[EPEL-devel] Fedora EPEL 6 updates-testing report

Tue, 23 Jan 2018 14:48:04 -0800 

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 924  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   
rubygem-crack-0.3.2-2.el6
 814  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb   
mcollective-2.8.4-1.el6
 786  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9   
thttpd-2.25b-24.el6
 396  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac   
libbsd-0.8.3-2.el6
 125  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92   
libmspack-0.6-0.1.alpha.el6
  45  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e   
optipng-0.7.6-6.el6
  27  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6e4ce19598   
monit-5.25.1-1.el6
  17  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462   
heimdal-7.5.0-1.el6
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fde8252ab7   
python-bottle-0.12.13-1.el6
  11  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4   
rootsh-1.5.3-17.el6
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2ba6bfc5d8   
wordpress-4.9.2-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    GraphicsMagick-1.3.28-1.el6
    distribution-gpg-keys-1.18-1.el6
    fedfind-4.0.0-1.el6
    mozilla-https-everywhere-2018.1.11-1.el6

Details about builds:


================================================================================
 GraphicsMagick-1.3.28-1.el6 (FEDORA-EPEL-2018-1049ca4872)
 An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:

Latest stable release, includes many bug and security fixes.  See also
http://www.graphicsmagick.org/NEWS.html#january-20-2017
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1473729 - CVE-2017-11102 GraphicsMagick: Input validation failure 
in ReadOneJNGImage function may cause denial of service [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1473729
  [ 2 ] Bug #1473741 - CVE-2017-11139 GraphicsMagick: double free 
vulnerabilities in the [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1473741
  [ 3 ] Bug #1473752 - CVE-2017-11140 GraphicsMagick: Resource exhaustion 
denial of service in ReadJPEGImage function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1473752
  [ 4 ] Bug #1475454 - CVE-2017-11637 GraphicsMagick: NULL pointer dereference 
in WritePCLImage() in coders/pcl.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1475454
  [ 5 ] Bug #1475458 - CVE-2017-11636 GraphicsMagick: Heap based buffer 
over-write in WriteRGBImage in coders/rgb.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1475458
  [ 6 ] Bug #1475490 - CVE-2017-11641 GraphicsMagick: Memory Leak in the 
PersistCache in magick/pixel_cache.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1475490
  [ 7 ] Bug #1475498 - CVE-2017-11643 GraphicsMagick: Heap based over-write in 
WriteCMYKImagefunction in coders/cmyk.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1475498
  [ 8 ] Bug #1484483 - CVE-2017-13147 GraphicsMagick: Allocation failure in 
ReadMNGImage function in coders/png.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1484483
  [ 9 ] Bug #1512038 - CVE-2017-16669 GraphicsMagick: Heap buffer over-write in 
AcquireCacheNexus function in magick/pixel_cache.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1512038
  [ 10 ] Bug #1512049 - CVE-2017-16353 GraphicsMagick: ImageMagick, 
GraphicsMagick: memory information disclosure in DescribeImage function in 
magick/describe.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1512049
  [ 11 ] Bug #1528037 - CVE-2017-17782 GraphicsMagick: heap-based buffer 
over-read in ReadOneJNGImage function in coders/png.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1528037
  [ 12 ] Bug #1528051 - CVE-2017-17783 GraphicsMagick: heap based buffer 
over-read in ReadPALMImage in coders/palm.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1528051
  [ 13 ] Bug #1529535 - CVE-2017-17915 GraphicsMagick: Memory leak in the 
function ReadMNGImage in coders/png.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529535
  [ 14 ] Bug #1529557 - CVE-2017-17913 GraphicsMagick: stack-based buffer 
over-read in WriteWEBPImage in coders/webp.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529557
  [ 15 ] Bug #1529580 - CVE-2017-17912 GraphicsMagick:  GraphicsMagick: 
heap-based buffer over-read in ReadNewsProfile in coders/tiff.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529580
  [ 16 ] Bug #1536951 - GraphicsMagick: 2018-5685 GraphicsMagick: Infinite loop 
and application hang in coders/bmp.c:ReadBMPImage [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1536951
--------------------------------------------------------------------------------


================================================================================
 distribution-gpg-keys-1.18-1.el6 (FEDORA-EPEL-2018-4c19ea99da)
 GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:

- updated Copr keys - add UnitedRPMs - add remi 2018 key
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1536804 - distribution-gpg-keys-1.18-1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1536804
--------------------------------------------------------------------------------


================================================================================
 fedfind-4.0.0-1.el6 (FEDORA-EPEL-2018-a79242a0ec)
 Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:

This update provides a new major release of fedfind. It is going out to stable
releases as fedfind is used quite extensively in Fedora QA infrastructure, and
we prefer to keep all those deployments on the latest code. The new release also
provides some significant enhancements in correctness checking that will be
useful in these cases.  See [the upstream changelog](https://pagure.io/fedora-
qa/fedfind/blob/5713f806517a358a5761aaaff9cfd276f8aeb862/f/CHANGELOG.md) for
more details on the specific changes in this release. Most uses of fedfind (both
CLI and as a Python library) should continue to work unchanged, or with only
minimal changes (mainly because `get_release` can raise some different
exceptions now).
--------------------------------------------------------------------------------


================================================================================
 mozilla-https-everywhere-2018.1.11-1.el6 (FEDORA-EPEL-2018-1e59402c3f)
 HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:

* More ruleset updates
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to