The following Fedora EPEL 7 Security updates need testing:
Age URL
545
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
286
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
284
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4a1efc409a
pure-ftpd-1.0.47-3.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ebd7293594
python-pip-epel-8.1.2-12.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-453d58e60f
radare2-4.2.1-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-062fed623d
php-horde-Horde-Data-2.1.5-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cacti-1.2.9-1.el7
cacti-spine-1.2.9-1.el7
clamav-0.101.5-10.el7
kstars-17.08.2-4.el7
levmar-2.6-1.el7
libindi-1.7.4-5.el7
mbedtls-2.7.13-1.el7
phd2-2.6.7-1.el7
prosody-0.11.4-1.el7
yubico-piv-tool-2.0.0-1.el7
Details about builds:
================================================================================
cacti-1.2.9-1.el7 (FEDORA-EPEL-2020-bee5eeedf0)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.9 - CVE-2020-7106, CVE-2020-7237 Release notes:
https://www.cacti.net/release_notes.php?version=1.2.9
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 10 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.9-1
- Update to 1.2.9
- CVE-2020-7106, CVE-2020-7237
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1798187 - CVE-2020-7237 cacti: remote code execution due to input validation
in Performance Boost Debug Log
https://bugzilla.redhat.com/show_bug.cgi?id=1798187
[ 2 ] Bug #1796208 - CVE-2020-7106 cacti: XSS due to lack of escaping on some pages
https://bugzilla.redhat.com/show_bug.cgi?id=1796208
[ 3 ] Bug #1786609 - CVE-2019-17358 cacti: unsafe deserialization of user-controlled
data
https://bugzilla.redhat.com/show_bug.cgi?id=1786609
--------------------------------------------------------------------------------
================================================================================
cacti-spine-1.2.9-1.el7 (FEDORA-EPEL-2020-bee5eeedf0)
Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.9 - CVE-2020-7106, CVE-2020-7237 Release notes:
https://www.cacti.net/release_notes.php?version=1.2.9
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 10 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.9-1
- Update to 1.2.9
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1798187 - CVE-2020-7237 cacti: remote code execution due to input validation
in Performance Boost Debug Log
https://bugzilla.redhat.com/show_bug.cgi?id=1798187
[ 2 ] Bug #1796208 - CVE-2020-7106 cacti: XSS due to lack of escaping on some pages
https://bugzilla.redhat.com/show_bug.cgi?id=1796208
[ 3 ] Bug #1786609 - CVE-2019-17358 cacti: unsafe deserialization of user-controlled
data
https://bugzilla.redhat.com/show_bug.cgi?id=1786609
--------------------------------------------------------------------------------
================================================================================
clamav-0.101.5-10.el7 (FEDORA-EPEL-2020-b1621119f6)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
- Keep old freshclam cron job --- - Add a message warning that we now
provide clamav-freshclam.service systemd unit instead old scripts and crond file
---- - More cleanups - Remove llvm-glibc.patch (upstream already fixed it)
- Comment "Example" in scan.conf to make clamd(a)scan.service to have less to
editing - Improve description of clamav-update - Fix systemd scriptlets
- Improve upgrade path - Get rid of pkgdatadir variable - Use upstream
freshclam systemd unit file, remove freshclam-slee - Get rid of %freshclamlog
variable - Get rid of smartsubst function - Fix scriplets (#1788338) -
Delete unused files - Remove old init scripts and use only systemd - Still
need some work at least add freshclam unit - Allow building --with unrar again
(bz#1782638)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 9 2020 Orion Poplawski <orion(a)nwra.com> - 0.101.5-10
- Re-add clamav-update.cron (bz#1800226)
- Add conditional old_freshclam
* Tue Feb 4 2020 S��rgio Basto <sergio(a)serjux.com> - 0.101.5-9
- Add a message warning that We now provide clamav-freshclam.service systemd
unit instead old scripts
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.101.5-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 27 2020 S��rgio Basto <sergio(a)serjux.com> - 0.101.5-7
- More cleanups
- Remove llvm-glibc.patch (upstream already fixed it)
- Comment "Example" in scan.conf to make clamd(a)scan.service works without
editing
- Improve description of clamav-update
