The following Fedora EPEL 6 Security updates need testing:
Age URL
54 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5aca1d385d remctl-3.14-1.el6
51 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-dd6e4a3f0b python34-3.4.8-1.el6
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9bdc4006c3 gifsicle-1.91-1.el6
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fca9555db1 cobbler-2.6.11-7.git95749a6.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ipmiutil-3.1.1-1.el6
liblxi-1.13-1.el6
lxi-tools-1.20-1.el6
prosody-0.10.2-1.el6
Details about builds:
================================================================================
ipmiutil-3.1.1-1.el6 (FEDORA-EPEL-2018-10e83b5f2f)
Easy-to-use IPMI server management utilities
--------------------------------------------------------------------------------
Update Information:
update to upstream 3.1.1, RHBZ# 1560767, 1555891
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2018 Andrew Cress <arcress at users.sourceforge.net> 3.1.1-1
- update to upstream 3.1.1, RHBZ# 1560767, 1555891
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1560767 - ipmiutil-3.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1560767
--------------------------------------------------------------------------------
================================================================================
liblxi-1.13-1.el6 (FEDORA-EPEL-2018-9267e3d14b)
Library with simple API for communication with LXI devices
--------------------------------------------------------------------------------
Update Information:
liblxi v1.13 ============ * Fix Sun RPC headers configure check The Sun
RPC headers have been moved out of glibc into a separate library, libtirpc.
Hence, check for glibc headers first and in case that fails search for headers
in libtirpc via pkg-config. * Add const qualifier Because it is the right
thing to do. * Update Travis * Use libtirpc for Sun RPC headers * Move
test directory liblxi v1.12 ============ * Add send/receive sanity checks
* Strip CR from ID response string Fixes corrupted output from 'lxi
discover'. liblxi v1.11 ============ * Fix mDNS/DNS-SD discover feature
liblxi v1.10 ============ * Update Travis * Cleanup * Add --disable-avahi
configure option Makes avahi mandatory unless --disable-avahi is provided.
liblxi v1.9 =========== * Update AUTHORS * Convert tabs to spaces * Make
API usable in C++ As suggested by Dima Kogan, lets wrap the API so that it
is usable in C++. * Only export lxi API specific functions Hide visibility
of internal functions so that only the lxi API specific ones are
exported/visible to applications linking with liblxi. These changes are
applied on behalf of Dima Kogan. * Add discover fallback to request ID via
HTTP/XML If retrieving the instrument ID fails via VXI-11 during discovery
then try to retrieve the ID via the /lxi/identification XML file hosted by some
instruments via HTTP. Adds dependency on libxml2. * Dmitri Goutnik: Make
code clang friendly, fix warnings liblxi v1.8 =========== * Fix
lxi_connect() so it does not apply lock Some instruments fail to lock for
exclusive access when creating a VXI-11 connection. So, to play it safe, we will
simply not try to lock when setting up the connection.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 1 2018 Robert Scheck <robert(a)fedoraproject.org> 1.13-1
- Upgrade to 1.13 (#1556050)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lxi-tools-1.20-1.el6 (FEDORA-EPEL-2018-daf980272e)
Tools collection to control LXI enabled instruments
--------------------------------------------------------------------------------
Update Information:
lxi-tools v1.20 =============== * Add bash completion for snap * Update
README Add tested instrument Keysight AWG 33612A as tested by Timur Aydin.
* Add const qualifier * Update AUTHORS * Require Lua 5.1 or newer *
Include test dir in distribution * Update Travis * Fix bash completion for
run command * Update basic-tests.lua * Move test directory * Add basic Lua
tests lxi-tools v1.19 =============== * Downgrade to Lua 5.2 * Update
Travis configuration * Add Lua scripting feature to support automation Add
run command which makes it possible to run Lua scripts to support advanced
instrument automation. To run a Lua script simply do: $ lxi run test.lua
The following LXI specific Lua functions are added and made available for use in
the Lua scripts: device = connect(ip) scpi(device, command)
scpi_raw(device, command) msleep(miliseconds) sleep(seconds)
disconnect(device) See src/test/test.lua for a simple Lua script example.
* Update README * Update AUTHORS * Improve regex of rs-hmo-rtb screenshot
plugin Include instruments made with "HAMEG" identifier. * README: Add
sponsors section * lxi-gui: Fix snap build * configure: use pkg-config to
check for Qt5 * lxi-gui: Cleanup Qt5 configuration * Reconfigure R&S
screenshot plugin to BMP * Add RTB2004 to list of tested instruments *
Dmitri Goutnik: Use QT_SELECT value instead of hardcoded QT version lxi-tools
v1.18 =============== * lxi-gui: Add X-axis title to data recorder chart *
lxi-gui: Fix data recorder chart colors and csv export * lxi-gui: Add SCPI
1999.0 commands * lxi-gui: Add data recorder save data feauture Add a save
button which allows to save recorded data to file in CSV format. * lxi:
Increase default discover mDNS timeout * lxi-gui: Optimize data recorder
plotting * lxi-gui: Fix arm snap build * lxi-gui: Print machine type during
qmake build * lxi-gui: Remove *OPT? SCPI command * lxi-gui: Use elapsed real
time in data recorder * lxi-gui: Print SCPI command requests * Add
screenshot support for RTB 2000 * Cleanup timeout handling, etc. * lxi-gui:
Reduce minimum window size * Add support for adding custom Qt qmake arguments
Add QMAKE_ARGUMENTS flag which allows to pass on arguments to qmake when
building lxi-gui. * lxi-gui: Make sure to call QT5 qmake lxi-tools v1.17
=============== * lxi-gui: Add input dialog for *ESE and *SRE commands *
lxi-gui: Fix qmake compile flags * lxi-gui: Start with SCPI page * Add
configure check for Qt5Charts * lxi-gui: Cleanup Name UI elements
accordingly * lxi-gui: Add screenshot live view * Update README screenshot
* lxi-gui: Add ID/IP instrument table header * lxi-gui: Tag as BETA * Update
README Introduce lxi-gui and include screenshot. * Link QT5 Charts
manually To avoid build issue with snap. * lxi-gui: Add data recorder
feature * lxi-gui: Add settings * lxi-gui: Add QT5 source files * lxi-gui:
Introduce responsive layout The lxi-gui application can now automatically
resize to fit any window size. * lxi-gui: Add 'Open in browser' right-click
feature * lxi-gui: Add IEEE 488.2 Common Commands * lxi-gui: Add about
details * lxi-gui: Add screenshot feature * lxi-gui: Add benchmark feature
* Split features into separate files * Update README * Update lxi-gui *
Add keysight-dmm screenshot plugin This plugin supports Keysight Truevolt
digital multimeters. * Set default discover timeout to 1 s * Add
experimental QT5 GUI Can be enabled using configure option --enable-lxi-gui
Requires QT 5.0.0 or newer. * Cleanup * Update Travis lxi-tools v1.16
=============== * Update AUTHORS * Convert tabs to spaces * Remove
experimental label from keysight-ivx plugin Tested with MSO-X 3024T by
ralphrmartin from EEVBlog forum. * Fix keysight-iv2000x plugin Fix header
strip and change image format to BMP. Improve regex. * Fix image format for
rigol-dg4000 plugin * Update completion script * Cleanup * Dmitri Goutnik:
Make code clang friendly lxi-tools v1.15 =============== * Update man page
* Add support for using raw/TCP in benchmark mode Add the option to run
benchmark using raw/TCP. For example: $ lxi benchmark --address 10.0.0.42
--port 5555 --raw Also, cleanup all port handling code and update
documentation accordingly. * Decrease timeout for discover to 2 s lxi-tools
v1.14 =============== * Make screenshot plugin only support Rigol DM3068
Rigol DM3068 is the only DM3000 series digital multimeter that seems to have
screenshot support. * Fix entering interactive mode Regardless of using
--interactive a SCPI command was still required to be provided to enter
interactive mode. * Update AUTHORS * Remove experimental label from Siglent
plugins Thanks to Siglent who helped fix and test all the screenshot plugins
for their instruments. * Cleanup screenshot plugins * Consolidate Rigol DSA
plugins into one * Update README and man page * Support writing screenshot
image to stdout To write screenshot image to stdout simply use '-' as the
output filename. This allows to pipe the screenshot image directly to other
tools for image processing. For example, using imagemagick to automatically
convert captured screenshot image to JPG: $ lxi screenshot -a 10.0.0.42 - |
convert - screenshot.jpg * Cleanup Siglent screenshot plugins * Update
siglent-ssa3000x plugin * Add siglent-sdg plugin * Add siglent-sdm3000
plugin * Move siglent-sds out of experimental * Extend Siglent plugin to
include SDS2000X lxi-tools v1.13 =============== * Update README * Update
SSA3000X capture command * Add completion for benchmark command * Update
AUTHORS * Fix get_device_id() This function was missing a call to
lxi_disconnect() which resulted in some instruments being left hanging when
capturing screenshots. Instruments that presumable only allow one active
connection. * Add benchmark feature This benchmark feature is useful if
you want to compare the VXI-11 request/response performance of your instruments.
By default the benchmark sends 100 SCPI ID requests ("*IDN?" commands) to the
instrument. For each request it waits for and reads the response. When done the
resulting request rate is printed. * Fix screenshot command when using plugin
autodetection The wrong timeout value was passed when trying to autodetect
which screenshot plugin to use. * Cleanup * Fix Rohde & Schwarz HMO 1000
screenshot plugin Fix plugin so that it does not strip off the PNG header of
the PNG image stream. Also, the source files and functions of the plugin is
now named more explicitly according to the name of the instrument series (HMO
1000). * Fix Siglent SSA3000 screenshot plugin
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 1 2018 Robert Scheck <robert(a)fedoraproject.org> 1.20-1
- Upgrade to 1.20
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
prosody-0.10.2-1.el6 (FEDORA-EPEL-2018-1ceee884b4)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.10.2 ============== See upstream's blog post at
https://blog.prosody.im/prosody-0-10-2-security-release/ for a full overview of
the release changes. Prosody 0.10.2 fixes a cross-host authentication
vulnerability, CVE-2018-10847. The issue affects Prosody instances that have
multiple virtual hosts (including anonymous authenticated hosts). All versions
of Prosody before 0.9.14 and 0.10.2 are affected. A full security advisory is
available at https://prosody.im/security/advisory_20180531 Security --------
* mod_c2s: Do not allow the stream ���to��� to change across stream restarts (fixes
#1147) Minor changes ------------- * mod_websocket: Store the request object
on the session for use by other modules (fixes #1153) * mod_c2s: Avoid
concatenating potential nil value (fixes #753) * core.certmanager: Allow all
non-whitespace in service name (fixes #1019) * mod_disco: Skip code specific
to disco on user accounts (avoids invoking usermanager, fixes #1150) *
mod_bosh: Store the normalized hostname on session (fixes #1151) * MUC: Fix
error logged when no persistent rooms present (fixes #1154) Dowstream
---------- * Changed log rotation from weekly/52 to local system defaults
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2018 Robert Scheck <robert(a)fedoraproject.org> 0.10.2-1
- Upgrade to 0.10.2 (#1584801)
- Changed log rotation from weekly/52 to local system defaults
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1584801 - CVE-2018-10847 prosody: cross-host authentication vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1584801
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
54 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2c81054303 remctl-3.14-1.el7
15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8b8dc96235 nodejs-deep-extend-0.5.1-1.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-860176245e gifsicle-1.91-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-48b823c3dc strongswan-5.6.2-6.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-90002f509e pdns-recursor-4.1.3-2.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-74ee3ae47e phpMyAdmin-4.4.15.10-3.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-65614e9fc9 thunderbird-enigmail-2.0.6-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bbdc0ecf38 cobbler-2.8.3-2.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-297fb7f6c0 chromium-66.0.3359.181-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
darktable-2.4.3-2.el7
dnsdist-1.3.0-1.el7
liblxi-1.13-1.el7
lxi-tools-1.20-1.el7
mailgraph-1.14-31.el7
prosody-0.10.2-1.el7
Details about builds:
================================================================================
darktable-2.4.3-2.el7 (FEDORA-EPEL-2018-99d8389168)
Utility to organize and develop raw images
--------------------------------------------------------------------------------
Update Information:
rebuild due library update
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2018 Germano Massullo <germano.massullo(a)gmail.com> - 2.4.3-2
- rebuilt due osm-gps-map update
--------------------------------------------------------------------------------
================================================================================
dnsdist-1.3.0-1.el7 (FEDORA-EPEL-2018-26cd5f9146)
Highly DNS-, DoS- and abuse-aware loadbalancer
--------------------------------------------------------------------------------
Update Information:
Upstream released new version. See
https://blog.powerdns.com/2018/03/30/dnsdist-1-3-0-released/ for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2018 Ruben Kerkhof <ruben(a)rubenkerkhof.com> - 1.3.0-1
- Upstream released new version
- Enable DNS over TLS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409154 - dnsdist-1.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1409154
--------------------------------------------------------------------------------
================================================================================
liblxi-1.13-1.el7 (FEDORA-EPEL-2018-ce1838fd73)
Library with simple API for communication with LXI devices
--------------------------------------------------------------------------------
Update Information:
liblxi v1.13 ============ * Fix Sun RPC headers configure check The Sun
RPC headers have been moved out of glibc into a separate library, libtirpc.
Hence, check for glibc headers first and in case that fails search for headers
in libtirpc via pkg-config. * Add const qualifier Because it is the right
thing to do. * Update Travis * Use libtirpc for Sun RPC headers * Move
test directory liblxi v1.12 ============ * Add send/receive sanity checks
* Strip CR from ID response string Fixes corrupted output from 'lxi
discover'. liblxi v1.11 ============ * Fix mDNS/DNS-SD discover feature
liblxi v1.10 ============ * Update Travis * Cleanup * Add --disable-avahi
configure option Makes avahi mandatory unless --disable-avahi is provided.
liblxi v1.9 =========== * Update AUTHORS * Convert tabs to spaces * Make
API usable in C++ As suggested by Dima Kogan, lets wrap the API so that it
is usable in C++. * Only export lxi API specific functions Hide visibility
of internal functions so that only the lxi API specific ones are
exported/visible to applications linking with liblxi. These changes are
applied on behalf of Dima Kogan. * Add discover fallback to request ID via
HTTP/XML If retrieving the instrument ID fails via VXI-11 during discovery
then try to retrieve the ID via the /lxi/identification XML file hosted by some
instruments via HTTP. Adds dependency on libxml2. * Dmitri Goutnik: Make
code clang friendly, fix warnings liblxi v1.8 =========== * Fix
lxi_connect() so it does not apply lock Some instruments fail to lock for
exclusive access when creating a VXI-11 connection. So, to play it safe, we will
simply not try to lock when setting up the connection.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 1 2018 Robert Scheck <robert(a)fedoraproject.org> 1.13-1
- Upgrade to 1.13 (#1556050)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lxi-tools-1.20-1.el7 (FEDORA-EPEL-2018-53a4588059)
Tools collection to control LXI enabled instruments
--------------------------------------------------------------------------------
Update Information:
lxi-tools v1.20 =============== * Add bash completion for snap * Update
README Add tested instrument Keysight AWG 33612A as tested by Timur Aydin.
* Add const qualifier * Update AUTHORS * Require Lua 5.1 or newer *
Include test dir in distribution * Update Travis * Fix bash completion for
run command * Update basic-tests.lua * Move test directory * Add basic Lua
tests lxi-tools v1.19 =============== * Downgrade to Lua 5.2 * Update
Travis configuration * Add Lua scripting feature to support automation Add
run command which makes it possible to run Lua scripts to support advanced
instrument automation. To run a Lua script simply do: $ lxi run test.lua
The following LXI specific Lua functions are added and made available for use in
the Lua scripts: device = connect(ip) scpi(device, command)
scpi_raw(device, command) msleep(miliseconds) sleep(seconds)
disconnect(device) See src/test/test.lua for a simple Lua script example.
* Update README * Update AUTHORS * Improve regex of rs-hmo-rtb screenshot
plugin Include instruments made with "HAMEG" identifier. * README: Add
sponsors section * lxi-gui: Fix snap build * configure: use pkg-config to
check for Qt5 * lxi-gui: Cleanup Qt5 configuration * Reconfigure R&S
screenshot plugin to BMP * Add RTB2004 to list of tested instruments *
Dmitri Goutnik: Use QT_SELECT value instead of hardcoded QT version lxi-tools
v1.18 =============== * lxi-gui: Add X-axis title to data recorder chart *
lxi-gui: Fix data recorder chart colors and csv export * lxi-gui: Add SCPI
1999.0 commands * lxi-gui: Add data recorder save data feauture Add a save
button which allows to save recorded data to file in CSV format. * lxi:
Increase default discover mDNS timeout * lxi-gui: Optimize data recorder
plotting * lxi-gui: Fix arm snap build * lxi-gui: Print machine type during
qmake build * lxi-gui: Remove *OPT? SCPI command * lxi-gui: Use elapsed real
time in data recorder * lxi-gui: Print SCPI command requests * Add
screenshot support for RTB 2000 * Cleanup timeout handling, etc. * lxi-gui:
Reduce minimum window size * Add support for adding custom Qt qmake arguments
Add QMAKE_ARGUMENTS flag which allows to pass on arguments to qmake when
building lxi-gui. * lxi-gui: Make sure to call QT5 qmake lxi-tools v1.17
=============== * lxi-gui: Add input dialog for *ESE and *SRE commands *
lxi-gui: Fix qmake compile flags * lxi-gui: Start with SCPI page * Add
configure check for Qt5Charts * lxi-gui: Cleanup Name UI elements
accordingly * lxi-gui: Add screenshot live view * Update README screenshot
* lxi-gui: Add ID/IP instrument table header * lxi-gui: Tag as BETA * Update
README Introduce lxi-gui and include screenshot. * Link QT5 Charts
manually To avoid build issue with snap. * lxi-gui: Add data recorder
feature * lxi-gui: Add settings * lxi-gui: Add QT5 source files * lxi-gui:
Introduce responsive layout The lxi-gui application can now automatically
resize to fit any window size. * lxi-gui: Add 'Open in browser' right-click
feature * lxi-gui: Add IEEE 488.2 Common Commands * lxi-gui: Add about
details * lxi-gui: Add screenshot feature * lxi-gui: Add benchmark feature
* Split features into separate files * Update README * Update lxi-gui *
Add keysight-dmm screenshot plugin This plugin supports Keysight Truevolt
digital multimeters. * Set default discover timeout to 1 s * Add
experimental QT5 GUI Can be enabled using configure option --enable-lxi-gui
Requires QT 5.0.0 or newer. * Cleanup * Update Travis lxi-tools v1.16
=============== * Update AUTHORS * Convert tabs to spaces * Remove
experimental label from keysight-ivx plugin Tested with MSO-X 3024T by
ralphrmartin from EEVBlog forum. * Fix keysight-iv2000x plugin Fix header
strip and change image format to BMP. Improve regex. * Fix image format for
rigol-dg4000 plugin * Update completion script * Cleanup * Dmitri Goutnik:
Make code clang friendly lxi-tools v1.15 =============== * Update man page
* Add support for using raw/TCP in benchmark mode Add the option to run
benchmark using raw/TCP. For example: $ lxi benchmark --address 10.0.0.42
--port 5555 --raw Also, cleanup all port handling code and update
documentation accordingly. * Decrease timeout for discover to 2 s lxi-tools
v1.14 =============== * Make screenshot plugin only support Rigol DM3068
Rigol DM3068 is the only DM3000 series digital multimeter that seems to have
screenshot support. * Fix entering interactive mode Regardless of using
--interactive a SCPI command was still required to be provided to enter
interactive mode. * Update AUTHORS * Remove experimental label from Siglent
plugins Thanks to Siglent who helped fix and test all the screenshot plugins
for their instruments. * Cleanup screenshot plugins * Consolidate Rigol DSA
plugins into one * Update README and man page * Support writing screenshot
image to stdout To write screenshot image to stdout simply use '-' as the
output filename. This allows to pipe the screenshot image directly to other
tools for image processing. For example, using imagemagick to automatically
convert captured screenshot image to JPG: $ lxi screenshot -a 10.0.0.42 - |
convert - screenshot.jpg * Cleanup Siglent screenshot plugins * Update
siglent-ssa3000x plugin * Add siglent-sdg plugin * Add siglent-sdm3000
plugin * Move siglent-sds out of experimental * Extend Siglent plugin to
include SDS2000X lxi-tools v1.13 =============== * Update README * Update
SSA3000X capture command * Add completion for benchmark command * Update
AUTHORS * Fix get_device_id() This function was missing a call to
lxi_disconnect() which resulted in some instruments being left hanging when
capturing screenshots. Instruments that presumable only allow one active
connection. * Add benchmark feature This benchmark feature is useful if
you want to compare the VXI-11 request/response performance of your instruments.
By default the benchmark sends 100 SCPI ID requests ("*IDN?" commands) to the
instrument. For each request it waits for and reads the response. When done the
resulting request rate is printed. * Fix screenshot command when using plugin
autodetection The wrong timeout value was passed when trying to autodetect
which screenshot plugin to use. * Cleanup * Fix Rohde & Schwarz HMO 1000
screenshot plugin Fix plugin so that it does not strip off the PNG header of
the PNG image stream. Also, the source files and functions of the plugin is
now named more explicitly according to the name of the instrument series (HMO
1000). * Fix Siglent SSA3000 screenshot plugin
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 1 2018 Robert Scheck <robert(a)fedoraproject.org> 1.20-1
- Upgrade to 1.20
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mailgraph-1.14-31.el7 (FEDORA-EPEL-2018-553f48d153)
A RRDtool frontend for Mail statistics
--------------------------------------------------------------------------------
Update Information:
Build for epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1232258 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1232258
--------------------------------------------------------------------------------
================================================================================
prosody-0.10.2-1.el7 (FEDORA-EPEL-2018-7155fb2e51)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.10.2 ============== See upstream's blog post at
https://blog.prosody.im/prosody-0-10-2-security-release/ for a full overview of
the release changes. Prosody 0.10.2 fixes a cross-host authentication
vulnerability, CVE-2018-10847. The issue affects Prosody instances that have
multiple virtual hosts (including anonymous authenticated hosts). All versions
of Prosody before 0.9.14 and 0.10.2 are affected. A full security advisory is
available at https://prosody.im/security/advisory_20180531 Security --------
* mod_c2s: Do not allow the stream ���to��� to change across stream restarts (fixes
#1147) Minor changes ------------- * mod_websocket: Store the request object
on the session for use by other modules (fixes #1153) * mod_c2s: Avoid
concatenating potential nil value (fixes #753) * core.certmanager: Allow all
non-whitespace in service name (fixes #1019) * mod_disco: Skip code specific
to disco on user accounts (avoids invoking usermanager, fixes #1150) *
mod_bosh: Store the normalized hostname on session (fixes #1151) * MUC: Fix
error logged when no persistent rooms present (fixes #1154) Dowstream
---------- * Changed log rotation from weekly/52 to local system defaults
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2018 Robert Scheck <robert(a)fedoraproject.org> 0.10.2-1
- Upgrade to 0.10.2 (#1584801)
- Changed log rotation from weekly/52 to local system defaults
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1584801 - CVE-2018-10847 prosody: cross-host authentication vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1584801
--------------------------------------------------------------------------------