The following Fedora EPEL 6 Security updates need testing: Age URL 367 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6 349 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 343 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 274 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 233 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 205 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 97 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8fbd838843 dropbear-2016.72-1.el6 90 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-30a8346813 vtun-3.0.1-10.el6 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-52cc1f9c07 iperf3-3.0.12-1.el6 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7640e3144a proftpd-1.3.3g-10.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-42cb1b4ac8 php-ZendFramework2-2.2.10-1.el6 php-zendframework-zendxml-1.0.2-2.el6 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2dcebb06db drupal7-7.44-1.el6 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f87bf0c040 mhonarc-2.6.19-5.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e7c7e5786e squidGuard-1.4-10.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing carbon-c-relay-2.1-1.el6 clustershell-1.7.2-1.el6 drush-6.7.0-2.el6 engauge-digitizer-8.2-1.el6 openconnect-7.06-1.el6 ovirt-guest-agent-1.0.12-2.el6 pcre2-10.21-5.el6 perl-DBIx-RunSQL-0.15-1.el6 perl-Net-SSLGlue-1.058-1.el6 php-nette-application-2.3.13-1.el6 php-nette-bootstrap-2.3.5-1.el6 php-nette-di-2.3.11-1.el6 php-nette-http-2.3.7-1.el6 php-nette-neon-2.3.5-1.el6 php-nette-php-generator-2.3.6-1.el6 php-nette-robot-loader-2.3.2-1.el6 php-nette-security-2.3.2-1.el6 php-nette-tokenizer-2.2.3-1.el6 php-nette-utils-2.3.10-1.el6 php-pear-crypt-gpg-1.4.2-1.el6 privoxy-3.0.24-2.el6 squidGuard-1.4-10.el6 Details about builds: ================================================================================ carbon-c-relay-2.1-1.el6 (FEDORA-EPEL-2016-850823a87e) Enhanced C implementation of Carbon relay, aggregator and rewriter -------------------------------------------------------------------------------- Update Information: Update to 2.1 ---- Disable manpage creation for systems which don't have nodejs ---- Set correct user in systemd unit file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347482 - carbon-c-relay-v2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1347482 [ 2 ] Bug #1341361 - carbon-c-relay-v2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1341361 -------------------------------------------------------------------------------- ================================================================================ clustershell-1.7.2-1.el6 (FEDORA-EPEL-2016-3bae25b459) Python framework for efficient cluster administration -------------------------------------------------------------------------------- Update Information: Minor release 1.7.2. Bugfix for tree mode and better error handling (like broken pipe). The only new minor enhancement is the --pick option available with clush and nodeset. -------------------------------------------------------------------------------- ================================================================================ drush-6.7.0-2.el6 (FEDORA-EPEL-2016-8bb2f36d42) Command line shell and scripting interface for Drupal -------------------------------------------------------------------------------- Update Information: **RPM-only update:** Add missing `php-composer(pear/console_table)` dependency -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347826 - drush should require php-pear(Console_Table) https://bugzilla.redhat.com/show_bug.cgi?id=1347826 -------------------------------------------------------------------------------- ================================================================================ engauge-digitizer-8.2-1.el6 (FEDORA-EPEL-2016-0e9e38707a) Convert graphs or map files into numbers -------------------------------------------------------------------------------- Update Information: - Update to 8.2 -------------------------------------------------------------------------------- ================================================================================ openconnect-7.06-1.el6 (FEDORA-EPEL-2016-91ee1024cb) Open client for Cisco AnyConnect VPN -------------------------------------------------------------------------------- Update Information: Update to 7.06 release -------------------------------------------------------------------------------- ================================================================================ ovirt-guest-agent-1.0.12-2.el6 (FEDORA-EPEL-2016-8861978763) The oVirt Guest Agent -------------------------------------------------------------------------------- Update Information: Bump to upstream 1.0.12.1 ---- Update to upstream version 1.0.12 - oVirt 4.0 ---- Bump to ovirt guest agent 1.0.11.3 release (ovirt 3.6.5) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1332723 - ovirt-rhevm-agent floods engine.log with Invalid or unknown guest arch type 'i686' when running rhel-5 kernel-pae guests https://bugzilla.redhat.com/show_bug.cgi?id=1332723 [ 2 ] Bug #1277569 - [RFE] Atomic guest OS support https://bugzilla.redhat.com/show_bug.cgi?id=1277569 [ 3 ] Bug #1273399 - [RFE] Support for reporting Docker containers active on the Virtual Machine https://bugzilla.redhat.com/show_bug.cgi?id=1273399 [ 4 ] Bug #1298120 - [RFE] Support for hooks in the guest agent https://bugzilla.redhat.com/show_bug.cgi?id=1298120 -------------------------------------------------------------------------------- ================================================================================ pcre2-10.21-5.el6 (FEDORA-EPEL-2016-78efa24b69) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes pcregrep output if -o with -M options are uses and the match extends over a line boundary. ---- This release fixes a race in locking JIT compiler and an ovector check in JIT test. It also enables JIT in pcre2grep tool so that it respects user's options regarding JIT usage. -------------------------------------------------------------------------------- ================================================================================ perl-DBIx-RunSQL-0.15-1.el6 (FEDORA-EPEL-2016-b6413ffdb3) Run SQL commands from a file -------------------------------------------------------------------------------- Update Information: 0.15 20160619 --- - Fix grammar error (RT #114768, contributed by eythian ) - Allow for trailing whitespace while parsing SQL (RT #115442, contributed by niceperl) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348010 - perl-DBIx-RunSQL-0.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1348010 -------------------------------------------------------------------------------- ================================================================================ perl-Net-SSLGlue-1.058-1.el6 (FEDORA-EPEL-2016-7aec5bf6da) Add/extend SSL support for common perl modules -------------------------------------------------------------------------------- Update Information: 1.058 2016/06/17 - RT#109887 - fix t/01_load.t in case only very old version of LWP was installed which did not have LWP::Protocol::https -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347690 - perl-Net-SSLGlue-1.058 is available https://bugzilla.redhat.com/show_bug.cgi?id=1347690 -------------------------------------------------------------------------------- ================================================================================ php-nette-application-2.3.13-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette Application MVC Component -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-nette-bootstrap-2.3.5-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette Bootstrap -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-nette-di-2.3.11-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette Dependency Injection Component -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-nette-http-2.3.7-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette HTTP Component -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-nette-neon-2.3.5-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette NEON: parser and generator for Nette Object Notation -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-nette-php-generator-2.3.6-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette PHP Generator -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-nette-robot-loader-2.3.2-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette RobotLoader: comfortable autoloading -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-nette-security-2.3.2-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette Security: Access Control Component -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-nette-tokenizer-2.2.3-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette Tokenizer -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-nette-utils-2.3.10-1.el6 (FEDORA-EPEL-2016-656b864b36) Nette Utility Classes -------------------------------------------------------------------------------- Update Information: **application 2.3.13** * Route: Added variable for domain second level name (%sld%) * Route: fixed checking for missing [ --- **bootstrap 2.3.5** * TracyBridge: fixed highlighting of long lines nette/tracy#156 * compatible only with nette/di 2.3.* --- **di 2.3.11** * PhpReflection: fixed expanding to FQCN in bracketed namespace * added Compiler::setClassName() --- **http 2.3.7** * Session: removed duplicated warning about sent headers * Response::setExpiration() removes header Pragma --- **neon 2.3.5** * Decoder: fixed datetime regexp #29 * Decoder: some regexps changed to constants --- **php-generator 2.3.6** * Helpers::dump() support for infinite floats * added addComment(), setComment() and getComment() --- **robot-loader 2.3.2** * tests, typos --- **security 2.3.2** * tests, typos --- **tokenizer 2.2.3** * improved coding style * travis: migrating to container-based infrastructure --- **utils 2.3.10** * Html: added addHtml() and addText() (#111) -------------------------------------------------------------------------------- ================================================================================ php-pear-crypt-gpg-1.4.2-1.el6 (FEDORA-EPEL-2016-c1f7b0e584) GNU Privacy Guard (GnuPG) -------------------------------------------------------------------------------- Update Information: **Version 1.4.2** This release fixes following bugs: * Fix Bug pear#21074: Crypt-gpg-pinentry fails on system without PEAR/Exception. * Fix Bug pear#21075: Fatal error: Object of class Crypt_GPG_Key could not be converted. * Fix Bug pear#21077: Increase Crypt_GPG_Engine::CHUNK_SIZE for better performance * Fix Bug pear#21081: Performance bottleneck in pipes handling. * Feature pear#21079: Added Crypt_GPG::exportPrivateKey() method. -------------------------------------------------------------------------------- ================================================================================ privoxy-3.0.24-2.el6 (FEDORA-EPEL-2016-d40efedf8d) Privacy enhancing proxy -------------------------------------------------------------------------------- Update Information: postun fix. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331814 - privoxy postuninstall scriptlet fails on a non-existing operation https://bugzilla.redhat.com/show_bug.cgi?id=1331814 -------------------------------------------------------------------------------- ================================================================================ squidGuard-1.4-10.el6 (FEDORA-EPEL-2016-e7c7e5786e) Filter, redirector and access controller plugin for squid -------------------------------------------------------------------------------- Update Information: http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1323211 - "squidGuard" doesn't guard - no errormessages when failing https://bugzilla.redhat.com/show_bug.cgi?id=1323211 [ 2 ] Bug #1348459 - squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1348459 [ 3 ] Bug #1253636 - error: squidGuard:7 error verifying olddir path /var/log/squidGuard/old: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=1253636 [ 4 ] Bug #1253633 - /var/log/squidGuard permissions https://bugzilla.redhat.com/show_bug.cgi?id=1253633 [ 5 ] Bug #1348458 - squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1348458 --------------------------------------------------------------------------------
