The following Fedora EPEL 6 Security updates need testing:
Age URL
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-070e713b93
tnef-1.4.18-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-afbb452d62
proftpd-1.3.3g-13.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
holland-1.1.20-1.el6_10
php-horde-Horde-Core-2.31.12-1.el6_10
php-horde-Horde-Rpc-2.1.9-1.el6_10
python-rfc3986-1.3.0-1.el6
python3-requests-2.14.2-2.el6_10
python3-urllib3-1.25.1-1.el6_10
singularity-3.5.1-1.1.el6_10
Details about builds:
================================================================================
holland-1.1.20-1.el6_10 (FEDORA-EPEL-2019-661a79b5e9)
Pluggable Backup Framework
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2019 Sam P <survient(a)fedoraproject.org> - 1.1.20-1
- Latest upstream
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.31.12-1.el6_10 (FEDORA-EPEL-2019-53236c6a2f)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.31.12** * [mjr] Support for EAS Autodiscover v2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2019 Remi Collet <remi(a)remirepo.net> - 2.31.12-1
- update to 2.31.12
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Rpc-2.1.9-1.el6_10 (FEDORA-EPEL-2019-ca7f3e140b)
Horde RPC API
--------------------------------------------------------------------------------
Update Information:
**Horde_Rpc 2.1.9** * [mjr] Do not enforce autodiscover requests must be xml.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2019 Remi Collet <remi(a)remirepo.net> - 2.1.9-1
- update to 2.1.9
--------------------------------------------------------------------------------
================================================================================
python-rfc3986-1.3.0-1.el6 (FEDORA-EPEL-2019-3c9eacae67)
Validating URI References per RFC 3986
--------------------------------------------------------------------------------
Update Information:
requests --- - Add upstream patch for CVE-2018-18074 - Update to 2.14.2 urllib3
--- - update to 1.25.1 ---- - Fixed an issue with JSON encoding detection,
specifically detecting big-endian UTF-32 with BOM. - Fixed regression from
2.12.2 where non-string types were rejected in the basic auth parameters. While
support for this behaviour has been readded, the behaviour is deprecated and
will be removed in the future.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 22 2019 Orion Poplawski <orion(a)nwra.com> - 1.3.0-1
- Update to 1.3.0
* Mon Apr 22 2019 Orion Poplawski <orion(a)nwra.com> - 1.2.0-2
- Build for python3/python3_other in EPEL
* Wed Jan 2 2019 Yatin Karel <ykarel(a)redhat.com> - 1.2.0-1
- Bump to 1.2.0
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.1-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 0.3.1-8
- Rebuilt for Python 3.7
* Fri Feb 9 2018 Iryna Shcherbina <ishcherb(a)redhat.com> - 0.3.1-7
- Update Python 2 dependency declarations to new packaging standards
(See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.1-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Dec 19 2016 Miro Hron��ok <mhroncok(a)redhat.com> - 0.3.1-3
- Rebuild for Python 3.6
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3.1-2
-
https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_...
* Mon Jun 20 2016 Javier Pe��a <jpena(a)redhat.com> - 0.3.1-4
- Updated to upstream version 0.3.1
- Added python3 subpackage
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.2.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.2.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Sep 15 2014 Alan Pevec <apevec(a)redhat.com> - 0.2.0-1
- Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643829 - CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does
not remove Authorization header
https://bugzilla.redhat.com/show_bug.cgi?id=1643829
--------------------------------------------------------------------------------
================================================================================
python3-requests-2.14.2-2.el6_10 (FEDORA-EPEL-2019-3c9eacae67)
HTTP library, written in Python, for human beings
--------------------------------------------------------------------------------
Update Information:
requests --- - Add upstream patch for CVE-2018-18074 - Update to 2.14.2 urllib3
--- - update to 1.25.1 ---- - Fixed an issue with JSON encoding detection,
specifically detecting big-endian UTF-32 with BOM. - Fixed regression from
2.12.2 where non-string types were rejected in the basic auth parameters. While
support for this behaviour has been readded, the behaviour is deprecated and
will be removed in the future.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2019 Orion Poplawski <orion(a)nwra.com> - 2.14.2-2
- Add upstream patch for CVE-2018-18074
* Mon Nov 4 2019 Orion Poplawski <orion(a)nwra.com> - 2.14.2-1
- Update to 2.14.2
* Wed Apr 24 2019 Orion Poplawski <orion(a)nwra.com> - 2.13.0-1
- Update to 2.13.0
- Drop strict urllib3 version requirement
* Thu Mar 7 2019 Troy Dawson <tdawson(a)redhat.com>
- Rebuilt to change main python from 3.4 to 3.6
* Sun Nov 4 2018 Orion Poplawski <orion(a)nwra.com> - 2.12.5-2
- Ship python36-requests (bug #1645072)
* Thu Apr 5 2018 Orion Poplawski <orion(a)cora.nwra.com> - 2.12.5-1
- Update to 2.12.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643829 - CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does
not remove Authorization header
https://bugzilla.redhat.com/show_bug.cgi?id=1643829
--------------------------------------------------------------------------------
================================================================================
python3-urllib3-1.25.1-1.el6_10 (FEDORA-EPEL-2019-3c9eacae67)
Python 3 HTTP library with thread-safe connection pooling and file post
--------------------------------------------------------------------------------
Update Information:
requests --- - Add upstream patch for CVE-2018-18074 - Update to 2.14.2 urllib3
--- - update to 1.25.1 ---- - Fixed an issue with JSON encoding detection,
specifically detecting big-endian UTF-32 with BOM. - Fixed regression from
2.12.2 where non-string types were rejected in the basic auth parameters. While
support for this behaviour has been readded, the behaviour is deprecated and
will be removed in the future.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 4 2019 Orion Poplawski <orion(a)nwra.com> - 1.25.1-1
- Update to 1.25.1, fixes CVE (bz#1702475)
* Thu Mar 7 2019 Troy Dawson <tdawson(a)redhat.com> - 1.19.1-5
- Rebuilt to change main python from 3.4 to 3.6
* Sat Sep 29 2018 Raphael Groner <projects.rg(a)smart.ms> - 1.19.1-4
- add python3_other subpackage
- add BR: python3X-setuptools
- use pypi macros
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643829 - CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does
not remove Authorization header
https://bugzilla.redhat.com/show_bug.cgi?id=1643829
--------------------------------------------------------------------------------
================================================================================
singularity-3.5.1-1.1.el6_10 (FEDORA-EPEL-2019-c835bae8b5)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream 3.5.1, use golang-1.11 on epel8 ---- Upgrade to upstream
3.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 5 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.5.1-1.1
- Upgrade to upstream 3.5.1, keeping #4768 patch only on el8
* Wed Nov 20 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.5.0-1.1
- Apply patch from PR #4769 to build with golang-1.11 on el8 only
* Wed Nov 13 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.5.0-1
- Upgrade to upstream 3.5.0
* Thu Nov 7 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.5.0~rc.2-1
- Upgrade to upstream 3.5.0~rc.2.
* Wed Oct 30 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.5.0~rc.1-1
- Upgrade to upstream 3.5.0~rc.1. Drop PR #4522 patch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1777565 - singularity-3.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1777565
--------------------------------------------------------------------------------