The following Fedora EPEL 6 Security updates need testing:
Age URL
258
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828
chicken-4.9.0.1-4.el6
240
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
234
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
165
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6
165
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
124
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
96
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-58b3766907
libebml-1.2.2-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-00c45982f6
drupal6-6.38-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6e0c318d91
libssh-0.5.5-5.el6
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6a812bd682
drupal7-7.43-1.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-78096a43d9
php-htmLawed-1.1.21-1.el6
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b14579b3db
websvn-2.3.3-12.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-331ed35e18
phpMyAdmin-4.0.10.15-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GraphicsMagick-1.3.23-5.el6
am-utils-6.2.0-8.el6
davix-0.6.0-1.el6
fedfind-2.1.1-1.el6
java-service-wrapper-3.2.5-23.el6
phpMyAdmin-4.0.10.15-1.el6
python-cached_property-1.3.0-4.el6
Details about builds:
================================================================================
GraphicsMagick-1.3.23-5.el6 (FEDORA-EPEL-2016-da9cc78fe7)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
Restore lcms support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1314898 - LCMS support broken in GraphicsMagick 1.3.23
https://bugzilla.redhat.com/show_bug.cgi?id=1314898
--------------------------------------------------------------------------------
================================================================================
am-utils-6.2.0-8.el6 (FEDORA-EPEL-2016-8a3f3f81a8)
Automount utilities including an updated version of Amd
--------------------------------------------------------------------------------
Update Information:
- fix Linux NFS recognition of umounts. - add systemd dependency on nfs-
lock.service. - add get_nfs_xprt() and put_nfs_xprt() functions. - use new
get_nfs_xprt() and put_nfs_xprt() functions. - add NFSv3 nfs_quick_reply()
functionality. - add NFSv3 rpc request validation. - fix wcc attr usage in
unlink3_or_rmdir3(). - use Linux libtirpc if present.
--------------------------------------------------------------------------------
================================================================================
davix-0.6.0-1.el6 (FEDORA-EPEL-2016-41b60b83a5)
Toolkit for Http-based file management
--------------------------------------------------------------------------------
Update Information:
davix 0.6.0 release, see RELEASE-NOTES for changes
--------------------------------------------------------------------------------
================================================================================
fedfind-2.1.1-1.el6 (FEDORA-EPEL-2016-e445a08fb1)
Fedora Finder finds Fedora
--------------------------------------------------------------------------------
Update Information:
This update provides the latest releases of fedfind, python-wikitcms and relval.
The updated python-cached_property (a dependency of fedfind and python-wikitcms)
fixes the package naming and provisions to be consistent between Python 2 and
Python 3 and avoid dependency issues. This new 2.x series involves major changes
to all three packages to adapt to the [new Fedora compose
process](https://www.happyassassin.net/2016/02/15/pungi-4-the-new-generat...
the-fedora-compose-tools-and-what-it-means-for-qa/). fedfind, in particular, is
more incompatible than not with its 1.x series. The interface for python-
wikitcms has changed much less (just some additions; there should be no
incompatible changes). The `nightly` and `report-auto` subcommands have been
removed from relval and the `compose` subcommand can now handle nightly events
(without any of the checking the `nightly` subcommand used to do; unattended
creation of nightly commands is being moved to a separate fedmsg consumer
daemon). `relval` now runs under Python 3 rather than Python 2. All remaining
subcommands should be fully compatible with invocations that worked earlier.
These major changes are disruptive, but are vital to keep the tools working with
the changed compose process. Please see the project pages (and the changelogs
included on them) for more details: *
[
fedfind](https://www.happyassassin.net/fedfind) * [python-
wikitcms](https://www.happyassassin.net/wikitcms) *
[
relval](https://www.happyassassin.net/relval)
--------------------------------------------------------------------------------
================================================================================
java-service-wrapper-3.2.5-23.el6 (FEDORA-EPEL-2016-b0be35172a)
Java service wrapper
--------------------------------------------------------------------------------
Update Information:
Unretire EL6 branch ---- Move jar file from /usr/lib*/java-service-wrapper to
/usr/share/java
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.15-1.el6 (FEDORA-EPEL-2016-331ed35e18)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.15 (2016-02-29) ================================= This
version fixes multiple XSS vulnerabilities, see PMASA-2016-11 for more details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1313696 - CVE-2016-2562 phpMyAdmin: man-in-the-middle attack on API call to
GitHub (PMASA-2016-13)
https://bugzilla.redhat.com/show_bug.cgi?id=1313696
[ 2 ] Bug #1313695 - CVE-2016-2559 phpMyAdmin: XSS vulnerability in SQL parser
(PMASA-2016-10)
https://bugzilla.redhat.com/show_bug.cgi?id=1313695
[ 3 ] Bug #1313224 - CVE-2016-2561 phpMyAdmin: multiple XSS vulnerabilities
(PMASA-2016-12)
https://bugzilla.redhat.com/show_bug.cgi?id=1313224
[ 4 ] Bug #1313221 - CVE-2016-2560 phpMyAdmin: multiple XSS vulnerabilities
(PMASA-2016-11)
https://bugzilla.redhat.com/show_bug.cgi?id=1313221
--------------------------------------------------------------------------------
================================================================================
python-cached_property-1.3.0-4.el6 (FEDORA-EPEL-2016-e445a08fb1)
A cached-property for decorating methods in Python classes
--------------------------------------------------------------------------------
Update Information:
This update provides the latest releases of fedfind, python-wikitcms and relval.
The updated python-cached_property (a dependency of fedfind and python-wikitcms)
fixes the package naming and provisions to be consistent between Python 2 and
Python 3 and avoid dependency issues. This new 2.x series involves major changes
to all three packages to adapt to the [new Fedora compose
process](https://www.happyassassin.net/2016/02/15/pungi-4-the-new-generat...
the-fedora-compose-tools-and-what-it-means-for-qa/). fedfind, in particular, is
more incompatible than not with its 1.x series. The interface for python-
wikitcms has changed much less (just some additions; there should be no
incompatible changes). The `nightly` and `report-auto` subcommands have been
removed from relval and the `compose` subcommand can now handle nightly events
(without any of the checking the `nightly` subcommand used to do; unattended
creation of nightly commands is being moved to a separate fedmsg consumer
daemon). `relval` now runs under Python 3 rather than Python 2. All remaining
subcommands should be fully compatible with invocations that worked earlier.
These major changes are disruptive, but are vital to keep the tools working with
the changed compose process. Please see the project pages (and the changelogs
included on them) for more details: *
[
fedfind](https://www.happyassassin.net/fedfind) * [python-
wikitcms](https://www.happyassassin.net/wikitcms) *
[
relval](https://www.happyassassin.net/relval)
--------------------------------------------------------------------------------