[EPEL-devel] Fedora EPEL 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Mon Nov 16 16:21:25 UTC 2015 

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 148  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828   chicken-4.9.0.1-4.el6
 130  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031   python-virtualenv-12.0.7-1.el6
 124  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   rubygem-crack-0.3.2-2.el6
  56  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148   optipng-0.7.5-5.el6
  56  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156   nagios-4.0.8-1.el6
  44  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-68a2c2db36   python-pymongo-3.0.3-1.el6
  14  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb   mcollective-2.8.4-1.el6
  14  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-28606b6d1d   perl-HTML-Scrubber-0.15-1.el6.1
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-5d63583df0   metis-5.1.0-7.el6
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e195439195   drupal7-jquery_update-2.7-1.el6
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-967595b7c1   wildmagic5-5.13-12.el6
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8fc6f35cc9   MUMPS-5.0.1-4.el6
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d47ae2d16b   owncloud-7.0.11-1.el6
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-a7d37297d4   telegram-cli-1.3.1-7.20150730git2052f4.el6
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-0ae4daf2d6   tubo-5.0.15-3.el6
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-b4ebe76583   putty-0.63-5.el6
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-20cb365c26   zarafa-7.1.14-1.el6
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-260d131310   libpng10-1.0.64-1.el6
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8161a5151b   ProDy-1.7.1-1.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-b76c1e5912   potrace-1.13-2.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-2fad2e45f6   monitorix-3.8.1-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    monitorix-3.8.1-1.el6
    proftpd-1.3.3g-7.el6
    python-dirq-1.7-1.el6

Details about builds:


================================================================================
 monitorix-3.8.1-1.el6 (FEDORA-EPEL-2015-2fad2e45f6)
 A free, open source, lightweight system monitoring tool
--------------------------------------------------------------------------------
Update Information:

This is a maintenance release that mainly fixes a Document Object Model
(DOM)-based cross-site scripting (XSS) vulnerability in the monitorix.cgi file.
Such vulnerability is by injection a JS code in the when parameter of the URL
shown after generating the graphs. Additionally, a potential denial of service
(DoS) issue was discovered in the same when parameter of the URL which could
lead in the creation of an enormous amount of .png files in the imgs directory
of the server.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1281979 - monitorix-3.8.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1281979
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.3g-7.el6 (FEDORA-EPEL-2015-a57010c117)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This update adds support for specifying TLSv1.1 and TLSv1.2 as values for
TLSProtocol in the mod_tls configuration. The mod_tls module is still disabled
by default and the default value for TLSProtocol remains as "SSLv23 TLSv1", so
the newer protocols must be explicitly enabled if desired.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1281493 - Unable to use TLSv1.1 or TLSv1.2 protocol when TLSProtocol is set to TLSv1
        https://bugzilla.redhat.com/show_bug.cgi?id=1281493
--------------------------------------------------------------------------------


================================================================================
 python-dirq-1.7-1.el6 (FEDORA-EPEL-2015-1ac94fc8d0)
 Directory based queue
--------------------------------------------------------------------------------
Update Information:

Updated to latest upstream version.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1281769 - python-dirq-1.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1281769
--------------------------------------------------------------------------------

More information about the epel-devel mailing list