The following Fedora EPEL 6 Security updates need testing:
Age URL
551
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
545
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
477
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
435
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
407
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
138
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53
chicken-4.11.0-3.el6
17
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-245929d91a
tinymce-4.5.1-1.el6
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-62450e4e38
libpng10-1.0.67-1.el6
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-284a1cc356
exim-4.88-1.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c6c7bf06e
dbus-sharp-0.7.0-16.el6 dbus-sharp-glib-0.5.0-14.el6 mono-4.2.4-9.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7d479b3940
php-PHPMailer-5.2.22-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-50bd111169
icoutils-0.31.1-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4e597458f1
php-ZendFramework2-2.2.10-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
bitlbee-3.5-1.el6
golang-github-onsi-ginkgo-1.1.0-11.el6
golang-github-onsi-gomega-1.0-0.1.git2152b45.el6
icoutils-0.31.1-1.el6
php-PHPMailer-5.2.22-1.el6
php-ZendFramework2-2.2.10-3.el6
php-tcpdf-6.2.13-1.el6
python-productmd-1.4-1.el6
Details about builds:
================================================================================
bitlbee-3.5-1.el6 (FEDORA-EPEL-2017-88b1fb3523)
IRC to other chat networks gateway
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411171 - bitlbee-3.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1411171
--------------------------------------------------------------------------------
================================================================================
golang-github-onsi-ginkgo-1.1.0-11.el6 (FEDORA-EPEL-2017-54a7538f99)
A Golang BDD Testing Framework
--------------------------------------------------------------------------------
Update Information:
Add missing Provides ---- Bump to upstream
7f8ab55aaf3b86885aa55b762e803744d1674700
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214619 - Tracker for golang-github-onsi-ginkgo
https://bugzilla.redhat.com/show_bug.cgi?id=1214619
--------------------------------------------------------------------------------
================================================================================
golang-github-onsi-gomega-1.0-0.1.git2152b45.el6 (FEDORA-EPEL-2017-7feec15962)
Ginkgo's Preferred Matcher Library
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 2152b45fa28a361beba9aab0885972323a444e28 ---- internal
packages are no longer provided Update of spec file to spec-2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248013 - Tracker for golang-github-onsi-gomega
https://bugzilla.redhat.com/show_bug.cgi?id=1248013
--------------------------------------------------------------------------------
================================================================================
icoutils-0.31.1-1.el6 (FEDORA-EPEL-2017-50bd111169)
Utility for extracting and converting Microsoft icon and cursor files
--------------------------------------------------------------------------------
Update Information:
This new point release fixes a security vulnerability in wrestool. For further
details see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411251 - CVE-2017-5208 icoutils: Check_offset overflow on 64-bit systems
https://bugzilla.redhat.com/show_bug.cgi?id=1411251
--------------------------------------------------------------------------------
================================================================================
php-PHPMailer-5.2.22-1.el6 (FEDORA-EPEL-2017-7d479b3940)
PHP email transport class with a lot of features
--------------------------------------------------------------------------------
Update Information:
**Version 5.2.22** (January 5th 2017) * **SECURITY** Fix
[
CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-...,
local file disclosure vulnerability if content passed to `msgHTML()` is sourced
from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix
for this means that calls to `msgHTML()` without a `$basedir` will not import
images with relative URLs, and relative URLs containing `..` will be ignored. *
Add simple contact form example * Emoji in test content ---- **Version
5.2.21** (December 28th 2016) * Fix missed number update in version file - no
functional changes ---- **Version 5.2.20** (December 28th 2016) *
**SECURITY** Critical security update for CVE-2016-10045 please update now!
Thanks to [Dawid Golunski](https://legalhackers.com) and Paul Buonopane
(Zenexer). ---- ** Version 5.2.19** (December 26th 2016) * Minor cleanup **
Version 5.2.18** (December 24th 2016) * **SECURITY** Critical security update
for CVE-2016-10033 please update now! Thanks to [Dawid
Golunski](https://legalhackers.com). * Add ability to extract the SMTP
transaction ID from some common SMTP success messages * Minor documentation
tweaks ** Version 5.2.17** (December 9th 2016) * This is officially the last
feature release of 5.2. Security fixes only from now on; use PHPMailer 6.0! *
Allow DKIM private key to be provided as a string * Provide mechanism to allow
overriding of boundary and message ID creation * Improve Brazilian Portuguese,
Spanish, Swedish, Romanian, and German translations * PHP 7.1 support for
Travis-CI * Fix some language codes * Add security notices * Improve DKIM
compatibility in older PHP versions * Improve trapping and capture of SMTP
connection errors * Improve passthrough of error levels for debug output *
PHPDoc cleanup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409489 - CVE-2016-10033 phpmailer: Parameter injection via mail() function
https://bugzilla.redhat.com/show_bug.cgi?id=1409489
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework2-2.2.10-3.el6 (FEDORA-EPEL-2017-4e597458f1)
Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
Fixes [
ZF2016-04](https://framework.zend.com/security/advisory/ZF2016-04) /
[
CVE-2016-10034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1...
vulnerability
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409591 - CVE-2016-10034 php-zendframework: Parameter injection in setFrom()
function
https://bugzilla.redhat.com/show_bug.cgi?id=1409591
--------------------------------------------------------------------------------
================================================================================
php-tcpdf-6.2.13-1.el6 (FEDORA-EPEL-2017-5a23161f8b)
PHP class for generating PDF documents and barcodes
--------------------------------------------------------------------------------
Update Information:
Add a simple classmap autoloader.
--------------------------------------------------------------------------------
================================================================================
python-productmd-1.4-1.el6 (FEDORA-EPEL-2017-3856ce7e2d)
Library providing parsers for metadata related to OS installation
--------------------------------------------------------------------------------
Update Information:
* Fixes working with legacy metadata files. * Miscelaneous bug fixes. * Fixed
Python 3 compatibility
--------------------------------------------------------------------------------