The following Fedora EPEL 7 Security updates need testing: Age URL 338 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 100 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-69b4d0e57c prosody-0.9.10-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5aba523f53 phpMyAdmin-4.4.15.4-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a65d7ed780 python-pymongo-2.5.2-4.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-638137e4de wordpress-4.4.2-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c8f005b596 mingw-curl-7.47.0-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a140bf655b mingw-libpng-1.6.21-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6a9bb3d488 mingw-libxml2-2.9.3-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6d2a530b12 mingw-pcre-8.38-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2d8fa2e036 firebird-2.5.5.26952.0-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23f4cb12a2 php-horde-horde-5.2.9-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
firebird-2.5.5.26952.0-2.el7 freight-0.3.5-9.el7 libmediainfo-0.7.82-1.el7 mediainfo-0.7.82-1.el7 mingw-crt-4.0.4-3.el7 mingw-headers-4.0.4-5.el7 php-horde-Horde-Cache-2.5.2-1.el7 php-horde-Horde-Core-2.22.6-1.el7 php-horde-Horde-Crypt-2.7.0-1.el7 php-horde-Horde-Date-2.2.0-1.el7 php-horde-Horde-Db-2.3.1-1.el7 php-horde-Horde-Form-2.0.12-1.el7 php-horde-Horde-Http-2.1.6-1.el7 php-horde-Horde-Imap-Client-2.29.5-1.el7 php-horde-Horde-Mime-Viewer-2.1.2-1.el7 php-horde-Horde-Service-Weather-2.3.2-1.el7 php-horde-Horde-SyncMl-2.0.6-1.el7 php-horde-Horde-Timezone-1.0.10-1.el7 php-horde-Horde-Vfs-2.3.1-1.el7 php-horde-horde-5.2.9-1.el7 php-horde-imp-6.2.12-1.el7 php-horde-ingo-3.2.8-1.el7 php-horde-kronolith-4.2.13-1.el7 php-nette-deprecated-2.3.2-1.el7 python-binaryornot-0.4.0-2.el7 python-hypothesis-1.11.2-3.el7 rubygem-cookiejar-0.3.2-8.el7 rubygem-em-socksify-0.3.0-11.el7 rubygem-net-ping-1.7.7-2.el7 rubygem-plist-3.2.0-1.el7 sword-1.7.4-6.el7 tracer-0.6.7-2.el7 xiphos-4.0.4-3.el7
Details about builds:
================================================================================ firebird-2.5.5.26952.0-2.el7 (FEDORA-EPEL-2016-2d8fa2e036) SQL relational database management system -------------------------------------------------------------------------------- Update Information:
move fb_config (#1297506) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1297447 - CVE-2016-1569 firebird: authenticated remote crash by gbak invocation https://bugzilla.redhat.com/show_bug.cgi?id=1297447 --------------------------------------------------------------------------------
================================================================================ freight-0.3.5-9.el7 (FEDORA-EPEL-2016-e3fc9652cf) A modern take on the Debian archive -------------------------------------------------------------------------------- Update Information:
- Fix compatibility with apt 1.1 (Debian Stretch, Ubuntu Xenial) --------------------------------------------------------------------------------
================================================================================ libmediainfo-0.7.82-1.el7 (FEDORA-EPEL-2016-695ea1c57f) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information:
Update to 0.7.82. --------------------------------------------------------------------------------
================================================================================ mediainfo-0.7.82-1.el7 (FEDORA-EPEL-2016-695ea1c57f) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information:
Update to 0.7.82. --------------------------------------------------------------------------------
================================================================================ mingw-crt-4.0.4-3.el7 (FEDORA-EPEL-2016-2a2482c847) MinGW Windows cross-compiler runtime -------------------------------------------------------------------------------- Update Information:
Backported various commits which are required to build wine-gecko 2.44 --------------------------------------------------------------------------------
================================================================================ mingw-headers-4.0.4-5.el7 (FEDORA-EPEL-2016-2a2482c847) Win32/Win64 header files -------------------------------------------------------------------------------- Update Information:
Backported various commits which are required to build wine-gecko 2.44 --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Cache-2.5.2-1.el7 (FEDORA-EPEL-2016-75b5bcd323) Horde Caching API -------------------------------------------------------------------------------- Update Information:
