[EPEL-devel] Fedora EPEL 7 updates-testing report

[updates]

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 470  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   
condor-8.6.11-1.el7
 212  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80   
python-gnupg-0.4.4-1.el7
 209  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b   
bubblewrap-0.3.3-2.el7
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-58be818bb4   
thunderbird-enigmail-2.1.3-1.el7
  10  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8a7207a341   
libidn2-2.3.0-1.el7
  10  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aff200699c   
mingw-libidn2-2.3.0-1.el7
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b1761c2898   
imapfilter-2.6.15-1.el7
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1a5ac407f8   
jhead-3.04-1.el7
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d6b0a398c2   
clamav-0.101.5-1.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-06a2efa1e8   
tnef-1.4.18-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    chromium-78.0.3904.108-1.el7
    wine-4.0.3-1.el7

Details about builds:


================================================================================
 chromium-78.0.3904.108-1.el7 (FEDORA-EPEL-2019-9007659871)
 A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2019-13723 & CVE-2019-13724  ----  Update to latest stable
(78.0.3904.97). This build contains a number of bug fixes and security updates.
Changes can be viewed here: https://chromium.googlesource.com/chromium/src/+log/
78.0.3904.86..78.0.3904.92?n=10000  ----  Update to chromium 78.0.3904.87, fixes
CVE-2019-13720 & CVE-2019-13721.  Also fixes zip compression support in EL8
builds.  ----  Chromium 78.  Fixes these: CVE-2019-5870 CVE-2019-5871
CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-13691 CVE-2019-13692
CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880
CVE-2019-5881 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662
CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667
CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673
CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678
CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 25 2019 Tom Callaway <s...@fedoraproject.org> - 78.0.3904.108-1
- update to 78.0.3904.108
* Sun Nov 17 2019 Tom Callaway <s...@fedoraproject.org> - 78.0.3904.97-2
- allow clock_nanosleep through seccomp (bz #1773289)
* Thu Nov  7 2019 Tom Callaway <s...@fedoraproject.org> - 78.0.3904.97-1
- update to 78.0.3904.97
* Fri Nov  1 2019 Tom Callaway <s...@fedoraproject.org> - 78.0.3904.87-1
- update to 78.0.3904.87
- apply most of the freeworld changes in PR 23/24/25
* Wed Oct 23 2019 Tom Callaway <s...@fedoraproject.org> - 78.0.3904.80-1
- update to 78.0.3904.80
* Wed Oct 16 2019 Tom Callaway <s...@fedoraproject.org> - 77.0.3865.120-4
- upstream fix for zlib symbol exports with gcc
* Wed Oct 16 2019 Tom Callaway <s...@fedoraproject.org> - 77.0.3865.120-3
- silence outdated build noise (bz1745745)
* Tue Oct 15 2019 Tom Callaway <s...@fedoraproject.org> - 77.0.3865.120-2
- fix node handling for EPEL-8
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1768578 - CVE-2019-13721 chromium-browser: use-after-free in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1768578
  [ 2 ] Bug #1768586 - CVE-2019-13720 chromium-browser: use-after-free in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1768586
  [ 3 ] Bug #1762402 - CVE-2019-13682 chromium-browser: Site isolation bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1762402
  [ 4 ] Bug #1762401 - CVE-2019-13681 chromium-browser: Bypass on download 
restrictions
        https://bugzilla.redhat.com/show_bug.cgi?id=1762401
  [ 5 ] Bug #1762400 - CVE-2019-13680 chromium-browser: IP address spoofing to 
servers
        https://bugzilla.redhat.com/show_bug.cgi?id=1762400
  [ 6 ] Bug #1762399 - CVE-2019-13679 chromium-browser: User gesture needed for 
printing
        https://bugzilla.redhat.com/show_bug.cgi?id=1762399
  [ 7 ] Bug #1762398 - CVE-2019-13678 chromium-browser: Download dialog spoofing
        https://bugzilla.redhat.com/show_bug.cgi?id=1762398
  [ 8 ] Bug #1762397 - CVE-2019-13677 chromium-browser: Chrome web store origin 
needs to be isolated
        https://bugzilla.redhat.com/show_bug.cgi?id=1762397
  [ 9 ] Bug #1762396 - CVE-2019-13676 chromium-browser: Google URI shown for 
certificate warning
        https://bugzilla.redhat.com/show_bug.cgi?id=1762396
  [ 10 ] Bug #1762395 - CVE-2019-13675 chromium-browser: Extensions can be 
