The following Fedora EPEL 7 Security updates need testing: Age URL 568 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 309 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 307 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6 python-waitress-1.4.3-1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5f252e8e10 kea-1.6.0-4.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ea579d7782 proftpd-1.3.5e-9.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b57b954fde openfortivpn-1.12.0-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1f5dbc1cd7 cacti-1.2.10-1.el7 cacti-spine-1.2.10-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-471d8a7abd sympa-6.2.54-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b3684de763 mbedtls-2.7.14-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing ddrescue-1.25-1.el7 kronosnet-1.15-1.el7 monit-5.26.0-1.el7 nodejs-rhea-1.0.19-2.el7 qpid-dispatch-1.10.0-2.el7 qpid-proton-0.30.0-2.el7 rubygem-qpid_proton-0.30.0-2.el7 seamonkey-2.53.1-2.el7 Details about builds: ================================================================================ ddrescue-1.25-1.el7 (FEDORA-EPEL-2020-c0e2e15418) Data recovery tool trying hard to rescue data in case of read errors -------------------------------------------------------------------------------- Update Information: update to bugfix release 1.25 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 3 2020 Michal Ambroz <rebus AT_ seznam.cz> - 1.25-1 - Update to 1.25. * Tue Jan 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.24-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1809276 - ddrescue-1.25 is available https://bugzilla.redhat.com/show_bug.cgi?id=1809276 -------------------------------------------------------------------------------- ================================================================================ kronosnet-1.15-1.el7 (FEDORA-EPEL-2020-43990b0cd5) Multipoint-to-Multipoint VPN daemon -------------------------------------------------------------------------------- Update Information: - New upstream release - Fix major interaction issues between stats gathering and PMTUd - Fix UDP socket options that could lead to knet not being properly functional - Man pages updates - Minor bug fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 4 2020 Fabio M. Di Nitto <fdinitto@xxxxxxxxxx> - 1.14-1 - New upstream release - Fix major interaction issues between stats gathering and PMTUd - Fix UDP socket options that could lead to knet not being properly functional - Man pages updates - Minor bug fixes * Fri Jan 31 2020 Fabio M. Di Nitto <fdinitto@xxxxxxxxxx> - 1.14-1 - New upstream release - Fixes several major issues with newer kernels - Fix build with gcc10 -------------------------------------------------------------------------------- ================================================================================ monit-5.26.0-1.el7 (FEDORA-EPEL-2020-fbd804208a) Manages and monitors processes, files, directories and devices -------------------------------------------------------------------------------- Update Information: Update to 5.26.0 (includes security fix for CVE-2019-11454 and CVE-2019-11455) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 3 2020 Stewart Adam <s.adam@xxxxxxxxxxxx> - 5.26.0-1 - Update to 5.26.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1663929 - monit: Use-after-free in function _handleEvent() https://bugzilla.redhat.com/show_bug.cgi?id=1663929 [ 2 ] Bug #1691391 - monit: Multiple issues fixed in 5.25.3 https://bugzilla.redhat.com/show_bug.cgi?id=1691391 [ 3 ] Bug #1702637 - CVE-2019-11455 monit: buffer over-read in function Util_urlDecode in util.c https://bugzilla.redhat.com/show_bug.cgi?id=1702637 [ 4 ] Bug #1702682 - CVE-2019-11454 monit: cross-site scripting (XSS) in http/cervlet.c https://bugzilla.redhat.com/show_bug.cgi?id=1702682 [ 5 ] Bug #1695987 - monit: Multiple vulnerabilities fixed in monit 5.25.3 https://bugzilla.redhat.com/show_bug.cgi?id=1695987 -------------------------------------------------------------------------------- ================================================================================ nodejs-rhea-1.0.19-2.el7 (FEDORA-EPEL-2020-82da7f7f21) A reactive messaging library based on the AMQP protocol -------------------------------------------------------------------------------- Update Information: Rebased to 1.0.19. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 3 2020 Irina Boverman <iboverma@xxxxxxxxxx> - 1.0.19-1 - Rebased to 1.0.19 -------------------------------------------------------------------------------- ================================================================================ qpid-dispatch-1.10.0-2.el7 (FEDORA-EPEL-2020-b9872da6ce) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information: Rebased to 1.10.0. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2020 Irina Boverman <iboverma@xxxxxxxxxx> - 1.10.0-1 - Rebased to 1.10.0 -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.30.0-2.el7 (FEDORA-EPEL-2020-481354191b) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Rebased to 0.30.0. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 3 2020 Irina Boverman <iboverma@xxxxxxxxxx> - 0.30.0-1 - Rebased to 0.30.0 - Replaced epydoc with python*-sphinx -------------------------------------------------------------------------------- ================================================================================ rubygem-qpid_proton-0.30.0-2.el7 (FEDORA-EPEL-2020-d4f49128de) Ruby language bindings for the Qpid Proton messaging framework -------------------------------------------------------------------------------- Update Information: Rebased to 0.30.0. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 3 2020 Irina Boverman <iboverma@xxxxxxxxxx> - 0.30.0-1 - Rebased to 0.30.0 -------------------------------------------------------------------------------- ================================================================================ seamonkey-2.53.1-2.el7 (FEDORA-EPEL-2020-4fdca9429c) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information: Upgrade to 2.53.1 SeaMonkey-2.53.1, being initially based on the Firefox-56 and Thunderbird-56 code, incorporates now a lot of backported features and security fixes from the newer Firefox/Thunderbird versions up to 75. That way it tries to be a modern browser, preserving the same time the familiar user interface and the ability to use traditional extensions and addons. This version makes changes to your profile that can't be reverted in case you want to go back to a previous version of SeaMonkey. You MUST absolutely do a full backup of your profile (~/.mozilla/seamonkey/ dir) BEFORE trying to run new version. SeaMonkey now uses GTK3 library for GUI interface. If you experienced some size issues, go to "about:config" and try to set "layout.css.devPixelsPerPx" preference to "1" (or any other preferred value). You can also use gtk3's environment variables GDK_SCALE and/or GDK_DPI_SCALE (useful for HiDPI displays). Since Classic theme uses system desktop theme, it might behaves incorrectly when the underlying theme (still) does not support gtk3. Full theme add-ons may need changes because of user interface and internal changes. If you find any problem with themes, contact the theme author. Before reporting a problem with the user interface, please make sure to recreate it with either the Classic or Modern theme. This version now includes "Lightning" calendar. It becomes a standard part of Thunderbird/SeaMonkey, being just technically organized as an extension. This version returns providing of Chatzilla and DOM inspector extensions, just as it always was before. It is likely you need to update your third party extensions to newer versions. Poorly designed or incompatible extensions can cause unpredictable problems. If you encounter some strange issues, try "seamonkey -safe-mode" from command line. Unfortunately, it is now impossible to continue support of npapi plugins. Thus, java applets no more work :( . All modern browsers have dropped such support years ago, and even plugin owners recommend to not use it anymore. Search "browsers with java support" if you still need it. Sorry for that. Flash is still supported, at least until its EOL at the end of 2020. Since 2.53.1, 32-bit version (i686 arch) does not provided, because no more supported. The old format of keys and certificates storage in the user profiles still preserved in Fedora. DO NOT TOUCH key3.db and cert8.db files (as it might be recommended in the upstream release notes) -- they still works as expected. Please, read upstream release notes for more info https://www.seamonkey-project.org/releases/seamonkey2.53.1/ -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 4 2020 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> 2.53.1-2 - add patch for classic theme (#1808197) - build with clang * Fri Feb 28 2020 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> 2.53.1-1 - Upgrade to 2.53.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1808197 - seamonkey-2.53.1.source is available https://bugzilla.redhat.com/show_bug.cgi?id=1808197 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
