The following Fedora EPEL 6 Security updates need testing:
Age URL
510
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
504
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
436
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
394
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
366
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
96
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53
chicken-4.11.0-3.el6
36
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-cb5398893b
nodejs-0.10.48-3.el6
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e779f081b7
drupal7-7.52-1.el6
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2dba9625e2
p7zip-16.02-2.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-4e37be4ce3
dpkg-1.16.18-2.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0018ee705f
phpMyAdmin-4.0.10.18-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-63073e2e01
php-php-gettext-1.0.12-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
RBTools-0.7.7-1.el6
git-extras-4.2.0-3.el6
libqtxdg-qt4-1.2.0-11.el6
lout-3.40-5.el6
lrzip-0.616-5.el6
mimedefang-2.79-1.el6
pam_mapi-0.3.0-1.el6
perl-Image-ExifTool-10.36-1.el6
perl-Module-Extract-Use-1.04-2.el6
php-php-gettext-1.0.12-1.el6
phpMyAdmin-4.0.10.18-1.el6
python-pysocks-1.5.7-2.el6
python3-netifaces-0.10.5-2.el6
python3-ply-3.9-1.el6
python3-sqlalchemy-1.1.3-1.el6
python3-urllib3-1.19.1-2.el6
zarafa-7.1.14-3.el6
Details about builds:
================================================================================
RBTools-0.7.7-1.el6 (FEDORA-EPEL-2016-20dec62e25)
Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:
https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.7/
--------------------------------------------------------------------------------
================================================================================
git-extras-4.2.0-3.el6 (FEDORA-EPEL-2016-2a5d5308e9)
Little git extras
--------------------------------------------------------------------------------
Update Information:
Don't need run ./manning-up.sh was already done by upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396648 - Add git-extras to EPEL 6 & 7
https://bugzilla.redhat.com/show_bug.cgi?id=1396648
--------------------------------------------------------------------------------
================================================================================
libqtxdg-qt4-1.2.0-11.el6 (FEDORA-EPEL-2016-7553d4ee64)
QtXdg, a Qt4 implementation of XDG standards
--------------------------------------------------------------------------------
Update Information:
Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lout-3.40-5.el6 (FEDORA-EPEL-2016-e587162b22)
A document formatting system
--------------------------------------------------------------------------------
Update Information:
Unification of SPEC file and rebuild in all supported branches.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1201246 - Upgrade to 3.40
https://bugzilla.redhat.com/show_bug.cgi?id=1201246
--------------------------------------------------------------------------------
================================================================================
lrzip-0.616-5.el6 (FEDORA-EPEL-2016-332a361e38)
Compression program optimized for large files
--------------------------------------------------------------------------------
Update Information:
lrzip 0.616 =========== * Making things more homogeneous in checks, some
space removed * Simplifying and refactoring logic, alignment edits, empty
semantic rewire * Target directories must always exist and -f should not
create them * Deferring output directory after -f check has taken place *
Preserve extraction semantics without resorting to tar stripping * Making sure
last forward slash is removed from input path * Removing pointless forced
overwrite point check lrzip 0.615 =========== * Adjusting -O flag
semantics, options help update * Making -O flag operative for lrztar,
whitespace path fix, lrzuntar fix, other minor * Further tighten up ram
restrictions with stdin/stdout to prevent running out of memory with all the
buffers involved * Massive files fail with -U due to trying to allocate the
whole lot in ram while doing checksums. Do it piecemeal to avoid the problem.
Patch and debugging courtesy of Adam Tk���� * We have to run through the clear
buffer function even for empty buffers or corrupt archives with empty match
streams * MD5 code uses little endian so remove arbitrary SWAP macro and
explicitly use htole32 * Rewrite the magic if we receive lzma properties and
have not yet written them yet during stdout operation * Set the control lzma
properties only once * Add a control lock mutex for protecting certain control
variables * Fix stdin fake mremap creating null bytes on osx, patch courtesy
of John Boyle * Cache frequently used indirectly referenced variables in the
sliding mmap code * Micro-optimise sliding_get_sb_range * A fix for a bug
where large files containing the same non-zero bytes which requires a sliding
window, courtesy of Serge Belyshev * Put vchar should take a 64 bit integer
and is used from more than one call site so uninline it * Microoptimise in
hash_search * Inline rzip functions used from only one caller * Check for
successful calloc of hash table only after performing it * stdin_eof is just a
bool * hash_bits can only be up to 64 so use a char type * Check endianness
of build with autotools to enable md5 support on more platforms
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1154614 - Please update lrzip to 0.616 (current 0.614 fails to compress large
files with -U)
https://bugzilla.redhat.com/show_bug.cgi?id=1154614
--------------------------------------------------------------------------------
================================================================================
mimedefang-2.79-1.el6 (FEDORA-EPEL-2016-b431dcd90f)
E-Mail filtering framework using Sendmail's Milter interface
--------------------------------------------------------------------------------
Update Information:
MIMEDefang 2.79 =============== * Add the --data-dump option to scripts
/mimedefang-util * Improve Postfix compatibility by trying to get QueueID
after first RCPT command, and if not found, at the EOH milter phase * Make
mimedefang-multiplexor exit with a successful return code upon receipt of
SIGTERM * Use 64-bit variables where supported for some statstics counters
that could overflow with only 32-bit variables, yielding incorrect statistics
* Fix configure.in to correctly detect that an embedded Perl interpreter can be
destroyed/recreated on systems that need the -pthread GCC flag
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1380052 - mimedefang-2.79 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1380052
--------------------------------------------------------------------------------
================================================================================
pam_mapi-0.3.0-1.el6 (FEDORA-EPEL-2016-f7c1a040f4)
PAM module for authentication via MAPI against a Zarafa server
--------------------------------------------------------------------------------
Update Information:
Update to pam_mapi 0.3.0
--------------------------------------------------------------------------------
================================================================================
perl-Image-ExifTool-10.36-1.el6 (FEDORA-EPEL-2016-26ebc41c0e)
Utility for reading and writing image meta info
--------------------------------------------------------------------------------
Update Information:
Update to 10.36, latest stable release.
--------------------------------------------------------------------------------
================================================================================
perl-Module-Extract-Use-1.04-2.el6 (FEDORA-EPEL-2016-0a8ccddbbc)
Pull out the modules a module explicitly uses
--------------------------------------------------------------------------------
Update Information:
This is the first Fedora/EPEL release of perl-Module-Extract-Use.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1398690 - Review Request: perl-Module-Extract-Use - Pull out the modules a
module explicitly uses
https://bugzilla.redhat.com/show_bug.cgi?id=1398690
--------------------------------------------------------------------------------
================================================================================
php-php-gettext-1.0.12-1.el6 (FEDORA-EPEL-2016-63073e2e01)
Gettext emulation in PHP
--------------------------------------------------------------------------------
Update Information:
php-gettext 1.0.12 ================== * Security fix for potential code
injection bug (LP#1515334) * Do not assume mbstring functions are always
there, pass text through if they aren't (LP#734494)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1367462 - php-php-gettext: Arbitrary code execution in select_string,
ngettext and npgettext count parameter
https://bugzilla.redhat.com/show_bug.cgi?id=1367462
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.18-1.el6 (FEDORA-EPEL-2016-0018ee705f)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.18 (2016-11-25) ================================= This
release includes many security fixes of various levels of severity. For full
information on the vulnerabilities fixed and mitigation factors for users who
are unable to upgrade, refer to the ChangeLog file included with this release
and the security announcements at
https://www.phpmyadmin.net/security/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1399197 - CVE-2016-4412 phpMyAdmin: Multiple vulnerabilities fixed in
4.0.10.18, 4.4.15.9 and 4.6.5 versions
https://bugzilla.redhat.com/show_bug.cgi?id=1399197
--------------------------------------------------------------------------------
================================================================================
python-pysocks-1.5.7-2.el6 (FEDORA-EPEL-2016-2a0c3ee3bf)
A Python SOCKS client module
--------------------------------------------------------------------------------
Update Information:
Initial build for python34 on el6 ---- A fork of SocksiPy with bug fixes and
extra features. Acts as a drop-in replacement to the socket module. Featuring:
- SOCKS proxy client for Python 2.6 - 3.x - TCP and UDP both supported - HTTP
proxy client included but not supported or recommended (you should use
urllib2's or requests' own HTTP proxy interface) - urllib2 handler included.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1399437 - python3-urllib3 needs python(3*)-pysocks in EL6
https://bugzilla.redhat.com/show_bug.cgi?id=1399437
--------------------------------------------------------------------------------
================================================================================
python3-netifaces-0.10.5-2.el6 (FEDORA-EPEL-2016-2a0db31279)
Python library to retrieve information about network interfaces
--------------------------------------------------------------------------------
Update Information:
This package provides a cross platform API for getting address information from
network interfaces.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396273 - Review Request: python3-netifaces - Python library to retrieve
information about network interfaces
https://bugzilla.redhat.com/show_bug.cgi?id=1396273
--------------------------------------------------------------------------------
================================================================================
python3-ply-3.9-1.el6 (FEDORA-EPEL-2016-a8d6434886)
Python Lex-Yacc
--------------------------------------------------------------------------------
Update Information:
PLY is a straightforward lex/yacc implementation. Here is a list of its
essential features: * It is implemented entirely in Python. * It uses LR-
parsing which is reasonably efficient and well suited for larger grammars. *
PLY provides most of the standard lex/yacc features including support for
empty productions, precedence rules, error recovery, and support for ambiguous
grammars. * PLY is straightforward to use and provides very extensive error
checking. * PLY doesn't try to do anything more or less than provide the basic
lex/yacc functionality. In other words, it's not a large parsing framework or
a component of some larger system. functionality. In other words, it's not
a large parsing framework or a component of some larger system.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1384249 - Review Request: python3-ply - Python Lex-Yacc
https://bugzilla.redhat.com/show_bug.cgi?id=1384249
--------------------------------------------------------------------------------
================================================================================
python3-sqlalchemy-1.1.3-1.el6 (FEDORA-EPEL-2016-2183cbb6f0)
Modular and flexible ORM library for python
--------------------------------------------------------------------------------
Update Information:
SQLAlchemy is an Object Relational Mappper (ORM) that provides a flexible, high-
level interface to SQL databases. Database and domain concepts are decoupled,
allowing both sides maximum flexibility and power. SQLAlchemy provides a
powerful mapping layer that can work as automatically or as manually as you
choose, determining relationships based on foreign keys or letting you define
the join conditions explicitly, to bridge the gap between database and domain.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1384130 - Review Request: python3-sqlalchemy - Modular and flexible ORM
library for python
https://bugzilla.redhat.com/show_bug.cgi?id=1384130
--------------------------------------------------------------------------------
================================================================================
python3-urllib3-1.19.1-2.el6 (FEDORA-EPEL-2016-732619d941)
Python 3 HTTP library with thread-safe connection pooling and file post
--------------------------------------------------------------------------------
Update Information:
Python 3 HTTP module with connection pooling and file POST abilities.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1376940 - Review Request: python3-urllib3 - Python 3 HTTP library with
thread-safe connection pooling and file post
https://bugzilla.redhat.com/show_bug.cgi?id=1376940
--------------------------------------------------------------------------------
================================================================================
zarafa-7.1.14-3.el6 (FEDORA-EPEL-2016-d902862287)
Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:
- Added upstream patch to fix broken group expansion (ZCP-12148)
--------------------------------------------------------------------------------