Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

6 Apr 2020


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 601  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   condor-8.6.11-1.el7
 343  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80   python-gnupg-0.4.4-1.el7
 341  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b   bubblewrap-0.3.3-2.el7
  50  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6   python-waitress-1.4.3-1.el7
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-7bc15e9271   coturn-4.5.1.1-3.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b23fa957bb   drupal7-ckeditor-1.19-1.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-16bf726581   php-robrichards-xmlseclibs1-1.4.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-2.9.6-3.el7
    cc65-2.18-12.el7
    chromium-80.0.3987.163-1.el7
    firefox-pkcs11-loader-3.13.5-1.el7
    php-phpseclib-2.0.27-1.el7
    prosody-0.11.5-1.el7
    python-iso3166-1.0.1-1.el7
    python-jmespath-0.9.4-1.el7
    python3-jinja2-2.11.1-1.el7
    srt-1.2.3-2.el7
    vifm-0.10.1-3.el7
    webextension-token-signing-1.1.2-1.el7
Details about builds:
================================================================================
 ansible-2.9.6-3.el7 (FEDORA-EPEL-2020-89cb0d7bbb)
 SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
# Ansible  * Add python3 subpackage.  # python-jmespath  * Update to 0.9.4. *
Add python3 subpackage.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Igor Raits ignatenkobrain@fedoraproject.org - 2.9.6-3
- Ship ansible-test in both (py2 and py3) variants
* Sun Apr  5 2020 Igor Raits ignatenkobrain@fedoraproject.org - 2.9.6-2
- Enable python3 subpackage
--------------------------------------------------------------------------------
================================================================================
 cc65-2.18-12.el7 (FEDORA-EPEL-2020-85f63edcb8)
 A free C compiler for 6502 based systems
--------------------------------------------------------------------------------
Update Information:
- Add several bugfix patches from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Bj��rn Esser besser82@fedoraproject.org - 2.18-12
- Add several bugfix patches from upstream
* Tue Jan 28 2020 Fedora Release Engineering releng@fedoraproject.org - 2.18-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Nov 20 2019 Bj��rn Esser besser82@fedoraproject.org - 2.18-10
- Add several bugfix patches from upstream
* Wed Jul 24 2019 Fedora Release Engineering releng@fedoraproject.org - 2.18-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 chromium-80.0.3987.163-1.el7 (FEDORA-EPEL-2020-181270fbae)
 A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Bugfix release from Google for 80.0.3987.162.  ----  Update to 80.0.3987.162.
Fixes the following CVEs:  * CVE-2020-6450 * CVE-2020-6451 ��� CVE-2020-6452  ----
Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only
lists these CVEs:  * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use
after free in media * CVE-2020-6425: Insufficient policy enforcement in
extensions.  * CVE-2020-6426: Inappropriate implementation in V8 *
CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio
* CVE-2020-6429: Use after free in audio. * CVE-2019-20503: Out of bounds read
in usersctplib. * CVE-2020-6449: Use after free in audio
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr  4 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.163-1
- update to 80.0.3987.163
* Wed Apr  1 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.162-1
- update to 80.0.3987.162
* Wed Mar 18 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.149-1
- update to 80.0.3987.149
* Thu Feb 27 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.132-1
- update to 80.0.3987.132
- disable C++17 changes (this means f32+ will no longer build, but it segfaulted immediately)
* Thu Feb 27 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.122-1
- update to 80.0.3987.122
* Mon Feb 17 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.106-1
- update to 80.0.3987.106
* Wed Feb  5 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.87-1
- update to 80.0.3987.87
* Tue Jan 28 2020 Fedora Release Engineering releng@fedoraproject.org - 79.0.3945.130-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1815241 - CVE-2020-6424 chromium-browser: Use after free in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1815241
  [ 2 ] Bug #1815242 - CVE-2020-6425 chromium-browser: Insufficient policy enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1815242
  [ 3 ] Bug #1815243 - CVE-2020-6426 chromium-browser: Inappropriate implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1815243
  [ 4 ] Bug #1815244 - CVE-2020-6427 chromium-browser: Use after free in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1815244
  [ 5 ] Bug #1815245 - CVE-2020-6428 chromium-browser: Use after free in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1815245
  [ 6 ] Bug #1815247 - CVE-2020-6429 chromium-browser: Use after free in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1815247
  [ 7 ] Bug #1815248 - CVE-2020-6449 chromium-browser: Use after free in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1815248
  [ 8 ] Bug #1815259 - CVE-2020-6422 chromium-browser: Use after free in WebGL
        https://bugzilla.redhat.com/show_bug.cgi?id=1815259
  [ 9 ] Bug #1820155 - CVE-2020-6450 chromium-browser: Use after free in WebAudio
        https://bugzilla.redhat.com/show_bug.cgi?id=1820155
  [ 10 ] Bug #1820156 - CVE-2020-6451 chromium-browser: Use after free in WebAudio
        https://bugzilla.redhat.com/show_bug.cgi?id=1820156
