The following Fedora EPEL 6 Security updates need testing:
Age URL
756
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
750
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
640
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
611
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
222
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
118
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0d33ae70f
tnef-1.4.14-1.el6
20
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e8124f23c8
heimdal-7.4.0-1.el6
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-515cca9a02
GraphicsMagick-1.3.26-3.el6
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-99fb0d61b0
chicken-4.12.0-3.el6
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-ab5ed7f894
python-tablib-0.11.5-1.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-70562ba4d2
python-django-ckeditor-5.3.0-1.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f4a2132f26
seamonkey-2.48-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b1d8b4aed9
globus-ftp-client-8.36-1.el6 globus-ftp-control-7.8-1.el6
globus-gass-cache-program-6.7-1.el6 globus-gass-copy-9.27-1.el6
globus-gram-client-13.19-1.el6 globus-gram-job-manager-14.36-1.el6
globus-gram-job-manager-condor-2.6-5.el6 globus-gridftp-server-12.2-1.el6
globus-gridftp-server-control-5.1-1.el6 globus-gssapi-gsi-12.17-3.el6 globus-io-11.9-1.el6
globus-net-manager-0.17-1.el6 globus-xio-5.16-1.el6 globus-xio-gsi-driver-3.11-1.el6
globus-xio-pipe-driver-3.10-1.el6 globus-xio-udt-driver-1.28-1.el6 myproxy-6.1.28-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-72e0f4a914
php-horde-Horde-Core-2.30.0-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2a557f0b9c
php-horde-Horde-Form-2.0.18-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3e60244bf3
php-horde-Horde-Url-2.2.6-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4340a6e0a8
php-horde-horde-5.2.16-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4654acd4ee
php-horde-kronolith-4.2.22-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-19c0b8ff89
php-horde-nag-4.2.15-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5b8e6e0279
php-horde-turba-4.2.20-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d015ef3016
gsoap-2.7.16-5.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
gsoap-2.7.16-5.el6
php-horde-Horde-Browser-2.0.14-1.el6
php-horde-Horde-Core-2.30.0-1.el6
php-horde-Horde-Form-2.0.18-1.el6
php-horde-Horde-Imap-Client-2.29.14-1.el6
php-horde-Horde-Url-2.2.6-1.el6
php-horde-horde-5.2.16-1.el6
php-horde-imp-6.2.20-1.el6
php-horde-kronolith-4.2.22-1.el6
php-horde-nag-4.2.15-1.el6
php-horde-turba-4.2.20-1.el6
Details about builds:
================================================================================
gsoap-2.7.16-5.el6 (FEDORA-EPEL-2017-d015ef3016)
Generator Tools for Coding SOAP/XML Web Services in C and C++
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-9765.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1472808 - CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving
XML message with size larger than 2GB [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1472808
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Browser-2.0.14-1.el6 (FEDORA-EPEL-2017-be9db2e7b5)
Horde Browser API
--------------------------------------------------------------------------------
Update Information:
**Horde_Browser 2.0.14** * [jan] Filter out control characters from file names
when sending download headers.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.30.0-1.el6 (FEDORA-EPEL-2017-72e0f4a914)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.30.0** * [jan] SECURITY: Fix XSS vulnerability with pathinfo
component in Horde::selfUrl(). * [jan] Deprecate Horde::redirect(). * [jan] Add
Horde::signUrl() and Horde::verifySignedUrl().
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Form-2.0.18-1.el6 (FEDORA-EPEL-2017-2a557f0b9c)
Horde Form API
--------------------------------------------------------------------------------
Update Information:
**Horde_Form 2.0.18** * [jan] SECURITY: Fix XSS vulnerability with form
sections.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.29.14-1.el6 (FEDORA-EPEL-2017-cf6161d7bd)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.29.14** * [jan] Fix check if QRESYNC is enabled in
vanished() (i.badamshin).
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Url-2.2.6-1.el6 (FEDORA-EPEL-2017-3e60244bf3)
Horde Url class
--------------------------------------------------------------------------------
Update Information:
**Horde_Url 2.2.6** * [jan] SECURITY: Fix XSS vulnerability with pathinfo
component in toString().
--------------------------------------------------------------------------------
================================================================================
php-horde-horde-5.2.16-1.el6 (FEDORA-EPEL-2017-4340a6e0a8)
Horde Application Framework
--------------------------------------------------------------------------------
Update Information:
**horde 5.2.16** * [jan] SECURITY: Fix open redirects.
--------------------------------------------------------------------------------
================================================================================
php-horde-imp-6.2.20-1.el6 (FEDORA-EPEL-2017-6487ef84fd)
A web based webmail system
--------------------------------------------------------------------------------
Update Information:
**imp 6.2.20** * [jan] Fix finding reply or forward text from signed or
encrypted messages with HTML content again (Bug #14656). * [mjr] Fix issue with
reattaching a file after removing it on Chrome browsers (Bug #14657), * [jan]
Allow Command-C to copy text from HTML message previews (Bug #14653).
--------------------------------------------------------------------------------
================================================================================
php-horde-kronolith-4.2.22-1.el6 (FEDORA-EPEL-2017-4654acd4ee)
A web based calendar
--------------------------------------------------------------------------------
Update Information:
**kronolith 4.2.22** * [jan] SECURITY: Fix open redirects. * [mjr] Prevent
broken iCalendar files from causing fatal errors (Bug #14672). * [jan] Work
around calendar servers advertising as CalDAV-capable, but ignoring CalDAV
requests (Bug #14662). * [jan] Fix displaying yesterday's event in Prior
Events portal block (admin(a)layertec.de, Bug #14638).
--------------------------------------------------------------------------------
================================================================================
php-horde-nag-4.2.15-1.el6 (FEDORA-EPEL-2017-19c0b8ff89)
A web based task list manager
--------------------------------------------------------------------------------
Update Information:
**nag 4.2.15** * [jan] SECURITY: Fix open redirects. * [mjr] Fix handling of
delayed start dates (Bug #14634).
--------------------------------------------------------------------------------
================================================================================
php-horde-turba-4.2.20-1.el6 (FEDORA-EPEL-2017-5b8e6e0279)
A web based address book
--------------------------------------------------------------------------------
Update Information:
**turba 4.2.20** * [jan] SECURITY: Fix open redirects. * [jan] Fix creating
address books with the external API.
--------------------------------------------------------------------------------