disabled by trailing slash
        https://bugzilla.redhat.com/show_bug.cgi?id=1762395
  [ 11 ] Bug #1762394 - CVE-2019-13674 chromium-browser: IDN spoofing
        https://bugzilla.redhat.com/show_bug.cgi?id=1762394
  [ 12 ] Bug #1762393 - CVE-2019-13673 chromium-browser: Cross-origin 
information leak using devtools
        https://bugzilla.redhat.com/show_bug.cgi?id=1762393
  [ 13 ] Bug #1762392 - CVE-2019-13671 chromium-browser: Dialog box fails to 
show origin
        https://bugzilla.redhat.com/show_bug.cgi?id=1762392
  [ 14 ] Bug #1762391 - CVE-2019-13670 chromium-browser: V8 memory corruption 
in regex
        https://bugzilla.redhat.com/show_bug.cgi?id=1762391
  [ 15 ] Bug #1762390 - CVE-2019-13669 chromium-browser: HTTP authentication 
spoof
        https://bugzilla.redhat.com/show_bug.cgi?id=1762390
  [ 16 ] Bug #1762389 - CVE-2019-13668 chromium-browser: Global window leak via 
console
        https://bugzilla.redhat.com/show_bug.cgi?id=1762389
  [ 17 ] Bug #1762388 - CVE-2019-13667 chromium-browser: URI bar spoof when 
using external app URIs
        https://bugzilla.redhat.com/show_bug.cgi?id=1762388
  [ 18 ] Bug #1762387 - CVE-2019-13666 chromium-browser: Side channel using 
storage size estimate
        https://bugzilla.redhat.com/show_bug.cgi?id=1762387
  [ 19 ] Bug #1762386 - CVE-2019-13665 chromium-browser: Multiple file download 
protection bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1762386
  [ 20 ] Bug #1762385 - CVE-2019-13664 chromium-browser: CSRF bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1762385
  [ 21 ] Bug #1762384 - CVE-2019-13663 chromium-browser: IDN spoof
        https://bugzilla.redhat.com/show_bug.cgi?id=1762384
  [ 22 ] Bug #1762383 - CVE-2019-13662 chromium-browser: CSP bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1762383
  [ 23 ] Bug #1762382 - CVE-2019-13661 chromium-browser: Full screen 
notification spoof
        https://bugzilla.redhat.com/show_bug.cgi?id=1762382
  [ 24 ] Bug #1762381 - CVE-2019-13660 chromium-browser: Full screen 
notification overlap
        https://bugzilla.redhat.com/show_bug.cgi?id=1762381
  [ 25 ] Bug #1762380 - CVE-2019-13659 chromium-browser: URL spoof
        https://bugzilla.redhat.com/show_bug.cgi?id=1762380
  [ 26 ] Bug #1762379 - CVE-2019-5881 chromium-browser: Arbitrary read in 
SwiftShader
        https://bugzilla.redhat.com/show_bug.cgi?id=1762379
  [ 27 ] Bug #1762378 - CVE-2019-5880 chromium-browser: SameSite cookie bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1762378
  [ 28 ] Bug #1762377 - CVE-2019-5879 chromium-browser: Extensions can read 
some local files
        https://bugzilla.redhat.com/show_bug.cgi?id=1762377
  [ 29 ] Bug #1762376 - CVE-2019-5878 chromium-browser: Use-after-free in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1762376
  [ 30 ] Bug #1762375 - CVE-2019-5877 chromium-browser: Out-of-bounds access in 
V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1762375
  [ 31 ] Bug #1762374 - CVE-2019-5876 chromium-browser: Use-after-free in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1762374
  [ 32 ] Bug #1762373 - CVE-2019-13692 chromium-browser: SOP bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1762373
  [ 33 ] Bug #1762372 - CVE-2019-13691 chromium-browser: Omnibox spoof
        https://bugzilla.redhat.com/show_bug.cgi?id=1762372
  [ 34 ] Bug #1762371 - CVE-2019-5875 chromium-browser: URL bar spoof via 
download redirect
        https://bugzilla.redhat.com/show_bug.cgi?id=1762371
  [ 35 ] Bug #1762370 - CVE-2019-5874 chromium-browser: External URIs may 
trigger other browsers
        https://bugzilla.redhat.com/show_bug.cgi?id=1762370
  [ 36 ] Bug #1762368 - CVE-2019-5872 chromium-browser: Use-after-free in Mojo
        https://bugzilla.redhat.com/show_bug.cgi?id=1762368
  [ 37 ] Bug #1762367 - CVE-2019-5871 chromium-browser: Heap overflow in Skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1762367
  [ 38 ] Bug #1762366 - CVE-2019-5870 chromium-browser: Use-after-free in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1762366
--------------------------------------------------------------------------------


================================================================================
 wine-4.0.3-1.el7 (FEDORA-EPEL-2019-2d5c7df35b)
 A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:

Bug fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 27 2019 Michael Cronenworth <m...@cchtml.com> 4.0.3-1
- version update
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org