The following Fedora EPEL 7 Security updates need testing: Age URL 752 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 492 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-89ad58d02c golang-1.15-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-49c5f31e92 python-pip-epel-8.1.2-14.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-864bc6779e chromium-85.0.4183.83-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-2.9.13-1.el7 batctl-2020.3-1.el7 drupal7-7.72-1.el7
Details about builds:
================================================================================ ansible-2.9.13-1.el7 (FEDORA-EPEL-2020-83bdeb2965) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information:
Update to new bugfix and security update 2.9.13 ---- Update to upstream bugfix release 2.9.11. See https://github.com/ansible/ansible/blob/stable-2.9/changelog s/CHANGELOG-v2.9.rst#v2-9-11 for details. -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 3 2020 Kevin Fenzi kevin@scrye.com - 2.9.13-1 - Update to 2.9.13. * Tue Jul 21 2020 Kevin Fenzi kevin@scrye.com - 2.9.11-1 - Update to 2.9.11. --------------------------------------------------------------------------------
================================================================================ batctl-2020.3-1.el7 (FEDORA-EPEL-2020-ac9c73e20d) B.A.T.M.A.N. advanced control and management tool -------------------------------------------------------------------------------- Update Information:
Update to 2020.3 -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 4 2020 Felix Kaechele heffer@fedoraproject.org - 2020.3-1 - update to 2020.3 * Mon Jul 27 2020 Fedora Release Engineering releng@fedoraproject.org - 2020.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 7 2020 Felix Kaechele heffer@fedoraproject.org - 2020.2-1 - update to 2020.2 --------------------------------------------------------------------------------
================================================================================ drupal7-7.72-1.el7 (FEDORA-EPEL-2020-0a324e529d) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:
- https://www.drupal.org/project/drupal/releases/7.72 - [Drupal core - Critical - Cross Site Request Forgery - SA- CORE-2020-004](https://www.drupal.org/sa-core-2020-004) / CVE-2020-13663 - https://www.drupal.org/project/drupal/releases/7.71 - https://www.drupal.org/project/drupal/releases/7.70 - [Drupal core - Moderately critical - Cross Site Scripting - SA- CORE-2020-002](https://www.drupal.org/sa-core-2020-002) / CVE-2020-11022 / CVE-2020-11023 - [Drupal core - Moderately critical - Open Redirect - SA- CORE-2020-003](https://www.drupal.org/sa-core-2020-003) / CVE-2020-13662 -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 4 2020 Shawn Iwinski shawn.iwinski@gmail.com - 7.72-1 - Update to 7.72 - SA-CORE-2020-004/CVE-2020-13663 (RHBZ #1860912, #1860913) * Mon Jul 27 2020 Fedora Release Engineering releng@fedoraproject.org - 7.70-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sun May 31 2020 Shawn Iwinski shawn.iwinski@gmail.com - 7.70-2 - rpmbuild sub-pkg: Fix auto-provides for F32+ * Fri May 22 2020 Peter Borsa peter@asrob.eu - 7.70-1 - Update to 7.70 - RHBZ #1837516 / SA-CORE-2020-003 - RHBZ #1828416 / SA-CORE-2020-002 * Fri May 22 2020 Peter Borsa peter@asrob.eu - 7.69-3 - Remove php-recode as dependency * Tue Jan 28 2020 Fedora Release Engineering releng@fedoraproject.org - 7.69-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1828417 - CVE-2020-11022 drupal7: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1828417 [ 2 ] Bug #1850013 - CVE-2020-11023 drupal7: jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1850013 [ 3 ] Bug #1850023 - CVE-2020-11023 drupal7: jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1850023 [ 4 ] Bug #1860912 - CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1860912 [ 5 ] Bug #1860913 - CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1860913 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org