The following Fedora EPEL 7 Security updates need testing:
Age URL
651
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
413
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
131
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c
redis-3.2.3-1.el7
115
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
58
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6
compat-guile18-1.8.8-14.el7
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fd41ef0987
php-simplesamlphp-saml2-2.3.3-1.el7 php-simplesamlphp-saml2_1-1.10.3-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-090cbd0a83
botan-1.10.14-3.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-73b4fc1c78
chromium-55.0.2883.87-1.el7.1
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d21e337184
hdf5-1.8.12-8.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0899019edf
game-music-emu-0.6.1-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-911ea9b639
fedfind-3.2.3-1.el7 python-wikitcms-2.1.9-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-17165c490b
nagios-plugins-2.1.4-2.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-857dac8710
tarantool-1.6.9.52-2.el7 msgpuck-1.1.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
blender-2.68a-6.el7
daala-0-3.20161216git28de40b.el7
epel-rpm-macros-7-13
fedfind-3.2.3-1.el7
golang-bitbucket-kardianos-osext-0-0.13.hg364fb577de68.el7
golang-bitbucket-ww-goautoneg-0-0.10.git75cd24fc2f2c.el7
golang-github-akrennmair-gopcap-0-0.3.git00e1103.el7
golang-github-beorn7-perks-0-0.8.gitb965b61.el7
golang-github-bgentry-speakeasy-0-0.7.git36e9cfd.el7
golang-github-boltdb-bolt-1.3.0-0.2.git583e893.el7
golang-github-bugsnag-bugsnag-go-1.0.4-5.el7
golang-github-bugsnag-panicwrap-1.1.0-0.3.gitaceac81.el7
golang-github-cheggaaa-pb-0-0.3.gitda1f27a.el7
golang-github-cockroachdb-cmux-0-0.4.git112f050.el7
golang-github-coreos-go-semver-0-0.10.git568e959.el7
golang-github-coreos-go-systemd-10-2.el7
golang-github-coreos-pkg-0-0.10.gitfa29b1d.el7
golang-github-dustin-go-humanize-0-0.3.git8929fe9.el7
golang-github-ghodss-yaml-0-0.12.git73d445a.el7
golang-github-godbus-dbus-3-0.5.gitc7fdd8b.el7
golang-github-golang-sys-0-0.8.git62bee03.el7
golang-github-google-btree-0-0.7.git7d79101.el7
golang-github-grpc-ecosystem-grpc-gateway-1.0.0-0.2.gitf52d055.el7
golang-github-mattn-go-runewidth-0-0.3.gitd6bea18.el7
golang-github-olekukonko-tablewriter-0-0.4.gitcca8bbc.el7
golang-github-olekukonko-ts-0-0.3.gitecf753e.el7
golang-googlecode-go-crypto-0-0.12.gitc10c31b.el7
golang-gopkg-yaml-1-15.el7
libebur128-1.2.0-1.el7
msgpuck-1.1.3-1.el7
nagios-plugins-2.1.4-2.el7
nordugrid-arc-5.2.1-1.el7
nordugrid-arc-doc-2.0.12-1.el7
owncloud-9.1.3-1.el7
pdc-updater-0.4.1-1.el7
perl-Class-Accessor-Chained-0.01-28.el7
perl-Class-ReturnValue-0.55-23.el7
perl-File-KeePass-2.03-10.el7
perl-HTML-Strip-2.10-2.el7
php-icewind-smb-1.1.2-1.el7
python-wikitcms-2.1.9-1.el7
tarantool-1.6.9.52-2.el7
uthash-2.0.1-1.el7
znc-1.6.4-1.el7
Details about builds:
================================================================================
blender-2.68a-6.el7 (FEDORA-EPEL-2016-3680690ba0)
3D modeling, animation, rendering and post-production
--------------------------------------------------------------------------------
Update Information:
Update to 2.68
--------------------------------------------------------------------------------
================================================================================
daala-0-3.20161216git28de40b.el7 (FEDORA-EPEL-2016-fd30b4d48d)
Daala video compression
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396478 - Review Request: daala - Daala video compression
https://bugzilla.redhat.com/show_bug.cgi?id=1396478
--------------------------------------------------------------------------------
================================================================================
epel-rpm-macros-7-13 (FEDORA-EPEL-2016-1861e967a3)
Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:
Add vpath macros for use by meson. ---- Override %_pkgdocdir (bug #1392354)
--------------------------------------------------------------------------------
================================================================================
fedfind-3.2.3-1.el7 (FEDORA-EPEL-2016-911ea9b639)
Fedora Finder finds Fedora
--------------------------------------------------------------------------------
Update Information:
python-wikitcms 2.1.9 is a **SECURITY** fix for an issue with potentially
serious consequences but very limited scope. If an administrator of a wiki you
talked to using python-wikitcms were malicious, they could cause arbitrary code
execution as the user running wikitcms. No-one besides a wiki administrator
could do this, as it requires crafting the wiki's response to an edit request to
include a malicious payload. fedfind 3.0 changes how fedfind finds images for
composes without metadata (which is basically milestone - Alpha / Beta - and
stable releases). Formerly it found them by scraping rsync output, which was
slow, generated quite a lot of load on both server and client, and was
vulnerable to the rsync server being full. We have now tweaked things so that
the primary mirror has `imagelist` files for the `fedora`, `alt` and `archive`
trees which list every single image file - but no other files - in those trees.
fedfind now simply parses these `imagelist` files to find images. As the files
only list images they are pretty small (the biggest is under 500KiB) and they
are cached locally and only re-downloaded when they change, this is much faster,
more efficient, and uses less bandwidth. There are also some changes to ensure
the tests run properly on EL 6, EL 7 and Fedora 23, and a missing dependency for
EL 6 was added - `argparse` is a part of the Python standard library for all the
other distros, but for EL 6 it is still a separate package. fedfind 3.1 changes
how fedfind handles metadata for composes which were originally created by Pungi
4 and had real metadata, but were then modified in some ways and had their
metadata removed. This includes milestone and stable releases for Fedora 24 and
later: when these are placed in their 'final' locations on the mirrors, some
contents are split into different locations and some deliverables are removed.
Previously, fedfind would simply synthesize metadata for these composes, as it
does for pre-Pungi 4 composes. Now, it first attempts to find the original
metadata (from [
PDC](https://pdc.fedoraproject.org/)) and adjust it for the
modified image locations, while preserving all the other image attributes from
the original metadata (including ones it could not synthesize). It will only
fall back to synthesizing the metadata if it cannot find corresponding metadata
from PDC. The practical result of this is that you should get more reliable and
complete metadata for these composes. fedfind 3.2 adds support for the [post-
release live respin
composes](https://dl.fedoraproject.org/pub/alt/live-
respins/) to fedfind. These work a little differently to most other compose
types: please see the documentation for more information. This support is
primarily intended to enable testing of these composes in
[openQA](https://openqa.fedoraproject.org).
--------------------------------------------------------------------------------
================================================================================
golang-bitbucket-kardianos-osext-0-0.13.hg364fb577de68.el7 (FEDORA-EPEL-2016-46d76c0ba8)
Extensions to the standard Go OS package
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1254591 - Tracker for golang-bitbucket-kardianos-osext
https://bugzilla.redhat.com/show_bug.cgi?id=1254591
--------------------------------------------------------------------------------
================================================================================
golang-bitbucket-ww-goautoneg-0-0.10.git75cd24fc2f2c.el7 (FEDORA-EPEL-2016-eeb5eb25e8)
HTTP Content-Type Autonegotiation
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1247619 - Tracker for golang-bitbucket-ww-goautoneg
https://bugzilla.redhat.com/show_bug.cgi?id=1247619
--------------------------------------------------------------------------------
================================================================================
golang-github-akrennmair-gopcap-0-0.3.git00e1103.el7 (FEDORA-EPEL-2016-786a55da7b)
A simple wrapper around libpcap for the Go programming language
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405532 - Tracker for golang-github-akrennmair-gopcap
https://bugzilla.redhat.com/show_bug.cgi?id=1405532
--------------------------------------------------------------------------------
================================================================================
golang-github-beorn7-perks-0-0.8.gitb965b61.el7 (FEDORA-EPEL-2016-dc5969fdc1)
Effective Computation of Things
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248633 - Tracker for golang-github-beorn7-perks
https://bugzilla.redhat.com/show_bug.cgi?id=1248633
--------------------------------------------------------------------------------
================================================================================
golang-github-bgentry-speakeasy-0-0.7.git36e9cfd.el7 (FEDORA-EPEL-2016-c6854c4605)
Golang helpers for reading password input without cgo
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250454 - Tracker for golang-github-bgentry-speakeasy
https://bugzilla.redhat.com/show_bug.cgi?id=1250454
--------------------------------------------------------------------------------
================================================================================
golang-github-boltdb-bolt-1.3.0-0.2.git583e893.el7 (FEDORA-EPEL-2016-e5c99b0e71)
A low-level key/value database for Go
--------------------------------------------------------------------------------
Update Information:
Polish the spec file ---- Bump to upstream
583e8937c61f1af6513608ccc75c97b6abdf4ff9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246207 - Tracker for golang-github-boltdb-bolt
https://bugzilla.redhat.com/show_bug.cgi?id=1246207
--------------------------------------------------------------------------------
================================================================================
golang-github-bugsnag-bugsnag-go-1.0.4-5.el7 (FEDORA-EPEL-2016-f64aaa24ee)
