The following Fedora EPEL 7 Security updates need testing:
Age URL
84
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binut...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0399/polarssl-1....
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0465/mingw-jaspe...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0548/php-extras-...
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0564/pigz-2.3.3-...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0610/qpid-cpp-0....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0626/perl-Gtk2-1...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0647/roundcubema...
The following builds have been pushed to Fedora EPEL 7 updates-testing
beakerlib-1.10-2.el7
claws-mail-3.11.1-5.el7
claws-mail-plugins-3.11.1-3.el7
gstreamer1-vaapi-0.5.9-3.el7
libetpan-1.6-1.el7
libytnef-1.5-13.el7
minised-1.15-1.el7
notify-python-0.1.1-27.el7
perl-Fsdb-2.56-1.el7
perl-Gtk2-1.2495-1.el7
perl-MCE-1.600-1.el7
perl-Net-IP-CMatch-0.02-25.el7
pyhoca-gui-0.5.0.3-1.el7
python-x2go-0.5.0.2-1.el7
roundcubemail-1.0.5-1.el7
s3cmd-1.5.1.2-4.el7
wgrib2-2.0.1-3.el7
xloadimage-4.1-18.el7
Details about builds:
================================================================================
beakerlib-1.10-2.el7 (FEDORA-EPEL-2015-0632)
A shell-level integration testing library
--------------------------------------------------------------------------------
Update Information:
remount if mounting already mounted mount point with options,
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2015 Dalibor Pospisil <dapospis(a)redhat.com> - 1.10-2
- remount if mounting already mounted mount point with options,
fixes bug 1173623
--------------------------------------------------------------------------------
================================================================================
claws-mail-3.11.1-5.el7 (FEDORA-EPEL-2014-3841)
Email client and news reader based on GTK+
--------------------------------------------------------------------------------
Update Information:
New EPEL7 release for claws-mail
--------------------------------------------------------------------------------
================================================================================
claws-mail-plugins-3.11.1-3.el7 (FEDORA-EPEL-2014-3841)
Additional plugins for Claws Mail
--------------------------------------------------------------------------------
Update Information:
New EPEL7 release for claws-mail
--------------------------------------------------------------------------------
================================================================================
gstreamer1-vaapi-0.5.9-3.el7 (FEDORA-EPEL-2015-0638)
GStreamer plugins to use VA API video acceleration
--------------------------------------------------------------------------------
Update Information:
Filter out encoder and decoder Provides
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 3 2015 Simon Farnsworth <simon(a)farnz.org.uk> - 0.5.9-3
- Filter out encoder and decoder Provides
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164508 - [abrt] totem: isDRI2Connected(): totem-video-thumbnailer killed by
SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1164508
--------------------------------------------------------------------------------
================================================================================
libetpan-1.6-1.el7 (FEDORA-EPEL-2014-3841)
Portable, efficient middle-ware for different kinds of mail access
--------------------------------------------------------------------------------
Update Information:
New EPEL7 release for claws-mail
--------------------------------------------------------------------------------
================================================================================
libytnef-1.5-13.el7 (FEDORA-EPEL-2014-3841)
TNEF Stream Parser Library
--------------------------------------------------------------------------------
Update Information:
New EPEL7 release for claws-mail
--------------------------------------------------------------------------------
================================================================================
minised-1.15-1.el7 (FEDORA-EPEL-2015-0625)
A smaller, cheaper, faster SED implementation
--------------------------------------------------------------------------------
Update Information:
The 1.15 version fixes some Kleene star operator relates bugs and
includes some code cleanups.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 20 2015 Christopher Meng <rpm(a)cicku.me> - 1.15-1
- Update to 1.15
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150999 - minised-1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1150999
--------------------------------------------------------------------------------
================================================================================
notify-python-0.1.1-27.el7 (FEDORA-EPEL-2014-4400)
Python bindings for libnotify
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1185491 - Please branch and build notify-python for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1185491
--------------------------------------------------------------------------------
================================================================================
perl-Fsdb-2.56-1.el7 (FEDORA-EPEL-2015-0648)
A set of commands for manipulating flat-text databases from the shell
--------------------------------------------------------------------------------
Update Information:
See
http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 3 2015 John Heidemann <johnh(a)isi.edu> 2.56-1
- See
http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1188538 - perl-Fsdb-2.55-1.fc22 FTBFS: t/test_command.t tests fail
https://bugzilla.redhat.com/show_bug.cgi?id=1188538
--------------------------------------------------------------------------------
================================================================================
perl-Gtk2-1.2495-1.el7 (FEDORA-EPEL-2015-0626)
Perl interface to the 2.x series of the Gimp Toolkit library
--------------------------------------------------------------------------------
Update Information:
Update to 1.2495 to resolve an incorrect memory management issue in
Gtk2::Gdk::Display::list_devices, which can potentially lead to arbitrary code execution.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2015 Tom Callaway <spot(a)fedoraproject.org> - 1.2495-1
- update to 1.2495
* Mon Jan 5 2015 Tom Callaway <spot(a)fedoraproject.org> - 1.2494-1
- update to 1.2494
* Wed Dec 10 2014 Tom Callaway <spot(a)fedoraproject.org> - 1.2493-1
- update to 1.2493
* Mon Sep 1 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.2492-3
- Perl 5.20 rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.2492-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1188219 - perl-Gtk2: incorrect memory management in
Gtk2::Gdk::Display::list_devices
https://bugzilla.redhat.com/show_bug.cgi?id=1188219
--------------------------------------------------------------------------------
================================================================================
perl-MCE-1.600-1.el7 (FEDORA-EPEL-2015-0628)
Many-core Engine for Perl providing parallel processing capabilities
--------------------------------------------------------------------------------
Update Information:
A new enhancement and bugfix release of MCE is available. See
http://cpansearch.perl.org/src/MARIOROY/MCE-1.600/CHANGES for the summary of changes in
this release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2015 Petr Šabata <contyk(a)redhat.com> - 1.600-1
- 1.600 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1188820 - perl-MCE-1.600 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1188820
--------------------------------------------------------------------------------
================================================================================
perl-Net-IP-CMatch-0.02-25.el7 (FEDORA-EPEL-2015-0627)
Efficiently match IP addresses against IP ranges with C
--------------------------------------------------------------------------------
Update Information:
Net::IP::CMatch is based upon, and does the same thing as Net::IP::Match. The
unconditionally exported subroutine 'match_ip' determines if the IP to match
(first argument) matches any of the subsequent IP arguments. Match arguments
may be absolute quads, as '127.0.0.1', or contain mask bits as
'111.245.76.248/29'. A true return value indicates a match. It was written in
C, rather than a macro, preprocessed through perl's source filter mechanism
(as is Net::IP::Match), so that the IP arguments could be traditional perl
scalars. The C code is lean and mean (IMHO).
--------------------------------------------------------------------------------
================================================================================
pyhoca-gui-0.5.0.3-1.el7 (FEDORA-EPEL-2014-4400)
Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Orion Poplawski <orion(a)cora.nwra.com> - 0.5.0.3-1
- Update to 0.5.0.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1185491 - Please branch and build notify-python for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1185491
--------------------------------------------------------------------------------
================================================================================
python-x2go-0.5.0.2-1.el7 (FEDORA-EPEL-2014-4400)
Python module providing X2Go client API
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Orion Poplawski <orion(a)cora.nwra.com> - 0.5.0.2-1
- Update to 0.5.0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1185491 - Please branch and build notify-python for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1185491
--------------------------------------------------------------------------------
================================================================================
roundcubemail-1.0.5-1.el7 (FEDORA-EPEL-2015-0647)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version.
http://roundcube.net/news/2015/01/24/security-update-1.0.5/
http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5
http://trac.roundcube.net/ticket/1490227
CVE request:
http://www.openwall.com/lists/oss-security/2015/01/31/3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 5 2015 Jon Ciesla <limburgher(a)gmail.com> - 1.0.5-1
- Fix for security issues.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1188203 - CVE-2015-1433 roundcubemail: crooss-site scripting in style
attribute handling [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1188203
[ 2 ] Bug #1188202 - CVE-2015-1433 roundcubemail: crooss-site scripting in style
attribute handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1188202
--------------------------------------------------------------------------------
================================================================================
s3cmd-1.5.1.2-4.el7 (FEDORA-EPEL-2015-0637)
Tool for accessing Amazon Simple Storage Service
--------------------------------------------------------------------------------
Update Information:
upstream 1.5.1.2, mostly bug fixes
upstream 1.5.0 final
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2015 Matt Domsch <mdomsch(a)fedoraproject.org> - 1.5.1.2-4
- upstream 1.5.1.2, mostly bug fixes
- remove ez_setup, add dependency on python-setuptools
* Mon Jan 12 2015 Matt Domsch <mdomsch(a)fedoraproject.org> - 1.5.0-1
- upstream 1.5.0 final
--------------------------------------------------------------------------------
================================================================================
wgrib2-2.0.1-3.el7 (FEDORA-EPEL-2015-0643)
Manipulate, inventory and decode GRIB2 files
--------------------------------------------------------------------------------
Update Information:
Enable PNG and JPEG2000 support (bug #1159591)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 2 2014 Orion Poplawski <orion(a)cora.nwra.com> - 2.0.1-3
- Enable PNG and JPEG2000 support (bug #1159591)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xloadimage-4.1-18.el7 (FEDORA-EPEL-2015-0635)
Image viewer and processor
--------------------------------------------------------------------------------
Update Information:
Build xloadimage for EPEL7.
--------------------------------------------------------------------------------