The following Fedora EPEL 7 Security updates need testing: Age URL 841 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 603 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 185 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 83 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 81 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4 tnef-1.4.14-1.el7 80 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aae1e22f1 lxc-1.0.10-2.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d9786818e4 python-nbxmpp-0.5.6-1.el7 gajim-0.16.8-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a8886eb42e cross-binutils-2.28-1.el7 cross-gcc-7.0.1-0.4.el7.1.1 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30baf73207 chromium-59.0.3071.104-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-abfcb66c76 python-djblets-0.9.8-1.el7 ReviewBoard-2.5.13.1-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5ab90c7180 zabbix20-2.0.21-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-eb357ac3b3 zabbix22-2.2.18-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7c2e699925 catdoc-0.95-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b6bc17c1 globus-xio-5.16-1.el7 globus-net-manager-0.17-1.el7 globus-gass-cache-program-6.7-1.el7 globus-gass-copy-9.27-1.el7 globus-gssapi-gsi-12.16-1.el7 globus-gram-job-manager-14.36-1.el7 globus-gridftp-server-12.2-1.el7 globus-io-11.9-1.el7 globus-xio-gsi-driver-3.11-1.el7 globus-xio-pipe-driver-3.10-1.el7 globus-xio-udt-driver-1.27-1.el7 myproxy-6.1.28-1.el7 globus-ftp-client-8.35-2.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bcfa38e123 drupal7-7.56-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1ee32a5ffa libtomcrypt-1.17-25.el7 libtommath-0.42.0-5.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2b04537603 phpMyAdmin-4.4.15.10-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2ba20eeb97 php-horde-Horde-Image-2.5.1-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing audacious-3.8.2-2.el7 audacious-plugins-3.8.2-3.el7 golang-github-pelletier-go-buffruneio-0.2.0-0.1.gitc37440a.el7 librdkafka-0.9.5-1.el7 libtomcrypt-1.17-25.el7 libtommath-0.42.0-5.el7 php-horde-Horde-Image-2.5.1-1.el7 php-phpunit-PHPUnit-4.8.36-1.el7 php-theseer-autoload-1.24.1-1.el7 phpMyAdmin-4.4.15.10-2.el7 python-fedimg-0.7.3-2.el7 python-moksha-hub-1.5.2-1.el7 python-nose2-0.6.5-4.el7 Details about builds: ================================================================================ audacious-3.8.2-2.el7 (FEDORA-EPEL-2017-0a8df111a9) Advanced audio player -------------------------------------------------------------------------------- Update Information: Audacious is an advanced audio player. It is free, lightweight, currently based on GTK+ 2, runs on Linux and many other *nix platforms and is focused on audio quality and supporting a wide range of audio codecs. It still features an alternative skinned user interface (based on Winamp 2.x skins). Historically, it started as a fork of Beep Media Player (BMP), which itself forked from XMMS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464760 - Please apply minor patch to allow building using same spec file for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1464760 [ 2 ] Bug #1464758 - Please apply minor patch to allow building using same spec file for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1464758 -------------------------------------------------------------------------------- ================================================================================ audacious-plugins-3.8.2-3.el7 (FEDORA-EPEL-2017-0a8df111a9) Plugins for the Audacious audio player -------------------------------------------------------------------------------- Update Information: Audacious is an advanced audio player. It is free, lightweight, currently based on GTK+ 2, runs on Linux and many other *nix platforms and is focused on audio quality and supporting a wide range of audio codecs. It still features an alternative skinned user interface (based on Winamp 2.x skins). Historically, it started as a fork of Beep Media Player (BMP), which itself forked from XMMS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464760 - Please apply minor patch to allow building using same spec file for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1464760 [ 2 ] Bug #1464758 - Please apply minor patch to allow building using same spec file for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1464758 -------------------------------------------------------------------------------- ================================================================================ golang-github-pelletier-go-buffruneio-0.2.0-0.1.gitc37440a.el7 (FEDORA-EPEL-2017-b894f8455e) Wrapper around bufio to provide buffered runes access with unlimited unreads -------------------------------------------------------------------------------- Update Information: Bump to v0.2.0 ---- First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464885 - Tracker for golang-github-pelletier-go-buffruneio https://bugzilla.redhat.com/show_bug.cgi?id=1464885 [ 2 ] Bug #1430564 - golang-github-pelletier-go-buffruneio-v0.