The following Fedora EPEL 7 Security updates need testing: Age URL 671 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 412 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 410 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 120 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6 python-waitress-1.4.3-1.el7 60 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-19d171a465 python34-3.4.10-5.el7 18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-101619ac61 jq-1.6-2.el7 oniguruma-6.8.2-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-03f2097af0 pdns-recursor-4.1.16-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-dbca324350 nghttp2-1.33.0-1.1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-761bce8292 wordpress-5.1.6-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
apcupsd-3.14.14-18.el7 borgbackup-1.1.13-2.el7 perl-DBIx-Safe-1.2.5-37.el7 php-horde-horde-5.2.23-1.el7 root-6.20.06-1.el7 tcpreplay-4.3.3-1.el7
Details about builds:
================================================================================ apcupsd-3.14.14-18.el7 (FEDORA-EPEL-2020-79117a1f44) APC UPS Power Control Daemon -------------------------------------------------------------------------------- Update Information:
Replaced BuildRequires: gnome-vfs2 with BuildRequires: GConf2-devel -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 8 2020 Germano Massullo germano.massullo@gmail.com - 3.14.14-18 - Replaced BuildRequires: gnome-vfs2 with BuildRequires: GConf2-devel More infos at https://bugzilla.redhat.com/show_bug.cgi?id=1745727#c5 * Tue Jan 28 2020 Fedora Release Engineering releng@fedoraproject.org - 3.14.14-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Wed Jul 24 2019 Jason L Tibbitts III tibbs@math.uh.edu - 3.14.14-16 - Workaround change in RPM 4.15 which breaks the build. * Wed Jul 24 2019 Fedora Release Engineering releng@fedoraproject.org - 3.14.14-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 3.14.14-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Dec 3 2018 Jason L Tibbitts III tibbs@math.uh.edu - 3.14.14-13 - Fix broken zero-size icon. * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 3.14.14-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu May 17 2018 Jason L Tibbitts III tibbs@math.uh.edu - 3.14.14-11 - Add KillMode=process to the systemd unit. * Mon Mar 26 2018 Till Maas opensource@till.name - 3.14.14-10 - rebuilt to drop tcp_wrappers dependency https://bugzilla.redhat.com/show_bug.cgi?id=1518751 - remove tcp_wrappers support * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 3.14.14-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jan 25 2018 Jason L Tibbitts III tibbs@math.uh.edu - 3.14.14-8 - Use proper systemd dependencies. * Wed Aug 2 2017 Fedora Release Engineering releng@fedoraproject.org - 3.14.14-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering releng@fedoraproject.org - 3.14.14-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ borgbackup-1.1.13-2.el7 (FEDORA-EPEL-2020-2278c665bc) A deduplicating backup program with compression and authenticated encryption -------------------------------------------------------------------------------- Update Information:
update to new upstream release 1.1.13 (fixes memory leak during restore) -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 15 2020 Felix Schwarz fschwarz@fedoraproject.org - 1.1.13-2 - bump release to rebuild against newer libb2 * Sun Jun 7 2020 Felix Schwarz fschwarz@fedoraproject.org - 1.1.13-1 - update to 1.1.13 --------------------------------------------------------------------------------
================================================================================ perl-DBIx-Safe-1.2.5-37.el7 (FEDORA-EPEL-2020-05280f8511) Safer access to your database through a DBI database handle -------------------------------------------------------------------------------- Update Information:
update spec file -------------------------------------------------------------------------------- ChangeLog:
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.2.5-37 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 1.2.5-36 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri May 31 2019 Jitka Plesnikova jplesnik@redhat.com - 1.2.5-35 - Perl 5.30 rebuild * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 1.2.5-34 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.2.5-33 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Jun 29 2018 Jitka Plesnikova jplesnik@redhat.com - 1.2.5-32 - Perl 5.28 rebuild * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 1.2.5-31 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 1.2.5-30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Tue Jun 6 2017 Jitka Plesnikova jplesnik@redhat.com - 1.2.5-29 - Perl 5.26 rebuild * Sat Feb 11 2017 Fedora Release Engineering releng@fedoraproject.org - 1.2.5-28 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Mon May 16 2016 Jitka Plesnikova jplesnik@redhat.com - 1.2.5-27 - Perl 5.24 rebuild * Thu Feb 4 2016 Fedora Release Engineering releng@fedoraproject.org - 1.2.5-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ php-horde-horde-5.2.23-1.el7 (FEDORA-EPEL-2020-add380f567) Horde Application Framework -------------------------------------------------------------------------------- Update Information:
**horde 5.2.23** * [mjr] SECURITY: Fix javascript injection vulnerability in mobile login page. * [mjr] Fix broken cloud search in portal block. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 15 2020 Remi Collet remi@remirepo.net - 5.2.23-1 - update to 5.2.23 --------------------------------------------------------------------------------
================================================================================ root-6.20.06-1.el7 (FEDORA-EPEL-2020-5cd88a7b70) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information:
root 6.20.06 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 11 2020 Mattias Ellert mattias.ellert@physics.uu.se - 6.20.06-1 - Update to 6.20.06 - Fix test failure on ppc64le and aarch64 * Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 6.20.04-3 - Rebuilt for Python 3.9 * Fri Apr 10 2020 Mattias Ellert mattias.ellert@physics.uu.se - 6.20.04-2 - Replace BR qt5-devel with qt5-qtbase-devel --------------------------------------------------------------------------------
================================================================================ tcpreplay-4.3.3-1.el7 (FEDORA-EPEL-2020-a1eff3982c) Replay captured network traffic -------------------------------------------------------------------------------- Update Information:
This release contains bug fixes only (which includes security fixes): - Increase cache buffers size to accomodate VLAN edits (#594) - Correct L2 header length to correct IP header offset (#583) - Fix warnings from gcc version 10 (#580) - Heap Buffer Overflow in randomize_iparp (#579) - Use after free in get_ipv6_next (#578) - Heap Buffer Overflow in git_ipv6_next (#576) - Call pcap_freecode() on pcap_compile() (#572) - Increase max snaplen to 262144 (#571) - Fix divide by zero in fuzzing (#570) - Unique IP repeats at very high iteration counts (#566) - Fails to compile on FreeBSD amd64 13.0 (#558) - Heap Buffer Overflow in do_checksum (#556) (#577) - Attempt to correct corrupt pcap files, if possible (#557) - Fix GCC v10 warnings (#555) - Remove some duplicated SOURCES entries (#551) - Expand /dev/bpfX hard limit to fix macOS Mojave (#550) - Implement --loopdelay-ms when using --loop=0 (#546) - Heap overflow packet2tree and get_l2len (#530) -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 15 2020 Bojan Smojver <bojan@rexursive com> - 4.3.3-1 - bump up to 4.3.3 - CVE-2020-12740 * Fri Jan 31 2020 Fedora Release Engineering releng@fedoraproject.org - 4.3.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sat Jul 27 2019 Fedora Release Engineering releng@fedoraproject.org - 4.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1678246 - CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1678246 [ 2 ] Bug #1835343 - CVE-2020-12740 tcpreplay: Heap-based buffer over-read in function get_ipv6_next() at common/get.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1835343 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org