[EPEL-devel] Fedora EPEL 6 updates-testing report

[updates]

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
  53  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-06b243cced   
guacamole-server-1.0.0-1.el6
  32  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-62f9745b71   
drupal7-7.65-1.el6
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9f732040bd   
python3-jinja2-2.8.1-2.el6
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bd4638e5a3   
libmediainfo-18.12-3.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    bird-1.6.6-1.el6
    php-horde-horde-5.2.21-1.el6
    php-horde-turba-4.2.24-1.el6
    php-pear-CAS-1.3.7-1.el6

Details about builds:


================================================================================
 bird-1.6.6-1.el6 (FEDORA-EPEL-2019-e406623fec)
 BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:

BIRD 1.6.6 (2019-02-27) =======================    * Several bugfixes related to
route propagation   BIRD 1.6.5 (2019-01-05) =======================    * MRT
table dumps (RFC 6396)   * BGP Long-lived graceful restart   * Filter: Make
ifname attribute modifiable   * Improved keeping track of IPv6 link-local
addresses   * Many bugfixes   BIRD 1.6.4 (2018-03-22) =======================
* Basic VRF support   * Simplified autoconf scripts   * BGP: Shutdown
communication (RFC 8203)   * BGP: Allow exchanging LOCAL_PREF with eBGP peers
* BGP: Allow to specify interface for regular sessions   * BGP: New option
'disable after cease'   * RAdv: Support for more specific routes (RFC 4191)   *
RAdv: Proper handling of prefix retraction   * Filter: Allow silent filter
execution   * Filter: Fixed stack overflow in BGP mask expressions   * Several
bug fixes   BIRD 1.6.3 (2016-12-21) =======================    * Large BGP
communities   * BFD authentication (MD5, SHA1)   * SHA1 and SHA2 authentication
for RIP and OSPF   * Improved documentation   * Several bug fixes   BIRD 1.6.2
(2016-09-29) =======================    * Fixes serious bug introduced in the
previous version   BIRD 1.6.1 (2016-09-22) =======================    * Support
for IPv6 ECMP   * Better handling of IPv6 tentative addresses   * Several
updates and fixes in Babel protocol   * Filter: New !~ operator   * Filter: ASN
ranges in bgpmask   * KRT: New kernel protocol option 'metric'   * KRT: New
route attribute 'krt_scope'   * Improved BIRD help messages   * Fixes memory
leak in BGP multipath   * Fixes handling of empty path segments in BGP AS_PATH
* Several bug fixes   BIRD 1.6.0 (2016-04-29) =======================    * Major
RIP protocol redesign   * New Babel routing protocol   * BGP multipath support
* KRT: Add support for plenty of kernel route metrics   * KRT: Allow more than
256 routing tables   * Static: Allow to specify attributes for static routes   *
Static: Support for BFD controlled static routes   * FreeBSD: Setup password for
BGP MD5 authentication   * IO: Remove socket number limit   * Plenty of bug
fixes   * Upgrade notes:     * For RIP, most protocol options were moved to
interface blocks.   BIRD 1.5.0 (2015-04-20) =======================    * Major
OSPF protocol redesign.   * OSPFv2 multi-instance extension (RFC 6549).   * BGP
AS-wide unique router ID (RFC 6286).   * BGP enhanced route refresh (RFC 7313).
* Link state support in BGP.   * Latency tracking and internal watchdog.   *
Uses high port range for BFD on BSD.   * Increase max symbol length to 64.   *
Allows to define unnamed protocols from templates.   * Fixes two serious bugs in
BGP.   * Several bugfixes and minor improvements.   * Several minor option
changes:     * OSPF: Protocol-wide 'instance id' option added.     * BGP:
Parameters to option 'neighbor' extended.     * BGP: Separate option 'interface'
added.     * BGP: Option 'start delay time' renamed to 'connect delay time'.
* BGP: Option 'route limit' deprecated.   * Upgrade notes:     * For OSPF, there
are deep internal changes, but user-visible changes are limited to log messages
and minor changes in formatting of command output.     * For BGP, version 1.5.0
is essentially a minor release. There are two deprecated options ('start delay
time' and 'route limit') and some minor formatting changes.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr  6 2019 Robert Scheck <rob...@fedoraproject.org> - 1.6.6-1
- Upgrade to 1.6.6 (CVE-2018-12066)
- Modernization and cleanup of spec file
- Ensure /etc/bird.conf can be only read by BIRD user
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1588769 - CVE-2018-12066 bird: Stack overflow in BGP mask 
expressions
        https://bugzilla.redhat.com/show_bug.cgi?id=1588769
--------------------------------------------------------------------------------


================================================================================
 php-horde-horde-5.2.21-1.el6 (FEDORA-EPEL-2019-009f5f140b)
 Horde Application Framework
--------------------------------------------------------------------------------
Update Information:

**horde 5.2.21**  * [mjr] SECURITY: Fix XSS vulnerability in the Cloud Block.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 23 2019 Remi Collet <r...@remirepo.net> - 5.2.21-1
- update to 5.2.21
- use range dependencies
--------------------------------------------------------------------------------


================================================================================
 php-horde-turba-4.2.24-1.el6 (FEDORA-EPEL-2019-b9ea566899)
 A web based address book
--------------------------------------------------------------------------------
Update Information:

**turba 4.2.24**  * [mjr] SECURITY: Fix XSS vulnerability in display of contact
tags. * [jan] Clarify objectClass filter examples for LDAP backends (Ralf Lang).
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 23 2019 Remi Collet <r...@remirepo.net> - 4.2.24-1
- update to 4.2.24
- use range dependencies
--------------------------------------------------------------------------------


================================================================================
 php-pear-CAS-1.3.7-1.el6 (FEDORA-EPEL-2019-abc8b04747)
 Central Authentication Service client library in php
--------------------------------------------------------------------------------
Update Information:

**Changes in version 1.3.7**  **Bug Fixes:**     * Fix pear package [#297] (Phil
Fenstermacher)  **Improvement:**  * add method to get list of supported
protocols (#293) Julien Boulen
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 23 2019 Remi Collet <r...@remirepo.net> - 1.3.7-1
- update to 1.3.7
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org