The following Fedora EPEL 7 Security updates need testing: Age URL 414 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 176 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-785fc9a2ea dropbear-2016.72-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-34b85c63ee drupal7-block_class-2.3-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1036441cdb ReviewBoard-2.5.4-1.el7 python-djblets-0.9.3-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-caf6ebac81 ansible1.9-1.9.6-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-56e02a47c7 ansible-2.0.2.0-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d398cc4c6c roundcubemail-1.1.5-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-017aadcc97 php-getid3-1.9.12-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aad55a428b w3m-0.5.3-20.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c731bc5ec0 cacti-0.8.8g-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
Lmod-6.3.1-1.el7 cacti-0.8.8g-1.el7 engauge-digitizer-7.2-1.el7 epson-inkjet-printer-escpr-1.5.2-3.1lsb3.2.el7 epson-inkjet-printer-escpr-1.6.5-1.1lsb3.2.el7 goaccess-0.9.8-1.el7 osbs-client-0.22-1.el7 quassel-0.12.4-1.el7
Details about builds:
================================================================================ Lmod-6.3.1-1.el7 (FEDORA-EPEL-2016-4cbda99dcc) Environmental Modules System in Lua -------------------------------------------------------------------------------- Update Information:
Update to 6.3.1 - protects it from user changes to LUA_PATH and LUA_CPATH by using these values at configuration time. - Fixed bug with Capital Letters in a version string. - Do not overwrite MODULEPATH (bug #1326075) --------------------------------------------------------------------------------
================================================================================ cacti-0.8.8g-1.el7 (FEDORA-EPEL-2016-c731bc5ec0) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information:
- Update to 0.8.8g Release notes: http://www.cacti.net/release_notes_0_8_8g.php -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1259276 - Version of cacti in repos' is pretty old for EL6 and EL7 https://bugzilla.redhat.com/show_bug.cgi?id=1259276 [ 2 ] Bug #1082936 - CVE-2014-2327 CVE-2014-2326 CVE-2014-2328 cacti: multiple flaws reported by Deutsche Telekom [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1082936 [ 3 ] Bug #1004548 - Tree not collapsing in graph mode in version 0.8.8b https://bugzilla.redhat.com/show_bug.cgi?id=1004548 [ 4 ] Bug #1323943 - CVE-2016-3659 cacti: SQL injection vulnerability in graph_view.php [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1323943 [ 5 ] Bug #1317550 - CVE-2016-3172 cacti: SQL injection vulnerability in /cacti/tree.php [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1317550 [ 6 ] Bug #1306530 - CVE-2016-2313 cacti: authentication bypass [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1306530 [ 7 ] Bug #1295782 - CVE-2015-8604 cacti: SQL injection in graps_new.php via cg_g parameter [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1295782 [ 8 ] Bug #1291779 - CVE-2015-8369 cacti: SQL injection in graph.php [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1291779 [ 9 ] Bug #1291223 - CVE-2015-8377 cacti: SQL injection in graphs_new.php [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1291223 [ 10 ] Bug #1242868 - CVE-2015-4634 cacti: multiple SQL injection flaws fixed in Cacti 0.8.8e [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1242868 [ 11 ] Bug #1233833 - CVE-2015-4454 CVE-2015-2665 cacti: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1233833 [ 12 ] Bug #1230297 - CVE-2015-4342 cacti: SQL Injection and Location header injection from cdef id [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1230297 [ 13 ] Bug #1129764 - cacti: remote code execution and SQL injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1129764 [ 14 ] Bug #1121468 - cacti: cross-site scripting issues [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1121468 [ 15 ] Bug #1128298 - cacti-spine not available https://bugzilla.redhat.com/show_bug.cgi?id=1128298 [ 16 ] Bug #1123884 - %post scriptlet error on install https://bugzilla.redhat.com/show_bug.cgi?id=1123884 --------------------------------------------------------------------------------
================================================================================ engauge-digitizer-7.2-1.el7 (FEDORA-EPEL-2016-8cc7dc8e14) Convert graphs or map files into numbers -------------------------------------------------------------------------------- Update Information:
