The following Fedora EPEL 6 Security updates need testing: Age URL 971 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 861 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 832 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 443 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6 172 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6 92 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e optipng-0.7.6-6.el6 64 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462 heimdal-7.5.0-1.el6 58 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4 rootsh-1.5.3-17.el6 27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f742513635 jhead-3.00-9.el6 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5d12c76136 drupal7-7.57-1.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7e91105260 clamav-0.99.4-1.el6 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a27d71c715 pax-utils-1.2.3-1.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-4bcfff2d5e tor-0.2.9.15-1.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing nmh-1.7.1-3.el6 php-simplesamlphp-saml2-2.3.8-1.el6 php-simplesamlphp-saml2_1-1.10.6-1.el6 pidgin-sipe-1.23.2-1.el6 python-antlr-2.7.7-5.el6 Details about builds: ================================================================================ nmh-1.7.1-3.el6 (FEDORA-EPEL-2018-eae0de1c6b) A capable MIME-email-handling system with a command-line interface -------------------------------------------------------------------------------- Update Information: Replaced /usr/bin/vi with /bin/vi. -------------------------------------------------------------------------------- ================================================================================ php-simplesamlphp-saml2-2.3.8-1.el6 (FEDORA-EPEL-2018-57cbc61216) SAML2 PHP library from SimpleSAMLphp -------------------------------------------------------------------------------- Update Information: * [SSPSA 201803-01 / CVE-2018-7711](https://simplesamlphp.org/security/201803-01) * [SSPSA 201802-01 / CVE-2018-7644](https://simplesamlphp.org/security/201802-01) * [SSPSA 201801-01 / CVE-2018-6519](https://simplesamlphp.org/security/201801-01) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1553357 - CVE-2018-7711 php-simplesamlphp-saml2: Authentication Bypass in the signature validation utilities https://bugzilla.redhat.com/show_bug.cgi?id=1553357 [ 2 ] Bug #1553352 - CVE-2018-7644 php-simplesamlphp-saml2: Signature Validation Bypass https://bugzilla.redhat.com/show_bug.cgi?id=1553352 [ 3 ] Bug #1542244 - CVE-2018-6519 php-simplesamlphp-saml2: Denial of Service in xs:DateTime timestamp in SAML2 library https://bugzilla.redhat.com/show_bug.cgi?id=1542244 -------------------------------------------------------------------------------- ================================================================================ php-simplesamlphp-saml2_1-1.10.6-1.el6 (FEDORA-EPEL-2018-0f3319c1ea) SAML2 PHP library from SimpleSAMLphp (version 1) -------------------------------------------------------------------------------- Update Information: * [SSPSA 201803-01 / CVE-2018-7711](https://simplesamlphp.org/security/201803-01) * [SSPSA 201802-01 / CVE-2018-7644](https://simplesamlphp.org/security/201802-01) * [SSPSA 201801-01 / CVE-2018-6519](https://simplesamlphp.org/security/201801-01) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1553357 - CVE-2018-7711 php-simplesamlphp-saml2: Authentication Bypass in the signature validation utilities https://bugzilla.redhat.com/show_bug.cgi?id=1553357 [ 2 ] Bug #1553352 - CVE-2018-7644 php-simplesamlphp-saml2: Signature Validation Bypass https://bugzilla.redhat.com/show_bug.cgi?id=1553352 [ 3 ] Bug #1542244 - CVE-2018-6519 php-simplesamlphp-saml2: Denial of Service in xs:DateTime timestamp in SAML2 library https://bugzilla.redhat.com/show_bug.cgi?id=1542244 -------------------------------------------------------------------------------- ================================================================================ pidgin-sipe-1.23.2-1.el6 (FEDORA-EPEL-2018-a1b231db0b) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information: New upstream release: * add support for IPv6 addresses in SIP & SDP messages * extend libpurple D-Bus interface * don't load buddy photos from unknown sites by default * add support for user redirect in Lync autodiscover * enable audio/video calls for Office365 cloud-based accounts * fix some HTTP requests that were not sent -------------------------------------------------------------------------------- ================================================================================ python-antlr-2.7.7-5.el6 (FEDORA-EPEL-2018-2a2c9fbdde) Python runtime support for ANTLR-generated parsers -------------------------------------------------------------------------------- Update Information: This package contains the Python runtime support for ANTLR-generated parsers. **NOTE:** this EL6-only package supplements RHEL6 package antlr, which is missing the Python runtime support. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1189171 - Review Request: python-antlr - Python runtime support for ANTLR-generated parsers https://bugzilla.redhat.com/show_bug.cgi?id=1189171 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
