The following Fedora EPEL 7 Security updates need testing:
Age URL
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7960 php-doctrine-cache-1.4.2-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7962 php-doctrine-annotations-1.2.7-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7964 php-doctrine-doctrine-bundle-1.5.2-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3989 cross-binutils-2.23.88.0.1-2.el7.1
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6813 chicken-4.9.0.1-4.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7613 zabbix20-2.0.15-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7800 python-django-1.6.11-3.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7845 php-guzzle-Guzzle-3.9.3-5.el7 php-ZendFramework2-2.4.7-2.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7874 onionshare-0.7.1-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7909 pdns-3.4.6-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
NetworkManager-pptp-1.1.0-3.20150428git695d4f2.el7
cppformat-1.1.0-1.el7
fts-monitoring-3.3.0-1.el7
fts-rest-3.3.3-1.el7
gambit-c-4.7.9-1.el7
libisds-0.10.1-1.el7
linux-user-chroot-2015.1-2.el7
ocserv-0.10.8-1.el7
packagedb-cli-2.9-1.el7
php-pear-Net-SMTP-1.7.0-1.el7
python-OWSLib-0.9.1-1.el7
Details about builds:
================================================================================
NetworkManager-pptp-1.1.0-3.20150428git695d4f2.el7 (FEDORA-EPEL-2015-7814)
NetworkManager VPN plugin for PPTP
--------------------------------------------------------------------------------
Update Information:
Importing the package into EPEL.
--------------------------------------------------------------------------------
================================================================================
cppformat-1.1.0-1.el7 (FEDORA-EPEL-2015-7966)
Small, safe and fast formatting library for C++
--------------------------------------------------------------------------------
Update Information:
Adding cppformat 1.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1216279 - Review Request: cppformat - Small, safe and fast formating library for C++
https://bugzilla.redhat.com/show_bug.cgi?id=1216279
--------------------------------------------------------------------------------
================================================================================
fts-monitoring-3.3.0-1.el7 (FEDORA-EPEL-2015-7975)
FTS3 Web Application for monitoring
--------------------------------------------------------------------------------
Update Information:
New upstream release 3.3.0
--------------------------------------------------------------------------------
================================================================================
fts-rest-3.3.3-1.el7 (FEDORA-EPEL-2015-7977)
FTS3 Rest Interface
--------------------------------------------------------------------------------
Update Information:
New upstream release 3.3.3
--------------------------------------------------------------------------------
================================================================================
gambit-c-4.7.9-1.el7 (FEDORA-EPEL-2015-7970)
Scheme programming system
--------------------------------------------------------------------------------
Update Information:
gambit-c-4.7.9-1 - Update to 4.7.9 - Update home page link - Adjust to new
Emacs packaging guidelines, no longer shipping separate packages - Further
reduce expensive optimizations on resource-limited arches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1190392 - gambit-c-v4.7.8-bootstrap is available
https://bugzilla.redhat.com/show_bug.cgi?id=1190392
[ 2 ] Bug #1234573 - Package should not ship a separate emacs sub-package
https://bugzilla.redhat.com/show_bug.cgi?id=1234573
--------------------------------------------------------------------------------
================================================================================
libisds-0.10.1-1.el7 (FEDORA-EPEL-2015-7980)
Library for accessing the Czech Data Boxes
--------------------------------------------------------------------------------
Update Information:
This release corrects tests. It also specifies all dependencies.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1260399 - libisds-0.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1260399
--------------------------------------------------------------------------------
================================================================================
linux-user-chroot-2015.1-2.el7 (FEDORA-EPEL-2015-7981)
Helper program for calling chroot(2) as non-root
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
ocserv-0.10.8-1.el7 (FEDORA-EPEL-2015-7982)
OpenConnect SSL VPN server
--------------------------------------------------------------------------------
Update Information:
new upstream release (#1260327)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1260327 - ocserv-0.10.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1260327
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-2.9-1.el7 (FEDORA-EPEL-2015-7974)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
- Update to 2.9 - Set default BeautifulSoup parser (Till Maas) - Add the
`koschei` action to toggle the koschei status of a package - Add the
`monitoring` action to toggle the monitoring status of a package - Raise an
exception when unable to decode JSON. (Ralph Bean) - Start py3 support
--------------------------------------------------------------------------------
================================================================================
