The following Fedora EPEL 7 Security updates need testing:
Age URL
568 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
309 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
307 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5f252e8e10
kea-1.6.0-4.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ea579d7782
proftpd-1.3.5e-9.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b57b954fde
openfortivpn-1.12.0-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1f5dbc1cd7
cacti-1.2.10-1.el7 cacti-spine-1.2.10-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-471d8a7abd
sympa-6.2.54-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b3684de763
mbedtls-2.7.14-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ddrescue-1.25-1.el7
kronosnet-1.15-1.el7
monit-5.26.0-1.el7
nodejs-rhea-1.0.19-2.el7
qpid-dispatch-1.10.0-2.el7
qpid-proton-0.30.0-2.el7
rubygem-qpid_proton-0.30.0-2.el7
seamonkey-2.53.1-2.el7
Details about builds:
================================================================================
ddrescue-1.25-1.el7 (FEDORA-EPEL-2020-c0e2e15418)
Data recovery tool trying hard to rescue data in case of read errors
--------------------------------------------------------------------------------
Update Information:
update to bugfix release 1.25
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2020 Michal Ambroz <rebus AT_ seznam.cz> - 1.25-1
- Update to 1.25.
* Tue Jan 28 2020 Fedora Release Engineering <rel...@fedoraproject.org> - 1.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1809276 - ddrescue-1.25 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1809276
--------------------------------------------------------------------------------
================================================================================
kronosnet-1.15-1.el7 (FEDORA-EPEL-2020-43990b0cd5)
Multipoint-to-Multipoint VPN daemon
--------------------------------------------------------------------------------
Update Information:
- New upstream release - Fix major interaction issues between stats gathering
and PMTUd - Fix UDP socket options that could lead to knet not being properly
functional - Man pages updates - Minor bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2020 Fabio M. Di Nitto <fdini...@redhat.com> - 1.14-1
- New upstream release
- Fix major interaction issues between stats gathering and PMTUd
- Fix UDP socket options that could lead to knet not being properly
functional
- Man pages updates
- Minor bug fixes
* Fri Jan 31 2020 Fabio M. Di Nitto <fdini...@redhat.com> - 1.14-1
- New upstream release
- Fixes several major issues with newer kernels
- Fix build with gcc10
--------------------------------------------------------------------------------
================================================================================
monit-5.26.0-1.el7 (FEDORA-EPEL-2020-fbd804208a)
Manages and monitors processes, files, directories and devices
--------------------------------------------------------------------------------
Update Information:
Update to 5.26.0 (includes security fix for CVE-2019-11454 and CVE-2019-11455)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2020 Stewart Adam <s.a...@diffingo.com> - 5.26.0-1
- Update to 5.26.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1663929 - monit: Use-after-free in function _handleEvent()
https://bugzilla.redhat.com/show_bug.cgi?id=1663929
[ 2 ] Bug #1691391 - monit: Multiple issues fixed in 5.25.3
https://bugzilla.redhat.com/show_bug.cgi?id=1691391
[ 3 ] Bug #1702637 - CVE-2019-11455 monit: buffer over-read in function
Util_urlDecode in util.c
https://bugzilla.redhat.com/show_bug.cgi?id=1702637
[ 4 ] Bug #1702682 - CVE-2019-11454 monit: cross-site scripting (XSS) in
http/cervlet.c
https://bugzilla.redhat.com/show_bug.cgi?id=1702682
[ 5 ] Bug #1695987 - monit: Multiple vulnerabilities fixed in monit 5.25.3
https://bugzilla.redhat.com/show_bug.cgi?id=1695987
--------------------------------------------------------------------------------
================================================================================
nodejs-rhea-1.0.19-2.el7 (FEDORA-EPEL-2020-82da7f7f21)
A reactive messaging library based on the AMQP protocol
--------------------------------------------------------------------------------
Update Information:
Rebased to 1.0.19.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2020 Irina Boverman <ibove...@redhat.com> - 1.0.19-1
- Rebased to 1.0.19
--------------------------------------------------------------------------------
================================================================================
qpid-dispatch-1.10.0-2.el7 (FEDORA-EPEL-2020-b9872da6ce)
Dispatch router for Qpid
--------------------------------------------------------------------------------
Update Information:
Rebased to 1.10.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 2 2020 Irina Boverman <ibove...@redhat.com> - 1.10.0-1
- Rebased to 1.10.0
--------------------------------------------------------------------------------
================================================================================
qpid-proton-0.30.0-2.el7 (FEDORA-EPEL-2020-481354191b)
A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:
Rebased to 0.30.0.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2020 Irina Boverman <ibove...@redhat.com> - 0.30.0-1
- Rebased to 0.30.0
- Replaced epydoc with python*-sphinx
--------------------------------------------------------------------------------
================================================================================
rubygem-qpid_proton-0.30.0-2.el7 (FEDORA-EPEL-2020-d4f49128de)
Ruby language bindings for the Qpid Proton messaging framework
--------------------------------------------------------------------------------
Update Information:
Rebased to 0.30.0.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2020 Irina Boverman <ibove...@redhat.com> - 0.30.0-1
- Rebased to 0.30.0
--------------------------------------------------------------------------------
================================================================================
seamonkey-2.53.1-2.el7 (FEDORA-EPEL-2020-4fdca9429c)
Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Upgrade to 2.53.1 SeaMonkey-2.53.1, being initially based on the Firefox-56 and
Thunderbird-56 code, incorporates now a lot of backported features and security
fixes from the newer Firefox/Thunderbird versions up to 75. That way it tries to
be a modern browser, preserving the same time the familiar user interface and
the ability to use traditional extensions and addons. This version makes
changes to your profile that can't be reverted in case you want to go back to a
previous version of SeaMonkey. You MUST absolutely do a full backup of your
profile (~/.mozilla/seamonkey/ dir) BEFORE trying to run new version. SeaMonkey
now uses GTK3 library for GUI interface. If you experienced some size issues, go
to "about:config" and try to set "layout.css.devPixelsPerPx" preference to "1"
(or any other preferred value). You can also use gtk3's environment variables
GDK_SCALE and/or GDK_DPI_SCALE (useful for HiDPI displays). Since Classic theme
uses system desktop theme, it might behaves incorrectly when the underlying
theme (still) does not support gtk3. Full theme add-ons may need changes
because of user interface and internal changes. If you find any problem with
themes, contact the theme author. Before reporting a problem with the user
interface, please make sure to recreate it with either the Classic or Modern
theme. This version now includes "Lightning" calendar. It becomes a standard
part of Thunderbird/SeaMonkey, being just technically organized as an extension.
This version returns providing of Chatzilla and DOM inspector extensions, just
as it always was before. It is likely you need to update your third party
extensions to newer versions. Poorly designed or incompatible extensions can
cause unpredictable problems. If you encounter some strange issues, try
"seamonkey -safe-mode" from command line. Unfortunately, it is now impossible
to continue support of npapi plugins. Thus, java applets no more work :( . All
modern browsers have dropped such support years ago, and even plugin owners
recommend to not use it anymore. Search "browsers with java support" if you
still need it. Sorry for that. Flash is still supported, at least until its EOL
at the end of 2020. Since 2.53.1, 32-bit version (i686 arch) does not provided,
because no more supported. The old format of keys and certificates storage in
the user profiles still preserved in Fedora. DO NOT TOUCH key3.db and cert8.db
files (as it might be recommended in the upstream release notes) -- they still
works as expected. Please, read upstream release notes for more info
https://www.seamonkey-project.org/releases/seamonkey2.53.1/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2020 Dmitry Butskoy <dmi...@butskoy.name> 2.53.1-2
- add patch for classic theme (#1808197)
- build with clang
* Fri Feb 28 2020 Dmitry Butskoy <dmi...@butskoy.name> 2.53.1-1
- Upgrade to 2.53.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1808197 - seamonkey-2.53.1.source is available
https://bugzilla.redhat.com/show_bug.cgi?id=1808197
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
