The following Fedora EPEL 6 Security updates need testing:
Age URL
971 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
861 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
832 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
443 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
172 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92
libmspack-0.6-0.1.alpha.el6
92 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e
optipng-0.7.6-6.el6
64 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462
heimdal-7.5.0-1.el6
58 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4
rootsh-1.5.3-17.el6
27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f742513635
jhead-3.00-9.el6
15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5d12c76136
drupal7-7.57-1.el6
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7e91105260
clamav-0.99.4-1.el6
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a27d71c715
pax-utils-1.2.3-1.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-4bcfff2d5e
tor-0.2.9.15-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
nmh-1.7.1-3.el6
php-simplesamlphp-saml2-2.3.8-1.el6
php-simplesamlphp-saml2_1-1.10.6-1.el6
pidgin-sipe-1.23.2-1.el6
python-antlr-2.7.7-5.el6
Details about builds:
================================================================================
nmh-1.7.1-3.el6 (FEDORA-EPEL-2018-eae0de1c6b)
A capable MIME-email-handling system with a command-line interface
--------------------------------------------------------------------------------
Update Information:
Replaced /usr/bin/vi with /bin/vi.
--------------------------------------------------------------------------------
================================================================================
php-simplesamlphp-saml2-2.3.8-1.el6 (FEDORA-EPEL-2018-57cbc61216)
SAML2 PHP library from SimpleSAMLphp
--------------------------------------------------------------------------------
Update Information:
* [SSPSA 201803-01 /
CVE-2018-7711](https://simplesamlphp.org/security/201803-01) * [SSPSA 201802-01
/ CVE-2018-7644](https://simplesamlphp.org/security/201802-01) * [SSPSA
201801-01 / CVE-2018-6519](https://simplesamlphp.org/security/201801-01)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1553357 - CVE-2018-7711 php-simplesamlphp-saml2: Authentication
Bypass in the signature validation utilities
https://bugzilla.redhat.com/show_bug.cgi?id=1553357
[ 2 ] Bug #1553352 - CVE-2018-7644 php-simplesamlphp-saml2: Signature
Validation Bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1553352
[ 3 ] Bug #1542244 - CVE-2018-6519 php-simplesamlphp-saml2: Denial of Service
in xs:DateTime timestamp in SAML2 library
https://bugzilla.redhat.com/show_bug.cgi?id=1542244
--------------------------------------------------------------------------------
================================================================================
php-simplesamlphp-saml2_1-1.10.6-1.el6 (FEDORA-EPEL-2018-0f3319c1ea)
SAML2 PHP library from SimpleSAMLphp (version 1)
--------------------------------------------------------------------------------
Update Information:
* [SSPSA 201803-01 /
CVE-2018-7711](https://simplesamlphp.org/security/201803-01) * [SSPSA 201802-01
/ CVE-2018-7644](https://simplesamlphp.org/security/201802-01) * [SSPSA
201801-01 / CVE-2018-6519](https://simplesamlphp.org/security/201801-01)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1553357 - CVE-2018-7711 php-simplesamlphp-saml2: Authentication
Bypass in the signature validation utilities
https://bugzilla.redhat.com/show_bug.cgi?id=1553357
[ 2 ] Bug #1553352 - CVE-2018-7644 php-simplesamlphp-saml2: Signature
Validation Bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1553352
[ 3 ] Bug #1542244 - CVE-2018-6519 php-simplesamlphp-saml2: Denial of Service
in xs:DateTime timestamp in SAML2 library
https://bugzilla.redhat.com/show_bug.cgi?id=1542244
--------------------------------------------------------------------------------
================================================================================
pidgin-sipe-1.23.2-1.el6 (FEDORA-EPEL-2018-a1b231db0b)
Pidgin protocol plugin to connect to MS Office Communicator
--------------------------------------------------------------------------------
Update Information:
New upstream release: * add support for IPv6 addresses in SIP & SDP messages *
extend libpurple D-Bus interface * don't load buddy photos from unknown sites by
default * add support for user redirect in Lync autodiscover * enable
audio/video calls for Office365 cloud-based accounts * fix some HTTP requests
that were not sent
--------------------------------------------------------------------------------
================================================================================
python-antlr-2.7.7-5.el6 (FEDORA-EPEL-2018-2a2c9fbdde)
Python runtime support for ANTLR-generated parsers
--------------------------------------------------------------------------------
Update Information:
This package contains the Python runtime support for ANTLR-generated parsers.
**NOTE:** this EL6-only package supplements RHEL6 package antlr, which is
missing the Python runtime support.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1189171 - Review Request: python-antlr - Python runtime support
for ANTLR-generated parsers
https://bugzilla.redhat.com/show_bug.cgi?id=1189171
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
