[EPEL-devel] Fedora EPEL 6 updates-testing report

[updates]

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 952  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   
rubygem-crack-0.3.2-2.el6
 842  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb   
mcollective-2.8.4-1.el6
 813  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9   
thttpd-2.25b-24.el6
 424  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac   
libbsd-0.8.3-2.el6
 153  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92   
libmspack-0.6-0.1.alpha.el6
  72  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e   
optipng-0.7.6-6.el6
  44  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462   
heimdal-7.5.0-1.el6
  39  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4   
rootsh-1.5.3-17.el6
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc1949f307   
p7zip-16.02-10.el6
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f742513635   
jhead-3.00-9.el6
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be69c94866   
clamav-0.99.3-8.el6
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-87b20f1b26   
exim-4.90.1-2.el6
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-76121890f9   
seamonkey-2.49.2-2.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c8346d8e5   
mbedtls-2.7.0-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    dislocker-0.7.1-7.el6
    dpm-contrib-admintools-0.2.4-1.el6
    openjpeg2-2.3.0-6.el6
    php-phpseclib-2.0.10-2.el6
    zerofree-1.1.1-1.el6

Details about builds:


================================================================================
 dislocker-0.7.1-7.el6 (FEDORA-EPEL-2018-3f5982aa74)
 Utility to access BitLocker encrypted volumes
--------------------------------------------------------------------------------
Update Information:

- Rebuilt for mbed TLS 2.7.0
--------------------------------------------------------------------------------


================================================================================
 dpm-contrib-admintools-0.2.4-1.el6 (FEDORA-EPEL-2018-afd955e947)
 DPM administration toolkit (contrib from GridPP)
--------------------------------------------------------------------------------
Update Information:

* new upstream release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1545172 - dpm-contrib-admintools is using arch-dependent 
BuildRequires
        https://bugzilla.redhat.com/show_bug.cgi?id=1545172
--------------------------------------------------------------------------------


================================================================================
 openjpeg2-2.3.0-6.el6 (FEDORA-EPEL-2018-6ac908eac8)
 C-Library for JPEG 2000
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114
CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 and many others.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1487393 - CVE-2017-14151 CVE-2017-14152 openjpeg2: various flaws 
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1487393
  [ 2 ] Bug #1487381 - CVE-2016-10504 CVE-2016-10505 CVE-2016-10506 
CVE-2016-10507 openjpeg2: various flaws [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1487381
  [ 3 ] Bug #1418152 - CVE-2016-9112 openjpeg2: Floating point exception 
vulnerability in openjpeg2 when processing untrusted images [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1418152
  [ 4 ] Bug #1335486 - CVE-2016-4796 CVE-2016-4797 openjpeg2: various flaws 
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1335486
  [ 5 ] Bug #1487769 - CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 
CVE-2017-17480 openjpeg2: various flaws [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1487769
  [ 6 ] Bug #1487366 - CVE-2017-14040 CVE-2017-14041 openjpeg2: various flaws 
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1487366
  [ 7 ] Bug #1435069 - CVE-2016-9573 openjpeg2: openjpeg: heap out-of-bounds 
read due to insufficient check in imagetopnm() [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1435069
  [ 8 ] Bug #1422754 - CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 openjpeg2: 
various flaws [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1422754
  [ 9 ] Bug #1422753 - CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 openjpeg2: 
various flaws [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=1422753
  [ 10 ] Bug #1405140 - CVE-2016-9580 CVE-2016-9581 openjpeg2: various flaws 
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1405140
  [ 11 ] Bug #1402722 - CVE-2016-9573 CVE-2016-9572 openjpeg2: various flaws 
[epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=1402722
  [ 12 ] Bug #1377771 - CVE-2016-1923 CVE-2016-1924 openjpeg2: various flaws 
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1377771
  [ 13 ] Bug #1381271 - CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 
CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: various 
flaws [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1381271
  [ 14 ] Bug #1377348 - CVE-2016-7445 openjpeg2: Null pointer dereference in 
convert.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1377348
  [ 15 ] Bug #1374343 - CVE-2016-7163 openjpeg2: various flaws [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1374343
  [ 16 ] Bug #1335773 - CVE-2015-8871 openjpeg2: openjpeg: Use-after-free in 
opj_j2k_write_mco function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1335773
  [ 17 ] Bug #1317832 - CVE-2016-3181 openjpeg2: various flaws [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1317832
--------------------------------------------------------------------------------


================================================================================
 php-phpseclib-2.0.10-2.el6 (FEDORA-EPEL-2018-0c0daea4e3)
 PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:

**Version 2.0.10** - 2018-02-08  - BigInteger: fix issue with bitwise_xor
(#1245) - Crypt: some of the minimum lengths were off - SFTP: update stat cache
accordingly when file becomes a directory (#1235) - SFTP: fix issue with
extended attributes on 64-bit PHP installs (#1248) - SSH2: more channel handling
updates (#1200) - X509: use anonymous functions in PHP >= 5.3.0 - X509: revise
logic for validateLogic (#1213) - X509: fix 7.2 error when extensions were
removed and new ones added (#1243) - fix float to int conversions on ARM CPU's
(#1220)
--------------------------------------------------------------------------------


================================================================================
 zerofree-1.1.1-1.el6 (FEDORA-EPEL-2018-c164420664)
 Utility to force unused ext2/3/4 inodes and blocks to zero
--------------------------------------------------------------------------------
Update Information:

zerofree 1.1.1 ==============     * 2017-02-22: Lift call to
ext2fs_free_blocks_count out of loop.  Suggested by Thanassis Tsiodras.
zerofree 1.1.0 ==============   * 2016-02-18: Add support for 64-bit block
numbers.  * 2015-10-18: Use memcmp.  Suggested by Damien Clark.
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org