The following Fedora EPEL 7 Security updates need testing:
Age URL
678
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
419
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
417
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
127
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
67
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-19d171a465
python34-3.4.10-5.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-dbca324350
nghttp2-1.33.0-1.1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-761bce8292
wordpress-5.1.6-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a1eff3982c
tcpreplay-4.3.3-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-add380f567
php-horde-horde-5.2.23-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f33a36b2c4
python-httplib2-0.18.1-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-83.0.4103.106-1.el7
lynis-3.0.0-1.el7
perl-IO-Interactive-1.022-11.el7
perl-Net-Amazon-S3-0.89-2.el7
perl-Term-ProgressBar-Quiet-0.31-17.el7
perl-Term-ProgressBar-Simple-0.03-17.el7
python-blessed-1.17.8-2.el7
python-catkin_lint-1.6.9-1.el7
python-enlighten-1.6.0-2.el7
python-pluginlib-0.8.0-1.el7
python-regex-2020.6.8-2.el7
rmlint-2.10.1-1.el7
vim-trailing-whitespace-1.0-1.20191209git6b7cdec.el7
znc-1.8.1-1.el7
Details about builds:
================================================================================
chromium-83.0.4103.106-1.el7 (FEDORA-EPEL-2020-e6b96a7e3a)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Black Lives Matter. Saying this does not mean that other lives do not matter. It
should not be controversial to say this. If I say Chromium updates matter, it
does not mean that other Fedora packages do not matter, it means that a Chromium
update is needed to fix this giant pile of severe security vulnerabilities,
here, today, now: CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467
CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472
CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478
CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483
CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488
CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6505 CVE-2020-6506
CVE-2020-6507 In making that analogy, I do not intend to trivialize BLM. In no
way do I mean to compare the lives of people to a silly web browser update.
People are infinitely important than software. But since I'm here to push this
software update out, I am also choosing to say clearly and unambiguously that
Black Lives Matter. Open Source proves that many voices, many contributions,
together can change the world. It depends on it. This is my voice.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 18 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.106-1
- update to 83.0.4103.106
- remove duplicate ServiceWorker fix
- add fix to work around gcc bug on aarch64
* Tue Jun 16 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-5
- add ServiceWorker fix
* Mon Jun 15 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-4
- use old cups handling on epel7
- fix skia attribute overrides with gcc
* Wed Jun 10 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-3
- fix issue on epel7 where linux/kcmp.h does not exist
* Mon Jun 8 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-2
- more fixes from gentoo
* Sun Jun 7 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-1
- update to 83.0.4103.97
* Tue Jun 2 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.61-1
- update to 83.0.4103.61
- conditionalize and disable remoting
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1837877 - CVE-2020-6465 chromium-browser: Use after free in reader mode
https://bugzilla.redhat.com/show_bug.cgi?id=1837877
[ 2 ] Bug #1837878 - CVE-2020-6466 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=1837878
[ 3 ] Bug #1837879 - CVE-2020-6467 chromium-browser: Use after free in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1837879
[ 4 ] Bug #1837880 - CVE-2020-6468 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1837880
[ 5 ] Bug #1837882 - CVE-2020-6470 chromium-browser: Insufficient validation of
untrusted input in clipboard
https://bugzilla.redhat.com/show_bug.cgi?id=1837882
[ 6 ] Bug #1837883 - CVE-2020-6471 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837883
[ 7 ] Bug #1837884 - CVE-2020-6472 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837884
[ 8 ] Bug #1837885 - CVE-2020-6473 chromium-browser: Insufficient policy enforcement in
Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1837885
[ 9 ] Bug #1837886 - CVE-2020-6474 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1837886
[ 10 ] Bug #1837887 - CVE-2020-6475 chromium-browser: Incorrect security UI in full
screen
https://bugzilla.redhat.com/show_bug.cgi?id=1837887
[ 11 ] Bug #1837888 - CVE-2020-6477 chromium-browser: Inappropriate implementation in
installer
https://bugzilla.redhat.com/show_bug.cgi?id=1837888
[ 12 ] Bug #1837889 - CVE-2020-6478 chromium-browser: Inappropriate implementation in
full screen
https://bugzilla.redhat.com/show_bug.cgi?id=1837889
[ 13 ] Bug #1837890 - CVE-2020-6480 chromium-browser: Insufficient policy enforcement in
enterprise
https://bugzilla.redhat.com/show_bug.cgi?id=1837890
[ 14 ] Bug #1837891 - CVE-2020-6481 chromium-browser: Insufficient policy enforcement in
URL formatting
https://bugzilla.redhat.com/show_bug.cgi?id=1837891
[ 15 ] Bug #1837892 - CVE-2020-6482 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837892
[ 16 ] Bug #1837893 - CVE-2020-6483 chromium-browser: Insufficient policy enforcement in
payments
https://bugzilla.redhat.com/show_bug.cgi?id=1837893
[ 17 ] Bug #1837894 - CVE-2020-6484 chromium-browser: Insufficient data validation in
ChromeDriver
https://bugzilla.redhat.com/show_bug.cgi?id=1837894
[ 18 ] Bug #1837896 - CVE-2020-6485 chromium-browser: Insufficient data validation in
media router
https://bugzilla.redhat.com/show_bug.cgi?id=1837896
[ 19 ] Bug #1837897 - CVE-2020-6486 chromium-browser: Insufficient policy enforcement in
navigations
https://bugzilla.redhat.com/show_bug.cgi?id=1837897
[ 20 ] Bug #1837898 - CVE-2020-6487 chromium-browser: Insufficient policy enforcement in
downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1837898
[ 21 ] Bug #1837899 - CVE-2020-6488 chromium-browser: Insufficient policy enforcement in
downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1837899
[ 22 ] Bug #1837900 - CVE-2020-6489 chromium-browser: Inappropriate implementation in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837900
[ 23 ] Bug #1837901 - CVE-2020-6490 chromium-browser: Insufficient data validation in
loader
https://bugzilla.redhat.com/show_bug.cgi?id=1837901
[ 24 ] Bug #1837902 - CVE-2020-6491 chromium-browser: Incorrect security UI in site
information
https://bugzilla.redhat.com/show_bug.cgi?id=1837902
[ 25 ] Bug #1837907 - CVE-2020-6469 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837907
[ 26 ] Bug #1837912 - CVE-2020-6476 chromium-browser: Insufficient policy enforcement in
tab strip
https://bugzilla.redhat.com/show_bug.cgi?id=1837912
[ 27 ] Bug #1837927 - CVE-2020-6479 chromium-browser: Inappropriate implementation in
sharing
https://bugzilla.redhat.com/show_bug.cgi?id=1837927
[ 28 ] Bug #1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=1840893
[ 29 ] Bug #1847268 - CVE-2020-6505 chromium-browser: Use after free in speech
https://bugzilla.redhat.com/show_bug.cgi?id=1847268
[ 30 ] Bug #1847269 - CVE-2020-6506 chromium-browser: Insufficient policy enforcement in
WebView
https://bugzilla.redhat.com/show_bug.cgi?id=1847269
[ 31 ] Bug #1847270 - CVE-2020-6507 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1847270
--------------------------------------------------------------------------------
================================================================================
lynis-3.0.0-1.el7 (FEDORA-EPEL-2020-c438b9fb89)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.0 (rhbz #1848716): fixes CVE-2020-13882 / CVE-2019-13033
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 20 2020 Othman Madjoudj Othman Madjoudj <athmane(a)fedoraproject.org> -
3.0.0-1
- Update to 3.0.0 (rhbz #1848716)
- Fixes CVE-2020-13882 / CVE-2019-13033
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1848716 - lynis-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1848716
--------------------------------------------------------------------------------
================================================================================
perl-IO-Interactive-1.022-11.el7 (FEDORA-EPEL-2020-3571f54368)
Utilities for interactive I/O
--------------------------------------------------------------------------------
Update Information:
This update brings you a new perl-IO-Interactive package which enables you
performing an interactive input/output operations.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1848459 - Add perl-IO-Interactive to EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1848459
--------------------------------------------------------------------------------
================================================================================
perl-Net-Amazon-S3-0.89-2.el7 (FEDORA-EPEL-2020-35cee7ddc8)
Use the Amazon Simple Storage Service (S3)
--------------------------------------------------------------------------------
Update Information:
This updates brings you a new perl-Net-Amazon-S3 package which enables you to
communicate with Amazon Simple Storage Service.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1842881 - Add perl-Net-Amazon-S3 to EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1842881
--------------------------------------------------------------------------------
================================================================================
perl-Term-ProgressBar-Quiet-0.31-17.el7 (FEDORA-EPEL-2020-3a7f9682a6)
Provide a progress meter if run interactively
--------------------------------------------------------------------------------
Update Information:
This update brings a new perl-Term-ProgressBar-Quiet package which provides a a
progress meter while using an input/output operations interactively.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1848458 - Add perl-Term-ProgressBar-Quiet to EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1848458
--------------------------------------------------------------------------------
================================================================================
perl-Term-ProgressBar-Simple-0.03-17.el7 (FEDORA-EPEL-2020-3bf3164a94)
Simpler progress bars
--------------------------------------------------------------------------------
Update Information:
This updates brings a new perl-Term-ProgressBar-Simple package which provides a
