The following Fedora EPEL 7 Security updates need testing:
Age URL
1060
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
823
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
405
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
302
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
134
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23
libmspack-0.6-0.1.alpha.el7
71
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece
nagios-4.3.4-5.el7
35
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b
monit-5.25.1-1.el7
21
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65
rootsh-1.5.3-17.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ce6223e559
GraphicsMagick-1.3.28-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9eb18da891
moodle-3.1.10-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c0d5d190b0
transmission-2.92-12.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-24ac4ff7df
knot-resolver-1.5.3-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-dd0bc449d7
konversation-1.5.1-4.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fb68becde7
w3m-0.5.3-36.git20180125.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
clamav-0.99.3-3.el7
composer-1.6.3-1.el7
fcitx-4.2.9.5-1.el7
fcitx-configtool-0.4.10-1.el7
fcitx-qt5-1.2.2-1.el7
libabigail-1.1-1.el7
php-composer-spdx-licenses-1.3.0-1.el7
proftpd-1.3.5e-4.el7
python-fedora-0.10.0-1.el7
tomcat-native-1.2.16-1.el7
Details about builds:
================================================================================
clamav-0.99.3-3.el7 (FEDORA-EPEL-2018-a19bc46b6c)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
- add systemctl daemon-reload (temporally) - Fix and organize systemd
scriptlets, clamd@.service missed systemd_preun_macro and had a wrong
systemd_postun_with_restart - Remove triggerin macros that aren't need it
anymore - Fix scriplet - Organize startup scriptlets - Exclude one file listed
twice
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1540100 - clamav-milter fails to restart after update
https://bugzilla.redhat.com/show_bug.cgi?id=1540100
--------------------------------------------------------------------------------
================================================================================
composer-1.6.3-1.el7 (FEDORA-EPEL-2018-9c09111eb9)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**composer/spdx-licenses 1.3.0**- 2018-01-31 * Added:
`SpdxLicenses::getLicenses` to get the whole list of methods. * Changed:
license identifiers are now case insensitive. ---- **composer 1.6.3** -
2018-01-31 * Fixed GitLab downloads failing in some edge cases * Fixed
ctrl-C handling during create-project * Fixed GitHub VCS repositories not
prompting for a token in some conditions * Fixed SPDX license identifiers
being case sensitive * Fixed and clarified a few dependency resolution error
reporting strings * Fixed SVN commit log fetching in verbose mode when using
private repositories
--------------------------------------------------------------------------------
================================================================================
fcitx-4.2.9.5-1.el7 (FEDORA-EPEL-2018-b44163c20b)
An input method framework
--------------------------------------------------------------------------------
Update Information:
Minor upstream update of Fcitx. Fcitx-configtool is included since it requires
4.2.9 version of Fcitx.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1473715 - fcitx-configtool requires a graphical configuration tool
https://bugzilla.redhat.com/show_bug.cgi?id=1473715
--------------------------------------------------------------------------------
================================================================================
fcitx-configtool-0.4.10-1.el7 (FEDORA-EPEL-2018-b44163c20b)
Gtk+-based configuring tools for Fcitx
--------------------------------------------------------------------------------
Update Information:
Minor upstream update of Fcitx. Fcitx-configtool is included since it requires
4.2.9 version of Fcitx.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1473715 - fcitx-configtool requires a graphical configuration tool
https://bugzilla.redhat.com/show_bug.cgi?id=1473715
--------------------------------------------------------------------------------
================================================================================
fcitx-qt5-1.2.2-1.el7 (FEDORA-EPEL-2018-b44163c20b)
Fcitx IM module for Qt5
--------------------------------------------------------------------------------
Update Information:
Minor upstream update of Fcitx. Fcitx-configtool is included since it requires
4.2.9 version of Fcitx.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1473715 - fcitx-configtool requires a graphical configuration tool
https://bugzilla.redhat.com/show_bug.cgi?id=1473715
--------------------------------------------------------------------------------
================================================================================
libabigail-1.1-1.el7 (FEDORA-EPEL-2018-7ea892fb14)
Set of ABI analysis tools
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1532670 - in compare_dies at: abg-dwarf-reader.cc:11423
https://bugzilla.redhat.com/show_bug.cgi?id=1532670
--------------------------------------------------------------------------------
================================================================================
php-composer-spdx-licenses-1.3.0-1.el7 (FEDORA-EPEL-2018-9c09111eb9)
SPDX licenses list and validation library
--------------------------------------------------------------------------------
Update Information:
**composer/spdx-licenses 1.3.0**- 2018-01-31 * Added:
`SpdxLicenses::getLicenses` to get the whole list of methods. * Changed:
license identifiers are now case insensitive. ---- **composer 1.6.3** -
2018-01-31 * Fixed GitLab downloads failing in some edge cases * Fixed
ctrl-C handling during create-project * Fixed GitHub VCS repositories not
prompting for a token in some conditions * Fixed SPDX license identifiers
being case sensitive * Fixed and clarified a few dependency resolution error
reporting strings * Fixed SVN commit log fetching in verbose mode when using
private repositories
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.5e-4.el7 (FEDORA-EPEL-2018-cbd4882644)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update includes a backport of the `InsecureHostKeyPerms` `SFTPOption` from
upstream version 1.3.6, which allows ProFTPD's `mod_sftp` to share group-
readable host keys with `sshd`. To use this feature, add `SFTPOptions
InsecureHostKeyPerms` to the ProFTPD configuration file before any `SFTPHostKey`
lines.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1522998 - proftpd is overly strict about SFTPHostKey permisions
https://bugzilla.redhat.com/show_bug.cgi?id=1522998
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.10.0-1.el7 (FEDORA-EPEL-2018-f0ad30b79f)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
Rebase to upstream 0.10.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1481210 - spec file points to URL:
https://fedorahosted.org/python-fedora/
https://bugzilla.redhat.com/show_bug.cgi?id=1481210
[ 2 ] Bug #1540970 - python-fedora-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1540970
--------------------------------------------------------------------------------
================================================================================
tomcat-native-1.2.16-1.el7 (FEDORA-EPEL-2018-18ea640f19)
Tomcat native library
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-15698
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1540824 - CVE-2017-15698 tomcat-native: Mishandling of client certificates
can allow for OCSP check bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1540824
--------------------------------------------------------------------------------