The following Fedora EPEL 7 Security updates need testing:
Age URL
405
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
181
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294
cinnamon-3.6.7-5.el7
147
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
144
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
81
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897
dosbox-0.74.3-2.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5fce3c9dd9
bird-1.6.8-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3da69c71ad
bird2-2.0.6-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c9e955fd21
libebml-1.3.9-1.el7 libmatroska-1.5.2-1.el7 mkvtoolnix-37.0.0-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-57cf200dc6
seamonkey-2.49.5-2.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-330b323bb6
golang-1.13-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-81572ab529
chromium-77.0.3865.90-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-209b03a8a4
cryptopp-5.6.5-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
blis-0.6.0-4.el7
fctxpd-0.1-1.20190813gitc195e67.el7
git-secret-0.3.2-2.el7
mosh-1.3.2-1.el7
sympa-6.2.46-1.el7
xrdp-0.9.11-5.el7
znc-1.7.4-4.el7
Details about builds:
================================================================================
blis-0.6.0-4.el7 (FEDORA-EPEL-2019-7410520bec)
BLAS-like Library Instantiation Software Framework
--------------------------------------------------------------------------------
Update Information:
Update to the latest version to fix a potential security issue due to using
popen on ARM and to improve performance. libblis has a soname change due to
interface errors in the previous version, but the BLAS compatibility shims are
unaffected.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 11 2019 Dave love <loveshack(a)fedoraproject.org> - 0.6.0-4
- Patch to avoid popen (security)
- Replace patch1 with upstream change
* Sat Aug 17 2019 Dave love <loveshack(a)fedoraproject.org> - 0.6.0-3
- Patch out use of simd pragma
- Use devtoolset-8, not -6 on el6/7
- Fix dblat3 test
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.6.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jun 4 2019 Dave Love <loveshack(a)fedoraproject.org> - 0.6.0-1
- New version
* Thu Feb 14 2019 Dave Love <loveshack(a)fedoraproject.org> - 0.5.1-2
- Allow rebuilding for EPEL
- This version fixes #1674701
- Use -funsafe-math-optimizations
* Sun Feb 3 2019 Dave Love <loveshack(a)fedoraproject.org> - 0.5.1-1
- New version with soname bump
- arm/arm64 families removed
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.5.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Nov 8 2018 Dave Love <loveshack(a)fedoraproject.org> - 0.5.0-1
- New version
- Drop python3 patch
--------------------------------------------------------------------------------
================================================================================
fctxpd-0.1-1.20190813gitc195e67.el7 (FEDORA-EPEL-2019-b998644b53)
Fibrechannel transport daemon
--------------------------------------------------------------------------------
Update Information:
-No functional changes,just Licenses
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1735762 - Review Request: fctxpd - This daemon adds FC network intelligence
in host and host intelligence in FC network
https://bugzilla.redhat.com/show_bug.cgi?id=1735762
--------------------------------------------------------------------------------
================================================================================
git-secret-0.3.2-2.el7 (FEDORA-EPEL-2019-faaa86b6e4)
A bash-tool to store your private data inside a git repository
--------------------------------------------------------------------------------
Update Information:
remove sha256sum dependency as nothing provides it (in coreutils) ---- 0.3.2
upgrade, clarify sha256sum dependency
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 22 2019 Gergely Gombos <gombosg(a)gmail.com> 0.3.2-2
- remove sha256sum dependency as nothing provides it (in coreutils)
* Sun Sep 22 2019 Gergely Gombos <gombosg(a)gmail.com> 0.3.2-1
- 0.3.2 upgrade, clarify sha256sum dependency
--------------------------------------------------------------------------------
================================================================================
mosh-1.3.2-1.el7 (FEDORA-EPEL-2019-773b20234b)
Mobile shell that supports roaming and intelligent local echo
--------------------------------------------------------------------------------
Update Information:
Update to mosh 1.3.2
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 22 2019 Alex Chernyakhovsky <achernya(a)mit.edu> - 1.3.2-1
- Update to mosh 1.3.2
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 21 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 1.3.0-9
- Rebuild for protobuf 3.6
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Nov 29 2017 Igor Gnatenko <ignatenko(a)redhat.com> - 1.3.0-6
- Rebuild for protobuf 3.5
* Mon Nov 13 2017 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 1.3.0-5
- Rebuild for protobuf 3.4
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Jun 13 2017 Orion Poplawski <orion(a)cora.nwra.com> - 1.3.0-2
- Rebuild for protobuf 3.3.1
--------------------------------------------------------------------------------
================================================================================
sympa-6.2.46-1.el7 (FEDORA-EPEL-2019-9377672045)
Powerful multilingual List Manager
--------------------------------------------------------------------------------
Update Information:
- Rewritten data sources code.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2019 Xavier Bachelot <xavier(a)bachelot.org> 6.2.46-1
- Update to 6.2.46.
- Unbundle foundation-icons font.
- Add dependency on LWP::Protocol::https (RHBZ#1753111).
- Don't unbundle js-respond on EL8 (yet).
* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
6.2.44-3.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1753111 - LWP::Protocol::https missing in dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1753111
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.11-5.el7 (FEDORA-EPEL-2019-625e654909)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
- Make xrdp-selinux a weak dependency on versions that support them. - Drop
xrdp-selinux dependency completely on EPEL7. ---- Decouple xrdp from xorgxrdp,
causing repeated installation issues in RHEL.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2019 Bojan Smojver <bojan(a)rexurive.com> - 1:0.9.11-5
- Make xrdp-selinux a weak dependency on versions that support them.
- Drop xrdp-selinux dependency completely.
* Sun Sep 15 2019 Bojan Smojver <bojan(a)rexurive.com> - 1:0.9.11-3
- Decouple xrdp from xorgxrdp, causing repeated installation issues in RHEL.
* Tue Aug 27 2019 Bojan Smojver <bojan(a)rexurive.com> - 1:0.9.11-2
- Increment release for rebuild in F31.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1739176 - The xrdp RPM `posttrans` scriptlet fails on FIPS-enabled systems
https://bugzilla.redhat.com/show_bug.cgi?id=1739176
[ 2 ] Bug #1628115 - xrdp-chansrv crashes
https://bugzilla.redhat.com/show_bug.cgi?id=1628115
[ 3 ] Bug #1479835 - Xvnc backend disconnects when some data copied to clipboard
https://bugzilla.redhat.com/show_bug.cgi?id=1479835
[ 4 ] Bug #1410239 - Connects and auth OK, but does not start vncserver
https://bugzilla.redhat.com/show_bug.cgi?id=1410239
--------------------------------------------------------------------------------
================================================================================
znc-1.7.4-4.el7 (FEDORA-EPEL-2019-fc69ac0143)
An advanced IRC bouncer
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2019-12816
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 19 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.7.4-4
- Rebuilt for Python 3.8
* Mon Aug 19 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.7.4-3
- Rebuilt for Python 3.8
* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jul 5 2019 Nick Bebout <nb(a)fedoraproject.org> - 1.7.4-1
- Update to 1.7.4 to fix CVE-2019-12816
* Thu May 30 2019 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.7.3-2
- Perl 5.30 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1726159 - CVE-2019-12816 znc: invalid encoding leading to remote code
execution [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1726159
[ 2 ] Bug #1726160 - CVE-2019-12816 znc: invalid encoding leading to remote code
execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1726160
--------------------------------------------------------------------------------