The following Fedora EPEL 7 Security updates need testing: Age URL 112 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a unrtf-0.21.9-8.el7 62 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7 46 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 37 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3a3c72c5e5 chromium-68.0.3440.106-3.el7 18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896 myrepos-1.20180726-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c0e0064bf7 moodle-3.1.14-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ae9b5a9e70 hylafax+-5.6.1-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1141f91524 mozilla-noscript-10.1.9.6-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc87c43cdd libbson-1.3.5-6.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2150941371 mbedtls-2.7.6-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c5f71cfa34 python-marshmallow-2.0.0-0.7.gita8b3385.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-31ccd7aee3 php-tcpdf-6.2.25-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c906338b6b libmad-0.15.1b-26.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f13feb5e4b sensible-utils-0.0.12-2.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1345280fd0 php-horde-Horde-Core-2.31.6-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a59cab95c9 rust-1.29.1-2.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c1f95f55fd php-horde-horde-5.2.20-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9209f8af0b php-horde-kronolith-4.2.25-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-2.6.5-1.el7 hub-2.5.1-1.el7 pagure-5.0.1-2.el7 py4j-0.10.7-3.el7 python-lark-parser-0.6.4-1.el7 python3-chardet-2.3.0-4.el7 python3-six-1.11.0-1.el7 zchunk-0.9.11-1.el7
Details about builds:
================================================================================ ansible-2.6.5-1.el7 (FEDORA-EPEL-2018-1e18df030e) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information:
Update to 2.6.5 bugfix release. See https://github.com/ansible/ansible/blob/v2.6.5/changelogs/CHANGELOG-v2.6.rst for a full list of fixed bugs. -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Kevin Fenzi kevin@scrye.com - 2.6.5-1 - Update to 2.6.5. --------------------------------------------------------------------------------
================================================================================ hub-2.5.1-1.el7 (FEDORA-EPEL-2018-c1e6eb5145) A command-line wrapper for git with github shortcuts -------------------------------------------------------------------------------- Update Information:
Update to 2.5.1 `hub issue create`: ignore the .github/ISSUE_TEMPLATE directory instead of crashing `hub pull-request`: avoid re-requesting reviewers in case of CODEOWNERS `hub ci-status`: handle cases when Checks API is unavailable, like older GitHub Enterprise Handle HTTP 422 message format from server response Ignore crash for malformed ~/.config/hub file Clarify `hub init -g` documentation that it doesn't imply hub create `hub clone`: add more documentation about git protocol used -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Stephen Gallagher sgallagh@redhat.com - 2.5.1-1 - Update to 2.5.1 - hub issue create: ignore the .github/ISSUE_TEMPLATE directory instead of crashing - hub pull-request: avoid re-requesting reviewers in case of CODEOWNERS - hub ci-status: handle cases when Checks API is unavailable, like older GitHub Enterprise - Handle HTTP 422 message format from server response - Ignore crash for malformed ~/.config/hub file - Clarify hub init -g documentation that it doesn't imply hub create - hub clone: add more documentation about git protocol used * Tue Jul 17 2018 Stephen Gallagher sgallagh@redhat.com - 2.5.0-2 - Fix generation of debuginfo for F29 --------------------------------------------------------------------------------
================================================================================ pagure-5.0.1-2.el7 (FEDORA-EPEL-2018-c887b5aaa9) A git-centered forge -------------------------------------------------------------------------------- Update Information:
Rebase to Pagure 5.0.1 to move to a maintained Pagure version and fix CVE-2017-1002151, as well as many other issues. Upstream changes with the rebase to 5.0.1: + The UI has been completely redesigned + Theming has been redesigned, and new themes are included as subpackages + Many new API endpoints have been added + Reworked how git hooks work to rely on a single file for efficiency + Expanded functionality included in the `pagure-admin` command Consult the official Pagure documentation on upgrading to Pagure 5 from earlier versions. -------------------------------------------------------------------------------- ChangeLog:
* Sat Sep 29 2018 Neal Gompa ngompa13@gmail.com - 5.0.1-2 - Fix symlinks broken or missing due to setuptools * Sat Sep 29 2018 Neal Gompa ngompa13@gmail.com - 5.0.1-1 - Update to 5.0.1 (RH#1634318) * Mon Sep 24 2018 Neal Gompa ngompa13@gmail.com - 5.0-1 - Update to 5.0 (RH#1632468) * Mon Sep 17 2018 Neal Gompa ngompa13@gmail.com - 4.93.0-1 - Rebase to 4.93.0 (5.0 beta 4) - Pagure is now using Python 3 on Fedora * Sat Jul 28 2018 Igor Gnatenko ignatenkobrain@fedoraproject.org - 4.0.4-2 - Generate dependencies automatically * Tue Jul 24 2018 Neal Gompa ngompa13@gmail.com - 4.0.4-1 - Rebase to 4.0.4 - Add patch from Mageia to backport fix for pagure-milters * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 3.13.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Mar 1 2018 Iryna Shcherbina ishcherb@redhat.com - 3.13.2-3 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 3.13.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Dec 21 2017 Pierre-Yves Chibon pingou@pingoured.fr - 3.13.2-1 - Update to 3.13.2 * Tue Nov 28 2017 Pierre-Yves Chibon pingou@pingoured.fr - 3.11.1-1 - Update to 3.11.1 * Thu Aug 10 2017 Pierre-Yves Chibon pingou@pingoured.fr - 3.5-1 - Update to 3.5 - Reverting to py-bcrypt * Wed Aug 9 2017 Gwyn Ciesla limburgher@gmail.com - 3.3.1-3 - Switch to python-bcrypt, BZ 1473018. * Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 3.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Mon Jul 24 2017 Pierre-Yves Chibon pingou@pingoured.fr - 3.3.1-1 - Update to 3.3.1 - Fixes a typo in the alembic migration script introduced in 3.3 * Mon Jul 24 2017 Pierre-Yves Chibon pingou@pingoured.fr - 3.3-1 - Update to 3.3 - [SECURITY FIX] block private repo (read) access via ssh due to a bug on how we generated the gitolite config - CVE-2017-1002151 (Stefan B��hler) * Wed Mar 29 2017 Pierre-Yves Chibon pingou@pingoured.fr - 2.14.1-1 - Update to 2.14.1 * Wed Mar 1 2017 Pierre-Yves Chibon pingou@pingoured.fr - 2.13.1-1 - Update to 2.13.1 * Sat Feb 11 2017 Fedora Release Engineering releng@fedoraproject.org - 2.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Fri Jan 20 2017 Pierre-Yves Chibon pingou@pingoured.fr - 2.11-1 - Update to 2.11 * Mon Dec 26 2016 Pierre-Yves Chibon pingou@pingoured.fr - 2.10.1-1 - Update to 2.10.1 * Thu Aug 4 2016 Bruno Wolff III bruno@wolff.to - 2.3.4-1 - Update to 2.3.4 - Security fix release blocking all html related mimetype when displaying the raw files in issues and forces the browser to download them instead (Thanks to Patrick Uiterwijk for finding this issue) - CVE: CVE-2016-1000037 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1474269 - CVE-2017-1002151 pagure: Private repositories accessible through ssh https://bugzilla.redhat.com/show_bug.cgi?id=1474269 --------------------------------------------------------------------------------
================================================================================ py4j-0.10.7-3.el7 (FEDORA-EPEL-2018-c400209101) Dynamically access in Python programs to arbitrary Java objects -------------------------------------------------------------------------------- Update Information:
add python3 subpackages -------------------------------------------------------------------------------- ChangeLog:
* Sat Sep 29 2018 Raphael Groner projects.rg@smart.ms - 0.10.7-3 - drop python2 subpackage in Fedora but not EPEL7 - add python3 subpackages in epel7 - simplify execution of sphinx * Wed Sep 19 2018 Petr Viktorin pviktori@redhat.com - 0.10.7-2 - Remove the Python 2 subpackage rhbz#1628178 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1628178 - py4j: Remove (sub)packages from Fedora 30+: python2-py4j https://bugzilla.redhat.com/show_bug.cgi?id=1628178 --------------------------------------------------------------------------------
================================================================================ python-lark-parser-0.6.4-1.el7 (FEDORA-EPEL-2018-af445bfc33) Lark is a modern general-purpose parsing library for Python -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1632502 - Review Request: python-lark-parser - Modern general-purpose parsing library for Python https://bugzilla.redhat.com/show_bug.cgi?id=1632502 --------------------------------------------------------------------------------
================================================================================ python3-chardet-2.3.0-4.el7 (FEDORA-EPEL-2018-d38f8590b3) Character encoding auto-detection in Python -------------------------------------------------------------------------------- Update Information:
Ship python36-chardet -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Raphael Groner projects.rg@smart.ms - 2.3.0-4 - add python3 subpackages - use same macro names as in Fedora - use binary suffix and individual symlinks for python default version --------------------------------------------------------------------------------
================================================================================ python3-six-1.11.0-1.el7 (FEDORA-EPEL-2018-8079589449) Python 2 and 3 compatibility utilities -------------------------------------------------------------------------------- Update Information:
- Update to 1.11.0 - Build for python 3.6 -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ zchunk-0.9.11-1.el7 (FEDORA-EPEL-2018-59650a08fe) Compressed file format that allows easy deltas -------------------------------------------------------------------------------- Update Information:
Fix small bug in downloading API ---- Fixes security bugs identified by Coverity -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Jonathan Dieter jdieter@gmail.com - 0.9.11-1 - Fix small bug where creating a zck_dl context fails when zck context is NULL * Tue Sep 18 2018 Jonathan Dieter jdieter@gmail.com - 0.9.10-1 - Update to 0.9.10 - Fixes security bugs found by Coverity --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org