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1430564 [ 3 ] Bug #1387178 - Review Request: golang-github-pelletier-go-buffruneio - Wrapper around bufio to provide buffered runes access with unlimited unreads https://bugzilla.redhat.com/show_bug.cgi?id=1387178 -------------------------------------------------------------------------------- ================================================================================ librdkafka-0.9.5-1.el7 (FEDORA-EPEL-2017-21e0bfc0f3) The Apache Kafka C library -------------------------------------------------------------------------------- Update Information: This update provides the latest upstream version 0.9.5. -------------------------------------------------------------------------------- ================================================================================ libtomcrypt-1.17-25.el7 (FEDORA-EPEL-2017-1ee32a5ffa) A comprehensive, portable cryptographic toolkit -------------------------------------------------------------------------------- Update Information: - Fix CVE-2016-6129 (#1370955, #1370957) - Update URLs (#1463608, #1463547) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1370955 - CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack https://bugzilla.redhat.com/show_bug.cgi?id=1370955 -------------------------------------------------------------------------------- ================================================================================ libtommath-0.42.0-5.el7 (FEDORA-EPEL-2017-1ee32a5ffa) A portable number theoretic multiple-precision integer library -------------------------------------------------------------------------------- Update Information: - Fix CVE-2016-6129 (#1370955, #1370957) - Update URLs (#1463608, #1463547) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1370955 - CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack https://bugzilla.redhat.com/show_bug.cgi?id=1370955 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Image-2.5.1-1.el7 (FEDORA-EPEL-2017-2ba20eeb97) Horde Image API -------------------------------------------------------------------------------- Update Information: **Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections. ---- **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS attack by preventing an infinite loop in certain conditions (CVE-2017-9773, reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi Vidyan). * [jan] Add blur effect. -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-4.8.36-1.el7 (FEDORA-EPEL-2017-2acd86d6ce) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 4.8.36** - 2017-06-21 * Added `PHPUnit\Framework\AssertionFailedError`, `PHPUnit\Framework\Test`, and `PHPUnit\Framework\TestSuite` to the forward compatibility layer for PHPUnit 6 -------------------------------------------------------------------------------- ================================================================================ php-theseer-autoload-1.24.1-1.el7 (FEDORA-EPEL-2017-be1229208b) A tool and library to generate autoload code -------------------------------------------------------------------------------- Update Information: **Release 1.24.1** * Merge PR [#78](https://github.com/theseer/Autoload/pull/78): Restore PHP 5.3 compatibility [Remi] ---- **Release 1.24.0** * [#77](https://github.com/theseer/Autoload/issues/77): Change duplicate detection to collect all rather than exit on first -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.4.15.10-2.el7 (FEDORA-EPEL-2017-2b04537603) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: Added backported patch for PMASA-2017-8, see https://www.phpmyadmin.net/security/PMASA-2017-8/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437828 - phpMyAdmin: Bypass $cfg['Servers'][$i]['AllowNoPassword'] https://bugzilla.redhat.com/show_bug.cgi?id=1437828 -------------------------------------------------------------------------------- ================================================================================ python-fedimg-0.7.3-2.el7 (FEDORA-EPEL-2017-0e0a269379) Automatically upload Fedora Cloud images to cloud providers -------------------------------------------------------------------------------- Update Information: Updates to 0.7.3. ---- Updates to 0.7.1 ---- Change dependency fedfind to python2-fedfind ---- Migrate to compose-based uploading -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464796 - python-fedimg-0.7.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1464796 [ 2 ] Bug #1423753 - Cloud images on AWS account 125523088429 cannot be copied https://bugzilla.redhat.com/show_bug.cgi?id=1423753 [ 3 ] Bug #1459576 - python-fedimg-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1459576 [ 4 ] Bug #1371241 - python-fedimg-0.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1371241 -------------------------------------------------------------------------------- ================================================================================ python-moksha-hub-1.5.2-1.el7 (FEDORA-EPEL-2017-63f0e6f499) Hub components for Moksha -------------------------------------------------------------------------------- Update Information: A few more fixes for the STOMP backend (topic header and a fix to ack mode). ---- Small bugfix: https://github.com/mokshaproject/moksha/pull/43 ---- Latest upstream. - One bugfix: https://github.com/mokshaproject/moksha/pull/41 - And one feature: https://github.com/mokshaproject/moksha/pull/42 The feature enables STOMP consumers to switch from 'auto' ack mode to 'client' ack mode. ACKs will be automatically sent to the broker if the consumer does not raise an Exception. Exceptions raised by consumers will result in a NACK. Please test with care. ---- One bugfix for STOMP users, which unescapes headers: https://github.com/mokshaproject/moksha/pull/40 One new feature to properly support users interacting with durable broker queues: https://github.com/mokshaproject/moksha/pull/39 -------------------------------------------------------------------------------- ================================================================================ python-nose2-0.6.5-4.el7 (FEDORA-EPEL-2017-5d5c7605e4) Next generation of nicer testing for Python -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
