The following Fedora EPEL 6 Security updates need testing:
Age URL
182
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c
unrtf-0.21.9-8.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-61fe7c6e70
nagios-4.4.2-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
HepMC-2.06.09-22.el6
geolite2-20181204-1.el6
hscolour-1.19-7.el6
libburn1-1.5.0-1.el6
libisoburn-1.5.0-1.el6
libisofs1-1.5.0-1.el6
mbedtls-2.7.8-1.el6
Details about builds:
================================================================================
HepMC-2.06.09-22.el6 (FEDORA-EPEL-2018-638157ce34)
C++ Event Record for Monte Carlo Generators
--------------------------------------------------------------------------------
Update Information:
Fix segmentation fault.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 8 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 2.06.09-22
- Fix a segmentation fault (continue vs. break)
* Mon Jul 16 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 2.06.09-21
- Add BuildRequires on gcc-c++
- Packaging updates
- Remove Group and BuildRoot tags
- Don't clear the buildroot in the install section
- Remove the clean section
- Install license in licensedir (where applicable)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
2.06.09-20
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
2.06.09-19
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 2 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
2.06.09-18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
2.06.09-17
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
2.06.09-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Oct 7 2016 Dan Hor��k <dan[at]danny.cz> - 2.06.09-15
- disable FMA on s390(x)
* Wed Feb 3 2016 Fedora Release Engineering <releng(a)fedoraproject.org> -
2.06.09-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Sep 17 2015 Marcin Juszkiewicz <mjuszkiewicz(a)redhat.com> - 2.06.09-13
- disable FMA on both aarch64 and ppc64(le) to pass all tests
* Thu Sep 3 2015 Marcin Juszkiewicz <mjuszkiewicz(a)redhat.com> - 2.06.09-12
- disable -fexpensive-optimizations for aarch64 to get it build
* Tue Jun 16 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.06.09-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat May 2 2015 Kalev Lember <kalevlember(a)gmail.com> - 2.06.09-10
- Rebuilt for GCC 5 C++11 ABI change
--------------------------------------------------------------------------------
================================================================================
geolite2-20181204-1.el6 (FEDORA-EPEL-2018-10e241f332)
Free IP geolocation databases
--------------------------------------------------------------------------------
Update Information:
- Latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 5 2018 Carl George <carl(a)george.computer> - 20181204-1
- Latest upstream
--------------------------------------------------------------------------------
================================================================================
hscolour-1.19-7.el6 (FEDORA-EPEL-2018-fb875fa777)
Colourizes Haskell code
--------------------------------------------------------------------------------
Update Information:
link executable to Haskell libs statically for portability
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 7 2018 Jens Petersen <petersen(a)redhat.com> - 1.19-7
- link executable to Haskell libs statically for portability
- backport epel7 packaging
--------------------------------------------------------------------------------
================================================================================
libburn1-1.5.0-1.el6 (FEDORA-EPEL-2018-4499fa9c71)
Library for reading, mastering and writing optical discs
--------------------------------------------------------------------------------
Update Information:
libisofs 1.5.0 ============== * New API call iso_image_get_ignore_aclea(),
new iso_image_set_ignore_aclea() and iso_file_source_get_aa_string() flag bit3
to import all xattr namespaces * New API calls iso_image_was_blind_attrs(),
iso_local_set_attrs_errno(). * New flag bit7 with iso_local_set_attrs() to
avoid unnecessary write attempts. * New return value 2 of
IsoFileSource.get_aa_string() and iso_local_get_attrs(). * Now putting user
defined padding after appended partitions. * Bug fix: Add-on sessions with
partition offset claimed too many blocks as size. Regression of version 1.4.8.
* Bug fix: Long Joliet names without dot were mangled with one character too
many. Long Joliet names with leading dot were mangled one char too short. *
Bug fix: Reading beyond array end for HFS+ production caused SIGSEGV with
FreeBSD 11 CLANG -O2. Thanks ASX of GhostBSD. libburn 1.5.0 ============= *
Bug fix: cdrskin threw errno 22 on data file input if libburn is configured with
--enable-track-src-odirect * Bug fix: SIGSEGV could happen if a track ended by
reaching its fixed size while the track source still was willing to deliver
bytes. Thanks to user swordragon. * Bug fix: Device file comparison parameters
were recorded wrong with Linux sg libisoburn 1.5.0 ================ * Bug
fix: Multi-session emulation was not recognized with non-zero partition offset
* New bit10 of isoburn_drive_aquire() to accept all xattr namespaces * New
-xattr mode "any" to process all xattr namespaces of local filesystem * New
-as mkisofs option --xattr-any * New -as mkisofs options -uid and -gid
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 8 2018 Robert Scheck <robert(a)fedoraproject.org> 1.5.0-1
- Upgrade to 1.5.0
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.8-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.8-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Dec 1 2017 Merlin Mathesius <mmathesi(a)redhat.com> - 1.4.8-2
- Cleanup spec file conditionals
--------------------------------------------------------------------------------
================================================================================
libisoburn-1.5.0-1.el6 (FEDORA-EPEL-2018-4499fa9c71)
Library to enable creation and expansion of ISO-9660 filesystems
--------------------------------------------------------------------------------
Update Information:
libisofs 1.5.0 ============== * New API call iso_image_get_ignore_aclea(),
new iso_image_set_ignore_aclea() and iso_file_source_get_aa_string() flag bit3
to import all xattr namespaces * New API calls iso_image_was_blind_attrs(),
iso_local_set_attrs_errno(). * New flag bit7 with iso_local_set_attrs() to
avoid unnecessary write attempts. * New return value 2 of
IsoFileSource.get_aa_string() and iso_local_get_attrs(). * Now putting user
defined padding after appended partitions. * Bug fix: Add-on sessions with
partition offset claimed too many blocks as size. Regression of version 1.4.8.
