The following Fedora EPEL 6 Security updates need testing:
Age URL
43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-06b243cced
guacamole-server-1.0.0-1.el6
23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-62f9745b71
drupal7-7.65-1.el6
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8d5207833a
ntfs-3g-2017.3.23-11.el6
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-73e99f4a82
python34-3.4.10-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
python-whoosh-2.7.4-3.el6
python3-jinja2-2.8.1-2.el6
Details about builds:
================================================================================
python-whoosh-2.7.4-3.el6 (FEDORA-EPEL-2019-7569fe8565)
Fast, pure-Python full text indexing, search, and spell checking library
--------------------------------------------------------------------------------
Update Information:
Update to 2.7.4 Build for python 3.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 12 2016 Orion Poplawski <[email protected]> - 2.7.4-3
- Ship python2-whoosh
- Build python3 package for EPEL7
- Modernize spec
* Mon May 2 2016 Robert Kuska <[email protected]> - 2.7.4-1
- Update to 2.7.4
--------------------------------------------------------------------------------
================================================================================
python3-jinja2-2.8.1-2.el6 (FEDORA-EPEL-2019-9f732040bd)
General purpose template engine
--------------------------------------------------------------------------------
Update Information:
Update to 2.8.1 Security fix for CVE-2016-10745 Security fix for
CVE-2019-10906
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 13 2019 Orion Poplawski <[email protected]> - 2.8.1-2
- Backport fix for CVE-2016-10745 (bugz#1698839)
* Sat Apr 13 2019 Orion Poplawski <[email protected]> - 2.8.1-1
- Update to 2.8.1 (CVE-2016-10745 bugz#1698350)
* Thu Apr 4 2019 Orion Poplawski <[email protected]> - 2.8-4
- Build for python3_other
* Thu Mar 7 2019 Troy Dawson <[email protected]> - 2.8-3
- Rebuilt to change main python from 3.4 to 3.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1698345 - CVE-2016-10745 python-jinja2: Sandbox escape due to
information disclosure via str.format
https://bugzilla.redhat.com/show_bug.cgi?id=1698345
[ 2 ] Bug #1698839 - CVE-2019-10906 python-jinja2: str.format_map allows
sandbox escape
https://bugzilla.redhat.com/show_bug.cgi?id=1698839
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