Automatic panic monitoring for golang, net/http and revel
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405699 - Tracker for golang-github-bugsnag-bugsnag-go
https://bugzilla.redhat.com/show_bug.cgi?id=1405699
--------------------------------------------------------------------------------
================================================================================
golang-github-bugsnag-panicwrap-1.1.0-0.3.gitaceac81.el7 (FEDORA-EPEL-2016-1def601200)
Go library for catching and handling panics in Go applications
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1313834 - Tracker for golang-github-bugsnag-panicwrap
https://bugzilla.redhat.com/show_bug.cgi?id=1313834
--------------------------------------------------------------------------------
================================================================================
golang-github-cheggaaa-pb-0-0.3.gitda1f27a.el7 (FEDORA-EPEL-2016-52732fcfbb)
Console progress bar for Golang
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405557 - Tracker for golang-github-cheggaaa-pb
https://bugzilla.redhat.com/show_bug.cgi?id=1405557
--------------------------------------------------------------------------------
================================================================================
golang-github-cockroachdb-cmux-0-0.4.git112f050.el7 (FEDORA-EPEL-2016-a05c86a73a)
Connection mux for serving different services on the same port
--------------------------------------------------------------------------------
Update Information:
Polish the spec file ---- First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387177 - Tracker for golang-github-cockroachdb-cmux
https://bugzilla.redhat.com/show_bug.cgi?id=1387177
[ 2 ] Bug #1336218 - Review Request: golang-github-cockroachdb-cmux - Connection mux for
serving different services on the same port
https://bugzilla.redhat.com/show_bug.cgi?id=1336218
--------------------------------------------------------------------------------
================================================================================
golang-github-coreos-go-semver-0-0.10.git568e959.el7 (FEDORA-EPEL-2016-73c45851e3)
Go semantic versioning library
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248718 - Tracker for golang-github-coreos-go-semver
https://bugzilla.redhat.com/show_bug.cgi?id=1248718
--------------------------------------------------------------------------------
================================================================================
golang-github-coreos-go-systemd-10-2.el7 (FEDORA-EPEL-2016-512b6309ba)
Go bindings to systemd socket activation, journal and D-BUS APIs
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248722 - Tracker for golang-github-coreos-go-systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1248722
--------------------------------------------------------------------------------
================================================================================
golang-github-coreos-pkg-0-0.10.gitfa29b1d.el7 (FEDORA-EPEL-2016-aff3eb65a4)
A collection of go utility packages
--------------------------------------------------------------------------------
Update Information:
Disable checks due to cyclic deps
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1245958 - Review Request: golang-github-coreos-pkg - A collection of go
utility packages
https://bugzilla.redhat.com/show_bug.cgi?id=1245958
--------------------------------------------------------------------------------
================================================================================
golang-github-dustin-go-humanize-0-0.3.git8929fe9.el7 (FEDORA-EPEL-2016-3a1b2d7741)
Formatters for units to human friendly sizes
--------------------------------------------------------------------------------
Update Information:
Polish the spec file ---- First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405624 - Tracker for golang-github-dustin-go-humanize
https://bugzilla.redhat.com/show_bug.cgi?id=1405624
[ 2 ] Bug #1336217 - Review Request: golang-github-dustin-go-humanize - Formatters for
units to human friendly sizes
https://bugzilla.redhat.com/show_bug.cgi?id=1336217
--------------------------------------------------------------------------------
================================================================================
golang-github-ghodss-yaml-0-0.12.git73d445a.el7 (FEDORA-EPEL-2016-410b8734d2)
A better way to marshal and unmarshal YAML in Golang
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249030 - Tracker for golang-github-ghodss-yaml
https://bugzilla.redhat.com/show_bug.cgi?id=1249030
--------------------------------------------------------------------------------
================================================================================
golang-github-godbus-dbus-3-0.5.gitc7fdd8b.el7 (FEDORA-EPEL-2016-fbf6bf60fa)
Go client bindings for D-Bus
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249043 - Tracker for golang-github-godbus-dbus
https://bugzilla.redhat.com/show_bug.cgi?id=1249043
--------------------------------------------------------------------------------
================================================================================
golang-github-golang-sys-0-0.8.git62bee03.el7 (FEDORA-EPEL-2016-c3cf52634c)
Go packages for low-level interaction with the operating system
--------------------------------------------------------------------------------
Update Information:
Polish the spec file ---- Bump to upstream
62bee037599929a6e9146f29d10dd5208c43507d ---- Enable devel and unit-test
subpackage for epel7 ---- Bump to upstream
33267e036fd93fcd26ea95b7bdaf2d8306cb743c
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1360748 - update for s390x support
https://bugzilla.redhat.com/show_bug.cgi?id=1360748
--------------------------------------------------------------------------------
================================================================================
golang-github-google-btree-0-0.7.git7d79101.el7 (FEDORA-EPEL-2016-7e449ea7fe)
BTree implementation for Go
--------------------------------------------------------------------------------
Update Information:
Polish the spec file ---- Bump to upstream
7d79101e329e5a3adf994758c578dab82b90c017
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250460 - Tracker for golang-github-google-btree
https://bugzilla.redhat.com/show_bug.cgi?id=1250460
--------------------------------------------------------------------------------
================================================================================
golang-github-grpc-ecosystem-grpc-gateway-1.0.0-0.2.gitf52d055.el7
(FEDORA-EPEL-2016-6e46f66323)
GRPC to JSON proxy generator
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405682 - Tracker for golang-github-grpc-ecosystem-grpc-gateway
https://bugzilla.redhat.com/show_bug.cgi?id=1405682
--------------------------------------------------------------------------------
================================================================================
golang-github-mattn-go-runewidth-0-0.3.gitd6bea18.el7 (FEDORA-EPEL-2016-b9678903cc)
Functions for getting fixed width of the character or string
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405690 - Tracker for golang-github-mattn-go-runewidth
https://bugzilla.redhat.com/show_bug.cgi?id=1405690
--------------------------------------------------------------------------------
================================================================================
golang-github-olekukonko-tablewriter-0-0.4.gitcca8bbc.el7 (FEDORA-EPEL-2016-41c5eb861d)
ASCII table in golang
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1320304 - Tracker for golang-github-olekukonko-tablewriter
https://bugzilla.redhat.com/show_bug.cgi?id=1320304
--------------------------------------------------------------------------------
================================================================================
golang-github-olekukonko-ts-0-0.3.gitecf753e.el7 (FEDORA-EPEL-2016-8946616811)
Simple go Application to get Terminal Size
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405558 - Tracker for golang-github-olekukonko-ts
https://bugzilla.redhat.com/show_bug.cgi?id=1405558
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-go-crypto-0-0.12.gitc10c31b.el7 (FEDORA-EPEL-2016-d313acc8c2)
Supplementary Go cryptography libraries
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1231618 - Tracker for golang-googlecode-go-crypto
https://bugzilla.redhat.com/show_bug.cgi?id=1231618
--------------------------------------------------------------------------------
================================================================================
golang-gopkg-yaml-1-15.el7 (FEDORA-EPEL-2016-59feb8acab)
Enables Go programs to comfortably encode and decode YAML values
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250524 - Tracker for golang-gopkg-yaml
https://bugzilla.redhat.com/show_bug.cgi?id=1250524
--------------------------------------------------------------------------------
================================================================================
libebur128-1.2.0-1.el7 (FEDORA-EPEL-2016-d5468b814d)
A library that implements the EBU R 128 standard for loudness normalization
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.0 after unretiring the package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396406 - Review Request: libebur128 - A library that implements the EBU R
128 standard for loudness normalization
https://bugzilla.redhat.com/show_bug.cgi?id=1396406
[ 2 ] Bug #1260813 - libebur128-v1.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1260813
--------------------------------------------------------------------------------
================================================================================
msgpuck-1.1.3-1.el7 (FEDORA-EPEL-2016-857dac8710)
MsgPack binary serialization library in a self-contained header
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2016-9036 and CVE-2016-9037. These vulnerabilities are embargoed, but
Mitre will publish them in the next couple days.
