The following Fedora EPEL 6 Security updates need testing:
Age URL
225 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828
chicken-4.9.0.1-4.el6
207 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
201 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
133 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148
optipng-0.7.5-5.el6
133 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156
nagios-4.0.8-1.el6
91 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
63 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-819f6356ea
tomcat-7.0.65-1.el6
23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-550132e830
flite-1.3-24.el6
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a0881ad244
gsi-openssh-5.3p1-12.el6
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2fac4bfaba
privoxy-3.0.23-2.el6
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d0e6303e27
p7zip-15.09-9.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-579c4e2951
prosody-0.9.10-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6eee18cd6e
phpMyAdmin-4.0.10.14-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
cmake-fedora-2.5.1-1.el6
cmark-0.23.0-4.el6
future-0.15.2-7.el6
globus-gssapi-gsi-11.26-1.el6
hitch-1.1.1-1.el6
phpMyAdmin-4.0.10.14-1.el6
preprocess-1.2.2-6.20150919gitd5ab9a.el6
prosody-0.9.10-1.el6
pyhoca-gui-0.5.0.5-1.el6
python-raven-5.10.2-1.el6
python-requests-toolbelt-0.6.0-1.el6
telegram-cli-1.3.3-0.4.20160108git160231.el6
Details about builds:
================================================================================
cmake-fedora-2.5.1-1.el6 (FEDORA-EPEL-2016-11b6bc2a64)
CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:
- Fixed: * Out-of-the-source build for ibus-chewing
--------------------------------------------------------------------------------
================================================================================
cmark-0.23.0-4.el6 (FEDORA-EPEL-2016-e102c14dc7)
CommonMark parsing and rendering
--------------------------------------------------------------------------------
Update Information:
CommonMark parsing and rendering (http://commonmark.org/)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1266429 - Review Request: cmark - CommonMark parsing and rendering
https://bugzilla.redhat.com/show_bug.cgi?id=1266429
--------------------------------------------------------------------------------
================================================================================
future-0.15.2-7.el6 (FEDORA-EPEL-2016-fa6372431f)
Easy, clean, reliable Python 2/3 compatibility
--------------------------------------------------------------------------------
Update Information:
- Renamed Python2 package
--------------------------------------------------------------------------------
================================================================================
globus-gssapi-gsi-11.26-1.el6 (FEDORA-EPEL-2016-1ae2843014)
Globus Toolkit - GSSAPI library
--------------------------------------------------------------------------------
Update Information:
ix FORCE_TLS setting to allow TLSv1.1 and TLS1.2, not just TLSv1.0
--------------------------------------------------------------------------------
================================================================================
hitch-1.1.1-1.el6 (FEDORA-EPEL-2016-4c1dd08351)
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:
New upstream release. A bugfix relase.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302474 - hitch-1.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1302474
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.14-1.el6 (FEDORA-EPEL-2016-6eee18cd6e)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.14 (2016-01-29) ================================= - Error
with PMA 4.0.10.13 with PHP 5.2 phpMyAdmin 4.0.10.13 (2016-01-28)
================================= - [Security] Multiple full path disclosure
vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of CSRF token,
see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see PMASA-2016-3 -
[Security] Insecure password generation in JavaScript, see PMASA-2016-4 -
[Security] Unsafe comparison of CSRF token, see PMASA-2016-5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF
token (PMASA-2016-5)
https://bugzilla.redhat.com/show_bug.cgi?id=1302681
[ 2 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation
in JavaScript (PMASA-2016-4)
https://bugzilla.redhat.com/show_bug.cgi?id=1302680
[ 3 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities
(PMASA-2016-3)
https://bugzilla.redhat.com/show_bug.cgi?id=1302679
[ 4 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF
token (PMASA-2016-2)
https://bugzilla.redhat.com/show_bug.cgi?id=1302677
[ 5 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure
vulnerabilities (PMASA-2016-1)
https://bugzilla.redhat.com/show_bug.cgi?id=1302676
--------------------------------------------------------------------------------
================================================================================
preprocess-1.2.2-6.20150919gitd5ab9a.el6 (FEDORA-EPEL-2016-eda899e7f6)
A portable multi-language file Python2 preprocessor
--------------------------------------------------------------------------------
Update Information:
- Renamed Python2 package
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.10-1.el6 (FEDORA-EPEL-2016-579c4e2951)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.10 ============== A summary of changes in this release: Security
-------- * mod_dialback: Adopt key generation algorithm from XEP-0185, to
prevent impersonation attacks (CVE-2016-0756) Fixes and improvements
---------------------- * Startup: Open /dev/urandom read-only, to fix a
failure to start on some systems (fixes #585) * Networking: Improve handling of
the 'select' network backend running out of file descriptors Minor changes
------------- * Networking: Increase default internal read size to prevent
connections stalling with LuaEvent (see #583) * DNS: Discard queries that
failed to send due to connection errors (fixes #598) * c2s, s2s: Lower priority
of shutdown handler, so that modules such as MUC can always send shutdown
notifications to (remote) users (fixes #601)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302463 - CVE-2016-0756 prosody: mod_dialback allows impersonation
attacks
https://bugzilla.redhat.com/show_bug.cgi?id=1302463
--------------------------------------------------------------------------------
================================================================================
pyhoca-gui-0.5.0.5-1.el6 (FEDORA-EPEL-2016-c533b899e3)
Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:
Crash fix when rendering icons in the published applications menu.
--------------------------------------------------------------------------------
================================================================================
python-raven-5.10.2-1.el6 (FEDORA-EPEL-2016-894c1d1031)
Python client for Sentry
--------------------------------------------------------------------------------
Update Information:
Update to python-raven-5.10.2 ---- First EPEL release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1234950 - Package python-raven in EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1234950
[ 2 ] Bug #1298402 - python-raven-5.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1298402
--------------------------------------------------------------------------------
================================================================================
python-requests-toolbelt-0.6.0-1.el6 (FEDORA-EPEL-2016-c83ffa6b9b)
A utility belt for advanced users of python-requests
--------------------------------------------------------------------------------
Update Information:
update to 0.6.0 release
--------------------------------------------------------------------------------
================================================================================
telegram-cli-1.3.3-0.4.20160108git160231.el6 (FEDORA-EPEL-2016-cf26f3ef62)
Linux Command-line interface for Telegram
--------------------------------------------------------------------------------
Update Information:
- Renamed Python2 package - Update to commit #160231 - Fixed Python3 package
version on EPEL
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
http://lists.fedoraproject.org/admin/lists/[email protected]
