The following Fedora EPEL 7 Security updates need testing: Age URL 610 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 351 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 349 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 58 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6 python-waitress-1.4.3-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b23fa957bb drupal7-ckeditor-1.19-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-16bf726581 php-robrichards-xmlseclibs1-1.4.3-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-181270fbae chromium-80.0.3987.163-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-34295ace88 cacti-1.2.11-1.el7 cacti-spine-1.2.11-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b6453e2708 nrpe-4.0.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
NetworkManager-fortisslvpn-1.2.8-7.el7 epel-rpm-macros-7-24 libasr-1.0.4-2.el7 netdata-1.21.1-1.el7 openhantek-3.0.4b-1.el7 opensmtpd-6.6.4p1-3.el7 python-betamax-0.7.1-2.el7 python-pyrfc3339-1.1-3.el7 python-regex-2020.4.4-1.el7 qpid-dispatch-1.11.0-1.el7 youtube-dl-2020.03.24-1.el7
Details about builds:
================================================================================ NetworkManager-fortisslvpn-1.2.8-7.el7 (FEDORA-EPEL-2020-b243b0dcb6) NetworkManager VPN plugin for Fortinet compatible SSLVPN -------------------------------------------------------------------------------- Update Information:
Update DNS peer handling with new patch. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 15 2020 Simone Caronni negativo17@gmail.com - 1.2.8-7 - Update DNS handling patch. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1820906 - NetworkManager-fortisslvpn overwrites /etc/resolv.conf https://bugzilla.redhat.com/show_bug.cgi?id=1820906 --------------------------------------------------------------------------------
================================================================================ epel-rpm-macros-7-24 (FEDORA-EPEL-2020-3c0bec7842) Extra Packages for Enterprise Linux RPM macros -------------------------------------------------------------------------------- Update Information:
Add the `%pycached` macro as [described in Fedora's Python packaging guidelines](https://docs.fedoraproject.org/en-US/packaging- guidelines/Python/#_byte_compiling). -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 28 2019 Miro Hron��ok mhroncok@redhat.com - 7-24 - Add the %pycached macro --------------------------------------------------------------------------------
================================================================================ libasr-1.0.4-2.el7 (FEDORA-EPEL-2020-ede50a3d8b) Free, simple and portable asynchronous resolver library -------------------------------------------------------------------------------- Update Information:
Release 6.6.4p1 (2020-02-24) - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Release 6.6.3p1 (2020-02-10) - Following the 6.6.2p1 release, various improvements were done in OpenBSD -current to mitigate the risk of similar bugs. -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 10 2020 Denis Fateyev denis@fateyev.com - 1.0.4-2 - Rebuilt for epel7 compatibility * Thu Jan 30 2020 Denis Fateyev denis@fateyev.com - 1.0.4-1 - Update to 1.0.4 release * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Wed Aug 28 2019 Denis Fateyev denis@fateyev.com - 1.0.2-11 - Spec cleanup from deprecated items * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Thu Feb 4 2016 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Jun 17 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1765905 - libasr-1.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1765905 [ 2 ] Bug #1797597 - CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1797597 [ 3 ] Bug #1801477 - opensmtpd-6.6.4p1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1801477 [ 4 ] Bug #1806874 - CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1806874 [ 5 ] Bug #1809061 - CVE-2020-8794 opensmtpd: An out-of-bounds read could lead to remote code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1809061 --------------------------------------------------------------------------------
================================================================================ netdata-1.21.1-1.el7 (FEDORA-EPEL-2020-df79ef53bd) Real-time performance monitoring -------------------------------------------------------------------------------- Update Information:
Update from upstream ---- Update from upstream -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 14 2020 Didier Fabert didier.fabert@gmail.com 1.21.1-1 - Update from upstream * Tue Apr 7 2020 Didier Fabert didier.fabert@gmail.com 1.21.0-1 - Update from upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1821125 - netdata-1.21.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1821125 [ 2 ] Bug #1823449 - netdata-1.21.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1823449 --------------------------------------------------------------------------------
================================================================================ openhantek-3.0.4b-1.el7 (FEDORA-EPEL-2020-c15ad742ac) Hantek and compatible USB digital signal oscilloscope -------------------------------------------------------------------------------- Update Information:
Update to 3.0.4b. -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 14 2020 Vasiliy N. Glazov vascom2@gmail.com - 3.0.4b-1 - Update to 3.0.4b --------------------------------------------------------------------------------
================================================================================ opensmtpd-6.6.4p1-3.el7 (FEDORA-EPEL-2020-ede50a3d8b) Free implementation of the server-side SMTP protocol as defined by RFC 5321 -------------------------------------------------------------------------------- Update Information:
Release 6.6.4p1 (2020-02-24) - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Release 6.6.3p1 (2020-02-10) - Following the 6.6.2p1 release, various improvements were done in OpenBSD -current to mitigate the risk of similar bugs. -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 10 2020 Denis Fateyev denis@fateyev.com - 6.6.4p1-3 - Rebuilt for epel7 compatibility * Fri Feb 28 2020 Denis Fateyev denis@fateyev.com - 6.6.4p1-2 - Add "legacy_common_support" build option * Mon Feb 24 2020 Denis Fateyev denis@fateyev.com - 6.6.4p1-1 - Update to 6.6.4p1 release * Thu Jan 30 2020 Denis Fateyev denis@fateyev.com - 6.6.2p1-1 - Update to 6.6.2p1 release - Remove obsolete patch and spec cleanup * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 6.0.3p1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 6.0.3p1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 6.0.3p1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Jan 14 2019 Bj��rn Esser besser82@fedoraproject.org - 6.0.3p1-6 - Rebuilt for libcrypt.so.2 (#1666033) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1765905 - libasr-1.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1765905 [ 2 ] Bug #1797597 - CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1797597 [ 3 ] Bug #1801477 - opensmtpd-6.6.4p1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1801477 [ 4 ] Bug #1806874 - CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1806874 [ 5 ] Bug #1809061 - CVE-2020-8794 opensmtpd: An out-of-bounds read could lead to remote code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1809061 --------------------------------------------------------------------------------
================================================================================ python-betamax-0.7.1-2.el7 (FEDORA-EPEL-2020-056ed26693) VCR imitation for python-requests -------------------------------------------------------------------------------- Update Information:
add Python 3 subpackage (rhbz #1823097) -------------------------------------------------------------------------------- ChangeLog:
* Sun Apr 12 2020 Felix Schwarz fschwarz@fedoraproject.org - 0.7.1-2 - add Python 3 subpackage (rhbz #1823097) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1823097 - python-betamax: please provide Python 3 version in EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1823097 --------------------------------------------------------------------------------
================================================================================ python-pyrfc3339-1.1-3.el7 (FEDORA-EPEL-2020-932564bee1) Generate and parse RFC 3339 timestamps -------------------------------------------------------------------------------- Update Information:
update to 1.1, adding Python 3 subpackage -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 14 2020 Felix Schwarz fschwarz@fedoraproject.org - 1.1-3 - also package+run unit tests - build Python 3 subpackage also in EPEL 7 * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Tue Oct 8 2019 Eli Young elyscape@gmail.com - 1.1-1 - Update to 1.1 (#1697425) * Thu Oct 3 2019 Miro Hron��ok mhroncok@redhat.com - 1.0-16 - Rebuilt for Python 3.8.0rc1 (#1748018) * Mon Aug 19 2019 Miro Hron��ok mhroncok@redhat.com - 1.0-15 - Rebuilt for Python 3.8 * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 1.0-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 1.0-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Jan 9 2019 Miro Hron��ok mhroncok@redhat.com - 1.0-12 - Subpackage python2-pyrfc3339 has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 1.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 1.0-10 - Rebuilt for Python 3.7 * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 1.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sat Jan 27 2018 Iryna Shcherbina ishcherb@redhat.com - 1.0-8 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 1.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering releng@fedoraproject.org - 1.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Mon Dec 19 2016 Miro Hron��ok mhroncok@redhat.com - 1.0-5 - Rebuild for Python 3.6 * Tue Jul 19 2016 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0-4 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Pac... * Thu Feb 4 2016 Fedora Release Engineering releng@fedoraproject.org - 1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1813672 - python-pyrfc3339: provide Python 3 package for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1813672 --------------------------------------------------------------------------------
================================================================================ python-regex-2020.4.4-1.el7 (FEDORA-EPEL-2020-0a4bd3f3b7) Alternative regular expression module, to replace re -------------------------------------------------------------------------------- Update Information:
Update Regex to the latest released version. -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 14 2020 Thomas Moschny thomas.moschny@gmx.de - 2020.4.4-1 - Update to 2020.4.4. --------------------------------------------------------------------------------
================================================================================ qpid-dispatch-1.11.0-1.el7 (FEDORA-EPEL-2020-467296f7a2) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information:
Rebased to 1.11.0. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 13 2020 Irina Boverman iboverma@redhat.com - 1.11.0-1 - Rebased to 1.11.0 --------------------------------------------------------------------------------
================================================================================ youtube-dl-2020.03.24-1.el7 (FEDORA-EPEL-2020-7546933da6) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information:
Update to 2020.03.24 -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 13 2020 Robert-Andr�� Mauchin zebob.m@gmail.com - 2020.03.24-1 - Update to 2020.03.24 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1810696 - youtube-dl-2020.03.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1810696 [ 2 ] Bug #1811440 - Request update to latest version https://bugzilla.redhat.com/show_bug.cgi?id=1811440 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org