[EPEL-devel] Fedora EPEL 7 updates-testing report

updates Thu, 18 Dec 2014 17:02:08 -0800

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
  51  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3621/php-Smarty-3.1.21-1.el7
  36  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutils-2.23.88.0.1-2.el7.1
  15  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4409/erlang-R16B-03.10.el7
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4463/llvm-3.4.2-3.el7
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4456/php-horde-kronolith-4.2.4-1.el7
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4445/pyxdg-0.25-5.el7
  12  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4491/pwgen-2.07-1.el7
   7  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4536/firebird-2.5.3.26778.0-2.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4765/unrtf-0.21.7-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4757/mingw-jasper-1.900.1-25.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4759/rabbitmq-server-3.3.5-4.el7



The following builds have been pushed to Fedora EPEL 7 updates-testing

    devilspie2-0.38-2.el7
    libbs2b-3.1.0-13.el7
    mingw-jasper-1.900.1-25.el7
    mkvtoolnix-7.4.0-1.el7
    myproxy-6.1.10-1.el7
    perl-Class-Mix-0.005-10.el7
    perl-Crypt-Eksblowfish-0.009-11.el7
    perl-Net-Whois-Raw-2.76-1.el7
    python-flask-babel-0.9-2.el7
    python-flask-sqlalchemy-2.0-2.el7
    python-mutagen-1.27-1.el7
    python-pip-1.5.6-5.el7
    python-sphinxcontrib-napoleon-0.2.8-2.el7
    rabbitmq-server-3.3.5-4.el7
    spice-html5-0.1.5-1.el7
    unrtf-0.21.7-1.el7

Details about builds:


================================================================================
 devilspie2-0.38-2.el7 (FEDORA-EPEL-2014-4760)
 A window-matching utility
--------------------------------------------------------------------------------
Update Information:

Initial release.
--------------------------------------------------------------------------------


================================================================================
 libbs2b-3.1.0-13.el7 (FEDORA-EPEL-2014-4762)
 Bauer stereophonic-to-binaural DSP library
--------------------------------------------------------------------------------
Update Information:

Branched for RHEL7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1123679 - Please Branch libbs2b for EPEL 7
        https://bugzilla.redhat.com/show_bug.cgi?id=1123679
--------------------------------------------------------------------------------


================================================================================
 mingw-jasper-1.900.1-25.el7 (FEDORA-EPEL-2014-4757)
 MinGW Windows Jasper library
--------------------------------------------------------------------------------
Update Information:

* Fixes for CVE-2014-8137 and CVE-2014-8138\r\n\r\n* Bring package up to date 
with all CVE fixes
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Michael Cronenworth <m...@cchtml.com> - 1.900.1-25
- Fixes for CVE-2014-8137 and CVE-2014-8138
* Sat Dec 13 2014 Michael Cronenworth <m...@cchtml.com> - 1.900.1-24
- Apply all native patches for CVEs
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.900.1-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug  3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.900.1-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in 
jas_iccattrval_destroy() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173157
  [ 2 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() 
(oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173162
--------------------------------------------------------------------------------


================================================================================
 mkvtoolnix-7.4.0-1.el7 (FEDORA-EPEL-2014-4774)
 Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:

First build for EPEL7, based on latest upstream release.
--------------------------------------------------------------------------------


================================================================================
 myproxy-6.1.10-1.el7 (FEDORA-EPEL-2014-4775)
 Manage X.509 Public Key Infrastructure (PKI) security credentials
--------------------------------------------------------------------------------
Update Information:

MyProxy 6.1.10.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Mattias Ellert <mattias.ell...@fysast.uu.se> - 6.1.10-1
- Update to 6.1.10
- Drop patches myproxy-tls.patch and myproxy-liblink.patch (fixed upstream)
--------------------------------------------------------------------------------


================================================================================
 perl-Class-Mix-0.005-10.el7 (FEDORA-EPEL-2014-4770)
 Dynamic class mixing
--------------------------------------------------------------------------------
Update Information:

Crypt::Eksblowfish:\r\n\r\nAn object of this type encapsulates a keyed instance 
of the Eksblowfish block cipher, ready to encrypt and 
decrypt.\r\n\r\n\r\nClass::Mix:\r\n\r\nThe mix_class function provided by this 
module dynamically generates 'anonymous' classes with specified inheritance.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175117 - Please package perl-Crypt-Eksblowfish into EL7
        https://bugzilla.redhat.com/show_bug.cgi?id=1175117
--------------------------------------------------------------------------------


================================================================================
 perl-Crypt-Eksblowfish-0.009-11.el7 (FEDORA-EPEL-2014-4770)
 Eksblowfish block cipher
--------------------------------------------------------------------------------
Update Information:

Crypt::Eksblowfish:\r\n\r\nAn object of this type encapsulates a keyed instance 
of the Eksblowfish block cipher, ready to encrypt and 
decrypt.\r\n\r\n\r\nClass::Mix:\r\n\r\nThe mix_class function provided by this 
module dynamically generates 'anonymous' classes with specified inheritance.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175117 - Please package perl-Crypt-Eksblowfish into EL7
        https://bugzilla.redhat.com/show_bug.cgi?id=1175117
--------------------------------------------------------------------------------


================================================================================
 perl-Net-Whois-Raw-2.76-1.el7 (FEDORA-EPEL-2014-4767)
 Get Whois information for domains
--------------------------------------------------------------------------------
Update Information:

Initial release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166984 - Review Request: perl-Net-Whois-Raw - Get Whois 
information for domains
        https://bugzilla.redhat.com/show_bug.cgi?id=1166984
--------------------------------------------------------------------------------


================================================================================
 python-flask-babel-0.9-2.el7 (FEDORA-EPEL-2014-4756)
 Adds i18n/l10n support to Flask applications
--------------------------------------------------------------------------------
Update Information:

Build python-flask-babel in epel7

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175391 - build python-flask-babel epel7
        https://bugzilla.redhat.com/show_bug.cgi?id=1175391
--------------------------------------------------------------------------------


================================================================================
 python-flask-sqlalchemy-2.0-2.el7 (FEDORA-EPEL-2014-4768)
 Adds SQLAlchemy support to Flask application
--------------------------------------------------------------------------------
Update Information:

First build of python-flask-sqlalchemy for epel7, latest current upstream 
release.
--------------------------------------------------------------------------------


================================================================================
 python-mutagen-1.27-1.el7 (FEDORA-EPEL-2014-4755)
 Mutagen is a Python module to handle audio meta-data
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 15 2014 Michele Baldessari <mich...@acksyn.org> - 1.27-1
- New upstream release
- Only use macro style for buildroot
* Sun Nov 23 2014 Michele Baldessari <mich...@acksyn.org> - 1.26-1
- Fixed homepage and source URL
- Set python2-devel as BR
- Fix documentation building and shipping
- Fix spelling errors in description
--------------------------------------------------------------------------------


================================================================================
 python-pip-1.5.6-5.el7 (FEDORA-EPEL-2014-4771)
 A tool for installing and managing Python packages
--------------------------------------------------------------------------------
Update Information:

Update to pip 1.5.6.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Slavek Kabrda <bkab...@redhat.com> - 1.5.6-5
- Only enable tests on Fedora.
* Mon Dec  1 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.6-4
- Add tests
- Add patch skipping tests requiring Internet access
* Tue Nov 18 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.6-3
- Added patch for local dos with predictable temp dictionary names
  (http://seclists.org/oss-sec/2014/q4/655)
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.5.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun May 25 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.6-1
- Update to 1.5.6
* Fri Apr 25 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.4-4
- Rebuild as wheel for Python 3.4
* Thu Apr 24 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.4-3
- Disable build_wheel
* Thu Apr 24 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.4-2
- Rebuild as wheel for Python 3.4
* Mon Apr  7 2014 Matej Stuchlik <mstuc...@redhat.com> - 1.5.4-1
- Updated to 1.5.4
* Mon Oct 14 2013 Tim Flink <tfl...@fedoraproject.org> - 1.4.1-1
- Removed patch for CVE 2013-2099 as it has been included in the upstream 1.4.1 
release
- Updated version to 1.4.1
* Sun Aug  4 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.3.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1174488 - update pip to 1.5.6
        https://bugzilla.redhat.com/show_bug.cgi?id=1174488
--------------------------------------------------------------------------------


================================================================================
 python-sphinxcontrib-napoleon-0.2.8-2.el7 (FEDORA-EPEL-2014-4769)
 Sphinx napoleon extension
--------------------------------------------------------------------------------
Update Information:

Initial release.
--------------------------------------------------------------------------------


================================================================================
 rabbitmq-server-3.3.5-4.el7 (FEDORA-EPEL-2014-4759)
 The RabbitMQ server
--------------------------------------------------------------------------------
Update Information:

Security fix for: insufficient 'X-Forwarded-For' header validation
Rebase to 3.3.5
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 John Eckersberg <e...@redhat.com> - 3.3.5-4
- Fix insufficient 'X-Forwarded-For' header validation (RHBZ#1174872)
* Tue Nov 18 2014 John Eckersberg <e...@redhat.com> - 3.3.5-3
- Add rabbitmq-plugins to default path (rhbz#1126680)
* Thu Oct 30 2014 John Eckersberg <e...@redhat.com> - 3.3.5-2
- Add patch to allow guest login from non-loopback connections
* Wed Aug 27 2014 John Eckersberg <jecke...@redhat.com> - 3.3.5-1
- Rebase to 3.3.5 from rawhide
* Tue Jun 17 2014 John Eckersberg <jecke...@redhat.com> - 3.1.5-6.3
- Revert changes from 3.1.5-6.1 and 3.1.5-6.2
- Update service file to require epmd socket
* Thu Jun  5 2014 John Eckersberg <jecke...@redhat.com> - 3.1.5-6.2
- Use forking daemon to prevent race (RHBZ#1104193 continued)
* Thu Jun  5 2014 John Eckersberg <jecke...@redhat.com> - 3.1.5-6.1
- Temporarily comment out ExecStartPre/Post lines in service file (RHBZ#1104193)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1174872 - rabbitmq-server: insufficient 'X-Forwarded-For' header 
validation
        https://bugzilla.redhat.com/show_bug.cgi?id=1174872
--------------------------------------------------------------------------------


================================================================================
 spice-html5-0.1.5-1.el7 (FEDORA-EPEL-2014-4758)
 Pure Javascript SPICE client
--------------------------------------------------------------------------------
Update Information:

Initial update of spice-html5 for EPEL7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #910793 - Review Request: spice-html5 - Pure Javascript SPICE client
        https://bugzilla.redhat.com/show_bug.cgi?id=910793
--------------------------------------------------------------------------------


================================================================================
 unrtf-0.21.7-1.el7 (FEDORA-EPEL-2014-4765)
 RTF (Rich Text Format) to other formats converter
--------------------------------------------------------------------------------
Update Information:

Update to the latest upstream release. This fixes a couple of security 
problems. See also the [upstream 
changelog](http://hg.savannah.gnu.org/hgweb/unrtf/file/f5835113e0ed/ChangeLog).
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 0.21.7-1
- Upstream release 0.21.7 (RHBZ #1175241)
* Wed Dec 10 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 0.21.6-2
- Drop NEWS file (upstream didn't ship this in 0.21.6)
* Wed Dec 10 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 0.21.6-1
- Upstream release 0.21.6 (RHBZ #1172664)
* Mon Aug 18 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 0.21.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 0.21.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun May 18 2014 Rahul Sundaram <sunda...@fedoraproject.org> - 0.21.5-2
- don't alter conf file location (rhbz#1060513)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1170233 - CVE-2014-9274 CVE-2014-9275 unrtf: out-of-bounds memory 
access vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=1170233
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

[EPEL-devel] Fedora EPEL 7 updates-testing report

Reply via email to