The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 474  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031   
python-virtualenv-12.0.7-1.el6
 468  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   
rubygem-crack-0.3.2-2.el6
 399  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156   
nagios-4.0.8-1.el6
 358  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb   
mcollective-2.8.4-1.el6
 330  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9   
thttpd-2.25b-24.el6
 215  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-30a8346813   
vtun-3.0.1-10.el6
  60  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53   
chicken-4.11.0-3.el6
  32  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-25e30f6dc3   
jansson-2.9-1.el6
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2f6f1435ed   
tor-0.2.8.9-1.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a886ace670   
tomcat-7.0.72-1.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-cb5398893b   
nodejs-0.10.48-3.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    nodejs-0.10.48-3.el6
    pcre2-10.21-8.el6
    perl-Tangerine-0.23-1.el6
    php-fedora-autoloader-0.1.2-1.el6
    tomcat-7.0.72-1.el6

Details about builds:


================================================================================
 nodejs-0.10.48-3.el6 (FEDORA-EPEL-2016-cb5398893b)
 JavaScript runtime
--------------------------------------------------------------------------------
Update Information:

Update to 0.10.48 (security fix)  ----  Update to 0.10.47 (security fix)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1388029 - Please update nodejs to 0.10.48 because of CVE-2016-5180
        https://bugzilla.redhat.com/show_bug.cgi?id=1388029
--------------------------------------------------------------------------------


================================================================================
 pcre2-10.21-8.el6 (FEDORA-EPEL-2016-fb720dbe88)
 Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:

This release documents an existing assert capture limitination.  ----  This
release fixes compilation of conditionals when a group name starts with "R". It
fixes optimization for patterns starting with lookaheads. It also corrects
displaying a callout position in pcretest output if an escape sequence is
greater than \x{ff}. It also corrects internal options documentation and
misspelllings in pcrepattern(3) manual page.
--------------------------------------------------------------------------------


================================================================================
 perl-Tangerine-0.23-1.el6 (FEDORA-EPEL-2016-64393af006)
 Analyse perl files and report module-related information
--------------------------------------------------------------------------------
Update Information:

A new version of Tangerine is available. This release introduces support for
Test::Needs.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1387944 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1387944
--------------------------------------------------------------------------------


================================================================================
 php-fedora-autoloader-0.1.2-1.el6 (FEDORA-EPEL-2016-f6b9b78cd3)
 Fedora Autoloader
--------------------------------------------------------------------------------
Update Information:

Static [PSR-4](http://www.php-fig.org/psr/psr-4/), [PSR-0](http://www.php-
fig.org/psr/psr-0/), and classmap autoloader.  Includes loader for required and
optional dependencies.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1386735 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1386735
--------------------------------------------------------------------------------


================================================================================
 tomcat-7.0.72-1.el6 (FEDORA-EPEL-2016-a886ace670)
 Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API
--------------------------------------------------------------------------------
Update Information:

This updates includes a rebase from tomcat 7.0.70 up to 7.0.72 which resolves
one CVE:  * rhbz#1375582 CVE-2016-5388 Tomcat: CGI sets environmental variable
based on user supplied Proxy request header  and includes one additional CVE fix
along with two bug fixes:  * rhbz#1376718 CVE-2016-1240 tomcat: Local privilege
escalation via unsafe file handling in the Tomcat init script * rhbz#1379170
jsvc script is broken * rhbz#1170797 remove tomcat6 dependency on redhat-lsb
(and any other unnecessary ones)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1170797 - remove tomcat6 dependency on redhat-lsb (and any other 
unnecessary ones)
        https://bugzilla.redhat.com/show_bug.cgi?id=1170797
  [ 2 ] Bug #1379170 - jsvc script is broken
        https://bugzilla.redhat.com/show_bug.cgi?id=1379170
  [ 3 ] Bug #1376718 - CVE-2016-1240 tomcat: Local privilege escalation via 
unsafe file handling in the Tomcat init script [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=1376718
  [ 4 ] Bug #1375582 - CVE-2016-5388 Tomcat: CGI sets environmental variable 
based on user supplied Proxy request header [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1375582
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org

Reply via email to