The following Fedora EPEL 6 Security updates need testing: Age URL 388 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 382 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 313 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 272 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 243 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 129 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-30a8346813 vtun-3.0.1-10.el6 34 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-db7e78fac7 php-PHPMailer-5.2.16-2.el6 28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d0e444c5f2 pypy-5.0.1-4.el6 27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7a25f65890 nginx-1.10.1-1.el6 18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-225fc51f32 chicken-4.11.0-2.el6 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d1c7111779 p7zip-16.02-1.el6 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1cbd9dc578 drupal7-views-3.14-1.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-823164477b php-doctrine-orm-2.4.8-1.el6 php-doctrine-dbal-2.4.5-1.el6 php-doctrine-common-2.4.3-2.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6e8996ae73 php-ZendFramework2-2.2.10-2.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2f26fee4ad dropbear-2016.74-1.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2d00357bc8 dietlibc-0.33-8.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-66eb498b93 v8-3.14.5.10-25.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-af2033a524 cryptopp-5.6.2-10.el6 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d8fc3f17ea libarchive3-3.2.1-1.el6 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b191f5d359 collectd-4.10.9-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
mozilla-noscript-2.9.0.12-1.el6 nettle-3.2-2.el6
Details about builds:
================================================================================ mozilla-noscript-2.9.0.12-1.el6 (FEDORA-EPEL-2016-9a8817045d) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information:
* Updated DNT implementation to match the most recent spec about navigator.doNotTrack values (thanks Francois Merier) * [XSS] Better compatibility with Unionbank's website (thanks Brent for reporting) * Fixed bug 1278735 (JavaScript disabled in private windows) * Fixed JSON viewer not working * about:feed in the mandatory whitelist to fix bug 1272139 * [XSS] Disable JavaScript on FTP-served pages when a potential DOM XSS threat is detected (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed DOS through script- triggered ClickToPlay confirmation dialogs in a loop (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed placeholder links might be potentially used as XSS vectors if stars were properly aligned (thanks Emanuel Bronshtein @e3amn2l for reporting) * [Surrogate] Updated google-analytics.com replacement (thanks noscriptsplox) * [XSS] Fixed regression (thanks Masato Kinugawa for report) * [XSS] Fixed infrastructure issue preventing one filter from being automatically synchronized with Mozilla's source code as designed (thanks .mario and Maxim Rupp for reporting) * [XSS] Added filtering for a potential CSRF vector (thanks Masato Kinugawa for reporting) * Fixed placeholder activation in Gecko 45 and above * [XSS] Compatibility exception for the Printfriendly add-on * Removed msn.com from the default whitelist, since it seems to be unable to support HTTPS consistently * Fixed incompatibility with Firefox below version 38 * Tentative fix for an issue with explicit ports in HTTPS upgraded URLs * [HTTPS] Removed legacy redirection methods when redirectTo() is available in HTTP channels, fixing YouTube embedding problem * Replaced newChannel() with newChannel2() on Gecko 48 * [HTTPS] Limit httpsDefWhitelist effect to document loads * [XSS] Reduced eval aliasing checks false positives -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1360761 - mozilla-noscript-2.9.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1360761 --------------------------------------------------------------------------------
================================================================================ nettle-3.2-2.el6 (FEDORA-EPEL-2016-546f73e84a) A low-level cryptographic library -------------------------------------------------------------------------------- Update Information:
Imported nettle 3.2 from fedora 24. --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org