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-2.1.4-2.el7 (FEDORA-EPEL-2016-17165c490b)
Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:
Updated to 2.1.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #752949 - ldap_bind: Can't contact LDAP server via SSL
https://bugzilla.redhat.com/show_bug.cgi?id=752949
[ 2 ] Bug #1368089 - check_file_age broken
https://bugzilla.redhat.com/show_bug.cgi?id=1368089
[ 3 ] Bug #1335245 - check_mailq fails with syntax error
https://bugzilla.redhat.com/show_bug.cgi?id=1335245
[ 4 ] Bug #1362322 - nagios-plugins-2.1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1362322
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-5.2.1-1.el7 (FEDORA-EPEL-2016-3dacd28e24)
Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:
ARC 5.2.1
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-doc-2.0.12-1.el7 (FEDORA-EPEL-2016-3dacd28e24)
Advanced Resource Connector Documentation
--------------------------------------------------------------------------------
Update Information:
ARC 5.2.1
--------------------------------------------------------------------------------
================================================================================
owncloud-9.1.3-1.el7 (FEDORA-EPEL-2016-1aaf3030a8)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
Update owncloud to 9.1.3 Note this is a major update from 9.0 This build will
also provide compatibility mod_php for PHP7 from 3rd party repos
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1393164 - owncloud-9.1.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1393164
--------------------------------------------------------------------------------
================================================================================
pdc-updater-0.4.1-1.el7 (FEDORA-EPEL-2016-ab22e51cee)
Update the product definition center in response to fedmsg
--------------------------------------------------------------------------------
Update Information:
Operation on different bus backends.
--------------------------------------------------------------------------------
================================================================================
perl-Class-Accessor-Chained-0.01-28.el7 (FEDORA-EPEL-2016-7597fd7e41)
Make chained accessors
--------------------------------------------------------------------------------
Update Information:
Provide perl-Class-Accessor-Chained for epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1108387 - Build perl-Class-Accessor-Chained for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1108387
--------------------------------------------------------------------------------
================================================================================
perl-Class-ReturnValue-0.55-23.el7 (FEDORA-EPEL-2016-b9daf3df34)
Class::ReturnValue Perl module
--------------------------------------------------------------------------------
Update Information:
Provide perl-Class-ReturnValue for epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1108388 - Build perl-Class-ReturnValue for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1108388
--------------------------------------------------------------------------------
================================================================================
perl-File-KeePass-2.03-10.el7 (FEDORA-EPEL-2016-0bb7148f46)
Interface to KeePass V1 and V2 database files
--------------------------------------------------------------------------------
Update Information:
Add Requires so compression, MIME, and XML decoding work correctly
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1328327 - Unable to open keepass 2 database
https://bugzilla.redhat.com/show_bug.cgi?id=1328327
--------------------------------------------------------------------------------
================================================================================
perl-HTML-Strip-2.10-2.el7 (FEDORA-EPEL-2016-c499e81710)
Perl extension for stripping HTML markup from text
--------------------------------------------------------------------------------
Update Information:
Buidl for epel7
--------------------------------------------------------------------------------
================================================================================
php-icewind-smb-1.1.2-1.el7 (FEDORA-EPEL-2016-1aaf3030a8)
php wrapper for smbclient and libsmbclient-php
--------------------------------------------------------------------------------
Update Information:
Update owncloud to 9.1.3 Note this is a major update from 9.0 This build will
also provide compatibility mod_php for PHP7 from 3rd party repos
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1393164 - owncloud-9.1.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1393164
--------------------------------------------------------------------------------
================================================================================
python-wikitcms-2.1.9-1.el7 (FEDORA-EPEL-2016-911ea9b639)
Fedora QA wiki test management Python library
--------------------------------------------------------------------------------
Update Information:
python-wikitcms 2.1.9 is a **SECURITY** fix for an issue with potentially
serious consequences but very limited scope. If an administrator of a wiki you
talked to using python-wikitcms were malicious, they could cause arbitrary code
execution as the user running wikitcms. No-one besides a wiki administrator
could do this, as it requires crafting the wiki's response to an edit request to
include a malicious payload. fedfind 3.0 changes how fedfind finds images for
composes without metadata (which is basically milestone - Alpha / Beta - and
stable releases). Formerly it found them by scraping rsync output, which was
slow, generated quite a lot of load on both server and client, and was
vulnerable to the rsync server being full. We have now tweaked things so that
the primary mirror has `imagelist` files for the `fedora`, `alt` and `archive`
trees which list every single image file - but no other files - in those trees.
fedfind now simply parses these `imagelist` files to find images. As the files
only list images they are pretty small (the biggest is under 500KiB) and they
are cached locally and only re-downloaded when they change, this is much faster,
more efficient, and uses less bandwidth. There are also some changes to ensure
the tests run properly on EL 6, EL 7 and Fedora 23, and a missing dependency for
EL 6 was added - `argparse` is a part of the Python standard library for all the
other distros, but for EL 6 it is still a separate package. fedfind 3.1 changes
how fedfind handles metadata for composes which were originally created by Pungi
4 and had real metadata, but were then modified in some ways and had their
metadata removed. This includes milestone and stable releases for Fedora 24 and
later: when these are placed in their 'final' locations on the mirrors, some
contents are split into different locations and some deliverables are removed.
Previously, fedfind would simply synthesize metadata for these composes, as it
does for pre-Pungi 4 composes. Now, it first attempts to find the original
metadata (from [
PDC](https://pdc.fedoraproject.org/)) and adjust it for the
modified image locations, while preserving all the other image attributes from
the original metadata (including ones it could not synthesize). It will only
fall back to synthesizing the metadata if it cannot find corresponding metadata
from PDC. The practical result of this is that you should get more reliable and
complete metadata for these composes. fedfind 3.2 adds support for the [post-
release live respin
composes](https://dl.fedoraproject.org/pub/alt/live-
respins/) to fedfind. These work a little differently to most other compose
types: please see the documentation for more information. This support is
primarily intended to enable testing of these composes in
[openQA](https://openqa.fedoraproject.org).
--------------------------------------------------------------------------------
================================================================================
tarantool-1.6.9.52-2.el7 (FEDORA-EPEL-2016-857dac8710)
In-memory database and Lua application server
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2016-9036 and CVE-2016-9037. These vulnerabilities are embargoed, but
Mitre will publish them in the next couple days.
--------------------------------------------------------------------------------
================================================================================
uthash-2.0.1-1.el7 (FEDORA-EPEL-2016-02c614561d)
A hash table for C structures
--------------------------------------------------------------------------------
Update Information:
### Update to v2.0.1 * Introduce libut / libvector * Add BR: perl
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401591 - uthash-1.9.9-10.fc24 FTBFS
https://bugzilla.redhat.com/show_bug.cgi?id=1401591
--------------------------------------------------------------------------------
================================================================================
znc-1.6.4-1.el7 (FEDORA-EPEL-2016-5c73ebbb87)
An advanced IRC bouncer
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402101 - znc-1.6.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1402101
[ 2 ] Bug #1391300 - Nothing owns %_libdir/znc
https://bugzilla.redhat.com/show_bug.cgi?id=1391300
[ 3 ] Bug #1383989 - znc-1.6.3-5.fc26 FTBFS against OpenSSL 1.1.0
https://bugzilla.redhat.com/show_bug.cgi?id=1383989
--------------------------------------------------------------------------------