simple progress meter in Perl.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1848457 - Add perl-Term-ProgressBar-Simple to EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1848457
--------------------------------------------------------------------------------
================================================================================
python-blessed-1.17.8-2.el7 (FEDORA-EPEL-2020-265f88138e)
A thin, practical wrapper around terminal capabilities in Python
--------------------------------------------------------------------------------
Update Information:
Add EL7 pytest patch
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 19 2020 Avram Lubkin <aviso(a)rockhopper.net> - 1.17.8-2
- Add EL7 pytest patch
* Fri Jun 19 2020 Avram Lubkin <aviso(a)rockhopper.net> - 1.17.8-1
- Updated to 1.17.8
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 1.17.4-3
- Rebuilt for Python 3.9
--------------------------------------------------------------------------------
================================================================================
python-catkin_lint-1.6.9-1.el7 (FEDORA-EPEL-2020-da1fee9399)
Check catkin packages for common errors
--------------------------------------------------------------------------------
Update Information:
Update to the latest `catkin_lint` release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 22 2020 Scott K Logan <logans(a)cottsay.net> - 1.6.9-1
- Update to 1.6.9 (rhbz#1847827)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1847827 - python-catkin_lint-1.6.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1847827
--------------------------------------------------------------------------------
================================================================================
python-enlighten-1.6.0-2.el7 (FEDORA-EPEL-2020-234354b776)
Enlighten Progress Bar
--------------------------------------------------------------------------------
Update Information:
Update EL7 patch
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 20 2020 Avram Lubkin <aviso(a)rockhopper.net> - 1.6.0-2
- Update EL7 patch
* Fri Jun 19 2020 Avram Lubkin <aviso(a)rockhopper.net> - 1.6.0-1
- Update to 1.6.0
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 1.5.1-2
- Rebuilt for Python 3.9
--------------------------------------------------------------------------------
================================================================================
python-pluginlib-0.8.0-1.el7 (FEDORA-EPEL-2020-a8b5d0fd41)
A framework for creating and importing plugins in Python
--------------------------------------------------------------------------------
Update Information:
0.8.0 Release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 19 2020 Avram Lubkin <aviso(a)rockhopper.net> - 0.8.0-1
- 0.8.0 Release
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 0.7.0-2
- Rebuilt for Python 3.9
--------------------------------------------------------------------------------
================================================================================
python-regex-2020.6.8-2.el7 (FEDORA-EPEL-2020-43e6a45393)
Alternative regular expression module, to replace re
--------------------------------------------------------------------------------
Update Information:
Update to 2020.6.8.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 20 2020 Thomas Moschny <thomas.moschny(a)gmx.de> - 2020.6.8-2
- Update to 2020.6.8.
--------------------------------------------------------------------------------
================================================================================
rmlint-2.10.1-1.el7 (FEDORA-EPEL-2020-5a62eb02a6)
Finds space waste and other broken things on your filesystem
--------------------------------------------------------------------------------
Update Information:
Update to 2.10.1 (#1842300)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 20 2020 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 2.10.1-1
- Update to 2.10.1 (#1842300)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1842300 - rmlint-2.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1842300
--------------------------------------------------------------------------------
================================================================================
vim-trailing-whitespace-1.0-1.20191209git6b7cdec.el7 (FEDORA-EPEL-2020-32d80a2c2b)
Highlights trailing whitespace in red and provides :FixWhitespace to fix it
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1762755 - Review Request: vim-trailing-whitespace - Highlights trailing
whitespace in red and provides :FixWhitespace to fix it
https://bugzilla.redhat.com/show_bug.cgi?id=1762755
--------------------------------------------------------------------------------
================================================================================
znc-1.8.1-1.el7 (FEDORA-EPEL-2020-d749373a67)
An advanced IRC bouncer
--------------------------------------------------------------------------------
Update Information:
Update to 1.8.1 Fix CVE-2020-13775 possible crash/NULL pointer dereference
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 19 2020 Nick Bebout <nb(a)fedoraproject.org> - 1.8.1-1
- Update to 1.8.1
- Fix CVE-2020-13775 possible crash/NULL pointer dereference
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1842249 - znc-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1842249
--------------------------------------------------------------------------------