* Sun Jan 26 2020 S��rgio Basto <sergio(a)serjux.com> - 0.101.5-6
- Fix clamd scriplets on update and add scriplets for clamav-freshclam.service
* Fri Jan 24 2020 S��rgio Basto <sergio(a)serjux.com> - 0.101.5-5
- Improve upgrade path
- Get rid of pkgdatadir variable
- Use upstream freshclam systemd unit file, remove freshclam-sleep
- Get rid of /var/log/freshclam.log variable
- Get rid of smartsubst function
* Fri Jan 17 2020 S��rgio Basto <sergio(a)serjux.com> - 0.101.5-4
- Fix scriplets (#1788338)
* Tue Dec 17 2019 S��rgio Basto <sergio(a)serjux.com> - 0.101.5-3
- Remove old init scripts and use systemd
* Tue Dec 17 2019 Orion Poplawski <orion(a)nwra.com> - 0.101.5-2
- Allow building --with unrar again (bz#1782638)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1800226 - Keep old freshclam cron job in place
https://bugzilla.redhat.com/show_bug.cgi?id=1800226
--------------------------------------------------------------------------------
================================================================================
kstars-17.08.2-4.el7 (FEDORA-EPEL-2020-972b057df0)
Desktop Planetarium
--------------------------------------------------------------------------------
Update Information:
* Update libindi to 1.7.4 * Rebuild Kstars * Update PHD2 to 2.6.7
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 10 2020 Mattia Verga <mattia.verga(a)protonmail.com> - 17.08.2-4
- Rebuild for libindi 1.7.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1745666 - kstars package needs rebuild for RHEL 7.7 - LibRaw updated
https://bugzilla.redhat.com/show_bug.cgi?id=1745666
--------------------------------------------------------------------------------
================================================================================
levmar-2.6-1.el7 (FEDORA-EPEL-2020-ccc1de4868)
Levenberg-Marquardt nonlinear least squares algorithm
--------------------------------------------------------------------------------
Update Information:
Levmar 2.6, first release in EPEL7
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jan 16 2020 Alejandro Alvarez Ayllon <a.alvarezayllon(a)gmail.com> - 2.6-1
- levmar 2.6
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5-20
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5-19
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5-18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5-17
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.5-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.5-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.5-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.5-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.5-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.5-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.5-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Jan 28 2010 Eric Smith <eric(a)brouhaha.com> - 2.5-4
- preserve timestamp of README in prep
* Sun Jan 24 2010 Eric Smith <eric(a)brouhaha.com> - 2.5-3
- don't need f2c
- spec cleanup based on review comments from Jussi Lehtola
* Sat Jan 23 2010 Eric Smith <eric(a)brouhaha.com> - 2.5-2
- spec cleanup based on review comments from Jussi Lehtola
* Fri Jan 22 2010 Eric Smith <eric(a)brouhaha.com> - 2.5-1
- initial version
--------------------------------------------------------------------------------
================================================================================
libindi-1.7.4-5.el7 (FEDORA-EPEL-2020-972b057df0)
Instrument Neutral Distributed Interface
--------------------------------------------------------------------------------
Update Information:
* Update libindi to 1.7.4 * Rebuild Kstars * Update PHD2 to 2.6.7
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 10 2020 Mattia Verga <mattia.verga(a)protonmail.com> - 1.7.4-5
- Rebuild 1.7.4 since it has never been released as update
* Thu Apr 4 2019 Mattia Verga <mattia.verga(a)protonmail.com> - 1.7.4-4.1
- Update to 1.7.4 with patches from Fedora branch
* Sun Jul 29 2018 Christian Dersch <lupinix(a)mailbox.org> - 1.7.4-1
- new version
* Thu Jun 21 2018 Sergio Pascual <sergiopr(a)fedoraproject.org> 1.7.2-2
- Patch udev rule to remove plugdev (bz #1577332)
* Tue Jan 2 2018 Christian Dersch <lupinix(a)fedoraproject.org> - 1.6.0-1
- new version
- split shared libraries into -libs subpackage, to be multiarch clean
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1745666 - kstars package needs rebuild for RHEL 7.7 - LibRaw updated
https://bugzilla.redhat.com/show_bug.cgi?id=1745666
