The following Fedora EPEL 7 Security updates need testing: Age URL 1079 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 842 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 424 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 321 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 153 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7 90 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7 40 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7134fc92a1 jhead-3.00-7.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-069884a87f p7zip-16.02-10.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-72e5d3ef89 suricata-4.0.4-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-276ec6ee2b exim-4.90.1-2.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e50c94a832 seamonkey-2.49.2-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-525417d3d4 mbedtls-2.7.0-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-cee77fc9b3 knot-resolver-2.1.0-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing adapta-gtk-theme-3.93.0.119-1.el7 boinc-client-7.9.2-2.el7 dislocker-0.7.1-7.el7 dpm-contrib-admintools-0.2.4-1.el7 libdvbpsi-1.3.2-1.el7 openjpeg2-2.3.0-6.el7 perl-IO-Socket-Socks-0.74-2.el7 perl-Locale-Maketext-Lexicon-1.00-14.el7 perl-Text-Haml-0.990118-5.el7 php-phpseclib-2.0.10-1.el7 root-6.12.06-1.el7 rpkg-client-0.14-1.el7 strongswan-5.6.1-2.el7 zerofree-1.1.1-1.el7 Details about builds: ================================================================================ adapta-gtk-theme-3.93.0.119-1.el7 (FEDORA-EPEL-2018-8a525972e5) An adaptive Gtk+ theme based on Material Design Guidelines -------------------------------------------------------------------------------- Update Information: - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544740 - adapta-gtk-theme-3.93.0.119 is available https://bugzilla.redhat.com/show_bug.cgi?id=1544740 -------------------------------------------------------------------------------- ================================================================================ boinc-client-7.9.2-2.el7 (FEDORA-EPEL-2018-7ed58d7254) The BOINC client -------------------------------------------------------------------------------- Update Information: New upstream release of the BOINC client + added fix for #1494241 "Use mariadb- connector-c instead of mysql-libs or mariadb-libs" -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494241 - Use mariadb-connector-c instead of mysql-libs or mariadb-libs https://bugzilla.redhat.com/show_bug.cgi?id=1494241 -------------------------------------------------------------------------------- ================================================================================ dislocker-0.7.1-7.el7 (FEDORA-EPEL-2018-c0d4c9a3a1) Utility to access BitLocker encrypted volumes -------------------------------------------------------------------------------- Update Information: - Rebuilt for mbed TLS 2.7.0 -------------------------------------------------------------------------------- ================================================================================ dpm-contrib-admintools-0.2.4-1.el7 (FEDORA-EPEL-2018-c051725b3d) DPM administration toolkit (contrib from GridPP) -------------------------------------------------------------------------------- Update Information: * new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1545172 - dpm-contrib-admintools is using arch-dependent BuildRequires https://bugzilla.redhat.com/show_bug.cgi?id=1545172 -------------------------------------------------------------------------------- ================================================================================ libdvbpsi-1.3.2-1.el7 (FEDORA-EPEL-2018-808885803c) Library for MPEG TS and DVB PSI tables decoding and generation -------------------------------------------------------------------------------- Update Information: The 1.3.2 bugfix release of libdvbpsi is available. It resolves several descriptor bugs. Changes between 1.3.1 and 1.3.2: * Fix bug in dvbpsi_decoder_psi_section_add() set i_last_section_number * Fix bug in descriptor 0x8a that prevented it from being parsed properly * Fix bug in descriptor 0x56 generation with multiple teletext page entries * Fix bug in descriptor 0x41 correct maximum service count -------------------------------------------------------------------------------- ================================================================================ openjpeg2-2.3.0-6.el7 (FEDORA-EPEL-2018-b7a74678b1) C-Library for JPEG 2000 -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 and many others. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487393 - CVE-2017-14151 CVE-2017-14152 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1487393 [ 2 ] Bug #1487381 - CVE-2016-10504 CVE-2016-10505 CVE-2016-10506 CVE-2016-10507 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1487381 [ 3 ] Bug #1418152 - CVE-2016-9112 openjpeg2: Floating point exception vulnerability in openjpeg2 when processing untrusted images [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1418152 [ 4 ] Bug #1335486 - CVE-2016-4796 CVE-2016-4797 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1335486 [ 5 ] Bug #1487769 - CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1487769 [ 6 ] Bug #1487366 - CVE-2017-14040 CVE-2017-14041 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1487366 [ 7 ] Bug #1435069 - CVE-2016-9573 openjpeg2: openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm() [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1435069 [ 8 ] Bug #1422754 - CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 openjpeg2: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1422754 [ 9 ] Bug #1422753 - CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 openjpeg2: various flaws [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1422753 [ 10 ] Bug #1405140 - CVE-2016-9580 CVE-2016-9581 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1405140 [ 11 ] Bug #1402722 - CVE-2016-9573 CVE-2016-9572 openjpeg2: various flaws [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1402722 [ 12 ] Bug #1377771 - CVE-2016-1923 CVE-2016-1924 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1377771 [ 13 ] Bug #1381271 - CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1381271 [ 14 ] Bug #1377348 - CVE-2016-7445 openjpeg2: Null pointer dereference in convert.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1377348 [ 15 ] Bug #1374343 - CVE-2016-7163 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1374343 [ 16 ] Bug #1335773 - CVE-2015-8871 openjpeg2: openjpeg: Use-after-free in opj_j2k_write_mco function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1335773 [ 17 ] Bug #1317832 - CVE-2016-3181 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1317832 -------------------------------------------------------------------------------- ================================================================================ perl-IO-Socket-Socks-0.74-2.el7 (FEDORA-EPEL-2018-47c3d57d25) Provides a way to create socks (4 or 5) client or server -------------------------------------------------------------------------------- Update Information: This is the first Fedora/EPEL release of perl-IO-Socket-Socks. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1546648 - Review Request: perl-IO-Socket-Socks - Provides a way to create socks (4 or 5) client or server https://bugzilla.redhat.com/show_bug.cgi?id=1546648 -------------------------------------------------------------------------------- ================================================================================ perl-Locale-Maketext-Lexicon-1.00-14.el7 (FEDORA-EPEL-2018-3b856ae7a7) Extract translatable strings from source -------------------------------------------------------------------------------- Update Information: Remove NO_PACKLIST for EPEL -------------------------------------------------------------------------------- References: [ 1 ] Bug #1542721 - Please provide a package for EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1542721 -------------------------------------------------------------------------------- ================================================================================ perl-Text-Haml-0.990118-5.el7 (FEDORA-EPEL-2018-3d4ca5935a) Haml Perl implementation -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ php-phpseclib-2.0.10-1.el7 (FEDORA-EPEL-2018-65fe0f969c) PHP Secure Communications Library -------------------------------------------------------------------------------- Update Information: **Version 2.0.10** - 2018-02-08 - BigInteger: fix issue with bitwise_xor (#1245) - Crypt: some of the minimum lengths were off - SFTP: update stat cache accordingly when file becomes a directory (#1235) - SFTP: fix issue with extended attributes on 64-bit PHP installs (#1248) - SSH2: more channel handling updates (#1200) - X509: use anonymous functions in PHP >= 5.3.0 - X509: revise logic for validateLogic (#1213) - X509: fix 7.2 error when extensions were removed and new ones added (#1243) - fix float to int conversions on ARM CPU's (#1220) -------------------------------------------------------------------------------- ================================================================================ root-6.12.06-1.el7 (FEDORA-EPEL-2018-9cadc17977) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: Update to root 6.12.06. https://root.cern.ch/content/release-61206 -------------------------------------------------------------------------------- ================================================================================ rpkg-client-0.14-1.el7 (FEDORA-EPEL-2018-6c1b2e0f34) RPM packaging utitility -------------------------------------------------------------------------------- Update Information: - fix error when redownloading sources - do not invoke parent's module_name in load_ns_module_name - fix python builddeps naming -------------------------------------------------------------------------------- ================================================================================ strongswan-5.6.1-2.el7 (FEDORA-EPEL-2018-2eeab01942) An OpenSource IPsec-based VPN and TNC solution -------------------------------------------------------------------------------- Update Information: Updated to 5.6.1 (major upgrade) -------------------------------------------------------------------------------- ================================================================================ zerofree-1.1.1-1.el7 (FEDORA-EPEL-2018-7f6f68003e) Utility to force unused ext2/3/4 inodes and blocks to zero -------------------------------------------------------------------------------- Update Information: zerofree 1.1.1 ============== * 2017-02-22: Lift call to ext2fs_free_blocks_count out of loop. Suggested by Thanassis Tsiodras. zerofree 1.1.0 ============== * 2016-02-18: Add support for 64-bit block numbers. * 2015-10-18: Use memcmp. Suggested by Damien Clark. -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
