The following Fedora EPEL 6 Security updates need testing: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-244e8468f8 t1utils-1.41-1.el6 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b3dc1811a1 rssh-2.3.4-15.el6 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-755c983846 golang-1.13.3-1.el6 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-cd52ee3c1e putty-0.73-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ansible-2.6.20-1.el6 djvulibre-3.5.25.3-18.el6 eurephia-1.1.1-1.el6 php-robrichards-xmlseclibs-2.1.1-1.el6 python-regex-2019.11.1-1.el6
Details about builds:
================================================================================ ansible-2.6.20-1.el6 (FEDORA-EPEL-2019-58a079b2be) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information:
Update to 2.6.20. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 8 2019 Kevin Fenzi kevin@scrye.com - 2.6.20-1 - Update to 2.6.20. --------------------------------------------------------------------------------
================================================================================ djvulibre-3.5.25.3-18.el6 (FEDORA-EPEL-2019-800a69997a) DjVu viewers, encoders, and utilities -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144 and CVE-2019-15145. -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 7 2019 Marek Kasik mkasik@redhat.com - 3.5.25.3-18 - Fix a crash due to missing zero-bytes check - Resolves: #1767923 * Thu Nov 7 2019 Marek Kasik mkasik@redhat.com - 3.5.25.3-17 - Fix a stack overflow - Resolves: #1767870 * Wed Nov 6 2019 Marek Kasik mkasik@redhat.com - 3.5.25.3-16 - Break an infinite loop - Resolves: #1767859 * Wed Nov 6 2019 Marek Kasik mkasik@redhat.com - 3.5.25.3-15 - Fix a buffer overflow - Resolves: #1767844 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1767920 - CVE-2019-15145 djvulibre: out-of-bounds read in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h https://bugzilla.redhat.com/show_bug.cgi?id=1767920 [ 2 ] Bug #1767867 - CVE-2019-15144 djvulibre: recursive call to GArrayTemplate<Run>::sort in GContainer.h leads to stack overflow https://bugzilla.redhat.com/show_bug.cgi?id=1767867 [ 3 ] Bug #1767855 - CVE-2019-15143 djvulibre: infinite loop in GBitmap::read_rle_raw related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1767855 [ 4 ] Bug #1767841 - CVE-2019-15142 djvulibre: heap-based buffer overflow in GStringRep::strdup in libdjvu/GString.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1767841 --------------------------------------------------------------------------------
================================================================================ eurephia-1.1.1-1.el6 (FEDORA-EPEL-2019-696a47493e) An advanced and flexible OpenVPN user authentication plug-in -------------------------------------------------------------------------------- Update Information:
Updates to latest upstream eurephia-1.1.1 -------------------------------------------------------------------------------- ChangeLog:
* Sat Nov 9 2019 David Sommerseth dazo@eurephia.org - 1.1.1-1 - Updated to latest upstream release - Fix parallel builds --------------------------------------------------------------------------------
================================================================================ php-robrichards-xmlseclibs-2.1.1-1.el6 (FEDORA-EPEL-2019-89d09bcf60) A PHP library for XML Security -------------------------------------------------------------------------------- Update Information:
## 2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 ## 2.1.0 Backports changes from 3.0 branch -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 6 2019 Shawn Iwinski shawn@iwin.ski - 2.1.1-1 - Update to 2.1.1 (CVE-2019-3465) - https://simplesamlphp.org/security/201911-01 * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 2.0.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 2.0.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 2.0.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ python-regex-2019.11.1-1.el6 (FEDORA-EPEL-2019-01b8908657) Alternative regular expression module, to replace re -------------------------------------------------------------------------------- Update Information:
Update regex to the latest released version. -------------------------------------------------------------------------------- ChangeLog:
* Sat Nov 9 2019 Thomas Moschny thomas.moschny@gmx.de - 2019.11.1-1 - Update to 2019.11.1. --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org