The following Fedora EPEL 6 Security updates need testing:
Age URL
283
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-4008
63
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828
45
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
40
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7116
39
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7564
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7634
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7706
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7618
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7733
The following builds have been pushed to Fedora EPEL 6 updates-testing
bodhi-0.9.13-2.el6
drupal7-7.39-1.el6
fedfind-1.4.2-1.el6
ganglia-3.7.2-1.el6
golang-github-coreos-go-systemd-3-1.el6
golang-github-cpuguy83-go-md2man-1-9.el6
golang-googlecode-gogoprotobuf-0-0.13.git5ba1012.el6
php-twig-1.20.0-1.el6
python-fedora-0.5.4-1.el6
salt-2015.5.5-1.el6
Details about builds:
================================================================================
bodhi-0.9.13-2.el6 (None)
A modular framework that facilitates publishing software updates
--------------------------------------------------------------------------------
Update Information:
Updated to work better against bodhi2 with the latest python-fedora bindings.
--------------------------------------------------------------------------------
================================================================================
drupal7-7.39-1.el6 (FEDORA-EPEL-2015-7733)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
Updated to 7.39 * [Release
notes](https://www.drupal.org/drupal-7.39-release-
notes) * [Drupal Core - Critical - Multiple Vulnerabilities - SA-
CORE-2015-003](https://www.drupal.org/SA-CORE-2015-003)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1255674 - drupal7: drupal: Several issues in 6.x and 7.x (SA-CORE-2015-003)
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1255674
--------------------------------------------------------------------------------
================================================================================
fedfind-1.4.2-1.el6 (FEDORA-EPEL-2015-7740)
Fedora Finder finds Fedora
--------------------------------------------------------------------------------
Update Information:
This update provides the latest upstream fedfind release, 1.4.2. There have been
many significant changes since the last packaged release, 1.2. You can find full
details on the [upstream
page](https://www.happyassassin.net/fedfind). Briefly,
fedfind's module has grown several new features for compose checking, and Koji
queries are now more efficient (and cached on the instance). fedfind will now
find more images and identify them more accurately. You can be somewhat sloppier
with `release`, `milestone` and `compose` parameters, both in `get_release()`
and in the CLI. The update fixes the major bug in 1.2 where you could not use
the CLI with a numeric release.
--------------------------------------------------------------------------------
================================================================================
ganglia-3.7.2-1.el6 (None)
Distributed Monitoring System
--------------------------------------------------------------------------------
Update Information:
ganglia 3.7.2
--------------------------------------------------------------------------------
================================================================================
golang-github-coreos-go-systemd-3-1.el6 (FEDORA-EPEL-2015-7735)
Go bindings to systemd socket activation, journal and D-BUS APIs
--------------------------------------------------------------------------------
Update Information:
Bump to upstream be94bc700879ae8217780e9d141789a2defa302b
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248722 - Tracker for golang-github-coreos-go-systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1248722
--------------------------------------------------------------------------------
================================================================================
golang-github-cpuguy83-go-md2man-1-9.el6 (FEDORA-EPEL-2015-7736)
Process markdown into manpages
--------------------------------------------------------------------------------
Update Information:
Update spec file to spec-2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1222796 - Tracker for golang-github-cpuguy83-go-md2man
https://bugzilla.redhat.com/show_bug.cgi?id=1222796
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-gogoprotobuf-0-0.13.git5ba1012.el6 (FEDORA-EPEL-2015-7741)
A fork of goprotobuf with several extra features
--------------------------------------------------------------------------------
Update Information:
Update spec file to spec-2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246215 - Tracker for golang-googlecode-gogoprotobuf
https://bugzilla.redhat.com/show_bug.cgi?id=1246215
--------------------------------------------------------------------------------
================================================================================
php-twig-1.20.0-1.el6 (FEDORA-EPEL-2015-7618)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templates
and internal parts of Twig_Template * fixed limited RCEs when in sandbox mode *
deprecated Twig_Template::getEnvironment() * deprecated the _self variable for
usage outside of the from and import tags * added Twig_BaseNodeVisitor to ease
the compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31)
* fixed wrong error message when including an undefined template in a child
template * added support for variadic filters, functions, and tests * added
support for extra positional arguments in macros * added ignore_missing flag to
the source function * fixed batch filter with zero items * deprecated
Twig_Environment::clearTemplateCache() * fixed sandbox disabling when using the
include function
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249259 - php-twig-v1.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1249259
[ 2 ] Bug #1255797 - php-twig: Remote code execution via Twig templates [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1255797
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.5.4-1.el6 (None)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
Better detection of bodhi server version. Be more careful with python-six API
usage for EPEL. Better compat with 'fedpkg update'. Better version checking of
the bodhi server. Bodhi2 compatibility. munch objects are now returned by the
OpenIdBaseClient for a more symmetric API. There is also a minor python3 compat
fix.
--------------------------------------------------------------------------------
================================================================================
salt-2015.5.5-1.el6 (FEDORA-EPEL-2015-7737)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
salt-2015.5.5-1.el6 - Update to bugfix release 2015.5.5
--------------------------------------------------------------------------------