The following Fedora EPEL 6 Security updates need testing:
Age URL
174
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828
chicken-4.9.0.1-4.el6
157
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
151
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
82
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6
82
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
70
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-68a2c2db36
python-pymongo-3.0.3-1.el6
41
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-c3b0e79630
LibRaw-0.16.2-3.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e3bc44964c
libpng10-1.0.65-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-da771a002d
moodle-2.7.11-1.el6
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-c1e2a347ee
xsupplicant-2.2.0-13.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-df28a72135
shellinabox-2.19-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GeoIP-GeoLite-data-2015.12-1.el6
figlet-2.2.5-9.el6
globus-gsi-proxy-core-7.9-1.el6
globus-gsi-sysconfig-6.9-1.el6
globus-gssapi-gsi-11.24-1.el6
lua-argparse-0.5.0-1.el6
myproxy-6.1.16-1.el6
nodejs-css-what-2.0.2-2.el6
nodejs-is-regexp-1.0.0-2.el6
nodejs-lcov-parse-0.0.10-2.el6
ola-0.9.8-7.el6
perl-File-Type-0.22-23.el6
php-pear-Console-CommandLine-1.2.1-1.el6
python-productmd-1.0-8.el6.git3b72969
shellinabox-2.19-1.el6
tor-0.2.7.6-1.el6
uwsgi-2.0.11.2-7.el6
vertica-python-0.5.5-1.el6
wildmagic5-5.13-13.el6
zanata-python-client-1.4.0-1.el6
Details about builds:
================================================================================
GeoIP-GeoLite-data-2015.12-1.el6 (FEDORA-EPEL-2015-662cc9c075)
Free GeoLite IP geolocation country database
--------------------------------------------------------------------------------
Update Information:
Periodic database update.
--------------------------------------------------------------------------------
================================================================================
figlet-2.2.5-9.el6 (FEDORA-EPEL-2015-6a4a3f714e)
A program for making large letters out of ordinary text
--------------------------------------------------------------------------------
Update Information:
Fix memory corruption.
--------------------------------------------------------------------------------
================================================================================
globus-gsi-proxy-core-7.9-1.el6 (FEDORA-EPEL-2015-abe648ea27)
Globus Toolkit - Globus GSI Proxy Core Library
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
globus-gsi-sysconfig-6.9-1.el6 (FEDORA-EPEL-2015-abe648ea27)
Globus Toolkit - Globus GSI System Config Library
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
globus-gssapi-gsi-11.24-1.el6 (FEDORA-EPEL-2015-abe648ea27)
Globus Toolkit - GSSAPI library
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
lua-argparse-0.5.0-1.el6 (FEDORA-EPEL-2015-b1ce1a7aa3)
Feature-rich command line parser for Lua
--------------------------------------------------------------------------------
Update Information:
Updating to latest released version. Includes addition of several features.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1289954 - lua-argparse-0.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1289954
--------------------------------------------------------------------------------
================================================================================
myproxy-6.1.16-1.el6 (FEDORA-EPEL-2015-abe648ea27)
Manage X.509 Public Key Infrastructure (PKI) security credentials
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
nodejs-css-what-2.0.2-2.el6 (FEDORA-EPEL-2015-2b03c6d08c)
A CSS selector parser
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1271817 - Review Request: nodejs-css-what - A CSS selector parser
https://bugzilla.redhat.com/show_bug.cgi?id=1271817
--------------------------------------------------------------------------------
================================================================================
nodejs-is-regexp-1.0.0-2.el6 (FEDORA-EPEL-2015-10ac7945dc)
Check whether a variable is a regular expression
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1272088 - Review Request: nodejs-is-regexp - Check whether a variable is a
regular expression
https://bugzilla.redhat.com/show_bug.cgi?id=1272088
--------------------------------------------------------------------------------
================================================================================
nodejs-lcov-parse-0.0.10-2.el6 (FEDORA-EPEL-2015-9481760b84)
Parse lcov results files and return JSON
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1272255 - Review Request: nodejs-lcov-parse - Parse lcov results files and
return JSON
https://bugzilla.redhat.com/show_bug.cgi?id=1272255
--------------------------------------------------------------------------------
================================================================================
ola-0.9.8-7.el6 (FEDORA-EPEL-2015-f5343d1e34)
Open Lighting Architecture
--------------------------------------------------------------------------------
Update Information:
This is a new package. The Open Lighting Architecture is a framework for
lighting control information. It supports a range of protocols and over a dozen
USB devices. It can run as a standalone service, which is useful for converting
signals between protocols, or alternatively using the OLA API, it can be used as
the back-end for lighting control software. OLA runs on many different platforms
including ARM, which makes it a perfect fit for low cost Ethernet to DMX
gateways.
--------------------------------------------------------------------------------
================================================================================
perl-File-Type-0.22-23.el6 (FEDORA-EPEL-2015-c6017a76f3)
Determine file type using magic
--------------------------------------------------------------------------------
Update Information:
File::Type uses magic numbers (typically at the start of a file) to determine
the MIME type of that file.
--------------------------------------------------------------------------------
================================================================================
php-pear-Console-CommandLine-1.2.1-1.el6 (FEDORA-EPEL-2015-4dd8661881)
A full featured command line options and arguments parser
--------------------------------------------------------------------------------
Update Information:
**Upstream changelog:** * Fixed bug #18397: List action example is wrong
[cweiske] * Fixed bug #18682: columnWrap() in refault renderer eats up lines
with only a EOL [izi, thanks Helgi] * Fixed bug #18703: No way to override
reading of stdin with - [izi, thanks Gwynne Raskind] * Fixed bug #19683: Unit
tests are broken [farell] * Fixed bug #19921: package dependencies don't include
dom [cweiske] * Fixed unit tests [izi] * Fixed comparison on PHP 7 [Jan Olsen] *
Allow multiple instances of the parser by making static variables private [Greg
Oriol] * Add composer support
--------------------------------------------------------------------------------
================================================================================
python-productmd-1.0-8.el6.git3b72969 (FEDORA-EPEL-2015-6c45e6761e)
Library providing parsers for metadata related to OS installation
--------------------------------------------------------------------------------
Update Information:
introduce to epel
--------------------------------------------------------------------------------
================================================================================
shellinabox-2.19-1.el6 (FEDORA-EPEL-2015-df28a72135)
Web based AJAX terminal emulator
--------------------------------------------------------------------------------
Update Information:
* Added support for middle-click paste * Improved iOS support * New logic to
enable soft keyboard icon * Disable HTTPS fallback using the URL /plain.
Consequently disables automatic upgrades from HTTP to HTTPS (CVE-2015-8400)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1287579 - CVE-2015-8400 shellinabox: DNS rebinding attack due to HTTP
fallback [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287579
[ 2 ] Bug #1287578 - CVE-2015-8400 shellinabox: DNS rebinding attack due to HTTP
fallback [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287578
--------------------------------------------------------------------------------
================================================================================
tor-0.2.7.6-1.el6 (FEDORA-EPEL-2015-2b42fa0202)
Anonymizing overlay network for TCP
--------------------------------------------------------------------------------
Update Information:
update to 0.2.7.6 ---- update to 0.2.7.5
--------------------------------------------------------------------------------
================================================================================
uwsgi-2.0.11.2-7.el6 (FEDORA-EPEL-2015-f0a06d1ee0)
Fast, self-healing, application container server
--------------------------------------------------------------------------------
Update Information:
Fixes daemonization issue in el6 and provides uwsgi python decorators ----
With latest stable
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1261942 - uwsgi should be daemonized on old SysV
https://bugzilla.redhat.com/show_bug.cgi?id=1261942
[ 2 ] Bug #1258388 - needs-packaging: uwsgi components are packaged in epel, but missing
uwsgidecorators.
https://bugzilla.redhat.com/show_bug.cgi?id=1258388
--------------------------------------------------------------------------------
================================================================================
vertica-python-0.5.5-1.el6 (FEDORA-EPEL-2015-5504f0fd7e)
A native Python adapter for the Vertica database
--------------------------------------------------------------------------------
Update Information:
update to version 0.5.5 ---- update to version 0.5.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1285768 - vertica-python-0.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1285768
[ 2 ] Bug #1287914 - vertica-python-0.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1287914
--------------------------------------------------------------------------------
================================================================================
wildmagic5-5.13-13.el6 (FEDORA-EPEL-2015-6df551a450)
Wild Magic libraries
--------------------------------------------------------------------------------
Update Information:
- Fix compilation flags of 'libWm5Applications.so' library
--------------------------------------------------------------------------------
================================================================================
zanata-python-client-1.4.0-1.el6 (FEDORA-EPEL-2015-b56121c93a)
Python Client for Zanata Server
--------------------------------------------------------------------------------
Update Information:
Upstream update to 1.4.0
--------------------------------------------------------------------------------