The following Fedora EPEL 6 Security updates need testing: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1af9888c22 golang-1.15-1.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing drupal7-7.72-1.el6 xrootd-4.12.4-1.el6 Details about builds: ================================================================================ drupal7-7.72-1.el6 (FEDORA-EPEL-2020-972f57ea6d) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: - https://www.drupal.org/project/drupal/releases/7.72 - [Drupal core - Critical - Cross Site Request Forgery - SA- CORE-2020-004](https://www.drupal.org/sa-core-2020-004) / CVE-2020-13663 - https://www.drupal.org/project/drupal/releases/7.71 - https://www.drupal.org/project/drupal/releases/7.70 - [Drupal core - Moderately critical - Cross Site Scripting - SA- CORE-2020-002](https://www.drupal.org/sa-core-2020-002) / CVE-2020-11022 / CVE-2020-11023 - [Drupal core - Moderately critical - Open Redirect - SA- CORE-2020-003](https://www.drupal.org/sa-core-2020-003) / CVE-2020-13662 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 4 2020 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 7.72-1 - Update to 7.72 - SA-CORE-2020-004/CVE-2020-13663 (RHBZ #1860912, #1860913) * Mon Jul 27 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.70-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sun May 31 2020 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 7.70-2 - rpmbuild sub-pkg: Fix auto-provides for F32+ * Fri May 22 2020 Peter Borsa <peter@xxxxxxxx> - 7.70-1 - Update to 7.70 - RHBZ #1837516 / SA-CORE-2020-003 - RHBZ #1828416 / SA-CORE-2020-002 * Fri May 22 2020 Peter Borsa <peter@xxxxxxxx> - 7.69-3 - Remove php-recode as dependency * Tue Jan 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.69-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1828417 - CVE-2020-11022 drupal7: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1828417 [ 2 ] Bug #1850013 - CVE-2020-11023 drupal7: jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1850013 [ 3 ] Bug #1850023 - CVE-2020-11023 drupal7: jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1850023 [ 4 ] Bug #1860912 - CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1860912 [ 5 ] Bug #1860913 - CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1860913 -------------------------------------------------------------------------------- ================================================================================ xrootd-4.12.4-1.el6 (FEDORA-EPEL-2020-2d734ca8fa) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: xrootd 4.12.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 4 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:4.12.4-1 - Update to version 4.12.4 - Drop patches (accepted upstream or previously backported) * Wed Aug 26 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:4.12.3-5 - Use new CMake macros where available - Backport minor fixes from upstream git - Correct flag reset code for ssq monitor option - Fix typo in xrootd-config help - Prevent deadlock in Python bindings - Fix plugin path in xrootd-http.cfg for 32 bit architectures * Wed Jul 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:4.12.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jul 24 2020 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:4.12.3-3 - Fix one definition rule (ODR) violation for LTO - Disable LTO for 32 bit architectures due to the POSIX preload code -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
