The following Fedora EPEL 7 Security updates need testing:
 Age  URL
  40  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a   
unrtf-0.21.9-8.el7
  35  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-15b7dc35af   
pass-1.7.2-1.el7
  16  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ccbe8e3c4d   
knot-resolver-2.4.0-1.el7
  14  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3f114dff22   
wordpress-4.9.7-1.el7
  14  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-6b0fdd8b40   
guacamole-server-0.9.14-1.el7 libvncserver-0.9.9-0.12.el7
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d2e0971e9b   
uwsgi-2.0.17.1-1.el7
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-755a438aca   
libgit2-0.26.5-1.el7
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-86150d9653   
rust-1.27.1-2.el7
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3f07844689   
znc-1.7.1-1.el7
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d8d62b4f6c   
suricata-4.0.5-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    NetworkManager-vpnc-1.2.6-1.el7
    ctstream-28-1.el7
    gnudos-1.11-5.el7
    needrestart-3.3-1.el7
    python-certbot-dns-gehirn-0.26.1-1.el7
    python-certbot-dns-linode-0.26.1-1.el7
    python-certbot-dns-ovh-0.26.1-1.el7
    python-certbot-dns-sakuracloud-0.26.1-1.el7
    redis-3.2.12-1.el7

Details about builds:


================================================================================
 NetworkManager-vpnc-1.2.6-1.el7 (FEDORA-EPEL-2018-e603289e79)
 NetworkManager VPN plugin for vpnc
--------------------------------------------------------------------------------
Update Information:

Update to 1.2.6 to fix a local authenticated privilege escalation bug
(CVE-2018-10900).  The issue has been discovered and responsibly disclosed by
Denis Andzakovic: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2018 Lubomir Rintel <lkund...@v3.sk> - 1.2.6-1
- Update to 1.2.6 release
- Fix a local authenticated privilege escalation bug (CVE-2018-10900)
* Thu Jul 12 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 
1:1.2.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb  7 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 
1:1.2.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 31 2018 Igor Gnatenko <ignatenkobr...@fedoraproject.org> - 1:1.2.4-6
- Remove obsolete scriptlets
* Thu Nov 30 2017 Lubomir Rintel <lkund...@v3.sk> - 1.2.4-5
- Drop libnm-glib for Fedora 28
--------------------------------------------------------------------------------


================================================================================
 ctstream-28-1.el7 (FEDORA-EPEL-2018-7bc03ad3c3)
 Get URLs of Czech Television video streams
--------------------------------------------------------------------------------
Update Information:

This release adapts to server changes effective since 2018-07-17.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2018 Petr Pisar <ppi...@redhat.com> - 28-1
- Version 28 bump
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1604727 - ctstream-28 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1604727
--------------------------------------------------------------------------------


================================================================================
 gnudos-1.11-5.el7 (FEDORA-EPEL-2018-d0fddd566e)
 The GnuDOS library for GNU/Linux
--------------------------------------------------------------------------------
Update Information:

Added BuildRequires: gcc
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2018 Mohammed Isam <mohammed_isam1...@yahoo.com> 1.11-5
- Added BuildRequires: gcc
* Sat May 12 2018 Mohammed Isam <mohammed_isam1...@yahoo.com> 1.11-4
- Bugfixes
* Sat May 12 2018 Mohammed Isam <mohammed_isam1...@yahoo.com> 1.11-3
- Added missing copyright notice for ChangeLog file
* Fri May 11 2018 Mohammed Isam <mohammed_isam1...@yahoo.com> 1.11-2
- Added THANKS file and fixed missing copyright notices
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1604166 - gnudos: FTBFS in Fedora rawhide
        https://bugzilla.redhat.com/show_bug.cgi?id=1604166
--------------------------------------------------------------------------------


================================================================================
 needrestart-3.3-1.el7 (FEDORA-EPEL-2018-8d246c1178)
 Restart daemons after library updates
--------------------------------------------------------------------------------
Update Information:

This package has been introduced in Fedora a bit before F28 after having being
worked on for quite some time in Copr and there are no bugs since then. We've
been using it in production in OSAS with automatic restart of service for
months. This new version fixes a few bugs and I believe it is time to make it
available to EPEL now.
--------------------------------------------------------------------------------


