The following Fedora EPEL 6 Security updates need testing: Age URL 474 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 468 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 399 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 358 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 330 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 215 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-30a8346813 vtun-3.0.1-10.el6 60 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53 chicken-4.11.0-3.el6 32 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-25e30f6dc3 jansson-2.9-1.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2f6f1435ed tor-0.2.8.9-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a886ace670 tomcat-7.0.72-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-cb5398893b nodejs-0.10.48-3.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing nodejs-0.10.48-3.el6 pcre2-10.21-8.el6 perl-Tangerine-0.23-1.el6 php-fedora-autoloader-0.1.2-1.el6 tomcat-7.0.72-1.el6 Details about builds: ================================================================================ nodejs-0.10.48-3.el6 (FEDORA-EPEL-2016-cb5398893b) JavaScript runtime -------------------------------------------------------------------------------- Update Information: Update to 0.10.48 (security fix) ---- Update to 0.10.47 (security fix) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1388029 - Please update nodejs to 0.10.48 because of CVE-2016-5180 https://bugzilla.redhat.com/show_bug.cgi?id=1388029 -------------------------------------------------------------------------------- ================================================================================ pcre2-10.21-8.el6 (FEDORA-EPEL-2016-fb720dbe88) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release documents an existing assert capture limitination. ---- This release fixes compilation of conditionals when a group name starts with "R". It fixes optimization for patterns starting with lookaheads. It also corrects displaying a callout position in pcretest output if an escape sequence is greater than \x{ff}. It also corrects internal options documentation and misspelllings in pcrepattern(3) manual page. -------------------------------------------------------------------------------- ================================================================================ perl-Tangerine-0.23-1.el6 (FEDORA-EPEL-2016-64393af006) Analyse perl files and report module-related information -------------------------------------------------------------------------------- Update Information: A new version of Tangerine is available. This release introduces support for Test::Needs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387944 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387944 -------------------------------------------------------------------------------- ================================================================================ php-fedora-autoloader-0.1.2-1.el6 (FEDORA-EPEL-2016-f6b9b78cd3) Fedora Autoloader -------------------------------------------------------------------------------- Update Information: Static [PSR-4](http://www.php-fig.org/psr/psr-4/), [PSR-0](http://www.php- fig.org/psr/psr-0/), and classmap autoloader. Includes loader for required and optional dependencies. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1386735 - None https://bugzilla.redhat.com/show_bug.cgi?id=1386735 -------------------------------------------------------------------------------- ================================================================================ tomcat-7.0.72-1.el6 (FEDORA-EPEL-2016-a886ace670) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API -------------------------------------------------------------------------------- Update Information: This updates includes a rebase from tomcat 7.0.70 up to 7.0.72 which resolves one CVE: * rhbz#1375582 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header and includes one additional CVE fix along with two bug fixes: * rhbz#1376718 CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script * rhbz#1379170 jsvc script is broken * rhbz#1170797 remove tomcat6 dependency on redhat-lsb (and any other unnecessary ones) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1170797 - remove tomcat6 dependency on redhat-lsb (and any other unnecessary ones) https://bugzilla.redhat.com/show_bug.cgi?id=1170797 [ 2 ] Bug #1379170 - jsvc script is broken https://bugzilla.redhat.com/show_bug.cgi?id=1379170 [ 3 ] Bug #1376718 - CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1376718 [ 4 ] Bug #1375582 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1375582 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
