The following Fedora EPEL 7 Security updates need testing: Age URL 329 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 91 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-418a480529 gsi-openssh-6.6.1p1-3.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fb26e5cd3c privoxy-3.0.23-3.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fca17abc84 p7zip-15.09-9.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-69b4d0e57c prosody-0.9.10-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5aba523f53 phpMyAdmin-4.4.15.4-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
batctl-2016.0-1.el7 boinc-client-7.2.42-9.gitdd0d630.el7 codec2-0.5-1.el7 freedv-1.1-5.el7 mote-0.4.3-2.el7 phpMyAdmin-4.4.15.4-1.el7
Details about builds:
================================================================================ batctl-2016.0-1.el7 (FEDORA-EPEL-2016-b73f64f566) B.A.T.M.A.N. advanced control and management tool -------------------------------------------------------------------------------- Update Information:
Update to 2016.0 See changelog at https://www.open-mesh.org/projects/open- mesh/wiki/2016-01-19-batman-adv-2016-0-release --------------------------------------------------------------------------------
================================================================================ boinc-client-7.2.42-9.gitdd0d630.el7 (FEDORA-EPEL-2016-1f0f85412d) The BOINC client core -------------------------------------------------------------------------------- Update Information:
bugfix #1192799 Directory is owned which shouldn't -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1192799 - Directory is owned which shouldn't https://bugzilla.redhat.com/show_bug.cgi?id=1192799 --------------------------------------------------------------------------------
================================================================================ codec2-0.5-1.el7 (FEDORA-EPEL-2016-d007a8affa) Next-Generation Digital Voice for Two-Way Radio -------------------------------------------------------------------------------- Update Information:
Initial package release & fixed ppc64le build. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1278638 - Review Request: freedv - FreeDV Digital Voice https://bugzilla.redhat.com/show_bug.cgi?id=1278638 --------------------------------------------------------------------------------
================================================================================ freedv-1.1-5.el7 (FEDORA-EPEL-2016-d007a8affa) FreeDV Digital Voice -------------------------------------------------------------------------------- Update Information:
Initial package release & fixed ppc64le build. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1278638 - Review Request: freedv - FreeDV Digital Voice https://bugzilla.redhat.com/show_bug.cgi?id=1278638 --------------------------------------------------------------------------------
================================================================================ mote-0.4.3-2.el7 (FEDORA-EPEL-2016-c250f21ac1) A MeetBot log wrangler, providing a user-friendly interface for Fedora's logs -------------------------------------------------------------------------------- Update Information:
Update 0.4.3 ---- Update 0.4.1 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin-4.4.15.4-1.el7 (FEDORA-EPEL-2016-5aba523f53) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
phpMyAdmin 4.4.15.4 (2016-01-29) ================================ - Error with PMA 4.4.15.3 - Remove hard dependency on phpseclib phpMyAdmin 4.4.15.3 (2016-01-28) ================================ - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of CSRF token, see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see PMASA-2016-3 - [Security] Insecure password generation in JavaScript, see PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, see PMASA-2016-5 - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6 - [Security] XSS vulnerability in normalization page, see PMASA-2016-7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1302684 - CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7) https://bugzilla.redhat.com/show_bug.cgi?id=1302684 [ 2 ] Bug #1302682 - CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6) https://bugzilla.redhat.com/show_bug.cgi?id=1302682 [ 3 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5) https://bugzilla.redhat.com/show_bug.cgi?id=1302681 [ 4 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4) https://bugzilla.redhat.com/show_bug.cgi?id=1302680 [ 5 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3) https://bugzilla.redhat.com/show_bug.cgi?id=1302679 [ 6 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2) https://bugzilla.redhat.com/show_bug.cgi?id=1302677 [ 7 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1) https://bugzilla.redhat.com/show_bug.cgi?id=1302676 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org