The following Fedora EPEL 7 Security updates need testing: Age URL 1016 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 779 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 361 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 259 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 256 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 90 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7 28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7 17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d704442ae7 qpid-cpp-1.37.0-1.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97efaab7e7 tor-0.2.9.14-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f2055d3f62 shellinabox-2.20-5.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-77cc9084cb nodejs-6.12.2-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30026fdcc1 hostapd-2.6-7.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d4de5890b2 LibRaw-0.18.6-2.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-ae06399a6b heimdal-7.5.0-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9a67291cf1 json-c12-0.12.1-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-263dafc1ae python-mistune-0.8.3-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing beakerlib-1.17-6.el7 nova-agent-2.1.10-1.el7 python-fedmsg-meta-fedora-infrastructure-0.23.0-1.el7 python-mistune-0.8.3-1.el7 wine-2.0.3-1.el7 yadifa-2.3.7-1.el7 Details about builds: ================================================================================ beakerlib-1.17-6.el7 (FEDORA-EPEL-2017-bfe365655c) A shell-level integration testing library -------------------------------------------------------------------------------- Update Information: - added missing dependecy ---- - result file tweaks - fixed ifs issue - improved performance of journaling.py - fixed computing the length of text text journal per phase - use internal test name and do not touch TEST variable if empty - omit human readable meta file comments in non-debug mode - enable nested phases by default ---- - updated dependecies set ---- - completely reworked getting rpms - bstor.py rewritten in pure bash - some doc fixes - completely rewritten journal - extended test suite - support for XSL transformation of journal.xml - provided xunit.xsl - libraries are now searched also in /usr/share /beakerlib-libraries -------------------------------------------------------------------------------- ================================================================================ nova-agent-2.1.10-1.el7 (FEDORA-EPEL-2017-d674736639) Agent for setting up clean servers on Xen -------------------------------------------------------------------------------- Update Information: - Latest upstream - Includes fixes for upstream [#28](https://github.com /Rackspace-DOT/nova-agent/pull/28) and [#29](https://github.com/Rackspace-DOT /nova-agent/pull/29) -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.23.0-1.el7 (FEDORA-EPEL-2017-1e5fc0adae) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: 0.23.0 ------ Pull Requests - (@ralphbean) #451 Target py3.6 https://github.com/fedora-infra/fedmsg_meta_fedora_infrastructure/pull/451 - (@pypingou) #453 Add support for the new pagure messages https://github.com/fedora-infra/fedmsg_meta_fedora_infrastructure/pull/453 - (@ralphbean) #452 WaiverDB processor. https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/pull/452 - (@adamwill) #455 Substantial rewrite + extension of compose.* tests https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/pull/455 - (@ralphbean) #456 An icon for waiverdb. https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/pull/456 - (@adamwill) #457 Fix `nodoc` to exclude test class from topic list https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/pull/457 - (@ralphbean) #450 A first pass at greenwave handling. https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/pull/450 - (@adamwill) #459 Revise subtitles for compose.* messages https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/pull/459 ---- Update to 0.22.0 Changelog available at: https://github.com/fedora-infra/fedmsg_meta_fedora_infra structure/blob/dcf6ee2ea004f7106a3b851bf2e05e11de2e4d30/CHANGELOG.rst#0220 ---- Update to 0.20.0 Change log at : https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0200 ---- Update to 0.19.0 Release note at: https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0190 -------------------------------------------------------------------------------- ================================================================================ python-mistune-0.8.3-1.el7 (FEDORA-EPEL-2017-263dafc1ae) Markdown parser for Python -------------------------------------------------------------------------------- Update Information: Update to 0.8.3, fixing CVE-2017-15612 and CVE-2017-16876 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1432271 - python-mistune-v0.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1432271 [ 2 ] Bug #1524595 - CVE-2017-16876 python-mistune: Cross-site-scripting [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1524595 [ 3 ] Bug #1505311 - CVE-2017-15612 python-mistune: XSS via an unexpected newline / crafted email address [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1505311 -------------------------------------------------------------------------------- ================================================================================ wine-2.0.3-1.el7 (FEDORA-EPEL-2017-ee6a84f29c) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: Update EPEL 7 from 1.8 branch to 2.0 branch. https://www.winehq.org/announce/2.0.3 -------------------------------------------------------------------------------- ================================================================================ yadifa-2.3.7-1.el7 (FEDORA-EPEL-2017-c9fcfb3a1a) Lightweight authoritative Name Server with DNSSEC capabilities -------------------------------------------------------------------------------- Update Information: 20171208: YADIFA 2.3.0-2.3.7 --- - From now on, both master and slaves are updating the zone in the same manner (journal transactions) - Messages are now default (--enable-messages). Disable them using --disable-messages. - Adds more (dynamic) update validation. - Adds a build option to remove compile date and time from various help messages (--disable-build-timestamp) - A master can now be configured to allow updating RRSIG records externally (e.g.: update add domain. RRSIG ...) - Added thread_pool_try_enqueue_call to give up if a queue is full or overworked. --- - Fixes an issue where closing an (a)XFR stream could lead to a race over the file descriptors. - Fixes an issue where an AXFR query would return a version of the zone too old to be upgradable by following incremental updates. - Fixes an issue where zones with big-enough NSEC3 coverage (several millions NSEC3 record) could potentially reach an internal limit of the database. - Fixes an issue where shutting down YADIFA while a zone is being downloaded (AXFR) may make it wait forever. - Fixes an issue where the slave would complain about a missing private key. - Fixes an issue where a specifically truncated IXFR query may make YADIFA replying with an AXFR. - Fixes an issue where an IXFR query returning "not implemented" instead of an AXFR would be retried later as an IXFR. - Fixes an issue where hammering reopening the logs on an overloaded server would not work properly. - Fixes an issue with the CW queuing mechanism when trying to fill a full queue. - Fixes an issue on servers using the network-model 1 model (<main> : network-model 1) - Fixes an issue where the removal in a certain order of hash/hash* related domains would end-up triggering an abort - Fixes an issue where querying a signed domain that was deleted would answer NOERROR instead of NXDOMAIN - Fixes an issue where a zone loaded with a journal would not be marked "dirty" and thus would not be fully dumped on disk upon kill -USR1 - Fixes an issue with network aliases not configured on all setups of --enable-messages - Fixes an issue with the logger not releasing the log files before reconfiguration - Fixes an issue with the journal where heavy load would prevent notification to slaves -------------------------------------------------------------------------------- References: [ 1 ] Bug #1523908 - yadifa-2.3.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1523908 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
