The following Fedora EPEL 7 Security updates need testing: Age URL 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2748/nodejs-0.10.32... 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2825/nginx-1.6.2-1.... 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2861/nodejs-qs-0.6.... 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2870/nodejs-send-0.... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2992/check-mk-1.2.4... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3070/phpMyAdmin-4.2... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3062/golang-1.3.3-1... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3236/python-oauth2-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3283/php-ZendFramew...
The following builds have been pushed to Fedora EPEL 7 updates-testing
caja-1.8.2-1.el7 eom-1.8.1-1.el7 exim-4.84-4.el7 gdl-0.9.5-1.el7 ghc-cmdtheline-0.2.3-1.el7 ghc-monad-unify-0.2.2-1.el7 ghc-pattern-arrows-0.0.2-1.el7 marco-1.8.2-2.el7 mate-control-center-1.8.3-1.el7 php-ZendFramework2-2.3.3-1.el7 php-pear-phing-2.8.2-1.el7 python-igraph-0.7-1.el7 qemu-2.0.0-1.el7.2
Details about builds:
================================================================================ caja-1.8.2-1.el7 (FEDORA-EPEL-2014-3274) File manager for MATE -------------------------------------------------------------------------------- Update Information:
- update to 1.8.2 release - removed upstreamed caja_font-color-desktop.patch -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 29 2014 Wolfgang Ulbrich chat-to-me@raveit.de - 1.8.2-1 - update to 1.8.2 release - removed upstreamed caja_font-color-desktop.patch --------------------------------------------------------------------------------
================================================================================ eom-1.8.1-1.el7 (FEDORA-EPEL-2014-3273) Eye of MATE image viewer -------------------------------------------------------------------------------- Update Information:
- update to 1.8.1 release -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 30 2014 Wolfgang Ulbrich chat-to-me@raveit.de - 1.8.1-1 - update to 1.8.1 release --------------------------------------------------------------------------------
================================================================================ exim-4.84-4.el7 (FEDORA-EPEL-2014-3277) The exim mail transfer agent -------------------------------------------------------------------------------- Update Information:
This is an update fixing problem with dynamically loadable modules. -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 10 2014 Jaroslav Škarvada jskarvad@redhat.com - 4.84-4 - Do not override LFLAGS (problem reported by Todd Lyons) * Tue Aug 26 2014 Jitka Plesnikova jplesnik@redhat.com - 4.84-3 - Perl 5.20 rebuild * Sat Aug 16 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.84-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ gdl-0.9.5-1.el7 (FEDORA-EPEL-2014-3278) GNU Data Language -------------------------------------------------------------------------------- Update Information:
Update to 0.9.5:
* lots of improvements in widgets related code. Available widgets: WIDGET_DRAW, WIDGET_BASE, WIDGET_BUTTON, WIDGET_DROPLIST, WIDGET_COMBOBOX, WIDGET_LIST, WIDGET_SLIDER, WIDGET_TAB, WIDGET_TEXT, WIDGET_LABEL, CW_BGROUP Controlling routines: WIDGET_EVENT, WIDGET_CONTROL, XMANAGER * TIC and TOC * !CONST system variable * initial import of NetCDF-4 related codes: NCDF_GROUPSINQ, NCDF_GROUPNAME, NCDF_GROUPDEF, NCDF_FULLGROUPNAME, NCDF_GROUPPARENT, NCDF_DIMIDSINQ, NCDF_NCIDINQ, NCDF_VARIDSINQ * introducing the NULL device type for Unix like systems without X11 * better free format for print, preserving precision digits * ISA() and TYPENAME() * full support for projections (see MAP_INSTALL for details) Re-enable openmp. Appears to be working now. -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 8 2014 Orion Poplawski orion@cora.nwra.com - 0.9.5-1 - Update to 0.9.5 * Fri Oct 3 2014 Orion Poplawski orion@cora.nwra.com - 0.9.4-7 - Re-enable openmp. Appears to be working now. --------------------------------------------------------------------------------
================================================================================ ghc-cmdtheline-0.2.3-1.el7 (FEDORA-EPEL-2014-3276) Declarative command-line option parsing and documentation library -------------------------------------------------------------------------------- Update Information:
Declarative command-line option parsing and documentation library -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1149550 - Review Request: ghc-cmdtheline - Declarative command-line option parsing and documentation library https://bugzilla.redhat.com/show_bug.cgi?id=1149550 --------------------------------------------------------------------------------
================================================================================ ghc-monad-unify-0.2.2-1.el7 (FEDORA-EPEL-2014-3280) Generic first-order unification -------------------------------------------------------------------------------- Update Information:
Generic first-order unification -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1149554 - Review Request: ghc-monad-unify - Generic first-order unification https://bugzilla.redhat.com/show_bug.cgi?id=1149554 --------------------------------------------------------------------------------
================================================================================ ghc-pattern-arrows-0.0.2-1.el7 (FEDORA-EPEL-2014-3275) Arrows for pretty printing -------------------------------------------------------------------------------- Update Information:
Arrows for pretty printing -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1149556 - Review Request: ghc-pattern-arrows - Arrows for Pretty Printing https://bugzilla.redhat.com/show_bug.cgi?id=1149556 --------------------------------------------------------------------------------
================================================================================ marco-1.8.2-2.el7 (FEDORA-EPEL-2014-3272) MATE Desktop window manager -------------------------------------------------------------------------------- Update Information:
mate-control-center - update to 1.8.1 release marco - update to 1.8.2 release
-------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 3 2014 Wolfgang Ulbrich chat-to-me@raveit.de - 1.8.2-2 - fix to fix a release, LOL * Tue Sep 30 2014 Wolfgang Ulbrich chat-to-me@raveit.de - 1.8.2-1 - update to 1.8.2 release --------------------------------------------------------------------------------
================================================================================ mate-control-center-1.8.3-1.el7 (FEDORA-EPEL-2014-3272) MATE Desktop control-center -------------------------------------------------------------------------------- Update Information:
mate-control-center - update to 1.8.1 release marco - update to 1.8.2 release
-------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 1 2014 Wolfgang Ulbrich chat-to-me@raveit.de - 1.8.3-1 - update to 1.8.1 release --------------------------------------------------------------------------------
================================================================================ php-ZendFramework2-2.3.3-1.el7 (FEDORA-EPEL-2014-3283) Zend Framework 2 -------------------------------------------------------------------------------- Update Information:
Security release * ZF2014-05, which mititages null byte poisoning of the password provided for LDAP authentication, thus prevening unauthorized LDAP binding. This corrects for unpatched versions of PHP (versions 5.5.11 and below, 5.4.27 and below, and any prior releases). * ZF2014-06, which mitigates null byte poisoning of quoted SQL values provided to the sqlsrv extension, thus preventing a potential SQL injection vector.
-------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 10 2014 Remi Collet remi@fedoraproject.org - 2.3.3-1 - Update to 2.3.3 - fix SQL injection with SqlSrv ZF2014-05 CVE-2014-8088 #1151276 - fix null byte issue on Ldap connect ZF2014-06 CVE-2014-8089 #1151277 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05) https://bugzilla.redhat.com/show_bug.cgi?id=1151276 [ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06) https://bugzilla.redhat.com/show_bug.cgi?id=1151277 --------------------------------------------------------------------------------
================================================================================ php-pear-phing-2.8.2-1.el7 (FEDORA-EPEL-2014-3281) A project build system based on Apache Ant -------------------------------------------------------------------------------- Update Information:
Update to latest version. See upstream changelog on http://www.phing.info/trac/wiki/Users/News -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 10 2014 Remi Collet remi@fedoraproject.org - 2.8.2-1 - Update to 2.8.2 - cleanup and changes from remi repo - add dependencies on the available optional tools - doc in pear_docdir - provide php-composer(phing/phing) --------------------------------------------------------------------------------
================================================================================ python-igraph-0.7-1.el7 (FEDORA-EPEL-2014-3282) Python bindings for igraph -------------------------------------------------------------------------------- Update Information:
Build 0.7 for epel6 and epel7 --------------------------------------------------------------------------------
================================================================================ qemu-2.0.0-1.el7.2 (FEDORA-EPEL-2014-3271) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information:
Avoid broken symbolic links -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 10 2014 Lubomir Rintel lkundrak@v3.sk - 2:2.0.0-1.2 - Avoid broken symbolic links (bz #1114432) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1114432 - Invalid symlinks in /usr/share/qemu to ixpe.efi ROM files https://bugzilla.redhat.com/show_bug.cgi?id=1114432 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org