The following Fedora EPEL 6 Security updates need testing: Age URL 71 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b7556983e8 tomcat-7.0.92-1.el6 67 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a0ddb153b8 game-music-emu-0.6.2-1.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-26a7e6e4e8 koji-1.16.2-1.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b4ed6df2c1 distcc-3.2rc1-3.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing canl-java-2.6.0-1.el6 drupal6-6.38-2.el6 drupal7-7.64-1.el6 Details about builds: ================================================================================ canl-java-2.6.0-1.el6 (FEDORA-EPEL-2019-a2c76e5ed2) EMI Common Authentication library - bindings for Java -------------------------------------------------------------------------------- Update Information: Version 2.6.0. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 22 2019 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 2.6.0-1 - Update to 2.6.0 - Drop patch canl-java-javadoc.patch (previously backported) -------------------------------------------------------------------------------- ================================================================================ drupal6-6.38-2.el6 (FEDORA-EPEL-2019-67b3f85ea0) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: Apply [backported Drupal 7/8 security patches](https://cgit.drupalcode.org/d6lts/tree/common/core) from [Drupal 6 LTS program](https://www.drupal.org/project/d6lts) - https://www.drupal.org/sa- core-2018-001 - https://www.drupal.org/sa-core-2018-002 - https://www.drupal.org/sa-core-2018-004 - https://www.drupal.org/sa- core-2018-006 - https://www.drupal.org/sa-core-2019-002 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 23 2019 Shawn Iwinski <shawn@xxxxxxxx> - 6.38-2 - Apply backported Drupal 7/8 security patches from Drupal 6 LTS program - https://www.drupal.org/project/d6lts - https://cgit.drupalcode.org/d6lts/tree/common/core - https://www.drupal.org/sa-core-2018-001 - https://www.drupal.org/sa-core-2018-002 - https://www.drupal.org/sa-core-2018-004 - https://www.drupal.org/sa-core-2018-006 - https://www.drupal.org/sa-core-2019-002 - Fix source URL -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548323 - CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) https://bugzilla.redhat.com/show_bug.cgi?id=1548323 [ 2 ] Bug #1548200 - drupal: External link injection on 404 pages when linking to the current page https://bugzilla.redhat.com/show_bug.cgi?id=1548200 [ 3 ] Bug #1548196 - drupal: jQuery vulnerability with untrusted domains requests via Ajax https://bugzilla.redhat.com/show_bug.cgi?id=1548196 [ 4 ] Bug #1548193 - drupal: Private file access bypass in Drupal private file system https://bugzilla.redhat.com/show_bug.cgi?id=1548193 [ 5 ] Bug #1548189 - drupal: JavaScript cross-site scripting in checkPlain function https://bugzilla.redhat.com/show_bug.cgi?id=1548189 [ 6 ] Bug #1548187 - drupal: Comment reply form allows access to restricted content https://bugzilla.redhat.com/show_bug.cgi?id=1548187 [ 7 ] Bug #1643121 - drupal: Multiple Vulnerabilities - SA-CORE-2018-006 https://bugzilla.redhat.com/show_bug.cgi?id=1643121 [ 8 ] Bug #1561854 - CVE-2018-7600 drupal: Unsanitized requests allow remote attackers to execute arbitrary code https://bugzilla.redhat.com/show_bug.cgi?id=1561854 -------------------------------------------------------------------------------- ================================================================================ drupal7-7.64-1.el6 (FEDORA-EPEL-2019-9953736ad9) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: - https://www.drupal.org/project/drupal/releases/7.64 - https://www.drupal.org/project/drupal/releases/7.63 - https://www.drupal.org/project/drupal/releases/7.62 - https://www.drupal.org/SA-CORE-2019-001 - https://www.drupal.org/SA- CORE-2019-002 - https://www.drupal.org/project/drupal/releases/7.61 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 23 2019 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 7.64-1 - Update to 7.64 (RHBZ #1673206) - https://www.drupal.org/SA-CORE-2019-001 - https://www.drupal.org/SA-CORE-2019-002 * Thu Jan 31 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.60-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1679953 - Security updates for Drupal7 https://bugzilla.redhat.com/show_bug.cgi?id=1679953 [ 2 ] Bug #1673206 - drupal7-7.64 is available https://bugzilla.redhat.com/show_bug.cgi?id=1673206 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
