[EPEL-devel] Fedora EPEL 6 updates-testing report

updates Thu, 20 Sep 2018 04:23:07 -0700

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 102  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c   
unrtf-0.21.9-8.el6
  40  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f21474267b   
condor-8.6.11-1.el6
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-130324cf61   
gitolite3-3.6.9-1.el6
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-154bc7ea13   
php-tcpdf-6.2.22-1.el6
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-51146daa45   
hylafax+-5.6.1-1.el6



The following builds have been pushed to Fedora EPEL 6 updates-testing

    lcms2-2.8-6.el6
    mozilla-noscript-10.1.9.6-1.el6
    pcre2-10.21-22.el6
    twa-1.3.1-1.el6

Details about builds:


================================================================================
 lcms2-2.8-6.el6 (FEDORA-EPEL-2018-8667fe68a8)
 Color Management Engine
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2018-16435
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 18 2018 Rex Dieter <rdie...@fedoraproject.org> - 2.8-6
- (branch) CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function 
in cmsIT8LoadFromFile (#1628969)
* Thu Aug  3 2017 Fedora Release Engineering <rel...@fedoraproject.org> - 2.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <rel...@fedoraproject.org> - 2.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <rel...@fedoraproject.org> - 2.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1628969 - CVE-2018-16435 lcms2: heap-based buffer overflow in 
SetData function in cmsIT8LoadFromFile
        https://bugzilla.redhat.com/show_bug.cgi?id=1628969
--------------------------------------------------------------------------------


================================================================================
 mozilla-noscript-10.1.9.6-1.el6 (FEDORA-EPEL-2018-0d793474b0)
 JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:

This update introduces NoScript version 10 (WebExtension-compatible) required
for Firefox 60 ESR and moves the legacy (classic) version 5.x to SeaMonkey-
specific folder.  v 5.1.8.7
============================================================= * [Security] Fixed
script blocking bypass zero-day (thanks   Zerodium for unresponsible disclosure,
https://twitter.com/Zerodium/status/1039127214602641409) * [Surrogate] Fixed
typo in 2mdn replacement (thansk barbaz) * [XSS] Fixed InjectionChecker choking
at some big JSON   payloads sents as POST form data * [XSS] In-depth protection
against native ES6 modules abuse * Fixed classic beta channel users being
accidentally   migrated to stable (thanks barbaz)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Sep 16 2018 Dominik Mierzejewski <r...@greysector.net> - 10.1.9.6-1
- update to 10.1.9.6
- keep the classic version for seamonkey users
* Sun Sep 16 2018 Dominik Mierzejewski <r...@greysector.net> - 5.1.8.7-1
- update to 5.1.8.7 (fixes CVE-2018-16983)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1629212 - CVE-2018-16983 mozilla-noscript: NoScript Bypass via the 
text/html;/json Content-Type value
        https://bugzilla.redhat.com/show_bug.cgi?id=1629212
--------------------------------------------------------------------------------


================================================================================
 pcre2-10.21-22.el6 (FEDORA-EPEL-2018-c3e8e16112)
 Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:

This release fixes a a subject buffer overread in JIT when UTF is disabled and
\X or \R has a greater than 1 fixed quantifier.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 18 2018 Petr Pisar <ppi...@redhat.com> - 10.21-22
- Fix a subject buffer overread in JIT when UTF is disabled and \X or \R has
  a greater than 1 fixed quantifier (upstream bug #2320)
--------------------------------------------------------------------------------


================================================================================
 twa-1.3.1-1.el6 (FEDORA-EPEL-2018-326d748f33)
 Tiny web auditor with strong opinions
--------------------------------------------------------------------------------
Update Information:

New package - first bodhi update
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1629446 - Review Request: twa - tiny web auditor
        https://bugzilla.redhat.com/show_bug.cgi?id=1629446
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org

[EPEL-devel] Fedora EPEL 6 updates-testing report

Reply via email to