The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/xml-security-c-1.6.0-2.el6
https://admin.fedoraproject.org/updates/bugzilla-3.4.11-1.el6
https://admin.fedoraproject.org/updates/libpng10-1.0.55-1.el6
https://admin.fedoraproject.org/updates/rt3-3.8.10-2.el6.1
https://admin.fedoraproject.org/updates/squirrelmail-1.4.22-2.el6
https://admin.fedoraproject.org/updates/ejabberd-2.1.8-2.el6
https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
bugzilla-3.4.11-1.el6
django-avatar-2.0a1-4.20110709git097ed8.el6
django-celery-2.2.3-1.el6
django-followit-0.0.2-2.el6
django-threaded-multihost-1.4.0-2.el6
drbdlinks-1.19-2.el6
drupal6-features-1.1-3.el6
duplicity-0.6.14-1.el6
libbluray-0.2-0.6.20110710git51d7d60a96d06.el6
nntpgrab-0.6.92-1.el6
perl-HTTP-Server-Simple-Mason-0.14-3.el6
perl-Sys-Hostname-Long-1.4-5.el6
php-ZendFramework-1.11.9-1.el6
python-anyjson-0.3.1-1.el6
python-celery-2.2.7-3.el6
python-importlib-1.0.2-1.el6
python-migrate0.5-0.5.4-1.el6
python-oauth2-1.5.170-1.el6
python-unidecode-0.04.7-3.el6
python-unidecode-0.04.7-4.el6
rt3-3.8.10-2.el6.1
rubygem-rhc-0.71.2-2.el6
trac-spamfilter-plugin-0.4.7-0.11.20110716svn10756.el6
xml-security-c-1.6.0-2.el6
Details about builds:
================================================================================
bugzilla-3.4.11-1.el6 (FEDORA-EPEL-2011-3863)
Bug tracking system
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2010-4411, CVE-2010-4567, CVE-2010-4568, CVE-2010-4569,
CVE-2010-4570, CVE-2010-4572, CVE-2011-0046, CVE-2011-0048
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2011 Emmanuel Seyman <emmanuel.sey...@club-internet.fr> - 3.4.11-1
- Update to 3.4.11
* Tue Mar 8 2011 Emmanuel Seyman <emmanuel.sey...@club-internet.fr> - 3.4.10-2
- Put contrib/recode.pl in the main package so that it no longer depends on
python and ruby
* Tue Jan 25 2011 Emmanuel Seyman <emmanuel.sey...@club-internet.fr> - 3.4.10-1
- Update to 3.4.10
* Wed Nov 3 2010 Emmanuel Seyman <emmanuel.sey...@club-internet.fr> - 3.4.9-1
- Update to 3.4.9
* Thu Aug 19 2010 Emmanuel Seyman <emmanuel.sey...@club-internet.fr> - 3.4.8-2
- Bump to correct changelog version
* Wed Aug 18 2010 Emmanuel Seyman <emmanuel.sey...@club-internet.fr> - 3.4.8-1
- Update to 3.4.8 (#623426, #615331)
- Only run checksetup if /etc/bugzilla/localconfig does not exist (#610210)
- Add bugzilla-contrib to Requires (#610198)
* Wed Jun 30 2010 Emmanuel Seyman <emmanuel.sey...@club-internet.fr> - 3.4.7-2
- Remove mod_perl from the requirements (#600924)
* Fri Jun 25 2010 Emmanuel Seyman <emmanuel.sey...@club-internet.fr> - 3.4.7-1
- Update to 3.4.7 (CVE-2010-1204)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #672856 - bugzilla: multiple security issues [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=672856
--------------------------------------------------------------------------------
================================================================================
django-avatar-2.0a1-4.20110709git097ed8.el6 (FEDORA-EPEL-2011-3859)
A django module for handling user avatars
--------------------------------------------------------------------------------
Update Information:
A django module for handling user avatars
--------------------------------------------------------------------------------
================================================================================
django-celery-2.2.3-1.el6 (FEDORA-EPEL-2011-3838)
Django Celery Integration
--------------------------------------------------------------------------------
Update Information:
Django Celery Integration
--------------------------------------------------------------------------------
================================================================================
django-followit-0.0.2-2.el6 (FEDORA-EPEL-2011-3837)
A django app that allows users to follow django model objects
--------------------------------------------------------------------------------
Update Information:
A django app that allows users to follow django model objects
--------------------------------------------------------------------------------
================================================================================
django-threaded-multihost-1.4.0-2.el6 (FEDORA-EPEL-2011-3874)
