The following Fedora EPEL 7 Security updates need testing:
Age URL
336 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
98 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fca17abc84
p7zip-15.09-9.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-69b4d0e57c
prosody-0.9.10-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5aba523f53
phpMyAdmin-4.4.15.4-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a65d7ed780
python-pymongo-2.5.2-4.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-638137e4de
wordpress-4.4.2-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c8f005b596
mingw-curl-7.47.0-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a140bf655b
mingw-libpng-1.6.21-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6a9bb3d488
mingw-libxml2-2.9.3-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6d2a530b12
mingw-pcre-8.38-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
hylafax+-5.5.8-1.el7
mate-themes-3.14.0-1.el7
memkind-0.3.0-5.el7
mingw-curl-7.47.0-1.el7
mingw-libpng-1.6.21-1.el7
mingw-libxml2-2.9.3-1.el7
mingw-pcre-8.38-1.el7
mintmenu-5.6.5-3.el7
mozilla-noscript-2.9.0.3-1.el7
perl-Path-Tiny-0.076-1.el7
poco-1.6.1-2.el7
trac-1.0.8-2.el7
Details about builds:
================================================================================
hylafax+-5.5.8-1.el7 (FEDORA-EPEL-2016-72c0aa662d)
An enterprise-strength fax server
--------------------------------------------------------------------------------
Update Information:
Update to 5.5.8.
--------------------------------------------------------------------------------
================================================================================
mate-themes-3.14.0-1.el7 (FEDORA-EPEL-2016-ce86798f08)
MATE Desktop themes
--------------------------------------------------------------------------------
Update Information:
use gtk+3 version schema
--------------------------------------------------------------------------------
================================================================================
memkind-0.3.0-5.el7 (FEDORA-EPEL-2016-d2be268902)
User Extensible Heap Manager
--------------------------------------------------------------------------------
Update Information:
Fix rpmlint error dir-or-file-in-var-run for /var/run/memkind ---- Update
upstream fixes for memkind-0.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1305361 - Fix rpmlint error dir-or-file-in-var-run for
/var/run/memkind
https://bugzilla.redhat.com/show_bug.cgi?id=1305361
[ 2 ] Bug #1305292 - Fix rawhide build errod and update memkind to upstream
0.3.0 latest patches
https://bugzilla.redhat.com/show_bug.cgi?id=1305292
--------------------------------------------------------------------------------
================================================================================
mingw-curl-7.47.0-1.el7 (FEDORA-EPEL-2016-c8f005b596)
MinGW Windows port of curl and libcurl
--------------------------------------------------------------------------------
Update Information:
Update to 7.47.0 which fixes various CVE's
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217345 - CVE-2015-3153 mingw-curl: curl: sensitive HTTP server
headers also sent to proxies [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1217345
[ 2 ] Bug #1302266 - CVE-2016-0755 mingw-curl: curl: NTLM credentials
not-checked for proxy connection re-use [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1302266
--------------------------------------------------------------------------------
================================================================================
mingw-libpng-1.6.21-1.el7 (FEDORA-EPEL-2016-a140bf655b)
MinGW Windows Libpng library
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.21 which fixes various CVE's
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1281760 - CVE-2015-8126 mingw-libpng: libpng: Buffer overflow
vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1281760
--------------------------------------------------------------------------------
================================================================================
mingw-libxml2-2.9.3-1.el7 (FEDORA-EPEL-2016-6a9bb3d488)
MinGW Windows libxml2 XML processing library
--------------------------------------------------------------------------------
Update Information:
Update to 2.9.3 which fixes various CVE's
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1277150 - CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing
specially crafted XML document if XZ support is enabled [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1277150
[ 2 ] Bug #1281953 - mingw-libxml2: libxml2: Buffer overread with HTML parser
in push mode in xmlSAX2TextNode [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1281953
[ 3 ] Bug #1276300 - CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer
overflow in xmlParseConditionalSections() [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1276300
[ 4 ] Bug #1274226 - CVE-2015-7941 mingw-libxml2: libxml2: Out-of-bounds
memory access [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1274226
[ 5 ] Bug #1262854 - mingw-libxml2: libxml2: Out-of-bounds memory access when
parsing unclosed HTMl comment [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1262854
[ 6 ] Bug #1213960 - mingw-libxml2: libxml2: out-of-bounds memory access when
parsing an unclosed HTML comment [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1213960
--------------------------------------------------------------------------------
================================================================================
mingw-pcre-8.38-1.el7 (FEDORA-EPEL-2016-6d2a530b12)
