The following Fedora EPEL 7 Security updates need testing: Age URL 309 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 101 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-925e9374c9 python-pymongo-3.0.3-1.el7 71 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 35 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-f82c6fc04a p7zip-15.09-4.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-4181488d68 lighttpd-1.4.39-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-864da6c179 nghttp2-1.6.0-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e21e03e52f mono-2.10.8-9.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-3e181e41ca openvpn-2.3.10-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-039bf0137a salt-2015.5.8-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e04c714f9d gajim-0.16.5-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ec85678f0c nodejs-ws-1.0.1-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-dd35749dd3 wordpress-4.4.1-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-43613cf75a keepassx-0.4.4-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e34ffdd692 prosody-0.9.9-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-273a82f7db owncloud-8.0.10-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8da165e1bb mbedtls-2.2.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing dcap-2.47.10-1.el7 elementary-1.16.1-1.el7 erlang-R16B-03.12.el7 evas-generic-loaders-1.16.0-1.el7 mbedtls-2.2.1-1.el7 moodle-3.0.2-1.el7 ocserv-0.10.11-1.el7 owncloud-8.0.10-1.el7 perl-Date-Holidays-DE-1.7-1.el7 prosody-0.9.9-2.el7 python-fedora-0.7.1-2.el7 python-ivi-0.14.9-3.el7 python-jwt-1.4.0-2.el7 python-unittest2-1.1.0-4.el7 radicale-1.1.1-1.el7 rubygem-therubyracer-0.11.0-13.el7 Details about builds: ================================================================================ dcap-2.47.10-1.el7 (FEDORA-EPEL-2016-27b9e753cb) Client Tools for dCache -------------------------------------------------------------------------------- Update Information: New release with IPv6 fixes. -------------------------------------------------------------------------------- ================================================================================ elementary-1.16.1-1.el7 (FEDORA-EPEL-2016-a94e03f83a) Basic widget set that is easy to use based on EFL -------------------------------------------------------------------------------- Update Information: Initial port to epel7 -------------------------------------------------------------------------------- ================================================================================ erlang-R16B-03.12.el7 (FEDORA-EPEL-2016-3ba210f393) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: * Enable crash dump creation during a large distrubution error -------------------------------------------------------------------------------- ================================================================================ evas-generic-loaders-1.16.0-1.el7 (FEDORA-EPEL-2016-1fbb757afe) Set of generic loaders for Evas -------------------------------------------------------------------------------- Update Information: Initial port to epel7 -------------------------------------------------------------------------------- ================================================================================ mbedtls-2.2.1-1.el7 (FEDORA-EPEL-2016-8da165e1bb) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information: - Update to 2.2.1 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released ---- - Rebase mbedTLS to 2.2.0 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl.1.2.18-released -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297437 - mbedtls, polarssl: potential double free during certificate generation https://bugzilla.redhat.com/show_bug.cgi?id=1297437 -------------------------------------------------------------------------------- ================================================================================ moodle-3.0.2-1.el7 (FEDORA-EPEL-2016-551b68b67a) A Course Management System -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ ocserv-0.10.11-1.el7 (FEDORA-EPEL-2016-e0b981da6b) OpenConnect SSL VPN server -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ owncloud-8.0.10-1.el7 (FEDORA-EPEL-2016-273a82f7db) Private file sync and share server -------------------------------------------------------------------------------- Update Information: This update provides the new upstream patch release of ownCloud (7.0.12 for EPEL 6, 8.0.10 for all other distributions). It also adds a 'well-known' redirect for WebDAV (alongside the existing ones for CalDAV and CardDAV) - if you don't know what this is, don't worry. These are bugfix updates which include fixes for some security vulnerabilities rated 'low' and 'medium' by upstream. For full details on the changes, see the [upstream changelog](https://www.owncloud.org/changelog) and the security advisories: [OC- SA-2016-001](https://owncloud.org/security/advisory/?id=oc-sa-2016-001), [OC- SA-2016-002](https://owncloud.org/security/advisory/?id=oc-sa-2016-002), [OC- SA-2016-003](https://owncloud.org/security/advisory/?id=oc-sa-2016-003), [OC- SA-2016-004](https://owncloud.org/security/advisory/?id=oc-sa-2016-004). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297360 - CVE-2016-1500 owncloud: disclosure of files that begin with ".v" due to unchecked return value [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1297360 [ 2 ] Bug #1297354 - CVE-2016-1498 owncloud: reflected XSS in OCS provider discovery [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1297354 -------------------------------------------------------------------------------- ================================================================================ perl-Date-Holidays-DE-1.7-1.el7 (FEDORA-EPEL-2016-ee1305ce72) Perl module to determine German holidays -------------------------------------------------------------------------------- Update Information: Date::Holidays::DE v1.7 ======================= - Added reformation day as one-time common federal holiday in 2017 - Thanks to Christoph Biedl -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297365 - Upgrade perl-Date-Holidays-DE to 1.7 https://bugzilla.redhat.com/show_bug.cgi?id=1297365 -------------------------------------------------------------------------------- ================================================================================ prosody-0.9.9-2.el7 (FEDORA-EPEL-2016-e34ffdd692) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC: restrict_room_creation could prevent users from joining rooms (issue #458) * MUC: fix occasional dropping of iq stanzas sent privately between occupants * Fix a potential memory leak in mod_pep Additions --------- * Add http:list() command to telnet to view active HTTP services * Simplify IPv4/v6 address selection code for outgoing s2s * Add support for importing SCRAM hashes from ejabberd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use of weak PRNG in generation of dialback secrets https://bugzilla.redhat.com/show_bug.cgi?id=1296984 [ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files https://bugzilla.redhat.com/show_bug.cgi?id=1296983 -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.7.1-2.el7 (FEDORA-EPEL-2016-50448945cd) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: Fix a regression in the config parser. -------------------------------------------------------------------------------- ================================================================================ python-ivi-0.14.9-3.el7 (FEDORA-EPEL-2016-916a2ecad2) Python Interchangeable Virtual Instrument Library -------------------------------------------------------------------------------- Update Information: - New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294275 - Review Request: python-ivi - Python Interchangeable Virtual Instrument Library https://bugzilla.redhat.com/show_bug.cgi?id=1294275 -------------------------------------------------------------------------------- ================================================================================ python-jwt-1.4.0-2.el7 (FEDORA-EPEL-2016-8464f51438) JSON Web Token implementation in Python -------------------------------------------------------------------------------- Update Information: Initial build for epel7. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297170 - EPEL7 builds for python-jwt https://bugzilla.redhat.com/show_bug.cgi?id=1297170 -------------------------------------------------------------------------------- ================================================================================ python-unittest2-1.1.0-4.el7 (FEDORA-EPEL-2016-2bcdb58647) The new features in unittest backported to Python 2.4+ -------------------------------------------------------------------------------- Update Information: Fix tests building on EPEL-7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210244 - Please update to the latest unittest2 1.1.0 https://bugzilla.redhat.com/show_bug.cgi?id=1210244 -------------------------------------------------------------------------------- ================================================================================ radicale-1.1.1-1.el7 (FEDORA-EPEL-2015-8212) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information: Fix policycore-utils and python-pam dependencies on el6/el7/fc22, Switch conditionally back to python2 to support el6/el7 ---- fix policycore-utils and python-pam dependencies, switch conditionally back to python2 to support el6/el7 ---- Switch conditionally back to python2 to support el6/el7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296382 - Package not available in epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1296382 -------------------------------------------------------------------------------- ================================================================================ rubygem-therubyracer-0.11.0-13.el7 (FEDORA-EPEL-2016-a355fbef61) Embed the V8 Javascript interpreter into Ruby -------------------------------------------------------------------------------- Update Information: Add explicit Requires for rubygem-ref ---- Bring packge to EPEL7 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/epel-devel@lists.fedoraproject.org