The following Fedora EPEL 7 Security updates need testing: Age URL 308 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3989 cross-binutils-2.23.88.0.1-2.el7.1 192 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 88 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6813 chicken-4.9.0.1-4.el7 34 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7613 zabbix20-2.0.15-1.el7 21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7800 python-django-1.6.11-3.el7 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7874 onionshare-0.7.1-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7909 pdns-3.4.6-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7960 php-doctrine-cache-1.4.2-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7962 php-doctrine-annotations-1.2.7-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7964 php-doctrine-doctrine-bundle-1.5.2-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8100 wordpress-4.3.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8113 php-ZendFramework2-2.4.8-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
argus-3.0.8-3.el7 caja-extensions-1.10.1-1.el7 cube-4.3.2-2.el7 dar-2.4.18-1.el7 davix-0.5.0-1.el7 future-0.15.2-2.el7 jnettop-0.13.0-16.el7 libmaxminddb-1.1.1-5.el7 mylvmbackup-0.16-1.el7 php-ZendFramework2-2.4.8-1.el7 php-pear-Mail-Mime-1.10.0-1.el7 pyrrd-0.1.0-1.el7 reposurgeon-3.29-1.el7 tomcat-native-1.1.33-1.el7 weechat-1.3-1.el7 wordpress-4.3.1-1.el7
Details about builds:
================================================================================ argus-3.0.8-3.el7 (FEDORA-EPEL-2015-8092) Network transaction audit tool -------------------------------------------------------------------------------- Update Information:
argus-3.0.8-3.el7 - Introduce new systemd-rpm macros in argus spec file, BZ 850029 - Missing argus client: ragraph, BZ 1152650 - Add cron.daily rotation of argus data file, BZ 1219565 - remove executable permission bits from argus.service, BZ 1252117 --------------------------------------------------------------------------------
================================================================================ caja-extensions-1.10.1-1.el7 (FEDORA-EPEL-2015-8099) Set of extensions for caja file manager -------------------------------------------------------------------------------- Update Information:
caja-extensions-1.10.1-1.fc21 - update to 1.10.1 release caja- extensions-1.10.1-1.fc22 - update to 1.10.1 release caja- extensions-1.10.1-1.el7 - update to 1.10.1 release caja- extensions-1.10.1-1.fc23 - update to 1.10.1 release - enable gajim sendto plugin --------------------------------------------------------------------------------
================================================================================ cube-4.3.2-2.el7 (FEDORA-EPEL-2015-8093) CUBE Uniform Behavioral Encoding generic presentation component -------------------------------------------------------------------------------- Update Information:
cube-4.3.2-2.fc22 - Make separate libs package (for scorep) - Don't BR Java stuff cube-4.3.2-2.el6 - Make separate libs package (for scorep) - Don't BR Java stuff cube-4.3.2-2.el7 - Make separate libs package (for scorep) - Don't BR Java stuff cube-4.3.2-2.fc23 - Make separate libs package (for scorep) - Don't BR Java stuff -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1240311 - Please make a libs package https://bugzilla.redhat.com/show_bug.cgi?id=1240311 --------------------------------------------------------------------------------
================================================================================ dar-2.4.18-1.el7 (FEDORA-EPEL-2015-8098) Software for making/restoring incremental CD/DVD backups -------------------------------------------------------------------------------- Update Information:
New upstream version dar-2.4.18-1.fc23 - New upstream version dar-2.4.18-1.el7 - new upstream version dar-2.4.18-1.el6 - new upstream version dar-2.4.18-1.el5 - new upstream version dar-2.4.18-1.fc22 - New upstream version dar-2.4.18-1.fc21 - new upstream version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1258281 - dar-2.4.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1258281 --------------------------------------------------------------------------------
================================================================================ davix-0.5.0-1.el7 (FEDORA-EPEL-2015-8085) Toolkit for Http-based file management -------------------------------------------------------------------------------- Update Information:
Update to davix 0.5.0, see release note for details --------------------------------------------------------------------------------
================================================================================ future-0.15.2-2.el7 (FEDORA-EPEL-2015-8089) Easy, clean, reliable Python 2/3 compatibility -------------------------------------------------------------------------------- Update Information:
New package. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1250884 - Review Request: future - Easy, clean, reliable Python 2/3 compatibility https://bugzilla.redhat.com/show_bug.cgi?id=1250884 --------------------------------------------------------------------------------
================================================================================ jnettop-0.13.0-16.el7 (FEDORA-EPEL-2015-8079) Network traffic tracker -------------------------------------------------------------------------------- Update Information:
Initial EPEL 7 release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1259307 - epel 7 version of jnettop https://bugzilla.redhat.com/show_bug.cgi?id=1259307 --------------------------------------------------------------------------------
================================================================================ libmaxminddb-1.1.1-5.el7 (FEDORA-EPEL-2015-8087) C library for the MaxMind DB file format -------------------------------------------------------------------------------- Update Information:
C library for the MaxMind DB file format -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1258874 - Review Request: libmaxminddb - C library for the MaxMind DB file format https://bugzilla.redhat.com/show_bug.cgi?id=1258874 --------------------------------------------------------------------------------