  [ 11 ] Bug #1820157 - CVE-2020-6452 chromium-browser: Heap buffer overflow in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1820157
--------------------------------------------------------------------------------
================================================================================
 firefox-pkcs11-loader-3.13.5-1.el7 (FEDORA-EPEL-2020-c98e73d0f1)
 Helper script for Firefox that sets up the browser for authentication with Estonian ID-card
--------------------------------------------------------------------------------
Update Information:
- Upstream release 3.13.5: Create linux policy to install Firefox extension from
Mozilla Addon store
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Dmitri Smirnov dmitri@smirnov.ee 3.13.5-1
- Upstream release 3.13.5: Create linux policy to install Firefox extension from Mozilla Addon store
--------------------------------------------------------------------------------
================================================================================
 php-phpseclib-2.0.27-1.el7 (FEDORA-EPEL-2020-2221f62c60)
 PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:
**Version 2.0.27**  *    SFTP: change the mode with a SETSTAT instead of MKDIR
(#1463) *    SFTP: make it so extending SFTP class doesn't cause a segfault
(#1465) *    Random::string didn't always return all the requested bytes (#1466)
----  **Version 2.0.26**  *    SFTP: another attempt at speeding up uploads
(#1455) *    SSH2: try logging in with none as an auth method first (#1454) *
ASN1: fix for malformed ASN1 strings (#1456)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Remi Collet remi@remirepo.net - 2.0.27-1
- update to 2.0.27
* Mon Mar 23 2020 Remi Collet remi@remirepo.net - 2.0.26-1
- update to 2.0.26
--------------------------------------------------------------------------------
================================================================================
 prosody-0.11.5-1.el7 (FEDORA-EPEL-2020-f06cb6499c)
 Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.11.5 ==============  This release mostly adds command line flags to
force foreground or background operation, which replaces and deprecates the
`daemonize` option in the config file.  Fixes and improvements
----------------------    * prosody / mod_posix: Support for command-line flags
to override `daemonize` config option  Minor changes -------------    *
mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484:
Websocket masks pong answer)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Robert Scheck robert@fedoraproject.org 0.11.5-1
- Upgrade to 0.11.5 (#1816855)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1816855 - prosody-0.11.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1816855
--------------------------------------------------------------------------------
================================================================================
 python-iso3166-1.0.1-1.el7 (FEDORA-EPEL-2020-03ad609e02)
 Self-contained ISO 3166-1 country definitions
--------------------------------------------------------------------------------
Update Information:
First import for EPEL
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
 python-jmespath-0.9.4-1.el7 (FEDORA-EPEL-2020-89cb0d7bbb)
 JSON Matching Expressions
--------------------------------------------------------------------------------
Update Information:
# Ansible  * Add python3 subpackage.  # python-jmespath  * Update to 0.9.4. *
Add python3 subpackage.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr  5 2020 Igor Raits ignatenkobrain@fedoraproject.org - 0.9.4-1
- Update to 0.9.4
- Add python3 subpackage
* Wed Jan  6 2016 Fabio Alessandro Locati fabio@locati.cc - 0.9.0-2
- Improve to set the Provides tag for EL6 too
--------------------------------------------------------------------------------
================================================================================
 python3-jinja2-2.11.1-1.el7 (FEDORA-EPEL-2020-6eb178f109)
 General purpose template engine
--------------------------------------------------------------------------------
Update Information:
Update to 2.11.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Igor Raits ignatenkobrain@fedoraproject.org - 2.11.1-1
- Update to 2.11.1
--------------------------------------------------------------------------------
================================================================================
 srt-1.2.3-2.el7 (FEDORA-EPEL-2020-da484c111e)
 Secure Reliable Transport protocol tools
--------------------------------------------------------------------------------
Update Information:
Introduce srt for epel7 Switch to gnutls by default
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
 vifm-0.10.1-3.el7 (FEDORA-EPEL-2020-d4584d14eb)
 File manager with curses interface, which provides Vi[m]-like environment
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1800234 - vifm: FTBFS in Fedora rawhide/f32
        https://bugzilla.redhat.com/show_bug.cgi?id=1800234
--------------------------------------------------------------------------------
================================================================================
 webextension-token-signing-1.1.2-1.el7 (FEDORA-EPEL-2020-098a916695)
 Chrome and Firefox extension for signing with your eID on the web
--------------------------------------------------------------------------------
Update Information:
- Upstream release 1.1.2 - Create linux policy to install Firefox extension from
Mozilla Addon store - Add G2 Latvia card ATR
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Dmitri Smirnov dmitri@smirnov.ee - 1.1.2-1
- Upstream release 1.1.2
--------------------------------------------------------------------------------