The following Fedora EPEL 6 Security updates need testing:
Age URL
471
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
60
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6090/ssmtp-2.61-20.el6
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10916/ghc-xmonad-contrib-0.10-7.1.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10980/perl-Proc-ProcessTable-0.48-1.el6
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11042/ReviewBoard-1.7.12-1.el6,python-djblets-0.7.16-1.el6
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11090/zabbix20-2.0.6-3.el6
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11080/python-keystoneclient-0.2.0-3.el6
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11100/v8-3.14.5.10-2.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11113/zabbix-1.8.17-2.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11106/libzrtpcpp-3.2.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
calamaris-2.59-10.el6
createrepo_c-0.2.0-1.el6
drbdlinks-1.23-1.el6
libzrtpcpp-3.2.1-1.el6
mysql-utilities-1.3.4-1.el6
perl-Test-UseAllModules-0.14-5.el6
python-tahrir-0.2.9-1.el6
zabbix-1.8.17-2.el6
Details about builds:
================================================================================
calamaris-2.59-10.el6 (FEDORA-EPEL-2013-11104)
Squid native log format (NLF) analyzer and report generator
--------------------------------------------------------------------------------
Update Information:
Added patch to avoid warnings with perl >= 5.12
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 3 2013 Robert Scheck <[email protected]> 2.59-10
- Added patch to avoid warnings with perl >= 5.12 (#970990)
* Sat Aug 3 2013 Fedora Release Engineering <[email protected]>
- 2.59-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <[email protected]> - 2.59-8
- Perl 5.18 rebuild
* Wed Feb 13 2013 Fedora Release Engineering <[email protected]>
- 2.59-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jul 18 2012 Fedora Release Engineering <[email protected]>
- 2.59-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <[email protected]>
- 2.59-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb 8 2011 Fedora Release Engineering <[email protected]>
- 2.59-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #970990 - Skript /usr/bin/calamaris uses deprecated syntax
https://bugzilla.redhat.com/show_bug.cgi?id=970990
--------------------------------------------------------------------------------
================================================================================
createrepo_c-0.2.0-1.el6 (FEDORA-EPEL-2013-11107)
Creates a common metadata repository
--------------------------------------------------------------------------------
Update Information:
Update to 0.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 5 2013 Tomas Mlcoch <tmlcoch at redhat.com> - 0.2.0-1
- Speedup (More parallelization)
- Changed C API
- Add python bindings
- A lot of bugfixes
- Add new make targets: tests (make tests - builds c tests) and test
(make test - runs c and python test suits).
- Changed interface of most of C modules - Better error reporting
(Add GError ** param).
- Experimental Python bindings (Beware: The interface is not final yet!).
- package: Add cr_package_copy method.
- sqlite: Do not recreate tables and triggers while opening existing db.
- mergerepo_c: Implicitly use --all with --koji.
- Man page update.
* Thu Apr 11 2013 Tomas Mlcoch <tmlcoch at redhat.com> - 0.1.17-3
- mergerepo_c: Add --simple-md-filenames and --unique-md-filenames
options. (RhBug: 950994)
- mergerepo_c: Always include noarch while mimic koji
mergerepos. (RhBug: 950991)
- Rename cr_package_parser_shutdown to cr_package_parser_cleanup()
- cr_db_info_update is now safe from sqlinjection.
--------------------------------------------------------------------------------
================================================================================
drbdlinks-1.23-1.el6 (FEDORA-EPEL-2013-11102)
A program for managing links into a DRBD shared partition
--------------------------------------------------------------------------------
Update Information:
Upstream changes:
* Produce warning if copying symlinks in "initialize_shared_storage"
(suggested by Alan Robertson)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 4 2013 Robert Scheck <[email protected]> 1.23-1
- Upgrade to 1.23
* Sat Aug 3 2013 Fedora Release Engineering <[email protected]>
- 1.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <[email protected]>
- 1.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libzrtpcpp-3.2.1-1.el6 (FEDORA-EPEL-2013-11106)
ZRTP support library for the GNU ccRTP stack
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 ( and
https://bugzilla.redhat.com/show_bug.cgi?id=980904 and 980905)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 5 2013 Manuel "lonely wolf" Wolfshant <[email protected]> -
3.2.1-1
- new upstream version
- Fixes CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 and consequently
https://bugzilla.redhat.com/show_bug.cgi?id=980905
* Thu Feb 14 2013 Fedora Release Engineering <[email protected]>
- 2.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Nov 21 2012 Kevin Fenzi <[email protected]> 2.3.2-1
- Update to 2.3.2
* Thu Jul 19 2012 Fedora Release Engineering <[email protected]>
- 2.1.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Feb 28 2012 Fedora Release Engineering <[email protected]>
- 2.1.2-2
- Rebuilt for c++ ABI breakage
* Fri Feb 24 2012 Alexey Kurov <[email protected]> - 2.1.2-1
- Update to 2.1.2
- drop upstreamed 64-bit patch
- visibility issue fixed in upstream
* Thu Feb 23 2012 Alexey Kurov <[email protected]> - 2.1.1-2
- Workaround for -fvisibility=hidden from commoncpp.pc
* Wed Feb 22 2012 Alexey Kurov <[email protected]> - 2.1.1-1
- Update to 2.1.1
- Updated URL
* Tue Feb 21 2012 Dan Horák <dan[at]danny.cz> - 2.0.0-2
- fix build on 64-bit arches
* Sun Jan 22 2012 Kevin Fenzi <[email protected]> - 2.0.0-1
- Update to 2.0.0
* Fri Jan 13 2012 Fedora Release Engineering <[email protected]>
- 1.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb 8 2011 Fedora Release Engineering <[email protected]>
- 1.4.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #980894 - CVE-2013-2221 libzrtpcpp: Heap-based buffer overflow when
processing overly-large ZRTP packets
https://bugzilla.redhat.com/show_bug.cgi?id=980894
--------------------------------------------------------------------------------
================================================================================
mysql-utilities-1.3.4-1.el6 (FEDORA-EPEL-2013-11112)
MySQL Utilities
--------------------------------------------------------------------------------
Update Information:
First GA release
Release 1.3.4 (Released July 18, 2013)
- BUG#17064771: Add platform name and version to deb package.
Changes from 1.2.5
- BUG#12889758: use db pattern for --exclude in mysqldbcopy and mysqldbexport
- BUG#13103450: mysqldbimport fails to import sakila database
- BUG#13577018: mysqluserclone silently ignores destination, if not needed
- BUG#13773197: mysqlserverclone complains it can't find mysqld
- BUG#16003529: The test import_rpl runs inconsistently on windows
- BUG#16005010: Test failover does not run consistently on windows
- BUG#16900862: mysqlindexcheck not finding all redundancies
- BUG#16918106: let mysqlfailover run as daemon
- BUG#17019115: mysqluc search "error" string instead of check return code
- BUG#17062943: query failed error in mysqldiff
- BUG#17086766: MUT is unable to run in Jenkins
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 5 2013 Remi Collet <[email protected]> - 1.3.4-1
- update to 1.3.4 GA
--------------------------------------------------------------------------------
================================================================================
perl-Test-UseAllModules-0.14-5.el6 (FEDORA-EPEL-2013-11110)
Do use_ok() for all the MANIFESTed modules
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL release of perl-Test-UseAllModules.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #739935 - Review Request: perl-Test-UseAllModules - Do use_ok() for
all the MANIFESTed modules
https://bugzilla.redhat.com/show_bug.cgi?id=739935
--------------------------------------------------------------------------------
================================================================================
python-tahrir-0.2.9-1.el6 (FEDORA-EPEL-2013-11103)
A pyramid app for issuing your own Open Badges
--------------------------------------------------------------------------------
Update Information:
Limit relative leaderboard. Emit fedmsg messages.
Misc bugfixes.
Users can opt out.
Websockets on the frontpage.
More facelifting.
More cosmetic surgery.
Facelift marathon.
Massive facelift.
Use forward compat sqlalchemy.
Reorganize avatars around openid.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 5 2013 Ralph Bean <[email protected]> - 0.2.9-1
- Limit the relative leaderboard to only 5 people instead of 10.
- Emit fedmsg messages when invitations are claimed.
* Thu Aug 1 2013 Ralph Bean <[email protected]> - 0.2.8-1
- Fix a login user-creation bug.
- Fix trailing comma on tags.
- Fix trailing slash on emails.
* Thu Aug 1 2013 Ralph Bean <[email protected]> - 0.2.7-1
- Reorganize avatars around openid identifiers for ease-of-use.
* Tue Jul 30 2013 Ralph Bean <[email protected]> - 0.2.6-1
- More facelifting.
- Ability for users to opt-out.
* Thu Jul 18 2013 Ralph Bean <[email protected]> - 0.2.5-3
- Remove version constraint on python-moksha-wsgi. It is behaving oddly.
* Thu Jul 18 2013 Ralph Bean <[email protected]> - 0.2.5-2
- python-dateutil is singular, not plural.
* Thu Jul 18 2013 Ralph Bean <[email protected]> - 0.2.5-1
- More facelifting.
- Websocket updates for the frontpage.
* Tue Jul 16 2013 Ralph Bean <[email protected]> - 0.2.3-2
- Added requirement on python-docutils.
* Tue Jul 16 2013 Ralph Bean <[email protected]> - 0.2.3-1
- Latest upstream with more botox.
* Thu Jul 11 2013 Ralph Bean <[email protected]> - 0.2.2-2
- Added requirement for python-dogpile-cache
* Wed Jul 10 2013 Ralph Bean <[email protected]> - 0.2.2-1
- Latest upstream with more cosmetic surgery.
* Wed Jul 3 2013 Ralph Bean <[email protected]> - 0.2.1-1
- Remove old patch (shipped with upstream now).
- More facelift stuff in progress.
* Mon Jul 1 2013 Ralph Bean <[email protected]> - 0.2.0-2
- Add requirement on python-qrcode.
* Wed Jun 26 2013 Ralph Bean <[email protected]> - 0.2.0-1
- Massive facelift.
* Thu Jun 13 2013 Ralph Bean <[email protected]> - 0.1.9-3
- Conditionalize sqlalchemy forward compat package for epel6.
--------------------------------------------------------------------------------
================================================================================
zabbix-1.8.17-2.el6 (FEDORA-EPEL-2013-11113)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
This update solves a security issue involving the use of libcurl in the code
used to access the eztexting service. It potentially allows for
man-in-the-middle attacks. The issue was described as CVE-2012-6086.
Please refer to https://support.zabbix.com/browse/ZBX-5924 for details!
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 4 2013 Volker Fröhlich <[email protected]> - 1.8.17-2
- Backport fix for CVE-2012-6086
* Fri Jul 26 2013 Volker Fröhlich <[email protected]> - 1.8.17-1
- New upstream release
- Shorten spec file changelog
- Remove patch for ZBX-6097
* Thu Jan 17 2013 Volker Fröhlich <[email protected]> - 1.8.16-2
- Patch for CVE-2013-1364
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #892688 - CVE-2012-6086 zabbix: Improper use of cURL API might lead
to improper SSL certificate verification (MiTM) [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=892688
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
