The following Fedora EPEL 7 Security updates need testing: Age URL 518 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 259 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 257 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-32603d41ea GraphicsMagick-1.3.34-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b5ec870c52 mingw-wavpack-5.1.0-9.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-75cc3918d1 rubygem-ox-2.4.11-5.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9ffdf25269 python-django-1.11.27-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-12cd208593 gnulib-0-31.20200107git.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-de388d4fd0 chromium-79.0.3945.117-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-35e87bab10 perl-Clipboard-0.21-1.el7.1 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a062204588 rubygem-rack-1.6.12-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-87fd65eed3 python3-pillow-6.2.2-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-345003feba thunderbird-enigmail-2.1.5-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing OpenMolcas-19.11-1.el7 elements-alexandria-2.14.1-2.el7 elog-3.1.4-1.20190113git283534d97d5a.el7 php-composer-ca-bundle-1.2.6-1.el7 php-composer-semver-1.5.1-1.el7 php-seld-phar-utils-1.0.2-1.el7 zimg-2.9.2-1.el7 Details about builds: ================================================================================ OpenMolcas-19.11-1.el7 (FEDORA-EPEL-2020-cc10e4e20c) A multiconfigurational quantum chemistry software package -------------------------------------------------------------------------------- Update Information: Update to the 19.11 stable release. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2020 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 19.11-1 - Update to 19.11. * Wed Jul 24 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 18.09-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jan 31 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 18.09-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ elements-alexandria-2.14.1-2.el7 (FEDORA-EPEL-2020-2a1796ec10) A lightweight C++ utility library -------------------------------------------------------------------------------- Update Information: Initial RPM -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2020 Alejandro Alvarez Ayllon <alejandro.alvarezayllon@xxxxxxxx> 2.14.1-2 - Fix conditional dependency on cmake-filesystem - Add LICENSE file to the main package * Fri Jan 10 2020 Alejandro Alvarez Ayllon <alejandro.alvarezayllon@xxxxxxxx> 2.14.1-1 - Initial RPM -------------------------------------------------------------------------------- References: [ 1 ] Bug #1789749 - None https://bugzilla.redhat.com/show_bug.cgi?id=1789749 -------------------------------------------------------------------------------- ================================================================================ elog-3.1.4-1.20190113git283534d97d5a.el7 (FEDORA-EPEL-2020-348d34c4c6) Logbook system to manage notes through a Web interface -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2019-3993, CVE-2019-3994, CVE-2019-3995, CVE-2019-3992, CVE-2019-3996 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2020 Ben Rosser <rosser.bjr@xxxxxxxxx> - 3.1.4-1.20190113git283534d97d5a - Update to post-release snapshot of 3.1.4. - Fix several security issues. * Wed Jul 24 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.1.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jan 31 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.1.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Jul 12 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.1.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 9 2018 Igor Gnatenko <ignatenkobrain@xxxxxxxxxxxxxxxxx> - 3.1.3-6 - Escape macros in %changelog * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.1.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Aug 2 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.1.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.1.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1787064 - CVE-2019-3993 elog: allows recover an user password hash by sending a crafted HTTP POST request https://bugzilla.redhat.com/show_bug.cgi?id=1787064 [ 2 ] Bug #1787060 - CVE-2019-3994 elog: use-after-free by sending multiple crafted HTTP POST requests https://bugzilla.redhat.com/show_bug.cgi?id=1787060 [ 3 ] Bug #1787055 - CVE-2019-3995 elog: NULL pointer dereference via crafted HTTP GET request https://bugzilla.redhat.com/show_bug.cgi?id=1787055 [ 4 ] Bug #1787051 - CVE-2019-3992 elog: allows access the server configuration file by sending a HTTP GET request https://bugzilla.redhat.com/show_bug.cgi?id=1787051 [ 5 ] Bug #1786750 - CVE-2019-3996 elog: unauthenticated remote users can proxy HTTP GET requests via crafted POST requests https://bugzilla.redhat.com/show_bug.cgi?id=1786750 -------------------------------------------------------------------------------- ================================================================================ php-composer-ca-bundle-1.2.6-1.el7 (FEDORA-EPEL-2020-6b9928a611) Lets you find a path to the system CA -------------------------------------------------------------------------------- Update Information: **Version 1.2.6** * Fixed use of getenv potentially causing issue in web SAPIs -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2020 Remi Collet <remi@xxxxxxxxxxxx> - 1.2.6-1 - update to 1.2.6 -------------------------------------------------------------------------------- ================================================================================ php-composer-semver-1.5.1-1.el7 (FEDORA-EPEL-2020-d652cd27b2) Semver library that offers utilities, version constraint parsing and validation -------------------------------------------------------------------------------- Update Information: **Version 1.5.1** - 2020-01-13 * Fixed: Parsing of aliased version was not validating the alias to be a valid version -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2020 Remi Collet <remi@xxxxxxxxxxxx> - 1.5.1-1 - update to 1.5.1 -------------------------------------------------------------------------------- ================================================================================ php-seld-phar-utils-1.0.2-1.el7 (FEDORA-EPEL-2020-196ac01ab9) PHAR file format utilities -------------------------------------------------------------------------------- Update Information: **Version 1.0.2** * Fixed support of big endian machines * Fixed signature position determination in edge cases -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2020 Remi Collet <remi@xxxxxxxxxxxx> - 1.0.2-1 - update to 1.0.2 - switch from symfony/class-loader to fedora/autoloader -------------------------------------------------------------------------------- ================================================================================ zimg-2.9.2-1.el7 (FEDORA-EPEL-2020-f2dbe77a5b) Scaling, color space conversion, and dithering library -------------------------------------------------------------------------------- Update Information: New upstream release 2.9.2. ABI compatible with 2.8. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2019 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.9.2-1 - Update to 2.9.2 release * Sat Jul 27 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.8-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
