The following Fedora EPEL 7 Security updates need testing:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2f9004588a
chromium-87.0.4280.88-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-073e4862db
phpldapadmin-1.2.6.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
argparse-manpage-1.5-1.el7
clamav-unofficial-sigs-7.2.1-1.el7
dnscrypt-proxy2-2.0.44-2.el7
munin-2.0.65-2.el7
pngcheck-2.4.0-5.el7
python-templated-dictionary-1.1-1.el7
Details about builds:
================================================================================
argparse-manpage-1.5-1.el7 (FEDORA-EPEL-2020-bcd4eb4931)
Build manual page from Python ArgumentParser object
--------------------------------------------------------------------------------
Update Information:
epilog is dumped to COMMENTS sections
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 14 2020 Pavel Raiskup <praiskup(a)redhat.com> - 1.5-1
- new release
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 1.4-3
- Rebuilt for Python 3.9
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
clamav-unofficial-sigs-7.2.1-1.el7 (FEDORA-EPEL-2020-4adb09ac59)
Scripts to download unofficial clamav signatures
--------------------------------------------------------------------------------
Update Information:
Update to upstream. ---- Update to upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 14 2020 J��n ONDREJ (SAL) <ondrejj(at)salstar.sk> - 7.2.1-1
- Update to upstream.
* Mon Dec 7 2020 J��n ONDREJ (SAL) <ondrejj(at)salstar.sk> - 7.2-1
- Update to upstream.
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.0.1-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dnscrypt-proxy2-2.0.44-2.el7 (FEDORA-EPEL-2020-f9ae7c8d4b)
Flexible DNS proxy, with support for encrypted DNS protocols
--------------------------------------------------------------------------------
Update Information:
Use an override to specify sockets
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 14 2020 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 2.0.44-2
- Use an override to specify sockets
--------------------------------------------------------------------------------
================================================================================
munin-2.0.65-2.el7 (FEDORA-EPEL-2020-d51469fb3c)
Network-wide resource monitoring tool
--------------------------------------------------------------------------------
Update Information:
Re-add plugin state subdirs as Munin can't create them (SELinux denies).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 14 2020 Kim B. Heino <b(a)bbbs.net> - 2.0.65-2
- Add plugin-state subdirs for munin and root
--------------------------------------------------------------------------------
================================================================================
pngcheck-2.4.0-5.el7 (FEDORA-EPEL-2020-bc6881c4f5)
Verifies the integrity of PNG, JNG and MNG files
--------------------------------------------------------------------------------
Update Information:
Previous fix for buffer overrun printing the contents of the sPLT chunk in
certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly
fixed now. ---- Security fix for multiple buffer overflows from crafted file
input (RHBZ#1902786,1902806,1902810: no CVE yet assigned), and for buffer
overrun printing the contents of the sPLT chunk in certain malformed inputs
(RHBZ#1905775: no tracking bug or CVE yet assigned) ---- Fix null pointer
dereference in pngcheck when -f is given and the sCAL chunk is missing the pixel
height (RHBZ#1902730).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 14 2020 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.4.0-5
- Previous fix for buffer overrun printing the contents of the sPLT chunk in
certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly
fixed now.
* Sun Dec 13 2020 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.4.0-4
- Bounds-check all accesses into enumerated-value name arrays; a malformed file
could have caused a buffer overrun in several of these cases. (RHBZ#1902810)
- Fix buffer overrun when print_buffer() is passed a nonpositive size, which
can occur in practice for certain malformed inputs. (RHBZ#1902810)
- In some cases, the chunk length from the file data (sz) is used to index into
the read buffer without sufficient bounds-checking, leading to a buffer
overrun. Fix this for PPLT, hIST, sCAL, FRAM, SAVE, nEED, PAST, DISC, DROP,
DBYK, ORDR, and SEEK chunks. (RHBZ#1902810)
- Fix buffer overrun printing the contents of the sPLT chunk in certain
malformed inputs. (RHBZ#1905775)
- Backport fix for off-by-one bug in check_magic() from 3.0.0
- Backport fix for zlib version warnings going to stdout from 3.0.0
- Use name macro when referencing patches.
- Add BR on make in anticipation of
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot.
- New upstream version 2.4.0
- Added new license file for main package (same MIT-style license)
- Drop format-security patch, now upstreamed
- Use upstreamed man pages; no need to generate with help2man anymore
- Add rpmlintrc rules for -extras subpackage
- Add rpmlintrc file to suppress spurious rpmlint warnings
* Mon Nov 30 2020 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.3.0-5
- Fix null pointer dereference in pngcheck when -f is given and the sCAL chunk
is missing the pixel height.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1902806 - pngcheck: Multiple buffer overflows from crafted file input
https://bugzilla.redhat.com/show_bug.cgi?id=1902806
--------------------------------------------------------------------------------
================================================================================
python-templated-dictionary-1.1-1.el7 (FEDORA-EPEL-2020-6b516c40dc)
Dictionary with Jinja2 expansion
--------------------------------------------------------------------------------
Update Information:
new package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1899309 - Review Request: python-templated-dictionary - Dictionary with
Jinja2 expansion
https://bugzilla.redhat.com/show_bug.cgi?id=1899309
--------------------------------------------------------------------------------