The following Fedora EPEL 7 Security updates need testing: Age URL 882 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 645 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 227 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 125 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 123 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4 tnef-1.4.14-1.el7 122 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 25 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-47be021843 heimdal-7.4.0-1.el7 24 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a8886eb42e cross-binutils-2.27-9.el7.1 cross-gcc-4.8.5-16.el7.1 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c39b9065fa GraphicsMagick-1.3.26-3.el7 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c4e53cc90d chicken-4.12.0-3.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b39314b704 mingw-c-ares-1.13.0-1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2c3a1062a0 seamonkey-2.48-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b50572c103 sscep-0.6.1-5.20160525git2052ee1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4908d32c3c python-dbusmock-0.11.1-6.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-017fbc40e8 supervisor-3.1.4-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b6bc17c1 globus-ftp-client-8.36-1.el7 globus-ftp-control-7.8-1.el7 globus-gass-cache-program-6.7-1.el7 globus-gass-copy-9.27-1.el7 globus-gram-client-13.19-1.el7 globus-gram-job-manager-14.36-1.el7 globus-gram-job-manager-condor-2.6-5.el7 globus-gridftp-server-12.2-1.el7 globus-gridftp-server-control-5.1-1.el7 globus-gssapi-gsi-12.17-3.el7 globus-io-11.9-1.el7 globus-net-manager-0.17-1.el7 globus-xio-5.16-1.el7 globus-xio-gsi-driver-3.11-1.el7 globus-xio-pipe-driver-3.10-1.el7 globus-xio-udt-driver-1.28-1.el7 myproxy-6.1.28-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-37e736147d knot-2.5.3-2.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-94c168d702 php-horde-Horde-Core-2.30.0-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7d6b89ab36 php-horde-Horde-Form-2.0.18-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-359039e1f1 php-horde-Horde-Url-2.2.6-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-aebd466ffa php-horde-horde-5.2.16-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-531b8ee43e php-horde-kronolith-4.2.22-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-055fdcdee7 php-horde-nag-4.2.15-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bad0726ae5 php-horde-turba-4.2.20-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-886e003d48 gsoap-2.8.16-9.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-816da4b59a ReviewBoard-2.5.14-2.el7 python-djblets-0.9.9-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8683c5e591 potrace-1.15-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing composer-1.4.3-1.el7 fusioninventory-agent-2.3.21-1.el7 gnome-shell-extension-freon-25-1.el7 mate-themes-3.22.13-1.el7 mock-1.4.3-1.el7 openblas-0.2.20-2.el7 php-bartlett-PHP-CompatInfo-5.0.8-1.el7 php-bartlett-php-compatinfo-db-1.23.0-1.el7 potrace-1.15-1.el7 sysusage-5.5-3.el7 Details about builds: ================================================================================ composer-1.4.3-1.el7 (FEDORA-EPEL-2017-36063cb93a) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.4.3** - 2017-08-06 * Fixed GitLab URLs * Fixed root package version detection using latest git versions * Fixed inconsistencies in date format in composer.lock when installing from source * Fixed Mercurial support regression * Fixed exclude-from-classmap not being applied when autoloading files for Composer plugins * Fixed exclude-from-classmap being ignored when cwd has the wrong case on case insensitive filesystems * Fixed several other minor issues -------------------------------------------------------------------------------- ================================================================================ fusioninventory-agent-2.3.21-1.el7 (FEDORA-EPEL-2017-fdccca0b40) FusionInventory agent -------------------------------------------------------------------------------- Update Information: Last upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1477175 - fusioninventory-agent-2.3.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1477175 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-freon-25-1.el7 (FEDORA-EPEL-2017-0ccf6c15f4) GNOME Shell extension to display system temperature, voltage, and fan speed -------------------------------------------------------------------------------- Update Information: Bump to upstream version 25, which adds German localization. -------------------------------------------------------------------------------- ================================================================================ mate-themes-3.22.13-1.el7 (FEDORA-EPEL-2017-a0cddc52c9) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: - update to 3.22.13 for gtk+-3.22 for rhel7.4 -------------------------------------------------------------------------------- ================================================================================ mock-1.4.3-1.el7 (FEDORA-EPEL-2017-53f9c9cb51) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: * --nocheck macro was not properly escaped [[RHBZ#1473359](https://bugzilla.redhat.com/show_bug.cgi?id=1473359)]. * Use python3 and dnf module on Fedoras to guess architecture in %post scriptlet [[RHBZ#1462310](https://bugzilla.redhat.com/show_bug.cgi?id=1462310)]. * enhanced detection of RHEL [[RHBZ#1470189](https://bugzilla.redhat.com/show_bug.cgi?id=1470189)]. * scm: define `_sourcedir` to checkout directory [[PR#98](https://github.com/rpm- software-management/mock/pull/98)]. * Mageia Cauldron releasever is now 7 [[PR#95](https://github.com/rpm-software-management/mock/pull/95)] * Create /dev nodes even when using nspawn [[RHBZ#1467299](https://bugzilla.redhat.com/show_bug.cgi?id=1467299)]. * selinux: do not try to import yum when PM is dnf [[RHBZ#1474513](https://bugzilla.redhat.com/show_bug.cgi?id=1474513)]. * When you have hundreds of volumes in LVM you can tell mock to wait longer using `config_opts['plugin_conf']['lvm_root_opts']['sleep_time'] = 1`. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1473359 - mock --nocheck -r fedora-26-x86_64 <whatever>.src.rpm consistently fails https://bugzilla.redhat.com/show_bug.cgi?id=1473359 [ 2 ] Bug #1470189 - Mock crashes because there is no dnf https://bugzilla.redhat.com/show_bug.cgi?id=1470189 [ 3 ] Bug #1462310 - missing default cfg on rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1462310 [ 4 ] Bug #1467299 - /dev/null dissapper for rpm scriptlet during mock build https://bugzilla.redhat.com/show_bug.cgi?id=1467299 [ 5 ] Bug #1474513 - Using --old-chroot, selinux plugin crashes if yum is not installed https://bugzilla.redhat.com/show_bug.cgi?id=1474513 -------------------------------------------------------------------------------- ================================================================================ openblas-0.2.20-2.el7 (FEDORA-EPEL-2017-4e3642d37a) An optimized BLAS library based on GotoBLAS2 -------------------------------------------------------------------------------- Update Information: Update to the newest release, including fixes to several race and locking bugs, a newer version of LAPACK, as well as support for several more processors on the x86_64 architecture. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1474554 - openblas-0.2.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1474554 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-CompatInfo-5.0.8-1.el7 (FEDORA-EPEL-2017-c08075c316) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information: **Version 5.0.8** * Fix #232 Support class constants -------------------------------------------------------------------------------- ================================================================================ php-bartlett-php-compatinfo-db-1.23.0-1.el7 (FEDORA-EPEL-2017-f3c1ab3a43) Reference Database to be used with php-compatinfo library -------------------------------------------------------------------------------- Update Information: **Version 1.23.0** - 2017-07-17 * **Added** - Support to PHP 7.0.21 - Support to PHP 5.6.31 - New `db:build:ext` command to generate a draft (json format) of each components in one extension. - New `db:list` command to see what are extensions supported by the database. - New `ExtensionFactory::getExtensions()` method to retrieve all extensions informations (status/versions) - New `db:show` command to see details of extensions supported by the database. * **Changed** - Amqp reference updated to version 1.9.1 (stable) - Lzf reference updated to version 1.6.6 (stable) - Redis reference updated to version 3.1.2 (stable) - Ssh2 reference updated to version 1.1 (alpha) - Stomp reference updated to version 2.0.1 (stable) - Zip reference updated to version 1.15.1 (stable) - DataBase `compatinfo.sqlite` is copied in same directory (<user>\.bartlett) for both phar and non phar versions. - Console `db:backup` command did not used anymore the system temporary folder to save DB backup files (save in same folder as DB) -------------------------------------------------------------------------------- ================================================================================ potrace-1.15-1.el7 (FEDORA-EPEL-2017-8683c5e591) Transform bitmaps into vector graphics -------------------------------------------------------------------------------- Update Information: This release consists of bugfixes and minor portability improvements. Some potential buffer overflows and arithmetic overflows were fixed, including CVE-2017-12067. A bug triggered by very large bitmaps has been fixed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1477104 - CVE-2017-12067 potrace: heap-based buffer over-read in the interpolate_cubic function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477104 [ 2 ] Bug #1385513 - CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple security issues [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1385513 [ 3 ] Bug #1477105 - CVE-2017-12067 potrace: heap-based buffer over-read in the interpolate_cubic function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477105 [ 4 ] Bug #1385512 - CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple security issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1385512 -------------------------------------------------------------------------------- ================================================================================ sysusage-5.5-3.el7 (FEDORA-EPEL-2017-158cea28af) System monitoring based on Perl, rrdtool, and sysstat -------------------------------------------------------------------------------- Update Information: Unretire package and upgrade to new upstream version -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx