The following Fedora EPEL 6 Security updates need testing: Age URL 39 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c unrtf-0.21.9-8.el6 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c4ebc0d2d wordpress-4.9.7-1.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d801e05f92 uwsgi-2.0.17.1-1.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing aha-0.4.10.6-2.el6 gitolite3-3.6.8-1.el6 globus-ftp-control-8.5-1.el6 globus-gridftp-server-12.7-1.el6 globus-gridftp-server-control-6.3-1.el6 icat-0.5-2.el6 libpng10-1.0.69-5.el6 singularity-2.5.99-1.1.el6 Details about builds: ================================================================================ aha-0.4.10.6-2.el6 (FEDORA-EPEL-2018-c6bff39762) Convert terminal output to HTML -------------------------------------------------------------------------------- Update Information: New package - first build & update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1601224 - Review Request: aha - Convert terminal output to HTML https://bugzilla.redhat.com/show_bug.cgi?id=1601224 -------------------------------------------------------------------------------- ================================================================================ gitolite3-3.6.8-1.el6 (FEDORA-EPEL-2018-33baccb6ce) Highly flexible server for git directory version tracker -------------------------------------------------------------------------------- Update Information: 3.6.8 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 17 2018 Gwyn Ciesla <limburgher@xxxxxxxxx> - 1:3.6.8-1 - Latest upstream. * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:3.6.7-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Jun 27 2018 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1:3.6.7-6 - Perl 5.28 rebuild * Tue Apr 24 2018 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 1:3.6.7-5 - Back upstream patch making gitolite respect the ALLOW_ORPHAN_GL_CONF configuration variabe - Include the compile-1 command upstream brought in Fedora in: https://github.com/sitaramc/gitolite/commit/afb8afa14a892895dc48664c6526351cb * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:3.6.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Aug 23 2017 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 1:3.6.7-3 - Backport upstream patch for dist-git Upstream: https://github.com/sitaramc/gitolite/commit/41b7885b77cfe992ad3c96d0b021ece51ce1b3e3 * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:3.6.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ globus-ftp-control-8.5-1.el6 (FEDORA-EPEL-2018-eed9870623) Globus Toolkit - GridFTP Control Library -------------------------------------------------------------------------------- Update Information: globus-gridftp-server (12.7) * Force IPC encryption if server configuration requires * Fix old IPC bug making it hard to diagnose racy connection failures globus-gridftp-server-control (6.3), globus-ftp-control (8.5) * Force encryption on TLS control channel -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 15 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 8.5-1 - GT6 update: Force encryption on TLS control channel * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 8.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ globus-gridftp-server-12.7-1.el6 (FEDORA-EPEL-2018-eed9870623) Globus Toolkit - Globus GridFTP Server -------------------------------------------------------------------------------- Update Information: globus-gridftp-server (12.7) * Force IPC encryption if server configuration requires * Fix old IPC bug making it hard to diagnose racy connection failures globus-gridftp-server-control (6.3), globus-ftp-control (8.5) * Force encryption on TLS control channel -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 15 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 12.7-1 - GT6 update: - Force IPC encryption if server configuration requires - Fix old IPC bug making it hard to diagnose racy connection failures * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ globus-gridftp-server-control-6.3-1.el6 (FEDORA-EPEL-2018-eed9870623) Globus Toolkit - Globus GridFTP Server Library -------------------------------------------------------------------------------- Update Information: globus-gridftp-server (12.7) * Force IPC encryption if server configuration requires * Fix old IPC bug making it hard to diagnose racy connection failures globus-gridftp-server-control (6.3), globus-ftp-control (8.5) * Force encryption on TLS control channel -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 15 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 6.3-1 - GT6 update: Force encryption on TLS control channel * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ icat-0.5-2.el6 (FEDORA-EPEL-2018-a432d0b861) Output images in terminal -------------------------------------------------------------------------------- Update Information: Rebuild respecting distro CFLAGS -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 18 2018 Artur Iwicki <fedora@xxxxxxxxxx> - 0.5.2 - Add %set_build_flags to %build - Use %make_build instead of "make %{?_smp_flags}" - Add gcc to BuildRequires -------------------------------------------------------------------------------- ================================================================================ libpng10-1.0.69-5.el6 (FEDORA-EPEL-2018-aeb81e4fba) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information: Fix for CVE-2018-13785: the libpng10 library was vulnerable to an integer overflow and resultant divide-by-zero in the pngrutil.c:png_check_chunk_length() function. An attacker could exploit this to cause a denial of service via a crafted PNG file. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 13 2018 Paul Howarth <paul@xxxxxxxxxxxx> - 1.0.69-5 - Fix the calculation of row_factor in png_check_chunk_length (CVE-2018-13785) * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.69-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 14 2018 Paul Howarth <paul@xxxxxxxxxxxx> - 1.0.69-3 - Avoid use of arch-specific build-requires (#1545195) * Tue Feb 6 2018 Paul Howarth <paul@xxxxxxxxxxxx> - 1.0.69-2 - ldconfig scriptlets replaced by RPM File Triggers from Fedora 28 - Make zlib-devel dependencies arch-specific - Preserve upstream timestamps where possible * Fri Sep 29 2017 Paul Howarth <paul@xxxxxxxxxxxx> - 1.0.69-1 - Update to 1.069 - Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c - Compute a larger limit on IDAT because some applications write a deflate buffer for each row - Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk * Fri Aug 25 2017 Paul Howarth <paul@xxxxxxxxxxxx> - 1.0.68-1 - Update to 1.068 - Added png_check_chunk_length() function, and check all chunks except IDAT against the default 8MB limit; check IDAT against the maximum size computed from IHDR parameters - Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngmi to stop some Coverity issues (162705, 162706 and 162707) - Specify explictly-used build requirements * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.67-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.67-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Tue Jun 20 2017 Paul Howarth <paul@xxxxxxxxxxxx> - 1.0.67-3 - Update source URL (#1459086) - Drop EL-5 support - Drop BuildRoot: and Group: tags - Drop explicit buildroot cleaning in %install section - Drop explicit %clean section * Fri Feb 10 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.67-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1599943 - CVE-2018-13785 libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1599943 -------------------------------------------------------------------------------- ================================================================================ singularity-2.5.99-1.1.el6 (FEDORA-EPEL-2018-4f30bbf209) Application and environment virtualization -------------------------------------------------------------------------------- Update Information: Update to upstream 2.5.99, which is tagged as 2.6.0-rc1. Get python3 patch from PR #1762 instead of custom defined. Move /usr/bin/python3 BuildRequires to singularity-runtime subpackage. Apply PR #1638, which adds the underlay feature. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 16 2018 Dave Dykstra <dwd@xxxxxxxx> - 2.5.99-1.1 - Update to upstream 2.5.99, which is tagged as 2.6.0-rc1. - Switch to using internally defined require_python3, which is true unless %{osg} is defined, to decide whether or not to require python3. - Get python3 patch from PR #1762 instead of custom defined. - Move /usr/bin/python3 BuildRequires to singularity-runtime subpackage. - Apply PR #1638, which adds the underlay feature. - Only require python3 if %{py3_dist} macro defined -------------------------------------------------------------------------------- References: [ 1 ] Bug #1762 - screen and Gnome-Terminal https://bugzilla.redhat.com/show_bug.cgi?id=1762 [ 2 ] Bug #1638 - text editors on starbuck rescue disks don't work https://bugzilla.redhat.com/show_bug.cgi?id=1638 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx/message/GMDZDJPVHJJ3LLRGO4DC5HC277JGSGQJ/
