Fedora EPEL 6 updates-testing report - epel-devel - Fedora mailing-lists

6 Nov 2018


      The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 150  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c   unrtf-0.21.9-8.el6
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-4b684248e8   drupal7-7.60-2.el6
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d6940a3da3   php-pear-CAS-1.3.6-1.el6
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1ab12c426a   ansible-2.6.7-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
icecast-2.4.4-1.el6
    twa-1.6.2-1.el6
Details about builds:
================================================================================
 icecast-2.4.4-1.el6 (FEDORA-EPEL-2018-018b328024)
 ShoutCast compatible streaming media server
--------------------------------------------------------------------------------
Update Information:
This release fixes buffer overflows in URL authentication code (CVE-2018-18820),
a crash in htpasswd authentication if no filename is set, a crash on
xsltApplyStylesheet() error, and a crash on malformed Opus streams. It also
corrects global listener counter. It stops displaying hashed user passwords for
security concerns. It adds support for announcing Opus streams to YP catalogs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov  2 2018 Petr Pisar ppisar@redhat.com - 2.4.4-1
- 2.4.4 bump
- License declaration corrected from "GPLv2+" to "GPLv2+ and GPLv2 and BSD and
  MIT and FSFULLR and FSFUL"
- Fix CVE-2018-18820 (buffer overflow in URL auth code) (#1646721)
- Regenerate build scripts
* Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 2.4.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb  7 2018 Fedora Release Engineering releng@fedoraproject.org - 2.4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1646721 - CVE-2018-18820 icecast: buffer overflow in URL auth code
        https://bugzilla.redhat.com/show_bug.cgi?id=1646721
--------------------------------------------------------------------------------
================================================================================
 twa-1.6.2-1.el6 (FEDORA-EPEL-2018-a1f75b976e)
 Tiny web auditor with strong opinions
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov  6 2018 Artur Iwicki fedora@svgames.pl - 1.6.2-1
- Update to latest upstream version
* Sat Oct 20 2018 Artur Iwicki fedora@svgames.pl - 1.6.0-1
- Update to latest upstream version
- Update upstream URL (repo owner change)
--------------------------------------------------------------------------------