The following Fedora EPEL 7 Security updates need testing: Age URL 336 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 98 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fca17abc84 p7zip-15.09-9.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-69b4d0e57c prosody-0.9.10-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5aba523f53 phpMyAdmin-4.4.15.4-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a65d7ed780 python-pymongo-2.5.2-4.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-638137e4de wordpress-4.4.2-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c8f005b596 mingw-curl-7.47.0-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a140bf655b mingw-libpng-1.6.21-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6a9bb3d488 mingw-libxml2-2.9.3-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6d2a530b12 mingw-pcre-8.38-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing hylafax+-5.5.8-1.el7 mate-themes-3.14.0-1.el7 memkind-0.3.0-5.el7 mingw-curl-7.47.0-1.el7 mingw-libpng-1.6.21-1.el7 mingw-libxml2-2.9.3-1.el7 mingw-pcre-8.38-1.el7 mintmenu-5.6.5-3.el7 mozilla-noscript-2.9.0.3-1.el7 perl-Path-Tiny-0.076-1.el7 poco-1.6.1-2.el7 trac-1.0.8-2.el7 Details about builds: ================================================================================ hylafax+-5.5.8-1.el7 (FEDORA-EPEL-2016-72c0aa662d) An enterprise-strength fax server -------------------------------------------------------------------------------- Update Information: Update to 5.5.8. -------------------------------------------------------------------------------- ================================================================================ mate-themes-3.14.0-1.el7 (FEDORA-EPEL-2016-ce86798f08) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: use gtk+3 version schema -------------------------------------------------------------------------------- ================================================================================ memkind-0.3.0-5.el7 (FEDORA-EPEL-2016-d2be268902) User Extensible Heap Manager -------------------------------------------------------------------------------- Update Information: Fix rpmlint error dir-or-file-in-var-run for /var/run/memkind ---- Update upstream fixes for memkind-0.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305361 - Fix rpmlint error dir-or-file-in-var-run for /var/run/memkind https://bugzilla.redhat.com/show_bug.cgi?id=1305361 [ 2 ] Bug #1305292 - Fix rawhide build errod and update memkind to upstream 0.3.0 latest patches https://bugzilla.redhat.com/show_bug.cgi?id=1305292 -------------------------------------------------------------------------------- ================================================================================ mingw-curl-7.47.0-1.el7 (FEDORA-EPEL-2016-c8f005b596) MinGW Windows port of curl and libcurl -------------------------------------------------------------------------------- Update Information: Update to 7.47.0 which fixes various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1217345 - CVE-2015-3153 mingw-curl: curl: sensitive HTTP server headers also sent to proxies [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1217345 [ 2 ] Bug #1302266 - CVE-2016-0755 mingw-curl: curl: NTLM credentials not-checked for proxy connection re-use [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1302266 -------------------------------------------------------------------------------- ================================================================================ mingw-libpng-1.6.21-1.el7 (FEDORA-EPEL-2016-a140bf655b) MinGW Windows Libpng library -------------------------------------------------------------------------------- Update Information: Update to 1.6.21 which fixes various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1281760 - CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1281760 -------------------------------------------------------------------------------- ================================================================================ mingw-libxml2-2.9.3-1.el7 (FEDORA-EPEL-2016-6a9bb3d488) MinGW Windows libxml2 XML processing library -------------------------------------------------------------------------------- Update Information: Update to 2.9.3 which fixes various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1277150 - CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1277150 [ 2 ] Bug #1281953 - mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1281953 [ 3 ] Bug #1276300 - CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1276300 [ 4 ] Bug #1274226 - CVE-2015-7941 mingw-libxml2: libxml2: Out-of-bounds memory access [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1274226 [ 5 ] Bug #1262854 - mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1262854 [ 6 ] Bug #1213960 - mingw-libxml2: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1213960 -------------------------------------------------------------------------------- ================================================================================ mingw-pcre-8.38-1.el7 (FEDORA-EPEL-2016-6d2a530b12) MinGW Windows pcre library -------------------------------------------------------------------------------- Update Information: Update to 8.38 and fix various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1287722 - CVE-2015-8395 mingw-pcre: pcre: Buffer overflow caused by certain references [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287722 [ 2 ] Bug #1287706 - CVE-2015-8394 mingw-pcre: pcre: Integer overflow caused by missing check for certain conditions [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287706 [ 3 ] Bug #1287700 - CVE-2015-8393 mingw-pcre: pcre: Information leak when running pcgrep -q on crafted binary [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287700 [ 4 ] Bug #1287694 - CVE-2015-8392 mingw-pcre: pcre: Buffer overflow caused by certain patterns with duplicated named groups [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287694 [ 5 ] Bug #1287675 - CVE-2015-8391 mingw-pcre: pcre: Some pathological patterns causes pcre_compile() to run for a very long time [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287675 [ 6 ] Bug #1287670 - CVE-2015-8390 mingw-pcre: pcre: Reading from uninitialized memory when processing certain patterns [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287670 [ 7 ] Bug #1287663 - CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in JIT compiler when processing certain patterns [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287663 [ 8 ] Bug #1287658 - CVE-2015-8388 mingw-pcre: pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287658 [ 9 ] Bug #1287650 - CVE-2015-8387 mingw-pcre: pcre: Integer overflow in subroutine calls [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287650 [ 10 ] Bug #1287642 - CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused by lookbehind assertion [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287642 [ 11 ] Bug #1287634 - CVE-2015-8385 mingw-pcre: pcre: Buffer overflow caused by forward reference by name to certain group [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287634 [ 12 ] Bug #1287628 - CVE-2015-8384 mingw-pcre: pcre: Buffer overflow caused by recursive back reference by name within certain group [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287628 [ 13 ] Bug #1287619 - CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused by repeated conditional group [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287619 [ 14 ] Bug #1256454 - mingw-pcre: pcre: Heap Overflow in compile_regex() [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1256454 -------------------------------------------------------------------------------- ================================================================================ mintmenu-5.6.5-3.el7 (FEDORA-EPEL-2016-a23382d5f9) Advanced Menu for the MATE Desktop -------------------------------------------------------------------------------- Update Information: - fix rhbz (#1302737) -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-2.9.0.3-1.el7 (FEDORA-EPEL-2016-dc455f640e) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: Highlights from upstream changelog: * Fixed NoScript blocking WebExtensions by default * Fixed XSS filter JSON sanitization bug (thanks Maxim Rupp for reporting) * Fixed conflict w/ KeeFox + CTR (thanks amloessb for report) https://forums.informaction.com/viewtopic.php?p=80581 * [e10s] Fixed "Temporarily allow top-level sites by default" broken by Electrolysis * Fixed "key.revokeTemp" preference management bug (thanks palme for patch) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1304561 - mozilla-noscript-2.9.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1304561 -------------------------------------------------------------------------------- ================================================================================ perl-Path-Tiny-0.076-1.el7 (FEDORA-EPEL-2016-16df0f7544) File path utility -------------------------------------------------------------------------------- Update Information: This is a cumulative bugfix and enhancement release, the latest from upstream. There should be no backwards compatibility issues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305293 - perl-Path-Tiny: please update package in epel7, f22, f23 branches https://bugzilla.redhat.com/show_bug.cgi?id=1305293 -------------------------------------------------------------------------------- ================================================================================ poco-1.6.1-2.el7 (FEDORA-EPEL-2016-0d60eca4f0) C++ class libraries for network-centric applications -------------------------------------------------------------------------------- Update Information: Build POCO 1.6.1 package for EPEL 7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1201906 - Rebase component to 1.6.0 for EPEL 6 and create package for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1201906 -------------------------------------------------------------------------------- ================================================================================ trac-1.0.8-2.el7 (FEDORA-EPEL-2016-ffdd17384a) Enhanced wiki and issue tracking system -------------------------------------------------------------------------------- Update Information: Adding trac to EPEL 7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164018 - Add trac to epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1164018 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/epel-devel@lists.fedoraproject.org