The following Fedora EPEL 7 Security updates need testing: Age URL 357 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 132 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294 cinnamon-3.6.7-5.el7 98 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 96 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 68 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-fc63c75ab1 hostapd-2.8-1.el7 33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897 dosbox-0.74.3-2.el7 25 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-487a6fb279 knot-2.8.2-1.el7 knot-resolver-4.1.0-1.el7 25 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aabd063c30 squirrelmail-1.4.23-1.el7.20190710 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ef655ec55e proftpd-1.3.5e-5.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-44d26d23ea upx-3.95-4.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b6948289f0 pdns-4.1.11-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ad7b11b384 igraph-0.7.1-12.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-643d621522 jhead-3.03-4.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing bird-1.6.7-1.el7 boinc-client-7.16.1-2.el7 git-secret-0.2.6-2.el7 perl-Net-BGP-0.17-1.el7 purple-discord-0-25.20190805git250a8a0.el7 purple-hangouts-0-65.20190607hg3f7d89b.el7 python-django-1.11.23-1.el7 python-plumbum-1.6.7-2.el7 qdigidoc-4.2.2-4.el7 Details about builds: ================================================================================ bird-1.6.7-1.el7 (FEDORA-EPEL-2019-9657484745) BIRD Internet Routing Daemon -------------------------------------------------------------------------------- Update Information: BIRD 1.6.7 (2019-08-01) ======================= * BFD: Support for VRFs * Several bugfixes -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 5 2019 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 1.6.7-1 - Upgrade to 1.6.7 -------------------------------------------------------------------------------- ================================================================================ boinc-client-7.16.1-2.el7 (FEDORA-EPEL-2019-f641534c73) The BOINC client -------------------------------------------------------------------------------- Update Information: 7.16.1 release ---- 7.16.1 release -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 6 2019 Germano Massullo <germano.massullo@xxxxxxx> - replaced %setup -q -n boinc-%{gittag_custom} with %autosetup -n boinc-%{gittag_custom} * Tue Aug 6 2019 Germano Massullo <germano.massullo@xxxxxxx> - 7.16.1-1 - 7.16.1 release - Removed scheduler.patch tray_icon_removal.patch window_close.patch because they have been merged into 7.16.1 * Wed Jul 24 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.14.2-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ git-secret-0.2.6-2.el7 (FEDORA-EPEL-2019-5578d0c2fa) A bash-tool to store your private data inside a git repository -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-Net-BGP-0.17-1.el7 (FEDORA-EPEL-2019-f267faa772) Perl module for object-oriented API to the BGP protocol -------------------------------------------------------------------------------- Update Information: Net::BGP 0.17 ============= - Fixed bug where the wrong aggregator variable was being tested. - Added an "OpaqueData" parameter and equivalent accessor sub `opaque_data()` to allow for the storage of arbitrary data with the peer. The main purpose of this is to allow the user to store extra data (a scalar or ref) with the peer that is then readable by the call back routines. I realise there are other ways to do this, but this seems much cleaner. - Fixes the situation where a socket is still in the list of sockets to be selected on, yet it has been closed. I believe this is caused when we create a new connection to a peer at the same time as we receive one. When we find ourselves with a bad FD, we re-check the list of sockets to select on. - It is possible to receive a notification message (error) in response to an OPEN message (e.g. an unrecognised ASN). We were getting a Finite State Machine error, now we call the notification callback. - `_kill_session()` will call `_close_session()` even if the socket is not open. This will finally terminate the session properly (stops some weird loops). - Added extra members of the notification state engine. Now calls `_kill_session()` rather than `_cease()` when the peer socket is closed. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 6 2019 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.17-1 - Upgrade to 0.17 (#1737397) * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri May 31 2019 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.16-3 - Perl 5.30 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1737397 - Upgrade perl-Net-BGP to 0.17 https://bugzilla.redhat.com/show_bug.cgi?id=1737397 -------------------------------------------------------------------------------- ================================================================================ purple-discord-0-25.20190805git250a8a0.el7 (FEDORA-EPEL-2019-1920abccdb) Discord plugin for libpurple -------------------------------------------------------------------------------- Update Information: Updated some purple plugins to latest snapshots. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 6 2019 Vitaly Zaitsev <vitaly@xxxxxxxxxxxxxx> - 0-25.20190805git250a8a0 - Updated to latest snapshot. * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0-24.20190505git8623ec7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ purple-hangouts-0-65.20190607hg3f7d89b.el7 (FEDORA-EPEL-2019-1920abccdb) Hangouts plugin for libpurple -------------------------------------------------------------------------------- Update Information: Updated some purple plugins to latest snapshots. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 6 2019 Vitaly Zaitsev <vitaly@xxxxxxxxxxxxxx> - 1:0-65.20190607hg3f7d89b - Updated to latest snapshot. * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:0-64.20190303hgeffc9b4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-django-1.11.23-1.el7 (FEDORA-EPEL-2019-4e6da66b9f) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: Fix CVE-2019-14232 (rhbz#1735768) -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 6 2019 Matthias Runge <mrunge@xxxxxxxxxx> - 1.11.23-1 - Fix CVE-2019-14232 (rhbz#1735768) - Fix CVE-2019-14233 (rhbz#1735772) - Fix CVE-2019-14234 (rhbz#1735776) - Fix CVE-2019-14235 (rhbz#1735781) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1735768 - CVE-2019-14232 python-django: Django: backtracking in a regular expression in django.utils.text.Truncator leads to DoS [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1735768 [ 2 ] Bug #1735772 - CVE-2019-14233 python-django: Django: the behavior of the underlying HTMLParser leading to DoS [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1735772 [ 3 ] Bug #1735776 - CVE-2019-14234 python-django: Django: SQL injection possibility in key and index lookups for JSONField/HStoreField [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1735776 [ 4 ] Bug #1735781 - CVE-2019-14235 python-django: Django: Potential memory exhaustion in django.utils.encoding.uri_to_iri() [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1735781 -------------------------------------------------------------------------------- ================================================================================ python-plumbum-1.6.7-2.el7 (FEDORA-EPEL-2019-cca94d8cc6) Shell combinators library -------------------------------------------------------------------------------- Update Information: Upstream version 1.6.7 ---- Upstream version 1.6.7 -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 22 2019 Greg Hellings <greg.hellings@xxxxxxxxx> - 1.6.7-1 - Upstream version 1.6.7 - Restored Python 3 version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1244181 - python-plumbum-1.6.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1244181 -------------------------------------------------------------------------------- ================================================================================ qdigidoc-4.2.2-4.el7 (FEDORA-EPEL-2019-e29d1e586e) Estonian digital signature and encryption application -------------------------------------------------------------------------------- Update Information: - Latest upstream release 4.2.2 - Fix for epel7 build by calling cmake3 explicitly -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 6 2019 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.2.2-4 - Call cmake3 explicitly to fix epel7 build * Wed Jul 31 2019 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.2.2-3 - Patch nautilus extension to work with python 3 * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Mon Jul 22 2019 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.2.2-1 - Upstream release 4.2.2 * Fri Jul 19 2019 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.2.1-1 - Upstream release 4.2.1 * Sat Feb 2 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.2.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Dec 28 2018 Germano Massullo <germano@xxxxxxxxxxxxxxxxxxx> - 4.2.0-4 - added Provides: qesteidutil * Tue Dec 11 2018 Germano Massullo <germano@xxxxxxxxxxxxxxxxxxx> - 4.2.0-3 - adding obsoletes: qesteidutil for F30 * Tue Dec 4 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.2.0-2 - Add proper provides and obsoletes * Tue Dec 4 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.2.0-1 - Upstream release 4.2.0 * Mon Nov 19 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.1.0-1 - Upstream release 4.1.0 * Thu Oct 4 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.0.0-4 - Use the officially provided zip pack - Update static resource files * Mon Jun 25 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.0.0-3 - Add instructions on how to obtain the tarball - Re-pack the sources tarball with ones obtained from VCS. * Mon Jun 18 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.0.0-2 - Add a patch for sanbox compilation * Wed Jun 13 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 4.0.0-1 - Update sources to the 4.0.0 release - Add a patch to workaround the Qt 5.11 compatibility * Sun Jun 3 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 0.6.0-3 - Update sources to the latest one * Thu May 3 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 0.6.0-2 - Remove filetype bindings and icons to avoid conflict with DigiDoc3 * Tue May 1 2018 Dmitri Smirnov <dmitri@xxxxxxxxxx> - 0.6.0-1 - Initial packaging of 0.6.0 beta -------------------------------------------------------------------------------- References: [ 1 ] Bug #1662491 - Fix EPEL7 build https://bugzilla.redhat.com/show_bug.cgi?id=1662491 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
