The following Fedora EPEL 6 Security updates need testing: Age URL 102 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c unrtf-0.21.9-8.el6 40 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f21474267b condor-8.6.11-1.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-130324cf61 gitolite3-3.6.9-1.el6 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-154bc7ea13 php-tcpdf-6.2.22-1.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-51146daa45 hylafax+-5.6.1-1.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing lcms2-2.8-6.el6 mozilla-noscript-10.1.9.6-1.el6 pcre2-10.21-22.el6 twa-1.3.1-1.el6 Details about builds: ================================================================================ lcms2-2.8-6.el6 (FEDORA-EPEL-2018-8667fe68a8) Color Management Engine -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2018-16435 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 18 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 2.8-6 - (branch) CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (#1628969) * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.8-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.8-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1628969 - CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile https://bugzilla.redhat.com/show_bug.cgi?id=1628969 -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-10.1.9.6-1.el6 (FEDORA-EPEL-2018-0d793474b0) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: This update introduces NoScript version 10 (WebExtension-compatible) required for Firefox 60 ESR and moves the legacy (classic) version 5.x to SeaMonkey- specific folder. v 5.1.8.7 ============================================================= * [Security] Fixed script blocking bypass zero-day (thanks Zerodium for unresponsible disclosure, https://twitter.com/Zerodium/status/1039127214602641409) * [Surrogate] Fixed typo in 2mdn replacement (thansk barbaz) * [XSS] Fixed InjectionChecker choking at some big JSON payloads sents as POST form data * [XSS] In-depth protection against native ES6 modules abuse * Fixed classic beta channel users being accidentally migrated to stable (thanks barbaz) -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 16 2018 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> - 10.1.9.6-1 - update to 10.1.9.6 - keep the classic version for seamonkey users * Sun Sep 16 2018 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> - 5.1.8.7-1 - update to 5.1.8.7 (fixes CVE-2018-16983) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1629212 - CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value https://bugzilla.redhat.com/show_bug.cgi?id=1629212 -------------------------------------------------------------------------------- ================================================================================ pcre2-10.21-22.el6 (FEDORA-EPEL-2018-c3e8e16112) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes a a subject buffer overread in JIT when UTF is disabled and \X or \R has a greater than 1 fixed quantifier. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 18 2018 Petr Pisar <ppisar@xxxxxxxxxx> - 10.21-22 - Fix a subject buffer overread in JIT when UTF is disabled and \X or \R has a greater than 1 fixed quantifier (upstream bug #2320) -------------------------------------------------------------------------------- ================================================================================ twa-1.3.1-1.el6 (FEDORA-EPEL-2018-326d748f33) Tiny web auditor with strong opinions -------------------------------------------------------------------------------- Update Information: New package - first bodhi update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1629446 - Review Request: twa - tiny web auditor https://bugzilla.redhat.com/show_bug.cgi?id=1629446 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx