The following Fedora EPEL 7 Security updates need testing: Age URL 467 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 209 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 206 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5fecd4c331 libmodbus-3.0.8-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d8f3c6a443 chromium-78.0.3904.97-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-58be818bb4 thunderbird-enigmail-2.1.3-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8a7207a341 libidn2-2.3.0-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aff200699c mingw-libidn2-2.3.0-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b1761c2898 imapfilter-2.6.15-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1a5ac407f8 jhead-3.04-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
clamav-0.101.5-1.el7 gammu-1.41.0-1.el7 opentrep-0.07.4-1.el7 pspg-2.6.0-1.el7
Details about builds:
================================================================================ clamav-0.101.5-1.el7 (FEDORA-EPEL-2019-d6b0a398c2) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information:
- Drop clamd@scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch release that addresses the following issues. - CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. - Added the zip scanning improvements found in v0.102.0 where it scans files using zip records from a sorted catalogue which provides deduplication of file records resulting in faster extraction and scan time and reducing the likelihood of alerting on non-malicious duplicate file entries as overlapping files. - Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. - Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. - Null-dereference fix in email parser when using the --gen-json metadata option. ---- Add TimeoutStartSec=420 to clamd@.service to match upstream -------------------------------------------------------------------------------- ChangeLog:
* Sat Nov 23 2019 Orion Poplawski orion@nwra.com - 0.101.5-1 - Update to 0.101.5 (CVE-2019-15961) (bz#1775550) * Mon Nov 18 2019 Orion Poplawski orion@nwra.com - 0.101.4-3 - Drop clamd@scan.service file (bz#1725810) - Change /var/run to /run * Mon Nov 18 2019 Orion Poplawski orion@nwra.com - 0.101.4-2 - Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1631525 - clamav: clamscan --get-json does not output JSON https://bugzilla.redhat.com/show_bug.cgi?id=1631525 [ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1775550 [ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives are deprecated https://bugzilla.redhat.com/show_bug.cgi?id=1725810 [ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd https://bugzilla.redhat.com/show_bug.cgi?id=1764835 --------------------------------------------------------------------------------
================================================================================ gammu-1.41.0-1.el7 (FEDORA-EPEL-2019-5c1d075f96) Command Line utility to work with mobile phones -------------------------------------------------------------------------------- Update Information:
New upstream release -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 27 2019 Fedora Release Monitoring release-monitoring@fedoraproject.org - 1.41.0-1 - Update to 1.41.0 (#1756318) * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 1.40.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Jun 14 2019 S��rgio Basto sergio@serjux.com - 1.40.0-1 - Update to 1.40.0 (#1670142) * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 1.39.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.39.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Jun 21 2018 S��rgio Basto sergio@serjux.com - 1.39.0-3 - Remove old udev rule nokiadku2 because use the unknown group pludev (#1592452) * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 1.39.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1756318 - gammu-1.41.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1756318 --------------------------------------------------------------------------------
================================================================================ opentrep-0.07.4-1.el7 (FEDORA-EPEL-2019-8252c50d83) C++ library providing a clean API for parsing travel-focused requests -------------------------------------------------------------------------------- Update Information:
Upgrade to upstream 0.07.4 -------------------------------------------------------------------------------- ChangeLog:
* Sun Nov 24 2019 Denis Arnaud denis.arnaud_fedora@m4x.org - 0.07.4-1 - Upstream update to 0.07.4 --------------------------------------------------------------------------------
================================================================================ pspg-2.6.0-1.el7 (FEDORA-EPEL-2019-1b5eb60c44) A unix pager optimized for psql -------------------------------------------------------------------------------- Update Information:
new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.6.0 ---- new upstream release -------------------------------------------------------------------------------- ChangeLog:
* Sun Nov 24 2019 Pavel Raiskup praiskup@redhat.com - 2.6.0-1 - new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.6.0 * Tue Nov 19 2019 Pavel Raiskup praiskup@redhat.com - 2.5.5-1 - new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.5.3 https://github.com/okbob/pspg/releases/tag/2.5.4 https://github.com/okbob/pspg/releases/tag/2.5.5 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1775977 - pspg-2.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1775977 [ 2 ] Bug #1768349 - pspg-2.5.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1768349 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org