The following Fedora EPEL 6 Security updates need testing: Age URL 182 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6 164 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 158 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 89 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6 89 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 78 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-68a2c2db36 python-pymongo-3.0.3-1.el6 48 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-da771a002d moodle-2.7.11-1.el6 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-c1e2a347ee xsupplicant-2.2.0-13.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-df28a72135 shellinabox-2.19-1.el6 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-4ea455db6d gwenhywfar-4.13.1-2.el6 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-06bd1d268e nodejs-handlebars-4.0.5-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-26f2bb9749 libpng10-1.0.66-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
dpm-xrootd-3.6.0-1.el6 innotop-1.10.0-0.3.81da83f.el6 libpng10-1.0.66-1.el6 nodejs-d-1.0.0-1.el6 nodejs-es5-ext-0.10.10-1.el6 nodejs-es6-iterator-2.0.0-1.el6 nodejs-es6-symbol-3.0.2-1.el6 nodejs-is-windows-0.1.0-1.el6 nodejs-next-tick-0.2.2-2.el6 pcsc-cyberjack-3.99.5final.SP08-2.el6 perl-Net-Whois-IP-1.18-1.el6 shinken-2.4.2-2.el6 sysreporter-3.0.2-1.el6
Details about builds:
================================================================================ dpm-xrootd-3.6.0-1.el6 (FEDORA-EPEL-2015-f3987cf642) XROOT interface to the Disk Pool Manager (DPM) -------------------------------------------------------------------------------- Update Information:
- introduced the XrdDPMStatInfo plugin - updated rpm spec to require at least xrootd 4.2 --------------------------------------------------------------------------------
================================================================================ innotop-1.10.0-0.3.81da83f.el6 (FEDORA-EPEL-2015-154331c792) A MySQL and InnoDB monitor program -------------------------------------------------------------------------------- Update Information:
Fix for MariaDB 10.1 and 10.2, align with upstream --------------------------------------------------------------------------------
================================================================================ libpng10-1.0.66-1.el6 (FEDORA-EPEL-2015-26f2bb9749) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information:
An underflow read was found in png_check_keyword in libpng10. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. ---- The fix for CVE-8126 was incomplete in the previous 1.0.64 update. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() https://bugzilla.redhat.com/show_bug.cgi?id=1291312 [ 2 ] Bug #1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions https://bugzilla.redhat.com/show_bug.cgi?id=1281756 --------------------------------------------------------------------------------
================================================================================ nodejs-d-1.0.0-1.el6 (FEDORA-EPEL-2015-03ce51864d) Property descriptor factory -------------------------------------------------------------------------------- Update Information:
Update to upstream 1.0.0 release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1292424 - Review Request: nodejs-d - Property descriptor factory https://bugzilla.redhat.com/show_bug.cgi?id=1292424 --------------------------------------------------------------------------------
================================================================================ nodejs-es5-ext-0.10.10-1.el6 (FEDORA-EPEL-2015-7354dc4f7f) ECMAScript 5 extensions and ES6 shims -------------------------------------------------------------------------------- Update Information:
Update to upstream 0.10.10 release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1292416 - Review Request: nodejs-es5-ext - ECMAScript 5 extensions and ES6 shims https://bugzilla.redhat.com/show_bug.cgi?id=1292416 --------------------------------------------------------------------------------
================================================================================ nodejs-es6-iterator-2.0.0-1.el6 (FEDORA-EPEL-2015-9d6dd21160) Iterator abstraction based on ES6 specification -------------------------------------------------------------------------------- Update Information:
Initial packaging -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1292413 - Review Request: nodejs-es6-iterator - Iterator abstraction based on ES6 specification https://bugzilla.redhat.com/show_bug.cgi?id=1292413 --------------------------------------------------------------------------------
================================================================================ nodejs-es6-symbol-3.0.2-1.el6 (FEDORA-EPEL-2015-e5a22e98d5) ECMAScript 6 Symbol polyfill -------------------------------------------------------------------------------- Update Information:
Update to upstream 3.0.2 release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1292412 - Review Request: nodejs-es6-symbol - ECMAScript 6 Symbol polyfill https://bugzilla.redhat.com/show_bug.cgi?id=1292412 --------------------------------------------------------------------------------
================================================================================ nodejs-is-windows-0.1.0-1.el6 (FEDORA-EPEL-2015-516682f7f0) Returns true if the platform is windows -------------------------------------------------------------------------------- Update Information:
Initial packaging -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1292295 - Review Request: nodejs-is-windows - Returns true if the platform is windows https://bugzilla.redhat.com/show_bug.cgi?id=1292295 --------------------------------------------------------------------------------
================================================================================ nodejs-next-tick-0.2.2-2.el6 (FEDORA-EPEL-2015-7c380807dc) Environment agnostic nextTick polyfill -------------------------------------------------------------------------------- Update Information:
Initial packaging -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1292400 - Review Request: nodejs-next-tick - Environment agnostic nextTick polyfill https://bugzilla.redhat.com/show_bug.cgi?id=1292400 --------------------------------------------------------------------------------
================================================================================ pcsc-cyberjack-3.99.5final.SP08-2.el6 (FEDORA-EPEL-2015-3c011e013b) PC/SC driver for REINER SCT cyberjack USB chip card reader -------------------------------------------------------------------------------- Update Information:
New upstream, spec-file cleanup. --------------------------------------------------------------------------------
================================================================================ perl-Net-Whois-IP-1.18-1.el6 (FEDORA-EPEL-2015-d6b9531f80) Perl extension for looking up the whois information for ip addresses -------------------------------------------------------------------------------- Update Information:
Update to latest upstream release 1.18 (rhbz#1290619) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1290619 - perl-Net-Whois-IP-1.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1290619 --------------------------------------------------------------------------------
================================================================================ shinken-2.4.2-2.el6 (FEDORA-EPEL-2015-39af137508) Python Monitoring tool -------------------------------------------------------------------------------- Update Information:
subtitute bad user to nagios, --------------------------------------------------------------------------------
================================================================================ sysreporter-3.0.2-1.el6 (FEDORA-EPEL-2015-e12d03b67f) Basic system reporter with emailing -------------------------------------------------------------------------------- Update Information:
Update to 3.0.2 ---- Upgrade to alpha4 ---- Initial build of sysreporter -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1292659 - sysreporter-v3.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1292659 [ 2 ] Bug #1291459 - Review Request: sysreporter - Basic system reporter with emailing https://bugzilla.redhat.com/show_bug.cgi?id=1291459 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org