The following Fedora EPEL 7 Security updates need testing:
Age URL
518 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
259 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
257 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-32603d41ea
GraphicsMagick-1.3.34-1.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b5ec870c52
mingw-wavpack-5.1.0-9.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-75cc3918d1
rubygem-ox-2.4.11-5.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9ffdf25269
python-django-1.11.27-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-12cd208593
gnulib-0-31.20200107git.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-de388d4fd0
chromium-79.0.3945.117-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-35e87bab10
perl-Clipboard-0.21-1.el7.1
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a062204588
rubygem-rack-1.6.12-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-87fd65eed3
python3-pillow-6.2.2-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-345003feba
thunderbird-enigmail-2.1.5-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
OpenMolcas-19.11-1.el7
elements-alexandria-2.14.1-2.el7
elog-3.1.4-1.20190113git283534d97d5a.el7
php-composer-ca-bundle-1.2.6-1.el7
php-composer-semver-1.5.1-1.el7
php-seld-phar-utils-1.0.2-1.el7
zimg-2.9.2-1.el7
Details about builds:
================================================================================
OpenMolcas-19.11-1.el7 (FEDORA-EPEL-2020-cc10e4e20c)
A multiconfigurational quantum chemistry software package
--------------------------------------------------------------------------------
Update Information:
Update to the 19.11 stable release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2020 Susi Lehtola <[email protected]> - 19.11-1
- Update to 19.11.
* Wed Jul 24 2019 Fedora Release Engineering <[email protected]> -
18.09-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <[email protected]> -
18.09-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
elements-alexandria-2.14.1-2.el7 (FEDORA-EPEL-2020-2a1796ec10)
A lightweight C++ utility library
--------------------------------------------------------------------------------
Update Information:
Initial RPM
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2020 Alejandro Alvarez Ayllon <[email protected]>
2.14.1-2
- Fix conditional dependency on cmake-filesystem
- Add LICENSE file to the main package
* Fri Jan 10 2020 Alejandro Alvarez Ayllon <[email protected]>
2.14.1-1
- Initial RPM
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1789749 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1789749
--------------------------------------------------------------------------------
================================================================================
elog-3.1.4-1.20190113git283534d97d5a.el7 (FEDORA-EPEL-2020-348d34c4c6)
Logbook system to manage notes through a Web interface
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2019-3993, CVE-2019-3994, CVE-2019-3995, CVE-2019-3992,
CVE-2019-3996
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2020 Ben Rosser <[email protected]> -
3.1.4-1.20190113git283534d97d5a
- Update to post-release snapshot of 3.1.4.
- Fix several security issues.
* Wed Jul 24 2019 Fedora Release Engineering <[email protected]> -
3.1.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <[email protected]> -
3.1.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 12 2018 Fedora Release Engineering <[email protected]> -
3.1.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Igor Gnatenko <[email protected]> - 3.1.3-6
- Escape macros in %changelog
* Wed Feb 7 2018 Fedora Release Engineering <[email protected]> -
3.1.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 2 2017 Fedora Release Engineering <[email protected]> -
3.1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <[email protected]> -
3.1.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1787064 - CVE-2019-3993 elog: allows recover an user password hash
by sending a crafted HTTP POST request
https://bugzilla.redhat.com/show_bug.cgi?id=1787064
[ 2 ] Bug #1787060 - CVE-2019-3994 elog: use-after-free by sending multiple
crafted HTTP POST requests
https://bugzilla.redhat.com/show_bug.cgi?id=1787060
[ 3 ] Bug #1787055 - CVE-2019-3995 elog: NULL pointer dereference via crafted
HTTP GET request
https://bugzilla.redhat.com/show_bug.cgi?id=1787055
[ 4 ] Bug #1787051 - CVE-2019-3992 elog: allows access the server
configuration file by sending a HTTP GET request
https://bugzilla.redhat.com/show_bug.cgi?id=1787051
[ 5 ] Bug #1786750 - CVE-2019-3996 elog: unauthenticated remote users can
proxy HTTP GET requests via crafted POST requests
https://bugzilla.redhat.com/show_bug.cgi?id=1786750
--------------------------------------------------------------------------------
================================================================================
php-composer-ca-bundle-1.2.6-1.el7 (FEDORA-EPEL-2020-6b9928a611)
Lets you find a path to the system CA
--------------------------------------------------------------------------------
Update Information:
**Version 1.2.6** * Fixed use of getenv potentially causing issue in web SAPIs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2020 Remi Collet <[email protected]> - 1.2.6-1
- update to 1.2.6
--------------------------------------------------------------------------------
================================================================================
php-composer-semver-1.5.1-1.el7 (FEDORA-EPEL-2020-d652cd27b2)
Semver library that offers utilities, version constraint parsing and validation
--------------------------------------------------------------------------------
Update Information:
**Version 1.5.1** - 2020-01-13 * Fixed: Parsing of aliased version was not
validating the alias to be a valid version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2020 Remi Collet <[email protected]> - 1.5.1-1
- update to 1.5.1
--------------------------------------------------------------------------------
================================================================================
php-seld-phar-utils-1.0.2-1.el7 (FEDORA-EPEL-2020-196ac01ab9)
PHAR file format utilities
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.2** * Fixed support of big endian machines * Fixed
signature position determination in edge cases
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2020 Remi Collet <[email protected]> - 1.0.2-1
- update to 1.0.2
- switch from symfony/class-loader to fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
zimg-2.9.2-1.el7 (FEDORA-EPEL-2020-f2dbe77a5b)
Scaling, color space conversion, and dithering library
--------------------------------------------------------------------------------
Update Information:
New upstream release 2.9.2. ABI compatible with 2.8.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2019 Leigh Scott <[email protected]> - 2.9.2-1
- Update to 2.9.2 release
* Sat Jul 27 2019 Fedora Release Engineering <[email protected]> - 2.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
