The following Fedora EPEL 7 Security updates need testing:
Age URL
1102 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
864 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
447 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
344 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
176 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
113 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
63 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7
18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3e70a38ad4 drupal7-7.57-1.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-815e0064e9 tor-0.2.9.15-1.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f7a629b46f python-django16-1.6.11.7-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-635348eab4 php-simplesamlphp-saml2_1-1.10.6-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7150fa5dce php-simplesamlphp-saml2-2.3.8-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-673b3314a1 exim-4.90.1-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
dictd-1.12.1-20.el7
jwhois-4.0-46.el7
libmodulemd-1.1.0-1.el7
monitorix-3.10.1-1.el7
Details about builds:
================================================================================
dictd-1.12.1-20.el7 (FEDORA-EPEL-2018-f4620ae6d6)
DICT protocol (RFC 2229) server and command-line client
--------------------------------------------------------------------------------
Update Information:
Fix packaging for EL-6 (don't confuse systemd service with the old initd
script).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1444555 - dictd-server includes a wrong kind of initscript
https://bugzilla.redhat.com/show_bug.cgi?id=1444555
--------------------------------------------------------------------------------
================================================================================
jwhois-4.0-46.el7 (FEDORA-EPEL-2018-4408a2a797)
Internet whois/nicname client
--------------------------------------------------------------------------------
Update Information:
Add options to to force querying on ipv4 or ipv6 (patch by John Fawcett)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1551215 - Enhancement to foce querying on ipv4 or ipv6
https://bugzilla.redhat.com/show_bug.cgi?id=1551215
--------------------------------------------------------------------------------
================================================================================
libmodulemd-1.1.0-1.el7 (FEDORA-EPEL-2018-32f78e466c)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
* Adds support for handling modulemd-defaults YAML documents * Adds peek()/dup()
routines to all object properties * Adds Modulemd.Module.dup_nsvc() to retrieve
the canonical form of the unique module identifier. * Adds support for boolean
types in the XMD section
--------------------------------------------------------------------------------
================================================================================
monitorix-3.10.1-1.el7 (FEDORA-EPEL-2018-3f41541339)
A free, open source, lightweight system monitoring tool
--------------------------------------------------------------------------------
Update Information:
Prior Monitorix versions are vulnerable to cross-site scripting (XSS), caused by
improper validation of user-supplied input by the monitorix.cgi file. A remote
attacker could exploit this vulnerability using some of the arguments provided
(graph= or when=) in a specially-crafted URL to execute script in a victim's Web
browser within the security context of the hosting Web site, once the URL is
clicked. An attacker could use this vulnerability to steal the victim's cookie-
based authentication credentials. I would like to thank Sebastian Gilon from
TestArmy for reporting that issue. The rest of bugs fixed are, as always,
reflected in the Changes file. All users still using older versions are advised
and encouraged to upgrade to this version, which resolves this security issue.
--------------------------------------------------------------------------------
Dear all,
You are kindly invited to the meeting:
EPEL Steering Committee on 2018-03-14 from 18:00:00 to 19:00:00 GMT
At fedora-meeting(a)irc.freenode.net
The meeting will be about:
The EPEL Steering Committee will have a weekly meeting to cover current tasks and problems needed to keep EPEL going.
Source: https://apps.fedoraproject.org/calendar/meeting/8724/