The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 172  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a   
bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
 156  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   
condor-8.6.11-1.el7
  30  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6fa6cebc3   
game-music-emu-0.6.2-1.el7
  27  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b43fdd19c3   
vcftools-0.1.16-1.el7
  14  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6c3fb8b090   
chromium-71.0.3578.98-2.el7
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8e5fe375cf   
php-horde-Horde-Form-2.0.19-1.el7
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-01cf520c0b   
python-django-1.11.18-1.el7
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-4d365dad3c   
gitolite3-3.6.11-1.el7
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-7c5121f71d   
golang-1.11.4-1.el7
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-a6100f3df6   
nodejs-6.16.0-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    R-3.5.2-2.el7
    cacti-1.2.0-1.el7
    cacti-spine-1.2.0-2.el7
    htop-2.2.0-3.el7
    java-openjdk-11.0.1.13-11.rolling.el7
    nagios-4.4.3-1.el7
    python-kubernetes-8.0.0-6.el7

Details about builds:


================================================================================
 R-3.5.2-2.el7 (FEDORA-EPEL-2019-5d7bdd9b62)
 A language for data analysis and graphics
--------------------------------------------------------------------------------
Update Information:

Update R to 3.5.2, update rpy to 2.9.5, rebuild rkward.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan  8 2019 Tom Callaway <s...@fedoraproject.org> - 3.5.2-2
- handle pcre2 use/detection
* Mon Jan  7 2019 Tom Callaway <s...@fedoraproject.org> - 3.5.2-1
- update to 3.5.2
* Fri Dec  7 2018 Tom Callaway <s...@fedoraproject.org> - 3.5.1-2
- use absolute path in symlink for latex dir (bz1594102)
--------------------------------------------------------------------------------


================================================================================
 cacti-1.2.0-1.el7 (FEDORA-EPEL-2019-17b3c81533)
 An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:

- Rebase to 1.2.0  Release notes:
https://www.cacti.net/release_notes.php?version=1.2.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 17 2019 Morten Stevens <mstev...@fedoraproject.org> - 1.2.0-1
- Rebase to 1.2.0
- Multiple cross-site scripting vulnerabilities fixed in 1.2.0
- CVE-2018-20723, CVE-2018-20724, CVE-2018-20725, CVE-2018-20726 (#1667024)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1667024 - CVE-2018-20723 CVE-2018-20724 CVE-2018-20725 
CVE-2018-20726 cacti: Multiple cross-site scripting vulnerabilities fixed in 
1.2.0 version [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1667024
--------------------------------------------------------------------------------


================================================================================
 cacti-spine-1.2.0-2.el7 (FEDORA-EPEL-2019-17b3c81533)
 Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:

- Rebase to 1.2.0  Release notes:
https://www.cacti.net/release_notes.php?version=1.2.0
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan  6 2019 Morten Stevens <mstev...@fedoraproject.org> - 1.2.0-2
- Use spine.conf as default
* Thu Jan  3 2019 Morten Stevens <mstev...@fedoraproject.org> - 1.2.0-1
- Update to 1.2.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1667024 - CVE-2018-20723 CVE-2018-20724 CVE-2018-20725 
CVE-2018-20726 cacti: Multiple cross-site scripting vulnerabilities fixed in 
1.2.0 version [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1667024
--------------------------------------------------------------------------------


================================================================================
 htop-2.2.0-3.el7 (FEDORA-EPEL-2019-daaed9cb91)
 Interactive process viewer
--------------------------------------------------------------------------------
Update Information:

fix crash when launched with '-s' flag
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 16 2019 Mukundan Ragavan <nonamed...@fedoraproject.org> - 2.2.0-3
- Fix crash when launched with "-s" flag (bug# 1666551)
* Fri Jul 13 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1666551 - htop -s is causing segmentation fault
        https://bugzilla.redhat.com/show_bug.cgi?id=1666551
--------------------------------------------------------------------------------


================================================================================
 java-openjdk-11.0.1.13-11.rolling.el7 (FEDORA-EPEL-2019-6f43979cd7)
 OpenJDK Runtime Environment 11
--------------------------------------------------------------------------------
Update Information:

This is first release of java-openjdk rolling package for short-term releases of
openjdk for EPEL7. Our goal is now get it to the testing, auto karma is turned
off. It still needs a lot of testing before it can surely reach stable, most
likely, this release will never reach stable repos, since we will want to do
this after we update sources to JDK12.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1557371 - Review Request: java-openjdk - rolling release for short 
term support OpenJDK
        https://bugzilla.redhat.com/show_bug.cgi?id=1557371
--------------------------------------------------------------------------------


================================================================================
 nagios-4.4.3-1.el7 (FEDORA-EPEL-2019-d661b588d2)
 Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:

Incorporate many fixes from Justin Paulsen <peta...@gmail.com> THANKS!!!  ----
Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441
CVE-2016-8641  ----  Remove section which unset nagios Fix BZ#1568273  ----  Fix
systemd failures due to old versioning.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 16 2019 Stephen Smoogen <smo...@fedoraproject.org> - 4.4.3-1
- Incorporate many fixes from Justin Paulsen <peta...@gmail.com> THANKS!!!
- Update to 4.4.3 for CVE fixes
- BZ#1661479
- BZ#1661480
- BZ#1665200
- BZ#1665201
- BZ#1665206
- BZ#1665207
- BZ#1665209
- BZ#1665210
- Fix BZ#1666209 Add RuntimeDirectory too systemd
* Fri Nov 30 2018 Stephen Smoogen <smo...@fedoraproject.org> - 4.4.2-3
- Remove systemd startup since built in works properly
- Incorporate fixes from patch14 into patch9
* Thu Nov 29 2018 Stephen Smoogen <smo...@fedoraproject.org> - 4.4.2-2
- Fix init-type and initdir for systemd and sysv
* Wed Nov 28 2018 Justin Paulsen <peta...@gmail.com> 4.4.2-1
- Bumped to version 4.4.2
- Updated patches 0001,0002,0003,0006,0009,0010,0011 to reflect upstream changes
- Updates to nagios.spec (this file) to cleanup un-needed elements and
  adjust/fix as required
- As a result of the cleanup I have added a patch 
nagios-0014-fix-resource.cfg-path.patch
* Tue Jul 24 2018 Stephen Smoogen <smo...@fedoraproject.org> - 4.3.4-13
- Remove section which unset nagios Fix BZ#1568273
- Remove /etc/nagios/conf.d Fix BZ#1504306
- Change perms on dir Fix BZ#1579935
- Close BZ#1273154
- Hopefully Fix BZ#1201849
- Hopefully Fix BZ#1476238
- Hopefully Fix BZ#1494292
* Fri Jul 13 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 
4.3.4-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jples...@redhat.com> - 4.3.4-11
- Perl 5.28 rebuild
* Thu Apr 26 2018 Stephen Smoogen <smo...@fedoraproject.org> - 4.3.4-10
- Fix systemd failures due to old versioning.
* Tue Feb 20 2018 Stephen Smoogen <smo...@fedoraproject.org> - 4.3.4-9
- Add buildrequires for gcc
* Thu Feb  8 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 
4.3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Nov 24 2017 Robert Scheck <rob...@fedoraproject.org> - 4.3.4-7
- Fix initscript stop action for RHEL/CentOS 6 (#1515445 #c11)
* Fri Nov 24 2017 Robert Scheck <rob...@fedoraproject.org> - 4.3.4-6
- Fix shell syntax error in initscript for RHEL/CentOS 6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1661479 - CVE-2018-18245 nagios: Stored XSS via Plugin Output 
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1661479
  [ 2 ] Bug #1661480 - CVE-2018-18245 nagios: Stored XSS via Plugin Output 
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1661480
  [ 3 ] Bug #1665200 - CVE-2018-13441 nagios: NULL pointer dereference in 
qh_help in base/query-handler.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1665200
  [ 4 ] Bug #1665201 - CVE-2018-13441 nagios: NULL pointer dereference in 
qh_help in base/query-handler.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1665201
  [ 5 ] Bug #1665206 - CVE-2018-13457 nagios: NULL pointer dereference in 
qh_echo in base/query-handler.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1665206
  [ 6 ] Bug #1665207 - CVE-2018-13457 nagios: NULL pointer dereference in 
qh_echo in base/query-handler.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1665207
  [ 7 ] Bug #1665209 - CVE-2018-13458 nagios: NULL pointer dereference in 
qh_core in base/query-handler.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1665209
  [ 8 ] Bug #1665210 - CVE-2018-13458 nagios: NULL pointer dereference in 
qh_core in base/query-handler.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1665210
  [ 9 ] Bug #1666209 - Nagios cannot start after system reboot because of 
missing directory
        https://bugzilla.redhat.com/show_bug.cgi?id=1666209
  [ 10 ] Bug #1593048 - nagios-4.4.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1593048
  [ 11 ] Bug #1647765 - Memory leak in nagios
        https://bugzilla.redhat.com/show_bug.cgi?id=1647765
  [ 12 ] Bug #1482407 - nagios-4.3.2-8.el7 crash caused by (potential) result 
size issue in wproc
        https://bugzilla.redhat.com/show_bug.cgi?id=1482407
  [ 13 ] Bug #1506423 - Nagios regularly crashes with SIGSEGV after couple of 
weeks of starting.
        https://bugzilla.redhat.com/show_bug.cgi?id=1506423
  [ 14 ] Bug #1592594 - nagios spool files in wrong location by default, 
causing SELinux violations
        https://bugzilla.redhat.com/show_bug.cgi?id=1592594
  [ 15 ] Bug #1568273 - Nagios service disabled after each update
        https://bugzilla.redhat.com/show_bug.cgi?id=1568273
  [ 16 ] Bug #1504306 - minor packaging improvements
        https://bugzilla.redhat.com/show_bug.cgi?id=1504306
  [ 17 ] Bug #1579935 - nagios-common permissions issue with 
/usr/lib64/nagios/plugins directory
        https://bugzilla.redhat.com/show_bug.cgi?id=1579935
  [ 18 ] Bug #1273154 - RFE: Remove Nagios version check warning messages
        https://bugzilla.redhat.com/show_bug.cgi?id=1273154
  [ 19 ] Bug #1201849 - Support an environment file in the systemd unit file
        https://bugzilla.redhat.com/show_bug.cgi?id=1201849
  [ 20 ] Bug #1476238 - EPEL6 update to 4.3.2 causes information leak to google 
via embedded youtube
        https://bugzilla.redhat.com/show_bug.cgi?id=1476238
  [ 21 ] Bug #1494292 - file ownership problem between nagios and nagios-contrib
        https://bugzilla.redhat.com/show_bug.cgi?id=1494292
  [ 22 ] Bug #1517925 - Updating nagios package causes nagios service to be 
disabled.
        https://bugzilla.redhat.com/show_bug.cgi?id=1517925
--------------------------------------------------------------------------------


================================================================================
 python-kubernetes-8.0.0-6.el7 (FEDORA-EPEL-2019-2a28713541)
 Python client for the kubernetes API.
--------------------------------------------------------------------------------
Update Information:

Initial release of python-kubernetes for EPEL
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org

Reply via email to