Fedora EPEL 6 updates-testing report - epel-devel - Fedora mailing-lists

23 Oct 2017


      The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 838  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031   python-virtualenv-12.0.7-1.el6
 832  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   rubygem-crack-0.3.2-2.el6
 722  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb   mcollective-2.8.4-1.el6
 694  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9   thttpd-2.25b-24.el6
 304  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac   libbsd-0.8.3-2.el6
  33  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92   libmspack-0.6-0.1.alpha.el6
  17  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-164cc614ff   nagios-4.3.4-4.el6
  11  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0177a71c41   tnef-1.4.15-1.el6
  10  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f7e4cbd529   golang-1.7.6-2.el6
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0100ef8963   tre-0.7.6-3.el6
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-93a3dd5663   cacti-1.1.19-2.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-51e496e5c0   seamonkey-2.49.1-1.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-abd82daec6   lame-3.100-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
RackTables-0.20.14-1.el6
    globus-common-17.2-1.el6
    globus-ftp-control-8.2-1.el6
    globus-gram-job-manager-scripts-6.10-1.el6
    globus-gss-assist-11.1-1.el6
    globus-gssapi-gsi-13.2-1.el6
    imapfilter-2.6.10-2.el6
    lame-3.100-1.el6
    ocserv-0.11.9-1.el6
    php-phpseclib-2.0.7-1.el6
    seamonkey-2.49.1-1.el6
Details about builds:
================================================================================
 RackTables-0.20.14-1.el6 (FEDORA-EPEL-2017-255a88f330)
 A data-center asset management system
--------------------------------------------------------------------------------
Update Information:
Rebase to v0.20.14  Address BZ1492171
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1492171 - PHP parse error with RackTables-0.20.13-1.el7.noarch
        https://bugzilla.redhat.com/show_bug.cgi?id=1492171
--------------------------------------------------------------------------------
================================================================================
 globus-common-17.2-1.el6 (FEDORA-EPEL-2017-c006a87349)
 Globus Toolkit - Common Library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
 globus-ftp-control-8.2-1.el6 (FEDORA-EPEL-2017-c006a87349)
 Globus Toolkit - GridFTP Control Library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
 globus-gram-job-manager-scripts-6.10-1.el6 (FEDORA-EPEL-2017-c006a87349)
 Globus Toolkit - GRAM Job ManagerScripts
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
 globus-gss-assist-11.1-1.el6 (FEDORA-EPEL-2017-c006a87349)
 Globus Toolkit - GSSAPI Assist library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
 globus-gssapi-gsi-13.2-1.el6 (FEDORA-EPEL-2017-c006a87349)
 Globus Toolkit - GSSAPI library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
 imapfilter-2.6.10-2.el6 (FEDORA-EPEL-2017-98c4798f95)
 A flexible client side mail filtering utility for IMAP servers
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release, fixing some ancient RHBZ bugs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423737 - imapfilter: FTBFS in rawhide
        https://bugzilla.redhat.com/show_bug.cgi?id=1423737
  [ 2 ] Bug #1331652 - [PATCH] Disable sslv3 in imapfilter
        https://bugzilla.redhat.com/show_bug.cgi?id=1331652
--------------------------------------------------------------------------------
================================================================================
 lame-3.100-1.el6 (FEDORA-EPEL-2017-abd82daec6)
 Free MP3 audio compressor
--------------------------------------------------------------------------------
Update Information:
LAME 3.100 - October 13 2017 ============================    * Rog��rio Brito
*  Don't include the debian directory as one that is needed during builds. Patch
taken from Debian's packaging of lame.      *  Resurrect Owen Taylor's code
dated from 97-11-3 to properly deal with GTK1. This was transplanted back from
aclocal.m4 with a patch provided by Andres Mejia. This change makes it easy to
regenerate autotools' files with a simple invocation of autoconf -vfi.      *
Fix possible race condition causing build failures in libmp3lame. Discovered in
automated builds by the Debian project with patch provided by Andres Mejia.   *
Robert Hegemann      *  Improved detection of MPEG audio data in RIFF WAVE
files. Tracker item [ 3545112 ] Invalid sampling detection      *  New switch
--gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain
adjustment in decibels, than the use of --scale <factor>.      *  Fix for
tracker item [ 3558466 ] Bug in path handling      *  Fix for tracker item [
3567844 ] problem with Tag genre      *  Fix for tracker item [ 3565659 ] no
progress indication with pipe input      *  Fix for tracker item [ 3544957 ]
scale (empty) silent encode without warning      *  Fix for tracker item [
3580176 ] environment variable LAMEOPT doesn't work anymore      *  Fix for
tracker item [ 3608583 ] input file name displayed with wrong character encoding
(on windows console with CP_UTF8)      *  Fix for bug ticket [ #447 ] Fix
dereference NULL and Buffer not NULL terminated issues. Thanks to Surabhi Mishra
*  Fix for bug ticket [ #445 ] dereference of a null pointer possible in loop.
Thanks to Renu Tyagi      *  Fix for bug ticket [ #449 ] Make sure functions
with SSE instructions maintain their own properly aligned stack. Thanks to
Fabian Greffrath      *  Fix for bug ticket [ #458 ] Multiple Stack and Heap
Corruptions from Malicious File. Thanks to Gareth Evans and Elio Blanca      *
Fix for bug ticket [ #460 ] A division by zero vulnerability. Thanks to Wang
Shiyang, Liu Bingchang      *  Fix for bug ticket [ #461 ] CVE-2017-9410
fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read
and ap      *  Fix for bug ticket [ #462 ] CVE-2017-9411 fill_buffer_resample
function in libmp3lame/util.c invalid memory read and application crash      *
Fix for bug ticket [ #463 ] CVE-2017-9412 unpack_read_samples function in
frontend/get_audio.c invalid memory read and application crash      *  Fix for
bug ticket [ #434 ] clip detect scale suggestion unaware of scale input value
*  HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3
data resulted in internal buffer overflow (write). Thanks to Henri Salo   *
Alexander Leidinger      *  Feature request, patch ticket [ #27 ] Add
lame_encode_buffer_interleaved_int() by Michael Fink
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1470199 - CVE-2015-9099 CVE-2015-9100 CVE-2017-11720 CVE-2017-13712 CVE-2017-15018 CVE-2017-15019 CVE-2017-15045 CVE-2017-15046 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-8419 lame: Multiple vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=1470199
--------------------------------------------------------------------------------
================================================================================
 ocserv-0.11.9-1.el6 (FEDORA-EPEL-2017-e37d37845b)
 OpenConnect SSL VPN server
--------------------------------------------------------------------------------
Update Information:
- Update to upstream 0.11.9 release
--------------------------------------------------------------------------------
================================================================================
 php-phpseclib-2.0.7-1.el6 (FEDORA-EPEL-2017-1c18b0d9ba)
 PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:
**Version 2.0.7** - 2017-10-22  * **SSH2:**      - add new READ_NEXT mode
(#1140)      - add sendIdentificationStringFirst()      - add sendKEXINITFirst()
- add sendIdentificationStringLast()      - add sendKEXINITLast() (#1162)      -
assume any SSH server >= 1.99 supports SSH2 (#1170)      - workaround for bad
arcfour256 implementations (#1171)      - don't choke when getting response from
diff channel in exec() (#1167) * **SFTP:**      - add
enablePathCanonicalization()      - add disablePathCanonicalization() (#1137)
- fix put() with remote file stream resource (#1177) * ANSI: misc fixes (#1150,
#1161) * X509: use DateTime instead of unix time (#1166) * Ciphers: use eval()
instead of create_function() for >= 5.3
--------------------------------------------------------------------------------
================================================================================
 seamonkey-2.49.1-1.el6 (FEDORA-EPEL-2017-51e496e5c0)
 Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.49.1  Based on the Firefox/Thunderbird ESR (extension support
release) code version 52.4.0  Fixes various security issues, see
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ and
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ for
more info.  Since the version of 2.48, SeaMonkey uses another disk cache
implementation. It is preferable to clear the cache (even before the update) to
avoid extra disk space usage by the old cache data.
--------------------------------------------------------------------------------