The following Fedora EPEL 7 Security updates need testing:
Age URL
359
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
121
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5748740371
qt-creator-3.5.1-2.el7 botan-1.10.12-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8c727601c5
libebml-1.3.3-3.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e79091a3b8
ReviewBoard-2.5.3-1.el7 python-djblets-0.9.1-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6dc46a554e
libssh-0.6.5-2.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b23b791a7e
drupal7-7.43-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1613bc2a80
php-htmLawed-1.1.21-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-07b9ae23da
qpid-cpp-0.34-6.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
awstats-7.4-1.el7
babeltrace-1.2.4-3.el7
bugyou-0.2-1.el7
bugyou_plugins-0.1-2.el7
clustershell-1.7.1-1.el7
epel-rpm-macros-7-7
letsencrypt-0.4.1-1.el7
lighttpd-1.4.39-3.el7
lttng-ust-2.4.1-1.el7
mockito-1.10.19-20.el7
ola-0.10.1-1.el7
php-htmLawed-1.1.21-1.el7
php-symfony-2.7.10-1.el7
php-udan11-sql-parser-3.4.0-1.el7
python-acme-0.4.1-1.el7
python-fedmsg-meta-fedora-infrastructure-0.15.9-1.el7
python-mwclient-0.8.1-2.el7
python-pyngus-2.0.3-2.el7
python-unicodecsv-0.14.1-4.el7
qpid-cpp-0.34-6.el7
qpid-dispatch-0.5-2.el7
qpid-proton-0.12.0-1.el7
rubygem-qpid_proton-0.12.0-1.el7
salt-2015.5.9-5.el7
ustl-2.3-2.el7
xiphos-4.0.4-4.el7
xrootd-4.3.0-1.el7
Details about builds:
================================================================================
awstats-7.4-1.el7 (FEDORA-EPEL-2016-0dde11ab63)
Advanced Web Statistics
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest stable release 7.4
--------------------------------------------------------------------------------
================================================================================
babeltrace-1.2.4-3.el7 (FEDORA-EPEL-2016-8c74b0b27f)
Trace Viewer and Converter, mainly for the Common Trace Format
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1235466 - [RFE] build babeltrace for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1235466
--------------------------------------------------------------------------------
================================================================================
bugyou-0.2-1.el7 (FEDORA-EPEL-2016-e53437451e)
Automatic Bug Reporting Tool
--------------------------------------------------------------------------------
Update Information:
Release 0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1284638 - Review Request: bugyou - An Automatic Bug Reporting Tool
https://bugzilla.redhat.com/show_bug.cgi?id=1284638
--------------------------------------------------------------------------------
================================================================================
bugyou_plugins-0.1-2.el7 (FEDORA-EPEL-2016-049e8bb10b)
Plugins for Bugyou
--------------------------------------------------------------------------------
Update Information:
Add missing dependency, python-libpagure ---- Initial packaging.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1309782 - Review Request: bugyou_plugins - Plugins and Services for Bugyou
https://bugzilla.redhat.com/show_bug.cgi?id=1309782
--------------------------------------------------------------------------------
================================================================================
clustershell-1.7.1-1.el7 (FEDORA-EPEL-2016-fa8c23091c)
Python framework for efficient cluster administration
--------------------------------------------------------------------------------
Update Information:
* update to 1.7.1
--------------------------------------------------------------------------------
================================================================================
epel-rpm-macros-7-7 (FEDORA-EPEL-2016-c9cfaac281)
Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:
Added some mono macros.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295117 - Adding mono macros
https://bugzilla.redhat.com/show_bug.cgi?id=1295117
--------------------------------------------------------------------------------
================================================================================
letsencrypt-0.4.1-1.el7 (FEDORA-EPEL-2016-60b4a06040)
A free, automated certificate authority client
--------------------------------------------------------------------------------
Update Information:
Updated to 0.4.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1313333 - letsencrypt-0.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1313333
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.39-3.el7 (FEDORA-EPEL-2016-a0986c5a91)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
Restore defaultconf patch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1310036 - Wrong Server_root
https://bugzilla.redhat.com/show_bug.cgi?id=1310036
--------------------------------------------------------------------------------
================================================================================
lttng-ust-2.4.1-1.el7 (FEDORA-EPEL-2016-200bd827c6)
LTTng Userspace Tracer library
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1235461 - [RFE] build lttng-ust for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1235461
--------------------------------------------------------------------------------
================================================================================
mockito-1.10.19-20.el7 (FEDORA-EPEL-2016-c06b6acb7d)
A Java mocking framework
--------------------------------------------------------------------------------
Update Information:
Update mockito to 1.10.19 to get latest bugfixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110030 - mockito - please provide EL6 and EL7 versions in EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1110030
--------------------------------------------------------------------------------
================================================================================
ola-0.10.1-1.el7 (FEDORA-EPEL-2016-3021d4749e)
Open Lighting Architecture
--------------------------------------------------------------------------------
Update Information:
Minor upstream revision Full changelog:
https://github.com/OpenLightingProject/ola/releases/tag/0.10.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312985 - ola-0.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1312985
--------------------------------------------------------------------------------
================================================================================
php-htmLawed-1.1.21-1.el7 (FEDORA-EPEL-2016-1613bc2a80)
PHP code to purify and filter HTML
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.21** - 27 February 2016. * Improvement and security fix in
transforming 'font' element.
--------------------------------------------------------------------------------
================================================================================
php-symfony-2.7.10-1.el7 (FEDORA-EPEL-2016-3661e47ae0)
PHP framework for web projects
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.10** (2016-02-28) * bug #17947 Fix - #17676 (backport #17919 to
2.3) (Ocramius) * bug #17942 Fix bug when using an private aliased factory
service (WouterJ) * bug #17798 [Form] Fix BC break by allowing 'choice_label'
option to be 'false' in ChoiceType (HeahDude) * bug #17542 ChoiceFormField of
type "select" could be "disabled" (bouland) * bug #17602
[HttpFoundation] Fix
BinaryFileResponse incorrect behavior with if-range header (bburnichon) * bug
#17760 [Form] fix choice value "false" in ChoiceType (HeahDude) * bug #17914
[Console] Fix escaping of trailing backslashes (nicolas-grekas) * bug #17074
Fix constraint validator alias being required (Triiistan) * bug #17866
[DependencyInjection] replace alias in factories (xabbuh) * bug #17867
[DependencyInjection] replace alias in factory services (xabbuh) * bug #17569
[FrameworkBundle] read commands from bundles when accessing list (havvg) * bug
#16987 [FileSystem] Windows fix (flip111) * bug #17787 [Form] Fix choice
placeholder edge cases (Tobion) * bug #17835 [Yaml] fix default timezone to be
UTC (xabbuh) * bug #17823 [DependencyInjection] fix dumped YAML string (xabbuh)
* bug #17818 [Console] InvalidArgumentException is thrown under wrong condition
(robinkanters) * bug #17819 [HttpKernel] Prevent a fatal error when
DebugHandlersListener is used with a kernel with no terminateWithException()
method (jakzal) * bug #17814 [DependencyInjection] fix dumped YAML snytax
(xabbuh) * bug #17099 [Form] Fixed violation mapping if multiple forms are
using the same (or part of the same) property path (alekitto) * bug #17694
[DoctrineBridge] [Form] fix choice_value in EntityType (HeahDude) * bug #17719
[DependencyInjection] fixed exceptions thrown by get method of ContainerBuilder
(lukaszmakuch) * bug #17742 [DependencyInjection] Fix #16461 Container::set()
replace aliases (mnapoli) * bug #17745 Added more exceptions to singularify
method (javiereguiluz) * bug #17691 Fixed (string) catchable fatal error for
PHP Incomplete Class instances (yceruto) * bug #17766 Fixed (string) catchable
fatal error for PHP Incomplete Class instances (yceruto) * bug #17757
[HttpFoundation] BinaryFileResponse sendContent return as parent. (2.3)
(SpacePossum) * bug #17702 [TwigBridge] forward compatibility with Yaml 3.1
(xabbuh) * bug #17672 [DependencyInjection][Routing] add files used in
FileResource objects (xabbuh) * bug #17600 Fixed the Bootstrap form theme for
inlined checkbox/radio (javiereguiluz) * bug #17596 [Translation] Add resources
from fallback locale to parent catalogue (c960657) * bug #17605
[FrameworkBundle] remove default null value for asset version (xabbuh) * bug
#17606 [DependencyInjection] pass triggerDeprecationError arg to parent class
(xabbuh) * bug #16956 [DependencyInjection] XmlFileLoader: enforce tags to have
a name (xabbuh) * bug #16265 [BrowserKit] Corrected HTTP_HOST logic
(Naktibalda) * bug #17554 [DependencyInjection] resolve aliases in factories
(xabbuh) * bug #17555 [DependencyInjection] resolve aliases in factory services
(xabbuh) * bug #17511 [Form] ArrayChoiceList can now deal with a null in
choices (issei-m) * bug #17430 [Serializer] Ensure that groups are strings
(dunglas) * bug #15272 [FrameworkBundle] Fix template location for PHP
templates (jakzal) * bug #11232 [Routing] Fixes fatal errors with object
resources in AnnotationDirectoryLoader::supports (Tischoi) * bug #17526 Escape
the delimiter in Glob::toRegex (javiereguiluz) * bug #17527 fixed undefined
variable (fabpot) * bug #15706 [framework-bundle] Added support for the
`0.0.0.0/0` trusted proxy (zerkms) * bug #16274 [HttpKernel] Lookup the
response even if the lock was released after two second wait (jakzal) * bug
#17355 [DoctrineBridge][Validator] >= 2.3 Pass association instead of ID as
argument (xavismeh) * bug #17454 Allow absolute URLs to be displayed in the
debug toolbar (javiereguiluz) * bug #16736 [Request] Ignore invalid IP
addresses sent by proxies (GromNaN) * bug #17486 [FrameworkBundle] Throw for
missing container extensions (kix) * bug #16873 Able to load big xml files with
DomCrawler (zorn-v) * bug #16897 [Form] Fix constraints could be null if not
set (DZunke) * bug #16912 [Translation][Writer] avoid calling setBackup if the
dumper is not FileDumper (aitboudad) * bug #17505 sort bundles in config:dump-
reference command (xabbuh) * bug #17514 [Asset] Add defaultNull to version
configuration (ewgRa) * bug #16511 [Asset] Ability to set empty version
strategy in packages (ewgRa) * bug #17503 [Asset] CLI: use request context to
generate absolute URLs (xabbuh) * bug #17478 [HttpFoundation] Do not overwrite
the Authorization header if it is already set (jakzal) * bug #17461 [Yaml] tag
for dumped PHP objects must be a local one (xabbuh) * bug #17456 [DX] Remove
default match from AbstractConfigCommand::findExtension (kix) * bug #17424
[Process] Update in 2.7 for stream-based output storage (romainneutron) * bug
#17423 [Process] Use stream based storage to avoid memory issues (romainneutron)
* bug #17406 [Form] ChoiceType: Fix a notice when 'choices' normalizer is
replaced (paradajozsef) * bug #17433 [FrameworkBundle] Don't log twice with the
error handler (nicolas-grekas) * bug #17418 Fixed Bootstrap form theme form
"reset" buttons (javiereguiluz) * bug #17404 fix merge 2.3 into 2.7 for
SecureRandom dependency (Tobion) * bug #17373 [SecurityBundle] fix SecureRandom
service constructor args (Tobion) * bug #17380 [TwigBridge] Use label_format
option for checkbox and radio labels (enumag) * bug #17377 Fix performance
(PHP5) and memory (PHP7) issues when using token_get_all (nicolas-grekas,
peteward) * bug #17389 [Routing] Fixed correct class name in thrown exception
(fixes #17388) (robinvdvleuten) * bug #17358 [ClassLoader] Use symfony
/polyfill-apcu (nicolas-grekas) * bug #17370 [HttpFoundation][Cookie] Cookie
DateTimeInterface fix (wildewouter)
--------------------------------------------------------------------------------
================================================================================
php-udan11-sql-parser-3.4.0-1.el7 (FEDORA-EPEL-2016-07a6013905)
A validating SQL lexer and parser with a focus on MySQL dialect
--------------------------------------------------------------------------------
Update Information:
**Version 3.4.0** * CreateDefinition: Properly parse DEFAULT value, fixes
phpmyadmin/phpmyadmin#12012. Fix pulled from phpMyAdmin 4.5.5.1 * Escape
query when displaying ---- **Version 3.3.1** * Condition: Allow keyword
INTERVAL. --- **Version 3.3.0 ** * Expression: Refactored parsing options.
--- **Version 3.2.0 ** * Context: Added custom mode that avoids escaping when
possible. --- **Version 3.1.0 ** * Misc: Add test cases for fixed bugs.
--------------------------------------------------------------------------------
================================================================================
python-acme-0.4.1-1.el7 (FEDORA-EPEL-2016-60b4a06040)
Python library for the ACME protocol
--------------------------------------------------------------------------------
Update Information:
Updated to 0.4.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1313333 - letsencrypt-0.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1313333
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.15.9-1.el7 (FEDORA-EPEL-2016-ffbef18edf)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Handle new mdapi format. Also, a bugfix for handling copr messages.
