The following Fedora EPEL 7 Security updates need testing: Age URL 1083 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 846 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 428 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 325 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 157 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7 95 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7 44 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7 18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7134fc92a1 jhead-3.00-7.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-276ec6ee2b exim-4.90.1-2.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e50c94a832 seamonkey-2.49.2-2.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-525417d3d4 mbedtls-2.7.0-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-cee77fc9b3 knot-resolver-2.1.0-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b7a74678b1 openjpeg2-2.3.0-6.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-50566f0a39 uwsgi-2.0.16-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-0296296d7c mingw-wavpack-5.1.0-4.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9111777f91 freexl-1.0.5-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing copr-cli-1.67-1.el7 drupal7-7.57-1.el7 lxqt-config-0.11.1-9.el7 python-copr-1.86-1.el7 python-crypto-2.6.1-15.el7 python2-zope-interface-4.0.5-0.el7 tlp-1.1-1.el7 Details about builds: ================================================================================ copr-cli-1.67-1.el7 (FEDORA-EPEL-2018-e25b4fc6da) Command line interface for COPR -------------------------------------------------------------------------------- Update Information: - remove Group tag - Shebangs cleanup - fix deps in spec - allow running tests only for epel7 - tests also for python2 during builds - new custom source method - require to specify project when building module ---- - allow to set use_bootstrap_container via API ---- - add SCM api - add deprecation warnings for tito and mockscm methods ---- - fix unittests - run tests with python3 - pag#130 update requirements - pag#125 copr build copr pkgs [pkgs ...] builds only the first SRPM - pag#112 [RFE] copr-cli whoami - Bug 1431035 - coprs should check credentials before uploading source rpm - Spelling fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431035 - coprs should check credentials before uploading source rpm https://bugzilla.redhat.com/show_bug.cgi?id=1431035 -------------------------------------------------------------------------------- ================================================================================ drupal7-7.57-1.el7 (FEDORA-EPEL-2018-3e70a38ad4) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: This update fixes multiple security vulnerabilities. Read more details here: https://www.drupal.org/SA-CORE-2018-001 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548191 - drupal7: drupal: JavaScript cross-site scripting in checkPlain function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548191 [ 2 ] Bug #1548326 - drupal7: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548326 [ 3 ] Bug #1548202 - drupal7: drupal: External link injection on 404 pages when linking to the current page [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548202 [ 4 ] Bug #1548198 - drupal7: drupal: jQuery vulnerability with untrusted domains requests via Ajax [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548198 [ 5 ] Bug #1548194 - drupal7: drupal: Private file access bypass in Drupal private file system [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548194 [ 6 ] Bug #1548190 - drupal7: drupal: JavaScript cross-site scripting in checkPlain function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548190 [ 7 ] Bug #1547793 - drupal7-7.57 is available https://bugzilla.redhat.com/show_bug.cgi?id=1547793 -------------------------------------------------------------------------------- ================================================================================ lxqt-config-0.11.1-9.el7 (FEDORA-EPEL-2018-ee985ab75d) Config tools for LXQt desktop suite -------------------------------------------------------------------------------- Update Information: Enabled aarch64 on EPEL 7. -------------------------------------------------------------------------------- ================================================================================ python-copr-1.86-1.el7 (FEDORA-EPEL-2018-72e5f79860) Python interface for Copr -------------------------------------------------------------------------------- Update Information: - remove Group tag - build python2-copr package conditionally - Remove unnecessary shebang sed in copr-cli.spec and python-copr.spec - fix deps in spec - new custom source method - use username from config if nothing is explicitly specified - remove outdated modularity code - require to specify project when building module -------------------------------------------------------------------------------- ================================================================================ python-crypto-2.6.1-15.el7 (FEDORA-EPEL-2018-a3ae6e7571) Cryptography library for Python -------------------------------------------------------------------------------- Update Information: The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes a fix for this problem backported from pycryptodome. This is CVE-2018-6594. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1542313 - CVE-2018-6594 python-crypto: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext https://bugzilla.redhat.com/show_bug.cgi?id=1542313 -------------------------------------------------------------------------------- ================================================================================ python2-zope-interface-4.0.5-0.el7 (FEDORA-EPEL-2018-a3e7bd9aee) Dummy package depending on python-zope-interface -------------------------------------------------------------------------------- Update Information: This package exists only to allow packagers to uniformly depend upon python2 -zope-interface. -------------------------------------------------------------------------------- ================================================================================ tlp-1.1-1.el7 (FEDORA-EPEL-2018-012aa3f97e) Advanced power management tool for Linux -------------------------------------------------------------------------------- Update Information: Update to 1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1538383 - tlp-1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1538383 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
