The following Fedora EPEL 7 Security updates need testing:
Age URL
148
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a
unrtf-0.21.9-8.el7
98
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a
bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
82
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
54
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896
myrepos-1.20180726-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1104372fa7
teeworlds-0.6.5-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bdb21ebc3f
drupal7-7.60-2.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-29716ed12f
php-pear-CAS-1.3.6-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8876f503ce
libgit2-0.26.8-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9091f95cd5
zchunk-0.9.14-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
caja-actions-1.8.2-2.el7
marco-1.16.1-4.el7
mate-applets-1.16.0-2.el7
mate-system-monitor-1.16.0-2.el7
mate-utils-1.16.1-2.el7
mkvtoolnix-28.2.0-1.el7
python-pbr-4.2.0-2.el7
python-pytoml-0.1.18-2.el7
python-scandir-1.9.0-1.el7
python3-requests-2.12.5-2.el7
python3-urllib3-1.19.1-4.el7
snapd-2.36-1.el7
snapd-glib-1.44-1.el7
Details about builds:
================================================================================
caja-actions-1.8.2-2.el7 (FEDORA-EPEL-2018-417249babc)
Caja extension for customizing the context menu
--------------------------------------------------------------------------------
Update Information:
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 31 2018 Wolfgang Ulbrich <fedora(a)raveit.de> - 1.8.2-2
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644519 - epel mate is not compatible with rhel 7.6
https://bugzilla.redhat.com/show_bug.cgi?id=1644519
--------------------------------------------------------------------------------
================================================================================
marco-1.16.1-4.el7 (FEDORA-EPEL-2018-417249babc)
MATE Desktop window manager
--------------------------------------------------------------------------------
Update Information:
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 31 2018 Wolfgang Ulbrich <fedora(a)raveit.de> - 1.16.1-4
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644519 - epel mate is not compatible with rhel 7.6
https://bugzilla.redhat.com/show_bug.cgi?id=1644519
--------------------------------------------------------------------------------
================================================================================
mate-applets-1.16.0-2.el7 (FEDORA-EPEL-2018-417249babc)
MATE Desktop panel applets
--------------------------------------------------------------------------------
Update Information:
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 31 2018 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.16.0-2
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644519 - epel mate is not compatible with rhel 7.6
https://bugzilla.redhat.com/show_bug.cgi?id=1644519
--------------------------------------------------------------------------------
================================================================================
mate-system-monitor-1.16.0-2.el7 (FEDORA-EPEL-2018-417249babc)
Process and resource monitor
--------------------------------------------------------------------------------
Update Information:
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 31 2018 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.16.0-2
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644519 - epel mate is not compatible with rhel 7.6
https://bugzilla.redhat.com/show_bug.cgi?id=1644519
--------------------------------------------------------------------------------
================================================================================
mate-utils-1.16.1-2.el7 (FEDORA-EPEL-2018-417249babc)
MATE utility programs
--------------------------------------------------------------------------------
Update Information:
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 31 2018 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.16.1-2
- rebuild for rhel-7-6 update (libgtop2)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644519 - epel mate is not compatible with rhel 7.6
https://bugzilla.redhat.com/show_bug.cgi?id=1644519
--------------------------------------------------------------------------------
================================================================================
mkvtoolnix-28.2.0-1.el7 (FEDORA-EPEL-2018-cbfa290941)
Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:
# Version 28.2.0 "The Awakening" 2018-10-25 ## Bug fixes * mkvmerge, mkvinfo,
mkvextract, mkvpropedit, MKVToolNix GUI's info tool & chapter editor: fixed a
case of memory being accessed after it had been freed earlier. This can be
triggered by specially crafted Matroska files and lead to arbitrary code
execution. The vulnerability was reported as Cisco TALOS 2018-0694 on
2018-10-25. # Version 28.1.0 "Morning Child" 2018-10-23 ## Bug fixes *
mkvmerge: AV1 parser: fixed an error in the sequence header parser if neither
the `reduced_still_picture_header` nor the `frame_id_numbers_present_flag` is
set. Part of the fix for #2410. * mkvmerge: AV1 parser: when creating the `av1C`
structure for the Codec Private element the sequence header OBU wasn't copied
completely: its common data (type field & OBU size among others) was missing.
