The following Fedora EPEL 7 Security updates need testing: Age URL 765 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 505 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83bdeb2965 ansible-2.9.13-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0a324e529d drupal7-7.72-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f9a066663b mbedtls-2.7.17-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-25e525a9ca seamonkey-2.53.4-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0f3f88c479 nginx-1.16.1-2.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-918ad695f6 proftpd-1.3.5e-10.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d968abb383 golang-1.15.2-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-92064b5b2b singularity-3.6.3-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing libuv-1.39.0-1.el7 matio-1.5.18-1.el7 nordugrid-arc-5.4.4-4.el7 nordugrid-arc6-6.7.0-2.el7 root-6.22.02-2.el7 xrdcl-http-5.0.2-1.el7 xrootd-5.0.2-1.el7 xrootd-compat-4.12.4-1.el7 yadifa-2.3.10-1.el7 Details about builds: ================================================================================ libuv-1.39.0-1.el7 (FEDORA-EPEL-2020-6b04ee5c07) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: Update to Node.js 12.18.4 September 2020 security release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 8 2020 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.39.0-1 - Update to 1.39.0 * Fri Jul 31 2020 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.38.1-1 - Update to 1.38.1 - https://github.com/libuv/libuv/blob/v1.38.1/ChangeLog * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:1.38.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ matio-1.5.18-1.el7 (FEDORA-EPEL-2020-e621d9ff68) Library for reading/writing Matlab MAT files -------------------------------------------------------------------------------- Update Information: 1.5.18 https://github.com/tbeu/matio/releases/tag/v1.5.18 -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 17 2020 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 1.5.18-1 - 1.5.18 * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5.17-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1769546 - CVE-2019-17533 matio: improper null termination in Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1769546 [ 2 ] Bug #1769548 - CVE-2019-17533 matio: improper null termination in Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1769548 [ 3 ] Bug #1769550 - CVE-2019-17533 matio: improper null termination in Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1769550 [ 4 ] Bug #1792008 - CVE-2019-20019 matio: excessive memory allocation in Mat_VarRead5 in mat5.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1792008 [ 5 ] Bug #1792009 - CVE-2019-20019 matio: excessive memory allocation in Mat_VarRead5 in mat5.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1792009 [ 6 ] Bug #1792295 - CVE-2019-20020 matio: stack-based buffer overflow in ReadNextStructField in mat5.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1792295 [ 7 ] Bug #1792296 - CVE-2019-20020 matio: stack-based buffer overflow in ReadNextStructField in mat5.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1792296 [ 8 ] Bug #1792301 - CVE-2019-20018 matio: stack-based buffer overflow in ReadNextCell in mat5.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1792301 [ 9 ] Bug #1792303 - CVE-2019-20018 matio: stack-based buffer overflow in ReadNextCell in mat5.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1792303 [ 10 ] Bug #1792333 - CVE-2019-20017 matio: stack-based buffer overflow in Mat_VarReadNextInfo5 in mat5.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1792333 [ 11 ] Bug #1792336 - CVE-2019-20017 matio: stack-based buffer overflow in Mat_VarReadNextInfo5 in mat5.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1792336 [ 12 ] Bug #1794726 - CVE-2019-20052 matio: memory leak in Mat_VarCalloc in mat.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1794726 [ 13 ] Bug #1794727 - CVE-2019-20052 matio: memory leak in Mat_VarCalloc in mat.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1794727 [ 14 ] Bug #1880167 - matio-1.5.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1880167 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-5.4.4-4.el7 (FEDORA-EPEL-2020-44ad46e846) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: xrootd 5 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 28 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 5.4.4-4 - xrootd 5 compatibility -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc6-6.7.0-2.el7 (FEDORA-EPEL-2020-44ad46e846) Advanced Resource Connector Middleware -------------------------------------------------------------------------------- Update Information: xrootd 5 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 28 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 6.7.0-2 - xrootd 5 compatibility -------------------------------------------------------------------------------- ================================================================================ root-6.22.02-2.el7 (FEDORA-EPEL-2020-44ad46e846) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: xrootd 5 -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 30 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 6.22.02-2 - Adapt to xrootd 5 (Fedora 33+, EPEL 7+) - Don't build the old proof client (xproofd) - Don't build the old NetX module -------------------------------------------------------------------------------- ================================================================================ xrdcl-http-5.0.2-1.el7 (FEDORA-EPEL-2020-44ad46e846) HTTP client plug-in for XRootD -------------------------------------------------------------------------------- Update Information: xrootd 5 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 18 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 5.0.2-1 - Update to version 5.0.2 - Drop patches (accepted upstream or previously backported) * Thu Aug 27 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 5.0.1-1 - Update to version 5.0.1 - Don't use versioned plugin names in configuration - Backport plugin version change from git master * Sat Aug 1 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.12.2-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.12.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xrootd-5.0.2-1.el7 (FEDORA-EPEL-2020-44ad46e846) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: xrootd 5 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 18 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.0.2-1 - Update to version 5.0.2 - Drop patches (accepted upstream or previously backported) - Obsolete xrdhttpvoms in xrootd-voms package * Thu Aug 27 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.0.1-1 - Update to version 5.0.1 - Remove conditionals for building on EPEL 6 - Drop patches (accepted upstream or previously backported) - Fix 32 bit compilation (format error) - Fix compilation on ARM, PPC and S390X (char is unsigned) -------------------------------------------------------------------------------- ================================================================================ xrootd-compat-4.12.4-1.el7 (FEDORA-EPEL-2020-44ad46e846) Extended ROOT file server - compat version 4 -------------------------------------------------------------------------------- Update Information: xrootd 5 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ yadifa-2.3.10-1.el7 (FEDORA-EPEL-2020-77bf4fd2ff) Lightweight authoritative Name Server with DNSSEC capabilities -------------------------------------------------------------------------------- Update Information: 20200915: YADIFA 2.3.10 - Added an autogen.sh script, as we did for YADIFA 2.4.x - Fixes an issue with IPv6 aliases. - Fixes an issue that would happen when building with a gcc version 10 or above. - Fixes an issue with FreeBSD aliases. - Fixes an issue with strncpy on FreeBSD. - Fixes an issue with CNAME queries incorrectly answered with an error code. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 17 2020 Denis Fateyev <denis@xxxxxxxxxxx> - 2.3.10-1 - Update to 2.3.10 release * Wed Jul 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Feb 28 2020 Denis Fateyev <denis@xxxxxxxxxxx> - 2.3.9-4 - Add "legacy_common_support" build option * Fri Jan 31 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sat Jul 27 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1879172 - yadifa-2.3.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1879172 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
