The following Fedora EPEL 7 Security updates need testing: Age URL 212 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 108 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6813 chicken-4.9.0.1-4.el7 41 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7800 python-django-1.6.11-3.el7 16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8155 nagios-4.0.8-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-c29d29cc8f mediawiki123-1.23.10-2.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-925e9374c9 python-pymongo-3.0.3-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-13c5827d5c opensmtpd-5.7.3p1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing 0install-2.10-1.el7 0install-2.10-2.el7 ceph-0.80.7-0.6.el7 gnucash-2.6.8-1.el7 gnucash-docs-2.6.8-1.el7 lightdm-1.10.5-6.el7 linux_logo-5.11-12.el7 lxmenu-data-0.1.4-1.el7 mate-notification-daemon-1.10.2-1.el7 opensmtpd-5.7.3p1-1.el7 php-bartlett-PHP-CompatInfo-4.5.0-1.el7 php-mikey179-vfsstream-1.6.0-1.el7 php-myclabs-deep-copy-1.4.0-1.el7 preprocess-1.2.2-2.20150919gitd5ab9a.el7 python-flask-openid-1.2.5-1.el7 quiterss-0.18.2-1.el7 syslog-ng-3.5.6-2.el7 viewvc-1.1.24-1.el7 vile-9.8q-1.el7 Details about builds: ================================================================================ 0install-2.10-1.el7 (FEDORA-EPEL-2015-113c88d6b9) A decentralized cross-distribution software installation system -------------------------------------------------------------------------------- Update Information: Upstream update to 2.10. ---- 0install-2.9.1-1.el7 - Upstream update to 2.9.1. - Add buildrequires: ocaml-react-devel for EPEL. - Exclude ppc64 for EPEL, as the build dependency ocaml-findlib-devel is not available on it. -------------------------------------------------------------------------------- ================================================================================ 0install-2.10-2.el7 (FEDORA-EPEL-2015-0c7398485f) A decentralized cross-distribution software installation system -------------------------------------------------------------------------------- Update Information: 0install-2.10-2.fc21 - Upstream update to 2.10. 0install-2.10-2.fc22 - Upstream update to 2.10. 0install-2.10-2.fc23 - Upstream update to 2.10. 0install-2.10-2.el7 - Upstream update to 2.10. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1070093 - 0install-2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1070093 -------------------------------------------------------------------------------- ================================================================================ ceph-0.80.7-0.6.el7 (FEDORA-EPEL-2015-40bf39f476) User space components of the Ceph file system -------------------------------------------------------------------------------- Update Information: ceph-0.80.7-0.6.el7 - remove python-rados and python-rbd packages to avoid package conflicts - see http://tracker.ceph.com/issues/11104#change-59701 for details ---- This update adds version numbers to Ceph's RPM "Obsoletes" directives. This should reduce the conflict between newer ceph.com releases where the python- and -devel RPMs have not yet been split. See also http://tracker.ceph.com/issues/11104 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1269416 - [ceph] yum-plugin-priorities does not blacklist all the obsoleted packages https://bugzilla.redhat.com/show_bug.cgi?id=1269416 [ 2 ] Bug #1193182 - ceph has unversioned obsoletes https://bugzilla.redhat.com/show_bug.cgi?id=1193182 -------------------------------------------------------------------------------- ================================================================================ gnucash-2.6.8-1.el7 (FEDORA-EPEL-2015-121c7f7daa) Finance management application -------------------------------------------------------------------------------- Update Information: This updates GnuCash to 2.6.8, the latest upstream release. For a list of bugs fixed in this release, see the upstream release notes at: http://gnucash.org/#n-150927-2.6.8.news ---- This updates GnuCash to the latest upstream release, 2.6.7. For a detailed list of fixed bugs, see the upstream release notes at: http://gnucash.org/#n-150628-2.6.7.news -------------------------------------------------------------------------------- References: [ 1 ] Bug #1266794 - gnucash-2.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1266794 [ 2 ] Bug #1236432 - gnucash-2.6.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1236432 -------------------------------------------------------------------------------- ================================================================================ gnucash-docs-2.6.8-1.el7 (FEDORA-EPEL-2015-121c7f7daa) Help files and documentation for the GnuCash personal finanace manager -------------------------------------------------------------------------------- Update Information: This updates GnuCash to 2.6.8, the latest upstream release. For a list of bugs fixed in this release, see the upstream release notes at: http://gnucash.org/#n-150927-2.6.8.news ---- This updates GnuCash to the latest upstream release, 2.6.7. For a detailed list of fixed bugs, see the upstream release notes at: http://gnucash.org/#n-150628-2.6.7.news -------------------------------------------------------------------------------- References: [ 1 ] Bug #1266794 - gnucash-2.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1266794 [ 2 ] Bug #1236432 - gnucash-2.6.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1236432 -------------------------------------------------------------------------------- ================================================================================ lightdm-1.10.5-6.el7 (FEDORA-EPEL-2015-dccbf33063) A cross-desktop Display Manager -------------------------------------------------------------------------------- Update Information: drop listen.patch for < f22 (and epel-7) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1269247 - xserver-allow-tcp=true doesn't work anymore https://bugzilla.redhat.com/show_bug.cgi?id=1269247 -------------------------------------------------------------------------------- ================================================================================ linux_logo-5.11-12.el7 (FEDORA-EPEL-2015-db29761127) Show a logo with some system info on the console -------------------------------------------------------------------------------- Update Information: linux_logo-5.11-12.el6 - Include patch to have a consistent default logo, the banner logo (#1268065). linux_logo-5.11-12.fc23 - Include patch to have a consistent default logo, the banner logo (#1268065). linux_logo-5.11-12.el7 - Include patch to have a consistent default logo, the banner logo (#1268065). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1268065 - linux_logo uses an arbitrary (possibly non-Linux) logo by default https://bugzilla.redhat.com/show_bug.cgi?id=1268065 -------------------------------------------------------------------------------- ================================================================================ lxmenu-data-0.1.4-1.el7 (FEDORA-EPEL-2015-d984c9b4d7) Data files for the LXDE menu -------------------------------------------------------------------------------- Update Information: initial package (v0.1.4) -------------------------------------------------------------------------------- ================================================================================ mate-notification-daemon-1.10.2-1.el7 (FEDORA-EPEL-2015-8a12fcb39d) Notification daemon for MATE Desktop -------------------------------------------------------------------------------- Update Information: mate-notification-daemon-1.10.2-1.el7 - update to 1.10.2 release - remove upstreamed patches -------------------------------------------------------------------------------- ================================================================================ opensmtpd-5.7.3p1-1.el7 (FEDORA-EPEL-2015-13c5827d5c) Free implementation of the server-side SMTP protocol as defined by RFC 5321 -------------------------------------------------------------------------------- Update Information: Issues fixed in this release (since 5.7.2): - fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda; - fix remote buffer overflow in unprivileged pony process; - reworked offline enqueue to better protect against hardlink attacks. ---- Several vulnerabilities have been fixed in OpenSMTPD 5.7.2: - an oversight in the portable version of fgetln() that allows attackers to read and write out-of-bounds memory; - multiple denial-of- service vulnerabilities that allow local users to kill or hang OpenSMTPD; - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user; - a hardlink attack (or race-conditioned symlink attack) that allows local users to unset the chflags() of arbitrary files; - a hardlink attack that allows local users to read the first line of arbitrary files (for example, root's hash from /etc/master.passwd); - a denial-of-service vulnerability that allows remote attackers to fill OpenSMTPD's queue or mailbox hard-disk partition; - an out- of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak information and defeat the ASLR protection; - a use-after-free vulnerability that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user; Further details can be found in Qualys' audit report: http://seclists.org/oss-sec/2015/q4/17 MITRE has assigned one CVE for the use-after-free vulnerability; additional CVEs may be assigned: http://seclists.org/oss-sec/2015/q4/23 External References: https://www.opensmtpd.org/announces/release-5.7.2.txt http://seclists.org/oss- sec/2015/q4/17 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1268837 - opensmtpd-5.7.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1268837 [ 2 ] Bug #1268509 - opensmtpd: 5.7.2 release available https://bugzilla.redhat.com/show_bug.cgi?id=1268509 [ 3 ] Bug #1268795 - CVE-2015-7687 OpenSMTPD: multiple vulnerabilities fixed in 5.7.2 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1268795 [ 4 ] Bug #1268858 - opensmtpd: Remotely triggerable buffer overflow vulnerability in filter_tx_io [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1268858 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-CompatInfo-4.5.0-1.el7 (FEDORA-EPEL-2015-2dacc072cd) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information: **PHP_CompatInfo 4.5.0** * Add support of PHP 5.6.14, PHP 5.5.30 and PHP 5.4.45 * GH-209 : PHP feature detection versions overridden if any function defined after usage -------------------------------------------------------------------------------- ================================================================================ php-mikey179-vfsstream-1.6.0-1.el7 (FEDORA-EPEL-2015-74d708e6bf) PHP stream wrapper for a virtual file system -------------------------------------------------------------------------------- Update Information: ** Release 1.6.0 ** * added vfsStreamWrapper::unregister(), provided by @malkusch with #114 * fixed #115: incorrect handling of .. in root directory on PHP 5.5, fix provided by @acoulton with #116 -------------------------------------------------------------------------------- ================================================================================ php-myclabs-deep-copy-1.4.0-1.el7 (FEDORA-EPEL-2015-374d2d1a38) Create deep copies (clones) of your objects -------------------------------------------------------------------------------- Update Information: ** myclabs/deep-copy 1.4.0** * Support private properties of parent classes -------------------------------------------------------------------------------- ================================================================================ preprocess-1.2.2-2.20150919gitd5ab9a.el7 (FEDORA-EPEL-2015-c014bcdbb4) A portable multi-language file Python2 preprocessor -------------------------------------------------------------------------------- Update Information: - Update to 1.2.2 - Added 'python-setuptools' as BR on EPEL -------------------------------------------------------------------------------- ================================================================================ python-flask-openid-1.2.5-1.el7 (FEDORA-EPEL-2015-8915c1ed71) OpenID support for Flask -------------------------------------------------------------------------------- Update Information: Update to 1.2.5 (#1269019) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1269019 - Rebase to 1.2.5 https://bugzilla.redhat.com/show_bug.cgi?id=1269019 -------------------------------------------------------------------------------- ================================================================================ quiterss-0.18.2-1.el7 (FEDORA-EPEL-2015-4df7c41533) RSS/Atom aggregator -------------------------------------------------------------------------------- Update Information: Version bump -------------------------------------------------------------------------------- ================================================================================ syslog-ng-3.5.6-2.el7 (FEDORA-EPEL-2015-33ade2e7d6) Next-generation syslog server -------------------------------------------------------------------------------- Update Information: syslog-ng-3.5.6-2.el7 - rebuilt for hiredis -------------------------------------------------------------------------------- ================================================================================ viewvc-1.1.24-1.el7 (FEDORA-EPEL-2015-aec52bbb03) Browser interface for CVS and SVN version control repositories -------------------------------------------------------------------------------- Update Information: This is a maintenance release which includes all the bug fixes and enhancements that we've made thus far to our 1.1.x line. ---- Initial release for EPEL7. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1220829 - viewvc package request for EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1220829 -------------------------------------------------------------------------------- ================================================================================ vile-9.8q-1.el7 (FEDORA-EPEL-2015-ddb64f8c64) VI Like Emacs -------------------------------------------------------------------------------- Update Information: upgrade to 9.8q (RHBZ#1260817) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1260817 - vile-9.8q is available https://bugzilla.redhat.com/show_bug.cgi?id=1260817 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel