Fedora EPEL 7 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 7 Security updates need testing:
Age URL
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e6c7b4cbec tcpreplay-4.3.3-3.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-284f18e5de lout-3.40-18.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fd6ec50fa5 fastd-21-2.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3157c3d291 chromium-86.0.4240.111-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e816cf1fbc containerd-1.2.14-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
composer-1.10.17-1.el7
dmlite-1.14.2-1.el7
knot-3.0.1-1.el7
netdata-1.26.0-2.el7
pngcheck-2.4.0-1.el7
python-colcon-ed-0.1.2-1.el7
python-vcstool-0.2.15-1.el7
rr-5.4.0-1.el7
ufdbGuard-1.35.3-1.el7
wordpress-5.1.8-1.el7
Details about builds:
================================================================================
composer-1.10.17-1.el7 (FEDORA-EPEL-2020-307b6d311d)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.10.17** - 2020-10-30 * Fixed Bitbucket API authentication issue *
Fixed parsing of Composer 2 lock files breaking in some rare conditions ----
**Version 1.10.16** - 2020-10-24 * Added warning to `validate` command for
cases where packages provide/replace a package that they also require * Fixed
JSON schema validation issue with PHPStorm * Fixed symlink handling in `archive`
command ---- **Version 1.10.15** - 2020-10-13 * Fixed path repo version
guessing issue ---- **Version 1.10.14** - 2020-10-13 * Fixed version guesser
to look at remote branches as well as local ones * Fixed path repositories
version guessing to handle edge cases where version is different from the VCS-
guessed version * Fixed COMPOSER env var causing issues when combined with the
`global ` command * Fixed a few issues dealing with PHP without openssl
extension (not recommended at all but sometimes needed for testing)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Remi Collet <remi(a)remirepo.net> - 1.10.17-1
- update to 1.10.17
* Sun Oct 25 2020 Remi Collet <remi(a)remirepo.net> - 1.10.16-1
- update to 1.10.16
* Tue Oct 13 2020 Remi Collet <remi(a)remirepo.net> - 1.10.15-1
- update to 1.10.15
--------------------------------------------------------------------------------
================================================================================
dmlite-1.14.2-1.el7 (FEDORA-EPEL-2020-f69682b8ec)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
dmlite 1.14.2
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Oliver Keeble <oliver.keeble(a)cern.ch> - 1.14.2-1
- New upstream release 1.14.2
--------------------------------------------------------------------------------
================================================================================
knot-3.0.1-1.el7 (FEDORA-EPEL-2020-37d87dab96)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 12 2020 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 3.0.1-1
- Update to 3.0.1
- Sync packaging from upstream
--------------------------------------------------------------------------------
================================================================================
netdata-1.26.0-2.el7 (FEDORA-EPEL-2020-b449e1e6fe)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Fix wrong drop for el6 support
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.26.0-2
- Fix wrong drop for el6 support
- Fix tmpfiles (from /var/run to /run)
- Minors changes in netdata.conf
* Sun Nov 1 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.26.0-1
- Update from upstream
* Tue Sep 22 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.25.0-1
- Update from upstream
- Drop el6 support
* Thu Aug 13 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.24.0-1
- Update from upstream
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.23.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1858056 - netdata-1.26.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1858056
--------------------------------------------------------------------------------
================================================================================
pngcheck-2.4.0-1.el7 (FEDORA-EPEL-2020-aeaf0b9bc0)
Verifies the integrity of PNG, JNG and MNG files
--------------------------------------------------------------------------------
Update Information:
New upstream version 2.4.0: - tweaked color definitions slightly to work better
on terminals with white/light backgrounds - added eXIf support - fixed DHDR
(pre-MNG-1.0) bug ---- Enable executable hardening (PIC/PIE) ---- Initial
import (#1886858)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-colcon-ed-0.1.2-1.el7 (FEDORA-EPEL-2020-cb5fa1493c)
Extension for colcon to edit a file within a package
--------------------------------------------------------------------------------
Update Information:
Update to the latest `colcon-ed` release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Scott K Logan <logans(a)cottsay.net> - 0.1.2-1
- Update to 0.1.2 (rhbz#1893555)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893555 - python-colcon-ed-0.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893555
--------------------------------------------------------------------------------
================================================================================
python-vcstool-0.2.15-1.el7 (FEDORA-EPEL-2020-7061e58fe7)
Tool to invoke vcs commands on multiple repositories
--------------------------------------------------------------------------------
Update Information:
Update to the latest `vcstool` release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Scott K Logan <logans(a)cottsay.net> - 0.2.15-1
- Update to 0.2.15 (rhbz#1891662)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891662 - python-vcstool-0.2.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1891662
--------------------------------------------------------------------------------
================================================================================
rr-5.4.0-1.el7 (FEDORA-EPEL-2020-73c1cc5dfc)
Tool to record and replay execution of applications
--------------------------------------------------------------------------------
Update Information:
rr-5.4.0 release includes initial support for some AMD Zen and Zen 2 processors.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 William Cohen <wcohen(a)redhat.com> - 5.4.0-1
- Rebase to rr-5.4.0.
--------------------------------------------------------------------------------
================================================================================
ufdbGuard-1.35.3-1.el7 (FEDORA-EPEL-2020-e716fb6cb0)
A URL filter for squid
--------------------------------------------------------------------------------
Update Information:
1.35.3 ---- 1.35.2
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 1.35.3-1
- 1.35.3
* Fri Oct 30 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 1.35.2-1
- 1.35.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893326 - ufdbGuard-1.35.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893326
[ 2 ] Bug #1893819 - ufdbGuard-1.35.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893819
--------------------------------------------------------------------------------
================================================================================
wordpress-5.1.8-1.el7 (FEDORA-EPEL-2020-a5abe545c6)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 5.1.8 Maintenance Release** This maintenance release fixes an issue
introduced in WordPress 5.1.7 which makes it impossible to install WordPress on
a brand new website that does not have a database connection configured. ----
**WordPress 5.1.7 Security Release** **Security Updates** * Props to Alex
Concha of the WordPress Security Team for their work in hardening
deserialization requests. * Props to David Binovec on a fix to disable spam
embeds from disabled sites on a multisite network. * Thanks to Marc Montas
from Sucuri for reporting an issue that could lead to XSS from global variables.
* Thanks to Justin Tran who reported an issue surrounding privilege
escalation in XML-RPC. He also found and disclosed an issue around privilege
escalation around post commenting via XML-RPC. * Props to Omar Ganiev who
reported a method where a DoS attack could lead to RCE. * Thanks to Karim El
Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs. *
Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a
method to bypass protected meta that could lead to arbitrary file deletion. *
Thanks to Erwan LR from WPScan who responsibly disclosed a method that could
lead to CSRF. * And a special thanks to @zieladam who was integral in many of
the releases and patches during this release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Remi Collet <remi(a)remirepo.net> - 5.1.8-1
- WordPress 5.1.8 Maintenance Release
* Fri Oct 30 2020 Remi Collet <remi(a)remirepo.net> - 5.1.7-1
- WordPress 5.1.7 Security Release
--------------------------------------------------------------------------------