Django app to enable multi-site awareness in Django apps
--------------------------------------------------------------------------------
Update Information:
add requires on Django
--------------------------------------------------------------------------------
================================================================================
drbdlinks-1.19-2.el6 (FEDORA-EPEL-2011-3849)
A program for managing links into a DRBD shared partition
--------------------------------------------------------------------------------
Update Information:
- Handle visible SELinux range label if mcstrans is not used
- Added configuration file for tmpfiles handling (#656578)
- Added logrotate configuration to ignore possible *.drbdlinks
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 17 2011 Robert Scheck <rob...@fedoraproject.org> 1.19-2
- Handle visible SELinux range label if mcstrans is not used
- Added configuration file for tmpfiles handling (#656578)
- Added logrotate configuration to ignore possible *.drbdlinks
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #656578 - Please Update Spec File to use %ghost on files in
/var/run and /var/lock
https://bugzilla.redhat.com/show_bug.cgi?id=656578
--------------------------------------------------------------------------------
================================================================================
drupal6-features-1.1-3.el6 (FEDORA-EPEL-2011-3852)
Provides feature management for Drupal
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.1 fixes false overrides when permissions were created in a
different order.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 18 2011 Paul W. Frields <sticks...@gmail.com> - 1.1-3
- Update to upstream 1.1
--------------------------------------------------------------------------------
================================================================================
duplicity-0.6.14-1.el6 (FEDORA-EPEL-2011-3855)
Encrypted bandwidth-efficient backup using rsync algorithm
--------------------------------------------------------------------------------
Update Information:
New in v0.6.14 (2011/06/18)
----------------------------
Enhancements:
* Provide Ubuntu One integration
Bugs closed in this release:
* AttributeError: FileobjHooked instance has no attribute 'name'
* Restore fails with "Invalid data - SHA1 hash mismatch"
* Cygwin: Full Backup fails with "IOError: [Errno 13] Permission denied"
* --exclude-filelist-stdin and gpg error with/without PASSPHRASE
* Endless retype passphrase when typo
* "include-filelist-stdin" not implemented on version 0.6.11
* [PATCH] Local backend should always try renaming instead of copying
* cannot import name S3ResponseError
* Difference found: File X has permissions 666, expected 666
* collection-status asking for passphrase
* ncftpls file delete fails in ftpbackend.py
* create tomporary files with sftp
* duplicity sftp backend should ignore removing a file which is not there
* Webdav(s) url scheme lacks port support
* create tomporary files with sftp
* sftp backend cannot create new subdirs on new backup
* Timeout on sftp command 'ls -1'
* Duplicity ignores some FatalErrors
* Allow to pass different passwords for --sign-key and --encrypt-key
New in v0.6.13 (2011/04/02)
----------------------------
Enhancements added this release:
* New manual test to make Ctrl-C issues easier to replicate.
* Use python-virtualenv to make testing multiple Python versions easier.
* In boto backend check for existing bucket before trying to create.
Bugs closed in this release:
* Assertion error "time not moving forward at appropriate pace"
* silent data corruption with checkpoint/restore
* File "/usr/bin/duplicity", error after upgrade from 6.11 to 6.12
New in v0.6.12 (2011/03/08)
----------------------------
Enhancements added this release:
* ftps support using lftp (ftpsbackend)
Bugs closed in this release:
* Only full backups done on webdav
* Use log codes for common backend errors
* Inverted "Current directory" "Previous directory" in error message
* OSError: [Errno 2] No such file or directory
* sslerror: The read operation timed out with cf
* boto backend uses Python 2.5 conditional
* symbolic link ownership not preserved
* Cygwin: TypeError: basis_file must be a (true) file ...