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.7.13-1.el7 (FEDORA-EPEL-2020-bf56589e5c)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.7.13 - CVE-2019-18222 Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.16.4-and-2.7.13-released Security Advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-
advisory-2019-12
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 10 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 2.7.13-1
- Update to 2.7.13
--------------------------------------------------------------------------------
================================================================================
phd2-2.6.7-1.el7 (FEDORA-EPEL-2020-972b057df0)
Telescope guiding software
--------------------------------------------------------------------------------
Update Information:
* Update libindi to 1.7.4 * Rebuild Kstars * Update PHD2 to 2.6.7
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 8 2020 Mattia Verga <mattia.verga(a)protonmail.com> - 2.6.7-1
- Upgrade to 2.6.7
* Sat Mar 30 2019 Mattia Verga <mattia.verga(a)protonmail.com> - 2.6.6-1
- Upgrade to 2.6.6
- Enable tests on i686
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1745666 - kstars package needs rebuild for RHEL 7.7 - LibRaw updated
https://bugzilla.redhat.com/show_bug.cgi?id=1745666
--------------------------------------------------------------------------------
================================================================================
prosody-0.11.4-1.el7 (FEDORA-EPEL-2020-c5dd83e735)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.11.4 ============== Fixes and improvements ----------------------
* core.rostermanager: Improve performance by caching rosters of offline #1233
* mod_pep: Handling subscriptions more efficiently #1372 Minor changes
------------- * util.interpolation: Support unescaped variables with more
modifiers #1452 * MUC: Mark source of historic messages correctly #1416 *
mod_auth_internal_hashed: Pass on errors #1477 * mod_mam, mod_muc_mam: Improve
logging of failures #1478, #1480, #1481 * mod_muc, mod_muc_mam: Reschedule
message expiry in case of failure * mod_mam: Add flag to session when it
performs a MAM query * prosodyctl check: Warn about conflict between mod_pep
and mod_pep_simple * prosodyctl check: Warn about conflict between mod_vcard
and mod_vcard_legacy #1469 * core.modulemanager: Disable mod_vcard if
mod_vcard_legacy is enabled to prevent conflict #1469 * MUC: Strip tags with
MUC-related namespaces from private messages #1427 * MUC: Don���t advertise
registration feature on host #1451 * mod_vcard_legacy: Fix handling of empty
photo elements #1432 * mod_vcard_legacy: Advertise lack of avatar correctly
#1431 * prosodyctl: Handle if the setting proxy65_address has the wrong type
* prosodyctl: Print a blank line to improve spacing and readability * MUC: Fix
role loss in Nickname change #1466 * util.pposix: Fix reporting of memory
usage in 2-4GB range #1445 * util.startup: Fix a regression concerning
directory paths #1430 * mod_websocket: Don���t mask WebSocket pong answers #1484
* net.resolvers: Apply IDNA conversion to ascii for DNS lookups (affects only
HTTP queries) #1426 * net.resolvers.basic: Fix resolution of IPv6 literals (in
brackets) #1459
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 10 2020 Robert Scheck <robert(a)fedoraproject.org> 0.11.4-1
- Upgrade to 0.11.4 (#1792635)
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1792635 - prosody-0.11.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1792635
--------------------------------------------------------------------------------
================================================================================
yubico-piv-tool-2.0.0-1.el7 (FEDORA-EPEL-2020-029e3c4e1c)
Tool for interacting with the PIV applet on a YubiKey NEO
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.0 (#1796170)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 7 2020 Orion Poplawski <orion(a)nwra.com> - 2.0.0-1
- Update to 2.0.0 (#1796170)
* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Apr 3 2019 Jakub Jelen <jjelen(a)redhat.com> - 1.7.0-1
- New upstream release (#1695650)
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Nov 29 2018 Jakub Jelen <jjelen(a)redhat.com> - 1.6.2-1
- New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1796170 - yubico-piv-tool-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1796170
--------------------------------------------------------------------------------