The following Fedora EPEL 6 Security updates need testing: Age URL 225 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6 207 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 201 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 133 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6 133 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 91 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 63 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-819f6356ea tomcat-7.0.65-1.el6 23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-550132e830 flite-1.3-24.el6 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a0881ad244 gsi-openssh-5.3p1-12.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2fac4bfaba privoxy-3.0.23-2.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d0e6303e27 p7zip-15.09-9.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-579c4e2951 prosody-0.9.10-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6eee18cd6e phpMyAdmin-4.0.10.14-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
cmake-fedora-2.5.1-1.el6 cmark-0.23.0-4.el6 future-0.15.2-7.el6 globus-gssapi-gsi-11.26-1.el6 hitch-1.1.1-1.el6 phpMyAdmin-4.0.10.14-1.el6 preprocess-1.2.2-6.20150919gitd5ab9a.el6 prosody-0.9.10-1.el6 pyhoca-gui-0.5.0.5-1.el6 python-raven-5.10.2-1.el6 python-requests-toolbelt-0.6.0-1.el6 telegram-cli-1.3.3-0.4.20160108git160231.el6
Details about builds:
================================================================================ cmake-fedora-2.5.1-1.el6 (FEDORA-EPEL-2016-11b6bc2a64) CMake helper modules for fedora developers -------------------------------------------------------------------------------- Update Information:
- Fixed: * Out-of-the-source build for ibus-chewing --------------------------------------------------------------------------------
================================================================================ cmark-0.23.0-4.el6 (FEDORA-EPEL-2016-e102c14dc7) CommonMark parsing and rendering -------------------------------------------------------------------------------- Update Information:
CommonMark parsing and rendering (http://commonmark.org/) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1266429 - Review Request: cmark - CommonMark parsing and rendering https://bugzilla.redhat.com/show_bug.cgi?id=1266429 --------------------------------------------------------------------------------
================================================================================ future-0.15.2-7.el6 (FEDORA-EPEL-2016-fa6372431f) Easy, clean, reliable Python 2/3 compatibility -------------------------------------------------------------------------------- Update Information:
- Renamed Python2 package --------------------------------------------------------------------------------
================================================================================ globus-gssapi-gsi-11.26-1.el6 (FEDORA-EPEL-2016-1ae2843014) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information:
ix FORCE_TLS setting to allow TLSv1.1 and TLS1.2, not just TLSv1.0 --------------------------------------------------------------------------------
================================================================================ hitch-1.1.1-1.el6 (FEDORA-EPEL-2016-4c1dd08351) Network proxy that terminates TLS/SSL connections -------------------------------------------------------------------------------- Update Information:
New upstream release. A bugfix relase. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1302474 - hitch-1.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1302474 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin-4.0.10.14-1.el6 (FEDORA-EPEL-2016-6eee18cd6e) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
phpMyAdmin 4.0.10.14 (2016-01-29) ================================= - Error with PMA 4.0.10.13 with PHP 5.2 phpMyAdmin 4.0.10.13 (2016-01-28) ================================= - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of CSRF token, see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see PMASA-2016-3 - [Security] Insecure password generation in JavaScript, see PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, see PMASA-2016-5 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5) https://bugzilla.redhat.com/show_bug.cgi?id=1302681 [ 2 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4) https://bugzilla.redhat.com/show_bug.cgi?id=1302680 [ 3 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3) https://bugzilla.redhat.com/show_bug.cgi?id=1302679 [ 4 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2) https://bugzilla.redhat.com/show_bug.cgi?id=1302677 [ 5 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1) https://bugzilla.redhat.com/show_bug.cgi?id=1302676 --------------------------------------------------------------------------------
================================================================================ preprocess-1.2.2-6.20150919gitd5ab9a.el6 (FEDORA-EPEL-2016-eda899e7f6) A portable multi-language file Python2 preprocessor -------------------------------------------------------------------------------- Update Information:
- Renamed Python2 package --------------------------------------------------------------------------------
================================================================================ prosody-0.9.10-1.el6 (FEDORA-EPEL-2016-579c4e2951) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information:
Prosody 0.9.10 ============== A summary of changes in this release: Security -------- * mod_dialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks (CVE-2016-0756) Fixes and improvements ---------------------- * Startup: Open /dev/urandom read-only, to fix a failure to start on some systems (fixes #585) * Networking: Improve handling of the 'select' network backend running out of file descriptors Minor changes ------------- * Networking: Increase default internal read size to prevent connections stalling with LuaEvent (see #583) * DNS: Discard queries that failed to send due to connection errors (fixes #598) * c2s, s2s: Lower priority of shutdown handler, so that modules such as MUC can always send shutdown notifications to (remote) users (fixes #601) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1302463 - CVE-2016-0756 prosody: mod_dialback allows impersonation attacks https://bugzilla.redhat.com/show_bug.cgi?id=1302463 --------------------------------------------------------------------------------
================================================================================ pyhoca-gui-0.5.0.5-1.el6 (FEDORA-EPEL-2016-c533b899e3) Graphical X2Go client written in (wx)Python -------------------------------------------------------------------------------- Update Information:
Crash fix when rendering icons in the published applications menu. --------------------------------------------------------------------------------
================================================================================ python-raven-5.10.2-1.el6 (FEDORA-EPEL-2016-894c1d1031) Python client for Sentry -------------------------------------------------------------------------------- Update Information:
Update to python-raven-5.10.2 ---- First EPEL release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1234950 - Package python-raven in EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1234950 [ 2 ] Bug #1298402 - python-raven-5.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1298402 --------------------------------------------------------------------------------
================================================================================ python-requests-toolbelt-0.6.0-1.el6 (FEDORA-EPEL-2016-c83ffa6b9b) A utility belt for advanced users of python-requests -------------------------------------------------------------------------------- Update Information:
update to 0.6.0 release --------------------------------------------------------------------------------
================================================================================ telegram-cli-1.3.3-0.4.20160108git160231.el6 (FEDORA-EPEL-2016-cf26f3ef62) Linux Command-line interface for Telegram -------------------------------------------------------------------------------- Update Information:
- Renamed Python2 package - Update to commit #160231 - Fixed Python3 package version on EPEL --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org