The following Fedora EPEL 6 Security updates need testing: Age URL 53 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-06b243cced guacamole-server-1.0.0-1.el6 32 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-62f9745b71 drupal7-7.65-1.el6 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9f732040bd python3-jinja2-2.8.1-2.el6 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bd4638e5a3 libmediainfo-18.12-3.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing bird-1.6.6-1.el6 php-horde-horde-5.2.21-1.el6 php-horde-turba-4.2.24-1.el6 php-pear-CAS-1.3.7-1.el6 Details about builds: ================================================================================ bird-1.6.6-1.el6 (FEDORA-EPEL-2019-e406623fec) BIRD Internet Routing Daemon -------------------------------------------------------------------------------- Update Information: BIRD 1.6.6 (2019-02-27) ======================= * Several bugfixes related to route propagation BIRD 1.6.5 (2019-01-05) ======================= * MRT table dumps (RFC 6396) * BGP Long-lived graceful restart * Filter: Make ifname attribute modifiable * Improved keeping track of IPv6 link-local addresses * Many bugfixes BIRD 1.6.4 (2018-03-22) ======================= * Basic VRF support * Simplified autoconf scripts * BGP: Shutdown communication (RFC 8203) * BGP: Allow exchanging LOCAL_PREF with eBGP peers * BGP: Allow to specify interface for regular sessions * BGP: New option 'disable after cease' * RAdv: Support for more specific routes (RFC 4191) * RAdv: Proper handling of prefix retraction * Filter: Allow silent filter execution * Filter: Fixed stack overflow in BGP mask expressions * Several bug fixes BIRD 1.6.3 (2016-12-21) ======================= * Large BGP communities * BFD authentication (MD5, SHA1) * SHA1 and SHA2 authentication for RIP and OSPF * Improved documentation * Several bug fixes BIRD 1.6.2 (2016-09-29) ======================= * Fixes serious bug introduced in the previous version BIRD 1.6.1 (2016-09-22) ======================= * Support for IPv6 ECMP * Better handling of IPv6 tentative addresses * Several updates and fixes in Babel protocol * Filter: New !~ operator * Filter: ASN ranges in bgpmask * KRT: New kernel protocol option 'metric' * KRT: New route attribute 'krt_scope' * Improved BIRD help messages * Fixes memory leak in BGP multipath * Fixes handling of empty path segments in BGP AS_PATH * Several bug fixes BIRD 1.6.0 (2016-04-29) ======================= * Major RIP protocol redesign * New Babel routing protocol * BGP multipath support * KRT: Add support for plenty of kernel route metrics * KRT: Allow more than 256 routing tables * Static: Allow to specify attributes for static routes * Static: Support for BFD controlled static routes * FreeBSD: Setup password for BGP MD5 authentication * IO: Remove socket number limit * Plenty of bug fixes * Upgrade notes: * For RIP, most protocol options were moved to interface blocks. BIRD 1.5.0 (2015-04-20) ======================= * Major OSPF protocol redesign. * OSPFv2 multi-instance extension (RFC 6549). * BGP AS-wide unique router ID (RFC 6286). * BGP enhanced route refresh (RFC 7313). * Link state support in BGP. * Latency tracking and internal watchdog. * Uses high port range for BFD on BSD. * Increase max symbol length to 64. * Allows to define unnamed protocols from templates. * Fixes two serious bugs in BGP. * Several bugfixes and minor improvements. * Several minor option changes: * OSPF: Protocol-wide 'instance id' option added. * BGP: Parameters to option 'neighbor' extended. * BGP: Separate option 'interface' added. * BGP: Option 'start delay time' renamed to 'connect delay time'. * BGP: Option 'route limit' deprecated. * Upgrade notes: * For OSPF, there are deep internal changes, but user-visible changes are limited to log messages and minor changes in formatting of command output. * For BGP, version 1.5.0 is essentially a minor release. There are two deprecated options ('start delay time' and 'route limit') and some minor formatting changes. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 6 2019 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 1.6.6-1 - Upgrade to 1.6.6 (CVE-2018-12066) - Modernization and cleanup of spec file - Ensure /etc/bird.conf can be only read by BIRD user -------------------------------------------------------------------------------- References: [ 1 ] Bug #1588769 - CVE-2018-12066 bird: Stack overflow in BGP mask expressions https://bugzilla.redhat.com/show_bug.cgi?id=1588769 -------------------------------------------------------------------------------- ================================================================================ php-horde-horde-5.2.21-1.el6 (FEDORA-EPEL-2019-009f5f140b) Horde Application Framework -------------------------------------------------------------------------------- Update Information: **horde 5.2.21** * [mjr] SECURITY: Fix XSS vulnerability in the Cloud Block. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 23 2019 Remi Collet <remi@xxxxxxxxxxxx> - 5.2.21-1 - update to 5.2.21 - use range dependencies -------------------------------------------------------------------------------- ================================================================================ php-horde-turba-4.2.24-1.el6 (FEDORA-EPEL-2019-b9ea566899) A web based address book -------------------------------------------------------------------------------- Update Information: **turba 4.2.24** * [mjr] SECURITY: Fix XSS vulnerability in display of contact tags. * [jan] Clarify objectClass filter examples for LDAP backends (Ralf Lang). -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 23 2019 Remi Collet <remi@xxxxxxxxxxxx> - 4.2.24-1 - update to 4.2.24 - use range dependencies -------------------------------------------------------------------------------- ================================================================================ php-pear-CAS-1.3.7-1.el6 (FEDORA-EPEL-2019-abc8b04747) Central Authentication Service client library in php -------------------------------------------------------------------------------- Update Information: **Changes in version 1.3.7** **Bug Fixes:** * Fix pear package [#297] (Phil Fenstermacher) **Improvement:** * add method to get list of supported protocols (#293) Julien Boulen -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 23 2019 Remi Collet <remi@xxxxxxxxxxxx> - 1.3.7-1 - update to 1.3.7 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