Part of the fix for #2410. * mkvmerge: Matroska reader, AV1: mkvmerge will try
to re-create the `av1C` data stored in Codec Private when reading AV1 from
Matroska or WebM files created by mkvmerge v28.0.0. Part of the fix for #2410. *
MKVToolNix GUI: info tool: the tool will no longer stop scanning elements when
an EBML Void element is found after the first Cluster element. Fixes #2413. #
Version 28.0.0 "Voice In My Head" 2018-10-20 ## New features and enhancements
* mkvmerge: AV1 parser: updated the code for the finalized AV1 bitstream
specification. Part of the implementation of #2261. * mkvmerge: AV1 packetizer:
updated the code for the finalized AV1-in-Matroska & WebM mapping specification.
Part of the implementation of #2261. * mkvmerge: AV1 support: the `--engage
enable_av1` option has been removed again. Part of the implementation of #2261.
* mkvmerge: MP4 reader: added support for AV1. Part of the implementation of
#2261. * mkvmerge: DTS: implemented dialog normalization gain removal for
extension substreams. Implements #2377. * mkvmerge, mkvextract: simple text
subtitles: added a workaround for simple text subtitle tracks that don't contain
a duration. Implements #2397. * mkvextract: added support for extracting AV1 to
IVF. Part of the implementation of #2261. * mkvextract: IVF extractor (AV1, VP8,
VP9): precise values will be used for the frame rate numerator & denominator
header fields for certain well-known values of the track's default duration. *
mkvmerge: VP9: mkvmerge will now create codec private data according to the VP9
codec mapping described in the WebM specifications. Implements #2379. *
MKVToolNix GUI: automatic scaling for high DPI displays is activated if the GUI
is compiled with Qt ��� 5.6.0. Fixes #1996 and #2383. * MKVToolNix GUI: added a
menu item ("Help" ��� "System information") for displaying information
about the
system MKVToolNix is running on in order to make debugging easier. * MKVToolNix
GUI: multiplexer, header editor: the user can enter a list of predefined track
names in the preferences. She can later select from them in "track name" combo
box. Implements #2230. ## Bug fixes * mkvmerge: JSON identification: fixed a
bug when removing invalid UTF-8 data from strings before they're output as JSON.
Fixes #2398. * mkvmerge: MP4/QuickTime reader: fixed handling of PCM audio with
FourCC `in24`. Fixes #2391. * mkvmerge: MPEG transport stream reader, teletext
subtitles: the decision whether or not to keep frames around in order to
potentially merge them with the following frame is made sooner. That avoids
problems if there are large gaps between teletext subtitle frames which could
lead to frames being interleaved too late. Fixes #2393. * mkvextract: IVF
extractor (AV1, VP8, VP8): the frame rate header fields weren't clamped to 16
bits properly causing wrong frame rates to be written in certain situations. *
mkvpropedit, MKVToolNix GUI's header editor: fixed file corruption when a one-
byte space must be covered with a new EBML void element but all surrounding
elements have a "size length" field that's eight bytes long already. Fixes
#2406.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 28.2.0-1
- update to 28.2.0
- fixes CVE-2018-4022 (#1644258)
- unbundle sound files from oxygen sound theme
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644258 - CVE-2018-4022 mkvtoolnix: MKVINFO read_one_element code execution
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1644258
--------------------------------------------------------------------------------
================================================================================
python-pbr-4.2.0-2.el7 (FEDORA-EPEL-2018-ce98bc9b06)
Python Build Reasonableness
--------------------------------------------------------------------------------
Update Information:
- Update to 4.2.0 - Build for python 3
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 3 2018 Orion Poplwski <orion(a)nwra.com> - 4.2.0-2
- Build for Python 3 for EPEL
* Tue Sep 4 2018 Matthias Runge <mrunge(a)redhat.com> - 4.2.0-1
- update to 4.2.0 (rhbz#1605192)
* Wed Aug 8 2018 Ha��kel Gu��mar <hguemar(a)fedoraproject.org> - 4.1.1-2
- Add runtime requirement to git-core
* Fri Jul 20 2018 Matthias Runge <mrunge(a)redhat.com> - 4.1.1-1
- rebase to 4.1.1 (rhbz#1605192)
* Wed Jul 18 2018 Ha��kel Gu��mar <hguemar(a)fedoraproject.org> - 4.1.0-2
- Add dependency to setuptools (RHBZ#1601767)
* Tue Jul 17 2018 Matthias Runge <mrunge(a)redhat.com> - 4.1.0-1
- update to 4.1.0 (rhbz#1561252)
- modernize spec
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.1-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 13 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.1.1-8
- Rebuilt for Python 3.7
* Tue Feb 27 2018 Iryna Shcherbina <ishcherb(a)redhat.com> - 3.1.1-7
- Update Python 2 dependency declarations to new packaging standards
(See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Thu Feb 15 2018 Tomas Orsava <torsava(a)redhat.com> - 3.1.1-6
- Switch %python macro to %python2
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Sep 29 2017 Troy Dawson <tdawson(a)redhat.com> - 3.1.1-4
- Cleanup spec file conditionals
--------------------------------------------------------------------------------
================================================================================
python-pytoml-0.1.18-2.el7 (FEDORA-EPEL-2018-6d311024d9)
Parser for TOML
--------------------------------------------------------------------------------
Update Information:
Disable Python 2 subpackage on epel 7
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 4 2018 Julien Enselme <jujens(a)jujens.eu> - 0.1.18-2
- Disable Python 2 subpackage on epel 7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1625710 - python2-pytoml overrides python-pytoml from
rhel-7-server-extras-rpms
https://bugzilla.redhat.com/show_bug.cgi?id=1625710
--------------------------------------------------------------------------------
================================================================================
python-scandir-1.9.0-1.el7 (FEDORA-EPEL-2018-9535d5c655)
A better directory iterator and faster os.walk() for Python
--------------------------------------------------------------------------------
Update Information:
Updated to 1.9.0 (bz#1614995)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 4 2018 Avram Lubkin <aviso(a)fedoraproject.org> - 1.9.0-1
- Updated to 1.9.0 (bz#1614995)
- Don't include tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1614995 - python-scandir-1.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1614995
--------------------------------------------------------------------------------
================================================================================
python3-requests-2.12.5-2.el7 (FEDORA-EPEL-2018-4004d6feae)
HTTP library, written in Python, for human beings
--------------------------------------------------------------------------------
Update Information:
Ship python36-urllib3, python36-requests
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 4 2018 Orion Poplwski <orion(a)nwra.com> - 2.12.5-2
- Ship python36-requests (bug #1645072)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1645072 - Please provide a subpackage for python36
https://bugzilla.redhat.com/show_bug.cgi?id=1645072
--------------------------------------------------------------------------------
================================================================================
python3-urllib3-1.19.1-4.el7 (FEDORA-EPEL-2018-4004d6feae)
Python 3 HTTP library with thread-safe connection pooling and file post
--------------------------------------------------------------------------------
Update Information:
Ship python36-urllib3, python36-requests
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 29 2018 Raphael Groner <projects.rg(a)smart.ms>
- add python3_other subpackage
- add BR: python3X-setuptools
- use pypi macros
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1645072 - Please provide a subpackage for python36
https://bugzilla.redhat.com/show_bug.cgi?id=1645072
--------------------------------------------------------------------------------
================================================================================
snapd-2.36-1.el7 (FEDORA-EPEL-2018-b240f3418f)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
Initial packaging for EPEL 7 based on Fedora `snapd-2.36` and `snapd-glib-1.44`
packages.
--------------------------------------------------------------------------------
================================================================================
snapd-glib-1.44-1.el7 (FEDORA-EPEL-2018-b240f3418f)
Library providing a GLib interface to snapd
--------------------------------------------------------------------------------
Update Information:
Initial packaging for EPEL 7 based on Fedora `snapd-2.36` and `snapd-glib-1.44`
packages.
--------------------------------------------------------------------------------