================================================================================
 python-certbot-dns-gehirn-0.26.1-1.el7 (FEDORA-EPEL-2018-d84efb5475)
 Gehirn Infrastructure Service DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1602080 - Review Request: python-certbot-dns-gehirn - Gehirn 
Infrastructure Service DNS Authenticator plugin for Certbot
        https://bugzilla.redhat.com/show_bug.cgi?id=1602080
--------------------------------------------------------------------------------


================================================================================
 python-certbot-dns-linode-0.26.1-1.el7 (FEDORA-EPEL-2018-42ce8bfab3)
 Linode DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1602091 - Review Request: python-certbot-dns-linode - Linode DNS 
Authenticator plugin for Certbot
        https://bugzilla.redhat.com/show_bug.cgi?id=1602091
--------------------------------------------------------------------------------


================================================================================
 python-certbot-dns-ovh-0.26.1-1.el7 (FEDORA-EPEL-2018-961c0ed2ac)
 OVH DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1602109 - Review Request: python-certbot-dns-ovh - OVH DNS 
Authenticator plugin for Certbot
        https://bugzilla.redhat.com/show_bug.cgi?id=1602109
--------------------------------------------------------------------------------


================================================================================
 python-certbot-dns-sakuracloud-0.26.1-1.el7 (FEDORA-EPEL-2018-2edc9b4586)
 Sakura Cloud DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1602111 - Review Request: python-certbot-dns-sakuracloud - Sakura 
Cloud DNS Authenticator plugin for Certbot
        https://bugzilla.redhat.com/show_bug.cgi?id=1602111
--------------------------------------------------------------------------------


================================================================================
 redis-3.2.12-1.el7 (FEDORA-EPEL-2018-8de40d24ca)
 A persistent key-value database
--------------------------------------------------------------------------------
Update Information:

Upstream 3.2.12 security fix release.  ----  Upstream 3.2.11 bug-fix-only
release
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2018 Nathan Scott <nath...@redhat.com> - 3.2.12-1
- Upstream 3.2.12 security fix release.
- Fixes CVE-2017-15047: Lack clusterLoadConfig input validation (RHBZ #1499153)
- Fixes CVE-2018-11218: Heap corruption in lua_cmsgpack.c (RHBZ #1591537)
- Fixes CVE-2018-11219: Integer overflow in lua_struct.c b_unpack (RHBZ 
#1591538)
- Fixes CVE-2018-12326: code execution via a crafted command line (RHBZ 
#1594294)
* Tue Sep 26 2017 Nathan Scott <nath...@redhat.com> - 3.2.11-1
- Upstream 3.2.11 bug-fix-only release
- Switch to using Type=notify for Redis systemd services (RHBZ #1172841)
- Add Provides:bundled hiredis, linenoise, lua-libs clauses (RHBZ #788500)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1594294 - CVE-2018-12326 redis: code execution via a crafted 
command line [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1594294
  [ 2 ] Bug #1592931 - /var/run/redis directory not created by RPM 
(redis-3.2.11-1.el6.x86_64.rpm)
        https://bugzilla.redhat.com/show_bug.cgi?id=1592931
  [ 3 ] Bug #1591538 - CVE-2018-11219 redis: Integer overflow in 
lua_struct.c:b_unpack() [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1591538
  [ 4 ] Bug #1591537 - CVE-2018-11218 redis: Heap corruption in lua_cmsgpack.c 
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1591537
  [ 5 ] Bug #1499153 - CVE-2017-15047 redis: Insufficient input validation in 
the clusterLoadConfig function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1499153
  [ 6 ] Bug #1172841 - Service start returns success even when service fails to 
start
        https://bugzilla.redhat.com/show_bug.cgi?id=1172841
  [ 7 ] Bug #788500 - redis bundles jemalloc and hiredis and lua
        https://bugzilla.redhat.com/show_bug.cgi?id=788500
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/message/R6O577IUIMI3GOOQIGDC3ZJEAFNAEWOH/

Reply via email to