The following Fedora EPEL 7 Security updates need testing:
Age URL
168
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binut...
52
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1087/dokuwiki-0-...
52
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0952/qpid-qmf-0....
35
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1421/quassel-0.1...
29
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1545/strongswan-...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5832/mingw-gnutl...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5973/mingw-libti...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5991/mingw-libgc...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5995/mingw-qt-4....
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5960/testdisk-7....
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5987/mingw-opens...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5994/mingw-qt5-q...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5971/mingw-curl-...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6006/dpkg-1.16.1...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6030/proftpd-1.3...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5937/wordpress-4...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6078/clamav-0.98...
The following builds have been pushed to Fedora EPEL 7 updates-testing
clamav-0.98.7-1.el7
epel-rpm-macros-7-1
json-0-4.20150410gitd7d0509.el7
mash-0.6.14-1.el7
opendmarc-1.3.1-13.el7
perl-Crypt-PBKDF2-0.150900-1.el7
spdlog-0-4.20150410git211ce99.el7
wildmagic5-5.13-9.el7
youtube-dl-2015.04.28-1.el7
Details about builds:
================================================================================
clamav-0.98.7-1.el7 (FEDORA-EPEL-2015-6078)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.98.7
=============
This release contains new scanning features and bug fixes.
- Improvements to PDF processing: decryption, escape sequence handling, and file
property collection.
- Scanning/analysis of additional Microsoft Office 2003 XML format.
- Fix infinite loop condition on crafted y0da cryptor file. Identified and patch
suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
- Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian
Andrzej Siewior. CVE-2015-2222.
- Fix false negatives on files within iso9660 containers. This issue was reported by
Minzhuan Gong.
- Fix a couple crashes on crafted upack packed file. Identified and patches supplied by
Sebastian Andrzej Siewior.
- Fix a crash during algorithmic detection on crafted PE file. Identified and patch
supplied by Sebastian Andrzej Siewior.
- Fix an infinite loop condition on a crafted "xz" archive file. This was
reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested
by John E. Krokes.
- Apply upstream patch for possible heap overflow in Henry Spencer's regex library.
CVE-2015-2305.
- Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian
Andrzej Siewior. CVE-2015-2170.
- Fix segfault scanning certain HTML files. Reported with sample by Kai Risku.
- Improve detections within xar/pkg files.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2015 Robert Scheck <robert(a)fedoraproject.org> - 0.98.7-1
- Upgrade to 0.98.7 and updated daily.cvd (#1217014)
* Tue Mar 10 2015 Adam Jackson <ajax(a)redhat.com> 0.98.6-2
- Drop sysvinit subpackages in F23+
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217206 - CVE-2015-2221: clamav Infinite loop condition on crafted y0da
cryptor file
https://bugzilla.redhat.com/show_bug.cgi?id=1217206
[ 2 ] Bug #1217207 - CVE-2015-2222 clamav: crash on crafted petite packed file
https://bugzilla.redhat.com/show_bug.cgi?id=1217207
[ 3 ] Bug #1217208 - CVE-2015-2668 clamav: Infinite loop condition on a crafted
"xz" archive file
https://bugzilla.redhat.com/show_bug.cgi?id=1217208
[ 4 ] Bug #1217209 - CVE-2015-2170: clamav: Crash in upx decoder with crafted file
https://bugzilla.redhat.com/show_bug.cgi?id=1217209
--------------------------------------------------------------------------------
================================================================================
epel-rpm-macros-7-1 (FEDORA-EPEL-2015-6085)
Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:
Initial version for epel.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217196 - Review Request: epel-rpm-macros - Extra Packages for Enterprise
Linux RPM macros
https://bugzilla.redhat.com/show_bug.cgi?id=1217196
--------------------------------------------------------------------------------
================================================================================
json-0-4.20150410gitd7d0509.el7 (FEDORA-EPEL-2015-6088)
JSON for Modern C++
--------------------------------------------------------------------------------
Update Information:
- don't build the base package
- remove a dot from the release tag
- corrected -devel subpackage description
- new json package
--------------------------------------------------------------------------------
================================================================================
mash-0.6.14-1.el7 (FEDORA-EPEL-2015-6084)
Koji buildsystem to yum repository converter
--------------------------------------------------------------------------------
Update Information:
blacklist php and httpd from being multilib rhbz#1217168 (dennis)
Make blacklist/whitelist into config values. based on patch from Ralph Bean in
rhbz#1082832 (dennis)
Pass the config object into the multilib method objects. (rbean)
Add configs for stg. (rbean)
update the mash configs for rawhide (dennis)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2015 Dennis Gilmore <dennis(a)ausil.us> - 0.6.14-1
- blacklist php and httpd from being multilib rhbz#1217168 (dennis)
- Make blacklist/whitelist into config values. based on patch from Ralph Bean
in rhbz#1082832 (dennis)
- Pass the config object into the multilib method objects. (rbean)
- Add configs for stg. (rbean)
- update the mash configs for rawhide (dennis)
* Tue Feb 10 2015 Dennis Gilmore <dennis(a)ausil.us> - 0.6.13-2
- add patch moving rawhide to f23
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217168 - httpd and php should not be multilib
https://bugzilla.redhat.com/show_bug.cgi?id=1217168
[ 2 ] Bug #1082832 - RFE: make whitelist and blacklist config options instead of hard
coded
https://bugzilla.redhat.com/show_bug.cgi?id=1082832
--------------------------------------------------------------------------------
================================================================================
opendmarc-1.3.1-13.el7 (FEDORA-EPEL-2015-6076)
A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and
library
--------------------------------------------------------------------------------
Update Information:
- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
- Added libspf2-devel to BuildRequires
- libspf2 support now provided for all branches
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2015 Steve Jenkins <steve(a)stevejenkins.com> - 1.3.1-13
- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
* Mon Apr 13 2015 Steve Jenkins <steve(a)stevejenkins.com> - 1.3.1-12
- Added libspf2-devel to BuildRequires
- libspf2 support now provided for all branches
* Thu Apr 9 2015 Steve Jenkins <steve(a)stevejenkins.com> - 1.3.1-11
- Added --with-libspf2 support for all branches except EL5
* Fri Apr 3 2015 Steve Jenkins <steve(a)stevejenkins.com> - 1.3.1-10
- policycoreutils now only required for EL5
* Mon Mar 30 2015 Steve Jenkins <steve(a)stevejenkins.com> - 1.3.1-9
- policycoreutils* now only required for Fedora and EL6+
- Added --with-sql-backend configure support
- Changed a few macros
* Sun Mar 29 2015 Steve Jenkins <steve(a)stevejenkins.com> - 1.3.1-8
- removed unecessary Requires packages
- moved libbsd back to BuildRequires
- removed unecessary %defattr
- added support for BSD and Sendmail in place of %doc
- Changed some opendmarc macro usages
* Sat Mar 28 2015 Steve Jenkins <steve(a)stevejenkins.com> - 1.3.1-7
- added (x86-64) to Requires where necessary
- added sendmail-milter to Requires
- moved libbsd from BuildRequires to Requires
- added policycoreutils and policycoreutils-python to Requires(post)
* Sat Mar 28 2015 Steve Jenkins <steve(a)stevejenkins.com> - 1.3.1-6
- Removed uneeded _pkgdocdir reference
* Fri Mar 27 2015 Steve Jenkins <steve(a)stevejenkins.com> - 1.3.1-5
- Combined systemd and SysV spec files using conditionals
- Set AuthservID configuration option to HOSTNAME by default
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication,
Reporting & Conformance (DMARC) milter and library
https://bugzilla.redhat.com/show_bug.cgi?id=905304
--------------------------------------------------------------------------------
================================================================================
perl-Crypt-PBKDF2-0.150900-1.el7 (FEDORA-EPEL-2015-6074)
PBKDF2 password hashing algorithm
--------------------------------------------------------------------------------
Update Information:
Upgrade to 0.150900. Bugfix
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2015 David Dick <ddick(a)cpan.org> - 0.150900-1
- Upgrade to 0.150900. Bugfix
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1207883 - perl-Crypt-PBKDF2-0.150900 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1207883
--------------------------------------------------------------------------------
================================================================================
spdlog-0-4.20150410git211ce99.el7 (FEDORA-EPEL-2015-6079)
Super fast C++ logging library
--------------------------------------------------------------------------------
Update Information:
- don't build the base package
- remove a dot from the release tag
- corrected -devel subpackage description
Import package
--------------------------------------------------------------------------------
================================================================================
wildmagic5-5.13-9.el7 (FEDORA-EPEL-2015-6077)
Wild Magic libraries
--------------------------------------------------------------------------------
Update Information:
- **New package**
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1211362 - Review Request: wildmagic5 - Wild Magic libraries
https://bugzilla.redhat.com/show_bug.cgi?id=1211362
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2015.04.28-1.el7 (FEDORA-EPEL-2015-6080)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to the latest release (#1210132)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2015 Matej Cepl <mcepl(a)redhat.com> - 2015.04.28-1
- Update to the latest release (#1210132)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1210132 - youtube-dl-2015.04.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1210132
--------------------------------------------------------------------------------