The following Fedora EPEL 6 Security updates need testing:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8905ccaea7
libidn2-2.3.0-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
hitch-1.5.0-4.el6
php-theseer-autoload-1.25.8-1.el6
tnef-1.4.18-1.el6
Details about builds:
================================================================================
hitch-1.5.0-4.el6 (FEDORA-EPEL-2019-d72e8adb23)
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:
* Added a systemd limit.conf with defaults LimitCORE=infinity, LimitNOFILE=10240
* Hitch now supports a directory of certificate pem files; added pem-dir =
"/etc/pki/tls/private" to the example config. * Changed systemd Type=forking
matching the example config * This version is also packed for epel8
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 12 2019 Ingvar Hagelund <ingvar(a)redpill-linpro.com> - 1.5.0-4
- Added support for epel8
- Added a systemd limit.conf with defaults LimitCORE=infinity, LimitNOFILE=10240
- Added pem-dir = "/etc/pki/tls/private" to the example config
- Changed systemd Type=forking matching the example config, fixes bz #1731420
- Simplified handling of the _docdir macro
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1731420 - Hitch service file not configured to detect error during
initialization (Type=simple)
https://bugzilla.redhat.com/show_bug.cgi?id=1731420
--------------------------------------------------------------------------------
================================================================================
php-theseer-autoload-1.25.8-1.el6 (FEDORA-EPEL-2019-3b231130df)
A tool and library to generate autoload code
--------------------------------------------------------------------------------
Update Information:
**Release 1.25.8** * Fix Regression
[#92](https://github.com/theseer/Autoload/issues/92): PHPAB 1.25.7 generates
broken PHAR for PHPUnit ---- **Release 1.25.7** * Fix: Static require or
compile lists now properly process pathes relative to and above the base
directory
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 25 2019 Remi Collet <remi(a)remirepo.net> - 1.25.8-1
- update to 1.25.8
* Fri Nov 15 2019 Remi Collet <remi(a)remirepo.net> - 1.25.7-1
- update to 1.25.7
--------------------------------------------------------------------------------
================================================================================
tnef-1.4.18-1.el6 (FEDORA-EPEL-2019-070e713b93)
Extract files from email attachments like WINMAIL.DAT
--------------------------------------------------------------------------------
Update Information:
tnef release 1.4.18. Security release to resolve
[
CVE-2019-18849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
in which it may be possible to attack via a crafted email message extracted via
tnef.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 26 2019 David Timms <iinet.net.au@dtimms> - 1.4.18-1
- Update to release 1.4.18. Fixes CVE-2019-18849 - bug #1771891
- Add global builddolphin to enable -dolphin subpackage when available.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1771892 - CVE-2019-18849 tnef: security bypass in .ssh/authorized_keys file
via an e-mail message [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1771892
[ 2 ] Bug #1771893 - CVE-2019-18849 tnef: security bypass in .ssh/authorized_keys file
via an e-mail message [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1771893
--------------------------------------------------------------------------------