The following Fedora EPEL 7 Security updates need testing:
Age URL
765 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
505 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83bdeb2965
ansible-2.9.13-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0a324e529d
drupal7-7.72-1.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f9a066663b
mbedtls-2.7.17-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-25e525a9ca
seamonkey-2.53.4-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0f3f88c479
nginx-1.16.1-2.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-918ad695f6
proftpd-1.3.5e-10.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d968abb383
golang-1.15.2-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-92064b5b2b
singularity-3.6.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
libuv-1.39.0-1.el7
matio-1.5.18-1.el7
nordugrid-arc-5.4.4-4.el7
nordugrid-arc6-6.7.0-2.el7
root-6.22.02-2.el7
xrdcl-http-5.0.2-1.el7
xrootd-5.0.2-1.el7
xrootd-compat-4.12.4-1.el7
yadifa-2.3.10-1.el7
Details about builds:
================================================================================
libuv-1.39.0-1.el7 (FEDORA-EPEL-2020-6b04ee5c07)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
Update to Node.js 12.18.4 September 2020 security release -
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 8 2020 Stephen Gallagher <sgall...@redhat.com> - 1.39.0-1
- Update to 1.39.0
* Fri Jul 31 2020 Stephen Gallagher <sgall...@redhat.com> - 1.38.1-1
- Update to 1.38.1
- https://github.com/libuv/libuv/blob/v1.38.1/ChangeLog
* Tue Jul 28 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
1:1.38.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
matio-1.5.18-1.el7 (FEDORA-EPEL-2020-e621d9ff68)
Library for reading/writing Matlab MAT files
--------------------------------------------------------------------------------
Update Information:
1.5.18 https://github.com/tbeu/matio/releases/tag/v1.5.18
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Gwyn Ciesla <gw...@protonmail.com> - 1.5.18-1
- 1.5.18
* Tue Jul 28 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
1.5.17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1769546 - CVE-2019-17533 matio: improper null termination in
Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1769546
[ 2 ] Bug #1769548 - CVE-2019-17533 matio: improper null termination in
Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1769548
[ 3 ] Bug #1769550 - CVE-2019-17533 matio: improper null termination in
Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1769550
[ 4 ] Bug #1792008 - CVE-2019-20019 matio: excessive memory allocation in
Mat_VarRead5 in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792008
[ 5 ] Bug #1792009 - CVE-2019-20019 matio: excessive memory allocation in
Mat_VarRead5 in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792009
[ 6 ] Bug #1792295 - CVE-2019-20020 matio: stack-based buffer overflow in
ReadNextStructField in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792295
[ 7 ] Bug #1792296 - CVE-2019-20020 matio: stack-based buffer overflow in
ReadNextStructField in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792296
[ 8 ] Bug #1792301 - CVE-2019-20018 matio: stack-based buffer overflow in
ReadNextCell in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792301
[ 9 ] Bug #1792303 - CVE-2019-20018 matio: stack-based buffer overflow in
ReadNextCell in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792303
[ 10 ] Bug #1792333 - CVE-2019-20017 matio: stack-based buffer overflow in
Mat_VarReadNextInfo5 in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792333
[ 11 ] Bug #1792336 - CVE-2019-20017 matio: stack-based buffer overflow in
Mat_VarReadNextInfo5 in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792336
[ 12 ] Bug #1794726 - CVE-2019-20052 matio: memory leak in Mat_VarCalloc in
mat.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1794726
[ 13 ] Bug #1794727 - CVE-2019-20052 matio: memory leak in Mat_VarCalloc in
mat.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1794727
[ 14 ] Bug #1880167 - matio-1.5.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1880167
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-5.4.4-4.el7 (FEDORA-EPEL-2020-44ad46e846)
Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 28 2020 Mattias Ellert <mattias.ell...@physics.uu.se> - 5.4.4-4
- xrootd 5 compatibility
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc6-6.7.0-2.el7 (FEDORA-EPEL-2020-44ad46e846)
Advanced Resource Connector Middleware
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 28 2020 Mattias Ellert <mattias.ell...@physics.uu.se> - 6.7.0-2
- xrootd 5 compatibility
--------------------------------------------------------------------------------
================================================================================
root-6.22.02-2.el7 (FEDORA-EPEL-2020-44ad46e846)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 30 2020 Mattias Ellert <mattias.ell...@physics.uu.se> - 6.22.02-2
- Adapt to xrootd 5 (Fedora 33+, EPEL 7+)
- Don't build the old proof client (xproofd)
- Don't build the old NetX module
--------------------------------------------------------------------------------
================================================================================
xrdcl-http-5.0.2-1.el7 (FEDORA-EPEL-2020-44ad46e846)
HTTP client plug-in for XRootD
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 18 2020 Mattias Ellert <mattias.ell...@physics.uu.se> - 5.0.2-1
- Update to version 5.0.2
- Drop patches (accepted upstream or previously backported)
* Thu Aug 27 2020 Mattias Ellert <mattias.ell...@physics.uu.se> - 5.0.1-1
- Update to version 5.0.1
- Don't use versioned plugin names in configuration
- Backport plugin version change from git master
* Sat Aug 1 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
4.12.2-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
4.12.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xrootd-5.0.2-1.el7 (FEDORA-EPEL-2020-44ad46e846)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 18 2020 Mattias Ellert <mattias.ell...@physics.uu.se> - 1:5.0.2-1
- Update to version 5.0.2
- Drop patches (accepted upstream or previously backported)
- Obsolete xrdhttpvoms in xrootd-voms package
* Thu Aug 27 2020 Mattias Ellert <mattias.ell...@physics.uu.se> - 1:5.0.1-1
- Update to version 5.0.1
- Remove conditionals for building on EPEL 6
- Drop patches (accepted upstream or previously backported)
- Fix 32 bit compilation (format error)
- Fix compilation on ARM, PPC and S390X (char is unsigned)
--------------------------------------------------------------------------------
================================================================================
xrootd-compat-4.12.4-1.el7 (FEDORA-EPEL-2020-44ad46e846)
Extended ROOT file server - compat version 4
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
yadifa-2.3.10-1.el7 (FEDORA-EPEL-2020-77bf4fd2ff)
Lightweight authoritative Name Server with DNSSEC capabilities
--------------------------------------------------------------------------------
Update Information:
20200915: YADIFA 2.3.10 - Added an autogen.sh script, as we did for
YADIFA 2.4.x - Fixes an issue with IPv6 aliases. - Fixes an issue
that would happen when building with a gcc version 10 or above. - Fixes
an issue with FreeBSD aliases. - Fixes an issue with strncpy on FreeBSD.
- Fixes an issue with CNAME queries incorrectly answered with an error
code.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Denis Fateyev <de...@fateyev.com> - 2.3.10-1
- Update to 2.3.10 release
* Wed Jul 29 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
2.3.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Feb 28 2020 Denis Fateyev <de...@fateyev.com> - 2.3.9-4
- Add "legacy_common_support" build option
* Fri Jan 31 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
2.3.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sat Jul 27 2019 Fedora Release Engineering <rel...@fedoraproject.org> -
2.3.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1879172 - yadifa-2.3.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1879172
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
