The following Fedora EPEL 6 Security updates need testing:
Age URL
234 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828
chicken-4.9.0.1-4.el6
216 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
210 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
142 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148
optipng-0.7.5-5.el6
142 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156
nagios-4.0.8-1.el6
100 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
72 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-579c4e2951
prosody-0.9.10-1.el6
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6eee18cd6e
phpMyAdmin-4.0.10.14-1.el6
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-eb496fe204
python-pymongo-2.5.2-3.el6.1
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-cd56c646d5
wordpress-4.4.2-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-cb3b95bd2f
firebird-2.5.5.26952.0-2.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8aee7a9340
php-horde-horde-5.2.9-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
firebird-2.5.5.26952.0-2.el6
freight-0.3.5-6.el6
libmediainfo-0.7.82-1.el6
mediainfo-0.7.82-1.el6
php-horde-Horde-Cache-2.5.2-1.el6
php-horde-Horde-Core-2.22.6-1.el6
php-horde-Horde-Crypt-2.7.0-1.el6
php-horde-Horde-Date-2.2.0-1.el6
php-horde-Horde-Db-2.3.1-1.el6
php-horde-Horde-Form-2.0.12-1.el6
php-horde-Horde-Http-2.1.6-1.el6
php-horde-Horde-Imap-Client-2.29.5-1.el6
php-horde-Horde-Mime-Viewer-2.1.2-1.el6
php-horde-Horde-Service-Weather-2.3.2-1.el6
php-horde-Horde-SyncMl-2.0.6-1.el6
php-horde-Horde-Timezone-1.0.10-1.el6
php-horde-Horde-Vfs-2.3.1-1.el6
php-horde-horde-5.2.9-1.el6
php-horde-imp-6.2.12-1.el6
php-horde-ingo-3.2.8-1.el6
php-horde-kronolith-4.2.13-1.el6
php-nette-deprecated-2.3.2-1.el6
Details about builds:
================================================================================
firebird-2.5.5.26952.0-2.el6 (FEDORA-EPEL-2016-cb3b95bd2f)
SQL relational database management system
--------------------------------------------------------------------------------
Update Information:
move fb_config (#1297506)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297447 - CVE-2016-1569 firebird: authenticated remote crash by
gbak invocation
https://bugzilla.redhat.com/show_bug.cgi?id=1297447
--------------------------------------------------------------------------------
================================================================================
freight-0.3.5-6.el6 (FEDORA-EPEL-2016-e6d7b375ed)
A modern take on the Debian archive
--------------------------------------------------------------------------------
Update Information:
- Fix compatibility with apt 1.1 (Debian Stretch, Ubuntu Xenial)
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.82-1.el6 (FEDORA-EPEL-2016-27b306ced7)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.82.
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.82-1.el6 (FEDORA-EPEL-2016-27b306ced7)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.82.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Cache-2.5.2-1.el6 (FEDORA-EPEL-2016-9632f71a37)
Horde Caching API
--------------------------------------------------------------------------------
Update Information:
**Horde_Cache 2.5.2** * [jan] Improve performance and memory consumption of
garbage collection in File driver. * [jan] Fix garbage collection in File
driver. * [jan] Fix caching issues within the same request in the Memcache
driver. * [jan] Fix the Mongo driver's expire() if not using a logger. * [jan]
Add unit tests.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.22.6-1.el6 (FEDORA-EPEL-2016-336a9e3182)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.22.6** * [mjr] Improvements to GHOSTED/SUPPORTED handling for
ActiveSync. * [mjr] Do not throw a fatal error if a meeting request can not be
deleted after responding to it. * [mjr] Changes for EAS 16.0 support. * [mjr]
Honor the disabled property when rendering boolean form types. * [jan] Fix
returning to last page after problem reporting from AJAX pages (Bug #12112). *
[jan] Fix updating group cache with LDAP backend. * [jan]
Horde_Registry_Nlsconfig#validLang() checks now if a locale is installed
(Request #10457). * [jan] Mark PHP 7 as supported. * [jan] Add option to always
lowercase user names after logging in.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Crypt-2.7.0-1.el6 (FEDORA-EPEL-2016-b39588d51e)
Horde Cryptography API
--------------------------------------------------------------------------------
Update Information:
**Horde_Crypt 2.7.0** * [jan] Add
Horde_Crypt_Pgp::pgpPacketInformationMultiple() and
Horde_Crypt_Pgp_Backend_Binary::packetInfoMultiple() (Request #13190). * [jan]
Fix retrieving PGP keys from the keyserver with certain HTTP client backends. *
[jan] Fix creating PGP keys with comments (Bug #14125). * [jan] Mark PHP 7 as
supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Date-2.2.0-1.el6 (FEDORA-EPEL-2016-a21ad632b9)
Horde Date package
--------------------------------------------------------------------------------
Update Information:
**Horde_Date 2.2.0** * [mjr] Add Horde_Date_Recurrence::isEqual(). * [jan] Mark
PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Db-2.3.1-1.el6 (FEDORA-EPEL-2016-91bb02bafc)
Horde Database Libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Db 2.3.1** * [jan] Bump earliest supported PostgreSQL version to 8.3. *
[jan] Improve getting tables and indexes from PostgreSQL servers (Ivan Sergio
Borgonovo). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Form-2.0.12-1.el6 (FEDORA-EPEL-2016-dc9d8bbf7f)
Horde Form API
--------------------------------------------------------------------------------
Update Information:
**Horde_Form 2.0.12** * [jan] Fix field types being overwritten in certain
cases. * [jan] Allow any empty format specifiers for the monthdayyear field (Bug
#14130). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Http-2.1.6-1.el6 (FEDORA-EPEL-2016-1f4daf994e)
Horde HTTP libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Http 2.1.6** * [jan] Fix disabling SSL certificate hostname check
(Thomas Jarosch Bug #12929). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.29.5-1.el6 (FEDORA-EPEL-2016-695ae04a29)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.29.5** * [jan] Don't try LOGIN authentication over secure
connections if explicitly disabled. * [jan] Mark PHP 7 as supported. * [jan]
Improve Oracle compatibility. * [mjr] Fix fatal error during shutdown due to
incorrect exception name. * [jan] Fix broken ID requests under certain
circumstances.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Mime-Viewer-2.1.2-1.el6 (FEDORA-EPEL-2016-cc075272a8)
Horde MIME Viewer Library
--------------------------------------------------------------------------------
Update Information:
**Horde_Mime_Viewer 2.1.2** * [jan] Add temp_dir configuration parameter to
OpenOffice/LibreOffice viewer (Request #11756). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Service-Weather-2.3.2-1.el6 (FEDORA-EPEL-2016-62d2d34dc6)
Horde Weather Provider
--------------------------------------------------------------------------------
Update Information:
**Horde_Service_Weather 2.3.2** * [jan] Catch Horde_Date exceptions and try
harder to provide dates for weather alerts. * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-SyncMl-2.0.6-1.el6 (FEDORA-EPEL-2016-7b3929941c)
Horde_SyncMl provides an API for processing SyncML requests
--------------------------------------------------------------------------------
Update Information:
**Horde_SyncMl 2.0.6** * [jan] Split large objects into multiple messages
([email protected], Request #11071). * [jan] Remove workarounds for ancient
Synthesis clients (Bug #10942). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Timezone-1.0.10-1.el6 (FEDORA-EPEL-2016-6a261f33b2)
Timezone library
--------------------------------------------------------------------------------
Update Information:
**Horde_Timezone 1.0.10** * [mjr] Fix generation of broken VTIMEZONE components
for certain Rules (Bug #14221). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Vfs-2.3.1-1.el6 (FEDORA-EPEL-2016-92a348428a)
Virtual File System API
--------------------------------------------------------------------------------
Update Information:
**Horde_Vfs 2.3.1** * [jan] Mark PHP 7 as supported. * small bugfix
--------------------------------------------------------------------------------
================================================================================
php-horde-horde-5.2.9-1.el6 (FEDORA-EPEL-2016-8aee7a9340)
Horde Application Framework
--------------------------------------------------------------------------------
Update Information:
**horde 5.2.9** * [jan] SECURITY: Fix XSS vulnerability in menu bar exposed by
few applications (Bug #14213). * [jan] Add more detailed user DN settings to
Kolab group configuration (Request #11737). * [jan] Fix returning to last page
