The following Fedora EPEL 7 Security updates need testing: Age URL 57 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3621/php-Smarty-3.1.21-1.el7 41 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutils-2.23.88.0.1-2.el7.1 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4536/firebird-2.5.3.26778.0-2.el7 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4765/unrtf-0.21.7-1.el7 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4757/mingw-jasper-1.900.1-25.el7 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4759/rabbitmq-server-3.3.5-4.el7 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4800/libssh-0.6.4-1.el7 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4830/roundcubemail-1.0.4-2.el7 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4868/glpi-0.84.8-3.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4904/mingw-freetype-2.5.4-1.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4892/mingw-libxml2-2.9.2-1.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4910/mingw-dbus-1.8.12-1.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4895/mingw-openssl-1.0.1j-1.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4906/mingw-curl-7.39.0-1.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4883/mingw-libjpeg-turbo-1.3.1-4.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4901/mingw-binutils-2.25-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing jpegoptim-1.4.2-1.el7 ledger-3.1-2.el7 libcddb-1.3.2-12.el7 mingw-binutils-2.25-1.el7 mingw-curl-7.39.0-1.el7 mingw-dbus-1.8.12-1.el7 mingw-freetype-2.5.4-1.el7 mingw-libjpeg-turbo-1.3.1-4.el7 mingw-libxml2-2.9.2-1.el7 mingw-openssl-1.0.1j-1.el7 nmon-14i-8.el7 nodejs-browser-request-0.3.3-1.el7 nodejs-dtree-0.0.7-1.el7 nodejs-end-of-stream-1.1.0-1.el7 nodejs-hash_file-0.1.1-1.el7 nodejs-minstache-1.2.0-1.el7 openconnect-7.02-1.el7 perl-Rose-DB-Object-0.813-1.el7 phoronix-test-suite-5.4.1-1.el7 Details about builds: ================================================================================ jpegoptim-1.4.2-1.el7 (FEDORA-EPEL-2014-4894) Utility to optimize JPEG files -------------------------------------------------------------------------------- Update Information: Update to version 1.4.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Denis Fateyev <de...@fateyev.com> - 1.4.2-1 - Update to version 1.4.2 * Sat Aug 16 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.4.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176901 - jpegoptim-1.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1176901 -------------------------------------------------------------------------------- ================================================================================ ledger-3.1-2.el7 (FEDORA-EPEL-2014-4896) A powerful command-line double-entry accounting system -------------------------------------------------------------------------------- Update Information: ledger for epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177020 - Please branch for EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1177020 -------------------------------------------------------------------------------- ================================================================================ libcddb-1.3.2-12.el7 (FEDORA-EPEL-2014-4912) Library (C API) for accessing CDDB servers -------------------------------------------------------------------------------- Update Information: Build for EPEL7 (#1123242) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1123242 - Please Branch libcddb for EPEl7 https://bugzilla.redhat.com/show_bug.cgi?id=1123242 -------------------------------------------------------------------------------- ================================================================================ mingw-binutils-2.25-1.el7 (FEDORA-EPEL-2014-4901) Cross-compiled version of binutils for Win32 and Win64 environments -------------------------------------------------------------------------------- Update Information: Fix various CVE's -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.25-1 - Update to 2.25 * Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.24-5 - Fix CVE-2014-8501 (RHBZ #1162578 #1162583) - Fix CVE-2014-8502 (RHBZ #1162602) - Fix CVE-2014-8503 (RHBZ #1162612) - Fix CVE-2014-8504 (RHBZ #1162626) - Fix CVE-2014-8737 (RHBZ #1162660) - Fix CVE-2014-8738 (RHBZ #1162673) * Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.24-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.24-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 30 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.24-2 - Fix FTBFS against gcc 4.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162583 - CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162583 [ 2 ] Bug #1162602 - CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162602 [ 3 ] Bug #1162612 - CVE-2014-8503 mingw-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162612 [ 4 ] Bug #1162626 - CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162626 [ 5 ] Bug #1162660 - mingw-binutils: binutils: directory traversal vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162660 [ 6 ] Bug #1162673 - mingw-binutils: binutils: out of bounds memory write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162673 -------------------------------------------------------------------------------- ================================================================================ mingw-curl-7.39.0-1.el7 (FEDORA-EPEL-2014-4906) MinGW Windows port of curl and libcurl -------------------------------------------------------------------------------- Update Information: * Update to 7.39.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 7.39.0-1 - Update to 7.39.0 - Fixes CVE-2014-3707 (RHBZ #1160724) - Fixes CVE-2014-3620 CVE-2014-3613 (RHBZ #1140037) * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 7.37.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1160724 - CVE-2014-3707 mingw-curl: curl: incorrect handle duplication after COPYPOSTFIELDS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1160724 [ 2 ] Bug #1140037 - CVE-2014-3620 CVE-2014-3613 mingw-curl: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1140037 -------------------------------------------------------------------------------- ================================================================================ mingw-dbus-1.8.12-1.el7 (FEDORA-EPEL-2014-4910) MinGW Windows port of D-Bus -------------------------------------------------------------------------------- Update Information: * Update to 1.8.12\\r\\n* Fixes various CVE's -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 1.8.12-1 - Update to 1.8.12 * Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 1.6.28-1 - Update to 1.6.28 - Fixes CVE-2014-7824 (RHBZ #1173557) - Fixes CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 and CVE-2014-3635 (RHBZ #1142582) - Fixes CVE-2014-3477 (RHBZ #1117395) - Fixes CVE-2014-3533 CVE-2014-3532 (RHBZ #1115637) * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.6.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173557 - CVE-2014-7824 mingw-dbus: dbus: local denial of service via incomplete fix for CVE-2014-3636 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1173557 [ 2 ] Bug #1142582 - CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 mingw-dbus: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1142582 [ 3 ] Bug #1115637 - CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1115637 [ 4 ] Bug #1117395 - CVE-2014-3477 mingw-dbus: dbus: denial of service flaw in dbus-daemon [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1117395 -------------------------------------------------------------------------------- ================================================================================ mingw-freetype-2.5.4-1.el7 (FEDORA-EPEL-2014-4904) Free and portable font rendering engine -------------------------------------------------------------------------------- Update Information: * Update to 2.5.4\r\n* Updated subpixel rendering patch to 2.5.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.5.4-1 - Update to 2.5.4 - Fixes RHBZ #1172635 * Thu Jul 10 2014 Nicola Fontana <n...@entidi.it> - 2.5.3-3 - Update subpixel rendering patch to 2.5.3 (RHBZ #1118276) * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.5.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1172635 - mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240). [fedora-20] https://bugzilla.redhat.com/show_bug.cgi?id=1172635 [ 2 ] Bug #1118276 - Subpixel rendering patch invalid https://bugzilla.redhat.com/show_bug.cgi?id=1118276 -------------------------------------------------------------------------------- ================================================================================ mingw-libjpeg-turbo-1.3.1-4.el7 (FEDORA-EPEL-2014-4883) MinGW Windows Libjpeg-turbo library -------------------------------------------------------------------------------- Update Information: Fix CVE-2014-9092 -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 1.3.1-4 - Fix CVE-2014-9092 (RHBZ #1169851 #1169853) * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1169853 - CVE-2014-9092 mingw-libjpeg-turbo: libjpeg-turbo: denial of service via specially-crafted JPEG file [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1169853 -------------------------------------------------------------------------------- ================================================================================ mingw-libxml2-2.9.2-1.el7 (FEDORA-EPEL-2014-4892) MinGW Windows libxml2 XML processing library -------------------------------------------------------------------------------- Update Information: Update to libxml2 2.9.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.9.2-1 - Update to 2.9.2 - Avoid corrupting the xml catalogs - Fix CVE-2014-0191 (RHBZ #1107557) * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.9.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1107557 - CVE-2014-0191 mingw-libxml2: libxml2: external parameter entity loaded when entity substitution is disabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1107557 -------------------------------------------------------------------------------- ================================================================================ mingw-openssl-1.0.1j-1.el7 (FEDORA-EPEL-2014-4895) MinGW port of the OpenSSL toolkit -------------------------------------------------------------------------------- Update Information: * Synced with native openssl-1.0.1j-3.fc22\r\n* Add support for RFC 5649\r\n* Prevent compiler warning "Please include winsock2.h before windows.h" when using the OpenSSL headers\r\n* Fixes various CVE's -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 1.0.1j-1 - Synced with native openssl-1.0.1j-3.fc22 - Add support for RFC 5649 - Prevent compiler warning "Please include winsock2.h before windows.h" when using the OpenSSL headers - Fixes various CVE's (RHBZ #1127889 #1127709 #1152851) * Thu Aug 21 2014 Marc-André Lureau <marcandre.lur...