The following Fedora EPEL 7 Security updates need testing: Age URL 331 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 94 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-418a480529 gsi-openssh-6.6.1p1-3.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fb26e5cd3c privoxy-3.0.23-3.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fca17abc84 p7zip-15.09-9.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-69b4d0e57c prosody-0.9.10-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5aba523f53 phpMyAdmin-4.4.15.4-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a65d7ed780 python-pymongo-2.5.2-4.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-638137e4de wordpress-4.4.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing copr-cli-1.47-1.el7 csmock-1.9.0-1.el7 cswrap-1.3.1-1.el7 diskimage-builder-1.9.0-2.el7 msgpuck-1.0.2-1.el7 pagure-1.0.1-1.el7 python-boto-2.39.0-1.el7 python-copr-1.65-1.el7 python-mwclient-0.8.0-2.el7 python-pymongo-2.5.2-4.el7 rabbitmq-server-3.3.5-16.el7 rubygem-arel-6.0.3-2.el7 rubygem-atomic-1.1.99-3.el7 rubygem-fakeweb-1.3.0-16.el7 rubygem-rails-observers-0.1.2-7.el7 sundials-2.6.2-15.el7 udiskie-1.4.7-1.el7 wordpress-4.4.2-1.el7 xlogin-0-0.1.20160114git97667d7.el7 Details about builds: ================================================================================ copr-cli-1.47-1.el7 (FEDORA-EPEL-2016-c11c38ade2) Command line interface for COPR -------------------------------------------------------------------------------- Update Information: Bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1261125 - Use requests-toolbelt to upload srpms https://bugzilla.redhat.com/show_bug.cgi?id=1261125 [ 2 ] Bug #1292033 - copr-cli ignores multiple package arguments if the first is a local file https://bugzilla.redhat.com/show_bug.cgi?id=1292033 [ 3 ] Bug #1298672 - copr-cli create raises TypeError https://bugzilla.redhat.com/show_bug.cgi?id=1298672 [ 4 ] Bug #1298674 - copr-cli build hangs during upload https://bugzilla.redhat.com/show_bug.cgi?id=1298674 [ 5 ] Bug #1302615 - UnboundLocalError: local variable 'bar' referenced before assignment when building from URLs https://bugzilla.redhat.com/show_bug.cgi?id=1302615 [ 6 ] Bug #1276105 - copr-cli 1.45 errors on el6 https://bugzilla.redhat.com/show_bug.cgi?id=1276105 [ 7 ] Bug #1299243 - RFE: New version of copr-cli (requires rebase of python-copr too) https://bugzilla.redhat.com/show_bug.cgi?id=1299243 -------------------------------------------------------------------------------- ================================================================================ csmock-1.9.0-1.el7 (FEDORA-EPEL-2016-986db304ef) A mock wrapper for Static Analysis tools -------------------------------------------------------------------------------- Update Information: update to latest upstream -------------------------------------------------------------------------------- ================================================================================ cswrap-1.3.1-1.el7 (FEDORA-EPEL-2016-986db304ef) Generic compiler wrapper -------------------------------------------------------------------------------- Update Information: update to latest upstream -------------------------------------------------------------------------------- ================================================================================ diskimage-builder-1.9.0-2.el7 (FEDORA-EPEL-2016-a827aadcfc) Image building tools for OpenStack -------------------------------------------------------------------------------- Update Information: Switch to requires_exclude_from for all elements. ---- Update to 1.9.0 (#1300434) ---- New upstream release 1.8.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300434 - diskimage-builder-1.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1300434 -------------------------------------------------------------------------------- ================================================================================ msgpuck-1.0.2-1.el7 (FEDORA-EPEL-2016-6066d67c0c) MsgPack binary serialization library in a self-contained header -------------------------------------------------------------------------------- Update Information: Review fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295217 - Review Request: msgpuck - a MsgPack serialization library in a self-contained header file https://bugzilla.redhat.com/show_bug.cgi?id=1295217 -------------------------------------------------------------------------------- ================================================================================ pagure-1.0.1-1.el7 (FEDORA-EPEL-2016-e2395a3f5c) A git-centered forge -------------------------------------------------------------------------------- Update Information: Updates to the latest version of pagure: 1.0.1 beware this is a very large update! -------------------------------------------------------------------------------- ================================================================================ python-boto-2.39.0-1.el7 (FEDORA-EPEL-2016-120cf6a8e1) A simple, lightweight interface to Amazon Web Services -------------------------------------------------------------------------------- Update Information: This update fixes several bugs and adds support for the new ap-northeast-2 AWS region. For more details, see the [full changelog](http://boto.cloudhackers.com/en/latest/releasenotes/v2.39.0.html) from upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300424 - Update python-boto to 2.39 https://bugzilla.redhat.com/show_bug.cgi?id=1300424 -------------------------------------------------------------------------------- ================================================================================ python-copr-1.65-1.el7 (FEDORA-EPEL-2016-c11c38ade2) Python interface for Copr -------------------------------------------------------------------------------- Update Information: Bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1261125 - Use requests-toolbelt to upload srpms https://bugzilla.redhat.com/show_bug.cgi?id=1261125 [ 2 ] Bug #1292033 - copr-cli ignores multiple package arguments if the first is a local file https://bugzilla.redhat.com/show_bug.cgi?id=1292033 [ 3 ] Bug #1298672 - copr-cli create raises TypeError https://bugzilla.redhat.com/show_bug.cgi?id=1298672 [ 4 ] Bug #1298674 - copr-cli build hangs during upload https://bugzilla.redhat.com/show_bug.cgi?id=1298674 [ 5 ] Bug #1302615 - UnboundLocalError: local variable 'bar' referenced before assignment when building from URLs https://bugzilla.redhat.com/show_bug.cgi?id=1302615 [ 6 ] Bug #1276105 - copr-cli 1.45 errors on el6 https://bugzilla.redhat.com/show_bug.cgi?id=1276105 [ 7 ] Bug #1299243 - RFE: New version of copr-cli (requires rebase of python-copr too) https://bugzilla.redhat.com/show_bug.cgi?id=1299243 -------------------------------------------------------------------------------- ================================================================================ python-mwclient-0.8.0-2.el7 (FEDORA-EPEL-2016-da7c871350) Mwclient is a client to the MediaWiki API -------------------------------------------------------------------------------- Update Information: This update provides the new release of python-mwclient. The major new feature in this release is Python 3 compatibility, so a python3-mwclient subpackage is added for Fedora releases (not yet for EPEL, as I'm waiting for the whole question of how we're going to do Python 3 on EPEL to be nailed down). python- mwclient is renamed to python2-mwclient, with appropriate Provides and Obsoletes. There is one minor backwards compatibility break; `Page.save()`'s behaviour has changed slightly, in that if you previously passed a section number to `Page.text()`, it will not be used for a subsequent `Page.save()` call. This change should not affect either of Fedora's packaged consumers (parley and python-wikitcms). More details on this and the other changes in the new release can be found in `RELEASE-NOTES.md`. -------------------------------------------------------------------------------- ================================================================================ python-pymongo-2.5.2-4.el7 (FEDORA-EPEL-2016-a65d7ed780) Python driver for MongoDB -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2013-2099, CVE-2013-7440 ---- Security fix for CVE-2013-2099, CVE-2013-7440 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1224999 - CVE-2013-7440 python: wildcard matching rules do not follow RFC 6125 https://bugzilla.redhat.com/show_bug.cgi?id=1224999 [ 2 ] Bug #963260 - CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns https://bugzilla.redhat.com/show_bug.cgi?id=963260 -------------------------------------------------------------------------------- ================================================================================ rabbitmq-server-3.3.5-16.el7 (FEDORA-EPEL-2016-91ea9cdd8a) The RabbitMQ server -------------------------------------------------------------------------------- Update Information: * Don't wait for slave stop messages forever -------------------------------------------------------------------------------- ================================================================================ rubygem-arel-6.0.3-2.el7 (FEDORA-EPEL-2016-d57bbf594b) Arel is a Relational Algebra for Ruby -------------------------------------------------------------------------------- Update Information: Updated for EPEL7 -------------------------------------------------------------------------------- ================================================================================ rubygem-atomic-1.1.99-3.el7 (FEDORA-EPEL-2016-4a8680554f) An atomic reference implementation for JRuby, Rubinius, and MRI -------------------------------------------------------------------------------- Update Information: Updated for EPEL7 -------------------------------------------------------------------------------- ================================================================================ rubygem-fakeweb-1.3.0-16.el7 (FEDORA-EPEL-2016-f97eb2affc) A tool for faking responses to HTTP requests -------------------------------------------------------------------------------- Update Information: Imported to EPEL -------------------------------------------------------------------------------- ================================================================================ rubygem-rails-observers-0.1.2-7.el7 (FEDORA-EPEL-2016-5cf1c13330) Rails observer (removed from core in Rails 4.0) -------------------------------------------------------------------------------- Update Information: Bringing package to EPEL7 -------------------------------------------------------------------------------- ================================================================================ sundials-2.6.2-15.el7 (FEDORA-EPEL-2016-15773dd3b8) Suite of nonlinear solvers -------------------------------------------------------------------------------- Update Information: - Built on EPEL6 - Fix OpenMPI compilers - MPICH libraries enabled - Cmake's MPI Fortran compiler test disabled - Included pkgconfig files for MPICH libraries -------------------------------------------------------------------------------- ================================================================================ udiskie-1.4.7-1.el7 (FEDORA-EPEL-2016-94cdd1ee09) Removable disk auto-mounter -------------------------------------------------------------------------------- Update Information: Update to latest upstream release, with associated fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1264657 - Missing Requires: libnotify https://bugzilla.redhat.com/show_bug.cgi?id=1264657 [ 2 ] Bug #1265867 - udiskie-1.4.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1265867 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.4.2-1.el7 (FEDORA-EPEL-2016-638137e4de) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.4.2 Security and Maintenance Release** WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar. Thank you to both reporters for practicing responsible disclosure. In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the [release notes](https://codex.wordpress.org/Version_4.4.2) or consult the [list of changes](https://core.trac.wordpress.org/query?milestone=4.4.2). -------------------------------------------------------------------------------- ================================================================================ xlogin-0-0.1.20160114git97667d7.el7 (FEDORA-EPEL-2016-39ef6d00d1) Automatic X login service for systemd -------------------------------------------------------------------------------- Update Information: initial package, rhbz#1298715 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1298715 - Review Request: xlogin - Automatic X login service for systemd https://bugzilla.redhat.com/show_bug.cgi?id=1298715 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/epel-devel@lists.fedoraproject.org