The following Fedora EPEL 7 Security updates need testing: Age URL 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ea01d505c9 pdns-4.1.14-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a37e7c643e xawtv-3.107-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-98b234afda libuv-1.40.0-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-bd6a96cd24 python34-3.4.10-7.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9eaf8d2e11 prosody-0.11.7-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing python3-urllib3-1.25.6-2.el7 qpid-proton-0.32.0-2.el7 rubygem-kramdown-1.9.0-2.el7 Details about builds: ================================================================================ python3-urllib3-1.25.6-2.el7 (FEDORA-EPEL-2020-1eeb530261) Python 3 HTTP library with thread-safe connection pooling and file post -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2020-26137: CRLF injection via HTTP request method -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 2 2020 Orion Poplawski <orion@xxxxxxxx> - 1.25.6-2 - Rebase upstream fix for CVE-2020-26137 (bz#1883870) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1883632 - CVE-2020-26137 python-urllib3: CRLF injection via HTTP request method https://bugzilla.redhat.com/show_bug.cgi?id=1883632 -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.32.0-2.el7 (FEDORA-EPEL-2020-2bc997ea1c) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Added a fix to build c/cpp examples. ---- Rebased to 0.32.0. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 2 2020 Irina Boverman <iboverma@xxxxxxxxxx> - 0.32.0-2 - Added temp fix to allow building c/cpp examples * Thu Sep 24 2020 Irina Boverman <iboverma@xxxxxxxxxx> - 0.32.0-1 - Rebased to 0.32.0 -------------------------------------------------------------------------------- ================================================================================ rubygem-kramdown-1.9.0-2.el7 (FEDORA-EPEL-2020-50425dd33f) Fast, pure-Ruby Markdown-superset converter -------------------------------------------------------------------------------- Update Information: Backport fixes for CVE-2020-14001 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 2 2020 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.9.0-2 - Backport upstream patch for CVE-2020-14001 (bug 1858395) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1858415 - CVE-2020-14001 rubygem-kramdown: processing template options inside documents allows unintended read access or embedded Ruby code execution [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1858415 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
