[EPEL-devel] Fedora EPEL 7 updates-testing report

updates Fri, 02 Oct 2020 19:15:49 -0700

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ea01d505c9   
pdns-4.1.14-1.el7
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a37e7c643e   
xawtv-3.107-1.el7
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-98b234afda   
libuv-1.40.0-1.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-bd6a96cd24   
python34-3.4.10-7.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9eaf8d2e11   
prosody-0.11.7-1.el7



The following builds have been pushed to Fedora EPEL 7 updates-testing

    python3-urllib3-1.25.6-2.el7
    qpid-proton-0.32.0-2.el7
    rubygem-kramdown-1.9.0-2.el7

Details about builds:


================================================================================
 python3-urllib3-1.25.6-2.el7 (FEDORA-EPEL-2020-1eeb530261)
 Python 3 HTTP library with thread-safe connection pooling and file post
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2020-26137: CRLF injection via HTTP request method
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  2 2020 Orion Poplawski <or...@nwra.com> - 1.25.6-2
- Rebase upstream fix for CVE-2020-26137 (bz#1883870)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1883632 - CVE-2020-26137 python-urllib3: CRLF injection via HTTP 
request method
        https://bugzilla.redhat.com/show_bug.cgi?id=1883632
--------------------------------------------------------------------------------


================================================================================
 qpid-proton-0.32.0-2.el7 (FEDORA-EPEL-2020-2bc997ea1c)
 A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:

Added a fix to build c/cpp examples.  ----  Rebased to 0.32.0.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  2 2020 Irina Boverman <ibove...@redhat.com> - 0.32.0-2
- Added temp fix to allow building c/cpp examples
* Thu Sep 24 2020 Irina Boverman <ibove...@redhat.com> - 0.32.0-1
- Rebased to 0.32.0
--------------------------------------------------------------------------------


================================================================================
 rubygem-kramdown-1.9.0-2.el7 (FEDORA-EPEL-2020-50425dd33f)
 Fast, pure-Ruby Markdown-superset converter
--------------------------------------------------------------------------------
Update Information:

Backport fixes for CVE-2020-14001
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  2 2020 Mamoru TASAKA <mtas...@fedoraproject.org> - 1.9.0-2
- Backport upstream patch for CVE-2020-14001 (bug 1858395)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1858415 - CVE-2020-14001 rubygem-kramdown: processing template 
options inside documents allows unintended read access or embedded Ruby code 
execution [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1858415
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org

[EPEL-devel] Fedora EPEL 7 updates-testing report

Reply via email to