The following Fedora EPEL 7 Security updates need testing: Age URL 25 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2c81054303 remctl-3.14-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-cae67a6aed knot-resolver-2.3.0-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e4a3d0e9ef drupal7-7.59-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-996cb2153b quassel-0.12.5-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5ae7f0e7c7 python-pygit2-0.26.4-1.el7 libgit2-0.26.3-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing auter-0.11-5.el7 boinc-client-7.10.2-1.el7 certbot-0.24.0-1.el7 freshmaker-0.1.0-1.el7 python-acme-0.24.0-1.el7 python-certbot-apache-0.24.0-2.el7 python-certbot-dns-cloudflare-0.24.0-1.el7 python-certbot-dns-cloudxns-0.24.0-1.el7 python-certbot-dns-digitalocean-0.24.0-1.el7 python-certbot-dns-dnsimple-0.24.0-1.el7 python-certbot-dns-dnsmadeeasy-0.24.0-1.el7 python-certbot-dns-google-0.24.0-1.el7 python-certbot-dns-luadns-0.24.0-1.el7 python-certbot-dns-nsone-0.24.0-1.el7 python-certbot-dns-rfc2136-0.24.0-1.el7 python-certbot-dns-route53-0.24.0-1.el7 python-certbot-nginx-0.24.0-1.el7 roundcubemail-1.1.12-2.el7 xrootd-4.8.3-1.el7 znc-1.7.0-1.el7 Details about builds: ================================================================================ auter-0.11-5.el7 (FEDORA-EPEL-2018-f291298b3e) Prepare and apply updates -------------------------------------------------------------------------------- Update Information: Hotfix for the AUTOREBOOT issue -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ boinc-client-7.10.2-1.el7 (FEDORA-EPEL-2018-6dea3098fa) The BOINC client -------------------------------------------------------------------------------- Update Information: New upstream version. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Laurence Field <laurence.field@xxxxxxx> - 7.10.2-1 - New BONC client version 7.10.2 * Wed Apr 25 2018 Laurence Field <laurence.field@xxxxxxx> - 7.10.1-1 - New BONC client version 7.10.1 * Fri Mar 9 2018 Laurence Field <laurence.field@xxxxxxx> - 7.9.3-1 - New BONC client version 7.9.3 * Fri Feb 23 2018 Germano Massullo <germano.massullo@xxxxxxxxx> - 7.9.2-3 - added macros to use mariadb-connector-c instead of mysql-* only for Fedora > 26 * Mon Feb 19 2018 Germano Massullo <germano.massullo@xxxxxxxxx> - 7.9.2-2 - Use mariadb-connector-c instead of mysql-libs or mariadb-libs. See bugreport #1494241 * Mon Feb 19 2018 Laurence Field <laurence.field@xxxxxxx> - 7.9.2-1 - New BONC client version 7.9.2 * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.8.4-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Fri Feb 2 2018 Germano Massullo <germano.massullo@xxxxxxxxx> - 7.8.4-4 - systemd unit file: changed from Type=forking to Type=simple and removed --daemon --start_delay 1 from ExecStart * Mon Jan 15 2018 Germano Massullo <germano.massullo@xxxxxxxxx> - 7.8.4-3 - Removed obsolete %defattr(-,root,root) * Sun Jan 7 2018 Igor Gnatenko <ignatenkobrain@xxxxxxxxxxxxxxxxx> - 7.8.4-2 - Remove obsolete scriptlets -------------------------------------------------------------------------------- ================================================================================ certbot-0.24.0-1.el7 (FEDORA-EPEL-2018-035c58a78e) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574140) - Remove unnecessary patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574140 - certbot-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574140 -------------------------------------------------------------------------------- ================================================================================ freshmaker-0.1.0-1.el7 (FEDORA-EPEL-2018-f412f44514) Freshmaker is a service scheduling rebuilds of artifacts as new content becomes available. -------------------------------------------------------------------------------- Update Information: update to new version 0.1.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Jan Kaluza <jkaluza@xxxxxxxxxx> - 0.1.0-1 - new version 0.1.0 -------------------------------------------------------------------------------- ================================================================================ python-acme-0.24.0-1.el7 (FEDORA-EPEL-2018-a2a9241c02) Python library for the ACME protocol -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574138) - Remove unnecessary build dependencies and patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574138 - python-acme-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574138 -------------------------------------------------------------------------------- ================================================================================ python-certbot-apache-0.24.0-2.el7 (FEDORA-EPEL-2018-d8245c3e72) The apache plugin for certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-2 - Remove unnecessary patch * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574151) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574151 - python-certbot-apache-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574151 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-cloudflare-0.24.0-1.el7 (FEDORA-EPEL-2018-fed5fc6e86) Cloudflare DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574139) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574139 - python-certbot-dns-cloudflare-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574139 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-cloudxns-0.24.0-1.el7 (FEDORA-EPEL-2018-266946fa47) CloudXNS DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574142) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574142 - python-certbot-dns-cloudxns-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574142 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-digitalocean-0.24.0-1.el7 (FEDORA-EPEL-2018-4ba2368492) DigitalOcean DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574141) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574141 - python-certbot-dns-digitalocean-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574141 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-dnsimple-0.24.0-1.el7 (FEDORA-EPEL-2018-384a4c08a0) DNSimple DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574145) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574145 - python-certbot-dns-dnsimple-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574145 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-dnsmadeeasy-0.24.0-1.el7 (FEDORA-EPEL-2018-ce065518a9) DNS Made Easy DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574144) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574144 - python-certbot-dns-dnsmadeeasy-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574144 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-google-0.24.0-1.el7 (FEDORA-EPEL-2018-ec7720f479) Google Cloud DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574143) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574143 - python-certbot-dns-google-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574143 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-luadns-0.24.0-1.el7 (FEDORA-EPEL-2018-4be20800c3) LuaDNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574148) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574148 - python-certbot-dns-luadns-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574148 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-nsone-0.24.0-1.el7 (FEDORA-EPEL-2018-726d3ed745) NS1 DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574147) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574147 - python-certbot-dns-nsone-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574147 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-rfc2136-0.24.0-1.el7 (FEDORA-EPEL-2018-abfc3e464a) RFC 2136 DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574146) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574146 - python-certbot-dns-rfc2136-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574146 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-route53-0.24.0-1.el7 (FEDORA-EPEL-2018-20c35824fc) Route53 DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574149) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574149 - python-certbot-dns-route53-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574149 -------------------------------------------------------------------------------- ================================================================================ python-certbot-nginx-0.24.0-1.el7 (FEDORA-EPEL-2018-e75bb9df21) The nginx plugin for certbot -------------------------------------------------------------------------------- Update Information: Update to 0.24.0. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Eli Young <elyscape@xxxxxxxxx> - 0.24.0-1 - Update to 0.24.0 (#1574150) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574150 - python-certbot-nginx-0.24.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574150 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-1.1.12-2.el7 (FEDORA-EPEL-2018-ce811a54c9) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: **Version 1.1.12** This is a follow-up to the recent security update for the stable version 1.1. It fixes a regression that sneaked in with the IMAP command injection protection which unintentionally disabled actions that operate on all selected messages (e.g. mark all as junk). We recommend to update all productive installations of Roundcube 1.1.11. Please do backup your data before updating! CHANGELOG * Fix regression where IMAP commands with '*' uidset argument wasn't working ---- **Version 1.1.11** This is a security update to the stable version 1.1. It fixes a recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under CVE-2018-9846. The second fix is about a missed remote content blocking on HTML messages with specially crafted image and style tags. We strongly recommend to update all productive installations of Roundcube 1.1.x. Please do backup your data before updating! CHANGELOG * Don't ignore (global) userlogins/sendmail logs in per_user_logging mode * Fix security issue in remote content blocking on HTML image and style tags (#6178) * Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238) * Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229) -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Remi Collet <remi@xxxxxxxxxxxx> - 1.1.12.2 - rename README.rpm -> README-rpm.txt, fix #1449517 * Wed May 2 2018 Remi Collet <remi@xxxxxxxxxxxx> - 1.1.12.1 - update to 1.1.12 * Thu Apr 19 2018 Remi Collet <remi@xxxxxxxxxxxx> - 1.1.11.1 - update to 1.1.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1566744 - CVE-2018-9846 roundcubemail: MX injection in archive.php [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1566744 [ 2 ] Bug #1449517 - README.rpm is bad name for readme file https://bugzilla.redhat.com/show_bug.cgi?id=1449517 -------------------------------------------------------------------------------- ================================================================================ xrootd-4.8.3-1.el7 (FEDORA-EPEL-2018-484cbdbb17) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: ## Release Notes ### Version 4.8.3 #### Major bug fixes * **[XrdCl]** Release SIDs on PostMaster::Send() failure. -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:4.8.3-1 - Update to version 4.8.3 - Drop patch xrootd-fix-compiling-errors.patch (accepted upstream) -------------------------------------------------------------------------------- ================================================================================ znc-1.7.0-1.el7 (FEDORA-EPEL-2018-954bacc71d) An advanced IRC bouncer -------------------------------------------------------------------------------- Update Information: Update to 1.7.0 -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Nick Bebout <nb@xxxxxxx> - 1.7.0-1 - Update to 1.7.0 * Mon Apr 30 2018 Pete Walter <pwalter@xxxxxxxxxxxxxxxxx> - 1.6.6-2 - Rebuild for ICU 61.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574119 - znc-1.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574119 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
