The following Fedora EPEL 6 Security updates need testing:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8905ccaea7
libidn2-2.3.0-1.el6
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-070e713b93
tnef-1.4.18-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
bitlbee-3.6-1.el6
bitlbee-facebook-1.2.0-1.el6
proftpd-1.3.3g-13.el6
sympa-6.2.48-3.el6
Details about builds:
================================================================================
bitlbee-3.6-1.el6 (FEDORA-EPEL-2019-48edff7eb6)
IRC to other chat networks gateway
--------------------------------------------------------------------------------
Update Information:
BitlBee 3.6 =========== IRC/Core -------- * Add server-time IRCv3 capability
* Add PROXY command for haproxy/stunnel * Large performance improvements for
large contact lists * Many UX/documentation improvements * Added built-in
crash handler that writes to `/var/lib/bitlbee/crash.log` * Try to join long
spaceless lines in paste_buffer without a newline. The main use case for this is
pasting long URLs and not breaking them * Fix status message being set to null
accidentally * Fix handling utf8 nick renames when loading configs * Fix
SSL's SNI with hostnames starting with a digit * Show correct nick when
`rename -del` is used Twitter ------- * Disable the stream setting by
default. Filter streams still work. * Update default character limit to 280
chars * Fix quote tweet url display. Jabber ------ * Try to join anyway
after "Already present in chat" * Fix chat joins when ext_jid is provided for
your own user. Seen with Biboumi (a gateway from XMPP to IRC) * Handle
always_use_nicks more gracefully to reduce nick change noise OTR --- * Don't
block attempts to connect/smp/smpq to "offline" users Removed dead protocols
---------------------- * msn: Use the skypeweb purple plugin instead. *
skype (the dbus based thing): ditto. * yahoo: It's so dead even the
replacement protocol died. * oscar: AIM is dead, for ICQ use the icyque purple
plugin instead. For plugin devs --------------- * Add datadir to pkgconfig
file and config.h * Add "bitlbee-set-account-password" purple signal (for
hangouts) * Support libpurple 2.12.0's PURPLE_MESSAGE_REMOTE_SEND for
groupchat self-messages (for slack) Packaging/distro specific stuff
------------------------------- * `bitlbee@.service` now sends stderr to
syslog instead of the socket * debian: only enable `bitlbee.service`, not
`bitlbee.socket` too * cygwin: portability fixes for plugins * Support
OpenSSL 1.1 built without backwards compat
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2019 Robert Scheck <robert(a)fedoraproject.org> 3.6-1
- Upgrade to 3.6
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
3.5.2-0.3.20180919git0b1448f
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
3.5.2-0.2.20180919git0b1448f
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Sep 19 2018 Adam Williamson <awilliam(a)redhat.com> -
3.5.2-0.1.20180919git0b1448f
- Bump to latest git snapshot (for openssl 1.1 and twitter fixes)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.5.1-6
- Rebuilt for Python 3.7
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 2 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1673881 - bitlbee-3.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1673881
--------------------------------------------------------------------------------
================================================================================
bitlbee-facebook-1.2.0-1.el6 (FEDORA-EPEL-2019-20d717b8af)
Facebook protocol plugin for BitlBee
--------------------------------------------------------------------------------
Update Information:
bitlbee-facebook 1.2.0 ====================== * Fix ERROR_QUEUE_OVERFLOW on
login by bumping orca agent version * Fix "Failed to read fixed header" with
TLS 1.3 / GnuTLS 3.6.x * Add workplace chat support (enable the "work"
setting
to use it)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 7 2019 David Cantrell <dcantrell(a)redhat.com> - 1.2.0-1
- Upgrade to 1.2.0
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3g-13.el6 (FEDORA-EPEL-2019-afbb452d62)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update addresses a null pointer dereference when processing an empty CRL in
mod_tls.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2019 Paul Howarth <paul(a)city-fan.org> - 1.3.3g-13
- Fix handling of CRL lookups by guarding against null pointers (GH#861,
CVE-2019-19269)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1777975 - CVE-2019-19269 proftpd: NULL pointer dereference when validating
the certificate of a client connecting to the server
https://bugzilla.redhat.com/show_bug.cgi?id=1777975
--------------------------------------------------------------------------------
================================================================================
sympa-6.2.48-3.el6 (FEDORA-EPEL-2019-38f39656ef)
Powerful multilingual List Manager
--------------------------------------------------------------------------------
Update Information:
- Add dependency on Socket6 and IO::Socket::IP (or alternatively Socket6 and
IO::Socket::INET6 on EL6). - Add patch to fix ldap 2 level query.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2019 Xavier Bachelot <xavier(a)bachelot.org> 6.2.48-3
- Add patch to fix compile executables test on F32.
- Add dependency on Socket6 and IO::Socket::IP
(or alternatively Socket6 and IO::Socket::INET6 on EL6).
- Add patch to fix ldap 2 level query.
- Re-enable Crypt::SMIME for EL8.
- Re-enable all web subpackages for EL8.
--------------------------------------------------------------------------------