--------------------------------------------------------------------------------
================================================================================
python-mwclient-0.8.1-2.el7 (FEDORA-EPEL-2016-d28c893565)
Mwclient is a client to the MediaWiki API
--------------------------------------------------------------------------------
Update Information:
This update provides the latest upstream release of mwclient, 0.8.1. The most
significant fix in this release was already backported to 0.8.0-3, so there's
very little practical difference here, but we may as well stay up to date.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1310337 - python-mwclient-v0.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1310337
--------------------------------------------------------------------------------
================================================================================
python-pyngus-2.0.3-2.el7 (FEDORA-EPEL-2016-e29b88cac3)
Callback API implemented over Proton
--------------------------------------------------------------------------------
Update Information:
Rebuilt against qpid-proton 0.12.0.
--------------------------------------------------------------------------------
================================================================================
python-unicodecsv-0.14.1-4.el7 (FEDORA-EPEL-2016-cdb625d501)
Drop-in replacement for Python 2.7's csv module which supports unicode strings
--------------------------------------------------------------------------------
Update Information:
Add python-unicodecsv to EPEL7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1279570 - Please Build For F23 and Epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1279570
--------------------------------------------------------------------------------
================================================================================
qpid-cpp-0.34-6.el7 (FEDORA-EPEL-2016-07b9ae23da)
Libraries for Qpid C++ client applications
--------------------------------------------------------------------------------
Update Information:
Rebuilt against qpid-proton 0.12.0-1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1280372 - qpidd ends up in symbol lookup error
https://bugzilla.redhat.com/show_bug.cgi?id=1280372
[ 2 ] Bug #1186311 - CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be
prevented [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1186311
[ 3 ] Bug #1186305 - CVE-2015-0224 qpid-cpp: qpidd can be crashed by unauthenticated
user (incomplete fix for CVE-2015-0203) [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1186305
--------------------------------------------------------------------------------
================================================================================
qpid-dispatch-0.5-2.el7 (FEDORA-EPEL-2016-06a3af7656)
Dispatch router for Qpid
--------------------------------------------------------------------------------
Update Information:
Rebuilt against qpid-proton 0.12.0.
--------------------------------------------------------------------------------
================================================================================
qpid-proton-0.12.0-1.el7 (FEDORA-EPEL-2016-1461f2cc63)
A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:
Rebased to 0.12.0.
--------------------------------------------------------------------------------
================================================================================
rubygem-qpid_proton-0.12.0-1.el7 (FEDORA-EPEL-2016-da39fa1609)
Ruby language bindings for the Qpid Proton messaging framework
--------------------------------------------------------------------------------
Update Information:
Rebased to 0.12.0.
--------------------------------------------------------------------------------
================================================================================
salt-2015.5.9-5.el7 (FEDORA-EPEL-2016-a696ab9b5d)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Updated dnf patch ---- Updated dnf patch ---- Corrected Requires for salt-
syndic package ---- Updated dnf patch ---- Update to bugfix release
2015.5.9, patched with proper dnf support
--------------------------------------------------------------------------------
================================================================================
ustl-2.3-2.el7 (FEDORA-EPEL-2016-76cdeee666)
A size-optimized STL implementation
--------------------------------------------------------------------------------
Update Information:
v2.3 - Implement unique_ptr and shared_ptr - Implement atomic - Implement
is_constructible, is_destructible, is_assignable, and variations - Enable c++14
compilation for clang 3.6+ and gcc 5+ - Numerous improvements to streams API -
Add all stream formatting manipulators: setw, setprecision, etc. - Increase
default stream buffer size to improve ifstream/ofstream performance. - Implement
string-number conversions. - Rename libc_exception to system_error; in c++14
that is now a standard - Fixes to compile on Debian and OS X v2.2 - Implement
C++11 type traits - Some fixes for incorrect behavior of array - Coding style
changes based on "Effective C++" recommendations - Fix string vformat sometimes
leaving string empty - Fix crash when using string.erase(i,string::npos)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1308214 - ustl: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1308214
[ 2 ] Bug #1240026 - ustl: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1240026
--------------------------------------------------------------------------------
================================================================================
xiphos-4.0.4-4.el7 (FEDORA-EPEL-2016-0820ef56b8)
Bible study and research tool
--------------------------------------------------------------------------------
Update Information:
Rebuild against new SWORD library
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1313506 - Xiphos-gtk3 won't update - Requires: libsword-1.7.3.so
https://bugzilla.redhat.com/show_bug.cgi?id=1313506
--------------------------------------------------------------------------------
================================================================================
xrootd-4.3.0-1.el7 (FEDORA-EPEL-2016-b829ab1c57)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
New minor release 4.3.0. Release notes are here:
https://github.com/xrootd/xrootd/blob/master/docs/ReleaseNotes.txt
--------------------------------------------------------------------------------