php-pear-Net-SMTP-1.7.0-1.el7 (FEDORA-EPEL-2015-7972)
Provides an implementation of the SMTP protocol
--------------------------------------------------------------------------------
Update Information:
Upstream changelog: * This version drops PHP 4 support in favor of more modern
PHP language constructs. * Fix redundant CRLF terminator sequence. * Add a note
about $socket_options and OpenSSL. * Add Composer support. Packaging changes:
* update to 1.7.0 * raise minimum PHP version to 5.4 * add composer provide *
add spec file license * drop generated changelog
--------------------------------------------------------------------------------
================================================================================
python-OWSLib-0.9.1-1.el7 (FEDORA-EPEL-2015-7969)
Client library for OGC web services
--------------------------------------------------------------------------------
Update Information:
Updated to 0.9.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259964 - python-OWSLib-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1259964
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7940 nrpe-2.15-6.el6
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7961 php-doctrine-cache-1.4.2-1.el6
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7963 php-doctrine-annotations-1.2.7-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-4008 cross-binutils-2.23.51.0.3-1.el6.1
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7634 zabbix20-2.0.15-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7618 php-twig-1.20.0-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7733 drupal7-7.39-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7803 drupal6-ctools-1.14-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7826 drupal6-6.37-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7875 onionshare-0.7.1-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7912 golang-1.5-6.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7917 moodle-2.6.11-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
cppformat-1.1.0-1.el6
fts-monitoring-3.3.0-1.el6
fts-rest-3.3.3-1.el6
gambit-c-4.7.9-1.el6
ipv6calc-0.99.1-14.el6
proftpd-1.3.3g-5.el6
python-OWSLib-0.9.1-1.el6
scalasca-2.2.2-2.el6
Details about builds:
================================================================================
cppformat-1.1.0-1.el6 (FEDORA-EPEL-2015-7967)
Small, safe and fast formatting library for C++
--------------------------------------------------------------------------------
Update Information:
Adding cppformat 1.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1216279 - Review Request: cppformat - Small, safe and fast formating library for C++
https://bugzilla.redhat.com/show_bug.cgi?id=1216279
--------------------------------------------------------------------------------
================================================================================
fts-monitoring-3.3.0-1.el6 (FEDORA-EPEL-2015-7976)
FTS3 Web Application for monitoring
--------------------------------------------------------------------------------
Update Information:
New upstream release 3.3.0
--------------------------------------------------------------------------------
================================================================================
fts-rest-3.3.3-1.el6 (FEDORA-EPEL-2015-7978)
FTS3 Rest Interface
--------------------------------------------------------------------------------
Update Information:
New upstream release 3.3.3
--------------------------------------------------------------------------------
================================================================================
gambit-c-4.7.9-1.el6 (FEDORA-EPEL-2015-7971)
Scheme programming system
--------------------------------------------------------------------------------
Update Information:
gambit-c-4.7.9-1 - Update to 4.7.9 - Update home page link - Adjust to new
Emacs packaging guidelines, no longer shipping separate packages - Further
reduce expensive optimizations on resource-limited arches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1190392 - gambit-c-v4.7.8-bootstrap is available
https://bugzilla.redhat.com/show_bug.cgi?id=1190392
[ 2 ] Bug #1234573 - Package should not ship a separate emacs sub-package
https://bugzilla.redhat.com/show_bug.cgi?id=1234573
--------------------------------------------------------------------------------
================================================================================
ipv6calc-0.99.1-14.el6 (FEDORA-EPEL-2015-7973)
IPv6 address format change and calculation utility
--------------------------------------------------------------------------------
Update Information:
new release 0.99.1 (introduces new subpackage mod_ipv6calc)
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3g-5.el6 (FEDORA-EPEL-2015-7979)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update adds a proftpd-utils sub-package containing some utilities that may
be useful for some proftpd users: * ftpasswd: generate passwd(5) files for use
with AuthUserFile * ftpcount: show the current number of connections per
server/virtualhost * ftpmail: monitor transfer log and send email when files
uploaded * ftpquota: manipulate quota tables * ftptop: show the current status
of FTP sessions * ftpwho: show the current process information for each FTP
session Note that ftpcount, ftptop and ftpwho were previously included in the
main proftpd package, and the other tools have not previously been packaged for
EPEL-6. Splitting out a proftpd-utils sub-package results in the main proftpd
package having no dependency on perl, as per the current Fedora proftpd package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258440 - Missing ftpasswd tool into the proftpd RPM
https://bugzilla.redhat.com/show_bug.cgi?id=1258440
--------------------------------------------------------------------------------
================================================================================
python-OWSLib-0.9.1-1.el6 (FEDORA-EPEL-2015-7968)
Client library for OGC web services
--------------------------------------------------------------------------------
Update Information:
Updated to 0.9.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259964 - python-OWSLib-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1259964
--------------------------------------------------------------------------------
================================================================================
scalasca-2.2.2-2.el6 (FEDORA-EPEL-2015-7965)
Toolset for performance analysis of large-scale parallel applications
--------------------------------------------------------------------------------
Update Information:
Various spec tidying
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259654 - fedpkg update fails
https://bugzilla.redhat.com/show_bug.cgi?id=1259654
--------------------------------------------------------------------------------
The following Fedora EPEL 5 Security updates need testing:
Age URL
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893 libguestfs-1.20.12-1.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7734 drupal7-7.39-1.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7804 drupal6-ctools-1.14-1.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7825 drupal6-6.37-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
carbon-c-relay-0.44-3.el5
mozilla-https-everywhere-5.1.1-1.el5
php-php-gettext-1.0.11-12.el5
Details about builds:
================================================================================
carbon-c-relay-0.44-3.el5 (FEDORA-EPEL-2015-7957)
Enhanced C implementation of Carbon relay, aggregator and rewriter
--------------------------------------------------------------------------------
Update Information:
Exclude 32 bit arches
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-5.1.1-1.el5 (FEDORA-EPEL-2015-7950)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
- Ruleset fixes - Remove the AMO signature - Fix the "not appearing" problem
---- mozilla-https-everywhere-5.1.0-1.el5 - Ruleset fixes - AMO signature
mozilla-https-everywhere-5.1.0-1.el6 - Ruleset fixes - AMO signature mozilla-
https-everywhere-5.1.0-1.el7 - Ruleset fixes - AMO signature
--------------------------------------------------------------------------------
================================================================================
php-php-gettext-1.0.11-12.el5 (FEDORA-EPEL-2015-7938)
Gettext emulation in PHP
--------------------------------------------------------------------------------
Update Information:
Added a patch for compatibility with PHP 7
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3989 cross-binutils-2.23.88.0.1-2.el7.1
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6813 chicken-4.9.0.1-4.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7613 zabbix20-2.0.15-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7800 python-django-1.6.11-3.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7845 php-guzzle-Guzzle-3.9.3-5.el7 php-ZendFramework2-2.4.7-2.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7874 onionshare-0.7.1-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7909 pdns-3.4.6-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7960 php-doctrine-cache-1.4.2-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7962 php-doctrine-annotations-1.2.7-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7964 php-doctrine-doctrine-bundle-1.5.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
carbon-c-relay-0.44-3.el7
cgit-0.11.2-3.el7
ipv6calc-0.99.1-13.el7
libnetfilter_log-1.0.1-7.el7
mozilla-https-everywhere-5.1.1-1.el7
nodejs-ast-types-0.4.5-2.el7
nrpe-2.15-6.el7
php-aws-sdk-2.8.20-1.el7
php-doctrine-annotations-1.2.7-1.el7
php-doctrine-cache-1.4.2-1.el7
php-doctrine-doctrine-bundle-1.5.2-1.el7
php-icewind-streams-0.2.0-1.el7
php-jeremeamia-superclosure-2.1.0-1.el7
php-php-gettext-1.0.11-12.el7
xfoil-6.99-1.el7
Details about builds:
================================================================================
carbon-c-relay-0.44-3.el7 (FEDORA-EPEL-2015-7955)
Enhanced C implementation of Carbon relay, aggregator and rewriter
--------------------------------------------------------------------------------
Update Information:
Exclude 32 bit arches
--------------------------------------------------------------------------------
================================================================================
cgit-0.11.2-3.el7 (FEDORA-EPEL-2015-7948)
A fast web interface for git
--------------------------------------------------------------------------------
Update Information:
Fix up logic around webserver and httpd. ---- Update to 0.11.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258552 - EPEL6 build of cgit-0.11.2
https://bugzilla.redhat.com/show_bug.cgi?id=1258552
--------------------------------------------------------------------------------
================================================================================
ipv6calc-0.99.1-13.el7 (FEDORA-EPEL-2015-7945)
IPv6 address format change and calculation utility
--------------------------------------------------------------------------------
Update Information:
new release 0.99.1 (introduces new subpackage mod_ipv6calc)
--------------------------------------------------------------------------------
================================================================================
libnetfilter_log-1.0.1-7.el7 (FEDORA-EPEL-2015-7944)
Netfilter logging userspace library
--------------------------------------------------------------------------------
Update Information:
libnetfilter_log-1.0.1-7.el6 - Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
libnetfilter_log-1.0.1-7.el7 - Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-5.1.1-1.el7 (FEDORA-EPEL-2015-7952)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
- Ruleset fixes - Remove the AMO signature - Fix the "not appearing" problem
---- mozilla-https-everywhere-5.1.0-1.el5 - Ruleset fixes - AMO signature
mozilla-https-everywhere-5.1.0-1.el6 - Ruleset fixes - AMO signature mozilla-
https-everywhere-5.1.0-1.el7 - Ruleset fixes - AMO signature
--------------------------------------------------------------------------------
================================================================================
nodejs-ast-types-0.4.5-2.el7 (FEDORA-EPEL-2015-7947)
Esprima-compatible implementation of the Mozilla JS Parser API
--------------------------------------------------------------------------------
Update Information:
package missing def dir
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1260268 - def directory not packaged
https://bugzilla.redhat.com/show_bug.cgi?id=1260268
--------------------------------------------------------------------------------
================================================================================
nrpe-2.15-6.el7 (FEDORA-EPEL-2015-7939)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
nrpe-2.15-6.el7 - Fix spec file for missing
/usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file for
missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 - Fix spec
file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc22 -
Fix spec file for missing /usr/share/libtool/config/config.guess
nrpe-2.15-6.fc21 - Fix spec file for missing
/usr/share/libtool/config/config.guess
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1089880 - CVE-2014-2913 nrpe: remote command execution when command arguments are enabled [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1089880
[ 2 ] Bug #1239738 - nrpe: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1239738
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk-2.8.20-1.el7 (FEDORA-EPEL-2015-7958)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 2.8.20 - 2015-09-03 * `Aws\CodePipeline` - Added support for using
encryption keys with artifact stores. * `Aws\ConfigService` - Added support
for the `ListDiscoveredResources` operation and new resource types. *
`Aws\Ec2` - Added support for using instance weights with the
`RequestSpotFleet` API. * `Aws\Sns` - Added support for configurable
SigningCertURL host patterns. * `Aws\StorageGateway` - Added support for tagging
and untagging resources. * Fixed issue with loading the phar from opcache. ##
2.8.19 - 2015-08-20 * `Aws\S3` - Added support for event notification filters.
## 2.8.18 - 2015-08-12 * `Aws\ElasticBeanstalk` - Added support for enhanced
health reporting. * `Aws\Glacier` - Fixed an issue where content bodies that
equaled false (e.g., '0') would not be uploaded.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1253094 - php-aws-sdk-2.8.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1253094
--------------------------------------------------------------------------------
================================================================================
php-doctrine-annotations-1.2.7-1.el7 (FEDORA-EPEL-2015-7962)
PHP docblock annotations parser library
--------------------------------------------------------------------------------
Update Information:
CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/security_misconfigurat
ion_vulnerability_in_various_doctrine_projects.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258669 - php-doctrine-annotations-v1.2.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1258669
--------------------------------------------------------------------------------
================================================================================
php-doctrine-cache-1.4.2-1.el7 (FEDORA-EPEL-2015-7960)
Doctrine Cache
--------------------------------------------------------------------------------
Update Information:
CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/security_misconfigurat
ion_vulnerability_in_various_doctrine_projects.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258670 - php-doctrine-cache-v1.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1258670
--------------------------------------------------------------------------------
================================================================================
php-doctrine-doctrine-bundle-1.5.2-1.el7 (FEDORA-EPEL-2015-7964)
Symfony Bundle for Doctrine
--------------------------------------------------------------------------------
Update Information:
## 1.5.2 (2015-08-31) ### Security: * Fix Security Misconfiguration
Vulnerability, allowing potential local arbitrary code execution *
CVE-2015-5723 * http://www.doctrine-project.org/2015/08/31/security_misconfi
guration_vulnerability_in_various_doctrine_projects.html ## 1.5.1 (2015-08-12)
### Bugfix: * Fixed the JS expanding all queries in the profiler in case of
multiple connections * Fixed the retrieval of the namespace in
DisconnectedMetadataFactory * Changed the composer constraint to allow Symfony
3.0 for people wanting to do early testing
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1253092 - php-doctrine-doctrine-bundle-v1.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1253092
--------------------------------------------------------------------------------
================================================================================
php-icewind-streams-0.2.0-1.el7 (FEDORA-EPEL-2015-7942)
A set of generic stream wrappers
--------------------------------------------------------------------------------
Update Information:
Generic stream wrappers for php. To use this library, you just have to add, in
your project: require-once '/usr/share/php/Icewind/Streams/autoload.php';
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258955 - Review Request: php-icewind-streams - A set of generic stream wrappers
https://bugzilla.redhat.com/show_bug.cgi?id=1258955
--------------------------------------------------------------------------------
================================================================================
php-jeremeamia-superclosure-2.1.0-1.el7 (FEDORA-EPEL-2015-7941)
Serialize Closure objects, including their context and binding
--------------------------------------------------------------------------------
Update Information:
Even though serializing closures is "not allowed" by PHP, the SuperClosure
library makes it possible To use this library, you just have to add, in your
project: require-once '/usr/share/php/SuperClosure/autoload.php';
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258899 - Review Request: php-jeremeamia-superclosure - Serialize Closure objects, including their context and binding
https://bugzilla.redhat.com/show_bug.cgi?id=1258899
--------------------------------------------------------------------------------
================================================================================
php-php-gettext-1.0.11-12.el7 (FEDORA-EPEL-2015-7935)
Gettext emulation in PHP
--------------------------------------------------------------------------------
Update Information:
Added a patch for compatibility with PHP 7
--------------------------------------------------------------------------------
================================================================================
xfoil-6.99-1.el7 (FEDORA-EPEL-2015-7953)
Subsonic Airfoil Development System
--------------------------------------------------------------------------------
Update Information:
Update to version 6.99, see
http://web.mit.edu/drela/Public/web/xfoil/version_notes.txt for details.
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-4008 cross-binutils-2.23.51.0.3-1.el6.1
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7634 zabbix20-2.0.15-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7618 php-twig-1.20.0-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7733 drupal7-7.39-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7803 drupal6-ctools-1.14-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7826 drupal6-6.37-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7875 onionshare-0.7.1-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7912 golang-1.5-6.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7917 moodle-2.6.11-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7940 nrpe-2.15-6.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7961 php-doctrine-cache-1.4.2-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7963 php-doctrine-annotations-1.2.7-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
carbon-c-relay-0.44-3.el6
cgit-0.11.2-3.el6
ipv6calc-0.99.1-13.el6
libnetfilter_log-1.0.1-7.el6
mozilla-https-everywhere-5.1.1-1.el6
nrpe-2.15-6.el6
php-aws-sdk-2.8.20-1.el6
php-doctrine-annotations-1.2.7-1.el6
php-doctrine-cache-1.4.2-1.el6
php-php-gettext-1.0.11-12.el6
python-fedora-0.5.6-1.el6
xfoil-6.99-1.el6
Details about builds:
================================================================================
carbon-c-relay-0.44-3.el6 (FEDORA-EPEL-2015-7956)
Enhanced C implementation of Carbon relay, aggregator and rewriter
--------------------------------------------------------------------------------
Update Information:
Exclude 32 bit arches
--------------------------------------------------------------------------------
================================================================================
cgit-0.11.2-3.el6 (FEDORA-EPEL-2015-7949)
A fast web interface for git
--------------------------------------------------------------------------------
Update Information:
Fix up logic around webserver and httpd. ---- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258552 - EPEL6 build of cgit-0.11.2
https://bugzilla.redhat.com/show_bug.cgi?id=1258552
--------------------------------------------------------------------------------
================================================================================
ipv6calc-0.99.1-13.el6 (FEDORA-EPEL-2015-7946)
IPv6 address format change and calculation utility
--------------------------------------------------------------------------------
Update Information:
new release 0.99.1 (introduces new subpackage mod_ipv6calc)
--------------------------------------------------------------------------------
================================================================================
libnetfilter_log-1.0.1-7.el6 (FEDORA-EPEL-2015-7943)
Netfilter logging userspace library
