The following Fedora EPEL 6 Security updates need testing:
Age URL
285
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0174/tinymce-spellchecker-2.0.5-6.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0193/couchdb-1.0.4-2.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0194/seamonkey-2.15.1-1.el6
62
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13610/drupal6-ctools-1.10-1.el6
207
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.el6
473
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0123/python-tw2-jquery-2.0.3-5.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0128/php-symfony2-Yaml-2.1.7-1.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0157/proftpd-1.3.3g-2.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0144/zabbix-1.8.16-1.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0170/asterisk-1.8.20.0-1.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0155/zabbix20-2.0.4-3.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0141/drupal7-7.19-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0233/wordpress-3.5.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
drupal7-date_ical-2.3-1.el6
gdb-heap-0.5-9.1.el6
guacd-0.7.0-3.el6
jglobus-2.0.5-0.1.rc2.el6
librcc-0.2.10-2.el6
ovirt-engine-sdk-3.2.0.8-1.el6
php-horde-Horde-Cli-2.0.3-1.el6
php-horde-Horde-Date-2.0.3-1.el6
php-horde-Horde-Support-2.0.3-1.el6
php-horde-Horde-Url-2.1.0-1.el6
vtk-5.8.0-6.el6.1
wordpress-3.5.1-1.el6
Details about builds:
================================================================================
drupal7-date_ical-2.3-1.el6 (FEDORA-EPEL-2013-0228)
Allows creation of an iCal feed in Views
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.3 release
Update to upstream 2.2 release
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #904736 - drupal7-date_ical-2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=904736
[ 2 ] Bug #903583 - drupal7-date_ical-2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=903583
--------------------------------------------------------------------------------
================================================================================
gdb-heap-0.5-9.1.el6 (FEDORA-EPEL-2012-6797)
Extensions to gdb for debugging dynamic memory allocation
--------------------------------------------------------------------------------
Update Information:
gdb-heap built for EPEL 6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #828169 - [RFE:EPEL] Request to add gdb-heap to EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=828169
--------------------------------------------------------------------------------
================================================================================
guacd-0.7.0-3.el6 (FEDORA-EPEL-2013-0235)
Proxy daemon for Guacamole
--------------------------------------------------------------------------------
Update Information:
Enable guacd user/group for daemon
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Simone Caronni <negativ...@gmail.com> - 0.7.0-3
- User creations is for all supported distributions.
* Wed Jan 30 2013 Simone Caronni <negativ...@gmail.com> - 0.7.0-2
- Updated init script according to Fedora template.
https://fedoraproject.org/wiki/Packaging:SysVInitScript?rd=Packaging/SysVInitScript
- Run daemon as guacd user/group.
- Make sure $HOME is set before starting the daemon or the child crashes.
--------------------------------------------------------------------------------
================================================================================
jglobus-2.0.5-0.1.rc2.el6 (FEDORA-EPEL-2013-0231)
Globus Java client libraries
--------------------------------------------------------------------------------
Update Information:
JGlobus version 2.0.5 release candidate 2.
New packages jglobus-myproxy and jglobus-axisg
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 29 2013 Mattias Ellert <mattias.ell...@fysast.uu.se> - 2.0.5-0.1.rc2
- 2.0.5 release candidate 2
- New jglobus-myproxy package
- New jglobus-axisg package
--------------------------------------------------------------------------------
================================================================================
librcc-0.2.10-2.el6 (FEDORA-EPEL-2013-0234)
RusXMMS Charset Conversion Library
--------------------------------------------------------------------------------
Update Information:
new version upstream
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Ivan Romanov <dr...@land.ru> - 0.2.10-2
- el6 hasn't gtk3
* Wed Jan 30 2013 Ivan Romanov <dr...@land.ru> - 0.2.10-1
- updated to 0.2.10
- dropped patches (applied by upstream)
- new -gkt+ and -gtk3 subpackage
--------------------------------------------------------------------------------
================================================================================
ovirt-engine-sdk-3.2.0.8-1.el6 (FEDORA-EPEL-2013-0230)
oVirt Engine Software Development Kit
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.2.0.8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Juan Hernandez <juan.hernan...@redhat.com> - 3.2.0.8-1
- Update to upstream 3.2.0.8
- Fix for #905359
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Cli-2.0.3-1.el6 (FEDORA-EPEL-2013-0238)
Horde Command Line Interface API
--------------------------------------------------------------------------------
Update Information:
Horde_CLI 2.0.3:
* [jan] Update French translation (Paul De Vlieger).
Horde_Date 2.0.3:
* [jan] Update French translation (Paul De Vlieger).
* [jan] Fix error: DateTime::__construct(): Failed to parse time string
(-001-11-01).
* [jan] Catch DateTime exception in Horde_Date_Utils:daysInMonth() (Bug #11916).
Horde_Support 2.0.3:
* [mms] Fix detection of sys_getloadavg() on Windows (Bug #11972).
Horde_Url 2.1.0:
* [mms] Add Horde_Url_Data class.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Remi Collet <r...@fedoraproject.org> - 2.0.3-1
- Update to 2.0.3
- fix files listed twice
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Date-2.0.3-1.el6 (FEDORA-EPEL-2013-0238)
Horde Date package
--------------------------------------------------------------------------------
Update Information:
Horde_CLI 2.0.3:
* [jan] Update French translation (Paul De Vlieger).
Horde_Date 2.0.3:
* [jan] Update French translation (Paul De Vlieger).
* [jan] Fix error: DateTime::__construct(): Failed to parse time string
(-001-11-01).
* [jan] Catch DateTime exception in Horde_Date_Utils:daysInMonth() (Bug #11916).
Horde_Support 2.0.3:
* [mms] Fix detection of sys_getloadavg() on Windows (Bug #11972).
Horde_Url 2.1.0:
* [mms] Add Horde_Url_Data class.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Remi Collet <r...@fedoraproject.org> - 2.0.3-1
- Update to 2.0.3
- add option to run tests
- install only locales from upstream list
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Support-2.0.3-1.el6 (FEDORA-EPEL-2013-0238)
Horde support package
--------------------------------------------------------------------------------
Update Information:
Horde_CLI 2.0.3:
* [jan] Update French translation (Paul De Vlieger).
Horde_Date 2.0.3:
* [jan] Update French translation (Paul De Vlieger).
* [jan] Fix error: DateTime::__construct(): Failed to parse time string
(-001-11-01).
* [jan] Catch DateTime exception in Horde_Date_Utils:daysInMonth() (Bug #11916).
Horde_Support 2.0.3:
* [mms] Fix detection of sys_getloadavg() on Windows (Bug #11972).
Horde_Url 2.1.0:
* [mms] Add Horde_Url_Data class.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Remi Collet <r...@fedoraproject.org> - 2.0.3-1
- Update to 2.0.3
- add option to run tests
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Url-2.1.0-1.el6 (FEDORA-EPEL-2013-0238)
Horde Url class
--------------------------------------------------------------------------------
Update Information:
Horde_CLI 2.0.3:
* [jan] Update French translation (Paul De Vlieger).
Horde_Date 2.0.3:
* [jan] Update French translation (Paul De Vlieger).
* [jan] Fix error: DateTime::__construct(): Failed to parse time string
(-001-11-01).
* [jan] Catch DateTime exception in Horde_Date_Utils:daysInMonth() (Bug #11916).
Horde_Support 2.0.3:
* [mms] Fix detection of sys_getloadavg() on Windows (Bug #11972).
Horde_Url 2.1.0:
* [mms] Add Horde_Url_Data class.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Remi Collet <r...@fedoraproject.org> - 2.1.0-1
- Update to 2.1.0
- add option to run tests
--------------------------------------------------------------------------------
================================================================================
vtk-5.8.0-6.el6.1 (FEDORA-EPEL-2013-0232)
The Visualization Toolkit - A high level 3D visualization library
--------------------------------------------------------------------------------
Update Information:
Make vtk not require vtk-devel
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 29 2013 Orion Poplawski <or...@cora.nwra.com> - 5.8.0-6.1
- Add patch to add soname to libvtkNetCDF_cxx
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #905399 - vtk pulls in vtk-devel as a dependency
https://bugzilla.redhat.com/show_bug.cgi?id=905399
--------------------------------------------------------------------------------
================================================================================
wordpress-3.5.1-1.el6 (FEDORA-EPEL-2013-0233)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance
release of 3.5, fixing 37 bugs. It is also a security release for all previous
WordPress versions. Which include:
* Editor: Prevent certain HTML elements from being unexpectedly removed or
modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new
media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video
embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in
the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or
user APIs.
WordPress 3.5.1 also addresses the following security issues:
* A server-side request forgery vulnerability and remote port scanning using
pingbacks. This vulnerability, which could potentially be used to expose
information and compromise a site, affects all previous WordPress versions.
This was fixed by the WordPress security team. We’d like to thank security
researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
* Two instances of cross-site scripting via shortcodes and post content. These
issues were discovered by Jon Cave of the WordPress security team.
* A cross-site scripting vulnerability in the external library Plupload. Thanks
to the Moxiecode team for working with us on this, and for releasing Plupload
1.5.5 to address this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Remi Collet <rcol...@redhat.com> - 3.5.1-1
- version 3.5.1, various bug and security fixes:
CVE-2013-0235, CVE-2013-0236 and CVE-2013-0237
- drop -f option from rm to break build if
upstream archive content change
- protect akismet content (from upstream .htaccess)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #904120 - CVE-2013-0235 wordpress: Server-side request forgery and
remote port scanning using pingbacks
https://bugzilla.redhat.com/show_bug.cgi?id=904120
[ 2 ] Bug #904121 - wordpress: XSS flaws via shortcodes and HTTP POST content
https://bugzilla.redhat.com/show_bug.cgi?id=904121
[ 3 ] Bug #904122 - wordpress: XSS in the external Plupload library
https://bugzilla.redhat.com/show_bug.cgi?id=904122
--------------------------------------------------------------------------------
_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
