Fedora EPEL 6 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 102  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c   unrtf-0.21.9-8.el6
  40  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f21474267b   condor-8.6.11-1.el6
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-130324cf61   gitolite3-3.6.9-1.el6
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-154bc7ea13   php-tcpdf-6.2.22-1.el6
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-51146daa45   hylafax+-5.6.1-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    lcms2-2.8-6.el6
    mozilla-noscript-10.1.9.6-1.el6
    pcre2-10.21-22.el6
    twa-1.3.1-1.el6

Details about builds:


================================================================================
 lcms2-2.8-6.el6 (FEDORA-EPEL-2018-8667fe68a8)
 Color Management Engine
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2018-16435
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 18 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 2.8-6
- (branch) CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (#1628969)
* Thu Aug  3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1628969 - CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile
        https://bugzilla.redhat.com/show_bug.cgi?id=1628969
--------------------------------------------------------------------------------


================================================================================
 mozilla-noscript-10.1.9.6-1.el6 (FEDORA-EPEL-2018-0d793474b0)
 JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:

This update introduces NoScript version 10 (WebExtension-compatible) required
for Firefox 60 ESR and moves the legacy (classic) version 5.x to SeaMonkey-
specific folder.  v 5.1.8.7
============================================================= * [Security] Fixed
script blocking bypass zero-day (thanks   Zerodium for unresponsible disclosure,
https://twitter.com/Zerodium/status/1039127214602641409) * [Surrogate] Fixed
typo in 2mdn replacement (thansk barbaz) * [XSS] Fixed InjectionChecker choking
at some big JSON   payloads sents as POST form data * [XSS] In-depth protection
against native ES6 modules abuse * Fixed classic beta channel users being
accidentally   migrated to stable (thanks barbaz)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Sep 16 2018 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> - 10.1.9.6-1
- update to 10.1.9.6
- keep the classic version for seamonkey users
* Sun Sep 16 2018 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> - 5.1.8.7-1
- update to 5.1.8.7 (fixes CVE-2018-16983)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1629212 - CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value
        https://bugzilla.redhat.com/show_bug.cgi?id=1629212
--------------------------------------------------------------------------------


================================================================================
 pcre2-10.21-22.el6 (FEDORA-EPEL-2018-c3e8e16112)
 Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:

This release fixes a a subject buffer overread in JIT when UTF is disabled and
\X or \R has a greater than 1 fixed quantifier.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 18 2018 Petr Pisar <ppisar@xxxxxxxxxx> - 10.21-22
- Fix a subject buffer overread in JIT when UTF is disabled and \X or \R has
  a greater than 1 fixed quantifier (upstream bug #2320)
--------------------------------------------------------------------------------


================================================================================
 twa-1.3.1-1.el6 (FEDORA-EPEL-2018-326d748f33)
 Tiny web auditor with strong opinions
--------------------------------------------------------------------------------
Update Information:

New package - first bodhi update
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1629446 - Review Request: twa - tiny web auditor
        https://bugzilla.redhat.com/show_bug.cgi?id=1629446
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux