The following Fedora EPEL 7 Security updates need testing:
Age URL
752 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
492 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-89ad58d02c
golang-1.15-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-49c5f31e92
python-pip-epel-8.1.2-14.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-864bc6779e
chromium-85.0.4183.83-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-2.9.13-1.el7
batctl-2020.3-1.el7
drupal7-7.72-1.el7
Details about builds:
================================================================================
ansible-2.9.13-1.el7 (FEDORA-EPEL-2020-83bdeb2965)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to new bugfix and security update 2.9.13 ---- Update to upstream bugfix
release 2.9.11. See https://github.com/ansible/ansible/blob/stable-2.9/changelog
s/CHANGELOG-v2.9.rst#v2-9-11 for details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 3 2020 Kevin Fenzi <[email protected]> - 2.9.13-1
- Update to 2.9.13.
* Tue Jul 21 2020 Kevin Fenzi <[email protected]> - 2.9.11-1
- Update to 2.9.11.
--------------------------------------------------------------------------------
================================================================================
batctl-2020.3-1.el7 (FEDORA-EPEL-2020-ac9c73e20d)
B.A.T.M.A.N. advanced control and management tool
--------------------------------------------------------------------------------
Update Information:
Update to 2020.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 4 2020 Felix Kaechele <[email protected]> - 2020.3-1
- update to 2020.3
* Mon Jul 27 2020 Fedora Release Engineering <[email protected]> -
2020.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 7 2020 Felix Kaechele <[email protected]> - 2020.2-1
- update to 2020.2
--------------------------------------------------------------------------------
================================================================================
drupal7-7.72-1.el7 (FEDORA-EPEL-2020-0a324e529d)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
- https://www.drupal.org/project/drupal/releases/7.72 - [Drupal core -
Critical - Cross Site Request Forgery - SA-
CORE-2020-004](https://www.drupal.org/sa-core-2020-004) / CVE-2020-13663 -
https://www.drupal.org/project/drupal/releases/7.71 -
https://www.drupal.org/project/drupal/releases/7.70 - [Drupal core -
Moderately critical - Cross Site Scripting - SA-
CORE-2020-002](https://www.drupal.org/sa-core-2020-002) / CVE-2020-11022 /
CVE-2020-11023 - [Drupal core - Moderately critical - Open Redirect - SA-
CORE-2020-003](https://www.drupal.org/sa-core-2020-003) / CVE-2020-13662
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 4 2020 Shawn Iwinski <[email protected]> - 7.72-1
- Update to 7.72
- SA-CORE-2020-004/CVE-2020-13663 (RHBZ #1860912, #1860913)
* Mon Jul 27 2020 Fedora Release Engineering <[email protected]> - 7.70-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sun May 31 2020 Shawn Iwinski <[email protected]> - 7.70-2
- rpmbuild sub-pkg: Fix auto-provides for F32+
* Fri May 22 2020 Peter Borsa <[email protected]> - 7.70-1
- Update to 7.70
- RHBZ #1837516 / SA-CORE-2020-003
- RHBZ #1828416 / SA-CORE-2020-002
* Fri May 22 2020 Peter Borsa <[email protected]> - 7.69-3
- Remove php-recode as dependency
* Tue Jan 28 2020 Fedora Release Engineering <[email protected]> - 7.69-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1828417 - CVE-2020-11022 drupal7: jquery: Cross-site scripting due
to improper injQuery.htmlPrefilter method [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1828417
[ 2 ] Bug #1850013 - CVE-2020-11023 drupal7: jQuery: passing HTML containing
<option> elements to manipulation methods could result in untrusted code
execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1850013
[ 3 ] Bug #1850023 - CVE-2020-11023 drupal7: jQuery: passing HTML containing
<option> elements to manipulation methods could result in untrusted code
execution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1850023
[ 4 ] Bug #1860912 - CVE-2020-13663 drupal7: Form API does not properly
handle certain form input from cross-site requests [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1860912
[ 5 ] Bug #1860913 - CVE-2020-13663 drupal7: Form API does not properly
handle certain form input from cross-site requests [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1860913
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
