The following Fedora EPEL 7 Security updates need testing: Age URL 447 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 188 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 186 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 123 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897 dosbox-0.74.3-2.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-821ac0b641 mingw-libidn2-2.2.0-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-19535181a5 java-latest-openjdk-13.0.1.9-2.rolling.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-458a052bdb rssh-2.3.4-15.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-0d0c37fcca hostapd-2.9-2.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-e6e7d521d9 chromium-78.0.3904.70-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ec3a3dac15 libmp4v2-2.1.0-0.18.trunkREV507.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
composer-1.9.1-1.el7 golang-1.13.3-1.el7 mod_perl-2.0.11-1.el7 perl-DateTime-Format-Flexible-0.32-1.el7 perl-PerlIO-utf8_strict-0.007-10.el7 perl-URI-Fetch-0.13-11.el7 perl-XML-Atom-0.42-6.el7 perl-XML-Feed-0.59-4.el7 perl-XML-RSS-LibXML-0.3105-9.el7 php-horde-Horde-Core-2.31.11-1.el7 php-horde-Horde-Util-2.5.9-1.el7 proftpd-1.3.5e-7.el7 putty-0.73-1.el7 python-productmd-1.23-1.el7 sockperf-3.6-1.el7
Details about builds:
================================================================================ composer-1.9.1-1.el7 (FEDORA-EPEL-2019-112a88cfc6) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information:
**Version 1.9.1** 2019-11-01 * Fixed various credential handling issues with gitlab and github * Fixed credentials being present in git remotes in Composer cache and vendor directory when not using SSH keys * Fixed `composer why` not listing replacers as a reason something is present * Fixed various PHP 7.4 compatibility issues * Fixed root warnings always present in Docker containers, setting COMPOSER_ALLOW_SUPERUSER is not necessary anymore * Fixed GitHub access tokens leaking into debug-verbosity output * Fixed several edge case issues detecting GitHub, Bitbucket and GitLab repository types * Fixed Composer asking if you want to use a composer.json in a parent directory when ran in non-interactive mode * Fixed classmap autoloading issue finding classes located within a few non-PHP context blocks (?>...<?php) -------------------------------------------------------------------------------- ChangeLog:
* Sat Nov 2 2019 Remi Collet remi@remirepo.net - 1.9.1-1 - update to 1.9.1 --------------------------------------------------------------------------------
================================================================================ golang-1.13.3-1.el7 (FEDORA-EPEL-2019-50f0062140) The Go Programming Language -------------------------------------------------------------------------------- Update Information:
* Rebase to 1.13.3 * Security fix for CVE-2019-17596 -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 30 2019 Jakub ��ajka jcajka@redhat.com - 1.13.3-1 - Rebase to go1.13.3 - Fix for CVE-2019-17596 - Resolves: BZ#1763311 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1763310 - CVE-2019-17596 golang: invalid public key causes panic in dsa.Verify https://bugzilla.redhat.com/show_bug.cgi?id=1763310 --------------------------------------------------------------------------------
================================================================================ mod_perl-2.0.11-1.el7 (FEDORA-EPEL-2019-553a56f5e2) An embedded Perl interpreter for the Apache HTTP Server -------------------------------------------------------------------------------- Update Information:
This release fixes a crash in ap_server_config_defines() seen on a start-up. It also corrects somes tests. -------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 7 2019 Jitka Plesnikova jplesnik@redhat.com - 2.0.11-1 - 2.0.11 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1758758 - mod_perl-2.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1758758 --------------------------------------------------------------------------------
================================================================================ perl-DateTime-Format-Flexible-0.32-1.el7 (FEDORA-EPEL-2019-3bbcd02fe6) Flexibly parse strings and turn them into DateTime objects -------------------------------------------------------------------------------- Update Information:
This erratum brings a perl-DateTime-Format-Flexible package for parsing natural language texts into DateTime objects. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1763496 - [RFE] EPEL-7 branch for perl-DateTime-Format-Flexible https://bugzilla.redhat.com/show_bug.cgi?id=1763496 --------------------------------------------------------------------------------
================================================================================ perl-PerlIO-utf8_strict-0.007-10.el7 (FEDORA-EPEL-2019-7cd1caeed7) Fast and correct UTF-8 I/O -------------------------------------------------------------------------------- Update Information:
This erratum brings a perl-PerlIO-utf8_strict package, a strict-behavin UTF-8 Perl layer. --------------------------------------------------------------------------------
================================================================================ perl-URI-Fetch-0.13-11.el7 (FEDORA-EPEL-2019-9da4e873b0) Smart URI fetching/caching -------------------------------------------------------------------------------- Update Information:
This is the first EPEL-7 build of perl-XML-Feed and its dependencies perl-URI- Fetch, perl-XML-Atom and perl-XML-RSS-LibXML. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1748209 - Please add CPAN's XML::Feed to EPEL-6 and EPEL-7 https://bugzilla.redhat.com/show_bug.cgi?id=1748209 --------------------------------------------------------------------------------
================================================================================ perl-XML-Atom-0.42-6.el7 (FEDORA-EPEL-2019-9da4e873b0) Atom feed and API implementation -------------------------------------------------------------------------------- Update Information:
This is the first EPEL-7 build of perl-XML-Feed and its dependencies perl-URI- Fetch, perl-XML-Atom and perl-XML-RSS-LibXML. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1748209 - Please add CPAN's XML::Feed to EPEL-6 and EPEL-7 https://bugzilla.redhat.com/show_bug.cgi?id=1748209 --------------------------------------------------------------------------------
================================================================================ perl-XML-Feed-0.59-4.el7 (FEDORA-EPEL-2019-9da4e873b0) Syndication feed parser and auto-discovery -------------------------------------------------------------------------------- Update Information:
This is the first EPEL-7 build of perl-XML-Feed and its dependencies perl-URI- Fetch, perl-XML-Atom and perl-XML-RSS-LibXML. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1748209 - Please add CPAN's XML::Feed to EPEL-6 and EPEL-7 https://bugzilla.redhat.com/show_bug.cgi?id=1748209 --------------------------------------------------------------------------------
================================================================================ perl-XML-RSS-LibXML-0.3105-9.el7 (FEDORA-EPEL-2019-9da4e873b0) XML::RSS with XML::LibXML -------------------------------------------------------------------------------- Update Information:
This is the first EPEL-7 build of perl-XML-Feed and its dependencies perl-URI- Fetch, perl-XML-Atom and perl-XML-RSS-LibXML. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1748209 - Please add CPAN's XML::Feed to EPEL-6 and EPEL-7 https://bugzilla.redhat.com/show_bug.cgi?id=1748209 --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Core-2.31.11-1.el7 (FEDORA-EPEL-2019-f63d89dd72) Horde Core Framework libraries -------------------------------------------------------------------------------- Update Information:
**Horde_Core 2.31.11** * [mjr] Fix UTF-8 encoding of ActiveSync SmartReply requests (Bug #14957). -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 4 2019 Remi Collet remi@remirepo.net - 2.31.11-1 - update to 2.31.11 --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Util-2.5.9-1.el7 (FEDORA-EPEL-2019-41e8debc7e) Horde Utility Libraries -------------------------------------------------------------------------------- Update Information:
**Horde_Util 2.5.9** * [mjr] PHP 7.4 compatibility fixes (Remi Collet , PR #2). * [jan] Fix wrapping if the wrapping break adds indention. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 4 2019 Remi Collet remi@remirepo.net - 2.5.9-1 - update to 2.5.9 --------------------------------------------------------------------------------
================================================================================ proftpd-1.3.5e-7.el7 (FEDORA-EPEL-2019-85dcdba126) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information:
This update includes a back-ported fix from upstream to support rebuilding the package to work with MySQL version 8. Note that this updated build is not linked with MySQL 8 itself but will work with the existing MySQL version in the base operating system, i.e. will not work out of the box with MySQL 8. -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 23 2019 Paul Howarth paul@city-fan.org - 1.3.5e-7 - Fix build compatibility with MySQL 8 (#1764401) https://github.com/proftpd/proftpd/issues/824 https://github.com/proftpd/proftpd/pull/825 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1764401 - Please build an EPEL7 build of proftpd version 1.3.6b https://bugzilla.redhat.com/show_bug.cgi?id=1764401 --------------------------------------------------------------------------------
================================================================================ putty-0.73-1.el7 (FEDORA-EPEL-2019-1946200e23) SSH, Telnet and Rlogin client -------------------------------------------------------------------------------- Update Information:
This is new version fixing multiple vulnerabilities. -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 30 2019 Jaroslav ��karvada jskarvad@redhat.com - 0.73-1 - New version Resolves: rhbz#1756746 * Fri Aug 16 2019 Jaroslav ��karvada jskarvad@redhat.com - 0.72-1 - New version Resolves: rhbz#1742144 * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 0.71-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1767984 - putty: multiple vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1767984 --------------------------------------------------------------------------------
================================================================================ python-productmd-1.23-1.el7 (FEDORA-EPEL-2019-7e68278263) Library providing parsers for metadata related to OS installation -------------------------------------------------------------------------------- Update Information:
New upstream version with support for metadata about extra files. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 1 2019 Lubom��r Sedl���� lsedlar@redhat.com - 1.23-1 - Add class for representing extra files in the compose (lsedlar@redhat.com) - Add tests for multiple variants in one .treeinfo (riehecky@fnal.gov) --------------------------------------------------------------------------------
================================================================================ sockperf-3.6-1.el7 (FEDORA-EPEL-2019-939532abc2) Network benchmarking utility for testing latency and throughput -------------------------------------------------------------------------------- Update Information:
sockperf v3.6 New: * Add round-trip-time (rtt) support Fixes: * Fix SocketXtreme client TCP is not terminated * Fix expected max packet seqno calculation * Fix std::exception deprecated warnings * Update Sockperf's manual page * Fix vmazcopyread support in sockperf * Move zcopy free_packets outside msg_recvfrom * socketxtreme cleanup in msg recv -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 4 2019 Michal Schmidt mschmidt@redhat.com - 3.6-1 - Upstream release 3.6. - Plus a couple of fixes from upstream git. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1644766 - None https://bugzilla.redhat.com/show_bug.cgi?id=1644766 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org