. Fix mp3 playback. Security fix for CVE-2017-5087, CVE-2017-5088,
CVE-2017-5089   ----  Chromium 59. Add smaller logo files. Fix lots of security
bugs: Security fix for CVE-2017-5070, CVE-2017-5071, CVE-2017-5072,
CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5086, CVE-2017-5076,
CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081,
CVE-2017-5082, CVE-2017-5083, CVE-2017-5085
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1462151 - CVE-2017-5089 chromium-browser: domain spoofing in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1462151
  [ 2 ] Bug #1462149 - CVE-2017-5088 chromium-browser: out of bounds read in v8
        https://bugzilla.redhat.com/show_bug.cgi?id=1462149
  [ 3 ] Bug #1462148 - CVE-2017-5087 chromium-browser: sandbox escape in indexeddb
        https://bugzilla.redhat.com/show_bug.cgi?id=1462148
  [ 4 ] Bug #1459037 - CVE-2017-5085 chromium-browser: inappropriate javascript execution on webui pages
        https://bugzilla.redhat.com/show_bug.cgi?id=1459037
  [ 5 ] Bug #1459036 - CVE-2017-5083 chromium-browser: ui spoofing in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1459036
  [ 6 ] Bug #1459035 - CVE-2017-5082 chromium-browser: insufficient hardening in credit card editor
        https://bugzilla.redhat.com/show_bug.cgi?id=1459035
  [ 7 ] Bug #1459034 - CVE-2017-5081 chromium-browser: extension verification bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1459034
  [ 8 ] Bug #1459033 - CVE-2017-5080 chromium-browser: use after free in credit card autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=1459033
  [ 9 ] Bug #1459032 - CVE-2017-5079 chromium-browser: ui spoofing in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1459032
  [ 10 ] Bug #1459031 - CVE-2017-5078 chromium-browser: possible command injection in mailto handling
        https://bugzilla.redhat.com/show_bug.cgi?id=1459031
  [ 11 ] Bug #1459030 - CVE-2017-5077 chromium-browser: heap buffer overflow in skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1459030
  [ 12 ] Bug #1459029 - CVE-2017-5076 chromium-browser: address spoofing in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1459029
  [ 13 ] Bug #1459028 - CVE-2017-5086 chromium-browser: address spoofing in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1459028
  [ 14 ] Bug #1459027 - CVE-2017-5075 chromium-browser: information leak in csp reporting
        https://bugzilla.redhat.com/show_bug.cgi?id=1459027
  [ 15 ] Bug #1459025 - CVE-2017-5074 chromium-browser: use after free in apps bluetooth
        https://bugzilla.redhat.com/show_bug.cgi?id=1459025
  [ 16 ] Bug #1459024 - CVE-2017-5073 chromium-browser: use after free in print preview
        https://bugzilla.redhat.com/show_bug.cgi?id=1459024
  [ 17 ] Bug #1459023 - CVE-2017-5072 chromium-browser: address spoofing in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1459023
  [ 18 ] Bug #1459022 - CVE-2017-5071 chromium-browser: out of bounds read in v8
        https://bugzilla.redhat.com/show_bug.cgi?id=1459022
  [ 19 ] Bug #1459021 - CVE-2017-5070 chromium-browser: type confusion in v8
        https://bugzilla.redhat.com/show_bug.cgi?id=1459021
--------------------------------------------------------------------------------


================================================================================
 cross-binutils-2.28-1.el7 (FEDORA-EPEL-2017-a8886eb42e)
 A GNU collection of cross-compilation binary utilities
--------------------------------------------------------------------------------
Update Information:

Rebase cross-gcc and cross-binutils.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1162664 - cross-binutils: binutils: directory traversal vulnerability [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162664
  [ 2 ] Bug #1162629 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC parser [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162629
  [ 3 ] Bug #1162618 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162618
  [ 4 ] Bug #1162605 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162605
  [ 5 ] Bug #1162582 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162582
  [ 6 ] Bug #1440669 - Rebase cross-gcc on EPEL with latest RHEL-7 gcc sources
        https://bugzilla.redhat.com/show_bug.cgi?id=1440669
--------------------------------------------------------------------------------


================================================================================
 cross-gcc-7.0.1-0.4.el7.1.1 (FEDORA-EPEL-2017-a8886eb42e)
 Cross C compiler
--------------------------------------------------------------------------------
Update Information:

Rebase cross-gcc and cross-binutils.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1162664 - cross-binutils: binutils: directory traversal vulnerability [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162664
  [ 2 ] Bug #1162629 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC parser [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162629
  [ 3 ] Bug #1162618 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162618
  [ 4 ] Bug #1162605 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162605
  [ 5 ] Bug #1162582 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162582
  [ 6 ] Bug #1440669 - Rebase cross-gcc on EPEL with latest RHEL-7 gcc sources
        https://bugzilla.redhat.com/show_bug.cgi?id=1440669
--------------------------------------------------------------------------------


================================================================================
 inxi-2.3.21-1.el7 (FEDORA-EPEL-2017-59f79e4db7)
 A full featured system information script
--------------------------------------------------------------------------------
Update Information:

Update to 2.3.21.
--------------------------------------------------------------------------------


================================================================================
 libmediainfo-0.7.96-1.el7 (FEDORA-EPEL-2017-814c12bcec)
 Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:

Update to 0.7.96.
--------------------------------------------------------------------------------


================================================================================
 lynis-2.5.1-2.el7 (FEDORA-EPEL-2017-68fc81975d)
 Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:

Update to 2.5.1 / Add patch to fix lynis show changelog
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1457583 - lynis-2.5.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1457583
--------------------------------------------------------------------------------


================================================================================
 mediainfo-0.7.96-1.el7 (FEDORA-EPEL-2017-814c12bcec)
 Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:

Update to 0.7.96.
--------------------------------------------------------------------------------


================================================================================
 mock-1.4.2-1.el7 (FEDORA-EPEL-2017-65be829503)
 Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:

There are new features:  * The bootstrap feature is now disabled by default.
There were too many issues with it. You can enable it localy with `--bootstrap-
chroot`, but first see knows [bugs](https://bugzilla.redhat.com/buglist.cgi?bug_
status=NEW&bug_status=ASSIGNED&component=mock&known_name=mock-
all&list_id=7491839&product=Fedora&product=Fedora%20EPEL&query_based_on=mock-
all&query_format=advanced) and [issues](https://github.com/rpm-software-
management/mock/issues). * There is initial support for Fedora Modularity. You
can add to config:      config_opts['module_enable'] = ['list', 'of', 'modules']
config_opts['module_install'] = ['module1/profile', 'module2/profile']  This
will call `dnf module enable list of modules` and `dnf module install
module1/profile module2/profile` during the init phase.  There are some
bugfixes:  * NSpawn chroot is switched off for EL6 targets
[[RHBZ#1456421](https://bugzilla.redhat.com/show_bug.cgi?id=1456421)]. * LVM
root is not umounted when `umount_root` is set to false
[[RHBZ#1447658](https://bugzilla.redhat.com/show_bug.cgi?id=1447658)] * Shell in
NSpawn container is now called with `--login` so `profile.d` scripts are
executed [[RHBZ#1450516](https://bugzilla.redhat.com/show_bug.cgi?id=1450516)]
[[RHBZ#1462373](https://bugzilla.redhat.com/show_bug.cgi?id=1462373)] * yum
rather then yum-deprecated is used when using bootstrap chroot
[[RHBZ#1446294](https://bugzilla.redhat.com/show_bug.cgi?id=1446294)] * Custom
chroot does not use bootstrap
[[RHBZ#1448321](https://bugzilla.redhat.com/show_bug.cgi?id=1448321)] * Mock now
use `dnf repoquery` instead of repoquery for chroots which uses DNF. * LVM's
scrub hook for bootstrap chroot is called
[[RHBZ#1446297](https://bugzilla.redhat.com/show_bug.cgi?id=1446297)] *
`--mount` will mount LVM volumes
[[RHBZ#1448017](https://bugzilla.redhat.com/show_bug.cgi?id=1448017)]
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1448017 - [lvm] --mount does not mount the bootstrap volume
        https://bugzilla.redhat.com/show_bug.cgi?id=1448017
  [ 2 ] Bug #1446297 - "--scrub all" does not remove the bootsrap volume
        https://bugzilla.redhat.com/show_bug.cgi?id=1446297
  [ 3 ] Bug #1448321 - Problem with dnf_install_command in custom1 chroot
        https://bugzilla.redhat.com/show_bug.cgi?id=1448321
  [ 4 ] Bug #1446294 - No such file or directory: '/usr/bin/yum-deprecated'
        https://bugzilla.redhat.com/show_bug.cgi?id=1446294
  [ 5 ] Bug #1462373 - module load fails with "module unknown" error when running under mock --new-chroot
        https://bugzilla.redhat.com/show_bug.cgi?id=1462373
  [ 6 ] Bug #1450516 - Login shell with systemd-nspawn
        https://bugzilla.redhat.com/show_bug.cgi?id=1450516
  [ 7 ] Bug #1447658 - [lvm] The buildroot volume is not kept mounted after build
        https://bugzilla.redhat.com/show_bug.cgi?id=1447658
  [ 8 ] Bug #1456421 - Cannot build packages in epel-6 with mock-1.14 due to new chroot
        https://bugzilla.redhat.com/show_bug.cgi?id=1456421
--------------------------------------------------------------------------------


================================================================================
 php-jsonlint-1.6.1-1.el7 (FEDORA-EPEL-2017-052d23dad3)
 JSON Lint for PHP
--------------------------------------------------------------------------------
Update Information:

**Version 1.6.1** (2017-06-18)    * Fixed parsing of `0` as invalid
--------------------------------------------------------------------------------


================================================================================
 tlp-1.0-1.el7 (FEDORA-EPEL-2017-05b24fcbe0)
 Advanced power management tool for Linux
--------------------------------------------------------------------------------
Update Information:

Update to version 1.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1455545 - tlp-1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1455545
--------------------------------------------------------------------------------


================================================================================
 vtun-3.0.4-1.el7 (FEDORA-EPEL-2017-414e87e78e)
 Virtual tunnel over TCP/IP networks
--------------------------------------------------------------------------------
Update Information:

add epel7 branch
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1462458 - Add vtun to EPEL 7?
        https://bugzilla.redhat.com/show_bug.cgi?id=1462458
--------------------------------------------------------------------------------


================================================================================
 waiverdb-0.2.1-1.el7 (FEDORA-EPEL-2017-ade2cfc374)
 Service for waiving results in ResultsDB
--------------------------------------------------------------------------------
Update Information:

New upstream release 0.2.1: https://docs.pagure.org/waiverdb/release-
notes.html#waiverdb-0-2
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux