[EPEL-devel] Fedora EPEL 6 updates-testing report

updates Sat, 18 Feb 2017 11:18:00 -0800

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 591  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031   
python-virtualenv-12.0.7-1.el6
 585  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   
rubygem-crack-0.3.2-2.el6
 475  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb   
mcollective-2.8.4-1.el6
 446  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9   
thttpd-2.25b-24.el6
 177  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53   
chicken-4.11.0-3.el6
  57  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac   
libbsd-0.8.3-2.el6
  41  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c6c7bf06e   
dbus-sharp-0.7.0-16.el6 dbus-sharp-glib-0.5.0-14.el6 mono-4.2.4-9.el6
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-acd2c2af0d   
nagios-4.2.4-4.el6
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2f218dd2b9   
python-cjson-1.1.0-9.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c3b112eb9e   
tomcat-7.0.75-1.el6



The following builds have been pushed to Fedora EPEL 6 updates-testing

    RackTables-0.20.12-2.el6
    fail2ban-0.9.6-1.el6.1
    fedfind-3.5.0-1.el6
    lua-sec-0.6-1.el6
    lynis-2.4.2-1.el6
    mozilla-https-everywhere-5.2.11-1.el6
    python-cached_property-1.3.0-7.el6
    python-productmd-1.4-2.el6
    tomcat-7.0.75-1.el6

Details about builds:


================================================================================
 RackTables-0.20.12-2.el6 (FEDORA-EPEL-2017-0d03dfd411)
 A data-center asset management system
--------------------------------------------------------------------------------
Update Information:

Correct distro macro usage  ----  Rebase to 0.20.12
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1305396 - RackTables-0.20.11 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1305396
--------------------------------------------------------------------------------


================================================================================
 fail2ban-0.9.6-1.el6.1 (FEDORA-EPEL-2017-8cbc2bd81b)
 Ban IPs that make too many password failures
--------------------------------------------------------------------------------
Update Information:

Restore proper backend on EL6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1424639 - paths-fedora.conf refers to systemd on non-systemd build
        https://bugzilla.redhat.com/show_bug.cgi?id=1424639
--------------------------------------------------------------------------------


================================================================================
 fedfind-3.5.0-1.el6 (FEDORA-EPEL-2017-0a935d4db5)
 Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:

This update provides a new version of fedfind. The main changes are:  * The
synthesized metadata for non-Pungi 4 composes has been enhanced to include a
`composeinfo` dict, and `disc_number` items in the image dicts. These changes
are necessary for `resultsdb_conventions` to work with the synthesized metadata.
* The new Cloud nightly composes are now supported. This is necessary to prevent
some of the things that react to 'compose complete' messages doing wacky stuff
when they encounter such a compose.  Another change is that
`fedfind.release.get_release(url='someurl')` will no longer return generic
`Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk
suggested it may constitute a potential security problem in some use cases.  On
EPEL 6, the other packages don't change significantly, but the package spec
files were adjusted a bit so I went ahead and built the packages.
--------------------------------------------------------------------------------


================================================================================
 lua-sec-0.6-1.el6 (FEDORA-EPEL-2017-3e0831a324)
 Lua binding for OpenSSL library
--------------------------------------------------------------------------------
Update Information:

LuaSec 0.6 ==========  * Lua 5.2 and 5.3 compatibility * Context module:     -
Add ctx:checkkey() * SSL module:     - Add conn:sni() and conn:getsniname() *
Context options:     - Add "any" protocol ("sslv23" is deprecated) * HTTPS
module:     - Using "any" protocol without SSLv2/SSLv3, by default * X509
module:     - Human readable IP address     - Add cert:issued()     - Add
cert:pubkey() * Some bug fixes
--------------------------------------------------------------------------------


================================================================================
 lynis-2.4.2-1.el6 (FEDORA-EPEL-2017-e5760c4a67)
 Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:

Update to 2.4.2  ----  Update to 2.4.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1422705 - lynis-2.4.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1422705
  [ 2 ] Bug #1421133 - lynis-2.4.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1421133
--------------------------------------------------------------------------------


================================================================================
 mozilla-https-everywhere-5.2.11-1.el6 (FEDORA-EPEL-2017-7631c7b2ff)
 HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:

Apparently not all moving companies know that if you want the seat for your
recliner, you probably want the back of the chair, too.  ----  Many ruleset
fixes.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1400517 - mozilla-https-everywhere-5.2.11 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1400517
--------------------------------------------------------------------------------


================================================================================
 python-cached_property-1.3.0-7.el6 (FEDORA-EPEL-2017-0a935d4db5)
 A cached-property for decorating methods in Python classes
--------------------------------------------------------------------------------
Update Information:

This update provides a new version of fedfind. The main changes are:  * The
synthesized metadata for non-Pungi 4 composes has been enhanced to include a
`composeinfo` dict, and `disc_number` items in the image dicts. These changes
are necessary for `resultsdb_conventions` to work with the synthesized metadata.
* The new Cloud nightly composes are now supported. This is necessary to prevent
some of the things that react to 'compose complete' messages doing wacky stuff
when they encounter such a compose.  Another change is that
`fedfind.release.get_release(url='someurl')` will no longer return generic
`Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk
suggested it may constitute a potential security problem in some use cases.  On
EPEL 6, the other packages don't change significantly, but the package spec
files were adjusted a bit so I went ahead and built the packages.
--------------------------------------------------------------------------------


================================================================================
 python-productmd-1.4-2.el6 (FEDORA-EPEL-2017-0a935d4db5)
 Library providing parsers for metadata related to OS installation
--------------------------------------------------------------------------------
Update Information:

This update provides a new version of fedfind. The main changes are:  * The
synthesized metadata for non-Pungi 4 composes has been enhanced to include a
`composeinfo` dict, and `disc_number` items in the image dicts. These changes
are necessary for `resultsdb_conventions` to work with the synthesized metadata.
* The new Cloud nightly composes are now supported. This is necessary to prevent
some of the things that react to 'compose complete' messages doing wacky stuff
when they encounter such a compose.  Another change is that
`fedfind.release.get_release(url='someurl')` will no longer return generic
`Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk
suggested it may constitute a potential security problem in some use cases.  On
EPEL 6, the other packages don't change significantly, but the package spec
files were adjusted a bit so I went ahead and built the packages.
--------------------------------------------------------------------------------


================================================================================
 tomcat-7.0.75-1.el6 (FEDORA-EPEL-2017-c3b112eb9e)
 Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API
--------------------------------------------------------------------------------
Update Information:

This updates includes a rebase from tomcat 7.0.73 up to 7.0.75. The update
resolves a single CVE and one bug:  * rhbz#1420223 - CVE-2016-6325 tomcat
writable config files allow privilege escalation * rhbz#1372789 - init script
status gives incorrect results
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow 
privilege escalation
        https://bugzilla.redhat.com/show_bug.cgi?id=1367447
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org

[EPEL-devel] Fedora EPEL 6 updates-testing report

Reply via email to