The following Fedora EPEL 6 Security updates need testing: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d6ec1647e3 mbedtls-2.7.12-1.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-e7cdb404e5 libapreq2-2.13-2.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5393542b88 opendmarc-1.3.2-1.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-864944c688 python34-3.4.10-4.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ee7bc290a9 golang-1.13.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ipv6calc-2.2.0-38.el6 pidgin-sipe-1.25.0-1.el6 yara-3.11.0-1.el6
Details about builds:
================================================================================ ipv6calc-2.2.0-38.el6 (FEDORA-EPEL-2019-2e87de01f2) IPv6 address format change and calculation utility -------------------------------------------------------------------------------- Update Information:
new release 2.2.0 -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 11 2019 Peter Bieringer pb@bieringer.de - 2.2.0-38 - new release 2.2.0 --------------------------------------------------------------------------------
================================================================================ pidgin-sipe-1.25.0-1.el6 (FEDORA-EPEL-2019-3a7bcfaa44) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information:
New upstream release: * provide idle start time for a buddy * extract plain text from incoming RTF * add support for Application Sharing Server * use user agent also for HTTP * add support for new AppStream metadata file location -------------------------------------------------------------------------------- ChangeLog:
* Sat Oct 12 2019 Stefan Becker chemobejk@gmail.com - 1.25.0-1 - update to 1.25.0: - provide idle start time for a buddy - extract plain text from incoming RTF * Sat Nov 10 2018 Stefan Becker chemobejk@gmail.com - 1.24.0-1 - update to 1.24.0: - add support for Application Sharing Server - use user agent also for HTTP - add support for new AppStream metadata file location --------------------------------------------------------------------------------
================================================================================ yara-3.11.0-1.el6 (FEDORA-EPEL-2019-55ba7663e0) Pattern matching Swiss knife for malware researchers -------------------------------------------------------------------------------- Update Information:
yara bugfix release -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 11 2019 Michal Ambroz <rebus at, seznam.cz> - 3.11.0-1 - bump to 3.11.0 release (#1760678) - BUGFIX: Some regexp character classes not matching correctly when used with ���nocase��� modifier (upstream #1117) - BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (upstream #1107) - BUGFIX: Buffer overrun in ���dotnet��� module (upstream #1108) - BUGFIX: Memory leak while attaching to a process fails (upstream #1070) * Sat Sep 28 2019 Michal Ambroz <rebus at, seznam.cz> - 3.10.0-3 - change the sphinx build dependency * Sat Jul 27 2019 Fedora Release Engineering releng@fedoraproject.org - 3.10.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri May 3 2019 Michal Ambroz <rebus at, seznam.cz> - 3.10.0-1 - bump to 3.10.0 release (#1680204) - Harden virtual machine against malicious code. - BUGFIX: Regression bug in hex strings containing wildcards (upstream #1025). - BUGFIX: Buffer overrun in ���elf��� module. - BUGFIX: Buffer overrun in ���dotnet��� module. * Sat Mar 16 2019 Michal Ambroz <rebus at, seznam.cz> - 3.9.0-1 - bump to 3.9.0 release (#1680203) - switch from python-sphinx to python3-sphinx for generating the documentation for fc31+ - should fix also #1660398 (CVE-2018-19974 CVE-2018-19975 CVE-2018-19976), but by design it might be always dangerous to run yara signatures compiled by 3rd party, so it is advised to re-compile yara rules instead - BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (upstream #1023, CVE-2019-5020) - BUGFIX: Buffer overflow in "dotnet" module. - BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018) * Sun Feb 3 2019 Fedora Release Engineering releng@fedoraproject.org - 3.8.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Aug 27 2018 Michal Ambroz <rebus at, seznam.cz> - 3.8.1-1 - bump to 3.8.1 release (#1613093) * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 3.7.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1459012 - CVE-2017-9438 yara: Stack consumption via a crafted rule mishandled in the _ur_re_emit function https://bugzilla.redhat.com/show_bug.cgi?id=1459012 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org