The following Fedora EPEL 6 Security updates need testing: Age URL 805 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 799 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 689 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 660 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 271 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6 167 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0d33ae70f tnef-1.4.14-1.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8dca05d55c drupal7-views-3.18-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e50abdd3d5 python3-numpy-1.10.4-6.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e563119ec9 php-horde-Horde-Image-2.5.2-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bfeae1e322 wordpress-4.8.2-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
kmodtool-1-26.el6 php-horde-Horde-Image-2.5.2-1.el6 wordpress-4.8.2-1.el6
Details about builds:
================================================================================ kmodtool-1-26.el6 (FEDORA-EPEL-2017-aa38a067ca) Tool for building kmod packages -------------------------------------------------------------------------------- Update Information:
Add conditional fix for (/usr)/sbin/depmod for RHEL/CentOS 6: Without this change, built kmod-<module> package depends on /usr/sbin/depmod, which does not exist on RHEL/CentOS 6 (which only provides /sbin/depmod) instead. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Image-2.5.2-1.el6 (FEDORA-EPEL-2017-e563119ec9) Horde Image API -------------------------------------------------------------------------------- Update Information:
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections. --------------------------------------------------------------------------------
================================================================================ wordpress-4.8.2-1.el6 (FEDORA-EPEL-2017-bfeae1e322) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
Upstream announcement: **WordPress 4.8.2 is now available**. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: * $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we���ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco * A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team. * A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security. * A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet). * A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by ��������� (Chen Ruiqi). * An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx). * A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team. * A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic). * A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar). Thank you to the reporters of these issues for practicing [responsible disclosure](https://make.wordpress.org/core/handbook/testing /reporting-security-vulnerabilities/). In addition to the security issues above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series. For more information, see the [release notes](https://codex.wordpress.org/Version_4.8.2) or consult the [list of change s](https://core.trac.wordpress.org/query?status=closed&milestone=4.8.2&... ponent&col=id&col=summary&col=component&col=status&col=owner&col=type&col=priori ty&col=keywords&order=priority). Thanks to everyone who contributed to 4.8.2. --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org