**Horde_Cache 2.5.2** * [jan] Improve performance and memory consumption of garbage collection in File driver. * [jan] Fix garbage collection in File driver. * [jan] Fix caching issues within the same request in the Memcache driver. * [jan] Fix the Mongo driver's expire() if not using a logger. * [jan] Add unit tests. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Core-2.22.6-1.el7 (FEDORA-EPEL-2016-6d0474dbf9) Horde Core Framework libraries -------------------------------------------------------------------------------- Update Information:
**Horde_Core 2.22.6** * [mjr] Improvements to GHOSTED/SUPPORTED handling for ActiveSync. * [mjr] Do not throw a fatal error if a meeting request can not be deleted after responding to it. * [mjr] Changes for EAS 16.0 support. * [mjr] Honor the disabled property when rendering boolean form types. * [jan] Fix returning to last page after problem reporting from AJAX pages (Bug #12112). * [jan] Fix updating group cache with LDAP backend. * [jan] Horde_Registry_Nlsconfig#validLang() checks now if a locale is installed (Request #10457). * [jan] Mark PHP 7 as supported. * [jan] Add option to always lowercase user names after logging in. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Crypt-2.7.0-1.el7 (FEDORA-EPEL-2016-b121534f62) Horde Cryptography API -------------------------------------------------------------------------------- Update Information:
**Horde_Crypt 2.7.0** * [jan] Add Horde_Crypt_Pgp::pgpPacketInformationMultiple() and Horde_Crypt_Pgp_Backend_Binary::packetInfoMultiple() (Request #13190). * [jan] Fix retrieving PGP keys from the keyserver with certain HTTP client backends. * [jan] Fix creating PGP keys with comments (Bug #14125). * [jan] Mark PHP 7 as supported. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Date-2.2.0-1.el7 (FEDORA-EPEL-2016-644b8bf912) Horde Date package -------------------------------------------------------------------------------- Update Information:
**Horde_Date 2.2.0** * [mjr] Add Horde_Date_Recurrence::isEqual(). * [jan] Mark PHP 7 as supported. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Db-2.3.1-1.el7 (FEDORA-EPEL-2016-373b359e6e) Horde Database Libraries -------------------------------------------------------------------------------- Update Information:
**Horde_Db 2.3.1** * [jan] Bump earliest supported PostgreSQL version to 8.3. * [jan] Improve getting tables and indexes from PostgreSQL servers (Ivan Sergio Borgonovo). * [jan] Mark PHP 7 as supported. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Form-2.0.12-1.el7 (FEDORA-EPEL-2016-581de4be55) Horde Form API -------------------------------------------------------------------------------- Update Information:
**Horde_Form 2.0.12** * [jan] Fix field types being overwritten in certain cases. * [jan] Allow any empty format specifiers for the monthdayyear field (Bug #14130). * [jan] Mark PHP 7 as supported. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Http-2.1.6-1.el7 (FEDORA-EPEL-2016-a867aa1f97) Horde HTTP libraries -------------------------------------------------------------------------------- Update Information:
**Horde_Http 2.1.6** * [jan] Fix disabling SSL certificate hostname check (Thomas Jarosch Bug #12929). * [jan] Mark PHP 7 as supported. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Imap-Client-2.29.5-1.el7 (FEDORA-EPEL-2016-42dc0aebff) Horde IMAP abstraction interface -------------------------------------------------------------------------------- Update Information:
**Horde_Imap_Client 2.29.5** * [jan] Don't try LOGIN authentication over secure connections if explicitly disabled. * [jan] Mark PHP 7 as supported. * [jan] Improve Oracle compatibility. * [mjr] Fix fatal error during shutdown due to incorrect exception name. * [jan] Fix broken ID requests under certain circumstances. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Mime-Viewer-2.1.2-1.el7 (FEDORA-EPEL-2016-d6e1d29cdd) Horde MIME Viewer Library -------------------------------------------------------------------------------- Update Information:
**Horde_Mime_Viewer 2.1.2** * [jan] Add temp_dir configuration parameter to OpenOffice/LibreOffice viewer (Request #11756). * [jan] Mark PHP 7 as supported. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Service-Weather-2.3.2-1.el7 (FEDORA-EPEL-2016-cc7d8b2ae0) Horde Weather Provider -------------------------------------------------------------------------------- Update Information:
**Horde_Service_Weather 2.3.2** * [jan] Catch Horde_Date exceptions and try harder to provide dates for weather alerts. * [jan] Mark PHP 7 as supported. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-SyncMl-2.0.6-1.el7 (FEDORA-EPEL-2016-9968f93369) Horde_SyncMl provides an API for processing SyncML requests -------------------------------------------------------------------------------- Update Information:
**Horde_SyncMl 2.0.6** * [jan] Split large objects into multiple messages (thomas@trethan.net, Request #11071). * [jan] Remove workarounds for ancient Synthesis clients (Bug #10942). * [jan] Mark PHP 7 as supported. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Timezone-1.0.10-1.el7 (FEDORA-EPEL-2016-5d4c596775) Timezone library -------------------------------------------------------------------------------- Update Information:
**Horde_Timezone 1.0.10** * [mjr] Fix generation of broken VTIMEZONE components for certain Rules (Bug #14221). * [jan] Mark PHP 7 as supported. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Vfs-2.3.1-1.el7 (FEDORA-EPEL-2016-dfb0f8b6d0) Virtual File System API -------------------------------------------------------------------------------- Update Information:
**Horde_Vfs 2.3.1** * [jan] Mark PHP 7 as supported. * small bugfix --------------------------------------------------------------------------------
================================================================================ php-horde-horde-5.2.9-1.el7 (FEDORA-EPEL-2016-23f4cb12a2) Horde Application Framework -------------------------------------------------------------------------------- Update Information:
**horde 5.2.9** * [jan] SECURITY: Fix XSS vulnerability in menu bar exposed by few applications (Bug #14213). * [jan] Add more detailed user DN settings to Kolab group configuration (Request #11737). * [jan] Fix returning to last page after problem reporting from AJAX pages (Bug #12112). * [jan] Fix custom database configuration for groups (Bug #11664). * [jan] Use access rules compatible with both Apache 2.2 and 2.4. * [mjr] Fix reporting results for non- select queries in administrative sql shell (Bug #14216). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1304397 - CVE-2016-2228 php-horde: reflected cross-site scripting https://bugzilla.redhat.com/show_bug.cgi?id=1304397 [ 2 ] Bug #1305597 - CVE-2015-8807 php-horde-Horde: Cross-site scripting in _renderVarInput_number https://bugzilla.redhat.com/show_bug.cgi?id=1305597 --------------------------------------------------------------------------------
================================================================================ php-horde-imp-6.2.12-1.el7 (FEDORA-EPEL-2016-9af08e2e42) A web based webmail system -------------------------------------------------------------------------------- Update Information:
**imp 6.2.12** * [jan] Don't strip PGP mime parts when saving sent messages (Bug #14233). * [jan] Fix retrieving public PGP keys with certain HTTP client backends. * [jan] Send MDNs from the correct identity (Bug #14034). * [jan] Fix autocompleter filtering if items exceed the maximum size (jsveiga@it.eng.br, Bug #13984). * [jan] Use access rules compatible with both Apache 2.2 and 2.4. * [jan] Allow to disable remote accounts by locking the preference. * [jan] Fix setting title with newmail count in IE11 and Edge (Bug #14189). * [jan] Fix wrapping of plain text converted from HTML MIME parts. --------------------------------------------------------------------------------
================================================================================ php-horde-ingo-3.2.8-1.el7 (FEDORA-EPEL-2016-460b51ea7f) An email filter rules manager -------------------------------------------------------------------------------- Update Information:
**Ingo 3.2.8** * [jan] Fix editing shared rulesets (Bug #12694). * [jan] Allow to edit permissions of another user's rules if that user assigned ownership. * [jan] Use access rules compatible with both Apache 2.2 and 2.4. * [jan] Fix variable name in vacation_addresses hook example. * [jan] Correctly save names of mailbox created from the rule form (Bug #14150). * [mjr] Fix invalid URLs in certain forms when cookies are disabled (Bug #14148). --------------------------------------------------------------------------------
================================================================================ php-horde-kronolith-4.2.13-1.el7 (FEDORA-EPEL-2016-5178df8ea9) A web based calendar -------------------------------------------------------------------------------- Update Information:
**Kronolith 4.2.13** * [mjr] Add missing EAS ghosted property support for all EAS versions. Prevents potential loss of event data during synchronization. **Kronolith 4.2.12** * [mjr] Fix missing truncated event description when using ActiveSync. * [jan] Fix week number in basic view if week starts on Sundays. * [mjr] Fix issue where new event could be created with exceptions from previously edited event. * [jan] Mark preferences only available in basic mode. * [jan] Use access rules compatible with both Apache 2.2 and 2.4. * [jan] Fix accidental deletion of events if importing recurring events without a UID attribute (Bug #14208). * [mjr] Honor confirm_delete preference in dynamic view (Bug #14188). * [mjr] Correctly deal with cancelled meetings via ActiveSync. * [mjr] Fix visibility of alarm titles when alarm is generated via CLI (Bug #14154). * [mjr] Fix display of embed code by adding the full url. --------------------------------------------------------------------------------
================================================================================ php-nette-deprecated-2.3.2-1.el7 (FEDORA-EPEL-2016-5163d91411) APIs and features removed from Nette Framework -------------------------------------------------------------------------------- Update Information:
APIs and features removed from Nette Framework. To use this library, you just have to add, in your project: require_once '/usr/share/php/Nette/Deprecated/autoload.php'; -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1277478 - Review Request: php-nette-deprecated - APIs and features removed from Nette Framework https://bugzilla.redhat.com/show_bug.cgi?id=1277478 --------------------------------------------------------------------------------
================================================================================ python-binaryornot-0.4.0-2.el7 (FEDORA-EPEL-2016-d302423db2) A pure Python package to check if a file is binary or text -------------------------------------------------------------------------------- Update Information:
Initial import of the package python-binaryornot -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1286119 - Review Request: python-binaryornot - A pure Python package to check if a file is binary or text https://bugzilla.redhat.com/show_bug.cgi?id=1286119 --------------------------------------------------------------------------------
================================================================================ python-hypothesis-1.11.2-3.el7 (FEDORA-EPEL-2016-044b4fda3e) A library for property based testing -------------------------------------------------------------------------------- Update Information:
First build of python-hypothesis for EPEL7 --------------------------------------------------------------------------------
================================================================================ rubygem-cookiejar-0.3.2-8.el7 (FEDORA-EPEL-2016-f20e99808e) Parsing and returning cookies in Ruby -------------------------------------------------------------------------------- Update Information:
Updates for EPEL7 --------------------------------------------------------------------------------
================================================================================ rubygem-em-socksify-0.3.0-11.el7 (FEDORA-EPEL-2016-15b90e6786) Transparent proxy support for any EventMachine protocol -------------------------------------------------------------------------------- Update Information:
Updated for EPEL7 --------------------------------------------------------------------------------
================================================================================ rubygem-net-ping-1.7.7-2.el7 (FEDORA-EPEL-2016-1fc522e0fa) A ping interface for Ruby -------------------------------------------------------------------------------- Update Information:
Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ rubygem-plist-3.2.0-1.el7 (FEDORA-EPEL-2016-6d72c8ecc4) All-purpose Property List manipulation library -------------------------------------------------------------------------------- Update Information:
initial spec file for branch epel 7 --------------------------------------------------------------------------------
================================================================================ sword-1.7.4-6.el7 (FEDORA-EPEL-2016-0cf47875b0) Free Bible Software Project -------------------------------------------------------------------------------- Update Information:
Backport 1.7.4 to EPEL -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1256490 - Package also Python, Perl and Java bindings https://bugzilla.redhat.com/show_bug.cgi?id=1256490 --------------------------------------------------------------------------------
================================================================================ tracer-0.6.7-2.el7 (FEDORA-EPEL-2016-d0a431ea5e) Finds outdated running applications in your system -------------------------------------------------------------------------------- Update Information:
New upstream release. - Recognize root user from -r or --root arguments; Fix #51 - Don't force root, rather catch exceptions; See #49 - Use non-zero exit codes to indicate various situations; See #46 - Fix unicode error from raw_input (RhBug:1279409) - Change distro name retrieval to try to read /etc /os-release first --------------------------------------------------------------------------------
================================================================================ xiphos-4.0.4-3.el7 (FEDORA-EPEL-2016-f6a8d40a18) Bible study and research tool -------------------------------------------------------------------------------- Update Information:
Exclude ppc64 from EPEL for lack of gtkhtml3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1214009 - Doesn���t build on ppc* for EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1214009 --------------------------------------------------------------------------------