The following Fedora EPEL 7 Security updates need testing: Age URL 26 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a unrtf-0.21.9-8.el7 23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40 chromium-67.0.3396.79-1.el7 21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-15b7dc35af pass-1.7.2-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9d8de55465 drupal7-backup_migrate-3.5-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7926246d9d libgit2-0.26.4-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ccbe8e3c4d knot-resolver-2.4.0-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
guacamole-server-0.9.14-1.el7 libvncserver-0.9.9-0.12.el7 nekovm-2.2.0-5.el7 php-bartlett-php-compatinfo-db-1.33.0-1.el7 transifex-client-0.13.4-1.el7 wordpress-4.9.7-1.el7
Details about builds:
================================================================================ guacamole-server-0.9.14-1.el7 (FEDORA-EPEL-2018-6b0fdd8b40) Server-side native components that form the Guacamole proxy -------------------------------------------------------------------------------- Update Information:
Limited arch package libvncserver for ppc64 + latest Guacamole server. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jul 3 2018 Simone Caronni negativo17@gmail.com - 0.9.14-1 - Update to 0.9.14. - Update SPEC file. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1563305 - Please update guacamole to latest version https://bugzilla.redhat.com/show_bug.cgi?id=1563305 [ 2 ] Bug #1546859 - CVE-2018-7225 libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1546859 --------------------------------------------------------------------------------
================================================================================ libvncserver-0.9.9-0.12.el7 (FEDORA-EPEL-2018-6b0fdd8b40) Library to make writing a vnc server easy -------------------------------------------------------------------------------- Update Information:
Limited arch package libvncserver for ppc64 + latest Guacamole server. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1563305 - Please update guacamole to latest version https://bugzilla.redhat.com/show_bug.cgi?id=1563305 [ 2 ] Bug #1546859 - CVE-2018-7225 libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1546859 --------------------------------------------------------------------------------
================================================================================ nekovm-2.2.0-5.el7 (FEDORA-EPEL-2018-5f4ca2ed51) Neko embedded scripting language and virtual machine -------------------------------------------------------------------------------- Update Information:
initial release for EPEL7 --------------------------------------------------------------------------------
================================================================================ php-bartlett-php-compatinfo-db-1.33.0-1.el7 (FEDORA-EPEL-2018-7853163ec6) Reference Database to be used with php-compatinfo library -------------------------------------------------------------------------------- Update Information:
**Version 1.33.0** - 2018-07-05 * **Added** - Support to PHP 7.1.18 and 7.1.19 * **Changed** - Igbinary reference updated to version 2.0.7 (stable) - Stomp reference updated to version 2.0.2 (stable) - Varnish reference updated to version 1.2.4 (stable) -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 6 2018 Remi Collet remi@remirepo.net - 1.33.0-1 - update to 1.33.0 --------------------------------------------------------------------------------
================================================================================ transifex-client-0.13.4-1.el7 (FEDORA-EPEL-2018-ddb17af229) Command line tool for Transifex translation management -------------------------------------------------------------------------------- Update Information:
New upstream version -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 6 2018 Luis Bazan lbazan@fedoraproject.org - 0.13.4-1 - New upstream version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1594046 - Cannot install due to missing dependency: python3-backports-ssl_match_hostname https://bugzilla.redhat.com/show_bug.cgi?id=1594046 --------------------------------------------------------------------------------
================================================================================ wordpress-4.9.7-1.el7 (FEDORA-EPEL-2018-3f114dff22) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
Update to 4.9.7 security release. https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance- release/ -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 5 2018 Kevin Fenzi kevin@scrye.com - 4.9.7-1 - Update to 4.9.7 security update. Fixes bug #1598612 - Fixes CVE-2018-12895 bugs #1595584 and #1595585 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1595585 - CVE-2018-12895 wordpress: Author users can execute arbitrary code by leveraging directory traversal on the wp-admin/post.php thumb parameter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1595585 [ 2 ] Bug #1598612 - wordpress-4.9.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1598612 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org