The following Fedora EPEL 6 Security updates need testing:
Age URL
393
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
387
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
318
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
277
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
249
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
134
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-30a8346813
vtun-3.0.1-10.el6
40
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-db7e78fac7
php-PHPMailer-5.2.16-2.el6
33
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d0e444c5f2
pypy-5.0.1-4.el6
32
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7a25f65890
nginx-1.10.1-1.el6
23
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-225fc51f32
chicken-4.11.0-2.el6
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d1c7111779
p7zip-16.02-1.el6
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-823164477b
php-doctrine-orm-2.4.8-1.el6 php-doctrine-dbal-2.4.5-1.el6
php-doctrine-common-2.4.3-2.el6
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6e8996ae73
php-ZendFramework2-2.2.10-2.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2d00357bc8
dietlibc-0.33-8.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-66eb498b93
v8-3.14.5.10-25.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-af2033a524
cryptopp-5.6.2-10.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d8fc3f17ea
libarchive3-3.2.1-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b191f5d359
collectd-4.10.9-3.el6
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-36216b1c0b
nodejs-0.10.46-1.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-905a05c10e
lighttpd-1.4.41-1.el6
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aded7e0561
drupal7-features-2.10-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bee6c8b3c9
mongodb-2.4.14-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
gnudos-1.9-1.el6
golang-github-coreos-go-systemd-10-1.el6
golang-github-grpc-grpc-go-0-0.10.git02fca89.el6
golang-googlecode-gogoprotobuf-0.2-0.3.gite18d7aa.el6
mongodb-2.4.14-3.el6
mozilla-noscript-2.9.0.13-1.el6
nwipe-0.18-1.el6
Details about builds:
================================================================================
gnudos-1.9-1.el6 (FEDORA-EPEL-2016-b1fb233b97)
The GnuDOS library for GNU/Linux
--------------------------------------------------------------------------------
Update Information:
Bug fixes
--------------------------------------------------------------------------------
================================================================================
golang-github-coreos-go-systemd-10-1.el6 (FEDORA-EPEL-2016-0a2bcac69a)
Go bindings to systemd socket activation, journal and D-BUS APIs
--------------------------------------------------------------------------------
Update Information:
Bump to upstream d6c05a1dcbb5ac02b7653da4d99e5db340c20778 ---- Update ----
Bump to upstream cea488b4e6855fee89b6c22a811e3c5baca861b6 ---- Bump to
upstream be94bc700879ae8217780e9d141789a2defa302b
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248722 - Tracker for golang-github-coreos-go-systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1248722
--------------------------------------------------------------------------------
================================================================================
golang-github-grpc-grpc-go-0-0.10.git02fca89.el6 (FEDORA-EPEL-2016-a335b1bddb)
The Go language implementation of gRPC. HTTP/2 based RPC
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 02fca896ff5f50c6bbbee0860345a49344b37a03 ---- Bump to
upstream e78224b060cf3215247b7be455f80ea22e469b66
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250461 - Tracker for golang-github-grpc-grpc-go
https://bugzilla.redhat.com/show_bug.cgi?id=1250461
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-gogoprotobuf-0.2-0.3.gite18d7aa.el6 (FEDORA-EPEL-2016-cfe54f76c1)
A fork of goprotobuf with several extra features
--------------------------------------------------------------------------------
Update Information:
Bump to upstream e18d7aa8f8c624c915db340349aad4c49b10d173
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246215 - Tracker for golang-googlecode-gogoprotobuf
https://bugzilla.redhat.com/show_bug.cgi?id=1246215
--------------------------------------------------------------------------------
================================================================================
mongodb-2.4.14-3.el6 (FEDORA-EPEL-2016-bee6c8b3c9)
High-performance, schema-free document-oriented database
--------------------------------------------------------------------------------
Update Information:
Security fix for not logging potentially sensitive information in MongoDB log
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1362580 - mongodb: Logging potentially sensitive information when
authenticating
https://bugzilla.redhat.com/show_bug.cgi?id=1362580
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-2.9.0.13-1.el6 (FEDORA-EPEL-2016-9a8817045d)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
* Added missing "s" in noscript.mandatory/about:feeds * Updated DNT
implementation to match the most recent spec about navigator.doNotTrack values
(thanks Francois Merier) * [XSS] Better compatibility with Unionbank's website
(thanks Brent for reporting) * Fixed bug 1278735 (JavaScript disabled in private
windows) * Fixed JSON viewer not working * about:feed in the mandatory whitelist
to fix bug 1272139 * [XSS] Disable JavaScript on FTP-served pages when a
potential DOM XSS threat is detected (thanks Emanuel Bronshtein @e3amn2l for
reporting) * Fixed DOS through script-triggered ClickToPlay confirmation dialogs
in a loop (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed placeholder
links might be potentially used as XSS vectors if stars were properly aligned
(thanks Emanuel Bronshtein @e3amn2l for reporting) * [Surrogate] Updated google-
analytics.com replacement (thanks noscriptsplox) * [XSS] Fixed regression
(thanks Masato Kinugawa for report) * [XSS] Fixed infrastructure issue
preventing one filter from being automatically synchronized with Mozilla's
source code as designed (thanks .mario and Maxim Rupp for reporting) * [XSS]
Added filtering for a potential CSRF vector (thanks Masato Kinugawa for
reporting) * Fixed placeholder activation in Gecko 45 and above * [XSS]
Compatibility exception for the Printfriendly add-on * Removed
msn.com from the
default whitelist, since it seems to be unable to support HTTPS consistently *
Fixed incompatibility with Firefox below version 38 * Tentative fix for an issue
with explicit ports in HTTPS upgraded URLs * [HTTPS] Removed legacy redirection
methods when redirectTo() is available in HTTP channels, fixing YouTube
embedding problem * Replaced newChannel() with newChannel2() on Gecko 48 *
[HTTPS] Limit httpsDefWhitelist effect to document loads * [XSS] Reduced eval
aliasing checks false positives
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1362319 - mozilla-noscript-2.9.0.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1362319
--------------------------------------------------------------------------------
================================================================================
nwipe-0.18-1.el6 (FEDORA-EPEL-2016-3dfeaa8630)
Securely erase disks using a variety of recognized methods
--------------------------------------------------------------------------------
Update Information:
Update to 0.18 upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1360763 - nwipe-0.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1360763
--------------------------------------------------------------------------------