The following Fedora EPEL 6 Security updates need testing: Age URL 393 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 387 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 318 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 277 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 249 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 134 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-30a8346813 vtun-3.0.1-10.el6 40 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-db7e78fac7 php-PHPMailer-5.2.16-2.el6 33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d0e444c5f2 pypy-5.0.1-4.el6 32 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7a25f65890 nginx-1.10.1-1.el6 23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-225fc51f32 chicken-4.11.0-2.el6 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d1c7111779 p7zip-16.02-1.el6 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-823164477b php-doctrine-orm-2.4.8-1.el6 php-doctrine-dbal-2.4.5-1.el6 php-doctrine-common-2.4.3-2.el6 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6e8996ae73 php-ZendFramework2-2.2.10-2.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2d00357bc8 dietlibc-0.33-8.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-66eb498b93 v8-3.14.5.10-25.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-af2033a524 cryptopp-5.6.2-10.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d8fc3f17ea libarchive3-3.2.1-1.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b191f5d359 collectd-4.10.9-3.el6 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-36216b1c0b nodejs-0.10.46-1.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-905a05c10e lighttpd-1.4.41-1.el6 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aded7e0561 drupal7-features-2.10-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bee6c8b3c9 mongodb-2.4.14-3.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing gnudos-1.9-1.el6 golang-github-coreos-go-systemd-10-1.el6 golang-github-grpc-grpc-go-0-0.10.git02fca89.el6 golang-googlecode-gogoprotobuf-0.2-0.3.gite18d7aa.el6 mongodb-2.4.14-3.el6 mozilla-noscript-2.9.0.13-1.el6 nwipe-0.18-1.el6 Details about builds: ================================================================================ gnudos-1.9-1.el6 (FEDORA-EPEL-2016-b1fb233b97) The GnuDOS library for GNU/Linux -------------------------------------------------------------------------------- Update Information: Bug fixes -------------------------------------------------------------------------------- ================================================================================ golang-github-coreos-go-systemd-10-1.el6 (FEDORA-EPEL-2016-0a2bcac69a) Go bindings to systemd socket activation, journal and D-BUS APIs -------------------------------------------------------------------------------- Update Information: Bump to upstream d6c05a1dcbb5ac02b7653da4d99e5db340c20778 ---- Update ---- Bump to upstream cea488b4e6855fee89b6c22a811e3c5baca861b6 ---- Bump to upstream be94bc700879ae8217780e9d141789a2defa302b -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248722 - Tracker for golang-github-coreos-go-systemd https://bugzilla.redhat.com/show_bug.cgi?id=1248722 -------------------------------------------------------------------------------- ================================================================================ golang-github-grpc-grpc-go-0-0.10.git02fca89.el6 (FEDORA-EPEL-2016-a335b1bddb) The Go language implementation of gRPC. HTTP/2 based RPC -------------------------------------------------------------------------------- Update Information: Bump to upstream 02fca896ff5f50c6bbbee0860345a49344b37a03 ---- Bump to upstream e78224b060cf3215247b7be455f80ea22e469b66 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1250461 - Tracker for golang-github-grpc-grpc-go https://bugzilla.redhat.com/show_bug.cgi?id=1250461 -------------------------------------------------------------------------------- ================================================================================ golang-googlecode-gogoprotobuf-0.2-0.3.gite18d7aa.el6 (FEDORA-EPEL-2016-cfe54f76c1) A fork of goprotobuf with several extra features -------------------------------------------------------------------------------- Update Information: Bump to upstream e18d7aa8f8c624c915db340349aad4c49b10d173 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1246215 - Tracker for golang-googlecode-gogoprotobuf https://bugzilla.redhat.com/show_bug.cgi?id=1246215 -------------------------------------------------------------------------------- ================================================================================ mongodb-2.4.14-3.el6 (FEDORA-EPEL-2016-bee6c8b3c9) High-performance, schema-free document-oriented database -------------------------------------------------------------------------------- Update Information: Security fix for not logging potentially sensitive information in MongoDB log -------------------------------------------------------------------------------- References: [ 1 ] Bug #1362580 - mongodb: Logging potentially sensitive information when authenticating https://bugzilla.redhat.com/show_bug.cgi?id=1362580 -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-2.9.0.13-1.el6 (FEDORA-EPEL-2016-9a8817045d) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: * Added missing "s" in noscript.mandatory/about:feeds * Updated DNT implementation to match the most recent spec about navigator.doNotTrack values (thanks Francois Merier) * [XSS] Better compatibility with Unionbank's website (thanks Brent for reporting) * Fixed bug 1278735 (JavaScript disabled in private windows) * Fixed JSON viewer not working * about:feed in the mandatory whitelist to fix bug 1272139 * [XSS] Disable JavaScript on FTP-served pages when a potential DOM XSS threat is detected (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed DOS through script-triggered ClickToPlay confirmation dialogs in a loop (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed placeholder links might be potentially used as XSS vectors if stars were properly aligned (thanks Emanuel Bronshtein @e3amn2l for reporting) * [Surrogate] Updated google- analytics.com replacement (thanks noscriptsplox) * [XSS] Fixed regression (thanks Masato Kinugawa for report) * [XSS] Fixed infrastructure issue preventing one filter from being automatically synchronized with Mozilla's source code as designed (thanks .mario and Maxim Rupp for reporting) * [XSS] Added filtering for a potential CSRF vector (thanks Masato Kinugawa for reporting) * Fixed placeholder activation in Gecko 45 and above * [XSS] Compatibility exception for the Printfriendly add-on * Removed msn.com from the default whitelist, since it seems to be unable to support HTTPS consistently * Fixed incompatibility with Firefox below version 38 * Tentative fix for an issue with explicit ports in HTTPS upgraded URLs * [HTTPS] Removed legacy redirection methods when redirectTo() is available in HTTP channels, fixing YouTube embedding problem * Replaced newChannel() with newChannel2() on Gecko 48 * [HTTPS] Limit httpsDefWhitelist effect to document loads * [XSS] Reduced eval aliasing checks false positives -------------------------------------------------------------------------------- References: [ 1 ] Bug #1362319 - mozilla-noscript-2.9.0.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1362319 -------------------------------------------------------------------------------- ================================================================================ nwipe-0.18-1.el6 (FEDORA-EPEL-2016-3dfeaa8630) Securely erase disks using a variety of recognized methods -------------------------------------------------------------------------------- Update Information: Update to 0.18 upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1360763 - nwipe-0.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1360763 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
