The following Fedora EPEL 7 Security updates need testing: Age URL 51 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3621/php-Smarty-3.1.21-1.el7 36 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutils-2.23.88.0.1-2.el7.1 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4409/erlang-R16B-03.10.el7 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4463/llvm-3.4.2-3.el7 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4456/php-horde-kronolith-4.2.4-1.el7 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4445/pyxdg-0.25-5.el7 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4491/pwgen-2.07-1.el7 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4536/firebird-2.5.3.26778.0-2.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4765/unrtf-0.21.7-1.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4757/mingw-jasper-1.900.1-25.el7 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4759/rabbitmq-server-3.3.5-4.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing devilspie2-0.38-2.el7 libbs2b-3.1.0-13.el7 mingw-jasper-1.900.1-25.el7 mkvtoolnix-7.4.0-1.el7 myproxy-6.1.10-1.el7 perl-Class-Mix-0.005-10.el7 perl-Crypt-Eksblowfish-0.009-11.el7 perl-Net-Whois-Raw-2.76-1.el7 python-flask-babel-0.9-2.el7 python-flask-sqlalchemy-2.0-2.el7 python-mutagen-1.27-1.el7 python-pip-1.5.6-5.el7 python-sphinxcontrib-napoleon-0.2.8-2.el7 rabbitmq-server-3.3.5-4.el7 spice-html5-0.1.5-1.el7 unrtf-0.21.7-1.el7 Details about builds: ================================================================================ devilspie2-0.38-2.el7 (FEDORA-EPEL-2014-4760) A window-matching utility -------------------------------------------------------------------------------- Update Information: Initial release. -------------------------------------------------------------------------------- ================================================================================ libbs2b-3.1.0-13.el7 (FEDORA-EPEL-2014-4762) Bauer stereophonic-to-binaural DSP library -------------------------------------------------------------------------------- Update Information: Branched for RHEL7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1123679 - Please Branch libbs2b for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1123679 -------------------------------------------------------------------------------- ================================================================================ mingw-jasper-1.900.1-25.el7 (FEDORA-EPEL-2014-4757) MinGW Windows Jasper library -------------------------------------------------------------------------------- Update Information: * Fixes for CVE-2014-8137 and CVE-2014-8138\r\n\r\n* Bring package up to date with all CVE fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Michael Cronenworth <m...@cchtml.com> - 1.900.1-25 - Fixes for CVE-2014-8137 and CVE-2014-8138 * Sat Dec 13 2014 Michael Cronenworth <m...@cchtml.com> - 1.900.1-24 - Apply all native patches for CVEs * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.900.1-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.900.1-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012) https://bugzilla.redhat.com/show_bug.cgi?id=1173157 [ 2 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012) https://bugzilla.redhat.com/show_bug.cgi?id=1173162 -------------------------------------------------------------------------------- ================================================================================ mkvtoolnix-7.4.0-1.el7 (FEDORA-EPEL-2014-4774) Matroska container manipulation utilities -------------------------------------------------------------------------------- Update Information: First build for EPEL7, based on latest upstream release. -------------------------------------------------------------------------------- ================================================================================ myproxy-6.1.10-1.el7 (FEDORA-EPEL-2014-4775) Manage X.509 Public Key Infrastructure (PKI) security credentials -------------------------------------------------------------------------------- Update Information: MyProxy 6.1.10. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Mattias Ellert <mattias.ell...@fysast.uu.se> - 6.1.10-1 - Update to 6.1.10 - Drop patches myproxy-tls.patch and myproxy-liblink.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ perl-Class-Mix-0.005-10.el7 (FEDORA-EPEL-2014-4770) Dynamic class mixing -------------------------------------------------------------------------------- Update Information: Crypt::Eksblowfish:\r\n\r\nAn object of this type encapsulates a keyed instance of the Eksblowfish block cipher, ready to encrypt and decrypt.\r\n\r\n\r\nClass::Mix:\r\n\r\nThe mix_class function provided by this module dynamically generates 'anonymous' classes with specified inheritance. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175117 - Please package perl-Crypt-Eksblowfish into EL7 https://bugzilla.redhat.com/show_bug.cgi?id=1175117 -------------------------------------------------------------------------------- ================================================================================ perl-Crypt-Eksblowfish-0.009-11.el7 (FEDORA-EPEL-2014-4770) Eksblowfish block cipher -------------------------------------------------------------------------------- Update Information: Crypt::Eksblowfish:\r\n\r\nAn object of this type encapsulates a keyed instance of the Eksblowfish block cipher, ready to encrypt and decrypt.\r\n\r\n\r\nClass::Mix:\r\n\r\nThe mix_class function provided by this module dynamically generates 'anonymous' classes with specified inheritance. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175117 - Please package perl-Crypt-Eksblowfish into EL7 https://bugzilla.redhat.com/show_bug.cgi?id=1175117 -------------------------------------------------------------------------------- ================================================================================ perl-Net-Whois-Raw-2.76-1.el7 (FEDORA-EPEL-2014-4767) Get Whois information for domains -------------------------------------------------------------------------------- Update Information: Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166984 - Review Request: perl-Net-Whois-Raw - Get Whois information for domains https://bugzilla.redhat.com/show_bug.cgi?id=1166984 -------------------------------------------------------------------------------- ================================================================================ python-flask-babel-0.9-2.el7 (FEDORA-EPEL-2014-4756) Adds i18n/l10n support to Flask applications -------------------------------------------------------------------------------- Update Information: Build python-flask-babel in epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175391 - build python-flask-babel epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1175391 -------------------------------------------------------------------------------- ================================================================================ python-flask-sqlalchemy-2.0-2.el7 (FEDORA-EPEL-2014-4768) Adds SQLAlchemy support to Flask application -------------------------------------------------------------------------------- Update Information: First build of python-flask-sqlalchemy for epel7, latest current upstream release. -------------------------------------------------------------------------------- ================================================================================ python-mutagen-1.27-1.el7 (FEDORA-EPEL-2014-4755) Mutagen is a Python module to handle audio meta-data -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 15 2014 Michele Baldessari <mich...@acksyn.org> - 1.27-1 - New upstream release - Only use macro style for buildroot * Sun Nov 23 2014 Michele Baldessari <mich...@acksyn.org> - 1.26-1 - Fixed homepage and source URL - Set python2-devel as BR - Fix documentation building and shipping - Fix spelling errors in description -------------------------------------------------------------------------------- ================================================================================ python-pip-1.5.6-5.el7 (FEDORA-EPEL-2014-4771) A tool for installing and managing Python packages -------------------------------------------------------------------------------- Update Information: Update to pip 1.5.6. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Slavek Kabrda <bkab...@redhat.com> - 1.5.6-5 - Only enable tests on Fedora. * Mon Dec 1 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.6-4 - Add tests - Add patch skipping tests requiring Internet access * Tue Nov 18 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.6-3 - Added patch for local dos with predictable temp dictionary names (http://seclists.org/oss-sec/2014/q4/655) * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.5.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun May 25 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.6-1 - Update to 1.5.6 * Fri Apr 25 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.4-4 - Rebuild as wheel for Python 3.4 * Thu Apr 24 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.4-3 - Disable build_wheel * Thu Apr 24 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.4-2 - Rebuild as wheel for Python 3.4 * Mon Apr 7 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.4-1 - Updated to 1.5.4 * Mon Oct 14 2013 Tim Flink <tfl...@fedoraproject.org> - 1.4.1-1 - Removed patch for CVE 2013-2099 as it has been included in the upstream 1.4.1 release - Updated version to 1.4.1 * Sun Aug 4 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.3.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1174488 - update pip to 1.5.6 https://bugzilla.redhat.com/show_bug.cgi?id=1174488 -------------------------------------------------------------------------------- ================================================================================ python-sphinxcontrib-napoleon-0.2.8-2.el7 (FEDORA-EPEL-2014-4769) Sphinx napoleon extension -------------------------------------------------------------------------------- Update Information: Initial release. -------------------------------------------------------------------------------- ================================================================================ rabbitmq-server-3.3.5-4.el7 (FEDORA-EPEL-2014-4759) The RabbitMQ server -------------------------------------------------------------------------------- Update Information: Security fix for: insufficient 'X-Forwarded-For' header validation Rebase to 3.3.5 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 John Eckersberg <e...@redhat.com> - 3.3.5-4 - Fix insufficient 'X-Forwarded-For' header validation (RHBZ#1174872) * Tue Nov 18 2014 John Eckersberg <e...@redhat.com> - 3.3.5-3 - Add rabbitmq-plugins to default path (rhbz#1126680) * Thu Oct 30 2014 John Eckersberg <e...@redhat.com> - 3.3.5-2 - Add patch to allow guest login from non-loopback connections * Wed Aug 27 2014 John Eckersberg <jecke...@redhat.com> - 3.3.5-1 - Rebase to 3.3.5 from rawhide * Tue Jun 17 2014 John Eckersberg <jecke...@redhat.com> - 3.1.5-6.3 - Revert changes from 3.1.5-6.1 and 3.1.5-6.2 - Update service file to require epmd socket * Thu Jun 5 2014 John Eckersberg <jecke...@redhat.com> - 3.1.5-6.2 - Use forking daemon to prevent race (RHBZ#1104193 continued) * Thu Jun 5 2014 John Eckersberg <jecke...@redhat.com> - 3.1.5-6.1 - Temporarily comment out ExecStartPre/Post lines in service file (RHBZ#1104193) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1174872 - rabbitmq-server: insufficient 'X-Forwarded-For' header validation https://bugzilla.redhat.com/show_bug.cgi?id=1174872 -------------------------------------------------------------------------------- ================================================================================ spice-html5-0.1.5-1.el7 (FEDORA-EPEL-2014-4758) Pure Javascript SPICE client -------------------------------------------------------------------------------- Update Information: Initial update of spice-html5 for EPEL7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #910793 - Review Request: spice-html5 - Pure Javascript SPICE client https://bugzilla.redhat.com/show_bug.cgi?id=910793 -------------------------------------------------------------------------------- ================================================================================ unrtf-0.21.7-1.el7 (FEDORA-EPEL-2014-4765) RTF (Rich Text Format) to other formats converter -------------------------------------------------------------------------------- Update Information: Update to the latest upstream release. This fixes a couple of security problems. See also the [upstream changelog](http://hg.savannah.gnu.org/hgweb/unrtf/file/f5835113e0ed/ChangeLog). -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 0.21.7-1 - Upstream release 0.21.7 (RHBZ #1175241) * Wed Dec 10 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 0.21.6-2 - Drop NEWS file (upstream didn't ship this in 0.21.6) * Wed Dec 10 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 0.21.6-1 - Upstream release 0.21.6 (RHBZ #1172664) * Mon Aug 18 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.21.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.21.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun May 18 2014 Rahul Sundaram <sunda...@fedoraproject.org> - 0.21.5-2 - don't alter conf file location (rhbz#1060513) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1170233 - CVE-2014-9274 CVE-2014-9275 unrtf: out-of-bounds memory access vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1170233 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel