The following Fedora EPEL 7 Security updates need testing: Age URL 256 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 63 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2 tor-0.3.5.8-1.el7 57 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9c2c40e3df guacamole-server-1.0.0-1.el7 37 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-317c9a2f81 drupal7-7.65-1.el7 31 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294 cinnamon-3.6.7-5.el7 29 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f1efad2982 aria2-1.34.0-4.el7 24 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd afflib-3.7.18-2.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6ea040e59b hostapd-2.7-1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ae064347d8 python3-jinja2-2.8.1-2.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-7fc4459823 libmediainfo-18.12-3.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f05ef50515 php-horde-horde-5.2.21-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-add436bec5 php-horde-turba-4.2.24-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing espresso-4.0.2-1.el7 mozilla-https-everywhere-2019.1.31-2.el7 perl-Net-BGP-0.16-2.el7 php-extras-5.4.16-9.el7 php-zstd-0.7.3-1.el7 python36-3.6.8-1.el7 yubikey-manager-2.1.0-3.el7 Details about builds: ================================================================================ espresso-4.0.2-1.el7 (FEDORA-EPEL-2019-dd1687d8f1) Extensible Simulation Package for Research on Soft matter -------------------------------------------------------------------------------- Update Information: Version bump to 4.0.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 24 2019 Christoph Junghans <junghans@xxxxxxxxx> - 4.0.2-1 - Version bump to 4.0.2 -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-2019.1.31-2.el7 (FEDORA-EPEL-2019-b4a184cef0) HTTPS enforcement extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: - Change "Block all unencrypted requests" language to "Encrypt all sites eligible" - EASE mode patches for interstitial page and reload to trigger for EASE mode - ES Lint clean up - Disable test for Chrome (will work in patch while disabled) (included because chrome and firefox versions use a single codebase) - Deprecate I.P.s in rulesets (Special case for DNS I.P.s) - Amend check_rules.py fetch test to disable rules only if all rules are problematic, and comment rules out if other rules are functional in the set - HSTS Prune and updates - Bundled ruleset updates -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 26 2019 Russell Golden <niveusluna@xxxxxxxxxxxxxxxxx> - 2019.1.31-1 - Change "Block all unencrypted requests" language to "Encrypt all sites eligible" - EASE mode patches for interstitial page and reload to trigger for EASE mode - ES Lint clean up - Disable test for Chrome (will work in patch while disabled) -- (packager note: Included because both versions use the same codebase) - Deprecate I.P.s in rulesets (Special case for DNS I.P.s) - Amend check_rules.py fetch test to disable rules only if all rules are problematic, -- and comment rules out if other rules are functional in the set - HSTS Prune and updates - Bundled ruleset updates * Fri Feb 1 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2018.10.31-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-Net-BGP-0.16-2.el7 (FEDORA-EPEL-2019-fa66ed2fed) Perl module for object-oriented API to the BGP protocol -------------------------------------------------------------------------------- Update Information: An implementation of the BGP-4 inter-domain routing protocol as Perl module. It encapsulates all of the functionality needed to establish and maintain a BGP peering session and exchange routing update information with the peer. It aims to provide a simple API to the BGP protocol for the purposes of automation, logging, monitoring, testing, and similar tasks using the power and flexibility of Perl. The module does not implement the functionality of a RIB (Routing Information Base) nor does it modify the kernel routing table of the host system. However, such operations could be implemented using the API provided by the module. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1701810 - Review Request: perl-Net-BGP - Perl module for object-oriented API to the BGP protocol https://bugzilla.redhat.com/show_bug.cgi?id=1701810 -------------------------------------------------------------------------------- ================================================================================ php-extras-5.4.16-9.el7 (FEDORA-EPEL-2019-6314c37d5a) Additional PHP modules from the standard PHP distribution -------------------------------------------------------------------------------- Update Information: * fix arm build and FTBFS -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 16 2019 Pablo Greco <pablo@xxxxxxxxxxxxxxxx> - 5.4.16-9 - Use compat-libtidy-devel instead of libtidy * Wed Mar 8 2017 Remi Collet <rcollet@xxxxxxxxxx> - 5.4.16-8 - drop 1 failed test on arm -------------------------------------------------------------------------------- ================================================================================ php-zstd-0.7.3-1.el7 (FEDORA-EPEL-2019-81681ad69c) Zstd extension for PHP -------------------------------------------------------------------------------- Update Information: This extension allows Zstd compression. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1702726 - Review Request: php-zstd - Zstd Extension for PHP https://bugzilla.redhat.com/show_bug.cgi?id=1702726 -------------------------------------------------------------------------------- ================================================================================ python36-3.6.8-1.el7 (FEDORA-EPEL-2019-d28d3135da) Interpreter of the Python programming language -------------------------------------------------------------------------------- Update Information: - Latest upstream (rhbz#1688547, rhbz#1696472) - Fix for CVE-2019-5010 (rhbz#1666519, rhbz#1666523) -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 19 2019 Carl George <carl@george.computer> - 3.6.8-1 - Latest upstream (rhbz#1688547, rhbz#1696472) - Fix for CVE-2019-5010 (rhbz#1666519, rhbz#1666523) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1696472 - Update to Python 3.6.8 https://bugzilla.redhat.com/show_bug.cgi?id=1696472 [ 2 ] Bug #1688547 - CVE-2019-9636 python36: python: Information Disclosure due to urlsplit improper NFKC normalization [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1688547 [ 3 ] Bug #1666523 - CVE-2019-5010 python36: python: NULL pointer dereference using a specially crafted X509 certificate [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1666523 [ 4 ] Bug #1664517 - CVE-2018-20406 python36: python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1664517 [ 5 ] Bug #1632093 - CVE-2018-14647 python36: python: Missing salt initialization in _elementtree.c module [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1632093 -------------------------------------------------------------------------------- ================================================================================ yubikey-manager-2.1.0-3.el7 (FEDORA-EPEL-2019-a14b025d8e) Python library and command line tool for configuring a YubiKey -------------------------------------------------------------------------------- Update Information: - Add requires on setuptools - Change requires from u2f-host to u2f-hidraw- policy ---- Command line tool for configuring a YubiKey. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1540774 - Update to 0.5.0, support EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1540774 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
