The following Fedora EPEL 7 Security updates need testing: Age URL 275 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 83 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2 tor-0.3.5.8-1.el7 51 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294 cinnamon-3.6.7-5.el7 43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd afflib-3.7.18-2.el7 17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-04c7455f6a singularity-3.1.1-1.1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-0d44655ca3 mediaconch-18.03.2-7.el7 libmediainfo-19.04-1.el7 mediainfo-19.04-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing dist-git-1.11-1.el7 drupal7-7.67-1.el7 libuv-1.29.0-1.el7 munin-2.0.49-1.el7 php-theseer-autoload-1.25.6-1.el7 rust-1.34.2-1.el7 Details about builds: ================================================================================ dist-git-1.11-1.el7 (FEDORA-EPEL-2019-48c9e4991f) Package source version control system -------------------------------------------------------------------------------- Update Information: - remove python3-configparser require - move scripts to bindir ---- - python3 support - fix for empty webhook dir -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 30 2019 clime <clime@xxxxxxxxxx> 1.11-1 - remove python3-configparser require - move scripts to bindir * Mon Mar 11 2019 clime <clime@xxxxxxxxxx> 1.10-1 - python3 support - fix post-receive hook in case post.receive.d is empty -------------------------------------------------------------------------------- ================================================================================ drupal7-7.67-1.el7 (FEDORA-EPEL-2019-1605b73a09) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: - https://www.drupal.org/project/drupal/releases/7.67 - [SA- CORE-2019-007](https://www.drupal.org/SA-CORE-2019-007) ([CVE-2019-11831](https://nvd.nist.gov/vuln/detail/CVE-2019-11831)) -------------------------------------------------------------------------------- ChangeLog: * Wed May 15 2019 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 7.67-1 - Update to 7.67 (RHBZ #1707958, #1708649, #1708652, #1708653) - https://www.drupal.org/SA-CORE-2019-007 (CVE-2019-11831) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1707958 - drupal7-7.67 is available https://bugzilla.redhat.com/show_bug.cgi?id=1707958 -------------------------------------------------------------------------------- ================================================================================ libuv-1.29.0-1.el7 (FEDORA-EPEL-2019-69f42e0b0d) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: Update to libuv 1.29.0 ---- Fix regression causing segmentation faults -------------------------------------------------------------------------------- ChangeLog: * Wed May 15 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.29.0-1 - Update to 1.29.0 - Drop upstreamed patch * Fri May 3 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.28.0-2 - Fix regression in uv_fs_poll_stop() (BZ 1703935) * Tue Apr 23 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.28.0-1 - Update to libuv 1.28.0 - https://github.com/libuv/libuv/blob/v1.28.0/ChangeLog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1700033 - libuv-1.29.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1700033 [ 2 ] Bug #1703935 - assertion failure since 1.27.0 https://bugzilla.redhat.com/show_bug.cgi?id=1703935 -------------------------------------------------------------------------------- ================================================================================ munin-2.0.49-1.el7 (FEDORA-EPEL-2019-4067ba7c92) Network-wide resource monitoring tool -------------------------------------------------------------------------------- Update Information: Upstream update for 2.0.49. Includes bugfixes for example for graph zoom urls and TLS config. -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2019 Kim B. Heino <b@xxxxxxxx> - 2.0.49-1 - Upgrade to 2.0.49 * Mon Mar 18 2019 Kim B. Heino <b@xxxxxxxx> - 2.0.45-2 - Drop munin-plugins-java subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1710596 - TLS config is not configurable per-node https://bugzilla.redhat.com/show_bug.cgi?id=1710596 -------------------------------------------------------------------------------- ================================================================================ php-theseer-autoload-1.25.6-1.el7 (FEDORA-EPEL-2019-e582af8a76) A tool and library to generate autoload code -------------------------------------------------------------------------------- Update Information: **Release 1.25.6** * Fix: Add `lib-` prefixed dependencies in composer.json to ignore list -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2019 Remi Collet <remi@xxxxxxxxxxxx> - 1.25.6-1 - update to 1.25.6 -------------------------------------------------------------------------------- ================================================================================ rust-1.34.2-1.el7 (FEDORA-EPEL-2019-d96aef0d8f) The Rust Programming Language -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2019-12083 -------------------------------------------------------------------------------- ChangeLog: * Tue May 14 2019 Josh Stone <jistone@xxxxxxxxxx> - 1.34.2-1 - Update to 1.34.2 -- fixes CVE-2019-12083. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1709709 - CVE-2019-12083 rust: overriden stabilized method `Error::type_id` can violate Rust's safety guarantees leading to out-of-bounds write or read https://bugzilla.redhat.com/show_bug.cgi?id=1709709 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx