The following Fedora EPEL 7 Security updates need testing:
Age URL
602
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
344
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
341
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
51
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b23fa957bb
drupal7-ckeditor-1.19-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-16bf726581
php-robrichards-xmlseclibs1-1.4.3-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-181270fbae
chromium-80.0.3987.163-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cacti-1.2.11-1.el7
cacti-spine-1.2.11-1.el7
libmediainfo-20.03-1.el7
libprelude-5.1.1-1.el7
libpreludedb-5.1.0-2.el7
libzen-0.4.38-1.el7
mediainfo-20.03-1.el7
nagios-4.4.5-7.el7
netdata-1.21.0-1.el7
nrpe-4.0.2-1.el7
openfortivpn-1.13.3-1.el7
purple-discord-0-27.20200405gitdb7dc79.el7
python-pexpect-4.8.0-1.el7
Details about builds:
================================================================================
cacti-1.2.11-1.el7 (FEDORA-EPEL-2020-34295ace88)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.11 Release notes:
https://www.cacti.net/release_notes.php?version=1.2.11
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.11-1
- Update to 1.2.11
--------------------------------------------------------------------------------
================================================================================
cacti-spine-1.2.11-1.el7 (FEDORA-EPEL-2020-34295ace88)
Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.11 Release notes:
https://www.cacti.net/release_notes.php?version=1.2.11
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.11-1
- Update to 1.2.11
--------------------------------------------------------------------------------
================================================================================
libmediainfo-20.03-1.el7 (FEDORA-EPEL-2020-c4a578b4cc)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update mediainfo to 20.03.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 3 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 20.03-1
- Update to 20.03
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 19.09-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1820795 - libzen-0.4.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1820795
--------------------------------------------------------------------------------
================================================================================
libprelude-5.1.1-1.el7 (FEDORA-EPEL-2020-a95fcaedde)
Secure Connections between all Sensors and the Prelude Manager
--------------------------------------------------------------------------------
Update Information:
Bump version 5.1.1 Bump soname
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Thomas Andrejak <thomas.andrejak(a)gmail.com> - 5.1.1-1
- Bump version 5.1.1
--------------------------------------------------------------------------------
================================================================================
libpreludedb-5.1.0-2.el7 (FEDORA-EPEL-2020-a95fcaedde)
Framework for easy access to the IDMEF database
--------------------------------------------------------------------------------
Update Information:
Bump version 5.1.1 Bump soname
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Thomas Andrejak <thomas.andrejak(a)gmail.com> - 5.1.0-2
- Rebuild
* Mon Apr 6 2020 Thomas Andrejak <thomas.andrejak(a)gmail.com> - 5.1.0-1
- Bump version 5.1.0
--------------------------------------------------------------------------------
================================================================================
libzen-0.4.38-1.el7 (FEDORA-EPEL-2020-c4a578b4cc)
Shared library for libmediainfo and medianfo*
--------------------------------------------------------------------------------
Update Information:
Update mediainfo to 20.03.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 3 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 0.4.38-1
- Update to 0.4.38
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.37-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.37-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.37-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.37-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.37-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1820795 - libzen-0.4.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1820795
--------------------------------------------------------------------------------
================================================================================
mediainfo-20.03-1.el7 (FEDORA-EPEL-2020-c4a578b4cc)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update mediainfo to 20.03.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 3 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 20.03-1
- Update to 20.03
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 19.09-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1820795 - libzen-0.4.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1820795
--------------------------------------------------------------------------------
================================================================================
nagios-4.4.5-7.el7 (FEDORA-EPEL-2020-3e2935b6e2)
Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Revert to Smooge's last good build (4.4.5-3)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2020 Martin Jackson <mhjacks(a)swbell.net> - 4.4.5-7
- Revert to Smooge's last good build
* Tue Feb 18 2020 Stephen Smoogen <smooge(a)fedoraproject.org> - 4.4.5-3
- Add change to allow for problems found in mass rebuild and gcc10.
- Fix BZ#1793909
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Aug 29 2019 Stephen Smoogen <smooge(a)fedoraproject.org> - 4.4.5-1
- Move to 4.4.5
- Updated patches to cleanly patch
* Fri Jul 26 2019 Stephen Smoogen <smooge(a)fedoraproject.org> - 4.4.3-7
- Try to put in fixes to allow this to work on EL8
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.3-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 31 2019 Jitka Plesnikova <jplesnik(a)redhat.com> - 4.4.3-5
- Perl 5.30 rebuild
* Fri Feb 22 2019 Stephen Smoogen <smooge(a)fedoraproject.org> - 4.4.3-4
- Fix BZ#1674258 add explicite User and Group to systemctl startup.
- Problem was missed because some config files had this set in them
* Tue Feb 5 2019 Stephen Smoogen <smooge(a)fedoraproject.org> - 4.4.3-3
- Fix BZ#1672027
- Patch for daemon did not have enough endif in them. However test looks superfluous
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
netdata-1.21.0-1.el7 (FEDORA-EPEL-2020-db9ff4507d)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.21.0-1
- Update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1821125 - netdata-1.21.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1821125
--------------------------------------------------------------------------------
================================================================================
nrpe-4.0.2-1.el7 (FEDORA-EPEL-2020-b6453e2708)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
New upstream version fixing CVEs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2020 Martin Jackson <mhjacks(a)swbell.net> - 4.0.2-1
- New upstream version
- Update patch for indlude_dir
- Fix BZ#1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer
type conversion
- Fix BZ#1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the
configuration file may lead to command injection
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of
the configuration file may lead to command injection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816805
[ 2 ] Bug #1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong
integer type conversion [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816816
--------------------------------------------------------------------------------
================================================================================
openfortivpn-1.13.3-1.el7 (FEDORA-EPEL-2020-19aca4f76e)
Client for PPP+SSL VPN tunnel services
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version. ---- Update to latest upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Dimitri Papadopoulos <dpo(a)sfr.fr> - 1.13.3-1
- Update to latest upstream version
- Re-enable systemd
* Mon Mar 23 2020 Adrien Verg�� <adrienverge(a)gmail.com> - 1.13.1-1
- Update to latest upstream version
- Remove systemd requirement, cf.
https://github.com/adrienverge/openfortivpn/pull/586#issuecomment-602428740
* Sun Mar 22 2020 Adrien Verg�� <adrienverge(a)gmail.com> - 1.13.0-2
- Add systemd requirement, cf.
https://github.com/adrienverge/openfortivpn/pull/586#issuecomment-602183264
* Sun Mar 22 2020 Adrien Verg�� <adrienverge(a)gmail.com> - 1.13.0-1
- Update to latest upstream version
--------------------------------------------------------------------------------
================================================================================
purple-discord-0-27.20200405gitdb7dc79.el7 (FEDORA-EPEL-2020-1ece290462)
Discord plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated purple plugins to latest snapshots.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2020 Vitaly Zaitsev <vitaly(a)easycoding.org> - 0-27.20200405gitdb7dc79
- Updated to latest snapshot.
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
0-26.20190805git250a8a0
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-pexpect-4.8.0-1.el7 (FEDORA-EPEL-2020-9ae9d78566)
Unicode-aware Pure Python Expect-like module
--------------------------------------------------------------------------------
Update Information:
Update to new upstream release 4.8.0 and re-enable tests (#1821711)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2020 Scott Talbert <swt(a)techie.net> - 4.8.0-1
- Update to new upstream release 4.8.0 and re-enable tests (#1821711)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1821711 - Please update it to >= 4.7
https://bugzilla.redhat.com/show_bug.cgi?id=1821711
--------------------------------------------------------------------------------