The following Fedora EPEL 6 Security updates need testing: Age URL 973 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 192 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6 63 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1.el6,python-astroid-1.2.1-2.el6,python-logilab-common-0.62.1-2.el6 38 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1 26 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4242/facter-1.6.18-8.el6 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4485/python-tornado-2.2.1-7.el6 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4624/xrdp-0.6.1-1.el6 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4575/links-2.8-4.el6 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4563/firebird-2.5.3.26778.0-2.el6 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4669/libhtp-0.5.16-1.el6 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4693/denyhosts-2.6-19.el6.1 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4737/docker-io-1.4.0-2.el6 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4729/ettercap-0.7.5-4.el6.1.20120906gitc796e5 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4766/mediawiki119-1.19.23-1.el6 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4773/unrtf-0.21.7-1.el6 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4807/libssh-0.5.5-3.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4829/roundcubemail-1.0.4-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
roundcubemail-1.0.4-2.el6
Details about builds:
================================================================================
roundcubemail-1.0.4-2.el6 (FEDORA-EPEL-2014-4829)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
This update provides Roundcube 1.0.4. This is a stable security update: the
security fix is described by upstream as "Fix possible CSRF attacks to some
address book operations as well as to the ACL and Managesieve plugins." More
details on the update are available at
http://roundcube.net/news/2014/12/18/update-1.0.4-released/ . The update should
apply without any special handling by the system administrator.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 20 2014 Adam Williamson <[email protected]> - 1.0.4-2
- drop tinymce bbcode plugin for safety (CVE-2012-4230)
* Sat Dec 20 2014 Adam Williamson <[email protected]> - 1.0.4-1
- new release 1.0.4 (security update)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1091438 - CVE-2012-4230 tinymce: XSS attacks via security policy
bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1091438
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