MinGW Windows pcre library
--------------------------------------------------------------------------------
Update Information:
Update to 8.38 and fix various CVE's
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1287722 - CVE-2015-8395 mingw-pcre: pcre: Buffer overflow caused
by certain references [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287722
[ 2 ] Bug #1287706 - CVE-2015-8394 mingw-pcre: pcre: Integer overflow caused
by missing check for certain conditions [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287706
[ 3 ] Bug #1287700 - CVE-2015-8393 mingw-pcre: pcre: Information leak when
running pcgrep -q on crafted binary [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287700
[ 4 ] Bug #1287694 - CVE-2015-8392 mingw-pcre: pcre: Buffer overflow caused
by certain patterns with duplicated named groups [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287694
[ 5 ] Bug #1287675 - CVE-2015-8391 mingw-pcre: pcre: Some pathological
patterns causes pcre_compile() to run for a very long time [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287675
[ 6 ] Bug #1287670 - CVE-2015-8390 mingw-pcre: pcre: Reading from
uninitialized memory when processing certain patterns [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287670
[ 7 ] Bug #1287663 - CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in
JIT compiler when processing certain patterns [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287663
[ 8 ] Bug #1287658 - CVE-2015-8388 mingw-pcre: pcre: Buffer overflow caused
by certain patterns with an unmatched closing parenthesis [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287658
[ 9 ] Bug #1287650 - CVE-2015-8387 mingw-pcre: pcre: Integer overflow in
subroutine calls [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287650
[ 10 ] Bug #1287642 - CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused
by lookbehind assertion [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287642
[ 11 ] Bug #1287634 - CVE-2015-8385 mingw-pcre: pcre: Buffer overflow caused
by forward reference by name to certain group [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287634
[ 12 ] Bug #1287628 - CVE-2015-8384 mingw-pcre: pcre: Buffer overflow caused
by recursive back reference by name within certain group [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287628
[ 13 ] Bug #1287619 - CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused
by repeated conditional group [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1287619
[ 14 ] Bug #1256454 - mingw-pcre: pcre: Heap Overflow in compile_regex()
[epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1256454
--------------------------------------------------------------------------------
================================================================================
mintmenu-5.6.5-3.el7 (FEDORA-EPEL-2016-a23382d5f9)
Advanced Menu for the MATE Desktop
--------------------------------------------------------------------------------
Update Information:
- fix rhbz (#1302737)
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-2.9.0.3-1.el7 (FEDORA-EPEL-2016-dc455f640e)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
Highlights from upstream changelog: * Fixed NoScript blocking WebExtensions by
default * Fixed XSS filter JSON sanitization bug (thanks Maxim Rupp for
reporting) * Fixed conflict w/ KeeFox + CTR (thanks amloessb for report)
https://forums.informaction.com/viewtopic.php?p=80581 * [e10s] Fixed
"Temporarily allow top-level sites by default" broken by Electrolysis * Fixed
"key.revokeTemp" preference management bug (thanks palme for patch)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1304561 - mozilla-noscript-2.9.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1304561
--------------------------------------------------------------------------------
================================================================================
perl-Path-Tiny-0.076-1.el7 (FEDORA-EPEL-2016-16df0f7544)
File path utility
--------------------------------------------------------------------------------
Update Information:
This is a cumulative bugfix and enhancement release, the latest from upstream.
There should be no backwards compatibility issues.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1305293 - perl-Path-Tiny: please update package in epel7, f22, f23
branches
https://bugzilla.redhat.com/show_bug.cgi?id=1305293
--------------------------------------------------------------------------------
================================================================================
poco-1.6.1-2.el7 (FEDORA-EPEL-2016-0d60eca4f0)
C++ class libraries for network-centric applications
--------------------------------------------------------------------------------
Update Information:
Build POCO 1.6.1 package for EPEL 7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1201906 - Rebase component to 1.6.0 for EPEL 6 and create package
for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1201906
--------------------------------------------------------------------------------
================================================================================
trac-1.0.8-2.el7 (FEDORA-EPEL-2016-ffdd17384a)
Enhanced wiki and issue tracking system
--------------------------------------------------------------------------------
Update Information:
Adding trac to EPEL 7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164018 - Add trac to epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1164018
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/epel-devel@lists.fedoraproject.org
