Fedora EPEL 7 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 7 Security updates need testing:
Age URL
329 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
91 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-418a480529 gsi-openssh-6.6.1p1-3.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fb26e5cd3c privoxy-3.0.23-3.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fca17abc84 p7zip-15.09-9.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-69b4d0e57c prosody-0.9.10-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5aba523f53 phpMyAdmin-4.4.15.4-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
batctl-2016.0-1.el7
boinc-client-7.2.42-9.gitdd0d630.el7
codec2-0.5-1.el7
freedv-1.1-5.el7
mote-0.4.3-2.el7
phpMyAdmin-4.4.15.4-1.el7
Details about builds:
================================================================================
batctl-2016.0-1.el7 (FEDORA-EPEL-2016-b73f64f566)
B.A.T.M.A.N. advanced control and management tool
--------------------------------------------------------------------------------
Update Information:
Update to 2016.0 See changelog at https://www.open-mesh.org/projects/open-
mesh/wiki/2016-01-19-batman-adv-2016-0-release
--------------------------------------------------------------------------------
================================================================================
boinc-client-7.2.42-9.gitdd0d630.el7 (FEDORA-EPEL-2016-1f0f85412d)
The BOINC client core
--------------------------------------------------------------------------------
Update Information:
bugfix #1192799 Directory is owned which shouldn't
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1192799 - Directory is owned which shouldn't
https://bugzilla.redhat.com/show_bug.cgi?id=1192799
--------------------------------------------------------------------------------
================================================================================
codec2-0.5-1.el7 (FEDORA-EPEL-2016-d007a8affa)
Next-Generation Digital Voice for Two-Way Radio
--------------------------------------------------------------------------------
Update Information:
Initial package release & fixed ppc64le build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1278638 - Review Request: freedv - FreeDV Digital Voice
https://bugzilla.redhat.com/show_bug.cgi?id=1278638
--------------------------------------------------------------------------------
================================================================================
freedv-1.1-5.el7 (FEDORA-EPEL-2016-d007a8affa)
FreeDV Digital Voice
--------------------------------------------------------------------------------
Update Information:
Initial package release & fixed ppc64le build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1278638 - Review Request: freedv - FreeDV Digital Voice
https://bugzilla.redhat.com/show_bug.cgi?id=1278638
--------------------------------------------------------------------------------
================================================================================
mote-0.4.3-2.el7 (FEDORA-EPEL-2016-c250f21ac1)
A MeetBot log wrangler, providing a user-friendly interface for Fedora's logs
--------------------------------------------------------------------------------
Update Information:
Update 0.4.3 ---- Update 0.4.1
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.4.15.4-1.el7 (FEDORA-EPEL-2016-5aba523f53)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.4.15.4 (2016-01-29) ================================ - Error with
PMA 4.4.15.3 - Remove hard dependency on phpseclib phpMyAdmin 4.4.15.3
(2016-01-28) ================================ - [Security] Multiple full path
disclosure vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of
CSRF token, see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see
PMASA-2016-3 - [Security] Insecure password generation in JavaScript, see
PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, see PMASA-2016-5 -
[Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6 -
[Security] XSS vulnerability in normalization page, see PMASA-2016-7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302684 - CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7)
https://bugzilla.redhat.com/show_bug.cgi?id=1302684
[ 2 ] Bug #1302682 - CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6)
https://bugzilla.redhat.com/show_bug.cgi?id=1302682
[ 3 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5)
https://bugzilla.redhat.com/show_bug.cgi?id=1302681
[ 4 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4)
https://bugzilla.redhat.com/show_bug.cgi?id=1302680
[ 5 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3)
https://bugzilla.redhat.com/show_bug.cgi?id=1302679
[ 6 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2)
https://bugzilla.redhat.com/show_bug.cgi?id=1302677
[ 7 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1)
https://bugzilla.redhat.com/show_bug.cgi?id=1302676
--------------------------------------------------------------------------------
8 years, 2 months
Fedora EPEL 6 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 6 Security updates need testing:
Age URL
225 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6
207 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6
201 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
133 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6
133 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
91 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
63 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-819f6356ea tomcat-7.0.65-1.el6
23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-550132e830 flite-1.3-24.el6
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a0881ad244 gsi-openssh-5.3p1-12.el6
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2fac4bfaba privoxy-3.0.23-2.el6
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d0e6303e27 p7zip-15.09-9.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-579c4e2951 prosody-0.9.10-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6eee18cd6e phpMyAdmin-4.0.10.14-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
cmake-fedora-2.5.1-1.el6
cmark-0.23.0-4.el6
future-0.15.2-7.el6
globus-gssapi-gsi-11.26-1.el6
hitch-1.1.1-1.el6
phpMyAdmin-4.0.10.14-1.el6
preprocess-1.2.2-6.20150919gitd5ab9a.el6
prosody-0.9.10-1.el6
pyhoca-gui-0.5.0.5-1.el6
python-raven-5.10.2-1.el6
python-requests-toolbelt-0.6.0-1.el6
telegram-cli-1.3.3-0.4.20160108git160231.el6
Details about builds:
================================================================================
cmake-fedora-2.5.1-1.el6 (FEDORA-EPEL-2016-11b6bc2a64)
CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:
- Fixed: * Out-of-the-source build for ibus-chewing
--------------------------------------------------------------------------------
================================================================================
cmark-0.23.0-4.el6 (FEDORA-EPEL-2016-e102c14dc7)
CommonMark parsing and rendering
--------------------------------------------------------------------------------
Update Information:
CommonMark parsing and rendering (http://commonmark.org/)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1266429 - Review Request: cmark - CommonMark parsing and rendering
https://bugzilla.redhat.com/show_bug.cgi?id=1266429
--------------------------------------------------------------------------------
================================================================================
future-0.15.2-7.el6 (FEDORA-EPEL-2016-fa6372431f)
Easy, clean, reliable Python 2/3 compatibility
--------------------------------------------------------------------------------
Update Information:
- Renamed Python2 package
--------------------------------------------------------------------------------
================================================================================
globus-gssapi-gsi-11.26-1.el6 (FEDORA-EPEL-2016-1ae2843014)
Globus Toolkit - GSSAPI library
--------------------------------------------------------------------------------
Update Information:
ix FORCE_TLS setting to allow TLSv1.1 and TLS1.2, not just TLSv1.0
--------------------------------------------------------------------------------
================================================================================
hitch-1.1.1-1.el6 (FEDORA-EPEL-2016-4c1dd08351)
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:
New upstream release. A bugfix relase.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302474 - hitch-1.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1302474
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.14-1.el6 (FEDORA-EPEL-2016-6eee18cd6e)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.14 (2016-01-29) ================================= - Error
with PMA 4.0.10.13 with PHP 5.2 phpMyAdmin 4.0.10.13 (2016-01-28)
================================= - [Security] Multiple full path disclosure
vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of CSRF token,
see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see PMASA-2016-3 -
[Security] Insecure password generation in JavaScript, see PMASA-2016-4 -
[Security] Unsafe comparison of CSRF token, see PMASA-2016-5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5)
https://bugzilla.redhat.com/show_bug.cgi?id=1302681
[ 2 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4)
https://bugzilla.redhat.com/show_bug.cgi?id=1302680
[ 3 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3)
https://bugzilla.redhat.com/show_bug.cgi?id=1302679
[ 4 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2)
https://bugzilla.redhat.com/show_bug.cgi?id=1302677
[ 5 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1)
https://bugzilla.redhat.com/show_bug.cgi?id=1302676
--------------------------------------------------------------------------------
================================================================================
preprocess-1.2.2-6.20150919gitd5ab9a.el6 (FEDORA-EPEL-2016-eda899e7f6)
A portable multi-language file Python2 preprocessor
--------------------------------------------------------------------------------
Update Information:
- Renamed Python2 package
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.10-1.el6 (FEDORA-EPEL-2016-579c4e2951)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.10 ============== A summary of changes in this release: Security
-------- * mod_dialback: Adopt key generation algorithm from XEP-0185, to
prevent impersonation attacks (CVE-2016-0756) Fixes and improvements
---------------------- * Startup: Open /dev/urandom read-only, to fix a
failure to start on some systems (fixes #585) * Networking: Improve handling of
the 'select' network backend running out of file descriptors Minor changes
------------- * Networking: Increase default internal read size to prevent
connections stalling with LuaEvent (see #583) * DNS: Discard queries that
failed to send due to connection errors (fixes #598) * c2s, s2s: Lower priority
of shutdown handler, so that modules such as MUC can always send shutdown
notifications to (remote) users (fixes #601)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302463 - CVE-2016-0756 prosody: mod_dialback allows impersonation attacks
https://bugzilla.redhat.com/show_bug.cgi?id=1302463
--------------------------------------------------------------------------------
================================================================================
pyhoca-gui-0.5.0.5-1.el6 (FEDORA-EPEL-2016-c533b899e3)
Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:
Crash fix when rendering icons in the published applications menu.
--------------------------------------------------------------------------------
================================================================================
python-raven-5.10.2-1.el6 (FEDORA-EPEL-2016-894c1d1031)
Python client for Sentry
--------------------------------------------------------------------------------
Update Information:
Update to python-raven-5.10.2 ---- First EPEL release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1234950 - Package python-raven in EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1234950
[ 2 ] Bug #1298402 - python-raven-5.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1298402
--------------------------------------------------------------------------------
================================================================================
python-requests-toolbelt-0.6.0-1.el6 (FEDORA-EPEL-2016-c83ffa6b9b)
A utility belt for advanced users of python-requests
--------------------------------------------------------------------------------
Update Information:
update to 0.6.0 release
--------------------------------------------------------------------------------
================================================================================
telegram-cli-1.3.3-0.4.20160108git160231.el6 (FEDORA-EPEL-2016-cf26f3ef62)
Linux Command-line interface for Telegram
--------------------------------------------------------------------------------
Update Information:
- Renamed Python2 package - Update to commit #160231 - Fixed Python3 package
version on EPEL
--------------------------------------------------------------------------------
8 years, 2 months