The following Fedora EPEL 7 Security updates need testing:
Age URL
601
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
343
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
341
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
50
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-7bc15e9271
coturn-4.5.1.1-3.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b23fa957bb
drupal7-ckeditor-1.19-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-16bf726581
php-robrichards-xmlseclibs1-1.4.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-2.9.6-3.el7
cc65-2.18-12.el7
chromium-80.0.3987.163-1.el7
firefox-pkcs11-loader-3.13.5-1.el7
php-phpseclib-2.0.27-1.el7
prosody-0.11.5-1.el7
python-iso3166-1.0.1-1.el7
python-jmespath-0.9.4-1.el7
python3-jinja2-2.11.1-1.el7
srt-1.2.3-2.el7
vifm-0.10.1-3.el7
webextension-token-signing-1.1.2-1.el7
Details about builds:
================================================================================
ansible-2.9.6-3.el7 (FEDORA-EPEL-2020-89cb0d7bbb)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
# Ansible * Add python3 subpackage. # python-jmespath * Update to 0.9.4. *
Add python3 subpackage.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 2.9.6-3
- Ship ansible-test in both (py2 and py3) variants
* Sun Apr 5 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 2.9.6-2
- Enable python3 subpackage
--------------------------------------------------------------------------------
================================================================================
cc65-2.18-12.el7 (FEDORA-EPEL-2020-85f63edcb8)
A free C compiler for 6502 based systems
--------------------------------------------------------------------------------
Update Information:
- Add several bugfix patches from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Bj��rn Esser <besser82(a)fedoraproject.org> - 2.18-12
- Add several bugfix patches from upstream
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.18-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Nov 20 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 2.18-10
- Add several bugfix patches from upstream
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.18-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
chromium-80.0.3987.163-1.el7 (FEDORA-EPEL-2020-181270fbae)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Bugfix release from Google for 80.0.3987.162. ---- Update to 80.0.3987.162.
Fixes the following CVEs: * CVE-2020-6450 * CVE-2020-6451 ��� CVE-2020-6452 ----
Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only
lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use
after free in media * CVE-2020-6425: Insufficient policy enforcement in
extensions. * CVE-2020-6426: Inappropriate implementation in V8 *
CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio
* CVE-2020-6429: Use after free in audio. * CVE-2019-20503: Out of bounds read
in usersctplib. * CVE-2020-6449: Use after free in audio
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 4 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.163-1
- update to 80.0.3987.163
* Wed Apr 1 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.162-1
- update to 80.0.3987.162
* Wed Mar 18 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.149-1
- update to 80.0.3987.149
* Thu Feb 27 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.132-1
- update to 80.0.3987.132
- disable C++17 changes (this means f32+ will no longer build, but it segfaulted
immediately)
* Thu Feb 27 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.122-1
- update to 80.0.3987.122
* Mon Feb 17 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.106-1
- update to 80.0.3987.106
* Wed Feb 5 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.87-1
- update to 80.0.3987.87
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
79.0.3945.130-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1815241 - CVE-2020-6424 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=1815241
[ 2 ] Bug #1815242 - CVE-2020-6425 chromium-browser: Insufficient policy enforcement in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1815242
[ 3 ] Bug #1815243 - CVE-2020-6426 chromium-browser: Inappropriate implementation in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1815243
[ 4 ] Bug #1815244 - CVE-2020-6427 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1815244
[ 5 ] Bug #1815245 - CVE-2020-6428 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1815245
[ 6 ] Bug #1815247 - CVE-2020-6429 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1815247
[ 7 ] Bug #1815248 - CVE-2020-6449 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1815248
[ 8 ] Bug #1815259 - CVE-2020-6422 chromium-browser: Use after free in WebGL
https://bugzilla.redhat.com/show_bug.cgi?id=1815259
[ 9 ] Bug #1820155 - CVE-2020-6450 chromium-browser: Use after free in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1820155
[ 10 ] Bug #1820156 - CVE-2020-6451 chromium-browser: Use after free in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1820156
[ 11 ] Bug #1820157 - CVE-2020-6452 chromium-browser: Heap buffer overflow in media
https://bugzilla.redhat.com/show_bug.cgi?id=1820157
--------------------------------------------------------------------------------
================================================================================
firefox-pkcs11-loader-3.13.5-1.el7 (FEDORA-EPEL-2020-c98e73d0f1)
Helper script for Firefox that sets up the browser for authentication with Estonian
ID-card
--------------------------------------------------------------------------------
Update Information:
- Upstream release 3.13.5: Create linux policy to install Firefox extension from
Mozilla Addon store
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Dmitri Smirnov <dmitri(a)smirnov.ee> 3.13.5-1
- Upstream release 3.13.5: Create linux policy to install Firefox extension from Mozilla
Addon store
--------------------------------------------------------------------------------
================================================================================
php-phpseclib-2.0.27-1.el7 (FEDORA-EPEL-2020-2221f62c60)
PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:
**Version 2.0.27** * SFTP: change the mode with a SETSTAT instead of MKDIR
(#1463) * SFTP: make it so extending SFTP class doesn't cause a segfault
(#1465) * Random::string didn't always return all the requested bytes (#1466)
---- **Version 2.0.26** * SFTP: another attempt at speeding up uploads
(#1455) * SSH2: try logging in with none as an auth method first (#1454) *
ASN1: fix for malformed ASN1 strings (#1456)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Remi Collet <remi(a)remirepo.net> - 2.0.27-1
- update to 2.0.27
* Mon Mar 23 2020 Remi Collet <remi(a)remirepo.net> - 2.0.26-1
- update to 2.0.26
--------------------------------------------------------------------------------
================================================================================
prosody-0.11.5-1.el7 (FEDORA-EPEL-2020-f06cb6499c)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.11.5 ============== This release mostly adds command line flags to
force foreground or background operation, which replaces and deprecates the
`daemonize` option in the config file. Fixes and improvements
---------------------- * prosody / mod_posix: Support for command-line flags
to override `daemonize` config option Minor changes ------------- *
mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484:
Websocket masks pong answer)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Robert Scheck <robert(a)fedoraproject.org> 0.11.5-1
- Upgrade to 0.11.5 (#1816855)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1816855 - prosody-0.11.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1816855
--------------------------------------------------------------------------------
================================================================================
python-iso3166-1.0.1-1.el7 (FEDORA-EPEL-2020-03ad609e02)
Self-contained ISO 3166-1 country definitions
--------------------------------------------------------------------------------
Update Information:
First import for EPEL
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-jmespath-0.9.4-1.el7 (FEDORA-EPEL-2020-89cb0d7bbb)
JSON Matching Expressions
--------------------------------------------------------------------------------
Update Information:
# Ansible * Add python3 subpackage. # python-jmespath * Update to 0.9.4. *
Add python3 subpackage.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 5 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 0.9.4-1
- Update to 0.9.4
- Add python3 subpackage
* Wed Jan 6 2016 Fabio Alessandro Locati <fabio(a)locati.cc> - 0.9.0-2
- Improve to set the Provides tag for EL6 too
--------------------------------------------------------------------------------
================================================================================
python3-jinja2-2.11.1-1.el7 (FEDORA-EPEL-2020-6eb178f109)
General purpose template engine
--------------------------------------------------------------------------------
Update Information:
Update to 2.11.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 2.11.1-1
- Update to 2.11.1
--------------------------------------------------------------------------------
================================================================================
srt-1.2.3-2.el7 (FEDORA-EPEL-2020-da484c111e)
Secure Reliable Transport protocol tools
--------------------------------------------------------------------------------
Update Information:
Introduce srt for epel7 Switch to gnutls by default
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
vifm-0.10.1-3.el7 (FEDORA-EPEL-2020-d4584d14eb)
File manager with curses interface, which provides Vi[m]-like environment
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1800234 - vifm: FTBFS in Fedora rawhide/f32
https://bugzilla.redhat.com/show_bug.cgi?id=1800234
--------------------------------------------------------------------------------
================================================================================
webextension-token-signing-1.1.2-1.el7 (FEDORA-EPEL-2020-098a916695)
Chrome and Firefox extension for signing with your eID on the web
--------------------------------------------------------------------------------
Update Information:
- Upstream release 1.1.2 - Create linux policy to install Firefox extension from
Mozilla Addon store - Add G2 Latvia card ATR
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Dmitri Smirnov <dmitri(a)smirnov.ee> - 1.1.2-1
- Upstream release 1.1.2
--------------------------------------------------------------------------------