The following Fedora EPEL 6 Security updates need testing:
Age URL
381
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
375
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
306
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
265
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
236
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
129
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8fbd838843
dropbear-2016.72-1.el6
122
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-30a8346813
vtun-3.0.1-10.el6
27
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-db7e78fac7
php-PHPMailer-5.2.16-2.el6
21
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d0e444c5f2
pypy-5.0.1-4.el6
20
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7a25f65890
nginx-1.10.1-1.el6
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-32abd4c903
tcpreplay-4.1.1-2.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-225fc51f32
chicken-4.11.0-2.el6
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d1c7111779
p7zip-16.02-1.el6
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1cbd9dc578
drupal7-views-3.14-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-823164477b
php-doctrine-orm-2.4.8-1.el6 php-doctrine-dbal-2.4.5-1.el6
php-doctrine-common-2.4.3-2.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6e8996ae73
php-ZendFramework2-2.2.10-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
hypre-2.11.1-4.el6
lynis-2.3.1-1.el6
php-ZendFramework2-2.2.10-2.el6
php-doctrine-common-2.4.3-2.el6
php-doctrine-dbal-2.4.5-1.el6
php-doctrine-orm-2.4.8-1.el6
postgresql-pgpool-II-3.2.16-1.el6
Details about builds:
================================================================================
hypre-2.11.1-4.el6 (FEDORA-EPEL-2016-8661ce7acf)
High performance matrix preconditioners
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
================================================================================
lynis-2.3.1-1.el6 (FEDORA-EPEL-2016-516d6444c1)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1356321 - lynis-2.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1356321
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework2-2.2.10-2.el6 (FEDORA-EPEL-2016-6e8996ae73)
Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
- [
ZF2015-06](https://framework.zend.com/security/advisory/ZF2015-06) /
[
CVE-2015-5161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161) -
[
ZF2015-07](https://framework.zend.com/security/advisory/ZF2015-07)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1269077 - CVE-2015-5723 php-ZendFramework: filesystem permissions issues in
multiple components (ZF2015-07)
https://bugzilla.redhat.com/show_bug.cgi?id=1269077
[ 2 ] Bug #1253250 - CVE-2015-5161 php-ZendFramework: XML external entity injection
(XXE) on PHP FPM
https://bugzilla.redhat.com/show_bug.cgi?id=1253250
--------------------------------------------------------------------------------
================================================================================
php-doctrine-common-2.4.3-2.el6 (FEDORA-EPEL-2016-823164477b)
Common library for Doctrine projects
--------------------------------------------------------------------------------
Update Information:
# php-doctrine-common ##
[
v2.4.3](https://github.com/doctrine/common/releases/tag/v2.4.3) -
[
CVE-2015-5723](http://www.doctrine-project.org/2015/08/31/security_miscon...
tion_vulnerability_in_various_doctrine_projects.html) # php-doctrine-dbal ##
[
v2.4.5](https://github.com/doctrine/dbal/releases/tag/v2.4.5) - 1069:
DBAL-1128: [GH-782] Fix: SQLite offset with no limit support - 1074: DBAL-1132:
[GH-786] Fix removing autoincrement column from a primary key - 1079: DBAL-1137:
Infinite recursion on non-unique table/join alias in QueryBuilder - 1124:
DBAL-1181: [GH-822] Fix for bad profiling data, showing an indefinitely long
query - 1129: DBAL-1186: [GH-826] fix incorrect ordering of columns in clustered
indexes on sql server - 1141: DBAL-1197: [GH-835] backport bugfix to avoid fatal
error in array_merge during generating the table creation SQL - 1162: DBAL-1215:
[GH-844] template1 as default database for PostgreSQL ##
[
v2.4.4](https://github.com/doctrine/dbal/releases/tag/v2.4.4) - [DBAL-1029] -
[GH-712] Backporting a fix to allow connection without dbname - [DBAL-1038] -