- Update to 7.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1279184 - engauge on el6: not built for missing BR package, log4cpp. https://bugzilla.redhat.com/show_bug.cgi?id=1279184 --------------------------------------------------------------------------------
================================================================================ epson-inkjet-printer-escpr-1.5.2-3.1lsb3.2.el7 (FEDORA-EPEL-2016-c66c4cdeec) Drivers for Epson inkjet printers -------------------------------------------------------------------------------- Update Information:
Roll back to earlier version due to segfaults in the 1.6.x series. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1327002 - Printer prints only half of the page, epson-escpr crashes https://bugzilla.redhat.com/show_bug.cgi?id=1327002 [ 2 ] Bug #1326572 - [abrt] epson-inkjet-printer-escpr: XFIFOClose(): epson-escpr killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1326572 [ 3 ] Bug #1252376 - [abrt] epson-inkjet-printer-escpr: set_pips_parameter(): epson-escpr killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1252376 --------------------------------------------------------------------------------
================================================================================ epson-inkjet-printer-escpr-1.6.5-1.1lsb3.2.el7 (FEDORA-EPEL-2016-2b83caa4e1) Drivers for Epson inkjet printers -------------------------------------------------------------------------------- Update Information:
Update to 1.6.5. ---- Update to 1.6.4. Make sure drivers are properly detected on Fedora platform. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1327002 - Printer prints only half of the page, epson-escpr crashes https://bugzilla.redhat.com/show_bug.cgi?id=1327002 [ 2 ] Bug #1326572 - [abrt] epson-inkjet-printer-escpr: XFIFOClose(): epson-escpr killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1326572 [ 3 ] Bug #1252376 - [abrt] epson-inkjet-printer-escpr: set_pips_parameter(): epson-escpr killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1252376 [ 4 ] Bug #1323033 - Epson inkjet driver RPM does not advertise the printers it supports https://bugzilla.redhat.com/show_bug.cgi?id=1323033 --------------------------------------------------------------------------------
================================================================================ goaccess-0.9.8-1.el7 (FEDORA-EPEL-2016-e7474e15f3) Real-time web log analyzer and interactive viewer -------------------------------------------------------------------------------- Update Information:
== Changes to GoAccess 0.9.8 - Monday, February 29, 2016 == - Added a more complete list of static extensions to the config file. - Added Android 6.0 Marshmallow to the list of OSs. - Added the ability to scroll through panels on TAB with option to disable it --no-tab-scroll. - Added the first and last log dates to the overall statistics panel. - Ensure GoAccess links correctly against libtinfo. - Ensure static content is case-insensitive verified. - Fixed bandwidth overflow issue (numbers > 2GB on non-x86_64 arch). - Fixed broken HTML layout when html-method/protocol is missing in config file. - Refactored parsing and display of available modules/panels. == Changes to GoAccess 0.9.7 - Monday, December 21, 2015 == - Added Squid native log format to the config file. - Fixed int overflow when getting total bandwidth using the on-disk storage. - Fixed issue where a timestamp was stored as date under the visitors panel. - Fixed issue where config dialog fields were not cleared out on select. - Fixed issue where "Virtual Hosts" menu item wasn't shown in the HTML sidebar. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1293320 - goaccess-0.9.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1293320 --------------------------------------------------------------------------------
================================================================================ osbs-client-0.22-1.el7 (FEDORA-EPEL-2016-472acd2ac0) Python command line client for OpenShift Build Service -------------------------------------------------------------------------------- Update Information:
New upstream release. ---- New upstream release. ---- New upstream release. ---- New upstream release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1329027 - osbs-client-0.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1329027 --------------------------------------------------------------------------------
================================================================================ quassel-0.12.4-1.el7 (FEDORA-EPEL-2016-7436010ccd) A modern distributed IRC system -------------------------------------------------------------------------------- Update Information:
New upstream release --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org