The following Fedora EPEL 7 Security updates need testing:
Age URL
357 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
132 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294
cinnamon-3.6.7-5.el7
98 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
96 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
68 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-fc63c75ab1
hostapd-2.8-1.el7
33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897
dosbox-0.74.3-2.el7
25 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-487a6fb279
knot-2.8.2-1.el7 knot-resolver-4.1.0-1.el7
25 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aabd063c30
squirrelmail-1.4.23-1.el7.20190710
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ef655ec55e
proftpd-1.3.5e-5.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-44d26d23ea
upx-3.95-4.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b6948289f0
pdns-4.1.11-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ad7b11b384
igraph-0.7.1-12.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-643d621522
jhead-3.03-4.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bird-1.6.7-1.el7
boinc-client-7.16.1-2.el7
git-secret-0.2.6-2.el7
perl-Net-BGP-0.17-1.el7
purple-discord-0-25.20190805git250a8a0.el7
purple-hangouts-0-65.20190607hg3f7d89b.el7
python-django-1.11.23-1.el7
python-plumbum-1.6.7-2.el7
qdigidoc-4.2.2-4.el7
Details about builds:
================================================================================
bird-1.6.7-1.el7 (FEDORA-EPEL-2019-9657484745)
BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:
BIRD 1.6.7 (2019-08-01) ======================= * BFD: Support for VRFs *
Several bugfixes
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 5 2019 Robert Scheck <[email protected]> - 1.6.7-1
- Upgrade to 1.6.7
--------------------------------------------------------------------------------
================================================================================
boinc-client-7.16.1-2.el7 (FEDORA-EPEL-2019-f641534c73)
The BOINC client
--------------------------------------------------------------------------------
Update Information:
7.16.1 release ---- 7.16.1 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2019 Germano Massullo <[email protected]>
- replaced %setup -q -n boinc-%{gittag_custom} with %autosetup -n
boinc-%{gittag_custom}
* Tue Aug 6 2019 Germano Massullo <[email protected]> - 7.16.1-1
- 7.16.1 release
- Removed scheduler.patch tray_icon_removal.patch window_close.patch because
they have been merged into 7.16.1
* Wed Jul 24 2019 Fedora Release Engineering <[email protected]> -
7.14.2-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
git-secret-0.2.6-2.el7 (FEDORA-EPEL-2019-5578d0c2fa)
A bash-tool to store your private data inside a git repository
--------------------------------------------------------------------------------
Update Information:
Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Net-BGP-0.17-1.el7 (FEDORA-EPEL-2019-f267faa772)
Perl module for object-oriented API to the BGP protocol
--------------------------------------------------------------------------------
Update Information:
Net::BGP 0.17 ============= - Fixed bug where the wrong aggregator variable
was being tested. - Added an "OpaqueData" parameter and equivalent accessor
sub `opaque_data()` to allow for the storage of arbitrary data with the
peer. The main purpose of this is to allow the user to store extra data (a
scalar or ref) with the peer that is then readable by the call back
routines. I realise there are other ways to do this, but this seems much
cleaner. - Fixes the situation where a socket is still in the list of sockets
to be selected on, yet it has been closed. I believe this is caused when we
create a new connection to a peer at the same time as we receive one. When
we find ourselves with a bad FD, we re-check the list of sockets to select
on. - It is possible to receive a notification message (error) in response to
an OPEN message (e.g. an unrecognised ASN). We were getting a Finite State
Machine error, now we call the notification callback. - `_kill_session()` will
call `_close_session()` even if the socket is not open. This will finally
terminate the session properly (stops some weird loops). - Added extra members
of the notification state engine. Now calls `_kill_session()` rather than
`_cease()` when the peer socket is closed.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2019 Robert Scheck <[email protected]> 0.17-1
- Upgrade to 0.17 (#1737397)
* Fri Jul 26 2019 Fedora Release Engineering <[email protected]> - 0.16-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 31 2019 Jitka Plesnikova <[email protected]> - 0.16-3
- Perl 5.30 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1737397 - Upgrade perl-Net-BGP to 0.17
https://bugzilla.redhat.com/show_bug.cgi?id=1737397
--------------------------------------------------------------------------------
================================================================================
purple-discord-0-25.20190805git250a8a0.el7 (FEDORA-EPEL-2019-1920abccdb)
Discord plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated some purple plugins to latest snapshots.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2019 Vitaly Zaitsev <[email protected]> -
0-25.20190805git250a8a0
- Updated to latest snapshot.
* Fri Jul 26 2019 Fedora Release Engineering <[email protected]> -
0-24.20190505git8623ec7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
purple-hangouts-0-65.20190607hg3f7d89b.el7 (FEDORA-EPEL-2019-1920abccdb)
Hangouts plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated some purple plugins to latest snapshots.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2019 Vitaly Zaitsev <[email protected]> -
1:0-65.20190607hg3f7d89b
- Updated to latest snapshot.