[GH-720] Type json_array is not consistent with NULL values - [DBAL-1058] - It
seems that MSSQL syntax was changed - [DBAL-1061] - [GH-737] [DBAL-1058] [2.4]
Fix database names introspection for SQL Server - [DBAL-1087] - [GH-751] Length
of fixed string type (char) is ignored on Postgre schema update - [DBAL-1090] -
[GH-754] Changing string to fixed string is not recognized in PostgreSQL
Platform - [DBAL-1093] - [GH-757] Fix creating and dropping database on
PostgreSQL - [DBAL-1097] - [GH-760] [DBAL-1097] Fix foreign key constraint
referential action on Oracle - [DBAL-1109] - unique-constraints names not quoted
on create ## [
v2.4.3](https://github.com/doctrine/dbal/releases/tag/v2.4.3) -
DBAL-760 - Don't return warnings as errors in sqlsrv driver #490 - DBAL-766 -
PostgreSQL: Fix statement for getTableWhereClause method #492 - DBAL-759 - Fix
driver error while introspecting sequences in SQL Server 2012 #489 - DDC-2883 -
DBAL-766 - PostgreSQL: Fix statement for getTableWhereClause method #492 -
DBAL-787 - Fix modifying limit/offset for statements with subqueries on SQL
Server #512 - DBAL-792 - Fix sqlite autoincrement detection #515 - \#625 - Fix
pg boolean conversion - DBAL-950 - Backport #625 - pgsql boolean conversion -
DBAL-951 - Remove duplicate suggest section in composer.json #641 - DBAL-963 -
Add close() method in MasterSlaveConnection.php #652 - DBAL-976 - Fix evaluation
of NOLOCK table hint on SQL Server #663 - DBAL-1006 - DBAL-717 - DBAL-335 - Fix
bug in MasterSlaveConnection with keepSlave option and switch back after
transaction #690 # php-doctrine-orm ##
[
v2.4.8](https://github.com/doctrine/doctrine2/releases/tag/v2.4.8) ###
Security - CVE-2015-5723 php-doctrine-orm filesystem permission issues -
https://access.redhat.com/security/cve/CVE-2015-5723 -
http://www.doctrine-p
roject.org/2015/08/31/security_misconfiguration_vulnerability_in_various_...
e_projects.html ### Bug - [DDC-3310] - [GH-1138] Join column index names -
[DDC-3343] - `PersistentCollection::removeElement` schedules an entity for
deletion when relationship is EXTRA_LAZY, with `orphanRemoval` false. -
[DDC-3464] - [GH-1231] Backport 'Merge pull request #1098 from
encoder32/DDC-1590' to 2.4 branch - [DDC-3482] - [GH-1242] Attempting to lock a
proxy object fails as UOW doesn't init proxy first - [DDC-3493] - New (PHP 5.5)
"class" keyword - wrong parsing by EntityGenerator - [DDC-3494] - [GH-1250]
Test
case for "class" keyword - [DDC-3500] - [GH-1254] Fix applying ON/WITH
conditions to first join in Class Table Inheritance - [DDC-3502] - [GH-1256]
DDC-3493 - fixed EntityGenerator parsing for php 5.5 "::class" syntax -
[DDC-3518] - [GH-1266] [2.4] Fix schema generation in the test suite -
[DDC-3537] - [GH-1282] Hotfix/#1169 extra lazy one to many should not delete
referenced entities (backport to 2.4) - [DDC-3551] - [GH-1294] Avoid Connection
error when calling ClassMetadataFactor::getAllMetadata() - [DDC-3560] -
[GH-1300] [2.4] #1169 DDC-3343 one-to-omany persister deletes only on EXTRA_LAZY
plus orphanRemoval - [DDC-3608] - [GH-1327] Properly generate default value from
yml & xml mapping - [DDC-3619] - spl_object_hash collision - [DDC-3624] -
[GH-1338] [DDC-3619] Update identityMap when entity gets managed again -
[DDC-3643] - [GH-1352] fix EntityGenerator RegenerateEntityIfExists ###
Improvement - [DDC-3530] - [GH-1276] travis: run coverage just once
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1347926 - CVE-2015-5723 php-doctrine-orm filesystem permission issues
https://bugzilla.redhat.com/show_bug.cgi?id=1347926
[ 2 ] Bug #1354049 - [el6] php-doctrine-dbal-2.4.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1354049
[ 3 ] Bug #1347924 - CVE-2015-5723 php-doctrine-common filesystem permission issues
https://bugzilla.redhat.com/show_bug.cgi?id=1347924
--------------------------------------------------------------------------------
================================================================================
php-doctrine-dbal-2.4.5-1.el6 (FEDORA-EPEL-2016-823164477b)
Doctrine Database Abstraction Layer (DBAL)
--------------------------------------------------------------------------------
Update Information:
# php-doctrine-common ##
[
v2.4.3](https://github.com/doctrine/common/releases/tag/v2.4.3) -
[
CVE-2015-5723](http://www.doctrine-project.org/2015/08/31/security_miscon...
tion_vulnerability_in_various_doctrine_projects.html) # php-doctrine-dbal ##
[
v2.4.5](https://github.com/doctrine/dbal/releases/tag/v2.4.5) - 1069:
DBAL-1128: [GH-782] Fix: SQLite offset with no limit support - 1074: DBAL-1132:
[GH-786] Fix removing autoincrement column from a primary key - 1079: DBAL-1137:
Infinite recursion on non-unique table/join alias in QueryBuilder - 1124:
DBAL-1181: [GH-822] Fix for bad profiling data, showing an indefinitely long
query - 1129: DBAL-1186: [GH-826] fix incorrect ordering of columns in clustered
indexes on sql server - 1141: DBAL-1197: [GH-835] backport bugfix to avoid fatal
error in array_merge during generating the table creation SQL - 1162: DBAL-1215:
[GH-844] template1 as default database for PostgreSQL ##
[
v2.4.4](https://github.com/doctrine/dbal/releases/tag/v2.4.4) - [DBAL-1029] -
[GH-712] Backporting a fix to allow connection without dbname - [DBAL-1038] -
[GH-720] Type json_array is not consistent with NULL values - [DBAL-1058] - It
seems that MSSQL syntax was changed - [DBAL-1061] - [GH-737] [DBAL-1058] [2.4]
Fix database names introspection for SQL Server - [DBAL-1087] - [GH-751] Length
of fixed string type (char) is ignored on Postgre schema update - [DBAL-1090] -
[GH-754] Changing string to fixed string is not recognized in PostgreSQL
Platform - [DBAL-1093] - [GH-757] Fix creating and dropping database on
PostgreSQL - [DBAL-1097] - [GH-760] [DBAL-1097] Fix foreign key constraint
referential action on Oracle - [DBAL-1109] - unique-constraints names not quoted
on create ## [
v2.4.3](https://github.com/doctrine/dbal/releases/tag/v2.4.3) -
DBAL-760 - Don't return warnings as errors in sqlsrv driver #490 - DBAL-766 -
PostgreSQL: Fix statement for getTableWhereClause method #492 - DBAL-759 - Fix
driver error while introspecting sequences in SQL Server 2012 #489 - DDC-2883 -
DBAL-766 - PostgreSQL: Fix statement for getTableWhereClause method #492 -
DBAL-787 - Fix modifying limit/offset for statements with subqueries on SQL
Server #512 - DBAL-792 - Fix sqlite autoincrement detection #515 - \#625 - Fix
pg boolean conversion - DBAL-950 - Backport #625 - pgsql boolean conversion -
DBAL-951 - Remove duplicate suggest section in composer.json #641 - DBAL-963 -
Add close() method in MasterSlaveConnection.php #652 - DBAL-976 - Fix evaluation
of NOLOCK table hint on SQL Server #663 - DBAL-1006 - DBAL-717 - DBAL-335 - Fix
bug in MasterSlaveConnection with keepSlave option and switch back after
transaction #690 # php-doctrine-orm ##
[
v2.4.8](https://github.com/doctrine/doctrine2/releases/tag/v2.4.8) ###
Security - CVE-2015-5723 php-doctrine-orm filesystem permission issues -
https://access.redhat.com/security/cve/CVE-2015-5723 -
http://www.doctrine-p
roject.org/2015/08/31/security_misconfiguration_vulnerability_in_various_...
e_projects.html ### Bug - [DDC-3310] - [GH-1138] Join column index names -
[DDC-3343] - `PersistentCollection::removeElement` schedules an entity for
deletion when relationship is EXTRA_LAZY, with `orphanRemoval` false. -
[DDC-3464] - [GH-1231] Backport 'Merge pull request #1098 from
encoder32/DDC-1590' to 2.4 branch - [DDC-3482] - [GH-1242] Attempting to lock a
proxy object fails as UOW doesn't init proxy first - [DDC-3493] - New (PHP 5.5)
"class" keyword - wrong parsing by EntityGenerator - [DDC-3494] - [GH-1250]
Test
case for "class" keyword - [DDC-3500] - [GH-1254] Fix applying ON/WITH
conditions to first join in Class Table Inheritance - [DDC-3502] - [GH-1256]
DDC-3493 - fixed EntityGenerator parsing for php 5.5 "::class" syntax -
[DDC-3518] - [GH-1266] [2.4] Fix schema generation in the test suite -
[DDC-3537] - [GH-1282] Hotfix/#1169 extra lazy one to many should not delete
referenced entities (backport to 2.4) - [DDC-3551] - [GH-1294] Avoid Connection
error when calling ClassMetadataFactor::getAllMetadata() - [DDC-3560] -
[GH-1300] [2.4] #1169 DDC-3343 one-to-omany persister deletes only on EXTRA_LAZY
plus orphanRemoval - [DDC-3608] - [GH-1327] Properly generate default value from
yml & xml mapping - [DDC-3619] - spl_object_hash collision - [DDC-3624] -
[GH-1338] [DDC-3619] Update identityMap when entity gets managed again -
[DDC-3643] - [GH-1352] fix EntityGenerator RegenerateEntityIfExists ###
Improvement - [DDC-3530] - [GH-1276] travis: run coverage just once
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1347926 - CVE-2015-5723 php-doctrine-orm filesystem permission issues
https://bugzilla.redhat.com/show_bug.cgi?id=1347926
[ 2 ] Bug #1354049 - [el6] php-doctrine-dbal-2.4.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1354049
[ 3 ] Bug #1347924 - CVE-2015-5723 php-doctrine-common filesystem permission issues
https://bugzilla.redhat.com/show_bug.cgi?id=1347924
--------------------------------------------------------------------------------
================================================================================
php-doctrine-orm-2.4.8-1.el6 (FEDORA-EPEL-2016-823164477b)
Doctrine Object-Relational-Mapper (ORM)
--------------------------------------------------------------------------------
Update Information:
# php-doctrine-common ##
[
v2.4.3](https://github.com/doctrine/common/releases/tag/v2.4.3) -
[
CVE-2015-5723](http://www.doctrine-project.org/2015/08/31/security_miscon...
tion_vulnerability_in_various_doctrine_projects.html) # php-doctrine-dbal ##
[
v2.4.5](https://github.com/doctrine/dbal/releases/tag/v2.4.5) - 1069:
DBAL-1128: [GH-782] Fix: SQLite offset with no limit support - 1074: DBAL-1132:
[GH-786] Fix removing autoincrement column from a primary key - 1079: DBAL-1137:
Infinite recursion on non-unique table/join alias in QueryBuilder - 1124:
DBAL-1181: [GH-822] Fix for bad profiling data, showing an indefinitely long
query - 1129: DBAL-1186: [GH-826] fix incorrect ordering of columns in clustered
indexes on sql server - 1141: DBAL-1197: [GH-835] backport bugfix to avoid fatal
error in array_merge during generating the table creation SQL - 1162: DBAL-1215:
[GH-844] template1 as default database for PostgreSQL ##
[
v2.4.4](https://github.com/doctrine/dbal/releases/tag/v2.4.4) - [DBAL-1029] -
[GH-712] Backporting a fix to allow connection without dbname - [DBAL-1038] -
[GH-720] Type json_array is not consistent with NULL values - [DBAL-1058] - It
seems that MSSQL syntax was changed - [DBAL-1061] - [GH-737] [DBAL-1058] [2.4]
Fix database names introspection for SQL Server - [DBAL-1087] - [GH-751] Length
of fixed string type (char) is ignored on Postgre schema update - [DBAL-1090] -
[GH-754] Changing string to fixed string is not recognized in PostgreSQL
Platform - [DBAL-1093] - [GH-757] Fix creating and dropping database on
PostgreSQL - [DBAL-1097] - [GH-760] [DBAL-1097] Fix foreign key constraint
referential action on Oracle - [DBAL-1109] - unique-constraints names not quoted
on create ## [
v2.4.3](https://github.com/doctrine/dbal/releases/tag/v2.4.3) -
DBAL-760 - Don't return warnings as errors in sqlsrv driver #490 - DBAL-766 -
PostgreSQL: Fix statement for getTableWhereClause method #492 - DBAL-759 - Fix
driver error while introspecting sequences in SQL Server 2012 #489 - DDC-2883 -
DBAL-766 - PostgreSQL: Fix statement for getTableWhereClause method #492 -
DBAL-787 - Fix modifying limit/offset for statements with subqueries on SQL
Server #512 - DBAL-792 - Fix sqlite autoincrement detection #515 - \#625 - Fix
pg boolean conversion - DBAL-950 - Backport #625 - pgsql boolean conversion -
DBAL-951 - Remove duplicate suggest section in composer.json #641 - DBAL-963 -
Add close() method in MasterSlaveConnection.php #652 - DBAL-976 - Fix evaluation
of NOLOCK table hint on SQL Server #663 - DBAL-1006 - DBAL-717 - DBAL-335 - Fix
bug in MasterSlaveConnection with keepSlave option and switch back after
transaction #690 # php-doctrine-orm ##
[
v2.4.8](https://github.com/doctrine/doctrine2/releases/tag/v2.4.8) ###
Security - CVE-2015-5723 php-doctrine-orm filesystem permission issues -
https://access.redhat.com/security/cve/CVE-2015-5723 -
http://www.doctrine-p
roject.org/2015/08/31/security_misconfiguration_vulnerability_in_various_...
e_projects.html ### Bug - [DDC-3310] - [GH-1138] Join column index names -
[DDC-3343] - `PersistentCollection::removeElement` schedules an entity for
deletion when relationship is EXTRA_LAZY, with `orphanRemoval` false. -
[DDC-3464] - [GH-1231] Backport 'Merge pull request #1098 from
encoder32/DDC-1590' to 2.4 branch - [DDC-3482] - [GH-1242] Attempting to lock a
proxy object fails as UOW doesn't init proxy first - [DDC-3493] - New (PHP 5.5)
"class" keyword - wrong parsing by EntityGenerator - [DDC-3494] - [GH-1250]
Test
case for "class" keyword - [DDC-3500] - [GH-1254] Fix applying ON/WITH
conditions to first join in Class Table Inheritance - [DDC-3502] - [GH-1256]
DDC-3493 - fixed EntityGenerator parsing for php 5.5 "::class" syntax -
[DDC-3518] - [GH-1266] [2.4] Fix schema generation in the test suite -
[DDC-3537] - [GH-1282] Hotfix/#1169 extra lazy one to many should not delete
referenced entities (backport to 2.4) - [DDC-3551] - [GH-1294] Avoid Connection
error when calling ClassMetadataFactor::getAllMetadata() - [DDC-3560] -
[GH-1300] [2.4] #1169 DDC-3343 one-to-omany persister deletes only on EXTRA_LAZY
plus orphanRemoval - [DDC-3608] - [GH-1327] Properly generate default value from
yml & xml mapping - [DDC-3619] - spl_object_hash collision - [DDC-3624] -
[GH-1338] [DDC-3619] Update identityMap when entity gets managed again -
[DDC-3643] - [GH-1352] fix EntityGenerator RegenerateEntityIfExists ###
Improvement - [DDC-3530] - [GH-1276] travis: run coverage just once
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1347926 - CVE-2015-5723 php-doctrine-orm filesystem permission issues
https://bugzilla.redhat.com/show_bug.cgi?id=1347926
[ 2 ] Bug #1354049 - [el6] php-doctrine-dbal-2.4.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1354049
[ 3 ] Bug #1347924 - CVE-2015-5723 php-doctrine-common filesystem permission issues
https://bugzilla.redhat.com/show_bug.cgi?id=1347924
--------------------------------------------------------------------------------
================================================================================
postgresql-pgpool-II-3.2.16-1.el6 (FEDORA-EPEL-2016-d089bfc6ad)
Pgpool is a connection pooling/replication server for PostgreSQL
--------------------------------------------------------------------------------
Update Information:
Update to 3.2.16
--------------------------------------------------------------------------------