The following Fedora EPEL 7 Security updates need testing:
Age URL
727
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
490
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
208
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c
redis-3.2.3-1.el7
192
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
72
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-759dd56b65
firebird-2.5.7.27050.0-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-af1e2c321c
phpMyAdmin-4.4.15.10-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-20968c98b8
nodejs-6.9.5-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cf89632a6e
canl-c-2.1.8-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d5fe44714a
cacti-1.0.4-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0e81fa293f
drupal7-metatag-1.21-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f1dce07331
drupal7-views-3.15-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f99defddc3
munin-2.0.30-5.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-18d82f816f
breeze-icon-theme-5.31.0-1.el7 extra-cmake-modules-5.31.0-3.el7 kf5-5.31.0-1.el7
kf5-attica-5.31.0-1.el7 kf5-baloo-5.31.0-1.el7 kf5-bluez-qt-5.31.0-1.el7
kf5-frameworkintegration-5.31.0-1.el7 kf5-kactivities-5.31.0-1.el7
kf5-kactivities-stats-5.31.0-1.el7 kf5-kapidox-5.31.0-1.el7 kf5-karchive-5.31.0-1.el7
kf5-kauth-5.31.0-1.el7 kf5-kbookmarks-5.31.0-1.el7 kf5-kcmutils-5.31.0-1.el7
kf5-kcodecs-5.31.0-1.el7 kf5-kcompletion-5.31.0-1.el7 kf5-kconfig-5.31.0-1.el7
kf5-kconfigwidgets-5.31.0-1.el7 kf5-kcoreaddons-5.31.0-1.el7 kf5-kcrash-5.31.0-1.el7
kf5-kdbusaddons-5.31.0-1.el7 kf5-kdeclarative-5.31.0-1.el7 kf5-kded-5.31.0-1.el7
kf5-kdelibs4support-5.31.0-1.el7 kf5-kdesignerplugin-5.31.0-1.el7 kf5-kdesu-5.31.0-1.el7
kf5-kdewebkit-5.31.0-1.el7 kf5-kdnssd-5.31.0-1.el7 kf5-kdoctools-5.31.0-1.el7
kf5-kemoticons-5.31.0-1.el7 kf5-kfilemetadata-5.31.0-1.el7 kf5-kglobalaccel-5.31.0-1.el7
kf5-kguiaddons-5.31.0-1.el7 kf5-khtml
-5.31.0-1.el7 kf5-ki18n-5.31.0-1.el7 kf5-kiconthemes-5.31.0-1.el7
kf5-kidletime-5.31.0-1.el7 kf5-kimageformats-5.31.0-1.el7 kf5-kinit-5.31.0-1.el7
kf5-kio-5.31.0-2.el7 kf5-kitemmodels-5.31.0-1.el7 kf5-kitemviews-5.31.0-1.el7
kf5-kjobwidgets-5.31.0-1.el7 kf5-kjs-5.31.0-1.el7 kf5-kjsembed-5.31.0-1.el7
kf5-kmediaplayer-5.31.0-1.el7 kf5-knewstuff-5.31.0-1.el7 kf5-knotifications-5.31.0-1.el7
kf5-knotifyconfig-5.31.0-1.el7 kf5-kpackage-5.31.0-1.el7 kf5-kparts-5.31.0-1.el7
kf5-kpeople-5.31.0-1.el7 kf5-kplotting-5.31.0-1.el7 kf5-kpty-5.31.0-1.el7
kf5-kross-5.31.0-1.el7 kf5-krunner-5.31.0-1.el7 kf5-kservice-5.31.0-1.el7
kf5-ktexteditor-5.31.0-2.el7 kf5-ktextwidgets-5.31.0-1.el7
kf5-kunitconversion-5.31.0-1.el7 kf5-kwallet-5.31.0-1.el7 kf5-kwidgetsaddons-5.31.0-1.el7
kf5-kwindowsystem-5.31.0-1.el7 kf5-kxmlgui-5.31.0-1.el7 kf5-kxmlrpcclient-5.31.0-1.el7
kf5-modemmanager-qt-5.31.0-1.el7 kf5-networkmanager-qt-5.31.0-1.el7
kf5-plasma-5.31.0-1.el7 kf5-solid-5.31.0-1.el7 kf5-sonnet-5.31.0-1.el7 kf5
-syntax-highlighting-5.31.0-1.el7 kf5-threadweaver-5.31.0-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c01d41d83
php-pear-PHP-CodeSniffer-2.8.1-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9701d0e0dd
GraphicsMagick-1.3.25-6.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d2049ca0d4
tor-0.2.9.10-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-19578898e6
w3m-0.5.3-30.git20170102.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
psysh-0.8.2-1.el7
w3m-0.5.3-30.git20170102.el7
Details about builds:
================================================================================
psysh-0.8.2-1.el7 (FEDORA-EPEL-2017-ea386d281c)
A runtime developer console, interactive debugger and REPL for PHP
--------------------------------------------------------------------------------
Update Information:
### v0.8.2 #### New * Add a `startupMessage` config option (Thanks @gitetsu!)
* Reflecting commands (`dump`, `ls`, `show`, `doc`) now add magic variables so
you can do fun things with them: `$__class`, `$__file`, `$__method`, etc. ####
Improved * Fix some mistyped annotations and add a phan config (Thanks
@zonuexe!) * Handle file permissions errors for update checks and history files
more gracefully (Thanks @zonuexe!) * Handle PHP 7.x `\Error`s thrown while
serializing the shell return value (Thanks @damiankloip!) * Deal with variables
named `$this` (like if you started your shell session from inside a class
method) without exploding in PHP 7.1+. * Improve the accuracy of info returned
by `Psy\info()`. * Fix an error preventing `Psy\info()` from doing anything at
all in the last release :-( * Don't let local configuration interfere with
config unit tests. * Make reflecting commands superglobals-aware. `dump` is the
only one that actually does anything useful with a superglobal, but now the
others have reasonable output. * Fix fatal error when trying to extend final
classes. * Make a few things reference `static` instead of `self` to make
extension easier (Thanks @castarco!) * Fix a handful of bugs around escaping
special characters (and `<`) while dumping values. ### v0.8.1 * Add support
for `use` statement groups. * Don't throw fatal errors when conditionally
redefining classes and functions. * Fix `parse` command for older PHP Parser
versions. * Add `bin/package`, to hopefully make our automatic releases go a bit
smoother.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413429 - psysh-0.8.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413429
--------------------------------------------------------------------------------
================================================================================
w3m-0.5.3-30.git20170102.el7 (FEDORA-EPEL-2017-19578898e6)
A pager with Web browsing abilities
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425,
CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431,
CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436,
CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441,
CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624,
CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629,
CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633 And new upstream
20170102 as well
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1399740 - CVE-2016-9633 w3m: Memory exhaustion due to repeatedly appending
'<table>'
https://bugzilla.redhat.com/show_bug.cgi?id=1399740
[ 2 ] Bug #1399739 - CVE-2016-9632 w3m: Buffer-overflow in wc_any_to_ucs()
https://bugzilla.redhat.com/show_bug.cgi?id=1399739
[ 3 ] Bug #1399737 - CVE-2016-9630 w3m: Buffer-overflow in parseURL()
https://bugzilla.redhat.com/show_bug.cgi?id=1399737
[ 4 ] Bug #1399734 - CVE-2016-9631 w3m: Null pointer dereference in HTMLlineproc0()
https://bugzilla.redhat.com/show_bug.cgi?id=1399734
[ 5 ] Bug #1399732 - CVE-2016-9629 w3m: Null pointer dereference in
shiftAnchorPosition()
https://bugzilla.redhat.com/show_bug.cgi?id=1399732
[ 6 ] Bug #1399730 - CVE-2016-9628 w3m: Null pointer dereference due to bad form id in
HTMLlineproc2body()
https://bugzilla.redhat.com/show_bug.cgi?id=1399730
[ 7 ] Bug #1399728 - CVE-2016-9627 w3m: Array index out of bounds in display.c
https://bugzilla.redhat.com/show_bug.cgi?id=1399728
[ 8 ] Bug #1399723 - CVE-2016-9626 w3m: Infinite recursion in HTMLlineproc0
https://bugzilla.redhat.com/show_bug.cgi?id=1399723
