The following Fedora EPEL 7 Security updates need testing:
Age URL
750
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
490
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
199
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-89ad58d02c
golang-1.15-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-85.0.4183.83-1.el7
knot-2.9.6-1.el7
lua-rpm-macros-1-2.el7
mock-2.5-2.el7
mock-core-configs-33-1.el7
nodejs-packaging-25-1.el7
nss-mdns-0.14.1-9.el7
oval-graph-1.2.0-1.el7
python-pip-epel-8.1.2-14.el7
python3-ldap-3.1.0-12.el7
ufdbGuard-1.34.6-3.el7
Details about builds:
================================================================================
chromium-85.0.4183.83-1.el7 (FEDORA-EPEL-2020-864bc6779e)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to Chromium 85.0.4183.83. Bugs fixed, security holes patched, and
features added. Hold on to your butts. List of CVEs resolved with this update:
CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540
CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545
CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550
CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555
CVE-2020-6556 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562
CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567
CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 26 2020 Tom Callaway <spot(a)fedoraproject.org> - 85.0.4183.83-1
- update to 85.0.4183.83
* Thu Aug 20 2020 Tom Callaway <spot(a)fedoraproject.org> - 84.0.4147.135-1
- update to 84.0.4147.135
- conditionalize build_clear_key_cdm
- disable build_clear_key_cdm on F33+ aarch64 until binutils bug is fixed
- properly install libclearkeycdm.so everywhere else (whoops)
* Mon Aug 17 2020 Tom Callaway <spot(a)fedoraproject.org> - 84.0.4147.125-2
- force fix_textrels fix in ffmpeg for i686 (even without lld)
* Mon Aug 10 2020 Tom Callaway <spot(a)fedoraproject.org> - 84.0.4147.125-1
- update to 84.0.4147.125
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
84.0.4147.105-2
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 31 2020 Tom Callaway <spot(a)fedoraproject.org> - 84.0.4147.105-1
- update to 84.0.4147.105
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
84.0.4147.89-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1861464 - CVE-2020-6537 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1861464
[ 2 ] Bug #1861465 - CVE-2020-6538 chromium-browser: Inappropriate implementation in
WebView
https://bugzilla.redhat.com/show_bug.cgi?id=1861465
[ 3 ] Bug #1861466 - CVE-2020-6532 chromium-browser: Use after free in SCTP
https://bugzilla.redhat.com/show_bug.cgi?id=1861466
[ 4 ] Bug #1861467 - CVE-2020-6539 chromium-browser: Use after free in CSS
https://bugzilla.redhat.com/show_bug.cgi?id=1861467
[ 5 ] Bug #1861468 - CVE-2020-6540 chromium-browser: Heap buffer overflow in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1861468
[ 6 ] Bug #1861469 - CVE-2020-6541 chromium-browser: Use after free in WebUSB
https://bugzilla.redhat.com/show_bug.cgi?id=1861469
[ 7 ] Bug #1867939 - CVE-2020-6542 chromium-browser: Use after free in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=1867939
[ 8 ] Bug #1867940 - CVE-2020-6543 chromium-browser: Use after free in task scheduling
https://bugzilla.redhat.com/show_bug.cgi?id=1867940
[ 9 ] Bug #1867941 - CVE-2020-6544 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=1867941
[ 10 ] Bug #1867942 - CVE-2020-6545 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1867942
[ 11 ] Bug #1867943 - CVE-2020-6546 chromium-browser: Inappropriate implementation in
installer
https://bugzilla.redhat.com/show_bug.cgi?id=1867943
[ 12 ] Bug #1867944 - CVE-2020-6547 chromium-browser: Incorrect security UI in media
https://bugzilla.redhat.com/show_bug.cgi?id=1867944
[ 13 ] Bug #1867945 - CVE-2020-6548 chromium-browser: Heap buffer overflow in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1867945
[ 14 ] Bug #1867946 - CVE-2020-6549 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=1867946
[ 15 ] Bug #1867947 - CVE-2020-6550 chromium-browser: Use after free in IndexedDB
https://bugzilla.redhat.com/show_bug.cgi?id=1867947
[ 16 ] Bug #1867948 - CVE-2020-6551 chromium-browser: Use after free in WebXR
https://bugzilla.redhat.com/show_bug.cgi?id=1867948
[ 17 ] Bug #1867949 - CVE-2020-6552 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1867949
[ 18 ] Bug #1867950 - CVE-2020-6553 chromium-browser: Use after free in offline mode
https://bugzilla.redhat.com/show_bug.cgi?id=1867950
[ 19 ] Bug #1867951 - CVE-2020-6554 chromium-browser: Use after free in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1867951
[ 20 ] Bug #1867952 - CVE-2020-6555 chromium-browser: Out of bounds read in WebGL
https://bugzilla.redhat.com/show_bug.cgi?id=1867952
[ 21 ] Bug #1870002 - CVE-2020-6556 chromium-browser: Heap buffer overflow in
SwiftShader
https://bugzilla.redhat.com/show_bug.cgi?id=1870002
[ 22 ] Bug #1872945 - CVE-2020-6559 chromium-browser: Use after free in presentation
API
https://bugzilla.redhat.com/show_bug.cgi?id=1872945
[ 23 ] Bug #1872946 - CVE-2020-6560 chromium-browser: Insufficient policy enforcement in
autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1872946
[ 24 ] Bug #1872947 - CVE-2020-6561 chromium-browser: Inappropriate implementation in
Content Security Policy
https://bugzilla.redhat.com/show_bug.cgi?id=1872947
[ 25 ] Bug #1872948 - CVE-2020-6562 chromium-browser: Insufficient policy enforcement in
Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1872948
[ 26 ] Bug #1872949 - CVE-2020-6563 chromium-browser: Insufficient policy enforcement in
intent handling
https://bugzilla.redhat.com/show_bug.cgi?id=1872949
[ 27 ] Bug #1872950 - CVE-2020-6564 chromium-browser: Incorrect security UI in
permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1872950
[ 28 ] Bug #1872951 - CVE-2020-6565 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1872951
[ 29 ] Bug #1872952 - CVE-2020-6566 chromium-browser: Insufficient policy enforcement in
media
https://bugzilla.redhat.com/show_bug.cgi?id=1872952
[ 30 ] Bug #1872953 - CVE-2020-6567 chromium-browser: Insufficient validation of
untrusted input in command line handling
https://bugzilla.redhat.com/show_bug.cgi?id=1872953
[ 31 ] Bug #1872955 - CVE-2020-6568 chromium-browser: Insufficient policy enforcement in
intent handling
https://bugzilla.redhat.com/show_bug.cgi?id=1872955
[ 32 ] Bug #1872956 - CVE-2020-6569 chromium-browser: Integer overflow in WebUSB
https://bugzilla.redhat.com/show_bug.cgi?id=1872956
[ 33 ] Bug #1872957 - CVE-2020-6570 chromium-browser: Side-channel information leakage
in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1872957
--------------------------------------------------------------------------------
================================================================================
knot-2.9.6-1.el7 (FEDORA-EPEL-2020-1d0e1bc417)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
New upstream version 2.9.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 2 2020 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> 2.9.6-1
- Update to 2.9.6
--------------------------------------------------------------------------------
================================================================================
lua-rpm-macros-1-2.el7 (FEDORA-EPEL-2020-f54c46aaf2)
The common Lua RPM macros
--------------------------------------------------------------------------------
Update Information:
Refactored Lua RPM macros out of lua-devel
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1873676 - Review Request: lua-rpm-macros - The common Lua RPM macros
https://bugzilla.redhat.com/show_bug.cgi?id=1873676
--------------------------------------------------------------------------------
================================================================================
mock-2.5-2.el7 (FEDORA-EPEL-2020-0996fb7a3c)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
mock - because of the mock-filesystem change, we need to enforce upgrade of the
old mock-core-configs package - set the DNF user_agent in dnf.conf
(msuchy(a)redhat.com) - introduce mock-filesystem subpackage (msuchy(a)redhat.com) -
add showrc plugin to record the output of rpm --showrc (riehecky(a)fnal.gov) -
document which packages we need in buildroot (msuchy(a)redhat.com) - macros
without leading '%' like config_opts['macros']['macroname'] work
fine again
(issue#605) mock-core-cofnigs - provide the Fedora ELN mock conifuration -
some adjustments were done for the new mock-filesystem package
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 2.5-2
- because of the mock-filesystem change, we need to enforce upgrade
of the old mock-core-configs package
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 2.5-1
- set the DNF user_agent in dnf.conf (msuchy(a)redhat.com)
- introduce mock-filesystem subpackage (msuchy(a)redhat.com)
- add showrc plugin to record the output of rpm --showrc (riehecky(a)fnal.gov)
- document which packages we need in buildroot (msuchy(a)redhat.com)
- macros without leading '%' like
config_opts['macros']['macroname'] work
fine again (issue#605)
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-33-1.el7 (FEDORA-EPEL-2020-0996fb7a3c)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
mock - because of the mock-filesystem change, we need to enforce upgrade of the
old mock-core-configs package - set the DNF user_agent in dnf.conf
(msuchy(a)redhat.com) - introduce mock-filesystem subpackage (msuchy(a)redhat.com) -
add showrc plugin to record the output of rpm --showrc (riehecky(a)fnal.gov) -
document which packages we need in buildroot (msuchy(a)redhat.com) - macros
without leading '%' like config_opts['macros']['macroname'] work
fine again
(issue#605) mock-core-cofnigs - provide the Fedora ELN mock conifuration -
some adjustments were done for the new mock-filesystem package
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 33-1
- bump version to 33, as we already ship F33 configs
- because of the mock-filesystem change, depend on mock 2.5
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 32.8-1
- set the DNF user_agent in dnf.conf (msuchy(a)redhat.com)
- add Fedora ELN configs
- introduce mock-filesystem subpackage (msuchy(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
nodejs-packaging-25-1.el7 (FEDORA-EPEL-2020-0f5a71c54f)
RPM Macros and Utilities for Node.js Packaging
--------------------------------------------------------------------------------
Update Information:
Fix incorrect bundled library detection for Requires ---- Add support for
checking `node_modules_prod` for bundled dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 2 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 25-1
- Fix incorrect bundled library detection for Requires
* Tue Sep 1 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 24-1
- Check node_modules_prod for bundled dependencies
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 23-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jun 3 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 23-3
- Drop Requires: nodejs(engine)
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 23-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 31 2019 Tom Hughes <tom(a)compton.nu> - 23-1
- Ensure nodejs(engine) is required for packages with no dependencies
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 22-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 2 2019 Tom Hughes <tom(a)compton.nu> - 22-1
- Refactor nodejs.req in more idiomatic Python
- Treat only external dependency links as un-bundled
* Mon Jun 10 2019 Tom Hughes <tom(a)compton.nu> - 21-1
- Refactor nodejs.prov in more idiomatic Python
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 20-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jan 5 2019 Tom Hughes <tom(a)compton.nu> - 20-1
- Fix handling of ^ dependencies for multiversion modules
* Thu Jan 3 2019 Tom Hughes <tom(a)compton.nu> - 18-1
- Handle =, >= and <= dependencies for multiversion modules
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 17-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu May 3 2018 Tom Hughes <tom(a)compton.nu> - 17-1
- Fix version comparators with a space after the operator
* Tue May 1 2018 Tom Hughes <tom(a)compton.nu> - 16-1
- Rewrite nodejs.req to better match npm versioning rules
- Add tests for nodejs.req and nodejs.prov
* Mon Apr 30 2018 Tom Hughes <tom(a)compton.nu> - 15-1
- Fix caret dependency ranges
* Thu Apr 12 2018 Tom Hughes <tom(a)compton.nu> - 14-1
- Only match top level modules for requires and provides generation
* Wed Feb 28 2018 Tom Hughes <tom(a)compton.nu> - 13-1
- Add %nodejs_setversion macro
* Fri Feb 23 2018 Tom Hughes <tom(a)compton.nu> - 12-1
- Port to python 3
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 11-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 13 2018 Tom Hughes <tom(a)compton.nu> - 11-1
- nodesjs.req: use boolean with for range dependencies
* Tue Sep 12 2017 Stephen Gallagher <sgallagh(a)redhat.com> - 10-1
- Release v10
- Automatically generate Provides for bundled npm dependencies
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 9-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Feb 21 2017 Tom Hughes <tom(a)compton.nu> - 9-3
- switch source URL to pagure
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Feb 2 2016 Tom Hughes <tom(a)compton.nu> - 9-1
- nodejs-fixdep: stop --move erroring on missing dependency types
* Sun Jan 31 2016 Tom Hughes <tom(a)compton.nu> - 8-1
- nodejs-fixdep: add --move option
- nodejs-symlink-deps: add --optional option
- req: generate suggests for optional dependencies
* Mon Nov 16 2015 Tom Hughes <tom(a)compton.nu> - 7-5
- nodejs-symlink-deps: handle caret in versions
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
7-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed Mar 4 2015 Ville Skytt�� <ville.skytta(a)iki.fi> - 7-3
- Install macros in %{_rpmconfidir}/macros.d where available (#1074279)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nss-mdns-0.14.1-9.el7 (FEDORA-EPEL-2020-21311a703e)
glibc plugin for .local name resolution
--------------------------------------------------------------------------------
Update Information:
Place 'mdns4_minimal' in /etc/nsswitch.conf after 'files' in
/etc/nsswitch.conf.
This improves compatibility with systemd-resolved.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 2 2020 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 0.14.1-9
- Place 'mdns4_minimal' in /etc/nsswitch.conf after 'files' in
/etc/nsswitch.conf,
so that it ends up before 'resolve' (#1867830)
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.14.1-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1867830 - can't connect using mDNS addressing when systemd-resolved is
running
https://bugzilla.redhat.com/show_bug.cgi?id=1867830
--------------------------------------------------------------------------------
================================================================================
oval-graph-1.2.0-1.el7 (FEDORA-EPEL-2020-22279e71e8)
Tool for visualization of SCAP rule evaluation results
--------------------------------------------------------------------------------
Update Information:
new upstream release: 1.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 3 2020 rebase-helper <rebase-helper(a)localhost.local> - 1.2.0-1
- new upstream release: 1.2.0
--------------------------------------------------------------------------------
================================================================================
python-pip-epel-8.1.2-14.el7 (FEDORA-EPEL-2020-49c5f31e92)
A tool for installing and managing Python packages
--------------------------------------------------------------------------------
Update Information:
Patch for pip install <url> allow directory traversal, leading to arbitrary file
write
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 2 2020 Tomas Orsava <torsava(a)redhat.com> - 8.1.2-14
- Patch for pip install <url> allow directory traversal, leading to arbitrary file
write
Resolves: rhbz#1868137
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.1.2-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1868137 - python-pip-epel: pip: Directory traversal in _download_http_url
function in src/pip/_internal/download.py [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1868137
--------------------------------------------------------------------------------
================================================================================
python3-ldap-3.1.0-12.el7 (FEDORA-EPEL-2020-26e9c42034)
An object-oriented API to access LDAP directory servers
--------------------------------------------------------------------------------
Update Information:
First epel7 release
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1872669 - Review Request: python3-ldap - API to access LDAP directory
servers
https://bugzilla.redhat.com/show_bug.cgi?id=1872669
--------------------------------------------------------------------------------
================================================================================
ufdbGuard-1.34.6-3.el7 (FEDORA-EPEL-2020-e8f9012731)
A URL filter for squid
--------------------------------------------------------------------------------
Update Information:
Fix logrotate config.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 2 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 1.34.6-3
- Correct logrotate configure.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1874819 - Ufdbguard duplicates logs after rotation
https://bugzilla.redhat.com/show_bug.cgi?id=1874819
--------------------------------------------------------------------------------