Fedora EPEL 6 updates-testing report - epel-devel - Fedora mailing-lists

1 May 2020


      The following Fedora EPEL 6 Security updates need testing:
 Age  URL
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2e91626690   php-horde-horde-5.2.22-1.el6
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed97a34306   qt5-qtbase-5.6.1-6.el6
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-7f0712e439   pxz-4.999.9-19.beta.20200421git.el6
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-aa01e58571   openvpn-2.4.9-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
koji-1.21.0-2.el6
    wordpress-5.1.5-1.el6
Details about builds:
================================================================================
 koji-1.21.0-2.el6 (FEDORA-EPEL-2020-f2d964c080)
 Build system tools
--------------------------------------------------------------------------------
Update Information:
Add patch to fix admin --force tagging.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2020 Kevin Fenzi kevin@scrye.com - 1.21.0-2
- Add patch to fix issue with admins not being able to force tagging. 
- Fixes https://pagure.io/koji/issue/2202 upstream.
* Tue Apr 21 2020 Kevin Fenzi kevin@scrye.com - 1.21.0-1
- Update to 1.21.1. Fixes bug #1826406
* Fri Mar  6 2020 Kevin Fenzi kevin@scrye.com - 1.20.1-1
- Update to 1.20.1
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.20.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 20 2020 Kevin Fenzi kevin@scrye.com - 1.20.0-1
- Update to 1.20.0.
* Wed Nov 27 2019 Kevin Fenzi kevin@scrye.com - 1.19.1-2
- Add Requires to koji builder on python3-pycdio/pycdio. Fixes bug #1775536
* Fri Nov  8 2019 Kevin Fenzi kevin@scrye.com - 1.19.1-1
- Update to 1.19.1
* Fri Nov  1 2019 Mohan Boddu mboddu@bhujji.com - 1.19.0-1
- Rebase to 1.19.0
- Removing downstream patch 1613
* Wed Oct  9 2019 Patrick Uiterwijk patrick@puiterwijk.org - 1.18.1-1
- Rebase to 1.18.1 for CVE-2019-17109
* Wed Sep 18 2019 Jiri Popelka jpopelka@redhat.com - 1.18.0-6
- Fix macro added in previous change.
* Tue Sep 17 2019 Kevin Fenzi kevin@scrye.com - 1.18.0-5
- Add provides for python3 subpackage. Fixes bug #1750391
* Sat Aug 17 2019 Miro Hron��ok mhroncok@redhat.com - 1.18.0-4
- Rebuilt for Python 3.8
* Fri Aug 16 2019 Kevin Fenzi kevin@scrye.com - 1.18.0-3
- Fix pkgsurl/topurl default mistake.
* Fri Aug 16 2019 Kevin Fenzi kevin@scrye.com - 1.18.0-2
- Fix mergerepos conditional for f30.
* Fri Aug 16 2019 Kevin Fenzi kevin@scrye.com - 1.18.0-1
- Update to 1.18.0.
* Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 1.17.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu May 30 2019 Kevin Fenzi kevin@scrye.com - 1.17.0-7
- Add patch to fix koji kerberos auth with python3.
- Drop internal mergerepos so we can go all python3. Fixes bug #1715257
* Wed May 29 2019 Igor Gnatenko ignatenkobrain@fedoraproject.org - 1.17.0-7
- Expose dynamic_buildrequires mock setting
* Tue May 28 2019 Kevin Fenzi kevin@scrye.com - 1.17.0-6
- Switch kojid back to python3 as imagefactory and oz have moved.
- Backport patch to download only repomd.xml instead of all repodata.
- Backport patch to allow 'bare' repo merging for modularity.
- Backport patch to allow for seperate srpm repos in buildroot repos.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1497923 - koji-web requires mod_auth_gssapi but that is not available in RHEL6 or EPEL6
        https://bugzilla.redhat.com/show_bug.cgi?id=1497923
  [ 2 ] Bug #1806193 - koji-1.17 is not compatibile with python 2.6.6
        https://bugzilla.redhat.com/show_bug.cgi?id=1806193
  [ 3 ] Bug #1826406 - update to koji 1.21.0
        https://bugzilla.redhat.com/show_bug.cgi?id=1826406
--------------------------------------------------------------------------------
================================================================================
 wordpress-5.1.5-1.el6 (FEDORA-EPEL-2020-c8a92d6324)
 Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 5.1.5**  Security Updates  Seven security issues affect WordPress
versions 5.4 and earlier. If you haven���t yet updated to 5.4, all WordPress
versions since 3.7 have also been updated to fix the following security issues:
*    Props to Muaz Bin Abdus Sattar and Jannes who both independently reported
an issue where password reset tokens were not properly invalidated *    Props to
ka1n4t for finding an issue where certain private posts can be viewed
unauthenticated *    Props to Evan Ricafort for discovering an XSS issue in the
Customizer *    Props to Ben Bidner from the WordPress Security Team who
discovered an XSS issue in the search block *    Props to Nick Daugherty from
WordPress VIP / WordPress Security Team who discovered an XSS issue in wp-
object-cache *    Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who
independently reported an XSS issue in file uploads. *    Props to Weston Ruter
for fixing a stored XSS vulnerability in the WordPress customizer.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2020 Remi Collet remi@remirepo.net - 5.1.5-1
- WordPress 5.1.5 Security Release
--------------------------------------------------------------------------------