* Bug fix: Long Joliet names without dot were mangled with one character too
many. Long Joliet names with leading dot were mangled one char too short. *
Bug fix: Reading beyond array end for HFS+ production caused SIGSEGV with
FreeBSD 11 CLANG -O2. Thanks ASX of GhostBSD. libburn 1.5.0 ============= *
Bug fix: cdrskin threw errno 22 on data file input if libburn is configured with
--enable-track-src-odirect * Bug fix: SIGSEGV could happen if a track ended by
reaching its fixed size while the track source still was willing to deliver
bytes. Thanks to user swordragon. * Bug fix: Device file comparison parameters
were recorded wrong with Linux sg libisoburn 1.5.0 ================ * Bug
fix: Multi-session emulation was not recognized with non-zero partition offset
* New bit10 of isoburn_drive_aquire() to accept all xattr namespaces * New
-xattr mode "any" to process all xattr namespaces of local filesystem * New
-as mkisofs option --xattr-any * New -as mkisofs options -uid and -gid
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 8 2018 Robert Scheck <robert(a)fedoraproject.org> 1.5.0-1
- Upgrade to 1.5.0
- Provide KDE service menu entry for KDE 4 and 5 (#1633872)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.8-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libisofs1-1.5.0-1.el6 (FEDORA-EPEL-2018-4499fa9c71)
Library to create ISO 9660 disk images
--------------------------------------------------------------------------------
Update Information:
libisofs 1.5.0 ============== * New API call iso_image_get_ignore_aclea(),
new iso_image_set_ignore_aclea() and iso_file_source_get_aa_string() flag bit3
to import all xattr namespaces * New API calls iso_image_was_blind_attrs(),
iso_local_set_attrs_errno(). * New flag bit7 with iso_local_set_attrs() to
avoid unnecessary write attempts. * New return value 2 of
IsoFileSource.get_aa_string() and iso_local_get_attrs(). * Now putting user
defined padding after appended partitions. * Bug fix: Add-on sessions with
partition offset claimed too many blocks as size. Regression of version 1.4.8.
* Bug fix: Long Joliet names without dot were mangled with one character too
many. Long Joliet names with leading dot were mangled one char too short. *
Bug fix: Reading beyond array end for HFS+ production caused SIGSEGV with
FreeBSD 11 CLANG -O2. Thanks ASX of GhostBSD. libburn 1.5.0 ============= *
Bug fix: cdrskin threw errno 22 on data file input if libburn is configured with
--enable-track-src-odirect * Bug fix: SIGSEGV could happen if a track ended by
reaching its fixed size while the track source still was willing to deliver
bytes. Thanks to user swordragon. * Bug fix: Device file comparison parameters
were recorded wrong with Linux sg libisoburn 1.5.0 ================ * Bug
fix: Multi-session emulation was not recognized with non-zero partition offset
* New bit10 of isoburn_drive_aquire() to accept all xattr namespaces * New
-xattr mode "any" to process all xattr namespaces of local filesystem * New
-as mkisofs option --xattr-any * New -as mkisofs options -uid and -gid
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 8 2018 Robert Scheck <robert(a)fedoraproject.org> 1.5.0-1
- Upgrade to 1.5.0
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.8-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.8-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Dec 1 2017 Merlin Mathesius <mmathesi(a)redhat.com> - 1.4.8-2
- Cleanup spec file conditionals
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.7.8-1.el6 (FEDORA-EPEL-2018-48a1d47098)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.7.8 - CVE-2018-19608 (#1656785) Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released Security Advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-
advisory-2018-03 ---- - Update to 2.7.7 Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.14.0-2.7.7-and-2.1.16-released
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 7 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 2.7.8-1
- Update to 2.7.8
- CVE-2018-19608 (#1656785)
* Mon Dec 3 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 2.7.7-1
- Update to 2.7.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1656785 - CVE-2018-19608 mbedtls: Local timing attack on RSA decryption
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1656785
--------------------------------------------------------------------------------