The following Fedora EPEL 6 Security updates need testing:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3c9eacae67
python-rfc3986-1.3.0-1.el6 python3-requests-2.14.2-2.el6_10
python3-urllib3-1.25.1-1.el6_10
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bdf81699f7
wordpress-5.1.4-1.el6_10
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-20f6b6513c
drupal7-l10n_update-2.3-1.el6_10
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f6b0384072
drupal7-webform-4.21-1.el6_10
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bf943e820d
singularity-3.5.2-1.1.el6_10
The following builds have been pushed to Fedora EPEL 6 updates-testing
drupal7-7.69-1.el6_10
php-getid3-1.9.19-1.el6_10
Details about builds:
================================================================================
drupal7-7.69-1.el6_10 (FEDORA-EPEL-2019-19a3a7b296)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
RPM notes: - All docs are now in `/usr/share/doc/drupal7/` - All licenses are
now in `/usr/share/licenses/drupal7/` - Requires have been updated to include
all [
phpcompatinfo](http://php5.laurent-laville.org/compatinfo/) extension
findings ### 7.69 Maintenance and security release of the Drupal 7 series.
This release fixes **security vulnerabilities**. Sites are **[urged to upgrade
immediately](https://www.drupal.org/docs/7/update/introduction)** after reading
the notes below and the security announcement: - [Drupal core - Critical -
Multiple vulnerabilities -
SA-CORE-2019-012](https://www.drupal.org/sa-
core-2019-012) No other fixes are included. #### Important update information
- Drupal 7 includes a bundled version of the pear/archive_tar project, the
included version has been updated from 1.4.5 to 1.4.9 in order to mitigate
[Drupal core - Critical - Multiple vulnerabilities - SA-
CORE-2019-012](https://www.drupal.org/sa-core-2019-012) No changes have been
made to the `.htaccess`, `web.config`, `robots.txt`, or default `settings.php`
files in this release, so upgrading custom versions of those files is not
necessary. ### 7.68 Maintenance release of the Drupal 7 series. Includes bug
fixes and small API/feature improvements only (no major, non-backwards-
compatible new functionality). No security fixes are included in this release.
**This is the first release to fully support PHP 7.3. Please test and report any
bugs in the issue queue.** No changes have been made to robots.txt in this
release, so upgrading custom versions of that file is not necessary. However,
changes have been made to .htaccess, web.config and
sites/default/default.settings.php in this release. The .htaccess and
web.config changes are detailed in this Change Record: - Access to web.config
is blocked in .htaccess (and vice-versa):
https://www.drupal.org/node/3098687
Upgrading custom versions of .htaccess and web.config to incorporate this change
is recommended, but not required. There is one change to the
sites/default/default.settings.php file in this release, but the only change is
to file permissions: - [Regression] Fix default.settings.php permission:
https://www.drupal.org/node/3035772 #### Major changes since 7.67 - Fully
support PHP 7.3 - drupal_http_request() accepts data as an array in Drupal 7 -
Access to web.config is blocked in .htaccess (and vice-versa) - New "scripts"
element - theme_table() takes an optional footer variable and produces <tfoot>
#### All changes since 7.67 - \#3098664 by mcdruid: drupal_http_build_query()
only accepts arrays (followup to #3059391) - \#3097342 by mcdruid, Fabianx:
Prepare Drupal 7.68 (CHANGELOG.txt) - \#3088938 by DamienMcKenna, webchick,
mcdruid: Update the D7 maintainers list - \#2902430 by stefanos.petrakis,
joseph.olstad, SergFromSD, kiamlaluno, Ayesh, mcdruid, alexpott: [PHP 7.1] A
non-numeric value encountered in theme_pager() - \#2472025 by stupiddingo,
stefanos.petrakis: [D7] Hide toolbar when printing - \#2171113 by Pol, wiifm,
mw4ll4c3, David_Rothstein, douggreen, Fabianx: Settings returned via ajax are
not run through hook_js_alter() - \#3059391 by Liam Morland: Use
drupal_http_build_query() in drupal_http_request() - \#2966335 by mcdruid,
dvandijk, David_Rothstein: Avoid DrupalRequestSanitizer not found fatal error
when bootstrap phase order is changed - \#3025335 by mcdruid, mfb,
joseph.olstad, Fabianx, kiamlaluno, Pol: [PHP 7.3] Cannot change session id when
session is active - \#3055805 by mcdruid, greggles, Ayesh, Darren Oh,
David_Rothstein, sidharrell, pwolanin, mkalkbrenner, Sweetchuck, YesCT: file.inc
generated .htaccess does not cover PHP 7 - \#3047412 by mcdruid, Chi, beckydev,
DKAN, alexpott, sammuell, rabbitlair, longwave, greggles, interX: Block
web.config in .htaccess (and vice-versa) - \#3047844 by mfb, jordanwood,
Taran2L: Fix test failures on PHP 5.3 - \#3088557: Add mcdruid as provisional
Drupal 7 branch maintainer - \#3051370 by Pol, markcarver, Fabianx: Create
"scripts" element to align rendering workflow to how "styles" are
handled -
\#2814031 by Liam Morland: In drupal_http_request(), allow passing data as array
- \#1861604 by hefox, joseph.olstad, Sivaji, mgifford, webchick: Skip
module_invoke/module_hook in calling hook_watchdog (excessive function_exist) -
\#2666908 by iamEAP, cilefen: HTTP status 200 returned for ���Additional uncaught
exception thrown while handling exception��� - \#1892654 by Pol, willvincent,
Fabianx: D7 Backport: theme_table() should take an optional footer variable and
produce - \#3009351 by Pol, mfb, BrianLP: [PHP ��� 7.2] "session_id(): Cannot
change session id" - \#2684337 by geoffray, Pol, jweowu, Fabianx: Warning:
uasort() expects parameter 1 to be array, null given in node_view_multiple() -
\#3035772 by Pol: [Regression] Fix default.settings.php permission
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2019 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 7.69-1
- Update to 7.69 (RHBZ #1784967 / SA-CORE-2019-012)
-
https://www.drupal.org/sa-core-2019-012
* Mon Dec 16 2019 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 7.68-2
- Fix ssh2 dependency (`php-ssh2` => `php-pecl(ssh2)`)
* Sat Dec 14 2019 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 7.68-1
- Update to 7.68 (RHBZ #1779680)
- Use official
drupal.org source
- Expand requires to include full phpcompatinfo findings
- Spec, docs, licenses, and %files revamp
* Sun Sep 15 2019 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 7.67-3
- Use python3 for Fedora >= 29 and EPEL >= 8
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.67-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1784967 - drupal7-7.69 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1784967
[ 2 ] Bug #1779680 - drupal7-7.68 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1779680
--------------------------------------------------------------------------------
================================================================================
php-getid3-1.9.19-1.el6_10 (FEDORA-EPEL-2019-4160414281)
The PHP media file parser
--------------------------------------------------------------------------------
Update Information:
**Version 1.9.19**: (2019-12-17) * add placeholder support for WTV (Windows
Recorded TV Show) * bugfix (G:210) PHP 7.4 deprecated get_magic_quotes *
bugfix (G:207) improved LAME version string parsing * bugfix (G:206) inverted
logic in CopyTagsToComments * bugfix (G:203) use getimagesizefromstring if
available * Quicktime decode 'uuid' atom for 360fly cameras
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2019 Remi Collet <remi(a)remirepo.net> - 1.9.19-1
- update to 1.9.19
--------------------------------------------------------------------------------