The following Fedora EPEL 6 Security updates need testing:
Age URL
973
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
192
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
63
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3....
38
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binut...
26
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4242/facter-1.6....
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4485/python-torn...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4624/xrdp-0.6.1-...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4575/links-2.8-4...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4563/firebird-2....
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4669/libhtp-0.5....
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4693/denyhosts-2...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4737/docker-io-1...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4729/ettercap-0....
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4766/mediawiki11...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4773/unrtf-0.21....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4807/libssh-0.5....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4829/roundcubema...
The following builds have been pushed to Fedora EPEL 6 updates-testing
roundcubemail-1.0.4-2.el6
Details about builds:
================================================================================
roundcubemail-1.0.4-2.el6 (FEDORA-EPEL-2014-4829)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
This update provides Roundcube 1.0.4. This is a stable security update: the security fix
is described by upstream as "Fix possible CSRF attacks to some address book
operations as well as to the ACL and Managesieve plugins." More details on the update
are available at
http://roundcube.net/news/2014/12/18/update-1.0.4-released/ . The update
should apply without any special handling by the system administrator.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 20 2014 Adam Williamson <awilliam(a)redhat.com> - 1.0.4-2
- drop tinymce bbcode plugin for safety (CVE-2012-4230)
* Sat Dec 20 2014 Adam Williamson <awilliam(a)redhat.com> - 1.0.4-1
- new release 1.0.4 (security update)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1091438 - CVE-2012-4230 tinymce: XSS attacks via security policy bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1091438
--------------------------------------------------------------------------------