* Duplicity 0.6.11 aborts if RSYNC_RSH not set
* Backup fails silently when target is full (sftp, verbosity=4)
* Exception in log module
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 17 2011 Robert Scheck <rob...@fedoraproject.org> 0.6.14-1
- Upgrade to 0.6.14 (#720589, #697222)
- Backported optparse 1.5a2 from RHEL 5 for RHEL 4 (#717133)
* Tue Feb 8 2011 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.6.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #720589 - duplicity 0.6.13 out
https://bugzilla.redhat.com/show_bug.cgi?id=720589
[ 2 ] Bug #697222 - Duplicity with rsync fails if RSYNC_RSH is not set
https://bugzilla.redhat.com/show_bug.cgi?id=697222
[ 3 ] Bug #717133 - Duplicity on EL4 (From epel) doesn't even work
https://bugzilla.redhat.com/show_bug.cgi?id=717133
--------------------------------------------------------------------------------
================================================================================
libbluray-0.2-0.6.20110710git51d7d60a96d06.el6 (FEDORA-EPEL-2011-3870)
Library to access Blu-Ray disks for video playback
--------------------------------------------------------------------------------
Update Information:
First EL 6 build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #721124 - Update for EPEL 6
https://bugzilla.redhat.com/show_bug.cgi?id=721124
--------------------------------------------------------------------------------
================================================================================
nntpgrab-0.6.92-1.el6 (FEDORA-EPEL-2011-3840)
Download files from the usenet
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.92 (0.7 beta 3). For the complete list of changes see
http://nntpgrab.nl/projects/nntpgrab/wiki/Version_history
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 20 2011 Erik van Pienbroek <epien...@fedoraproject.org> - 0.6.92-1
- Update to 0.6.92 (0.7 Beta 3)
- Build against gtk3 on Fedora 15 and rawhide
- Dropped upstreamed NetworkManager 0.9 patch
* Sun Mar 27 2011 Christopher Aillon <cail...@redhat.com> - 0.6.91-4
- Rebuild against NetworkManager 0.9
* Tue Feb 8 2011 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.6.91-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-HTTP-Server-Simple-Mason-0.14-3.el6 (FEDORA-EPEL-2011-3841)
HTTP::Server::Simple::Mason Perl module
--------------------------------------------------------------------------------
Update Information:
Update to 0.14.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 8 2011 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Dec 17 2010 Marcela Maslanova <mmasl...@redhat.com> - 0.14-2
- 661697 rebuild for fixing problems with vendorach/lib
* Mon Sep 13 2010 Ralf Corsépius <corse...@fedoraproject.org> - 0.14-1
- Upstream update.
* Sun May 2 2010 Marcela Maslanova <mmasl...@redhat.com> - 0.13-3
- Mass rebuild with perl-5.12.0
* Mon Dec 7 2009 Stepan Kasal <ska...@redhat.com> - 0.13-2
- rebuild against perl 5.10.1
--------------------------------------------------------------------------------
================================================================================
perl-Sys-Hostname-Long-1.4-5.el6 (FEDORA-EPEL-2011-3861)
Try every conceivable way to get full hostname
--------------------------------------------------------------------------------
Update Information:
New package. Perl module that tries every conceivable way to get full hostname.
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework-1.11.9-1.el6 (FEDORA-EPEL-2011-3862)
Leading open-source PHP framework
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.9 fixes some nasty bugs (typos in code, etc.) introduced with
1.11.8
Update to 1.11.8
Unbundled Dojo
Update to 1.11.8
Unbundled Dojo
Added Zend Framework to EPEL Repo
--------------------------------------------------------------------------------
================================================================================
python-anyjson-0.3.1-1.el6 (FEDORA-EPEL-2011-3865)
Wraps the best available JSON implementation available
--------------------------------------------------------------------------------
Update Information:
Python wrapper for JSON
--------------------------------------------------------------------------------
================================================================================
python-celery-2.2.7-3.el6 (FEDORA-EPEL-2011-3847)
Distributed Task Queue
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #722444 - Review Request: python-celery - Distributed Task Queue
https://bugzilla.redhat.com/show_bug.cgi?id=722444
--------------------------------------------------------------------------------
================================================================================
python-importlib-1.0.2-1.el6 (FEDORA-EPEL-2011-3846)
Backport of importlib.import_module() from Python 2.7
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #722427 - Review Request: python-importlib - Backport of
importlib.import_module() from Python 2.7
https://bugzilla.redhat.com/show_bug.cgi?id=722427
--------------------------------------------------------------------------------
================================================================================
python-migrate0.5-0.5.4-1.el6 (FEDORA-EPEL-2011-3843)
Schema migration tools for SQLAlchemy
--------------------------------------------------------------------------------
Update Information:
Minor upstream bugfix
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 15 2011 Toshio Kuratomi <tos...@fedoraproject.org> - 0.5.4-1
- Update to new upstream bugfix release
* Tue Feb 8 2011 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #722665 - python-migrate0.5-0.5.4.tar.gz">sqlalchemy-migrate-0.5.4
is available
https://bugzilla.redhat.com/show_bug.cgi?id=722665
--------------------------------------------------------------------------------
================================================================================
python-oauth2-1.5.170-1.el6 (FEDORA-EPEL-2011-3868)
Python support for improved oauth
--------------------------------------------------------------------------------
Update Information:
Python support for improved oauth
--------------------------------------------------------------------------------
================================================================================
python-unidecode-0.04.7-3.el6 (FEDORA-EPEL-2011-3844)
US-ASCII transliterations of Unicode text
--------------------------------------------------------------------------------
Update Information:
US-ASCII transliterations of Unicode text
--------------------------------------------------------------------------------
================================================================================
python-unidecode-0.04.7-4.el6 (FEDORA-EPEL-2011-3851)
US-ASCII transliterations of Unicode text
--------------------------------------------------------------------------------
Update Information:
mark package as architecture independent
--------------------------------------------------------------------------------
================================================================================
rt3-3.8.10-2.el6.1 (FEDORA-EPEL-2011-3860)
Request tracker 3
--------------------------------------------------------------------------------
Update Information:
Update for CVE-2011-1685, CVE-2011-1686, CVE-2011-1687, CVE-2011-1688,
CVE-2011-1689, CVE-2011-1690
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 3 2011 Xavier Bachelot <xav...@bachelot.org> - 3.8.10-2.1
- Add BR: perl(Digest::SHA).
* Sat Apr 16 2011 Ralf Corsépius <corse...@fedoraproject.org> - 3.8.10-2
- Work-around rpm's depgenerator defect:
Filter Requires: perl(DBIx::SearchBuilder::Handle::).
* Sat Apr 16 2011 Ralf Corsépius <corse...@fedoraproject.org> - 3.8.10-1
- Upstream update.
- Rebase patches.
- Spec cleanup.
* Thu Feb 17 2011 Ralf Corsépius <corse...@fedoraproject.org> - 3.8.9-1
- Upstream update (CVE-2011-0009, BZ 672257).
- Rebase patches.
- Switch to using perl-filters
(Work around broken deps caused by rpm dep-tracker changes).
- Spec file overhaul.
* Wed Feb 9 2011 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 3.8.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Sep 3 2010 Mark Chappell <trem...@fedoraproject.org> - 3.8.8-3.1
- Enable GPG2 for the EPEL build
* Thu Jul 8 2010 Ralf Corsépius <corse...@fedoraproject.org> - 3.8.8-3
- Add COPYING to rt3-mailgate.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #696795 - CVE-2011-1685 CVE-2011-1686 CVE-2011-1687 CVE-2011-1688
CVE-2011-1689 CVE-2011-1690 rt3: several security flaws fixed in 3.6.11, 3.8.10
https://bugzilla.redhat.com/show_bug.cgi?id=696795
--------------------------------------------------------------------------------
================================================================================
rubygem-rhc-0.71.2-2.el6 (FEDORA-EPEL-2011-3876)
OpenShift Express Client Tools
--------------------------------------------------------------------------------
Update Information:
OpenShift Express Client Tools allows you to create and deploy applications to
the cloud.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #716469 - Review Request: rubygem-rhc - Openshift Express Client
Tools
https://bugzilla.redhat.com/show_bug.cgi?id=716469
--------------------------------------------------------------------------------
================================================================================
trac-spamfilter-plugin-0.4.7-0.11.20110716svn10756.el6 (FEDORA-EPEL-2011-3848)
Spam-Filter plugin for Trac
--------------------------------------------------------------------------------
Update Information:
This update to the current subversion snapshot release includes a number of
bugfixes from upstream, plus an enhancement to make it easy to remove user
accounts that submit spam.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 17 2011 Paul Howarth <p...@city-fan.org> - 0.4.7-0.11.20110716svn10756
- Update to current svn snapshot
- Various Blogspam timeout fixes
- Add links to kill spammy users (Upstream #10093)
- Add proper check for Defensio and python < 2.6 (Upstream #10195)
- Add cleanup code to remove obsolete captcha db entries
- Fix issues with different SQL engines (Upstream #10227)
- Fix wrong argument count in log message (Upstream #10264)
- Fix possibly uninitialized value (Upstream #10261)
- No need for %defattr
--------------------------------------------------------------------------------
================================================================================
xml-security-c-1.6.0-2.el6 (FEDORA-EPEL-2011-3858)
C++ Implementation of W3C security standards for XML
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2011-2516: Apache Santuario XML Security for C++
contains buffer overflows signing or verifying with large keys.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 8 2011 Antti Andreimann <antti.andreim...@mail.ee> - 1.6.0-2
- Backported a patch to fix CVE-2011-2516 (#719698)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #719698 - CVE-2011-2516 xml-security-c: Stack-based buffer
overflows when creating or verifying XML Signatures with RSA keys of sizes >=
8192 bits
https://bugzilla.redhat.com/show_bug.cgi?id=719698
--------------------------------------------------------------------------------
_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
