The following Fedora EPEL 6 Security updates need testing: Age URL 1103 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 168 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1 29 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1501/strongswan-5.3.0-1.el6 19 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5742/asterisk-1.8.32.3-1.el6 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5859/cherokee-1.2.103-6.el6 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5836/mod_proxy_fcgi-2.4.10-1.20150415gitd45a11f.el6 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5972/testdisk-7.0-2.el6 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5964/ikiwiki-3.20150329-1.el6 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5985/python-crypto2.1-2.1.0-4.el6 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6009/dpkg-1.16.16-5.el6 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5933/wordpress-4.2.1-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6089/drupal7-views-3.11-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6083/clamav-0.98.7-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing clamav-0.98.7-1.el6 drupal7-views-3.11-1.el6 mash-0.6.14-1.el6 opendmarc-1.3.1-13.el6 perl-Crypt-PBKDF2-0.150900-1.el6 wildmagic5-5.13-9.el6 Details about builds: ================================================================================ clamav-0.98.7-1.el6 (FEDORA-EPEL-2015-6083) Anti-virus software -------------------------------------------------------------------------------- Update Information: ClamAV 0.98.7 ============= This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format. - Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. - Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222. - Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong. - Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior. - Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior. - Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668. - Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes. - Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305. - Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170. - Fix segfault scanning certain HTML files. Reported with sample by Kai Risku. - Improve detections within xar/pkg files. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2015 Robert Scheck <rob...@fedoraproject.org> - 0.98.7-1 - Upgrade to 0.98.7 and updated daily.cvd (#1217014) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1217206 - CVE-2015-2221: clamav Infinite loop condition on crafted y0da cryptor file https://bugzilla.redhat.com/show_bug.cgi?id=1217206 [ 2 ] Bug #1217207 - CVE-2015-2222 clamav: crash on crafted petite packed file https://bugzilla.redhat.com/show_bug.cgi?id=1217207 [ 3 ] Bug #1217208 - CVE-2015-2668 clamav: Infinite loop condition on a crafted "xz" archive file https://bugzilla.redhat.com/show_bug.cgi?id=1217208 [ 4 ] Bug #1217209 - CVE-2015-2170: clamav: Crash in upx decoder with crafted file https://bugzilla.redhat.com/show_bug.cgi?id=1217209 -------------------------------------------------------------------------------- ================================================================================ drupal7-views-3.11-1.el6 (FEDORA-EPEL-2015-6089) Provides a method for site designers to control content presentation -------------------------------------------------------------------------------- Update Information: - Release 3.11 is a security fix release - Upstream changelog is at https://www.drupal.org/node/2480259 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 30 2015 Peter Borsa <peter.bo...@gmail.com> - 3.11-1 - Release 3.11 is a security fix release - Upstream changelog is at https://www.drupal.org/node/2480259 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1217279 - drupal7-views-3.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1217279 -------------------------------------------------------------------------------- ================================================================================ mash-0.6.14-1.el6 (FEDORA-EPEL-2015-6087) Koji buildsystem to yum repository converter -------------------------------------------------------------------------------- Update Information: blacklist php and httpd from being multilib rhbz#1217168 (dennis) Make blacklist/whitelist into config values. based on patch from Ralph Bean in rhbz#1082832 (dennis) Pass the config object into the multilib method objects. (rbean) Add configs for stg. (rbean) update the mash configs for rawhide (dennis) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2015 Dennis Gilmore <den...@ausil.us> - 0.6.14-1 - blacklist php and httpd from being multilib rhbz#1217168 (dennis) - Make blacklist/whitelist into config values. based on patch from Ralph Bean in rhbz#1082832 (dennis) - Pass the config object into the multilib method objects. (rbean) - Add configs for stg. (rbean) - update the mash configs for rawhide (dennis) * Tue Feb 10 2015 Dennis Gilmore <den...@ausil.us> - 0.6.13-2 - add patch moving rawhide to f23 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1217168 - httpd and php should not be multilib https://bugzilla.redhat.com/show_bug.cgi?id=1217168 [ 2 ] Bug #1082832 - RFE: make whitelist and blacklist config options instead of hard coded https://bugzilla.redhat.com/show_bug.cgi?id=1082832 -------------------------------------------------------------------------------- ================================================================================ opendmarc-1.3.1-13.el6 (FEDORA-EPEL-2015-6073) A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library -------------------------------------------------------------------------------- Update Information: - Replaced various commands with rpm macros - Included support for systemd macros (#1216881) - Added libspf2-devel to BuildRequires - libspf2 support now provided for all branches -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2015 Steve Jenkins <st...@stevejenkins.com> - 1.3.1-13 - Replaced various commands with rpm macros - Included support for systemd macros (#1216881) * Mon Apr 13 2015 Steve Jenkins <st...@stevejenkins.com> - 1.3.1-12 - Added libspf2-devel to BuildRequires - libspf2 support now provided for all branches * Thu Apr 9 2015 Steve Jenkins <st...@stevejenkins.com> - 1.3.1-11 - Added --with-libspf2 support for all branches except EL5 * Fri Apr 3 2015 Steve Jenkins <st...@stevejenkins.com> - 1.3.1-10 - policycoreutils now only required for EL5 * Mon Mar 30 2015 Steve Jenkins <st...@stevejenkins.com> - 1.3.1-9 - policycoreutils* now only required for Fedora and EL6+ - Added --with-sql-backend configure support - Changed a few macros * Sun Mar 29 2015 Steve Jenkins <st...@stevejenkins.com> - 1.3.1-8 - removed unecessary Requires packages - moved libbsd back to BuildRequires - removed unecessary %defattr - added support for BSD and Sendmail in place of %doc - Changed some opendmarc macro usages * Sat Mar 28 2015 Steve Jenkins <st...@stevejenkins.com> - 1.3.1-7 - added (x86-64) to Requires where necessary - added sendmail-milter to Requires - moved libbsd from BuildRequires to Requires - added policycoreutils and policycoreutils-python to Requires(post) * Sat Mar 28 2015 Steve Jenkins <st...@stevejenkins.com> - 1.3.1-6 - Removed uneeded _pkgdocdir reference * Fri Mar 27 2015 Steve Jenkins <st...@stevejenkins.com> - 1.3.1-5 - Combined systemd and SysV spec files using conditionals - Set AuthservID configuration option to HOSTNAME by default -------------------------------------------------------------------------------- References: [ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library https://bugzilla.redhat.com/show_bug.cgi?id=905304 -------------------------------------------------------------------------------- ================================================================================ perl-Crypt-PBKDF2-0.150900-1.el6 (FEDORA-EPEL-2015-6075) PBKDF2 password hashing algorithm -------------------------------------------------------------------------------- Update Information: Upgrade to 0.150900. Bugfix -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 30 2015 David Dick <dd...@cpan.org> - 0.150900-1 - Upgrade to 0.150900. Bugfix -------------------------------------------------------------------------------- References: [ 1 ] Bug #1207883 - perl-Crypt-PBKDF2-0.150900 is available https://bugzilla.redhat.com/show_bug.cgi?id=1207883 -------------------------------------------------------------------------------- ================================================================================ wildmagic5-5.13-9.el6 (FEDORA-EPEL-2015-6086) Wild Magic libraries -------------------------------------------------------------------------------- Update Information: - **New package** -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211362 - Review Request: wildmagic5 - Wild Magic libraries https://bugzilla.redhat.com/show_bug.cgi?id=1211362 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel