The following Fedora EPEL 6 Security updates need testing:
Age URL
840
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
834
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
724
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
696
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
306
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
36
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92
libmspack-0.6-0.1.alpha.el6
20
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-164cc614ff
nagios-4.3.4-4.el6
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0177a71c41
tnef-1.4.15-1.el6
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f7e4cbd529
golang-1.7.6-2.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0100ef8963
tre-0.7.6-3.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-93a3dd5663
cacti-1.1.19-2.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-51e496e5c0
seamonkey-2.49.1-1.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-abd82daec6
lame-3.100-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e031963c40
tomcat-7.0.82-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
amavisd-milter-1.6.1-1.el6
clustershell-1.8-1.el6
dcap-2.47.11-1.el6
fedpkg-1.30-1.el6
globus-gridftp-server-control-6.0-2.el6
mMass-5.5.0-21.el6
rpkg-1.51-1.el6
tomcat-7.0.82-1.el6
up-imapproxy-1.2.8-0.12.20171022svn14722.el6
Details about builds:
================================================================================
amavisd-milter-1.6.1-1.el6 (FEDORA-EPEL-2017-e9780c08f4)
Sendmail milter for amavisd-new using the AM.PDP protocol
--------------------------------------------------------------------------------
Update Information:
The amavisd-milter is a sendmail milter (mail filter) for amavisd-new 2.4.3 (and
above) and sendmail 8.13 (and above) which use the new AM.PDP protocol. Run
'usermod -a -G amavis postfix' when using Postfix and amavisd-milter via the
unix socket.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1505177 - Review Request: amavisd-milter - Sendmail milter for amavisd-new
using the AM.PDP protocol
https://bugzilla.redhat.com/show_bug.cgi?id=1505177
--------------------------------------------------------------------------------
================================================================================
clustershell-1.8-1.el6 (FEDORA-EPEL-2017-8bc34ddfd7)
Python framework for efficient cluster administration
--------------------------------------------------------------------------------
Update Information:
Update for 1.8 GA. ---- 1.8 RC1 for testing ---- ClusterShell 1.8 beta2
targeted for updates-testing only. ---- ClusterShell 1.8 beta1 targeted for
updates-testing only. Release #4 removes the vim-clustershell subpackage as it
was confusing for the users. VIM extensions are just provided by the main
clustershell subpackage, which now requires vim-filesystem instead of vim-common
if available (only not on el6). ---- ClusterShell 1.8 beta1 targeted for
updates-testing only. ---- ClusterShell 1.8 beta1 targeted for updates-testing
only. Release 3 should fix some packaging issues reported by taskotron. ----
ClusterShell 1.8 beta1 targeted for updates-testing only. This is release 2 with
added Python 3 support.
--------------------------------------------------------------------------------
================================================================================
dcap-2.47.11-1.el6 (FEDORA-EPEL-2017-a217b5b9d6)
Client Tools for dCache
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
================================================================================
fedpkg-1.30-1.el6 (FEDORA-EPEL-2017-68e2defc4c)
Fedora utility for working with dist-git
--------------------------------------------------------------------------------
Update Information:
**rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port
mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix
TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to
specify alternative Copr config file - #184 (cqi) - Tests for patch command
(cqi) - More Tests for mockbuild command (cqi) - More tests for getting spec
file (cqi) - Tests for container-build-setup command (cqi) - Test for container-
build to use custom config (cqi) - Suppress output from git command within setUp
(cqi) - Skip test if rpmfluff is not available (lsedlar) - Allow to override
build URL (cqi) - Test for mock-config command (cqi) - Tests for copr-build
command (cqi) - Fix arch-override for container-build (lucarval) - Remove
unsupported osbs for container-build (lucarval) - cli: add --arches support for
koji_cointainerbuild (mlangsdo) - Strip refs/heads/ from branch only once
(lsedlar) - Don't install bin and config files (cqi) - Fix kojiprofile selection
in cliClient.container_build_koji (cqi) - Avoid branch detection for 'rpkg
sources' (praiskup) - Fix encoding in new command (cqi) - Minor wording
improvement in help (pgier) - Fix indentation (pviktori) - Add --with and
--without options to mockbuild (pviktori) **fedpkg** - Tests for update
command (cqi) - Add support for module commands (mprahl) - Clean rest cert
related code (cqi) - Remove fedora cert (cqi) - Override build URL for Koji
(cqi) - changing anongiturl to use src.fp.o instead of pkgs.fp.o. - #119
(tflink) - Add tests (cqi) - Enable lookaside_namespaced - #130 (cqi) - Detect
dist tag correctly for RHEL and CentOS - #141 (cqi) - Remove deprecated call to
platform.dist (cqi) - Do not prompt hint for SSL cert if fail to log into Koji
(cqi) - Add more container-build options to bash completion (cqi) - Remove osbs
from bash completion - #138 (cqi) - Install executables via entry_points - #134
(cqi) - Fix container build target (lsedlar) - Get correct build target for
rawhide containers (lsedlar) - Update error message to reflect deprecation of
--dist option (pgier)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1188634 - fedpkg clone -a should use https:// transport
https://bugzilla.redhat.com/show_bug.cgi?id=1188634
--------------------------------------------------------------------------------
================================================================================
globus-gridftp-server-control-6.0-2.el6 (FEDORA-EPEL-2017-418b9fb613)
Globus Toolkit - Globus GridFTP Server Library
--------------------------------------------------------------------------------
Update Information:
Updated epsv-ip patch to handle IPv4 mapped addresses.
--------------------------------------------------------------------------------
================================================================================
mMass-5.5.0-21.el6 (FEDORA-EPEL-2017-c7b3dea384)
Open Source Mass Spectrometry Tool
--------------------------------------------------------------------------------
Update Information:
New rebuilds.
--------------------------------------------------------------------------------
================================================================================
rpkg-1.51-1.el6 (FEDORA-EPEL-2017-68e2defc4c)
Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
**rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port
mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix
TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to
specify alternative Copr config file - #184 (cqi) - Tests for patch command
(cqi) - More Tests for mockbuild command (cqi) - More tests for getting spec
file (cqi) - Tests for container-build-setup command (cqi) - Test for container-
build to use custom config (cqi) - Suppress output from git command within setUp
(cqi) - Skip test if rpmfluff is not available (lsedlar) - Allow to override
build URL (cqi) - Test for mock-config command (cqi) - Tests for copr-build
command (cqi) - Fix arch-override for container-build (lucarval) - Remove
unsupported osbs for container-build (lucarval) - cli: add --arches support for
koji_cointainerbuild (mlangsdo) - Strip refs/heads/ from branch only once
(lsedlar) - Don't install bin and config files (cqi) - Fix kojiprofile selection
in cliClient.container_build_koji (cqi) - Avoid branch detection for 'rpkg
sources' (praiskup) - Fix encoding in new command (cqi) - Minor wording
improvement in help (pgier) - Fix indentation (pviktori) - Add --with and
--without options to mockbuild (pviktori) **fedpkg** - Tests for update
command (cqi) - Add support for module commands (mprahl) - Clean rest cert
related code (cqi) - Remove fedora cert (cqi) - Override build URL for Koji
(cqi) - changing anongiturl to use src.fp.o instead of pkgs.fp.o. - #119
(tflink) - Add tests (cqi) - Enable lookaside_namespaced - #130 (cqi) - Detect
dist tag correctly for RHEL and CentOS - #141 (cqi) - Remove deprecated call to
platform.dist (cqi) - Do not prompt hint for SSL cert if fail to log into Koji
(cqi) - Add more container-build options to bash completion (cqi) - Remove osbs
from bash completion - #138 (cqi) - Install executables via entry_points - #134
(cqi) - Fix container build target (lsedlar) - Get correct build target for
rawhide containers (lsedlar) - Update error message to reflect deprecation of
--dist option (pgier)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1188634 - fedpkg clone -a should use https:// transport
https://bugzilla.redhat.com/show_bug.cgi?id=1188634
--------------------------------------------------------------------------------
================================================================================
tomcat-7.0.82-1.el6 (FEDORA-EPEL-2017-e031963c40)
Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API
--------------------------------------------------------------------------------
Update Information:
This update includes a rebase from 7.0.81 up to 7.0.82 which resolves a single
CVE along with various other bugs/features: rhbz#1497681 CVE-2017-12617 tomcat:
Remote Code Execution bypass for CVE-2017-12615
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1497681 - CVE-2017-12617 tomcat: Remote Code Execution bypass for
CVE-2017-12615 [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1497681
--------------------------------------------------------------------------------
================================================================================
up-imapproxy-1.2.8-0.12.20171022svn14722.el6 (FEDORA-EPEL-2017-4380077af0)
University of Pittsburgh IMAP Proxy
--------------------------------------------------------------------------------
Update Information:
Update to new upstream snapshot to fix SSL bug, patch to fix FTBFS, and update
systemd service file to auto-restart on failure
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1424289 - up-imapproxy: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1424289
[ 2 ] Bug #1494182 - Segfault on race conditions. Fixed in imapproxy upstream
https://bugzilla.redhat.com/show_bug.cgi?id=1494182
--------------------------------------------------------------------------------