Fedora EPEL 7 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 1102  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087   dokuwiki-0-0.24.20140929c.el7
 864  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f   mcollective-2.8.4-1.el7
 447  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d   libbsd-0.8.3-1.el7
 344  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe   mod_cluster-1.3.3-10.el7
 176  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23   libmspack-0.6-0.1.alpha.el7
 113  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece   nagios-4.3.4-5.el7
  63  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65   rootsh-1.5.3-17.el7
  18  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3e70a38ad4   drupal7-7.57-1.el7
  11  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-815e0064e9   tor-0.2.9.15-1.el7
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f7a629b46f   python-django16-1.6.11.7-1.el7
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-635348eab4   php-simplesamlphp-saml2_1-1.10.6-1.el7
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7150fa5dce   php-simplesamlphp-saml2-2.3.8-1.el7
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-673b3314a1   exim-4.90.1-3.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    dictd-1.12.1-20.el7
    jwhois-4.0-46.el7
    libmodulemd-1.1.0-1.el7
    monitorix-3.10.1-1.el7

Details about builds:


================================================================================
 dictd-1.12.1-20.el7 (FEDORA-EPEL-2018-f4620ae6d6)
 DICT protocol (RFC 2229) server and command-line client
--------------------------------------------------------------------------------
Update Information:

Fix packaging for EL-6 (don't confuse systemd service with the old initd
script).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1444555 - dictd-server includes a wrong kind of initscript
        https://bugzilla.redhat.com/show_bug.cgi?id=1444555
--------------------------------------------------------------------------------


================================================================================
 jwhois-4.0-46.el7 (FEDORA-EPEL-2018-4408a2a797)
 Internet whois/nicname client
--------------------------------------------------------------------------------
Update Information:

Add options to to force querying on ipv4 or ipv6 (patch by John Fawcett)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1551215 - Enhancement to foce querying on ipv4 or ipv6
        https://bugzilla.redhat.com/show_bug.cgi?id=1551215
--------------------------------------------------------------------------------


================================================================================
 libmodulemd-1.1.0-1.el7 (FEDORA-EPEL-2018-32f78e466c)
 Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:

* Adds support for handling modulemd-defaults YAML documents * Adds peek()/dup()
routines to all object properties * Adds Modulemd.Module.dup_nsvc() to retrieve
the canonical form of the unique module identifier. * Adds support for boolean
types in the XMD section
--------------------------------------------------------------------------------


================================================================================
 monitorix-3.10.1-1.el7 (FEDORA-EPEL-2018-3f41541339)
 A free, open source, lightweight system monitoring tool
--------------------------------------------------------------------------------
Update Information:

Prior Monitorix versions are vulnerable to cross-site scripting (XSS), caused by
improper validation of user-supplied input by the monitorix.cgi file. A remote
attacker could exploit this vulnerability using some of the arguments provided
(graph= or when=) in a specially-crafted URL to execute script in a victim's Web
browser within the security context of the hosting Web site, once the URL is
clicked. An attacker could use this vulnerability to steal the victim's cookie-
based authentication credentials.  I would like to thank Sebastian Gilon from
TestArmy for reporting that issue.  The rest of bugs fixed are, as always,
reflected in the Changes file.  All users still using older versions are advised
and encouraged to upgrade to this version, which resolves this security issue.
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux