The following Fedora EPEL 7 Security updates need testing:
Age URL
329 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
91 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-418a480529
gsi-openssh-6.6.1p1-3.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fb26e5cd3c
privoxy-3.0.23-3.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fca17abc84
p7zip-15.09-9.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-69b4d0e57c
prosody-0.9.10-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5aba523f53
phpMyAdmin-4.4.15.4-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
batctl-2016.0-1.el7
boinc-client-7.2.42-9.gitdd0d630.el7
codec2-0.5-1.el7
freedv-1.1-5.el7
mote-0.4.3-2.el7
phpMyAdmin-4.4.15.4-1.el7
Details about builds:
================================================================================
batctl-2016.0-1.el7 (FEDORA-EPEL-2016-b73f64f566)
B.A.T.M.A.N. advanced control and management tool
--------------------------------------------------------------------------------
Update Information:
Update to 2016.0 See changelog at https://www.open-mesh.org/projects/open-
mesh/wiki/2016-01-19-batman-adv-2016-0-release
--------------------------------------------------------------------------------
================================================================================
boinc-client-7.2.42-9.gitdd0d630.el7 (FEDORA-EPEL-2016-1f0f85412d)
The BOINC client core
--------------------------------------------------------------------------------
Update Information:
bugfix #1192799 Directory is owned which shouldn't
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1192799 - Directory is owned which shouldn't
https://bugzilla.redhat.com/show_bug.cgi?id=1192799
--------------------------------------------------------------------------------
================================================================================
codec2-0.5-1.el7 (FEDORA-EPEL-2016-d007a8affa)
Next-Generation Digital Voice for Two-Way Radio
--------------------------------------------------------------------------------
Update Information:
Initial package release & fixed ppc64le build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1278638 - Review Request: freedv - FreeDV Digital Voice
https://bugzilla.redhat.com/show_bug.cgi?id=1278638
--------------------------------------------------------------------------------
================================================================================
freedv-1.1-5.el7 (FEDORA-EPEL-2016-d007a8affa)
FreeDV Digital Voice
--------------------------------------------------------------------------------
Update Information:
Initial package release & fixed ppc64le build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1278638 - Review Request: freedv - FreeDV Digital Voice
https://bugzilla.redhat.com/show_bug.cgi?id=1278638
--------------------------------------------------------------------------------
================================================================================
mote-0.4.3-2.el7 (FEDORA-EPEL-2016-c250f21ac1)
A MeetBot log wrangler, providing a user-friendly interface for Fedora's logs
--------------------------------------------------------------------------------
Update Information:
Update 0.4.3 ---- Update 0.4.1
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.4.15.4-1.el7 (FEDORA-EPEL-2016-5aba523f53)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.4.15.4 (2016-01-29) ================================ - Error with
PMA 4.4.15.3 - Remove hard dependency on phpseclib phpMyAdmin 4.4.15.3
(2016-01-28) ================================ - [Security] Multiple full path
disclosure vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of
CSRF token, see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see
PMASA-2016-3 - [Security] Insecure password generation in JavaScript, see
PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, see PMASA-2016-5 -
[Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6 -
[Security] XSS vulnerability in normalization page, see PMASA-2016-7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302684 - CVE-2016-2043 phpMyAdmin: XSS vulnerability in
normalization page (PMASA-2016-7)
https://bugzilla.redhat.com/show_bug.cgi?id=1302684
[ 2 ] Bug #1302682 - CVE-2016-2042 phpMyAdmin: Multiple full path disclosure
vulnerabilities (PMASA-2016-6)
https://bugzilla.redhat.com/show_bug.cgi?id=1302682
[ 3 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF
token (PMASA-2016-5)
https://bugzilla.redhat.com/show_bug.cgi?id=1302681
[ 4 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation
in JavaScript (PMASA-2016-4)
https://bugzilla.redhat.com/show_bug.cgi?id=1302680
[ 5 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities
(PMASA-2016-3)
https://bugzilla.redhat.com/show_bug.cgi?id=1302679
[ 6 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF
token (PMASA-2016-2)
https://bugzilla.redhat.com/show_bug.cgi?id=1302677
[ 7 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure
vulnerabilities (PMASA-2016-1)
https://bugzilla.redhat.com/show_bug.cgi?id=1302676
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
http://lists.fedoraproject.org/admin/lists/[email protected]
