The following Fedora EPEL 7 Security updates need testing:
Age URL
950 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
712 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
294 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
192 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
189 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7
24 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b8147c68 openvpn-auth-ldap-2.0.3-15.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4826761f5d openvpn-2.4.4-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-abe6f98ebf tor-0.2.9.12-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0f92580f68 yadifa-2.2.6-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-17b77b3268 botan-1.10.17-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3c06a7eecf nagios-4.3.4-3.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9e6a789af9 check-mk-1.2.8p26-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-853d71e01b tnef-1.4.15-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
borgbackup-1.1.0-1.el7
getmail-5.4-1.el7
golang-github-hashicorp-go-plugin-0-0.1.20171028git3e6d191.el7
gridsite-2.3.4-1.el7
phoronix-test-suite-7.4.0-1.el7
python-openqa_client-1.3.1-1.el7
python-wikitcms-2.1.12-1.el7
Details about builds:
================================================================================
borgbackup-1.1.0-1.el7 (FEDORA-EPEL-2017-f2d9488b45)
A deduplicating backup program with compression and authenticated encryption
--------------------------------------------------------------------------------
Update Information:
upstream version 1.1.0 (BZ#1499512)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1499512 - borgbackup 1.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1499512
[ 2 ] Bug #1493434 - Missing fuse dependency for borgbackup package
https://bugzilla.redhat.com/show_bug.cgi?id=1493434
--------------------------------------------------------------------------------
================================================================================
getmail-5.4-1.el7 (FEDORA-EPEL-2017-02d50ac26f)
POP3, IMAP4 and SDPS mail retriever with Maildir delivery
--------------------------------------------------------------------------------
Update Information:
update to 5.4
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-plugin-0-0.1.20171028git3e6d191.el7 (FEDORA-EPEL-2017-953e73772b)
Golang plugin system over RPC
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1501007 - Review Request: golang-github-hashicorp-go-plugin - Golang plugin system over RPC
https://bugzilla.redhat.com/show_bug.cgi?id=1501007
--------------------------------------------------------------------------------
================================================================================
gridsite-2.3.4-1.el7 (FEDORA-EPEL-2017-715a4a628b)
Grid Security for the Web, Web platforms for Grids
--------------------------------------------------------------------------------
Update Information:
Fixed missing environment variables and out-of-bound array access
--------------------------------------------------------------------------------
================================================================================
phoronix-test-suite-7.4.0-1.el7 (FEDORA-EPEL-2017-c285a77c39)
An Automated, Open-Source Testing Framework
--------------------------------------------------------------------------------
Update Information:
update to 7.4.0
--------------------------------------------------------------------------------
================================================================================
python-openqa_client-1.3.1-1.el7 (FEDORA-EPEL-2017-2841bdf674)
Python client library for openQA API
--------------------------------------------------------------------------------
Update Information:
This update provides the latest release of the library, which updates the job
state definitions in the `const` module to match the latest upstream openQA
code. Note the openQA currently packaged for Fedora does not yet include all the
newer job states, but the changes should be 'backwards compatible' (i.e. all the
states that are in Fedora's openQA are present, and in the correct groups).
--------------------------------------------------------------------------------
================================================================================
python-wikitcms-2.1.12-1.el7 (FEDORA-EPEL-2017-e05130923e)
Fedora QA wiki test management Python library
--------------------------------------------------------------------------------
Update Information:
This new release of python-wikitcms enhances the result row parser to handle the
new 'Basic' milestone (which replaces Alpha going forward). It also slightly
tweaks the parser to prefer the *first* milestone in a string like "Alpha /
Final", rather than the *second* - so it will consider Alpha as the milestone,
not Final. This will usually be a bit more correct in practical usage (i.e.
testcase_stats).
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
828 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6
822 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
712 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
684 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
294 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6
23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a437fba22e openvpn-2.4.4-1.el6
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e4d447e97c tor-0.2.9.12-1.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1f4bfd5d1d botan-1.8.15-2.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-164cc614ff nagios-4.3.4-4.el6
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8abafd9ad0 check-mk-1.2.6p16-5.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0177a71c41 tnef-1.4.15-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f7e4cbd529 golang-1.7.6-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
getmail-5.4-1.el6
golang-1.7.6-2.el6
phoronix-test-suite-7.4.0-1.el6
python-blessed-1.14.1-3.el6
python-openqa_client-1.3.1-1.el6
Details about builds:
================================================================================
getmail-5.4-1.el6 (FEDORA-EPEL-2017-bf3958d6f4)
POP3, IMAP4 and SDPS mail retriever with Maildir delivery
--------------------------------------------------------------------------------
Update Information:
update to 5.4
--------------------------------------------------------------------------------
================================================================================
golang-1.7.6-2.el6 (FEDORA-EPEL-2017-f7e4cbd529)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-15041 and CVE-2017-15042
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1498870 - CVE-2017-15041 golang: arbitrary code execution during ���go get��� or ���go get -d���
https://bugzilla.redhat.com/show_bug.cgi?id=1498870
[ 2 ] Bug #1498867 - CVE-2017-15042 golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting
https://bugzilla.redhat.com/show_bug.cgi?id=1498867
--------------------------------------------------------------------------------
================================================================================
phoronix-test-suite-7.4.0-1.el6 (FEDORA-EPEL-2017-def3063829)
An Automated, Open-Source Testing Framework
--------------------------------------------------------------------------------
Update Information:
update to 7.4.0
--------------------------------------------------------------------------------
================================================================================
python-blessed-1.14.1-3.el6 (FEDORA-EPEL-2017-176cba8f04)
A thin, practical wrapper around terminal capabilities in Python
--------------------------------------------------------------------------------
Update Information:
Add EL6 build support
--------------------------------------------------------------------------------
================================================================================
python-openqa_client-1.3.1-1.el6 (FEDORA-EPEL-2017-df14374df6)
Python client library for openQA API
--------------------------------------------------------------------------------
Update Information:
This update provides the latest release of the library, which updates the job
state definitions in the `const` module to match the latest upstream openQA
code. Note the openQA currently packaged for Fedora does not yet include all the
newer job states, but the changes should be 'backwards compatible' (i.e. all the
states that are in Fedora's openQA are present, and in the correct groups).
--------------------------------------------------------------------------------
Hello,
I have just submitted bodhi update for CVE-2017-15041 and CVE-2017-15042, https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f7e4cbd529. If you maintain any package or application using "net/smtp" stdlib package, rebuild of your package/application is strongly recommended using the fixed version of golang.
I plan, after this update hits stable, to update the golang package to upstream version go1.9(.1)(or any other point release available at that time). If you have any concerns please rise them now.
Testing and karma is much appreciated,
JC