Fedora EPEL 7 updates-testing report

updates@xxxxxxxxxxxxxxxxx · Mon, 22 Apr 2019 15:33:32 +0000 (UTC)

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 250  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   condor-8.6.11-1.el7
  58  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2   tor-0.3.5.8-1.el7
  52  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9c2c40e3df   guacamole-server-1.0.0-1.el7
  31  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-317c9a2f81   drupal7-7.65-1.el7
  26  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294   cinnamon-3.6.7-5.el7
  24  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f1efad2982   aria2-1.34.0-4.el7
  18  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd   afflib-3.7.18-2.el7
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-77190f3ef7   python34-3.4.10-1.el7
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8395a0247   transmission-2.94-6.el7
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6ea040e59b   hostapd-2.7-1.el7
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ae064347d8   python3-jinja2-2.8.1-2.el7

The following builds have been pushed to Fedora EPEL 7 updates-testing

    hub-2.11.2-1.el7
    libmediainfo-18.12-3.el7
    pam_radius-1.4.0-4.el7

Details about builds:

================================================================================
 hub-2.11.2-1.el7 (FEDORA-EPEL-2019-be1883503f)
 A command-line wrapper for git with github shortcuts
--------------------------------------------------------------------------------
Update Information:

Update to hub 2.11.1  * Fix writing over existing cache files in hub api * Allow
repository names that start with a - character * List api among custom hub
commands in help * Fix compatibility with git when run with no arguments: hub
--git-dir=.git * Fix issue/PR --format %L output in no-color mode * Create draft
pull requests with hub pull-request --draft * Fix non-draft pull requests for
certain repositories
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 22 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 2.11.2-1
- Update to 2.11.2
- Avoid crash in hub remote argument parsing
- Fix `hub -C mydir merge <URL>` by propagating global git arguments to
  Before/After chains
- Preserve tilde ~ character in man pages
* Fri Mar 29 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 2.11.1-1
- Update to 2.11.1
- Fix compatibility with git when run with no arguments: hub --git-dir=.git
- Fix issue/PR --format %L output in no-color mode
- Create draft pull requests with hub pull-request --draft
- Fix non-draft pull requests for certain repositories
* Thu Mar 28 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 2.10.1-1
- Update to 2.10.1
- Fix writing over existing cache files in hub api
- Allow repository names that start with a - character
- List api among custom hub commands in help
--------------------------------------------------------------------------------

================================================================================
 libmediainfo-18.12-3.el7 (FEDORA-EPEL-2019-7fc4459823)
 Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:

Fix CVE-2019-11372
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 22 2019 Vasiliy N. Glazov <vascom2@xxxxxxxxx> - 18.12-3
- Fix CVE-2019-11372
* Fri Feb  1 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 18.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1701849 - CVE-2019-11372 CVE-2019-11373 libmediainfo: various flaws [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1701849
  [ 2 ] Bug #1701847 - CVE-2019-11372 CVE-2019-11373 libmediainfo: various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1701847
--------------------------------------------------------------------------------

================================================================================
 pam_radius-1.4.0-4.el7 (FEDORA-EPEL-2019-489d75ec9c)
 PAM Module for RADIUS Authentication
--------------------------------------------------------------------------------
Update Information:

Fix garbage password contents in add_password  `add_password` does length
rounding prior to coyping the contents of the password buffer. This causes two
problems:      1. The hashed contents include trailing memory past the length of
the password.  2. The hashed contents will no longer be NULL-terminated.
Apply the following two upstream commits to fix:      1.
`6bae92df885602b2558333bdb6d2db67d1365683` 2.
`ac2c16774be593ebaa769b09c95722d08216cb95`
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 22 2019 Alexander Scheel <ascheel@xxxxxxxxxx> - 1.4.0-4
- Fix NULL-termination of password buffer, garbage contents prior to hashing
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx