The following Fedora EPEL 7 Security updates need testing: Age URL 317 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 93 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294 cinnamon-3.6.7-5.el7 86 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd afflib-3.7.18-2.el7 59 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 57 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 29 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-fc63c75ab1 hostapd-2.8-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-24edff97c6 php-brumann-polyfill-unserialize-1.0.3-1.el7 php-typo3-phar-stream-wrapper2-2.1.2-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f428efb17c drupal7-uuid-1.3-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-193cafec2e GraphicsMagick-1.3.32-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-7a3942050d nodejs-6.17.1-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-a7d80aae2a pdns-4.1.10-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-75.0.3770.100-2.el7 git-cola-3.4-1.el7 libuv-1.30.0-1.el7 python-dns-lexicon-3.2.8-1.el7 python-josepy-1.1.0-9.el7 python-krbcontext-0.9-1.el7 python-mwclient-0.9.3-3.el7 stlink-1.5.1-0.3.20190606git84f63d2.el7
Details about builds:
================================================================================ chromium-75.0.3770.100-2.el7 (FEDORA-EPEL-2019-b94f559810) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information:
Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :( Fixes CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 25 2019 Tom Callaway spot@fedoraproject.org - 75.0.3770.100-2 - fix v8 compile with gcc * Thu Jun 20 2019 Tom Callaway spot@fedoraproject.org - 75.0.3770.100-1 - update to 75.0.3770.100 * Fri Jun 14 2019 Tom Callaway spot@fedoraproject.org - 75.0.3770.90-1 - update to 75.0.3770.90 * Wed Jun 5 2019 Tom Callaway spot@fedoraproject.org - 75.0.3770.80-1 - update to 75.0.3770.80 - disable vaapi (via conditional), too broken * Fri May 31 2019 Tom Callaway spot@fedoraproject.org - 74.0.3729.169-1 - update to 74.0.3729.169 * Thu Apr 11 2019 Tom Callaway spot@fedoraproject.org - 73.0.3683.103-1 - update to 73.0.3683.103 - add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1718269 - CVE-2019-5840 chromium-browser: Popup blocker bypass https://bugzilla.redhat.com/show_bug.cgi?id=1718269 [ 2 ] Bug #1718268 - CVE-2019-5839 chromium-browser: Incorrect handling of certain code points in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1718268 [ 3 ] Bug #1718267 - CVE-2019-5838 chromium-browser: Overly permissive tab access in Extensions https://bugzilla.redhat.com/show_bug.cgi?id=1718267 [ 4 ] Bug #1718266 - CVE-2019-5837 chromium-browser: Cross-origin resources size disclosure in Appcache https://bugzilla.redhat.com/show_bug.cgi?id=1718266 [ 5 ] Bug #1718264 - CVE-2019-5836 chromium-browser: Heap buffer overflow in Angle https://bugzilla.redhat.com/show_bug.cgi?id=1718264 [ 6 ] Bug #1718263 - CVE-2019-5835 chromium-browser: Out of bounds read in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=1718263 [ 7 ] Bug #1718262 - CVE-2019-5834 chromium-browser: URL spoof in Omnibox on iOS https://bugzilla.redhat.com/show_bug.cgi?id=1718262 [ 8 ] Bug #1718261 - CVE-2019-5833 chromium-browser: Inconsistent security UI placement https://bugzilla.redhat.com/show_bug.cgi?id=1718261 [ 9 ] Bug #1718260 - CVE-2019-5832 chromium-browser: Incorrect CORS handling in XHR https://bugzilla.redhat.com/show_bug.cgi?id=1718260 [ 10 ] Bug #1718259 - CVE-2019-5831 chromium-browser: Incorrect map processing in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1718259 [ 11 ] Bug #1718258 - CVE-2019-5830 chromium-browser: Incorrectly credentialed requests in CORS https://bugzilla.redhat.com/show_bug.cgi?id=1718258 [ 12 ] Bug #1718257 - CVE-2019-5829 chromium-browser: Use after free in Download Manager https://bugzilla.redhat.com/show_bug.cgi?id=1718257 [ 13 ] Bug #1718256 - CVE-2019-5828 chromium-browser: Use after free in ServiceWorker https://bugzilla.redhat.com/show_bug.cgi?id=1718256 [ 14 ] Bug #1707248 - CVE-2019-5826 chromium-browser: Use-after-free in IndexedDB https://bugzilla.redhat.com/show_bug.cgi?id=1707248 [ 15 ] Bug #1707247 - CVE-2019-5825 chromium-browser: Out-of-bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1707247 [ 16 ] Bug #1702913 - CVE-2019-5823 chromium-browser: Forced navigation from service worker https://bugzilla.redhat.com/show_bug.cgi?id=1702913 [ 17 ] Bug #1702912 - CVE-2019-5822 chromium-browser: CORS bypass in download manager https://bugzilla.redhat.com/show_bug.cgi?id=1702912 [ 18 ] Bug #1702911 - CVE-2019-5821 chromium-browser: Integer overflow in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1702911 [ 19 ] Bug #1702910 - CVE-2019-5820 chromium-browser: Integer overflow in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1702910 [ 20 ] Bug #1702909 - CVE-2019-5819 chromium-browser: Incorrect escaping in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1702909 [ 21 ] Bug #1702908 - CVE-2019-5818 chromium-browser: Uninitialized value in media reader https://bugzilla.redhat.com/show_bug.cgi?id=1702908 [ 22 ] Bug #1702907 - CVE-2019-5817 chromium-browser: Heap buffer overflow in Angle on Windows https://bugzilla.redhat.com/show_bug.cgi?id=1702907 [ 23 ] Bug #1702906 - CVE-2019-5816 chromium-browser: Exploit persistence extension on Android https://bugzilla.redhat.com/show_bug.cgi?id=1702906 [ 24 ] Bug #1702905 - CVE-2019-5815 chromium-browser: Heap buffer overflow in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1702905 [ 25 ] Bug #1702904 - CVE-2019-5814 chromium-browser: CORS bypass in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1702904 [ 26 ] Bug #1702903 - CVE-2019-5813 chromium-browser: Out of bounds read in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1702903 [ 27 ] Bug #1702902 - CVE-2019-5812 chromium-browser: URL spoof in Omnibox on iOS https://bugzilla.redhat.com/show_bug.cgi?id=1702902 [ 28 ] Bug #1702901 - CVE-2019-5811 chromium-browser: CORS bypass in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1702901 [ 29 ] Bug #1702900 - CVE-2019-5810 chromium-browser: User information disclosure in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=1702900 [ 30 ] Bug #1702899 - CVE-2019-5809 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1702899 [ 31 ] Bug #1702898 - CVE-2019-5808 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1702898 [ 32 ] Bug #1702897 - CVE-2019-5807 chromium-browser: Memory corruption in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1702897 [ 33 ] Bug #1702896 - CVE-2019-5806 chromium-browser: Integer overflow in Angle https://bugzilla.redhat.com/show_bug.cgi?id=1702896 [ 34 ] Bug #1702895 - CVE-2019-5805 chromium-browser: Use after free in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1702895 --------------------------------------------------------------------------------
================================================================================ git-cola-3.4-1.el7 (FEDORA-EPEL-2019-0901e336dc) A sleek and powerful git GUI -------------------------------------------------------------------------------- Update Information:
update to version 3.4 ---- update to version 3.3 ---- update to git-cola 3.2 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 28 2019 Oliver Haessler oliver@redhat.com - 3.4-1 - Update to 3.4 * Mon Feb 4 2019 Oliver Haessler oliver@redhat.com - 3.3-1 - Update to 3.3 * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Jan 8 2019 Oliver Haessler oliver@redhat.com - 3.2-1 - Update to 3.2 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 2.10-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 2.10-5 - Rebuilt for Python 3.7 * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 2.10-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering releng@fedoraproject.org - 2.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering releng@fedoraproject.org - 2.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1720988 - git-cola-3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1720988 [ 2 ] Bug #1671646 - [abrt] git-cola: _check_arg_types(): genericpath.py:149:_check_arg_types:TypeError: join() argument must be str or bytes, not 'NoneType' https://bugzilla.redhat.com/show_bug.cgi?id=1671646 [ 3 ] Bug #1670143 - [abrt] git-cola: _check_arg_types(): genericpath.py:149:_check_arg_types:TypeError: join() argument must be str or bytes, not 'NoneType' https://bugzilla.redhat.com/show_bug.cgi?id=1670143 [ 4 ] Bug #1669436 - [abrt] git-cola: _execute_child(): git.py:323:git:NameError: name 'WIN32' is not defined https://bugzilla.redhat.com/show_bug.cgi?id=1669436 [ 5 ] Bug #1672000 - git-cola-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1672000 [ 6 ] Bug #1555766 - git-cola: FTBFS in F28 https://bugzilla.redhat.com/show_bug.cgi?id=1555766 [ 7 ] Bug #1440743 - git-cola-3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1440743 --------------------------------------------------------------------------------
================================================================================ libuv-1.30.0-1.el7 (FEDORA-EPEL-2019-33b28a1b66) Platform layer for node.js -------------------------------------------------------------------------------- Update Information:
Update to libuv 1.30.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 27 2019 Stephen Gallagher sgallagh@redhat.com - 1.30.0-1 - Update to 1.30.0 - https://github.com/libuv/libuv/blob/v1.30.0/ChangeLog -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1724703 - libuv-1.30.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1724703 --------------------------------------------------------------------------------
================================================================================ python-dns-lexicon-3.2.8-1.el7 (FEDORA-EPEL-2019-cc556afbee) Manipulate DNS records on various DNS providers in a standardized/agnostic way -------------------------------------------------------------------------------- Update Information:
Update to 3.2.8. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 27 2019 Eli Young elyscape@gmail.com - 3.2.8-1 - Update to 3.2.8 (#1722190) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1722190 - python-dns-lexicon-3.2.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1722190 --------------------------------------------------------------------------------
================================================================================ python-josepy-1.1.0-9.el7 (FEDORA-EPEL-2019-c675213c72) JOSE protocol implementation in Python -------------------------------------------------------------------------------- Update Information:
Split docs to separate package -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 27 2019 Eli Young elyscape@gmail.com - 1.1.0-9 - Split docs to separate package (#1700273) * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 1.1.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Dec 13 2018 Eli Young elyscape@gmail.com - 1.1.0-7 - Remove Python 2 package in Fedora 30+ (#1658534) * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 1.1.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon Jul 2 2018 Eli Young elyscape@gmail.com - 1.1.0-5 - Enable tests * Mon Jul 2 2018 Miro Hron��ok mhroncok@redhat.com - 1.1.0-4 - Rebuilt for Python 3.7 * Fri Jun 29 2018 Eli Young elyscape@gmail.com - 1.1.0-3 - Use available python2 metapackages for EPEL7 - Specify binary name for sphinx-build - Fix permissions on man files * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 1.1.0-2 - Rebuilt for Python 3.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1700273 - python3-josepy-1.1.0-8.fc30 has file conflicts with python2-josepy-1.1.0-6.fc29 https://bugzilla.redhat.com/show_bug.cgi?id=1700273 --------------------------------------------------------------------------------
================================================================================ python-krbcontext-0.9-1.el7 (FEDORA-EPEL-2019-a7727fe4aa) A Kerberos context manager -------------------------------------------------------------------------------- Update Information:
- Fix .travis.yml to use Python 3.7 (Chenxiong Qi) - Update docs/source/conf.py to read package info properly (Chenxiong Qi) - Add Python 3.7 to and remove Python 3.5 from TravisCI (Chenxiong Qi) - Update scripts (Chenxiong Qi) - Ignore more directories from git (Chenxiong Qi) - Remove testenv py34 and py35 (Chenxiong Qi) - Add testenv py37 (Chenxiong Qi) - Fix typo in comment (Chenxiong Qi) - Fix renewing expired FILE ccache (Michael Simacek) - Remove flake8 from BuildRequires from SPEC (Chenxiong Qi) -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 27 2019 Chenxiong Qi cqi@redhat.com - 0.9-1 - Build release version 0.9 * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 0.8-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Oct 17 2018 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 0.8-7 - Subpackage python2-krbcontext has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 0.8-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 0.8-5 - Rebuilt for Python 3.7 * Mon Feb 12 2018 Iryna Shcherbina ishcherb@redhat.com - 0.8-4 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 0.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ python-mwclient-0.9.3-3.el7 (FEDORA-EPEL-2019-0406490dad) Mwclient is a client to the MediaWiki API -------------------------------------------------------------------------------- Update Information:
This update drops the dependency on and use of pep8, which is being retired in Rawhide. It was only used to run a lint check during package build; there should be no functional changes in this update. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 26 2019 Adam Williamson awilliam@redhat.com - 0.9.3-3 - Backport a few patches to remove use of pep8 (being retired) - Only BuildRequire pytest-cache on EL7, it is part of pytest since * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 0.9.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Nov 23 2018 Adam Williamson awilliam@redhat.com - 0.9.3-1 - New release 0.9.3 - Disable Python 2 build on F30+ / RHEL 8+ --------------------------------------------------------------------------------
================================================================================ stlink-1.5.1-0.3.20190606git84f63d2.el7 (FEDORA-EPEL-2019-dd82fe96f2) STM32 discovery line Linux programmer -------------------------------------------------------------------------------- Update Information:
Update to latest git. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 27 2019 Vasiliy N. Glazov vascom2@gmail.com - 1.5.1-0.3.20190606git84f63d2 - Update to latest git --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org