[ 9 ] Bug #1399720 - CVE-2016-9625 w3m: HTMLlineproc0 infinite recursion
https://bugzilla.redhat.com/show_bug.cgi?id=1399720
[ 10 ] Bug #1399718 - CVE-2016-9624 w3m: Null pointer dereference in formUpdateBuffer
https://bugzilla.redhat.com/show_bug.cgi?id=1399718
[ 11 ] Bug #1399715 - CVE-2016-9623 w3m: Integer overflow resulting in segmentation
fault
https://bugzilla.redhat.com/show_bug.cgi?id=1399715
[ 12 ] Bug #1399713 - CVE-2016-9622 w3m: Null pointer dereference in HTMLlineproc2body
https://bugzilla.redhat.com/show_bug.cgi?id=1399713
[ 13 ] Bug #1399710 - CVE-2016-9443 w3m: Null pointer dereference in formUpdateBuffer
https://bugzilla.redhat.com/show_bug.cgi?id=1399710
[ 14 ] Bug #1399707 - CVE-2016-9442 w3m: Potential heap-buffer corruption due to
Strgrow
https://bugzilla.redhat.com/show_bug.cgi?id=1399707
[ 15 ] Bug #1399705 - CVE-2016-9441 w3m: Null pointer dereference in do_refill
https://bugzilla.redhat.com/show_bug.cgi?id=1399705
[ 16 ] Bug #1399702 - CVE-2016-9440 w3m: Null pointer dereference in formUpdateBuffer
https://bugzilla.redhat.com/show_bug.cgi?id=1399702
[ 17 ] Bug #1399701 - CVE-2016-9439 w3m: Infinite recursion with nested table and
textarea
https://bugzilla.redhat.com/show_bug.cgi?id=1399701
[ 18 ] Bug #1399699 - CVE-2016-9438 w3m: Null pointer dereference with input_alt tag
https://bugzilla.redhat.com/show_bug.cgi?id=1399699
[ 19 ] Bug #1399697 - CVE-2016-9437 w3m: Write access violation with '<button
type=radio>'
https://bugzilla.redhat.com/show_bug.cgi?id=1399697
[ 20 ] Bug #1399695 - CVE-2016-9436 w3m: Unitialised value in parsetagx.c
https://bugzilla.redhat.com/show_bug.cgi?id=1399695
[ 21 ] Bug #1399694 - CVE-2016-9435 w3m: Unitialised value in file.c
https://bugzilla.redhat.com/show_bug.cgi?id=1399694
[ 22 ] Bug #1399691 - CVE-2016-9434 w3m: Null pointer dereference due to incorrect
form_int fid
https://bugzilla.redhat.com/show_bug.cgi?id=1399691
[ 23 ] Bug #1399690 - CVE-2016-9433 w3m: Segmentation fault when parsing iso2022
characters
https://bugzilla.redhat.com/show_bug.cgi?id=1399690
[ 24 ] Bug #1399689 - CVE-2016-9432 w3m: Segmentation fault due to bcopy with negative
size
https://bugzilla.redhat.com/show_bug.cgi?id=1399689
[ 25 ] Bug #1399687 - CVE-2016-9431 w3m: Stack buffer overflow in deleteFrameSet()
https://bugzilla.redhat.com/show_bug.cgi?id=1399687
[ 26 ] Bug #1399685 - CVE-2016-9430 w3m: Segmentation fault with malformed input tag
https://bugzilla.redhat.com/show_bug.cgi?id=1399685
[ 27 ] Bug #1399682 - CVE-2016-9429 w3m: Global-buffer-overflow write in
formUpdateBuffer
https://bugzilla.redhat.com/show_bug.cgi?id=1399682
[ 28 ] Bug #1399668 - CVE-2016-9426 w3m: Heap corruption due to integer overflow in
renderTable()
https://bugzilla.redhat.com/show_bug.cgi?id=1399668
[ 29 ] Bug #1399667 - CVE-2016-9428 w3m: Out-of-bounds write in addMultirowsForm()
https://bugzilla.redhat.com/show_bug.cgi?id=1399667
[ 30 ] Bug #1399666 - CVE-2016-9425 w3m: Segmentation fault due to write to lineBuf[-1]
in addMultirowsForm
https://bugzilla.redhat.com/show_bug.cgi?id=1399666
[ 31 ] Bug #1399665 - CVE-2016-9424 w3m: Out-of-bounds heap write due to negative array
index
https://bugzilla.redhat.com/show_bug.cgi?id=1399665
[ 32 ] Bug #1399664 - CVE-2016-9423 w3m: Malformed html tag heap-buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1399664
[ 33 ] Bug #1399662 - CVE-2016-9422 w3m: Stack smashed with large image inside table
https://bugzilla.redhat.com/show_bug.cgi?id=1399662
--------------------------------------------------------------------------------