@redhat.com> - 1.0.1i-1 - Synced with native openssl-1.0.1i-3.fc21 - Fixes various flaws (RHBZ#1096234 and RHBZ#1127705) CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.0.1e-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1127709 - CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 mingw-openssl: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1127709 [ 2 ] Bug #1127889 - CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1127889 -------------------------------------------------------------------------------- ================================================================================ nmon-14i-8.el7 (FEDORA-EPEL-2014-4881) Nigel's performance Monitor for Linux -------------------------------------------------------------------------------- Update Information: EPEL build -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115435 - Please build this package for EPEL6+ https://bugzilla.redhat.com/show_bug.cgi?id=1115435 -------------------------------------------------------------------------------- ================================================================================ nodejs-browser-request-0.3.3-1.el7 (FEDORA-EPEL-2014-4903) Browser port of the Node.js 'request' package -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173387 - Review Request: nodejs-browser-request - Browser port of the Node.js 'request' package https://bugzilla.redhat.com/show_bug.cgi?id=1173387 -------------------------------------------------------------------------------- ================================================================================ nodejs-dtree-0.0.7-1.el7 (FEDORA-EPEL-2014-4885) Command-line tool to view the dependency tree of any single js file -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1171750 - Review Request: nodejs-dtree - Command-line tool to view the dependency tree of any single js file https://bugzilla.redhat.com/show_bug.cgi?id=1171750 -------------------------------------------------------------------------------- ================================================================================ nodejs-end-of-stream-1.1.0-1.el7 (FEDORA-EPEL-2014-4899) Call a callback when a readable/writable/duplex stream has completed or failed -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176809 - Review Request: nodejs-end-of-stream - Call a callback when a readable/writable/duplex stream has completed or failed https://bugzilla.redhat.com/show_bug.cgi?id=1176809 -------------------------------------------------------------------------------- ================================================================================ nodejs-hash_file-0.1.1-1.el7 (FEDORA-EPEL-2014-4913) A simple utility for getting a hash of a file -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176880 - Review Request: nodejs-hash_file - A simple utility for getting a hash of a file https://bugzilla.redhat.com/show_bug.cgi?id=1176880 -------------------------------------------------------------------------------- ================================================================================ nodejs-minstache-1.2.0-1.el7 (FEDORA-EPEL-2014-4893) Mini mustache template engine -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173206 - Review Request: nodejs-minstache - Mini mustache template engine https://bugzilla.redhat.com/show_bug.cgi?id=1173206 -------------------------------------------------------------------------------- ================================================================================ openconnect-7.02-1.el7 (FEDORA-EPEL-2014-4887) Open client for Cisco AnyConnect VPN -------------------------------------------------------------------------------- Update Information: Update to 7.02 release to align with f21\nWhen compiling with old gnutls version completely disable ECDHE -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Nikos Mavrogiannopoulos <n...@redhat.com> - 7.02-1 - Update to 7.02 release to align with f21 * Tue Sep 16 2014 Nikos Mavrogiannopoulos <n...@redhat.com> - 6.00-2 - When compiling with old gnutls version completely disable ECDHE instead of disabling the curves. -------------------------------------------------------------------------------- ================================================================================ perl-Rose-DB-Object-0.813-1.el7 (FEDORA-EPEL-2014-4898) Extensible, high performance object-relational mapper (ORM) -------------------------------------------------------------------------------- Update Information: add perl-Rose-DB-Object to epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #839754 - Review Request: perl-Rose-DB-Object - Extensible, high performance object-relational mapper (ORM) https://bugzilla.redhat.com/show_bug.cgi?id=839754 -------------------------------------------------------------------------------- ================================================================================ phoronix-test-suite-5.4.1-1.el7 (FEDORA-EPEL-2014-4886) An Automated, Open-Source Testing Framework -------------------------------------------------------------------------------- Update Information: Update to new upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 24 2014 Markus Mayer <lotharl...@gmx.de> 5.4.1-1 - new upstream release * Thu Oct 2 2014 Rex Dieter <rdie...@fedoraproject.org> 5.2.1-2 - update mime scriptlets -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel