The following Fedora EPEL 6 Security updates need testing: Age URL 583 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 577 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 467 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 439 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 170 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53 chicken-4.11.0-3.el6 50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6 34 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c6c7bf06e dbus-sharp-0.7.0-16.el6 dbus-sharp-glib-0.5.0-14.el6 mono-4.2.4-9.el6 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b17ae6b75a viewvc-1.1.26-1.el6 viewvc-1.1.26-1.el6 viewvc-1.1.26-1.el6 viewvc-1.1.26-1.el6 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2f6331df71 bitlbee-3.5.1-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-acd2c2af0d nagios-4.2.4-4.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2f218dd2b9 python-cjson-1.1.0-9.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing fedfind-3.4.3-1.el6 holland-1.0.14-3.el6 lynis-2.4.1-1.el6 nagios-4.2.4-4.el6 php-smbclient-0.9.0-1.el6 python-cached_property-1.3.0-7.el6 python-cjson-1.1.0-9.el6 python-defusedxml-0.4.1-9.el6 python-productmd-1.4-2.el6 xrootd-4.6.0-2.el6 Details about builds: ================================================================================ fedfind-3.4.3-1.el6 (FEDORA-EPEL-2017-0a935d4db5) Fedora compose and image finder -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main change is that the synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Release` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. If this change causes you trouble, please report an issue or contact me and it may be possible to restore the old behaviour as an option. On EPEL 7, there is now a Python 3 build of the fedfind library (currently `python34-fedfind`), and the `fedfind` CLI tool now uses the Python 3 library. The other updated packages also gain Python 3 builds of their libraries (they are all in fedfind's dependency chains). `freezegun` is updated to the last release in the 0.1 series, 0.1.19, which should be compatible with the previously-packaged version (0.1.12). On EPEL 6, the other packages don't change significantly, but the package spec files were adjusted a bit so I went ahead and built the packages. -------------------------------------------------------------------------------- ================================================================================ holland-1.0.14-3.el6 (FEDORA-EPEL-2017-b05651ba17) Pluggable Backup Framework -------------------------------------------------------------------------------- Update Information: - Remove unneeded holland_version macro - Remove example, maatkit, and random subpackages - Move holland.lib.mysql and holland.lib.lvm modules into their own subpackages - Clean up requirements -------------------------------------------------------------------------------- ================================================================================ lynis-2.4.1-1.el6 (FEDORA-EPEL-2017-9b64b8d526) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: Update to 2.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421133 - lynis-2.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1421133 -------------------------------------------------------------------------------- ================================================================================ nagios-4.2.4-4.el6 (FEDORA-EPEL-2017-acd2c2af0d) Host/service/network monitoring program -------------------------------------------------------------------------------- Update Information: We find out that RHEL-6 does not like non-UTF so removed German translation ---- Major update to Nagios to address outstanding Security needs. ---- nagios-4.0.8-1.fc21 nagios-4.0.8-1.fc22 nagios-4.0.8-1.el6 nagios-4.0.8-1.el7 nagios-4.0.8-1.fc23 - update to 4.0.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #469320 - CVE-2008-4796 snoopy: command execution via shell metacharacters https://bugzilla.redhat.com/show_bug.cgi?id=469320 [ 2 ] Bug #958002 - CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage https://bugzilla.redhat.com/show_bug.cgi?id=958002 [ 3 ] Bug #1046113 - CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() https://bugzilla.redhat.com/show_bug.cgi?id=1046113 -------------------------------------------------------------------------------- ================================================================================ php-smbclient-0.9.0-1.el6 (FEDORA-EPEL-2017-7991082396) PHP wrapper for libsmbclient -------------------------------------------------------------------------------- Update Information: **Version 0.9.0** - fix gh#47 Incorrect function definition for smbclient_read - optimization: enable stream wrapper reusing connections -------------------------------------------------------------------------------- ================================================================================ python-cached_property-1.3.0-7.el6 (FEDORA-EPEL-2017-0a935d4db5) A cached-property for decorating methods in Python classes -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main change is that the synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Release` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. If this change causes you trouble, please report an issue or contact me and it may be possible to restore the old behaviour as an option. On EPEL 7, there is now a Python 3 build of the fedfind library (currently `python34-fedfind`), and the `fedfind` CLI tool now uses the Python 3 library. The other updated packages also gain Python 3 builds of their libraries (they are all in fedfind's dependency chains). `freezegun` is updated to the last release in the 0.1 series, 0.1.19, which should be compatible with the previously-packaged version (0.1.12). On EPEL 6, the other packages don't change significantly, but the package spec files were adjusted a bit so I went ahead and built the packages. -------------------------------------------------------------------------------- ================================================================================ python-cjson-1.1.0-9.el6 (FEDORA-EPEL-2017-2f218dd2b9) Fast JSON encoder/decoder for Python -------------------------------------------------------------------------------- Update Information: This update prevents `python-cjson` from crashing when attempting to parse heavily nested JSON structures (which could be exploited for denial of service purposes, against any application that uses `python-cjson` to parse arbitrary input). -------------------------------------------------------------------------------- ================================================================================ python-defusedxml-0.4.1-9.el6 (FEDORA-EPEL-2017-11db92ff83) XML bomb protection for Python stdlib modules -------------------------------------------------------------------------------- Update Information: This updates `defusedxml` to the last upstream release which works with Python 2.6, 0.4.1. It also includes various package layout improvements. It renames the package from `python-defusedxml` to `python2-defusedxml`; obsoletes and provides are in place that should ensure a smooth transition. -------------------------------------------------------------------------------- ================================================================================ python-productmd-1.4-2.el6 (FEDORA-EPEL-2017-0a935d4db5) Library providing parsers for metadata related to OS installation -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main change is that the synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Release` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. If this change causes you trouble, please report an issue or contact me and it may be possible to restore the old behaviour as an option. On EPEL 7, there is now a Python 3 build of the fedfind library (currently `python34-fedfind`), and the `fedfind` CLI tool now uses the Python 3 library. The other updated packages also gain Python 3 builds of their libraries (they are all in fedfind's dependency chains). `freezegun` is updated to the last release in the 0.1 series, 0.1.19, which should be compatible with the previously-packaged version (0.1.12). On EPEL 6, the other packages don't change significantly, but the package spec files were adjusted a bit so I went ahead and built the packages. -------------------------------------------------------------------------------- ================================================================================ xrootd-4.6.0-2.el6 (FEDORA-EPEL-2017-85c437a7c5) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: New version 4.6.0, release notes are here: https://github.com/xrootd/xrootd/blob/v4.6.0/docs/ReleaseNotes.txt -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