* Fri Jul 26 2019 Fedora Release Engineering <[email protected]> -
1:0-64.20190303hgeffc9b4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-django-1.11.23-1.el7 (FEDORA-EPEL-2019-4e6da66b9f)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2019-14232 (rhbz#1735768)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2019 Matthias Runge <[email protected]> - 1.11.23-1
- Fix CVE-2019-14232 (rhbz#1735768)
- Fix CVE-2019-14233 (rhbz#1735772)
- Fix CVE-2019-14234 (rhbz#1735776)
- Fix CVE-2019-14235 (rhbz#1735781)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1735768 - CVE-2019-14232 python-django: Django: backtracking in a
regular expression in django.utils.text.Truncator leads to DoS [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1735768
[ 2 ] Bug #1735772 - CVE-2019-14233 python-django: Django: the behavior of
the underlying HTMLParser leading to DoS [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1735772
[ 3 ] Bug #1735776 - CVE-2019-14234 python-django: Django: SQL injection
possibility in key and index lookups for JSONField/HStoreField [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1735776
[ 4 ] Bug #1735781 - CVE-2019-14235 python-django: Django: Potential memory
exhaustion in django.utils.encoding.uri_to_iri() [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1735781
--------------------------------------------------------------------------------
================================================================================
python-plumbum-1.6.7-2.el7 (FEDORA-EPEL-2019-cca94d8cc6)
Shell combinators library
--------------------------------------------------------------------------------
Update Information:
Upstream version 1.6.7 ---- Upstream version 1.6.7
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 22 2019 Greg Hellings <[email protected]> - 1.6.7-1
- Upstream version 1.6.7
- Restored Python 3 version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1244181 - python-plumbum-1.6.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1244181
--------------------------------------------------------------------------------
================================================================================
qdigidoc-4.2.2-4.el7 (FEDORA-EPEL-2019-e29d1e586e)
Estonian digital signature and encryption application
--------------------------------------------------------------------------------
Update Information:
- Latest upstream release 4.2.2 - Fix for epel7 build by calling cmake3
explicitly
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2019 Dmitri Smirnov <[email protected]> - 4.2.2-4
- Call cmake3 explicitly to fix epel7 build
* Wed Jul 31 2019 Dmitri Smirnov <[email protected]> - 4.2.2-3
- Patch nautilus extension to work with python 3
* Fri Jul 26 2019 Fedora Release Engineering <[email protected]> -
4.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 22 2019 Dmitri Smirnov <[email protected]> - 4.2.2-1
- Upstream release 4.2.2
* Fri Jul 19 2019 Dmitri Smirnov <[email protected]> - 4.2.1-1
- Upstream release 4.2.1
* Sat Feb 2 2019 Fedora Release Engineering <[email protected]> -
4.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Dec 28 2018 Germano Massullo <[email protected]> - 4.2.0-4
- added Provides: qesteidutil
* Tue Dec 11 2018 Germano Massullo <[email protected]> - 4.2.0-3
- adding obsoletes: qesteidutil for F30
* Tue Dec 4 2018 Dmitri Smirnov <[email protected]> - 4.2.0-2
- Add proper provides and obsoletes
* Tue Dec 4 2018 Dmitri Smirnov <[email protected]> - 4.2.0-1
- Upstream release 4.2.0
* Mon Nov 19 2018 Dmitri Smirnov <[email protected]> - 4.1.0-1
- Upstream release 4.1.0
* Thu Oct 4 2018 Dmitri Smirnov <[email protected]> - 4.0.0-4
- Use the officially provided zip pack
- Update static resource files
* Mon Jun 25 2018 Dmitri Smirnov <[email protected]> - 4.0.0-3
- Add instructions on how to obtain the tarball
- Re-pack the sources tarball with ones obtained from VCS.
* Mon Jun 18 2018 Dmitri Smirnov <[email protected]> - 4.0.0-2
- Add a patch for sanbox compilation
* Wed Jun 13 2018 Dmitri Smirnov <[email protected]> - 4.0.0-1
- Update sources to the 4.0.0 release
- Add a patch to workaround the Qt 5.11 compatibility
* Sun Jun 3 2018 Dmitri Smirnov <[email protected]> - 0.6.0-3
- Update sources to the latest one
* Thu May 3 2018 Dmitri Smirnov <[email protected]> - 0.6.0-2
- Remove filetype bindings and icons to avoid conflict with DigiDoc3
* Tue May 1 2018 Dmitri Smirnov <[email protected]> - 0.6.0-1
- Initial packaging of 0.6.0 beta
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1662491 - Fix EPEL7 build
https://bugzilla.redhat.com/show_bug.cgi?id=1662491
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
