The following Fedora EPEL 6 Security updates need testing:
Age URL
243
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
28
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13537/claws-mail-3.9.0-1.el6,claws-mail-plugins-3.9.0-2.el6
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13733/v8-3.13.7.5-1.el6
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13740/pcp-3.6.10-2.el6
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13787/Django14-1.4.2-3.el6
66
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13172/ssmtp-2.61-19.el6
66
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13176/icecast-2.3.3-1.el6
19
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13610/drupal6-ctools-1.10-1.el6
165
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.el6
431
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13786/fail2ban-0.8.8-1.el6
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13784/openstack-nova-2012.2.2-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13828/drupal6-6.27-1.el6,drupal7-7.18-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
asterisk-1.8.19.0-1.el6
drupal6-6.27-1.el6
drupal7-7.18-1.el6
globus-common-14.9-1.el6
globus-core-8.9-2.el6
globus-gram-job-manager-13.51-1.el6
globus-gram-job-manager-condor-1.4-1.el6
globus-gram-job-manager-pbs-1.6-1.el6
globus-gram-job-manager-sge-1.5-2.el6
globus-gridftp-server-6.16-1.el6
globus-gsi-callback-4.4-1.el6
globus-scheduler-event-generator-4.7-1.el6
globus-simple-ca-3.2-1.el6
grid-packaging-tools-3.6.3-1.el6
lcm-0.9.2-1.el6
ldns-1.6.16-1.el6
libnetfilter_acct-1.0.0-2.el6
php-horde-Horde-Constraint-2.0.1-2.el6
php-horde-Horde-Log-2.0.1-2.el6
php-horde-Horde-Role-1.0.1-1.el6
php-horde-Horde-Scribe-2.0.1-1.el6
php-horde-Horde-Thrift-2.0.1-2.el6
python-webtest1.3-1.3.4-4.el6
rubygem-mixlib-shellout-1.1.0-4.el6
salt-0.11.1-1.el6
zanata-python-client-1.3.13-1.el6
Details about builds:
================================================================================
asterisk-1.8.19.0-1.el6 (FEDORA-EPEL-2012-13821)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced the release of Asterisk 1.8.19.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.19.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent resetting of NATted realtime peer address on reload.
(Closes issue ASTERISK-18203. Reported by daren ferreira)
* --- Do not use a FILE handle when doing SIP TCP reads.
(Closes issue ASTERISK-20212. Reported by Phil Ciccone)
* --- Fix execution of 'i' extension due to uninitialized variable.
(Closes issue ASTERISK-20455. Reported by Richard Miller)
* --- Ensure that the Queue application tracks busy members in off
nominal situations
(Closes issue ASTERISK-20623. Reported by Bryan Walters)
* --- Properly extract the Body information of an EWS calendar item
(Closes issue ASTERISK-19738. Reported by Dmitry Burilov)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.19.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 19 2012 Jeffrey Ollie <j...@ocjtech.us> - 1.8.19.0-1:
- The Asterisk Development Team has announced the release of Asterisk 1.8.19.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.19.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Prevent resetting of NATted realtime peer address on reload.
- (Closes issue ASTERISK-18203. Reported by daren ferreira)
-
- * --- Do not use a FILE handle when doing SIP TCP reads.
- (Closes issue ASTERISK-20212. Reported by Phil Ciccone)
-
- * --- Fix execution of 'i' extension due to uninitialized variable.
- (Closes issue ASTERISK-20455. Reported by Richard Miller)
-
- * --- Ensure that the Queue application tracks busy members in off
- nominal situations
- (Closes issue ASTERISK-20623. Reported by Bryan Walters)
-
- * --- Properly extract the Body information of an EWS calendar item
- (Closes issue ASTERISK-19738. Reported by Dmitry Burilov)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.19.0
* Fri Dec 7 2012 Jeffrey Ollie <j...@ocjtech.us> - 1.8.18.1-1:
- The Asterisk Development Team has announced the release of Asterisk 1.8.18.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.18.1 resolves an issue reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is the issue resolved in this release:
-
- * --- chan_local: Fix local_pvt ref leak in local_devicestate().
- (Closes issue ASTERISK-20769. Reported by rmudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.18.1
--------------------------------------------------------------------------------
================================================================================
drupal6-6.27-1.el6 (FEDORA-EPEL-2012-13828)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
Upstream Drupal has reported SA-CORE-2012-004 [1] which corrects multiple
vulnerabilities:
1) Access bypass (User module search - Drupal 6 and 7)
2) Access bypass (Upload module - Drupal 6)
3) Arbitrary PHP code execution (File upload modules - Drupal 6 and 7)
CVEs have been requested and are not yet assigned.
These flaws have been fixed in Drupal 6.27 and 7.18.
[1] http://drupal.org/SA-CORE-2012-004
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 20 2012 Jon Ciesla <limburg...@gmail.com> - 6.27-1
- 6.27.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #888990 - CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 drupal:
multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004)
https://bugzilla.redhat.com/show_bug.cgi?id=888990
--------------------------------------------------------------------------------
================================================================================
drupal7-7.18-1.el6 (FEDORA-EPEL-2012-13828)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
Upstream Drupal has reported SA-CORE-2012-004 [1] which corrects multiple
vulnerabilities:
1) Access bypass (User module search - Drupal 6 and 7)
2) Access bypass (Upload module - Drupal 6)
3) Arbitrary PHP code execution (File upload modules - Drupal 6 and 7)
CVEs have been requested and are not yet assigned.
These flaws have been fixed in Drupal 6.27 and 7.18.
[1] http://drupal.org/SA-CORE-2012-004
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 20 2012 Jon Ciesla <limburg...@gmail.com> - 7.18-1
- 7.18.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #888990 - CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 drupal:
multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004)
https://bugzilla.redhat.com/show_bug.cgi?id=888990
--------------------------------------------------------------------------------
================================================================================
globus-common-14.9-1.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - Common Library
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 14.9-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------
================================================================================
globus-core-8.9-2.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - Globus Core
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 8.9-2
- Fix globus-spec-creator for TexLive 2012 (Fedora 18+)
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-13.51-1.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - GRAM Jobmanager
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 13.51-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-condor-1.4-1.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - Condor Job Manager Support
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 1.4-1
- Update to Globus Toolkit 5.2.3
* Thu Jul 19 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun 8 2012 Petr Pisar <ppi...@redhat.com> - 1.3-2
- Perl 5.16 rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-pbs-1.6-1.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - PBS Job Manager Support
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 1.6-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-sge-1.5-2.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - Grid Engine Job Manager Support
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 1.5-2
- Specfile clean-up
--------------------------------------------------------------------------------
================================================================================
globus-gridftp-server-6.16-1.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 6.16-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------
================================================================================
globus-gsi-callback-4.4-1.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - Globus GSI Callback Library
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 4.4-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------
================================================================================
globus-scheduler-event-generator-4.7-1.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - Scheduler Event Generator
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 4.7-1
- Update to Globus Toolkit 5.2.3
* Thu Jul 19 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-simple-ca-3.2-1.el6 (FEDORA-EPEL-2012-13812)
Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 7 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 3.2-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------
================================================================================
grid-packaging-tools-3.6.3-1.el6 (FEDORA-EPEL-2012-13812)
Grid Packaging Tools (GPT)
--------------------------------------------------------------------------------
Update Information:
Update to Globus Toolkit 5.2.3.
