The following Fedora EPEL 7 Security updates need testing: Age URL 926 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 689 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 271 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 168 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 167 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4 tnef-1.4.14-1.el7 166 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-17b77b3268 botan-1.10.16-1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2e4b6b7b5c lightdm-1.18.3-5.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-59c79d3a8a google-api-python-client-1.6.3-1.el7 python-httplib2-0.9.2-0.1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7bdf242c17 drupal7-views-3.18-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-10553ac5bd ReviewBoard-2.5.16-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9f88067c22 mpg123-1.25.6-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2795d59fcc python3-numpy-1.10.4-5.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30a9c74908 php-horde-Horde-Image-2.5.2-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5b07cc6958 wordpress-4.8.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
libprelude-4.0.0-1.el7 php-horde-Horde-Image-2.5.2-1.el7 wordpress-4.8.2-1.el7 xorgxrdp-0.2.4-2.el7
Details about builds:
================================================================================ libprelude-4.0.0-1.el7 (FEDORA-EPEL-2017-226512eef7) Secure Connections between all Sensors and the Prelude Manager -------------------------------------------------------------------------------- Update Information:
Bump version 4.0.0 --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Image-2.5.2-1.el7 (FEDORA-EPEL-2017-30a9c74908) Horde Image API -------------------------------------------------------------------------------- Update Information:
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections. --------------------------------------------------------------------------------
================================================================================ wordpress-4.8.2-1.el7 (FEDORA-EPEL-2017-5b07cc6958) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
Upstream announcement: **WordPress 4.8.2 is now available**. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: * $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we���ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco * A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team. * A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security. * A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet). * A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by ��������� (Chen Ruiqi). * An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx). * A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team. * A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic). * A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar). Thank you to the reporters of these issues for practicing [responsible disclosure](https://make.wordpress.org/core/handbook/testing /reporting-security-vulnerabilities/). In addition to the security issues above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series. For more information, see the [release notes](https://codex.wordpress.org/Version_4.8.2) or consult the [list of change s](https://core.trac.wordpress.org/query?status=closed&milestone=4.8.2&... ponent&col=id&col=summary&col=component&col=status&col=owner&col=type&col=priori ty&col=keywords&order=priority). Thanks to everyone who contributed to 4.8.2. --------------------------------------------------------------------------------
================================================================================ xorgxrdp-0.2.4-2.el7 (FEDORA-EPEL-2017-69df2856c2) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information:
xorgxrdp v0.2.4 has been released. This version includes fixes of following issues: - Implement disconnection by xrdp-dis command #51 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1482107 - xrdp Xorg session doesn't start after RHEL 7.3 to 7.4 update due to undefined symbol error https://bugzilla.redhat.com/show_bug.cgi?id=1482107 [ 2 ] Bug #1493328 - xorgxrdp-0.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493328 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org