The following Fedora EPEL 7 Security updates need testing: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-352a65d3bc djvulibre-3.5.25.3-23.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-c44d955770 prosody-0.11.9-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-113abf45ca composer-1.10.22-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-4ab96a9920 wordpress-5.1.10-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-4b7c1b59f8 upx-3.96-9.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6cc996cdc4 opendmarc-1.4.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-969456590e rxvt-unicode-9.21-4.el7

The following builds have been pushed to Fedora EPEL 7 updates-testing

caribou0-0.4.21-26.el7 nnn-4.0-1.el7 python-productmd-1.33-1.el7 python3-lxml-4.2.5-4.el7

Details about builds:

================================================================================ caribou0-0.4.21-26.el7 (FEDORA-EPEL-2021-17f170d38c) A simplified in-place on-screen keyboard -------------------------------------------------------------------------------- Update Information:

caribou: configurable on screen keyboard crashes with scanning mod -------------------------------------------------------------------------------- ChangeLog:

* Mon May 24 2021 Pat Riehecky riehecky@fnal.gov - 0.4.21-26 - Patch to fix crash (rhbz 1962836) - sync up with Fedora sources -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1962836 - caribou: configurable on screen keyboard with scanning mode https://bugzilla.redhat.com/show_bug.cgi?id=1962836 --------------------------------------------------------------------------------

================================================================================ nnn-4.0-1.el7 (FEDORA-EPEL-2021-1384af4049) The missing terminal file browser for X -------------------------------------------------------------------------------- Update Information:

Update to 4.0 -------------------------------------------------------------------------------- ChangeLog:

* Mon May 24 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 4.0-1 - Update to 4.0 - Close: rhbz#1949285 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1949285 - nnn-4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1949285 --------------------------------------------------------------------------------

================================================================================ python-productmd-1.33-1.el7 (FEDORA-EPEL-2021-ec03eabb69) Library providing parsers for metadata related to OS installation -------------------------------------------------------------------------------- Update Information:

New upstream release with support for setting main variant in multivariant treeinfo files. -------------------------------------------------------------------------------- ChangeLog:

* Mon May 24 2021 Lubom��r Sedl���� lsedlar@redhat.com - 1.33-1 - New upstream release 1.33 * Fri Apr 16 2021 Lubom��r Sedl���� lsedlar@redhat.com - 1.32-1 - New upstream release * Mon Feb 8 2021 Lubom��r Sedl���� lsedlar@redhat.com - 1.31-1 - New upstream release * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 1.30-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ python3-lxml-4.2.5-4.el7 (FEDORA-EPEL-2021-0fec8057df) XML processing library combining libxml2/libxslt with the ElementTree API -------------------------------------------------------------------------------- Update Information:

- Add patch to fix mXSS due to the use of improper parser (#1901633) - Add patch to fix missing input sanitization for formaction HTML5 attributes that may lead to XSS (#1941534) -------------------------------------------------------------------------------- ChangeLog:

* Mon May 24 2021 Robert Scheck robert@fedoraproject.org - 4.2.5-4 - Add patch to fix mXSS due to the use of improper parser (#1901633) - Add patch to fix missing input sanitization for formaction HTML5 attributes that may lead to XSS (#1941534) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1901633 - CVE-2020-27783 python-lxml: mXSS due to the use of improper parser https://bugzilla.redhat.com/show_bug.cgi?id=1901633 [ 2 ] Bug #1941534 - CVE-2021-28957 python-lxml: missing input sanitization for formaction HTML5 attributes may lead to XSS https://bugzilla.redhat.com/show_bug.cgi?id=1941534 --------------------------------------------------------------------------------