See the release notes for details:
http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 6 2012 Mattias Ellert <mattias.ell...@fysast.uu.se> - 3.6.3-1
- Update to version 3.6.3
* Thu Jul 19 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 3.6.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun 8 2012 Petr Pisar <ppi...@redhat.com> - 3.6.2-2
- Perl 5.16 rebuild
--------------------------------------------------------------------------------
================================================================================
lcm-0.9.2-1.el6 (FEDORA-EPEL-2012-13831)
Utilities for lightweight communications and marshaling
--------------------------------------------------------------------------------
Update Information:
This update fixes several issues; There has been one major change upstream, jar
versioned link is no longer created by upstream, so we start doing it on
install section.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 19 2012 Nelson Marques <nmarq...@fedoraproject.org> - 0.9.2-1
- Update to 0.9.2
- Upstream doesn't create the .jar versioned link, we do it on install
* Thu Jul 19 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.9.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ldns-1.6.16-1.el6 (FEDORA-EPEL-2012-13823)
Lowlevel DNS(SEC) library with API
--------------------------------------------------------------------------------
Update Information:
Addresses bug in 1.6.14 and 1.6.15 that affects opendnssec
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 19 2012 Paul Wouters <pwout...@redhat.com> - 1.6.16-1
- Upgraded to 1.6.16
- The 1.6.15 was also pulled by upstream (we never pushed it)
--------------------------------------------------------------------------------
================================================================================
libnetfilter_acct-1.0.0-2.el6 (FEDORA-EPEL-2012-13817)
A library providing interface to extended accounting infrastructure
--------------------------------------------------------------------------------
Update Information:
New package: A library providing interface to extended netfilter accounting
infrastructure.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #848990 - Review Request: libnetfilter_acct - A library providing
interface to extended accounting infrastructure
https://bugzilla.redhat.com/show_bug.cgi?id=848990
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Constraint-2.0.1-2.el6 (FEDORA-EPEL-2012-13826)
Horde Constraint library
--------------------------------------------------------------------------------
Update Information:
Update to latest Horde version
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Log-2.0.1-2.el6 (FEDORA-EPEL-2012-13826)
Horde Logging library
--------------------------------------------------------------------------------
Update Information:
Update to latest Horde version
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Role-1.0.1-1.el6 (FEDORA-EPEL-2012-13830)
PEAR installer role used to install Horde components
--------------------------------------------------------------------------------
Update Information:
This package provides a method for PEAR to install Horde components into the
base Horde installation.
System default Horde installation directory is /usr/share/horde.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #873408 - Review Request: php-horde-Horde-Role - PEAR installer
role used to install Horde components
https://bugzilla.redhat.com/show_bug.cgi?id=873408
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Scribe-2.0.1-1.el6 (FEDORA-EPEL-2012-13820)
Scribe
--------------------------------------------------------------------------------
Update Information:
Packaged version of the PHP Scribe client.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #873396 - Review Request: php-horde-Horde-Scribe - Scribe
https://bugzilla.redhat.com/show_bug.cgi?id=873396
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Thrift-2.0.1-2.el6 (FEDORA-EPEL-2012-13819)
Thrift
--------------------------------------------------------------------------------
Update Information:
Packaged version of the PHP Thrift client
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #873395 - Review Request: php-horde-Horde-Thrift - Thrift
https://bugzilla.redhat.com/show_bug.cgi?id=873395
--------------------------------------------------------------------------------
================================================================================
python-webtest1.3-1.3.4-4.el6 (FEDORA-EPEL-2012-13827)
Helper to test WSGI applications
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #884855 - Review Request: python-webtest1.3 - Helper to test WSGI
applications
https://bugzilla.redhat.com/show_bug.cgi?id=884855
--------------------------------------------------------------------------------
================================================================================
rubygem-mixlib-shellout-1.1.0-4.el6 (FEDORA-EPEL-2012-13813)
Run external commands on Unix or Windows
--------------------------------------------------------------------------------
Update Information:
New package: a Ruby mixin for running external commands
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #823337 - Review Request: rubygem-mixlib-shellout - mixin for
running external commands
https://bugzilla.redhat.com/show_bug.cgi?id=823337
--------------------------------------------------------------------------------
================================================================================
salt-0.11.1-1.el6 (FEDORA-EPEL-2012-13825)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
updated to 0.11.1 for security vulnerability fix
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 14 2012 Clint Savage <her...@gmail.com> - 0.11.1-1
- Upstream patch release 0.11.1
- Fixes security vulnerability (https://github.com/saltstack/salt/issues/2916)
* Fri Dec 14 2012 Clint Savage <her...@gmail.com> - 0.11.0-1
- Moved to upstream release 0.11.0
* Wed Dec 5 2012 Mike Chesnut <mches...@gmail.com> - 0.10.5-2
- moved to upstream release 0.10.5
- removing references to minion.template and master.template, as those files
have been removed from the repo
--------------------------------------------------------------------------------
================================================================================
zanata-python-client-1.3.13-1.el6 (FEDORA-EPEL-2012-13811)
Python Client for Zanata Server
--------------------------------------------------------------------------------
Update Information:
- Use dict instead of nested loop
- Ensure that msgstr_plural is always set for plural strings
- Rename message to poentry for consistency
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 21 2012 Sean Flanigan <sflan...@redhat.com> - 1.3.13-1
- Use dict instead of nested loop
- Ensure that msgstr_plural is always set for plural strings
- Rename message to poentry for consistency
--------------------------------------------------------------------------------
_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
