The following Fedora EPEL 7 Security updates need testing:
Age URL
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ea01d505c9
pdns-4.1.14-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a37e7c643e
xawtv-3.107-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-98b234afda
libuv-1.40.0-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-bd6a96cd24
python34-3.4.10-7.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9eaf8d2e11
prosody-0.11.7-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
python3-urllib3-1.25.6-2.el7
qpid-proton-0.32.0-2.el7
rubygem-kramdown-1.9.0-2.el7
Details about builds:
================================================================================
python3-urllib3-1.25.6-2.el7 (FEDORA-EPEL-2020-1eeb530261)
Python 3 HTTP library with thread-safe connection pooling and file post
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-26137: CRLF injection via HTTP request method
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 2 2020 Orion Poplawski <[email protected]> - 1.25.6-2
- Rebase upstream fix for CVE-2020-26137 (bz#1883870)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1883632 - CVE-2020-26137 python-urllib3: CRLF injection via HTTP
request method
https://bugzilla.redhat.com/show_bug.cgi?id=1883632
--------------------------------------------------------------------------------
================================================================================
qpid-proton-0.32.0-2.el7 (FEDORA-EPEL-2020-2bc997ea1c)
A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:
Added a fix to build c/cpp examples. ---- Rebased to 0.32.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 2 2020 Irina Boverman <[email protected]> - 0.32.0-2
- Added temp fix to allow building c/cpp examples
* Thu Sep 24 2020 Irina Boverman <[email protected]> - 0.32.0-1
- Rebased to 0.32.0
--------------------------------------------------------------------------------
================================================================================
rubygem-kramdown-1.9.0-2.el7 (FEDORA-EPEL-2020-50425dd33f)
Fast, pure-Ruby Markdown-superset converter
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2020-14001
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 2 2020 Mamoru TASAKA <[email protected]> - 1.9.0-2
- Backport upstream patch for CVE-2020-14001 (bug 1858395)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1858415 - CVE-2020-14001 rubygem-kramdown: processing template
options inside documents allows unintended read access or embedded Ruby code
execution [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1858415
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
