The following Fedora EPEL 7 Security updates need testing:
Age URL
829 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
591 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
173 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
71 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
69 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4
tnef-1.4.14-1.el7
68 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-83ccfea1c9
yara-3.6.0-1.el7
15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30c96f21ef
mosquitto-1.4.12-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b316d2bb3b
ansible-2.3.1.0-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-340bb46b1d
capnproto-0.5.3.1-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aae1e22f1
lxc-1.0.10-2.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d9786818e4
python-nbxmpp-0.5.6-1.el7 gajim-0.16.8-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0f533bdb08
chromium-59.0.3071.86-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
RackTables-0.20.13-1.el7
chromium-59.0.3071.86-3.el7
collectl-4.2.0-1.el7
configsnap-0.12-2.el7
duplicity-0.7.13-1.el7
gajim-0.16.8-1.el7
golang-github-hashicorp-go-sockaddr-0-0.2.gitaf174a6.el7
nagios-4.3.2-3.el7
nrpe-3.1.1-1.el7
php-erusev-parsedown-1.6.2-2.el7
python-nbxmpp-0.5.6-1.el7
rubygem-async_sinatra-1.3.0-1.el7
Details about builds:
================================================================================
RackTables-0.20.13-1.el7 (FEDORA-EPEL-2017-f478b4ca39)
A data-center asset management system
--------------------------------------------------------------------------------
Update Information:
Rebase to v0.20.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450545 - RackTables-0.20.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450545
--------------------------------------------------------------------------------
================================================================================
chromium-59.0.3071.86-3.el7 (FEDORA-EPEL-2017-0f533bdb08)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Chromium 59. Add smaller logo files. Fix lots of security bugs: Security fix for
CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074,
CVE-2017-5075, CVE-2017-5086, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078,
CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083,
CVE-2017-5085
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1459037 - CVE-2017-5085 chromium-browser: inappropriate javascript
execution on webui pages
https://bugzilla.redhat.com/show_bug.cgi?id=1459037
[ 2 ] Bug #1459036 - CVE-2017-5083 chromium-browser: ui spoofing in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1459036
[ 3 ] Bug #1459035 - CVE-2017-5082 chromium-browser: insufficient hardening
in credit card editor
https://bugzilla.redhat.com/show_bug.cgi?id=1459035
[ 4 ] Bug #1459034 - CVE-2017-5081 chromium-browser: extension verification
bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1459034
[ 5 ] Bug #1459033 - CVE-2017-5080 chromium-browser: use after free in credit
card autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1459033
[ 6 ] Bug #1459032 - CVE-2017-5079 chromium-browser: ui spoofing in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1459032
[ 7 ] Bug #1459031 - CVE-2017-5078 chromium-browser: possible command
injection in mailto handling
https://bugzilla.redhat.com/show_bug.cgi?id=1459031
[ 8 ] Bug #1459030 - CVE-2017-5077 chromium-browser: heap buffer overflow in
skia
https://bugzilla.redhat.com/show_bug.cgi?id=1459030
[ 9 ] Bug #1459029 - CVE-2017-5076 chromium-browser: address spoofing in
omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1459029
[ 10 ] Bug #1459028 - CVE-2017-5086 chromium-browser: address spoofing in
omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1459028
[ 11 ] Bug #1459027 - CVE-2017-5075 chromium-browser: information leak in csp
reporting
https://bugzilla.redhat.com/show_bug.cgi?id=1459027
[ 12 ] Bug #1459025 - CVE-2017-5074 chromium-browser: use after free in apps
bluetooth
https://bugzilla.redhat.com/show_bug.cgi?id=1459025
[ 13 ] Bug #1459024 - CVE-2017-5073 chromium-browser: use after free in print
preview
https://bugzilla.redhat.com/show_bug.cgi?id=1459024
[ 14 ] Bug #1459023 - CVE-2017-5072 chromium-browser: address spoofing in
omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1459023
[ 15 ] Bug #1459022 - CVE-2017-5071 chromium-browser: out of bounds read in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1459022
[ 16 ] Bug #1459021 - CVE-2017-5070 chromium-browser: type confusion in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1459021
--------------------------------------------------------------------------------
================================================================================
collectl-4.2.0-1.el7 (FEDORA-EPEL-2017-be5da19ffb)
A utility to collect various Linux performance data
--------------------------------------------------------------------------------
Update Information:
- updated to 4.2.0 - http://collectl.sourceforge.net/Releases.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1460836 - collectl-4.2.0.src is available
https://bugzilla.redhat.com/show_bug.cgi?id=1460836
--------------------------------------------------------------------------------
================================================================================
configsnap-0.12-2.el7 (FEDORA-EPEL-2017-c70e657c65)
Record and compare system state
--------------------------------------------------------------------------------
Update Information:
Update to 0.12
--------------------------------------------------------------------------------
================================================================================
duplicity-0.7.13-1.el7 (FEDORA-EPEL-2017-b68be42958)
Encrypted bandwidth-efficient backup using rsync algorithm
--------------------------------------------------------------------------------
Update Information:
https://launchpad.net/duplicity/0.7-series/0.7.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1460834 - duplicity-0.7.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1460834
--------------------------------------------------------------------------------
================================================================================
gajim-0.16.8-1.el7 (FEDORA-EPEL-2017-d9786818e4)
Jabber client written in PyGTK
--------------------------------------------------------------------------------
Update Information:
Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat
invites * Fix encoding problems with newer GnuPG versions * Fix old messages
randomly reappearing in the chat window * Fix some problems with IBB
filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to
your own resources * Improve reliability of delivery recipes * Many minor
bugfixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456365 - CVE-2016-10376 gajim: XEP-0146 makes it possible to
extract plain-text from OTR sessions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1456365
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-sockaddr-0-0.2.gitaf174a6.el7
(FEDORA-EPEL-2017-915e1038c6)
IP Address/UNIX Socket convenience functions for Go
--------------------------------------------------------------------------------
Update Information:
Remove cyclic dep ---- First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410393 - Review Request: golang-github-hashicorp-go-sockaddr - IP
Address/UNIX Socket convenience functions for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1410393
--------------------------------------------------------------------------------
================================================================================
nagios-4.3.2-3.el7 (FEDORA-EPEL-2017-0f6d46ab05)
Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Update to latest in git ---- Updated from 4.3.1 maint to 4.3.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1005974 - nagios-4.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1005974
[ 2 ] Bug #1084934 - Unable to reload nagios under systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1084934
[ 3 ] Bug #1201849 - Support an environment file in the systemd unit file
https://bugzilla.redhat.com/show_bug.cgi?id=1201849
[ 4 ] Bug #1218320 - Install the Nagios checkresults directory with
group-writable permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1218320
[ 5 ] Bug #1426816 - Nagios RPM 4.2.4 forgot to reload systemd in postinstall
https://bugzilla.redhat.com/show_bug.cgi?id=1426816
[ 6 ] Bug #1428111 - Broken links in the View Trends and the View Histogram
menu
https://bugzilla.redhat.com/show_bug.cgi?id=1428111
--------------------------------------------------------------------------------
================================================================================
nrpe-3.1.1-1.el7 (FEDORA-EPEL-2017-f37341bbab)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.1 ---- Move to using original nirik nrpe service file for
systemd. It worked and the others dont ---- update to 3.1.0 ---- Fix npre
pid. Fix systemd ---- Update to 3.0.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #970997 - Allow multiple packets to be received
https://bugzilla.redhat.com/show_bug.cgi?id=970997
[ 2 ] Bug #1236081 - nrpe: /var/run/nrpe owner mismatch
https://bugzilla.redhat.com/show_bug.cgi?id=1236081
[ 3 ] Bug #1275870 - NRPE initscript does not read PID file when calling
status/killproc
https://bugzilla.redhat.com/show_bug.cgi?id=1275870
[ 4 ] Bug #1318773 - nrpe.service sets User/Group, prevents normal .cfg
user/group setting
https://bugzilla.redhat.com/show_bug.cgi?id=1318773
[ 5 ] Bug #1359858 - NRPE causes SELinux denials
https://bugzilla.redhat.com/show_bug.cgi?id=1359858
[ 6 ] Bug #1411705 - allowed_hosts doesn't work, if one of the hostnames
can't be resolved by dns
https://bugzilla.redhat.com/show_bug.cgi?id=1411705
[ 7 ] Bug #1412214 - NRPE systemd service file does not support reload command
https://bugzilla.redhat.com/show_bug.cgi?id=1412214
[ 8 ] Bug #1190708 - nrpe.service does not support reload for systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1190708
--------------------------------------------------------------------------------
================================================================================
php-erusev-parsedown-1.6.2-2.el7 (FEDORA-EPEL-2017-31c3d3bc90)
Markdown parser in PHP
--------------------------------------------------------------------------------
Update Information:
Markdown parser in PHP
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1458581 - Review Request: php-erusev-parsedown - Markdown parser
in PHP
https://bugzilla.redhat.com/show_bug.cgi?id=1458581
--------------------------------------------------------------------------------
================================================================================
python-nbxmpp-0.5.6-1.el7 (FEDORA-EPEL-2017-d9786818e4)
Python library for non-blocking use of Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat
invites * Fix encoding problems with newer GnuPG versions * Fix old messages
randomly reappearing in the chat window * Fix some problems with IBB
filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to
your own resources * Improve reliability of delivery recipes * Many minor
bugfixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456365 - CVE-2016-10376 gajim: XEP-0146 makes it possible to
extract plain-text from OTR sessions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1456365
--------------------------------------------------------------------------------
================================================================================
rubygem-async_sinatra-1.3.0-1.el7 (FEDORA-EPEL-2017-a10211b632)
A Sinatra plugin for running on async webservers
--------------------------------------------------------------------------------
Update Information:
Upstream release 1.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1454503 - rubygem-async_sinatra-1.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1454503
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
