Fedora EPEL 6 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 6 Security updates need testing:
Age URL
207 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c unrtf-0.21.9-8.el6
32 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-61fe7c6e70 nagios-4.4.2-3.el6
18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b7556983e8 tomcat-7.0.92-1.el6
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a0ddb153b8 game-music-emu-0.6.2-1.el6
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d7155a4675 wordpress-5.0.2-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
distribution-gpg-keys-1.27-1.el6
perl-Email-Address-1.912-1.el6
php-horde-Horde-Browser-2.0.16-1.el6
php-horde-Horde-Image-2.5.4-1.el6
Details about builds:
================================================================================
distribution-gpg-keys-1.27-1.el6 (FEDORA-EPEL-2019-c245b2d1fd)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
updated Copr keys ---- add RHEL8 release gpg key add virtual module to
rhelbeta-8 config ---- mock-core-configs: - add rhelbeta-8-* configs - move
EOLed configs to /etc/mock/eol directory - Add source repos to all fedora
configs (sfowler(a)redhat.com) - add epel-7-ppc64.cfg distribution-gpg-keys: -
update copr keys - add RPM-GPG-KEY-redhat8-beta key - add RPM-GPG-KEY-redhat-
auxiliary2 ---- * updated Copr keys * added Microsoft key
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 2 2019 Miroslav Such�� <msuchy(a)redhat.com> 1.27-1
- update copr keys
* Fri Nov 16 2018 Miroslav Such�� <msuchy(a)redhat.com> 1.26-1
- add RPM-GPG-KEY-redhat8-release
* Thu Nov 15 2018 Miroslav Such�� <msuchy(a)redhat.com> 1.25-1
- update copr keys
- add RPM-GPG-KEY-redhat8-beta key
- add RPM-GPG-KEY-redhat-auxiliary2
* Thu Nov 8 2018 Miroslav Such�� <msuchy(a)redhat.com> 1.24-1
- update Copr keys
- add Microsoft key
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637059 - epel-7-ppc64 config is missing despite ppc64 being a supported EL7 target
https://bugzilla.redhat.com/show_bug.cgi?id=1637059
[ 2 ] Bug #1615178 - distribution-gpg-keys-1.22-1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1615178
--------------------------------------------------------------------------------
================================================================================
perl-Email-Address-1.912-1.el6 (FEDORA-EPEL-2019-c61cb3eb1d)
RFC 2822 Address Parsing and Creation (DEPRECATED)
--------------------------------------------------------------------------------
Update Information:
Update to 1.912, fixes CVE-2015-7686 and CVE-2018-12558.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 2 2019 Tom Callaway <spot(a)fedoraproject.org> - 1.912-1
- update to 1.912
- fixes CVE-2015-7686 and CVE-2018-12558
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.909-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.909-2
- Perl 5.28 rebuild
* Fri Apr 13 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.909-1
- 1.909 bump
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.908-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.908-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jun 4 2017 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.908-5
- Perl 5.26 rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.908-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sun May 15 2016 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.908-3
- Perl 5.24 rebuild
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.908-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Sep 24 2015 Tom Callaway <spot(a)fedoraproject.org> - 1.908-1
- update to 1.908
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.907-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Fri Jun 5 2015 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.907-2
- Perl 5.22 rebuild
* Mon Feb 9 2015 Tom Callaway <spot(a)fedoraproject.org> - 1.907-1
- update to 1.907
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.905-2
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1593320 - CVE-2018-12558 perl-Email-Address: Specially crafted input could cause Denial of Service due to complex parse() method [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1593320
[ 2 ] Bug #1268779 - CVE-2015-7686 perl-Email-Address: denial of service when parsing crafted email address list [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1268779
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Browser-2.0.16-1.el6 (FEDORA-EPEL-2019-a970498367)
Horde Browser API
--------------------------------------------------------------------------------
Update Information:
**Horde_Browser 2.0.16** * [mjr] Fix uploads being disabled when
post_max_upload is set to 0 in php.ini.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 28 2018 Remi Collet <remi(a)remirepo.net> - 2.0.16-1
- update to 2.0.16
- use range dependencies
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Image-2.5.4-1.el6 (FEDORA-EPEL-2019-721b35969d)
Horde Image API
--------------------------------------------------------------------------------
Update Information:
**Horde_Image 2.5.4** * [mjr] SECURITY: Fix potential RCE in the text method
when using the Imagemagick backend. * [mjr] SECURITY: Sanitize image type
parameter (PR: 2, Fariskhi Vidyan). * [mjr] Fix issues with escaping single and
double quote characters in the text method when using the Imagemagick backend.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 2 2019 Remi Collet <remi(a)remirepo.net> - 2.5.4-1
- update to 2.5.4
- use range dependencies
--------------------------------------------------------------------------------