The following Fedora EPEL 6 Security updates need testing:
Age URL
863
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
857
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
747
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
719
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
329
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
59
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92
libmspack-0.6-0.1.alpha.el6
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-16d441d000
pcre2-10.21-21.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-ed87c07972
hostapd-2.6-6.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2bd5c2db5b
php-PHPMailer-5.2.26-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-68e2defc4c
fedpkg-1.30-4.el6 rpkg-1.51-2.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b490886f67
roundcubemail-1.0.12-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b791c39304
python-copr-1.84-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b18745f45c
mrbs-1.7.0-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
fedfind-3.8.2-1.el6
mrbs-1.7.0-1.el6
nodejs-rhea-0.2.6-1.el6
stripesnoop-1.5-24.el6
wordpress-4.9-1.el6
Details about builds:
================================================================================
fedfind-3.8.2-1.el6 (FEDORA-EPEL-2017-a96a15e55c)
Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:
fedfind 3.6.4 fixes use of the `expected_images` property (and hence
`check_expected()` method) with modular composes. In 3.6.2 and earlier, it
caused a crash. fedfind 3.7.1 improves handling of various new compose types
introduced by release engineering. The new nightly modular composes from master
branch, now versioned `Bikeshed` rather than `Rawhide`, are handled with a new
`BikeshedModularNightly` class. 'updates' and 'updates-testing' composes
are
explicitly not supported (`get_release` will raise a `ValueError` with a
specific text for these) as they do not contain images and so fedfind can't do
much with them. Note that the `fedfind.helpers.parse_cid` function is entirely
rewritten in support of this; the new version is much more capable and accurate
and should handle all compose IDs the previous version handled correctly, but
please report any issues you find. fedfind 3.8.0 adds support for the Modular
Server candidate composes which are currently being produced. fedfind 3.8.1
returns to using the pkgdb `collections` API end point for
`get_current_release`, as it is now being manually updated until PDC is ready to
replace it. fedfind 3.8.2 fixes `get_package_nvras` and `https_url_generic` for
modular composes, and `get_package_nvras` with Python 3 (it previously raised an
exception for all composes in Python 3, and modular composes in Python 2).
--------------------------------------------------------------------------------
================================================================================
mrbs-1.7.0-1.el6 (FEDORA-EPEL-2017-b18745f45c)
Meeting Room Booking System
--------------------------------------------------------------------------------
Update Information:
Changes since MRBS 1.6.1: - Fixed a number of security issues in MRBS that were
disclosed to the project by SySS GmbH, including XSS, CSRF protection and
session fixation. - Improved behaviour of browser caching in MRBS. - Improved
localisation, especially the use of colons in labels. - Added new config
variable $weekdays to define weekdays and weekends, allowing for the possibility
that weekdays are not the same as working days. - MRBS now restricts form
actions which modify data/pass passwords to only accept POSTs. - Added the
ability to have different period names in each area. - Add SAML auth and session
schemes, thanks to J��rn ��ne. - Updated to jQuery 3.2.1 and jQueryUI 1.12.1,
which includes XSS fixes. - Plus a few other bug fixes/improvements. - Dropped
support for Internet Explorer 9 and lower.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1514285 - mrbs-1.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1514285
--------------------------------------------------------------------------------
================================================================================
nodejs-rhea-0.2.6-1.el6 (FEDORA-EPEL-2017-ad01f17998)
A reactive messaging library based on the AMQP protocol
--------------------------------------------------------------------------------
Update Information:
Rebased to 0.2.6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1492264 - nodejs-rhea-0.2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1492264
--------------------------------------------------------------------------------
================================================================================
stripesnoop-1.5-24.el6 (FEDORA-EPEL-2017-b228dbafdf)
Magnetic Stripe Reader
--------------------------------------------------------------------------------
Update Information:
Rename ss binary to resolve conflict.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249328 - stripesnoop /usr/bin/ss interferes with start of remote desktop
https://bugzilla.redhat.com/show_bug.cgi?id=1249328
--------------------------------------------------------------------------------
================================================================================
wordpress-4.9-1.el6 (FEDORA-EPEL-2017-65e5a9fefd)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Read upstream announcement: [WordPress 4.9
���Tipton���](https://wordpress.org/news/2017/11/tipton/)
--------------------------------------------------------------------------------