The following Fedora EPEL 6 Security updates need testing:
Age URL
265
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1
56
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1501/strongswan-5.3.2-1.el6
45
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6828/chicken-4.9.0.1-4.el6
27
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7031/python-virtualenv-12.0.7-1.el6
22
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7116/nx-libs-3.5.0.32-1.el6
21
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7168/rubygem-crack-0.3.2-2.el6
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7304/uwsgi-2.0.11.1-1.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7362/drupal6-cck-2.10-1.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7347/lighttpd-1.4.36-1.el6
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7497/lxc-1.0.7-2.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7353/wordpress-4.2.4-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
globus-gass-cache-9.7-1.el6
globus-gram-job-manager-14.27-1.el6
globus-proxy-utils-6.13-1.el6
globus-simple-ca-4.22-1.el6
golang-github-armon-go-radix-0-0.2.git0bab926.el6
hitch-1.0.0-0.4.2.beta4.el6
openvpn-2.3.8-1.el6
ripright-0.9-3.el6
wordpress-4.2.4-1.el6
Details about builds:
================================================================================
globus-gass-cache-9.7-1.el6 (FEDORA-EPEL-2015-7509)
Globus Toolkit - Globus Gass Cache
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for
globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling
causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager
cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <[email protected]> - 9.7-1
- GT6 update: GT-618: GASS Cache error mishandling causes crash
* Wed Jun 17 2015 Fedora Release Engineering <[email protected]>
- 9.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-14.27-1.el6 (FEDORA-EPEL-2015-7509)
Globus Toolkit - GRAM Jobmanager
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for
globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling
causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager
cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <[email protected]> - 14.27-1
- GT6 update: GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
================================================================================
globus-proxy-utils-6.13-1.el6 (FEDORA-EPEL-2015-7509)
Globus Toolkit - Globus GSI Proxy Utility Programs
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for
globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling
causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager
cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <[email protected]> - 6.13-1
- GT6 update: Add explicit name comparison mode selection option
--------------------------------------------------------------------------------
================================================================================
globus-simple-ca-4.22-1.el6 (FEDORA-EPEL-2015-7509)
Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for
globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling
causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager
cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <[email protected]> - 4.22-1
- GT6 update: Use 4096-bit RSA key for globus-simple-ca
* Wed Jun 17 2015 Fedora Release Engineering <[email protected]>
- 4.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
golang-github-armon-go-radix-0-0.2.git0bab926.el6 (FEDORA-EPEL-2015-7501)
Golang implementation of Radix trees
--------------------------------------------------------------------------------
Update Information:
Update of spec file to spec-2.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 30 2015 Fridolin Pokorny <[email protected]> - 0-0.2.git0bab926
- Update of spec file to spec-2.0
resolves: #1248654
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248654 - Tracker for golang-github-armon-go-radix
https://bugzilla.redhat.com/show_bug.cgi?id=1248654
--------------------------------------------------------------------------------
================================================================================
hitch-1.0.0-0.4.2.beta4.el6 (FEDORA-EPEL-2015-7511)
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:
New upstream beta release
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1235305 - Review Request: hitch - Network proxy that terminates
TLS/SSL connections
https://bugzilla.redhat.com/show_bug.cgi?id=1235305
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.8-1.el6 (FEDORA-EPEL-2015-7518)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Jon Ciesla <[email protected]> 2.3.8-1
- 2.3.8
--------------------------------------------------------------------------------
================================================================================
ripright-0.9-3.el6 (FEDORA-EPEL-2015-7517)
A minimal CD ripper
--------------------------------------------------------------------------------
Update Information:
* Rebuild for ImageMagick-6.7.2.7-2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Christopher Meng <[email protected]> - 0.9-3
- Rebuilt for ImageMagick 6.7.2.7-2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249941 - Needs to be rebuilt for new ImageMagick
https://bugzilla.redhat.com/show_bug.cgi?id=1249941
--------------------------------------------------------------------------------
================================================================================
wordpress-4.2.4-1.el6 (FEDORA-EPEL-2015-7353)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.2.4 Security and Maintenance Release**
WordPress 4.2.4 is now available. This is a security release for all previous
versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting
vulnerabilities and a potential SQL injection that could be used to compromise
a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen
Hou-SandĂ of the WordPress security team, Netanel Rubin of Check Point, and
Ivan Grigorov. It also includes a fix for a potential timing side-channel
attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker
from locking a post from being edited, discovered by Mohamed A. Baset.
Our thanks to those who have practiced responsible disclosure of security
issues.
WordPress 4.2.4 also fixes four bugs. For more information, see:
the release notes or consult the list of changes.
* the release notes: https://codex.wordpress.org/Version_4.2.4
* the list of changes:
https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396
**WordPress 4.2.3 Security and Maintenance Release**
WordPress 4.2.3 is now available. This is a security release for all previous
versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting
vulnerability, which could allow users with the Contributor or Author role to
compromise a site. This was initially reported by Jon Cave and fixed by Robert
Chapin, both of the WordPress security team, and later reported by Jouko
Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber
permissions to create a draft through Quick Draft. Reported by Netanel Rubin
from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security
issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information,
see:
* the release notes: https://codex.wordpress.org/Version_4.2.3
* the list of changes:
https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Remi Collet <[email protected]> - 4.2.4-1
- WordPress 4.2.4 Security and Maintenance Release
* Fri Jul 24 2015 Remi Collet <[email protected]> - 4.2.3-1
- WordPress 4.2.3 Security and Maintenance Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246396 - CVE-2015-5622 CVE-2015-5623 wordpress: cross-site
scripting and permission issue fixed in wordpress 4.2.3
https://bugzilla.redhat.com/show_bug.cgi?id=1246396
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