after problem reporting from AJAX pages (Bug #12112). * [jan] Fix custom
database configuration for groups (Bug #11664). * [jan] Use access rules
compatible with both Apache 2.2 and 2.4. * [mjr] Fix reporting results for non-
select queries in administrative sql shell (Bug #14216).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1305597 - CVE-2015-8807 php-horde-Horde: Cross-site scripting in
_renderVarInput_number
https://bugzilla.redhat.com/show_bug.cgi?id=1305597
[ 2 ] Bug #1304397 - CVE-2016-2228 php-horde: reflected cross-site scripting
https://bugzilla.redhat.com/show_bug.cgi?id=1304397
--------------------------------------------------------------------------------
================================================================================
php-horde-imp-6.2.12-1.el6 (FEDORA-EPEL-2016-3172ac44f6)
A web based webmail system
--------------------------------------------------------------------------------
Update Information:
**imp 6.2.12** * [jan] Don't strip PGP mime parts when saving sent messages
(Bug #14233). * [jan] Fix retrieving public PGP keys with certain HTTP client
backends. * [jan] Send MDNs from the correct identity (Bug #14034). * [jan] Fix
autocompleter filtering if items exceed the maximum size ([email protected], Bug
#13984). * [jan] Use access rules compatible with both Apache 2.2 and 2.4. *
[jan] Allow to disable remote accounts by locking the preference. * [jan] Fix
setting title with newmail count in IE11 and Edge (Bug #14189). * [jan] Fix
wrapping of plain text converted from HTML MIME parts.
--------------------------------------------------------------------------------
================================================================================
php-horde-ingo-3.2.8-1.el6 (FEDORA-EPEL-2016-031ce96323)
An email filter rules manager
--------------------------------------------------------------------------------
Update Information:
**Ingo 3.2.8** * [jan] Fix editing shared rulesets (Bug #12694). * [jan] Allow
to edit permissions of another user's rules if that user assigned ownership. *
[jan] Use access rules compatible with both Apache 2.2 and 2.4. * [jan] Fix
variable name in vacation_addresses hook example. * [jan] Correctly save names
of mailbox created from the rule form (Bug #14150). * [mjr] Fix invalid URLs in
certain forms when cookies are disabled (Bug #14148).
--------------------------------------------------------------------------------
================================================================================
php-horde-kronolith-4.2.13-1.el6 (FEDORA-EPEL-2016-1b9428015c)
A web based calendar
--------------------------------------------------------------------------------
Update Information:
**Kronolith 4.2.13** * [mjr] Add missing EAS ghosted property support for all
EAS versions. Prevents potential loss of event data during synchronization.
**Kronolith 4.2.12** * [mjr] Fix missing truncated event description when using
ActiveSync. * [jan] Fix week number in basic view if week starts on Sundays. *
[mjr] Fix issue where new event could be created with exceptions from previously
edited event. * [jan] Mark preferences only available in basic mode. * [jan] Use
access rules compatible with both Apache 2.2 and 2.4. * [jan] Fix accidental
deletion of events if importing recurring events without a UID attribute (Bug
#14208). * [mjr] Honor confirm_delete preference in dynamic view (Bug #14188). *
[mjr] Correctly deal with cancelled meetings via ActiveSync. * [mjr] Fix
visibility of alarm titles when alarm is generated via CLI (Bug #14154). * [mjr]
Fix display of embed code by adding the full url.
--------------------------------------------------------------------------------
================================================================================
php-nette-deprecated-2.3.2-1.el6 (FEDORA-EPEL-2016-54356eb14f)
APIs and features removed from Nette Framework
--------------------------------------------------------------------------------
Update Information:
APIs and features removed from Nette Framework. To use this library, you just
have to add, in your project: require_once
'/usr/share/php/Nette/Deprecated/autoload.php';
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1277478 - Review Request: php-nette-deprecated - APIs and features
removed from Nette Framework
https://bugzilla.redhat.com/show_bug.cgi?id=1277478
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
http://lists.fedoraproject.org/admin/lists/[email protected]
