Fedora EPEL 7 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 336  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   condor-8.6.11-1.el7
 111  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294   cinnamon-3.6.7-5.el7
  77  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80   python-gnupg-0.4.4-1.el7
  75  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b   bubblewrap-0.3.3-2.el7
  47  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-fc63c75ab1   hostapd-2.8-1.el7
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6459239aba   radare2-3.6.0-1.el7
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897   dosbox-0.74.3-2.el7
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8ec09fab8d   freetds-1.1.11-1.el7
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-670ca3c5f3   pyxdg-0.25-8.el7
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-487a6fb279   knot-2.8.2-1.el7 knot-resolver-4.1.0-1.el7
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aabd063c30   squirrelmail-1.4.23-1.el7.20190710


The following builds have been pushed to Fedora EPEL 7 updates-testing

    SDL2_image-2.0.5-1.el7
    argbash-2.8.1-3.el7
    chromium-75.0.3770.100-3.el7
    libprelude-5.0.0-1.el7
    python-colcon-test-result-0.3.4-1.el7
    python-ns1-python-0.10.0-1.el7

Details about builds:


================================================================================
 SDL2_image-2.0.5-1.el7 (FEDORA-EPEL-2019-9e89c9323f)
 Image loading library for SDL
--------------------------------------------------------------------------------
Update Information:

Update to 2.0.5
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 16 2019 Pete Walter <pwalter@xxxxxxxxxxxxxxxxx> - 2.0.5-1
- Update to 2.0.5
* Thu Jan 31 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1726375 - SDL2_image-2.0.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1726375
--------------------------------------------------------------------------------


================================================================================
 argbash-2.8.1-3.el7 (FEDORA-EPEL-2019-9cd0fc07df)
 Bash argument parsing code generator
--------------------------------------------------------------------------------
Update Information:

Fixes a serious packaging bug introduced in the previous stable update that
causes the package to be uninstalled.  ----  Update to argbash 2.8.1
https://github.com/matejak/argbash/releases/tag/2.8.1
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 16 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 2.8.1-3
- Fix bash completion directory
* Mon Jul  1 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 2.8.1-2
- Fix python package version to work with EPEL 7
* Mon Jul  1 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 2.8.1-1
- Update to 2.8.1
- https://github.com/matejak/argbash/releases/tag/2.8.1
* Thu Feb 28 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 2.8.0-3
- Put the bash completion script in the system path instead of /etc
* Mon Feb  4 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 2.8.0-1
- Update to 2.8.0
- New features:
  * Allow argbash and argbash-init to be run from symbolic links.
  * Allow scripts generated by argbash-init with complete separation (-s -s) to
    be run from a symbolic link.
  * Implemented output to generate manpages using the rst2man utility
  * Introduced the ARG_VERSION_AUTO macro.
- Bugfixes:
  * Double quotes in help messages are escaped (fixes #61).
  * Fixed regression that allowed duplicate short options (fixes #58).
* Thu Jan 31 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1725494 - argbash-2.8.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1725494
--------------------------------------------------------------------------------


================================================================================
 chromium-75.0.3770.100-3.el7 (FEDORA-EPEL-2019-931a6c5c69)
 A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:

Fix itinerant crashes.  ----   Update to Chromium 75.0.3770.100. The usual pile
of bugs and CVE fixes. vaapi support disabled, just too broken. :(  Fixes
CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828
CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833
CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838
CVE-2019-5839 CVE-2019-5840 CVE-2019-5842
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  2 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 75.0.3770.100-3
- apply upstream fix to resolve issue where it is dangerous to post a
  task with a RenderProcessHost pointer because the RenderProcessHost
  can go away before the task is run (causing a segfault).
* Tue Jun 25 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 75.0.3770.100-2
- fix v8 compile with gcc
* Thu Jun 20 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 75.0.3770.100-1
- update to 75.0.3770.100
* Fri Jun 14 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 75.0.3770.90-1
- update to 75.0.3770.90
* Wed Jun  5 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 75.0.3770.80-1
- update to 75.0.3770.80
- disable vaapi (via conditional), too broken
* Fri May 31 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 74.0.3729.169-1
- update to 74.0.3729.169
* Thu Apr 11 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 73.0.3683.103-1
- update to 73.0.3683.103
- add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1718269 - CVE-2019-5840 chromium-browser: Popup blocker bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1718269
  [ 2 ] Bug #1718268 - CVE-2019-5839 chromium-browser: Incorrect handling of certain code points in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1718268
  [ 3 ] Bug #1718267 - CVE-2019-5838 chromium-browser: Overly permissive tab access in Extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1718267
  [ 4 ] Bug #1718266 - CVE-2019-5837 chromium-browser: Cross-origin resources size disclosure in Appcache
        https://bugzilla.redhat.com/show_bug.cgi?id=1718266
  [ 5 ] Bug #1718264 - CVE-2019-5836 chromium-browser: Heap buffer overflow in Angle
        https://bugzilla.redhat.com/show_bug.cgi?id=1718264
  [ 6 ] Bug #1718263 - CVE-2019-5835 chromium-browser: Out of bounds read in Swiftshader
        https://bugzilla.redhat.com/show_bug.cgi?id=1718263
  [ 7 ] Bug #1718262 - CVE-2019-5834 chromium-browser: URL spoof in Omnibox on iOS
        https://bugzilla.redhat.com/show_bug.cgi?id=1718262
  [ 8 ] Bug #1718261 - CVE-2019-5833 chromium-browser: Inconsistent security UI placement
        https://bugzilla.redhat.com/show_bug.cgi?id=1718261
  [ 9 ] Bug #1718260 - CVE-2019-5832 chromium-browser: Incorrect CORS handling in XHR
        https://bugzilla.redhat.com/show_bug.cgi?id=1718260
  [ 10 ] Bug #1718259 - CVE-2019-5831 chromium-browser: Incorrect map processing in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1718259
  [ 11 ] Bug #1718258 - CVE-2019-5830 chromium-browser: Incorrectly credentialed requests in CORS
        https://bugzilla.redhat.com/show_bug.cgi?id=1718258
  [ 12 ] Bug #1718257 - CVE-2019-5829 chromium-browser: Use after free in Download Manager
        https://bugzilla.redhat.com/show_bug.cgi?id=1718257
  [ 13 ] Bug #1718256 - CVE-2019-5828 chromium-browser: Use after free in ServiceWorker
        https://bugzilla.redhat.com/show_bug.cgi?id=1718256
  [ 14 ] Bug #1707248 - CVE-2019-5826 chromium-browser: Use-after-free in IndexedDB
        https://bugzilla.redhat.com/show_bug.cgi?id=1707248
  [ 15 ] Bug #1707247 - CVE-2019-5825 chromium-browser: Out-of-bounds write in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1707247
  [ 16 ] Bug #1702913 - CVE-2019-5823 chromium-browser: Forced navigation from service worker
        https://bugzilla.redhat.com/show_bug.cgi?id=1702913
  [ 17 ] Bug #1702912 - CVE-2019-5822 chromium-browser: CORS bypass in download manager
        https://bugzilla.redhat.com/show_bug.cgi?id=1702912
  [ 18 ] Bug #1702911 - CVE-2019-5821 chromium-browser: Integer overflow in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1702911
  [ 19 ] Bug #1702910 - CVE-2019-5820 chromium-browser: Integer overflow in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1702910
  [ 20 ] Bug #1702909 - CVE-2019-5819 chromium-browser: Incorrect escaping in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1702909
  [ 21 ] Bug #1702908 - CVE-2019-5818 chromium-browser: Uninitialized value in media reader
        https://bugzilla.redhat.com/show_bug.cgi?id=1702908
  [ 22 ] Bug #1702907 - CVE-2019-5817 chromium-browser: Heap buffer overflow in Angle on Windows
        https://bugzilla.redhat.com/show_bug.cgi?id=1702907
  [ 23 ] Bug #1702906 - CVE-2019-5816 chromium-browser: Exploit persistence extension on Android
        https://bugzilla.redhat.com/show_bug.cgi?id=1702906
  [ 24 ] Bug #1702905 - CVE-2019-5815 chromium-browser: Heap buffer overflow in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1702905
  [ 25 ] Bug #1702904 - CVE-2019-5814 chromium-browser: CORS bypass in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1702904
  [ 26 ] Bug #1702903 - CVE-2019-5813 chromium-browser: Out of bounds read in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1702903
  [ 27 ] Bug #1702902 - CVE-2019-5812 chromium-browser: URL spoof in Omnibox on iOS
        https://bugzilla.redhat.com/show_bug.cgi?id=1702902
  [ 28 ] Bug #1702901 - CVE-2019-5811 chromium-browser: CORS bypass in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1702901
  [ 29 ] Bug #1702900 - CVE-2019-5810 chromium-browser: User information disclosure in Autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=1702900
  [ 30 ] Bug #1702899 - CVE-2019-5809 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1702899
  [ 31 ] Bug #1702898 - CVE-2019-5808 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1702898
  [ 32 ] Bug #1702897 - CVE-2019-5807 chromium-browser: Memory corruption in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1702897
  [ 33 ] Bug #1702896 - CVE-2019-5806 chromium-browser: Integer overflow in Angle
        https://bugzilla.redhat.com/show_bug.cgi?id=1702896
  [ 34 ] Bug #1702895 - CVE-2019-5805 chromium-browser: Use after free in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1702895
--------------------------------------------------------------------------------


================================================================================
 libprelude-5.0.0-1.el7 (FEDORA-EPEL-2019-1001dbbffc)
 Secure Connections between all Sensors and the Prelude Manager
--------------------------------------------------------------------------------
Update Information:

Bump version 5.0.0
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 14 2019 Thomas Andrejak <thomas.andrejak@xxxxxxxxx> - 5.0.0-1
- Bump version 5.0.0
--------------------------------------------------------------------------------


================================================================================
 python-colcon-test-result-0.3.4-1.el7 (FEDORA-EPEL-2019-50a8cbd604)
 Extension for colcon to provide information about the test results
--------------------------------------------------------------------------------
Update Information:

Update to 0.3.4
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 16 2019 Scott K Logan <logans@xxxxxxxxxxx> - 0.3.4-1
- Update to 0.3.4
--------------------------------------------------------------------------------


================================================================================
 python-ns1-python-0.10.0-1.el7 (FEDORA-EPEL-2019-cf050b260e)
 Python SDK for the NS1 DNS platform
--------------------------------------------------------------------------------
Update Information:

Update to 0.10.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 16 2019 Igor Gnatenko <ignatenkobrain@xxxxxxxxxxxxxxxxx> - 0.10.0-1
- Update to 0.10.0
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux