The following Fedora EPEL 7 Security updates need testing:
Age URL
256
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
63
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2
tor-0.3.5.8-1.el7
57
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9c2c40e3df
guacamole-server-1.0.0-1.el7
37
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-317c9a2f81
drupal7-7.65-1.el7
31
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294
cinnamon-3.6.7-5.el7
29
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f1efad2982
aria2-1.34.0-4.el7
24
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd
afflib-3.7.18-2.el7
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6ea040e59b
hostapd-2.7-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ae064347d8
python3-jinja2-2.8.1-2.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-7fc4459823
libmediainfo-18.12-3.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f05ef50515
php-horde-horde-5.2.21-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-add436bec5
php-horde-turba-4.2.24-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
espresso-4.0.2-1.el7
mozilla-https-everywhere-2019.1.31-2.el7
perl-Net-BGP-0.16-2.el7
php-extras-5.4.16-9.el7
php-zstd-0.7.3-1.el7
python36-3.6.8-1.el7
yubikey-manager-2.1.0-3.el7
Details about builds:
================================================================================
espresso-4.0.2-1.el7 (FEDORA-EPEL-2019-dd1687d8f1)
Extensible Simulation Package for Research on Soft matter
--------------------------------------------------------------------------------
Update Information:
Version bump to 4.0.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 24 2019 Christoph Junghans <junghans(a)votca.org> - 4.0.2-1
- Version bump to 4.0.2
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-2019.1.31-2.el7 (FEDORA-EPEL-2019-b4a184cef0)
HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
- Change "Block all unencrypted requests" language to "Encrypt all sites
eligible" - EASE mode patches for interstitial page and reload to trigger for
EASE mode - ES Lint clean up - Disable test for Chrome (will work in patch while
disabled) (included because chrome and firefox versions use a single codebase) -
Deprecate I.P.s in rulesets (Special case for DNS I.P.s) - Amend check_rules.py
fetch test to disable rules only if all rules are problematic, and comment rules
out if other rules are functional in the set - HSTS Prune and updates - Bundled
ruleset updates
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 26 2019 Russell Golden <niveusluna(a)fedoraproject.org> - 2019.1.31-1
- Change "Block all unencrypted requests" language to "Encrypt all sites
eligible"
- EASE mode patches for interstitial page and reload to trigger for EASE mode
- ES Lint clean up
- Disable test for Chrome (will work in patch while disabled)
-- (packager note: Included because both versions use the same codebase)
- Deprecate I.P.s in rulesets (Special case for DNS I.P.s)
- Amend check_rules.py fetch test to disable rules only if all rules are problematic,
-- and comment rules out if other rules are functional in the set
- HSTS Prune and updates
- Bundled ruleset updates
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
2018.10.31-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Net-BGP-0.16-2.el7 (FEDORA-EPEL-2019-fa66ed2fed)
Perl module for object-oriented API to the BGP protocol
--------------------------------------------------------------------------------
Update Information:
An implementation of the BGP-4 inter-domain routing protocol as Perl module. It
encapsulates all of the functionality needed to establish and maintain a BGP
peering session and exchange routing update information with the peer. It aims
to provide a simple API to the BGP protocol for the purposes of automation,
logging, monitoring, testing, and similar tasks using the power and flexibility
of Perl. The module does not implement the functionality of a RIB (Routing
Information Base) nor does it modify the kernel routing table of the host
system. However, such operations could be implemented using the API provided by
the module.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701810 - Review Request: perl-Net-BGP - Perl module for object-oriented API
to the BGP protocol
https://bugzilla.redhat.com/show_bug.cgi?id=1701810
--------------------------------------------------------------------------------
================================================================================
php-extras-5.4.16-9.el7 (FEDORA-EPEL-2019-6314c37d5a)
Additional PHP modules from the standard PHP distribution
--------------------------------------------------------------------------------
Update Information:
* fix arm build and FTBFS
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 16 2019 Pablo Greco <pablo(a)fliagreco.com.ar> - 5.4.16-9
- Use compat-libtidy-devel instead of libtidy
* Wed Mar 8 2017 Remi Collet <rcollet(a)redhat.com> - 5.4.16-8
- drop 1 failed test on arm
--------------------------------------------------------------------------------
================================================================================
php-zstd-0.7.3-1.el7 (FEDORA-EPEL-2019-81681ad69c)
Zstd extension for PHP
--------------------------------------------------------------------------------
Update Information:
This extension allows Zstd compression.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1702726 - Review Request: php-zstd - Zstd Extension for PHP
https://bugzilla.redhat.com/show_bug.cgi?id=1702726
--------------------------------------------------------------------------------
================================================================================
python36-3.6.8-1.el7 (FEDORA-EPEL-2019-d28d3135da)
Interpreter of the Python programming language
--------------------------------------------------------------------------------
Update Information:
- Latest upstream (rhbz#1688547, rhbz#1696472) - Fix for CVE-2019-5010
(rhbz#1666519, rhbz#1666523)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 19 2019 Carl George <carl(a)george.computer> - 3.6.8-1
- Latest upstream (rhbz#1688547, rhbz#1696472)
- Fix for CVE-2019-5010 (rhbz#1666519, rhbz#1666523)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1696472 - Update to Python 3.6.8
https://bugzilla.redhat.com/show_bug.cgi?id=1696472
[ 2 ] Bug #1688547 - CVE-2019-9636 python36: python: Information Disclosure due to
urlsplit improper NFKC normalization [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1688547
[ 3 ] Bug #1666523 - CVE-2019-5010 python36: python: NULL pointer dereference using a
specially crafted X509 certificate [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1666523
[ 4 ] Bug #1664517 - CVE-2018-20406 python36: python: Integer overflow in
Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1664517
[ 5 ] Bug #1632093 - CVE-2018-14647 python36: python: Missing salt initialization in
_elementtree.c module [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1632093
--------------------------------------------------------------------------------
================================================================================
yubikey-manager-2.1.0-3.el7 (FEDORA-EPEL-2019-a14b025d8e)
Python library and command line tool for configuring a YubiKey
--------------------------------------------------------------------------------
Update Information:
- Add requires on setuptools - Change requires from u2f-host to u2f-hidraw-
policy ---- Command line tool for configuring a YubiKey.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1540774 - Update to 0.5.0, support EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1540774
--------------------------------------------------------------------------------