================================================================================ mylvmbackup-0.16-1.el7 (FEDORA-EPEL-2015-8081) Utility for creating MySQL backups via LVM snapshots -------------------------------------------------------------------------------- Update Information:
# Version 0.16 - SNMP support. - BUG#1351000: fixed crash when specifying both --help and $mail_report_on was set to 'always'. --------------------------------------------------------------------------------
================================================================================ php-ZendFramework2-2.4.8-1.el7 (FEDORA-EPEL-2015-8113) Zend Framework 2 -------------------------------------------------------------------------------- Update Information:
**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002). **Bug fixed** from upstream [Changelog](http://framework.zend.com/changelog/2.4.8) * validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 as non-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto- attaching NonEmpty validators in favor of explicit attachment * ensure fallback values work as per pre-2.4 behavior * update the InputFilterInterface::add() docblock to match implementations * Fix how missing optoinal fields are validated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26 * fix typos in aria attribute names of AbstractHelper * fixes the ContentType header to properly handle encoded parameter values * fixes the Sender header to allow mailbox addresses without TLDs * fixes parsing of messages that contain an initial blank line before headers * fixes the SetCookie header to allow multiline values (as they are always encoded * fixes DefaultRenderingStrategy errors due to controllers returning non-view model results --------------------------------------------------------------------------------
================================================================================ php-pear-Mail-Mime-1.10.0-1.el7 (FEDORA-EPEL-2015-8080) Classes to create MIME messages -------------------------------------------------------------------------------- Update Information:
Upstream Changelog: ** Version 1.10.0** * Add possibility to add externally created Mail_mimePart objects as attachments [alec] * Add possibility to set preamble text for multipart messages [alec] **Version 1.9.0** * Bug 20921: Make Mail_mimePart::encodeHeaderValue() a static method [alec] * Bug 20931: Really remove unset headers [alec] * Request 18772: Added methods for creating text/calendar messages [alec] * Drop PHP4 support, Fix warnings on PHP7 [alec] * Request 20564: Added possibility to unset headers [alec] * Request 20563: Added isMultipart() method [alec] * Request 20565: Accept also a file pointer in Mail_mimePart::encodeToFile(), Mail_mime::get() and Mail_mime::saveMessageBody() [alec] --------------------------------------------------------------------------------
================================================================================ pyrrd-0.1.0-1.el7 (FEDORA-EPEL-2015-8088) A Pure Python Wrapper for RRDTool -------------------------------------------------------------------------------- Update Information:
pyrrd-0.1.0-1.el7 - First build for EPEL -------------------------------------------------------------------------------- References:
[ 1 ] Bug #494238 - Review Request: pyrrd - A Pure Python Wrapper for RRDTool https://bugzilla.redhat.com/show_bug.cgi?id=494238 --------------------------------------------------------------------------------
================================================================================ reposurgeon-3.29-1.el7 (FEDORA-EPEL-2015-8111) SCM Repository Manipulation Tool -------------------------------------------------------------------------------- Update Information:
# 3.29: 2015-09-02 * Now included: git aliases that allow git to work with action stamps. * **The new `repomapper` tool helps prepare contributor maps.** * Use of branchify/branchify_map is now less likely to produce invalid resets. * `branchify_map` has been changed to handle subdirectories better. `branchify_map reset` actually works now. * Prevent a crash on empty SVN comments produced by dumpfiltering. * `assign` command with no selection set or arguments lists assignments. * New `--user-ignores` option on Subversion reads passes through .gitignores. * `repotool initialize` now generates an easier-to-read conversion makefile (Fedora: Used to be conversion.mk in /usr/share/doc/reposurgeon). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1259536 - reposurgeon-3.29 is available https://bugzilla.redhat.com/show_bug.cgi?id=1259536 --------------------------------------------------------------------------------
================================================================================ tomcat-native-1.1.33-1.el7 (FEDORA-EPEL-2015-8078) Tomcat native library -------------------------------------------------------------------------------- Update Information:
Update to 1.1.33 --------------------------------------------------------------------------------
================================================================================ weechat-1.3-1.el7 (FEDORA-EPEL-2015-8077) Portable, fast, light and extensible IRC client -------------------------------------------------------------------------------- Update Information:
weechat-1.3-1.fc23 - new upstream version (#1254000) weechat-1.3-1.el7 - new upstream version (#1254000) weechat-1.3-1.fc22 - new upstream version (#1254000) weechat-1.3-1.fc21 - new upstream version (#1254000) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1254000 - weechat-1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1254000 --------------------------------------------------------------------------------
================================================================================ wordpress-4.3.1-1.el7 (FEDORA-EPEL-2015-8100) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
**WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. * WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. * A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. * Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the [release notes](https://codex.wordpress.org/Version_4.3.1) or consult the [list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st op_rev=33647). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=1263657 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org
-
updates@fedoraproject.org