--------------------------------------------------------------------------------
Update Information:
libnetfilter_log-1.0.1-7.el6 - Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
libnetfilter_log-1.0.1-7.el7 - Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-5.1.1-1.el6 (FEDORA-EPEL-2015-7951)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
- Ruleset fixes - Remove the AMO signature - Fix the "not appearing" problem
---- mozilla-https-everywhere-5.1.0-1.el5 - Ruleset fixes - AMO signature
mozilla-https-everywhere-5.1.0-1.el6 - Ruleset fixes - AMO signature mozilla-
https-everywhere-5.1.0-1.el7 - Ruleset fixes - AMO signature
--------------------------------------------------------------------------------
================================================================================
nrpe-2.15-6.el6 (FEDORA-EPEL-2015-7940)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
nrpe-2.15-6.el7 - Fix spec file for missing
/usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file for
missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 - Fix spec
file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc22 -
Fix spec file for missing /usr/share/libtool/config/config.guess
nrpe-2.15-6.fc21 - Fix spec file for missing
/usr/share/libtool/config/config.guess
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1089880 - CVE-2014-2913 nrpe: remote command execution when command arguments are enabled [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1089880
[ 2 ] Bug #1239738 - nrpe: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1239738
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk-2.8.20-1.el6 (FEDORA-EPEL-2015-7959)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 2.8.20 - 2015-09-03 * `Aws\CodePipeline` - Added support for using
encryption keys with artifact stores. * `Aws\ConfigService` - Added support
for the `ListDiscoveredResources` operation and new resource types. *
`Aws\Ec2` - Added support for using instance weights with the
`RequestSpotFleet` API. * `Aws\Sns` - Added support for configurable
SigningCertURL host patterns. * `Aws\StorageGateway` - Added support for tagging
and untagging resources. * Fixed issue with loading the phar from opcache. ##
2.8.19 - 2015-08-20 * `Aws\S3` - Added support for event notification filters.
## 2.8.18 - 2015-08-12 * `Aws\ElasticBeanstalk` - Added support for enhanced
health reporting. * `Aws\Glacier` - Fixed an issue where content bodies that
equaled false (e.g., '0') would not be uploaded.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1253094 - php-aws-sdk-2.8.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1253094
--------------------------------------------------------------------------------
================================================================================
php-doctrine-annotations-1.2.7-1.el6 (FEDORA-EPEL-2015-7963)
PHP docblock annotations parser library
--------------------------------------------------------------------------------
Update Information:
CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/security_misconfigurat
ion_vulnerability_in_various_doctrine_projects.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258669 - php-doctrine-annotations-v1.2.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1258669
--------------------------------------------------------------------------------
================================================================================
php-doctrine-cache-1.4.2-1.el6 (FEDORA-EPEL-2015-7961)
Doctrine Cache
--------------------------------------------------------------------------------
Update Information:
CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/security_misconfigurat
ion_vulnerability_in_various_doctrine_projects.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258670 - php-doctrine-cache-v1.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1258670
--------------------------------------------------------------------------------
================================================================================
php-php-gettext-1.0.11-12.el6 (FEDORA-EPEL-2015-7937)
Gettext emulation in PHP
--------------------------------------------------------------------------------
Update Information:
Added a patch for compatibility with PHP 7
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.5.6-1.el6 (FEDORA-EPEL-2015-7936)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
Fix a py2.6 string formatting bug. ---- Consistent error handling from the
Bodhi2Client. More adjustments to bodhi server version detection. ---- Better
detection of bodhi server version. Be more careful with python-six API usage
for EPEL. Better compat with 'fedpkg update'. Better version checking of the
bodhi server. Bodhi2 compatibility. munch objects are now returned by the
OpenIdBaseClient for a more symmetric API. There is also a minor python3 compat
fix.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259654 - fedpkg update fails
https://bugzilla.redhat.com/show_bug.cgi?id=1259654
--------------------------------------------------------------------------------
================================================================================
xfoil-6.99-1.el6 (FEDORA-EPEL-2015-7954)
Subsonic Airfoil Development System
--------------------------------------------------------------------------------
Update Information:
Update to version 6.99, see
http://web.mit.edu/drela/Public/web/xfoil/version_notes.txt for details.
--------------------------------------------------------------------------------