The following Fedora EPEL 7 Security updates need testing:
Age URL
331
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
94
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-418a480529
gsi-openssh-6.6.1p1-3.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fb26e5cd3c
privoxy-3.0.23-3.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fca17abc84
p7zip-15.09-9.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-69b4d0e57c
prosody-0.9.10-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5aba523f53
phpMyAdmin-4.4.15.4-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a65d7ed780
python-pymongo-2.5.2-4.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-638137e4de
wordpress-4.4.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
copr-cli-1.47-1.el7
csmock-1.9.0-1.el7
cswrap-1.3.1-1.el7
diskimage-builder-1.9.0-2.el7
msgpuck-1.0.2-1.el7
pagure-1.0.1-1.el7
python-boto-2.39.0-1.el7
python-copr-1.65-1.el7
python-mwclient-0.8.0-2.el7
python-pymongo-2.5.2-4.el7
rabbitmq-server-3.3.5-16.el7
rubygem-arel-6.0.3-2.el7
rubygem-atomic-1.1.99-3.el7
rubygem-fakeweb-1.3.0-16.el7
rubygem-rails-observers-0.1.2-7.el7
sundials-2.6.2-15.el7
udiskie-1.4.7-1.el7
wordpress-4.4.2-1.el7
xlogin-0-0.1.20160114git97667d7.el7
Details about builds:
================================================================================
copr-cli-1.47-1.el7 (FEDORA-EPEL-2016-c11c38ade2)
Command line interface for COPR
--------------------------------------------------------------------------------
Update Information:
Bug fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1261125 - Use requests-toolbelt to upload srpms
https://bugzilla.redhat.com/show_bug.cgi?id=1261125
[ 2 ] Bug #1292033 - copr-cli ignores multiple package arguments if the first is a local
file
https://bugzilla.redhat.com/show_bug.cgi?id=1292033
[ 3 ] Bug #1298672 - copr-cli create raises TypeError
https://bugzilla.redhat.com/show_bug.cgi?id=1298672
[ 4 ] Bug #1298674 - copr-cli build hangs during upload
https://bugzilla.redhat.com/show_bug.cgi?id=1298674
[ 5 ] Bug #1302615 - UnboundLocalError: local variable 'bar' referenced before
assignment when building from URLs
https://bugzilla.redhat.com/show_bug.cgi?id=1302615
[ 6 ] Bug #1276105 - copr-cli 1.45 errors on el6
https://bugzilla.redhat.com/show_bug.cgi?id=1276105
[ 7 ] Bug #1299243 - RFE: New version of copr-cli (requires rebase of python-copr too)
https://bugzilla.redhat.com/show_bug.cgi?id=1299243
--------------------------------------------------------------------------------
================================================================================
csmock-1.9.0-1.el7 (FEDORA-EPEL-2016-986db304ef)
A mock wrapper for Static Analysis tools
--------------------------------------------------------------------------------
Update Information:
update to latest upstream
--------------------------------------------------------------------------------
================================================================================
cswrap-1.3.1-1.el7 (FEDORA-EPEL-2016-986db304ef)
Generic compiler wrapper
--------------------------------------------------------------------------------
Update Information:
update to latest upstream
--------------------------------------------------------------------------------
================================================================================
diskimage-builder-1.9.0-2.el7 (FEDORA-EPEL-2016-a827aadcfc)
Image building tools for OpenStack
--------------------------------------------------------------------------------
Update Information:
Switch to requires_exclude_from for all elements. ---- Update to 1.9.0
(#1300434) ---- New upstream release 1.8.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300434 - diskimage-builder-1.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1300434
--------------------------------------------------------------------------------
================================================================================
msgpuck-1.0.2-1.el7 (FEDORA-EPEL-2016-6066d67c0c)
MsgPack binary serialization library in a self-contained header
--------------------------------------------------------------------------------
Update Information:
Review fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295217 - Review Request: msgpuck - a MsgPack serialization library in a
self-contained header file
https://bugzilla.redhat.com/show_bug.cgi?id=1295217
--------------------------------------------------------------------------------
================================================================================
pagure-1.0.1-1.el7 (FEDORA-EPEL-2016-e2395a3f5c)
A git-centered forge
--------------------------------------------------------------------------------
Update Information:
Updates to the latest version of pagure: 1.0.1 beware this is a very large
update!
--------------------------------------------------------------------------------
================================================================================
python-boto-2.39.0-1.el7 (FEDORA-EPEL-2016-120cf6a8e1)
A simple, lightweight interface to Amazon Web Services
--------------------------------------------------------------------------------
Update Information:
This update fixes several bugs and adds support for the new ap-northeast-2 AWS
region. For more details, see the [full
changelog](http://boto.cloudhackers.com/en/latest/releasenotes/v2.39.0.html)
from upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300424 - Update python-boto to 2.39
https://bugzilla.redhat.com/show_bug.cgi?id=1300424
--------------------------------------------------------------------------------
================================================================================
python-copr-1.65-1.el7 (FEDORA-EPEL-2016-c11c38ade2)
Python interface for Copr
--------------------------------------------------------------------------------
Update Information:
Bug fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1261125 - Use requests-toolbelt to upload srpms
https://bugzilla.redhat.com/show_bug.cgi?id=1261125
[ 2 ] Bug #1292033 - copr-cli ignores multiple package arguments if the first is a local
file
https://bugzilla.redhat.com/show_bug.cgi?id=1292033
[ 3 ] Bug #1298672 - copr-cli create raises TypeError
https://bugzilla.redhat.com/show_bug.cgi?id=1298672
[ 4 ] Bug #1298674 - copr-cli build hangs during upload
https://bugzilla.redhat.com/show_bug.cgi?id=1298674
[ 5 ] Bug #1302615 - UnboundLocalError: local variable 'bar' referenced before
assignment when building from URLs
https://bugzilla.redhat.com/show_bug.cgi?id=1302615
[ 6 ] Bug #1276105 - copr-cli 1.45 errors on el6
https://bugzilla.redhat.com/show_bug.cgi?id=1276105
[ 7 ] Bug #1299243 - RFE: New version of copr-cli (requires rebase of python-copr too)
https://bugzilla.redhat.com/show_bug.cgi?id=1299243
--------------------------------------------------------------------------------
================================================================================
python-mwclient-0.8.0-2.el7 (FEDORA-EPEL-2016-da7c871350)
Mwclient is a client to the MediaWiki API
--------------------------------------------------------------------------------
Update Information:
This update provides the new release of python-mwclient. The major new feature
in this release is Python 3 compatibility, so a python3-mwclient subpackage is
added for Fedora releases (not yet for EPEL, as I'm waiting for the whole
question of how we're going to do Python 3 on EPEL to be nailed down). python-
mwclient is renamed to python2-mwclient, with appropriate Provides and
Obsoletes. There is one minor backwards compatibility break; `Page.save()`'s
behaviour has changed slightly, in that if you previously passed a section
number to `Page.text()`, it will not be used for a subsequent `Page.save()`
call. This change should not affect either of Fedora's packaged consumers
(parley and python-wikitcms). More details on this and the other changes in the
new release can be found in `RELEASE-NOTES.md`.
--------------------------------------------------------------------------------
================================================================================
python-pymongo-2.5.2-4.el7 (FEDORA-EPEL-2016-a65d7ed780)
Python driver for MongoDB
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2013-2099, CVE-2013-7440 ---- Security fix for
CVE-2013-2099, CVE-2013-7440
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1224999 - CVE-2013-7440 python: wildcard matching rules do not follow RFC
6125
https://bugzilla.redhat.com/show_bug.cgi?id=1224999
[ 2 ] Bug #963260 - CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with
specially crafted hostname wildcard patterns
https://bugzilla.redhat.com/show_bug.cgi?id=963260
--------------------------------------------------------------------------------
================================================================================
rabbitmq-server-3.3.5-16.el7 (FEDORA-EPEL-2016-91ea9cdd8a)
The RabbitMQ server
--------------------------------------------------------------------------------
Update Information:
* Don't wait for slave stop messages forever
--------------------------------------------------------------------------------
================================================================================
rubygem-arel-6.0.3-2.el7 (FEDORA-EPEL-2016-d57bbf594b)
Arel is a Relational Algebra for Ruby
--------------------------------------------------------------------------------
Update Information:
Updated for EPEL7
--------------------------------------------------------------------------------
================================================================================
rubygem-atomic-1.1.99-3.el7 (FEDORA-EPEL-2016-4a8680554f)
An atomic reference implementation for JRuby, Rubinius, and MRI
--------------------------------------------------------------------------------
Update Information:
Updated for EPEL7
--------------------------------------------------------------------------------
================================================================================
rubygem-fakeweb-1.3.0-16.el7 (FEDORA-EPEL-2016-f97eb2affc)
A tool for faking responses to HTTP requests
--------------------------------------------------------------------------------
Update Information:
Imported to EPEL
--------------------------------------------------------------------------------
================================================================================
rubygem-rails-observers-0.1.2-7.el7 (FEDORA-EPEL-2016-5cf1c13330)
Rails observer (removed from core in Rails 4.0)
--------------------------------------------------------------------------------
Update Information:
Bringing package to EPEL7
--------------------------------------------------------------------------------
================================================================================
sundials-2.6.2-15.el7 (FEDORA-EPEL-2016-15773dd3b8)
Suite of nonlinear solvers
--------------------------------------------------------------------------------
Update Information:
- Built on EPEL6 - Fix OpenMPI compilers - MPICH libraries enabled - Cmake's MPI
Fortran compiler test disabled - Included pkgconfig files for MPICH libraries
--------------------------------------------------------------------------------
================================================================================
udiskie-1.4.7-1.el7 (FEDORA-EPEL-2016-94cdd1ee09)
Removable disk auto-mounter
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release, with associated fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1264657 - Missing Requires: libnotify
https://bugzilla.redhat.com/show_bug.cgi?id=1264657
[ 2 ] Bug #1265867 - udiskie-1.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1265867
--------------------------------------------------------------------------------
================================================================================
wordpress-4.4.2-1.el7 (FEDORA-EPEL-2016-638137e4de)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.4.2 Security and Maintenance Release** WordPress 4.4.2 is now
available. This is a security release for all previous versions and we strongly
encourage you to update your sites immediately. WordPress versions 4.4.1 and
earlier are affected by two security issues: a possible SSRF for certain local
URIs, reported by Ronni Skansing; and an open redirection attack, reported by
Shailesh Suthar. Thank you to both reporters for practicing responsible
disclosure. In addition to the security issues above, WordPress 4.4.2 fixes 17
bugs from 4.4 and 4.4.1. For more information, see the [release
notes](https://codex.wordpress.org/Version_4.4.2) or consult the [list of
changes](https://core.trac.wordpress.org/query?milestone=4.4.2).
--------------------------------------------------------------------------------
================================================================================
xlogin-0-0.1.20160114git97667d7.el7 (FEDORA-EPEL-2016-39ef6d00d1)
Automatic X login service for systemd
--------------------------------------------------------------------------------
Update Information:
initial package, rhbz#1298715
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1298715 - Review Request: xlogin - Automatic X login service for systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1298715
--------------------------------------------------------------------------------