The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 207  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
  14  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13367/seamonkey-2.13.2-1.el6
   5  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13432/weechat-0.3.8-3.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13477/cgit-0.9.1-1.el6
  33  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13155/cobbler-2.4.0-beta2.el6
  10  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13222/xlockmore-5.40-4.el6
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13442/roundup-1.4.20-1.el6
  31  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13172/ssmtp-2.61-19.el6
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13088/python-django-horizon-2012.2-4.el6,openstack-utils-2012.2-6.el6,python-websockify-0.2.0-1.el6,novnc-0.4-2.el6,openstack-nova-2012.2-2.el6,openstack-cinder-2012.2-3.el6,python-django-openstack-auth-1.0.2-3.el6,python-cinderclient-0.2.26-1.el6,python-novaclient-2.9.0-1.el6,openstack-quantum-2012.2-2.el6,python-quantumclient-2.1.1-0.el6,python-prettytable-0.6.1-1.el6,openstack-glance-2012.2-3.el6,python-glanceclient-0.5.1-1.el6,openstack-keystone-2012.2-4.el6,python-keystoneclient-0.1.3.27-1.el6
  31  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13176/icecast-2.3.3-1.el6
 130  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13478/mod_security-2.7.1-3.el6,mod_security_crs-2.2.6-3.el6
 395  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    cgit-0.9.1-1.el6
    mod_security-2.7.1-3.el6
    mod_security_crs-2.2.6-3.el6
    qemu-1.2.0-19.el6.1

Details about builds:


================================================================================
 cgit-0.9.1-1.el6 (FEDORA-EPEL-2012-13477)
 A fast web interface for git
--------------------------------------------------------------------------------
Update Information:

Update to new upsteam version with 2 security fixes, enhancements and misc 
other bug fixes. See 
http://git.zx2c4.com/cgit/commit/?id=a6a932e198e8b6b564d7a4bb43e78078d8296026 
for details.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 15 2012 Kevin Fenzi <ke...@scrye.com> 0.9.1-1
- Update to 0.9.1
- Fixes bug #870714 - CVE-2012-4548
- Fixes bug #820733 - CVE-2012-4465
* Wed Jul 18 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 0.9.0.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 0.9.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #870714 - CVE-2012-4548 cgit: syntax-highlighting.sh command 
injection [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=870714
  [ 2 ] Bug #820733 - avoid stack-smash when processing unusual commit 
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=820733
--------------------------------------------------------------------------------


================================================================================
 mod_security-2.7.1-3.el6 (FEDORA-EPEL-2012-13478)
 Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:

- Update to 2.7.1
- Update Core rules set to 2.2.6
- Fix build against libxml2 >= 2.9 (upstreamed)
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ 
#867424, #867773, #867774)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 15 2012 Athmane Madjoudj <athm...@fedoraproject.org> 2.7.1-3
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
  (RHBZ #867424, #867773, #867774)
* Thu Nov 15 2012 Athmane Madjoudj <athm...@fedoraproject.org> 2.7.1-2
- Fix mod_security.conf
* Thu Nov 15 2012 Athmane Madjoudj <athm...@fedoraproject.org> 2.7.1-1
- Update to 2.7.1
- Remove libxml2 build patch (upstreamed)
- Update spec since upstream moved to github
* Thu Oct 18 2012 Athmane Madjoudj <athm...@fedoraproject.org> 2.7.0-2
- Add a patch to fix failed build against libxml2 >= 2.9.0
* Wed Oct 17 2012 Athmane Madjoudj <athm...@fedoraproject.org> 2.7.0-1
- Update to 2.7.0
* Fri Sep 28 2012 Athmane Madjoudj <athm...@fedoraproject.org> 2.6.8-1
- Update to 2.6.8
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #867424 - CVE-2012-4528 mod_security: multipart/invalid part 
ruleset bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=867424
--------------------------------------------------------------------------------


================================================================================
 mod_security_crs-2.2.6-3.el6 (FEDORA-EPEL-2012-13478)
 ModSecurity Rules
--------------------------------------------------------------------------------
Update Information:

- Update to 2.7.1
- Update Core rules set to 2.2.6
- Fix build against libxml2 >= 2.9 (upstreamed)
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ 
#867424, #867773, #867774)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 17 2012 Athmane Madjoudj <athm...@fedoraproject.org> 2.2.6-3
- Remove the patch since we're requiring mod_security >= 2.7.0
- Require mod_security >= 2.7.0
* Mon Oct  1 2012 Athmane Madjoudj <athm...@fedoraproject.org> 2.2.6-2
- Add a patch to fix incompatible rules.
- Update to new git release
* Sat Sep 15 2012 Athmane Madjoudj <athm...@fedoraproject.org> 2.2.6-1
- Update to 2.2.6
- Update spec file since upstream moved to Github.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #867424 - CVE-2012-4528 mod_security: multipart/invalid part 
ruleset bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=867424
--------------------------------------------------------------------------------


================================================================================
 qemu-1.2.0-19.el6.1 (FEDORA-EPEL-2012-13479)
 QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:

This update brings QEMU, the machine emulator, to EPEL for Enterprise Linux 6.

Parts of QEMU (KVM for x86 with basic hardware emulation support, imaging 
utilities, guest agent in particular) and are shipped with Enterprise Linux for 
x86_64 architecture. EPEL packages can't conflict with or replace packages 
shipped with Enterprise Linux, and thus on x86_64 architecture this package 
supplements what's already shipped with the distribution.
--------------------------------------------------------------------------------


_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list

Reply via email to