The following Fedora EPEL 7 Security updates need testing:
Age URL
510
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
251
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
249
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-32603d41ea
GraphicsMagick-1.3.34-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b5ec870c52
mingw-wavpack-5.1.0-9.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
entr-4.4-1.el7
ocsinventory-agent-2.6.0-3.2.el7
perl-Fsdb-2.69-1.el7
rubygem-ox-2.4.11-5.el7
Details about builds:
================================================================================
entr-4.4-1.el7 (FEDORA-EPEL-2020-0b6911378c)
Run arbitrary commands when files change
--------------------------------------------------------------------------------
Update Information:
- Use a single inotify queue on Linux, limited by
/proc/sys/fs/inotify/max_user_watches - Set the environment variable
`ENTR_INOTIFY_WORKAROUND` to enable a compatibility mode for platforms with
deformed inotify support
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 6 2020 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.4-1
- Update to 4.4 (#1758145)
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ocsinventory-agent-2.6.0-3.2.el7 (FEDORA-EPEL-2020-1dbced42b2)
Open Computer and Software Inventory Next Generation client
--------------------------------------------------------------------------------
Update Information:
Per Upstream, a malicious CA could result in unexpected inventory access with
the System CA patch. The risk is very low. That patch is now dropped.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 6 2020 Pat Riehecky <riehecky(a)fnal.gov> - 2.6.0-3.2
- More cleanup UTF8 parse
- Smarter use of local CA list
* Fri Dec 27 2019 Pat Riehecky <riehecky(a)fnal.gov> - 2.6.0-3.1
- Cleanup UTF8 parse
- drop system CA list, keep local CA list
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1786712 - Failed to load Ocsinventory::Agent, Global symbol "$self"
requires explicit package name
https://bugzilla.redhat.com/show_bug.cgi?id=1786712
--------------------------------------------------------------------------------
================================================================================
perl-Fsdb-2.69-1.el7 (FEDORA-EPEL-2020-cacfbf9da1)
A set of commands for manipulating flat-text databases from the shell
--------------------------------------------------------------------------------
Update Information:
See
http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2019 John Heidemann <johnh(a)isi.edu> 2.69-1
- See
http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
================================================================================
rubygem-ox-2.4.11-5.el7 (FEDORA-EPEL-2020-75cc3918d1)
Fast XML parser and object serializer
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-16229
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 6 2020 Franti��ek Dvo����k <valtri(a)civ.zcu.cz> - 2.4.11-5
- Security fix for CVE-2017-16229 (#1549442) - more patches
* Sun Jan 5 2020 Franti��ek Dvo����k <valtri(a)civ.zcu.cz> - 2.4.11-4
- Security fix for CVE-2017-16229 (#1549442)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1549441 - CVE-2017-16229 rubygem-ox: Stack-based buffer over-read in
sax_buf.c:read_from_str() causes crash
https://bugzilla.redhat.com/show_bug.cgi?id=1549441
--------------------------------------------------------------------------------