The following Fedora EPEL 7 Security updates need testing:
Age URL
472
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
213
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
211
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8a7207a341
libidn2-2.3.0-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aff200699c
mingw-libidn2-2.3.0-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b1761c2898
imapfilter-2.6.15-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1a5ac407f8
jhead-3.04-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d6b0a398c2
clamav-0.101.5-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-06a2efa1e8
tnef-1.4.18-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9007659871
chromium-78.0.3904.108-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bitlbee-3.6-1.el7
bitlbee-facebook-1.2.0-1.el7
mlpack-3.2.2-1.el7
proftpd-1.3.5e-8.el7
python-jaydebeapi-1.1.1-8.el7
sympa-6.2.48-3.el7
vertica-python-0.10.0-1.el7
Details about builds:
================================================================================
bitlbee-3.6-1.el7 (FEDORA-EPEL-2019-70465bd8c8)
IRC to other chat networks gateway
--------------------------------------------------------------------------------
Update Information:
BitlBee 3.6 =========== IRC/Core -------- * Add server-time IRCv3 capability
* Add PROXY command for haproxy/stunnel * Large performance improvements for
large contact lists * Many UX/documentation improvements * Added built-in
crash handler that writes to `/var/lib/bitlbee/crash.log` * Try to join long
spaceless lines in paste_buffer without a newline. The main use case for this is
pasting long URLs and not breaking them * Fix status message being set to null
accidentally * Fix handling utf8 nick renames when loading configs * Fix
SSL's SNI with hostnames starting with a digit * Show correct nick when
`rename -del` is used Twitter ------- * Disable the stream setting by
default. Filter streams still work. * Update default character limit to 280
chars * Fix quote tweet url display. Jabber ------ * Try to join anyway
after "Already present in chat" * Fix chat joins when ext_jid is provided for
your own user. Seen with Biboumi (a gateway from XMPP to IRC) * Handle
always_use_nicks more gracefully to reduce nick change noise OTR --- * Don't
block attempts to connect/smp/smpq to "offline" users Removed dead protocols
---------------------- * msn: Use the skypeweb purple plugin instead. *
skype (the dbus based thing): ditto. * yahoo: It's so dead even the
replacement protocol died. * oscar: AIM is dead, for ICQ use the icyque purple
plugin instead. For plugin devs --------------- * Add datadir to pkgconfig
file and config.h * Add "bitlbee-set-account-password" purple signal (for
hangouts) * Support libpurple 2.12.0's PURPLE_MESSAGE_REMOTE_SEND for
groupchat self-messages (for slack) Packaging/distro specific stuff
------------------------------- * `bitlbee@.service` now sends stderr to
syslog instead of the socket * debian: only enable `bitlbee.service`, not
`bitlbee.socket` too * cygwin: portability fixes for plugins * Support
OpenSSL 1.1 built without backwards compat
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2019 Robert Scheck <robert(a)fedoraproject.org> 3.6-1
- Upgrade to 3.6
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
3.5.2-0.3.20180919git0b1448f
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
3.5.2-0.2.20180919git0b1448f
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Sep 19 2018 Adam Williamson <awilliam(a)redhat.com> -
3.5.2-0.1.20180919git0b1448f
- Bump to latest git snapshot (for openssl 1.1 and twitter fixes)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.5.1-6
- Rebuilt for Python 3.7
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 2 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1673881 - bitlbee-3.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1673881
--------------------------------------------------------------------------------
================================================================================
bitlbee-facebook-1.2.0-1.el7 (FEDORA-EPEL-2019-9e82a2e05a)
Facebook protocol plugin for BitlBee
--------------------------------------------------------------------------------
Update Information:
bitlbee-facebook 1.2.0 ====================== * Fix ERROR_QUEUE_OVERFLOW on
login by bumping orca agent version * Fix "Failed to read fixed header" with
TLS 1.3 / GnuTLS 3.6.x * Add workplace chat support (enable the "work"
setting
to use it)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 7 2019 David Cantrell <dcantrell(a)redhat.com> - 1.2.0-1
- Upgrade to 1.2.0
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mlpack-3.2.2-1.el7 (FEDORA-EPEL-2019-85d6cc012f)
Scalable, fast C++ machine learning library
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 27 2019 Ryan Curtin <ryan(a)ratml.org> - 3.2.2-1
- Update to latest stable version.
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.5e-8.el7 (FEDORA-EPEL-2019-72ead04703)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update addresses a number of bugs affecting processing of CRLs in mod_tls,
including possible null pointer dereferences and missing some checks. Thanks to
Lionel Debroux for reporting them.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2019 Paul Howarth <paul(a)city-fan.org> - 1.3.5e-8
- Fix handling of CRL lookups by properly using issuer for lookups, and
guarding against null pointers (GH#858, GH#859, GH#860, GH#861,
CVE-2019-19269)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1777975 - CVE-2019-19269 proftpd: NULL pointer dereference when validating
the certificate of a client connecting to the server
https://bugzilla.redhat.com/show_bug.cgi?id=1777975
[ 2 ] Bug #1778222 - CVE-2019-19272 proftpd: NULL pointer dereference in tls_verify_crl
when validating the certificate of a client
https://bugzilla.redhat.com/show_bug.cgi?id=1778222
[ 3 ] Bug #1778231 - CVE-2019-19271 proftpd: A wrong iteration variable, used when
checking a client certificate against CRL entries, can cause some CRL entries to be
ignored
https://bugzilla.redhat.com/show_bug.cgi?id=1778231
[ 4 ] Bug #1778258 - CVE-2019-19270 proftpd: failure to check for the appropriate field
of a CRL entry prevents some valid CRLs from being taken into account
https://bugzilla.redhat.com/show_bug.cgi?id=1778258
--------------------------------------------------------------------------------
================================================================================
python-jaydebeapi-1.1.1-8.el7 (FEDORA-EPEL-2019-1cc43d3a46)
Bridge from JDBC database drivers to Python DB-API
--------------------------------------------------------------------------------
Update Information:
removing python2 support as there isn't requires (python-jpype) for that in
epel7
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.1-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1760983 - EPEL7 - python2-jaydebeapi won't install on RHEL 7.7
https://bugzilla.redhat.com/show_bug.cgi?id=1760983
--------------------------------------------------------------------------------
================================================================================
sympa-6.2.48-3.el7 (FEDORA-EPEL-2019-ec6be94229)
Powerful multilingual List Manager
--------------------------------------------------------------------------------
Update Information:
- Add dependency on Socket6 and IO::Socket::IP (or alternatively Socket6 and
IO::Socket::INET6 on EL6). - Add patch to fix ldap 2 level query.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2019 Xavier Bachelot <xavier(a)bachelot.org> 6.2.48-3
- Add patch to fix compile executables test on F32.
- Add dependency on Socket6 and IO::Socket::IP
(or alternatively Socket6 and IO::Socket::INET6 on EL6).
- Add patch to fix ldap 2 level query.
- Re-enable Crypt::SMIME for EL8.
- Re-enable all web subpackages for EL8.
--------------------------------------------------------------------------------
================================================================================
vertica-python-0.10.0-1.el7 (FEDORA-EPEL-2019-67a2df9e9c)
A native Python adapter for the Vertica database
--------------------------------------------------------------------------------
Update Information:
Bump to new version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2019 Jakub Jedelsky <jakub.jedelsky(a)gmail.com> - 0.10.0-1
- Update to version 0.10.0
- support python3 by default
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1742251 - vertica-python-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1742251
--------------------------------------------------------------------------------