The following Fedora EPEL 6 Security updates need testing:
Age URL
1013
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
103
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3....
78
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binut...
66
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4242/facter-1.6....
54
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4485/python-torn...
36
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4884/mapserver-6...
34
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4918/dokuwiki-0-...
16
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0232/chicken-4.9...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0278/Django14-1....
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0315/docker-io-1...
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0363/polarssl-1....
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0368/puppetlabs-...
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0407/seamonkey-2...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0436/privoxy-3.0...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0557/clamav-0.98...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0560/websvn-2.3....
The following builds have been pushed to Fedora EPEL 6 updates-testing
clamav-0.98.6-1.el6
koji-1.9.0-10.el6.gitcd45e886
php-pecl-http-2.2.0-1.el6
websvn-2.3.3-8.el6
Details about builds:
================================================================================
clamav-0.98.6-1.el6 (FEDORA-EPEL-2015-0557)
Anti-virus software
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.98.6
=============
ClamAV 0.98.6 is a bug fix release correcting the following:
* library shared object revisions.
* installation issues on some Mac OS X and FreeBSD platforms.
* includes a patch from Sebastian Andrzej Siewior making ClamAV pid files compatible
with systemd.
* Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue
was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted mew packer files. This issue was
discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted upx packer files. This issue was
discovered by Kevin Szkudlapski of Quarkslab.
* Fix a heap out of bounds condition with crafted upack packer files. This issue was
discovered by Sebastian Andrzej Siewior. CVE-2014-9328.
* Compensate a crash due to incorrect compiler optimization when handling crafted petite
packer files. This issue was discovered by Sebastian Andrzej Siewior.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2015 Robert Scheck <robert(a)fedoraproject.org> - 0.98.6-1
- Upgrade to 0.98.6 and updated daily.cvd (#1187050)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1187050 - CVE-2014-9328 clamav: heap out of bounds condition with crafted
upack packer files
https://bugzilla.redhat.com/show_bug.cgi?id=1187050
--------------------------------------------------------------------------------
================================================================================
koji-1.9.0-10.el6.gitcd45e886 (FEDORA-EPEL-2015-0552)
Build system tools
--------------------------------------------------------------------------------
Update Information:
update to git snapshot to pull in lates upstream bugfixes and enhancements
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2015 Dennis Gilmore <dennis(a)ausil.us> - 1.9.0-10.gitcd45e886
- update to git tarball
* Thu Dec 11 2014 Dennis Gilmore <dennis(a)ausil.us> - 1.9.0-9
- add upstream patch switching to TLS1 from sslv3
* Tue Sep 30 2014 Dennis Gilmore <dennis(a)ausil.us> - 1.9.0-8
- don't exclude koji-vm from ppc and ppc64
--------------------------------------------------------------------------------
================================================================================
php-pecl-http-2.2.0-1.el6 (FEDORA-EPEL-2015-0555)
Extended HTTP support
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog
* var_dump(http\Message) no longer automatically creates an empty body
* Added http\Message\Parser class
* Made http\Client::once() and http\Client::wait() available when using events
* Added http\Url::PARSE_MBLOC, http\Url::PARSE_MBUTF8, http\Url::PARSE_TOIDN and
http\Url::PARSE_TOPCT constants
* Added http\Env\Response::setCookie()
* Added http\Env\Request::getCookie()
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2015 Remi Collet <remi(a)fedoraproject.org> - 2.2.0-1
- Update to 2.2.0 (stable)
- add dependency on libidn
--------------------------------------------------------------------------------
================================================================================
websvn-2.3.3-8.el6 (FEDORA-EPEL-2015-0560)
Online subversion repository browser
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2013-6892
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 21 2015 Xavier Bachelot <xavier(a)bachelot.org> 2.3.3-8
- Add patch for CVE-2013-6892 (RHBZ#1183632).
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.3.3-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.3.3-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.3.3-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sun Dec 2 2012 Johan Cwiklinski <johan AT x-tnd DOT be> - 2.3.3-4
- Fix apache 2.4 configuration (bz #871495)
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.3.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1183632 - CVE-2013-6892 websvn: arbitrary file access when downloads enabled
for users with commit access
https://bugzilla.redhat.com/show_bug.cgi?id=1183632
--------------------------------------------------------------------------------