The following Fedora EPEL 6 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d6ec1647e3 mbedtls-2.7.12-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-e7cdb404e5 libapreq2-2.13-2.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5393542b88 opendmarc-1.3.2-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
clamav-unofficial-sigs-6.1.1-2.el6 etckeeper-1.18.10-4.el6 ga-5.6.5-6.el6 golang-1.13.1-1.el6 pspg-2.1.3-1.el6 python34-3.4.10-4.el6
Details about builds:
================================================================================ clamav-unofficial-sigs-6.1.1-2.el6 (FEDORA-EPEL-2019-b9b486f880) Scripts to download unofficial clamav signatures -------------------------------------------------------------------------------- Update Information:
Fix bash path ---- Update from upstream -------------------------------------------------------------------------------- ChangeLog:
* Tue Oct 1 2019 Didier Fabert didier.fabert@gmail.com - 6.1.1-2 - Fix bash path - Fix shebang * Sat Sep 21 2019 Didier Fabert didier.fabert@gmail.com - 6.1.1-1 - Update from upstream - Add cron, logrotate and man from fixed files (upstream way is too difficult to maintain) - Fix buggy date in changelog - Remove merged patch in upstream (5.6.2-7) * Wed Jul 24 2019 Fedora Release Engineering releng@fedoraproject.org - 5.6.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1752990 - Request to update: clamav-unofficial-sigs to v6.1.1 https://bugzilla.redhat.com/show_bug.cgi?id=1752990 --------------------------------------------------------------------------------
================================================================================ etckeeper-1.18.10-4.el6 (FEDORA-EPEL-2019-3738f7b285) Store /etc in a SCM system (git, mercurial, bzr or darcs) -------------------------------------------------------------------------------- Update Information:
etckeeper 1.18.10 released with these changes * Avoid post-install failing when ps is from busybox or another version not supporting procps-specific options. * Use ps --no-headers rather than problematic -h option. etckeeper 1.18.9 released with these changes * When run during a package installation, include in the commit message the command line that caused etckeeper to run. Thanks, Laszlo Gombos -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 4 2019 Thomas Moschny thomas.moschny@gmx.de - 1.18.10-4 - Package fixes for CentOS8. - Build dnf plugin on CentOS7. * Thu Oct 3 2019 Miro Hron��ok mhroncok@redhat.com - 1.18.10-3 - Rebuilt for Python 3.8.0rc1 (#1748018) * Thu Oct 3 2019 Thomas Moschny thomas.moschny@gmx.de - 1.18.10-2 - There is currently no bzr for rhel8. * Thu Oct 3 2019 Thomas Moschny thomas.moschny@gmx.de - 1.18.10-1 - Update to 1.18.10. * Mon Aug 19 2019 Miro Hron��ok mhroncok@redhat.com - 1.18.8-4 - Rebuilt for Python 3.8 * Wed Jul 24 2019 Fedora Release Engineering releng@fedoraproject.org - 1.18.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 1.18.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ ga-5.6.5-6.el6 (FEDORA-EPEL-2019-e0b05663a1) Global Arrays Toolkit -------------------------------------------------------------------------------- Update Information:
Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 5.6.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Feb 14 2019 Orion Poplawski orion@nwra.com - 5.6.5-5 - Rebuild for openmpi 3.1.3 * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 5.6.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Aug 7 2018 Edoardo Apra edoardo.apra@gmail.com - 5.6.5-3 - fortran integer casting in ga_diag. Fixes #1613089 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 5.6.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ golang-1.13.1-1.el6 (FEDORA-EPEL-2019-ee7bc290a9) The Go Programming Language -------------------------------------------------------------------------------- Update Information:
* Rebase to 1.13.1 * Security fix for CVE-2019-16276 -------------------------------------------------------------------------------- ChangeLog:
* Sat Oct 5 2019 Jakub ��ajka jcajka@redhat.com - 1.13.1-1 - Rebase to go1.13.1 - Fix for CVE-2019-16276 - Resolves: BZ#1755971 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1755969 - CVE-2019-16276 golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling https://bugzilla.redhat.com/show_bug.cgi?id=1755969 --------------------------------------------------------------------------------
================================================================================ pspg-2.1.3-1.el6 (FEDORA-EPEL-2019-002009635b) A unix pager optimized for psql -------------------------------------------------------------------------------- Update Information:
new upstream release, per release notes: - https://github.com/okbob/pspg/releases/tag/2.1.3 - https://github.com/okbob/pspg/releases/tag/2.1.2 - https://github.com/okbob/pspg/releases/tag/2.1.1 - https://github.com/okbob/pspg/releases/tag/2.1.0 - https://github.com/okbob/pspg/releases/tag/2.0.5 - https://github.com/okbob/pspg/releases/tag/2.0.4 -------------------------------------------------------------------------------- ChangeLog:
* Sat Oct 5 2019 Pavel Raiskup praiskup@redhat.com - 2.1.3-1 - new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.1.3 https://github.com/okbob/pspg/releases/tag/2.1.2 https://github.com/okbob/pspg/releases/tag/2.1.1 https://github.com/okbob/pspg/releases/tag/2.1.0 https://github.com/okbob/pspg/releases/tag/2.0.5 https://github.com/okbob/pspg/releases/tag/2.0.4 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1754109 - pspg-2.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1754109 --------------------------------------------------------------------------------
================================================================================ python34-3.4.10-4.el6 (FEDORA-EPEL-2019-864944c688) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information:
This update backports fixes for CVE-2019-10160 (rhbz#1718867) and CVE-2019-16056 (rhbz#1750457) from Fedora. It also obsolete IUS python34u packages ([IUS issue](https://github.com/iusrepo/packaging/issues/7)). -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 3 2019 Carl George carl@george.computer - 3.4.10-4 - Obsolete IUS python34u packages - Fix CVE-2019-10160 (rhbz#1718867) - Fix CVE-2019-16056 (rhbz#1750457) * Tue Apr 30 2019 Miro Hron��ok mhroncok@redhat.com - 3.4.10-2 - Require python3-other-rpm-macros instead of python3-rpm-macros -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1750455 - CVE-2019-16056 python34: python: email.utils.parseaddr wrongly parses email addresses [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1750455 [ 2 ] Bug #1718869 - CVE-2019-10160 python34: python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1718869 [ 3 ] Bug #1706855 - CVE-2019-9740 python34: python: improper neutralization of CRLF sequences in urllib module [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1706855 [ 4 ] Bug #1698979 - CVE-2019-9947 CVE-2019-9948 python34: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1698979 [ 5 ] Bug #1688552 - CVE-2019-9636 python34: python: Information Disclosure due to urlsplit improper NFKC normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1688552 [ 6 ] Bug #1750764 - Sync EPEL's python34 with Fedora [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1750764 --------------------------------------------------------------------------------