[EPEL-devel] Fedora EPEL 7 updates-testing report

updates Wed, 24 Dec 2014 09:41:31 -0800

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
  57  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3621/php-Smarty-3.1.21-1.el7
  41  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutils-2.23.88.0.1-2.el7.1
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4536/firebird-2.5.3.26778.0-2.el7
   5  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4765/unrtf-0.21.7-1.el7
   5  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4757/mingw-jasper-1.900.1-25.el7
   5  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4759/rabbitmq-server-3.3.5-4.el7
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4800/libssh-0.6.4-1.el7
   2  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4830/roundcubemail-1.0.4-2.el7
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4868/glpi-0.84.8-3.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4904/mingw-freetype-2.5.4-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4892/mingw-libxml2-2.9.2-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4910/mingw-dbus-1.8.12-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4895/mingw-openssl-1.0.1j-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4906/mingw-curl-7.39.0-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4883/mingw-libjpeg-turbo-1.3.1-4.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4901/mingw-binutils-2.25-1.el7



The following builds have been pushed to Fedora EPEL 7 updates-testing

    jpegoptim-1.4.2-1.el7
    ledger-3.1-2.el7
    libcddb-1.3.2-12.el7
    mingw-binutils-2.25-1.el7
    mingw-curl-7.39.0-1.el7
    mingw-dbus-1.8.12-1.el7
    mingw-freetype-2.5.4-1.el7
    mingw-libjpeg-turbo-1.3.1-4.el7
    mingw-libxml2-2.9.2-1.el7
    mingw-openssl-1.0.1j-1.el7
    nmon-14i-8.el7
    nodejs-browser-request-0.3.3-1.el7
    nodejs-dtree-0.0.7-1.el7
    nodejs-end-of-stream-1.1.0-1.el7
    nodejs-hash_file-0.1.1-1.el7
    nodejs-minstache-1.2.0-1.el7
    openconnect-7.02-1.el7
    perl-Rose-DB-Object-0.813-1.el7
    phoronix-test-suite-5.4.1-1.el7

Details about builds:


================================================================================
 jpegoptim-1.4.2-1.el7 (FEDORA-EPEL-2014-4894)
 Utility to optimize JPEG files
--------------------------------------------------------------------------------
Update Information:

Update to version 1.4.2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2014 Denis Fateyev <de...@fateyev.com> - 1.4.2-1
- Update to version 1.4.2
* Sat Aug 16 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1176901 - jpegoptim-1.4.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1176901
--------------------------------------------------------------------------------


================================================================================
 ledger-3.1-2.el7 (FEDORA-EPEL-2014-4896)
 A powerful command-line double-entry accounting system
--------------------------------------------------------------------------------
Update Information:

ledger for epel7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1177020 - Please branch for EPEL7
        https://bugzilla.redhat.com/show_bug.cgi?id=1177020
--------------------------------------------------------------------------------


================================================================================
 libcddb-1.3.2-12.el7 (FEDORA-EPEL-2014-4912)
 Library (C API) for accessing CDDB servers
--------------------------------------------------------------------------------
Update Information:

Build for EPEL7 (#1123242)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1123242 - Please Branch libcddb for EPEl7
        https://bugzilla.redhat.com/show_bug.cgi?id=1123242
--------------------------------------------------------------------------------


================================================================================
 mingw-binutils-2.25-1.el7 (FEDORA-EPEL-2014-4901)
 Cross-compiled version of binutils for Win32 and Win64 environments
--------------------------------------------------------------------------------
Update Information:

Fix various CVE's
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.25-1
- Update to 2.25
* Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.24-5
- Fix CVE-2014-8501 (RHBZ #1162578 #1162583)
- Fix CVE-2014-8502 (RHBZ #1162602)
- Fix CVE-2014-8503 (RHBZ #1162612)
- Fix CVE-2014-8504 (RHBZ #1162626)
- Fix CVE-2014-8737 (RHBZ #1162660)
- Fix CVE-2014-8738 (RHBZ #1162673)
* Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 2.24-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 2.24-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 30 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.24-2
- Fix FTBFS against gcc 4.9
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1162583 - CVE-2014-8501 mingw-binutils: binutils: out-of-bounds 
write when parsing specially crafted PE executable [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162583
  [ 2 ] Bug #1162602 - CVE-2014-8502 mingw-binutils: binutils: heap overflow in 
objdump [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162602
  [ 3 ] Bug #1162612 - CVE-2014-8503 mingw-binutils: binutils: stack overflow 
in objdump when parsing specially crafted ihex file [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162612
  [ 4 ] Bug #1162626 - CVE-2014-8504 mingw-binutils: binutils: stack overflow 
in the SREC parser [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162626
  [ 5 ] Bug #1162660 - mingw-binutils: binutils: directory traversal 
vulnerability [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162660
  [ 6 ] Bug #1162673 - mingw-binutils: binutils: out of bounds memory write 
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162673
--------------------------------------------------------------------------------


================================================================================
 mingw-curl-7.39.0-1.el7 (FEDORA-EPEL-2014-4906)
 MinGW Windows port of curl and libcurl
--------------------------------------------------------------------------------
Update Information:

* Update to 7.39.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 7.39.0-1
- Update to 7.39.0
- Fixes CVE-2014-3707 (RHBZ #1160724)
- Fixes CVE-2014-3620 CVE-2014-3613 (RHBZ #1140037)
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 7.37.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1160724 - CVE-2014-3707 mingw-curl: curl: incorrect handle 
duplication after COPYPOSTFIELDS [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1160724
  [ 2 ] Bug #1140037 - CVE-2014-3620 CVE-2014-3613 mingw-curl: various flaws 
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1140037
--------------------------------------------------------------------------------


================================================================================
 mingw-dbus-1.8.12-1.el7 (FEDORA-EPEL-2014-4910)
 MinGW Windows port of D-Bus
--------------------------------------------------------------------------------
Update Information:

* Update to 1.8.12\\r\\n* Fixes various CVE's
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 1.8.12-1
- Update to 1.8.12
* Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 1.6.28-1
- Update to 1.6.28
- Fixes CVE-2014-7824 (RHBZ #1173557)
- Fixes CVE-2014-3638 CVE-2014-3639 CVE-2014-3636
  CVE-2014-3637 and CVE-2014-3635 (RHBZ #1142582)
- Fixes CVE-2014-3477 (RHBZ #1117395)
- Fixes CVE-2014-3533 CVE-2014-3532 (RHBZ #1115637)
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.6.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1173557 - CVE-2014-7824 mingw-dbus: dbus: local denial of service 
via incomplete fix for CVE-2014-3636 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1173557
  [ 2 ] Bug #1142582 - CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 
CVE-2014-3635 mingw-dbus: various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1142582
  [ 3 ] Bug #1115637 - CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws 
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1115637
  [ 4 ] Bug #1117395 - CVE-2014-3477 mingw-dbus: dbus: denial of service flaw 
in dbus-daemon [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1117395
--------------------------------------------------------------------------------


================================================================================
 mingw-freetype-2.5.4-1.el7 (FEDORA-EPEL-2014-4904)
 Free and portable font rendering engine
--------------------------------------------------------------------------------
Update Information:

* Update to 2.5.4\r\n* Updated subpixel rendering patch to 2.5.3
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.5.4-1
- Update to 2.5.4
- Fixes RHBZ #1172635
* Thu Jul 10 2014 Nicola Fontana <n...@entidi.it> - 2.5.3-3
- Update subpixel rendering patch to 2.5.3 (RHBZ #1118276)
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 2.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1172635 - mingw-freetype: freetype: OOB stack-based read/write in 
cf2_hintmap_build() (incomplete fix for CVE-2014-2240). [fedora-20]
        https://bugzilla.redhat.com/show_bug.cgi?id=1172635
  [ 2 ] Bug #1118276 - Subpixel rendering patch invalid
        https://bugzilla.redhat.com/show_bug.cgi?id=1118276
--------------------------------------------------------------------------------


================================================================================
 mingw-libjpeg-turbo-1.3.1-4.el7 (FEDORA-EPEL-2014-4883)
 MinGW Windows Libjpeg-turbo library
--------------------------------------------------------------------------------
Update Information:

Fix CVE-2014-9092
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 22 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 1.3.1-4
- Fix CVE-2014-9092 (RHBZ #1169851 #1169853)
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169853 - CVE-2014-9092 mingw-libjpeg-turbo: libjpeg-turbo: denial 
of service via specially-crafted JPEG file [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169853
--------------------------------------------------------------------------------


================================================================================
 mingw-libxml2-2.9.2-1.el7 (FEDORA-EPEL-2014-4892)
 MinGW Windows libxml2 XML processing library
--------------------------------------------------------------------------------
Update Information:

Update to libxml2 2.9.2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 2.9.2-1
- Update to 2.9.2
- Avoid corrupting the xml catalogs
- Fix CVE-2014-0191 (RHBZ #1107557)
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 2.9.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1107557 - CVE-2014-0191 mingw-libxml2: libxml2: external parameter 
entity loaded when entity substitution is disabled [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1107557
--------------------------------------------------------------------------------


================================================================================
 mingw-openssl-1.0.1j-1.el7 (FEDORA-EPEL-2014-4895)
 MinGW port of the OpenSSL toolkit
--------------------------------------------------------------------------------
Update Information:

* Synced with native openssl-1.0.1j-3.fc22\r\n* Add support for RFC 5649\r\n* 
Prevent compiler warning "Please include winsock2.h before windows.h" when 
using the OpenSSL headers\r\n* Fixes various CVE's
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 22 2014 Erik van Pienbroek <epien...@fedoraproject.org> - 1.0.1j-1
- Synced with native openssl-1.0.1j-3.fc22
- Add support for RFC 5649
- Prevent compiler warning "Please include winsock2.h before windows.h"
  when using the OpenSSL headers
- Fixes various CVE's (RHBZ #1127889 #1127709 #1152851)
* Thu Aug 21 2014 Marc-André Lureau <marcandre.lur...@redhat.com> - 1.0.1i-1
- Synced with native openssl-1.0.1i-3.fc21
- Fixes various flaws (RHBZ#1096234 and RHBZ#1127705)
  CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511
  CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 CVE-2014-0221
  CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298
  CVE-2014-3470
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.0.1e-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1127709 - CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 
CVE-2014-3510 CVE-2014-3508 mingw-openssl: various flaws [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1127709
  [ 2 ] Bug #1127889 - CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 
CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1127889
--------------------------------------------------------------------------------


================================================================================
 nmon-14i-8.el7 (FEDORA-EPEL-2014-4881)
 Nigel's performance Monitor for Linux
--------------------------------------------------------------------------------
Update Information:

EPEL build
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1115435 - Please build this package for EPEL6+
        https://bugzilla.redhat.com/show_bug.cgi?id=1115435
--------------------------------------------------------------------------------


================================================================================
 nodejs-browser-request-0.3.3-1.el7 (FEDORA-EPEL-2014-4903)
 Browser port of the Node.js 'request' package
--------------------------------------------------------------------------------
Update Information:

Initial packaging
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1173387 - Review Request: nodejs-browser-request - Browser port of 
the Node.js 'request' package
        https://bugzilla.redhat.com/show_bug.cgi?id=1173387
--------------------------------------------------------------------------------


================================================================================
 nodejs-dtree-0.0.7-1.el7 (FEDORA-EPEL-2014-4885)
 Command-line tool to view the dependency tree of any single js file
--------------------------------------------------------------------------------
Update Information:

Initial packaging
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1171750 - Review Request: nodejs-dtree - Command-line tool to view 
the dependency tree of any single js file
        https://bugzilla.redhat.com/show_bug.cgi?id=1171750
--------------------------------------------------------------------------------


================================================================================
 nodejs-end-of-stream-1.1.0-1.el7 (FEDORA-EPEL-2014-4899)
 Call a callback when a readable/writable/duplex stream has completed or failed
--------------------------------------------------------------------------------
Update Information:

Initial packaging
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1176809 - Review Request: nodejs-end-of-stream - Call a callback 
when a readable/writable/duplex stream has completed or failed
        https://bugzilla.redhat.com/show_bug.cgi?id=1176809
--------------------------------------------------------------------------------


================================================================================
 nodejs-hash_file-0.1.1-1.el7 (FEDORA-EPEL-2014-4913)
 A simple utility for getting a hash of a file
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1176880 - Review Request: nodejs-hash_file - A simple utility for 
getting a hash of a file
        https://bugzilla.redhat.com/show_bug.cgi?id=1176880
--------------------------------------------------------------------------------


================================================================================
 nodejs-minstache-1.2.0-1.el7 (FEDORA-EPEL-2014-4893)
 Mini mustache template engine
--------------------------------------------------------------------------------
Update Information:

Initial packaging
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1173206 - Review Request: nodejs-minstache - Mini mustache 
template engine
        https://bugzilla.redhat.com/show_bug.cgi?id=1173206
--------------------------------------------------------------------------------


================================================================================
 openconnect-7.02-1.el7 (FEDORA-EPEL-2014-4887)
 Open client for Cisco AnyConnect VPN
--------------------------------------------------------------------------------
Update Information:

Update to 7.02 release to align with f21\nWhen compiling with old gnutls 
version completely disable ECDHE
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2014 Nikos Mavrogiannopoulos <n...@redhat.com> - 7.02-1
- Update to 7.02 release to align with f21
* Tue Sep 16 2014 Nikos Mavrogiannopoulos <n...@redhat.com> - 6.00-2
- When compiling with old gnutls version completely disable ECDHE instead
  of disabling the curves.
--------------------------------------------------------------------------------


================================================================================
 perl-Rose-DB-Object-0.813-1.el7 (FEDORA-EPEL-2014-4898)
 Extensible, high performance object-relational mapper (ORM)
--------------------------------------------------------------------------------
Update Information:

add perl-Rose-DB-Object to epel7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #839754 - Review Request: perl-Rose-DB-Object - Extensible, high 
performance object-relational mapper (ORM)
        https://bugzilla.redhat.com/show_bug.cgi?id=839754
--------------------------------------------------------------------------------


================================================================================
 phoronix-test-suite-5.4.1-1.el7 (FEDORA-EPEL-2014-4886)
 An Automated, Open-Source Testing Framework
--------------------------------------------------------------------------------
Update Information:

Update to new upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 24 2014 Markus Mayer <lotharl...@gmx.de> 5.4.1-1
- new upstream release
* Thu Oct  2 2014 Rex Dieter <rdie...@fedoraproject.org> 5.2.1-2
- update mime scriptlets
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

[EPEL-devel] Fedora EPEL 7 updates-testing report

Reply via email to