The following Fedora EPEL 7 Security updates need testing: Age URL 762 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 502 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-49c5f31e92 python-pip-epel-8.1.2-14.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-864bc6779e chromium-85.0.4183.83-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83bdeb2965 ansible-2.9.13-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0a324e529d drupal7-7.72-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f9a066663b mbedtls-2.7.17-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-25e525a9ca seamonkey-2.53.4-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
aha-0.5.1-1.el7 amavisd-milter-1.7.1-1.el7 golang-1.15.2-1.el7 proftpd-1.3.5e-10.el7 python-blessed-1.17.10-1.el7 python-enlighten-1.6.2-1.el7
Details about builds:
================================================================================ aha-0.5.1-1.el7 (FEDORA-EPEL-2020-815118b7ca) Convert terminal output to HTML -------------------------------------------------------------------------------- Update Information:
Update to latest upstream release (v0.5.1) -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 14 2020 Artur Frenszek-Iwicki fedora@svgames.pl - 0.5.1-1 - Update to latest upstream release --------------------------------------------------------------------------------
================================================================================ amavisd-milter-1.7.1-1.el7 (FEDORA-EPEL-2020-54755f7337) Sendmail milter for amavisd-new using the AM.PDP protocol -------------------------------------------------------------------------------- Update Information:
# amavisd-milter ## Bug and compatibility fixes - An empty sender must always be enclosed in angle brackets -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 14 2020 Robert Scheck robert@fedoraproject.org 1.7.1-1 - Upgrade to 1.7.1 (#1878910) * Mon Jul 27 2020 Fedora Release Engineering releng@fedoraproject.org - 1.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1878910 - amavisd-milter-1.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1878910 --------------------------------------------------------------------------------
================================================================================ golang-1.15.2-1.el7 (FEDORA-EPEL-2020-d968abb383) The Go Programming Language -------------------------------------------------------------------------------- Update Information:
* Rebase to go1.15.2 * Security fix for CVE-2020-24553 -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 10 2020 Jakub ��ajka jcajka@redhat.com - 1.15.2-1 - Rebase to go1.15.2 - Security fix for CVE-2020-24553 - Resolves: BZ#1874859 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS https://bugzilla.redhat.com/show_bug.cgi?id=1874857 --------------------------------------------------------------------------------
================================================================================ proftpd-1.3.5e-10.el7 (FEDORA-EPEL-2020-918ad695f6) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information:
This update fixes a NULL pointer dereference in SCP options processing. An authenticated remote attacker could issue invalid SCP commands, possibly resulting in a Denial of Service condition. Note: the sftp/scp server is not enabled by the default configuration. -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 14 2020 Paul Howarth paul@city-fan.org - 1.3.5e-10 - Fix null pointer dereference for invalid SCP command by passing the correct argument count to getopt(3) https://github.com/proftpd/proftpd/issues/1043 https://github.com/proftpd/proftpd/pull/1044 https://bugzilla.redhat.com/show_bug.cgi?id=1878869 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1878869 - proftpd: NULL pointer dereference via invalid SCP command leads to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1878869 --------------------------------------------------------------------------------
================================================================================ python-blessed-1.17.10-1.el7 (FEDORA-EPEL-2020-3cb65988df) A thin, practical wrapper around terminal capabilities in Python -------------------------------------------------------------------------------- Update Information:
Updated to 1.17.10 -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 14 2020 Avram Lubkin aviso@rockhopper.net - 1.17.10-1 - Updated to 1.17.10 * Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 1.17.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ python-enlighten-1.6.2-1.el7 (FEDORA-EPEL-2020-3515ba9ce4) Enlighten Progress Bar -------------------------------------------------------------------------------- Update Information:
Update to 1.6.2 -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 15 2020 Avram Lubkin aviso@rockhopper.net - 1.6.2-1 - Update to 1.6.2 * Wed Jul 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.6.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org