The following Fedora EPEL 6 Security updates need testing: Age URL 205 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6 187 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 181 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 113 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6 113 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 101 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-68a2c2db36 python-pymongo-3.0.3-1.el6 71 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6284ed5bb5 lighttpd-1.4.39-1.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-9514f006a5 mono-2.10.8-5.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b654a785a7 openvpn-2.3.10-1.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-83e43636a6 nodejs-ws-1.0.1-1.el6 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-819f6356ea tomcat-7.0.65-1.el6 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-77ee2edf04 wordpress-4.4.1-1.el6 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-550132e830 flite-1.3-24.el6 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7601108cdf keepassx-0.4.4-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-570414d664 prosody-0.9.9-2.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2b26e78b1e owncloud-7.0.12-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-75614c9a4f mbedtls-2.2.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing dcap-2.47.10-1.el6 libabigail-1.0-0.rc2.2.el6 mbedtls-2.2.1-1.el6 nordugrid-arc-5.0.5-1.el6 nordugrid-arc-doc-2.0.6-1.el6 owncloud-7.0.12-1.el6 perl-Date-Holidays-DE-1.7-1.el6 prosody-0.9.9-2.el6 python-ivi-0.14.9-3.el6 rubygem-sequel-4.30.0-1.el6 Details about builds: ================================================================================ dcap-2.47.10-1.el6 (FEDORA-EPEL-2016-d520ee2bea) Client Tools for dCache -------------------------------------------------------------------------------- Update Information: New release with IPv6 fixes. -------------------------------------------------------------------------------- ================================================================================ libabigail-1.0-0.rc2.2.el6 (FEDORA-EPEL-2016-64ee029010) Set of ABI analysis tools -------------------------------------------------------------------------------- Update Information: Add enum-val-stable-on-32-64-bits-patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #1283906 - [abrt] libabigail: abigail::dwarf_reader::build_reference_type(): abipkgdiff killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1283906 -------------------------------------------------------------------------------- ================================================================================ mbedtls-2.2.1-1.el6 (FEDORA-EPEL-2016-75614c9a4f) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information: - Update to 2.2.1 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released ---- - Rebase mbedTLS to 2.2.0 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl.1.2.18-released -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297437 - mbedtls, polarssl: potential double free during certificate generation https://bugzilla.redhat.com/show_bug.cgi?id=1297437 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-5.0.5-1.el6 (FEDORA-EPEL-2016-f75498ec33) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: NorduGrid ARC 15.03 update 6 http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-doc-2.0.6-1.el6 (FEDORA-EPEL-2016-f75498ec33) Advanced Resource Connector Documentation -------------------------------------------------------------------------------- Update Information: NorduGrid ARC 15.03 update 6 http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html -------------------------------------------------------------------------------- ================================================================================ owncloud-7.0.12-1.el6 (FEDORA-EPEL-2016-2b26e78b1e) Private file sync and share server -------------------------------------------------------------------------------- Update Information: This update provides the new upstream patch release of ownCloud (7.0.12 for EPEL 6, 8.0.10 for all other distributions). It also adds a 'well-known' redirect for WebDAV (alongside the existing ones for CalDAV and CardDAV) - if you don't know what this is, don't worry. These are bugfix updates which include fixes for some security vulnerabilities rated 'low' and 'medium' by upstream. For full details on the changes, see the [upstream changelog](https://www.owncloud.org/changelog) and the security advisories: [OC- SA-2016-001](https://owncloud.org/security/advisory/?id=oc-sa-2016-001), [OC- SA-2016-002](https://owncloud.org/security/advisory/?id=oc-sa-2016-002), [OC- SA-2016-003](https://owncloud.org/security/advisory/?id=oc-sa-2016-003), [OC- SA-2016-004](https://owncloud.org/security/advisory/?id=oc-sa-2016-004). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297353 - CVE-2016-1498 owncloud: reflected XSS in OCS provider discovery [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1297353 [ 2 ] Bug #1297359 - CVE-2016-1500 owncloud: disclosure of files that begin with ".v" due to unchecked return value [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1297359 -------------------------------------------------------------------------------- ================================================================================ perl-Date-Holidays-DE-1.7-1.el6 (FEDORA-EPEL-2016-5165916ded) Perl module to determine German holidays -------------------------------------------------------------------------------- Update Information: Date::Holidays::DE v1.7 ======================= - Added reformation day as one-time common federal holiday in 2017 - Thanks to Christoph Biedl -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297365 - Upgrade perl-Date-Holidays-DE to 1.7 https://bugzilla.redhat.com/show_bug.cgi?id=1297365 -------------------------------------------------------------------------------- ================================================================================ prosody-0.9.9-2.el6 (FEDORA-EPEL-2016-570414d664) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC: restrict_room_creation could prevent users from joining rooms (issue #458) * MUC: fix occasional dropping of iq stanzas sent privately between occupants * Fix a potential memory leak in mod_pep Additions --------- * Add http:list() command to telnet to view active HTTP services * Simplify IPv4/v6 address selection code for outgoing s2s * Add support for importing SCRAM hashes from ejabberd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use of weak PRNG in generation of dialback secrets https://bugzilla.redhat.com/show_bug.cgi?id=1296984 [ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files https://bugzilla.redhat.com/show_bug.cgi?id=1296983 -------------------------------------------------------------------------------- ================================================================================ python-ivi-0.14.9-3.el6 (FEDORA-EPEL-2016-745088385f) Python Interchangeable Virtual Instrument Library -------------------------------------------------------------------------------- Update Information: - New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294275 - Review Request: python-ivi - Python Interchangeable Virtual Instrument Library https://bugzilla.redhat.com/show_bug.cgi?id=1294275 -------------------------------------------------------------------------------- ================================================================================ rubygem-sequel-4.30.0-1.el6 (FEDORA-EPEL-2016-102d543ed3) The Database Toolkit for Ruby -------------------------------------------------------------------------------- Update Information: Upgrade to sequel 4.30.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1287389 - rubygem-sequel-4.30.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1287389 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/epel-devel@lists.fedoraproject.org