The following Fedora EPEL 6 Security updates need testing:
Age URL
494
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11175/php-symfony2-HttpFoundation-2.2.5-1.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-3.7.3-1.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11194/cacti-0.8.8b-1.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11183/php-symfony2-Validator-2.2.5-1.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11187/libzrtpcpp-3.2.1-2.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11222/seamonkey-2.20-1.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11195/chrony-1.25-3.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11179/libtommath-0.42.0-2.el6,libtomcrypt-1.17-20.el6
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11250/Django14-1.4.6-1.el6
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11245/python-virtualenv-1.10.1-1.el6
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11257/drupal7-entity-1.2-1.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11301/drupal7-theme-zen-5.4-1.el6
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11327/php-pear-Auth-OpenID-2.2.2-7.el6
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11330/ngircd-20.3-1.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11311/roundcubemail-0.9.3-2.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11339/lighttpd-1.4.32-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11385/nagios-3.5.0-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
MUMPS-4.10.0-14.el6
fail2ban-0.8.10-3.el6
freetiger-5-2.el6
fts-monitoring-3.1.1-1.el6
glite-px-proxyrenewal-1.3.34-1.el6
nagios-3.5.0-2.el6
nodejs-commander-1.2.0-5.el6
nodejs-connect-2.8.5-1.el6
nodejs-express-3.3.5-1.el6
nodejs-fresh-0.2.0-1.el6
nodejs-keypress-0.2.1-1.el6
nodejs-minimist-0.0.1-2.el6
nodejs-send-0.1.4-1.el6
perl-Net-SSH-Expect-1.09-7.el6
php-bartlett-PHP-CompatInfo-2.22.0-1.el6
quassel-0.9.0-1.el6
savanna-image-elements-0.3-0.2.88511begit.el6
Details about builds:
================================================================================
MUMPS-4.10.0-14.el6 (FEDORA-EPEL-2013-11374)
A MUltifrontal Massively Parallel sparse direct Solver
--------------------------------------------------------------------------------
Update Information:
Defined which version of MUMPS-* subpackages are obsolete (bz#993574)
- Obsolete packages are now versioned (bz#993574)
- Adding redefined _pkgdocdir macro for earlier Fedora versions to conform this
spec with 'F-20 unversioned docdir' change (bz#993984)
- Conform to MPI Guidelines
- Old MUMPS packages are now obsoletes
Update to conform MUMPS packaging to MPI Guidelines.
- Conform to MPI Guidelines
- Old MUMPS packages are now obsoletes
Update to conform MUMPS packaging to MPI Guidelines.
- Conform to MPI Guidelines
- Old MUMPS packages are now obsoletes
Update to conform MUMPS packaging to MPI Guidelines.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Antonio Trande <[email protected]> - 4.10.0-14
- 'blacs-openmpi-devel' request unversioned
- Defined which version of MUMPS-doc package is obsolete
* Wed Aug 7 2013 Antonio Trande <[email protected]> - 4.10.0-13
- Obsolete packages are now versioned (bz#993574)
- Adding redefined _pkgdocdir macro for earlier Fedora versions to conform
this spec with 'F-20 unversioned docdir' change (bz#993984)
* Mon Jul 29 2013 Antonio Trande <[email protected]> - 4.10.0-12
- Old MUMPS subpackages are now obsoletes
* Sat Jul 27 2013 Antonio Trande <[email protected]> - 4.10.0-11
- Added new macros for 'openmpi' destination directories
- Done some package modifications according to MPI guidelines
- This .spec file now produces '-openmpi', '-openmpi-devel', '-common' packages
- Added MUMPS packaging in "serial mode"
- %{name}-common package is a noarch
- Added an '-examples' subpackage that contains all test programs
* Tue Jul 23 2013 Antonio Trande <[email protected]> - 4.10.0-10
- 'openmpi-devel' BR changed to 'openmpi-devel>=1.7'
- 'blacs-openmpi-devel' BR changed to 'blacs-openmpi-devel>=1.1-50'
- Removed '-lmpi_f77' library link, deprecated starting from 'openmpi-1.7.2'
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #993984 - MUMPS possibly affected by F-20 unversioned docdir change
https://bugzilla.redhat.com/show_bug.cgi?id=993984
[ 2 ] Bug #986708 - MUMPS: Obey MPI guidelines
https://bugzilla.redhat.com/show_bug.cgi?id=986708
--------------------------------------------------------------------------------
================================================================================
fail2ban-0.8.10-3.el6 (FEDORA-EPEL-2013-11384)
Ban IPs that make too many password failures
--------------------------------------------------------------------------------
Update Information:
- Add upstream patch to fix mailx argument ordering (bug #998020)
- Fix hostsdeny permission issue
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Orion Poplawski <[email protected]> - 0.8.10-3
- Add upstream patch to fix mailx argument ordering (bug #998020)
* Fri Aug 16 2013 Orion Poplawski <[email protected]> - 0.8.10-2
- Add upstream patch to fix hostsdeny permission issue
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #998020 - dshield.conf: mailx confused by order of <dest> <mailargs>
https://bugzilla.redhat.com/show_bug.cgi?id=998020
--------------------------------------------------------------------------------
================================================================================
freetiger-5-2.el6 (FEDORA-EPEL-2013-11382)
Free implementation of the tiger hash algorithm
--------------------------------------------------------------------------------
Update Information:
freetiger is an implementation of the tiger hash algorithm made looking only at
the tiger reference paper (thus ignoring the reference code until a working
implementation was made). It also includes a modified version of the main
program included with the tiger reference implementation which was used for
benchmarking purposes. It has been optimized for usage in the TTH calculation
algorithm and includes optimized versions that will calculate the hashes for
the 1024 byte file chunks and the 48 byte hash concatenation appending the
proper suffix automatically thus minimizing memory to memory copying. Also
freetiger features interleaved hashing where the hashes of two different blocks
are calculated at the same time interleaving the operations of one and the
other. Using this increases the implementation performance. freetiger also
supports SSE2 for key scheduling during the tiger rounds which also increases
performance on processors supporting it and provides an implementation of the
partial hashing scheme for a more secure password storage when authenticating
clients using the GPA command in ADC.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #969387 - Review Request: freetiger - Free implementation of the
tiger hash algorithm
https://bugzilla.redhat.com/show_bug.cgi?id=969387
--------------------------------------------------------------------------------
================================================================================
fts-monitoring-3.1.1-1.el6 (FEDORA-EPEL-2013-11376)
FTS3 Web Application for monitoring
--------------------------------------------------------------------------------
Update Information:
FTS v3 web application for monitoring.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #989425 - Review Request: fts-monitoring - FTS v3 web application
for monitoring
https://bugzilla.redhat.com/show_bug.cgi?id=989425
--------------------------------------------------------------------------------
================================================================================
glite-px-proxyrenewal-1.3.34-1.el6 (FEDORA-EPEL-2013-11380)
gLite proxyrenewal renews existing proxy certificates for grid users
--------------------------------------------------------------------------------
Update Information:
The gLite proxyrenewal daemon is responsible for secure and controlled way of
periodical renewal of user proxy certificates. Its primary goal is to support
long-time jobs running on the grid.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #892698 - Review Request: glite-px-proxyrenewal - Tools for renew
of the existing proxy certificates for grid users
https://bugzilla.redhat.com/show_bug.cgi?id=892698
--------------------------------------------------------------------------------
================================================================================
nagios-3.5.0-2.el6 (FEDORA-EPEL-2013-11385)
Nagios monitors hosts and services and yells if somethings breaks
--------------------------------------------------------------------------------
Update Information:
Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294); Init script
overwrites pid file unnecessarily (#983129)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 29 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.5.0-2
- Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294)
- Init script overwrites pid file unnecessarily (#983129)
- Corrected bogus dates
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #958015 - CVE-2013-2029 Nagios core: Insecure temporary file usage
in nagios.upgrade_to_v3.sh
https://bugzilla.redhat.com/show_bug.cgi?id=958015
--------------------------------------------------------------------------------
================================================================================
nodejs-commander-1.2.0-5.el6 (FEDORA-EPEL-2013-11354)
Node.js command-line interfaces made easy
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Jamie Nguyen <[email protected]> - 1.2.0-5
- fix version of dependency on nodejs-keypress
* Mon Aug 26 2013 Jamie Nguyen <[email protected]> - 1.2.0-4
- rebuild to enable tests
* Sat Aug 3 2013 Fedora Release Engineering <[email protected]>
- 1.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sat Jul 6 2013 Jamie Nguyen <[email protected]> - 1.2.0-2
- fix compatible arches for f18/el6
* Fri Jul 5 2013 Jamie Nguyen <[email protected]> - 1.2.0-1
- restrict to compatible arches
- update to upstream release 1.2.0
--------------------------------------------------------------------------------
================================================================================
nodejs-connect-2.8.5-1.el6 (FEDORA-EPEL-2013-11354)
High performance middleware framework for Node.js
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Jamie Nguyen <[email protected]> - 2.8.5-1
- update to upstream release 2.8.5
* Sat Aug 3 2013 Fedora Release Engineering <[email protected]>
- 2.7.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nodejs-express-3.3.5-1.el6 (FEDORA-EPEL-2013-11354)
Sinatra inspired web development framework for Node.js
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Jamie Nguyen <[email protected]> - 3.3.5-1
- update to upstream release 3.3.5
- add ExclusiveArch logic
* Sat Aug 3 2013 Fedora Release Engineering <[email protected]>
- 3.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jul 5 2013 Jamie Nguyen <[email protected]> - 3.3.3-1
- update to upstream release 3.3.3
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
nodejs-fresh-0.2.0-1.el6 (FEDORA-EPEL-2013-11354)
HTTP response freshness testing for Node.js
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Jamie Nguyen <[email protected]> - 0.2.0-1
- update to upstream release 0.2.0
* Sat Aug 3 2013 Fedora Release Engineering <[email protected]>
- 0.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nodejs-keypress-0.2.1-1.el6 (FEDORA-EPEL-2013-11354)
Make any Node ReadableStream emit "keypress" events
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Jamie Nguyen <[email protected]> - 0.2.1-1
- update to upstream release 0.2.1
--------------------------------------------------------------------------------
================================================================================
nodejs-minimist-0.0.1-2.el6 (FEDORA-EPEL-2013-11378)
Parse argument options in Node.js
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #992322 - Review Request: nodejs-minimist - Parse argument options
in Node.js
https://bugzilla.redhat.com/show_bug.cgi?id=992322
--------------------------------------------------------------------------------
================================================================================
nodejs-send-0.1.4-1.el6 (FEDORA-EPEL-2013-11354)
Better streaming static file server with Range and conditional-GET support
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Jamie Nguyen <[email protected]> - 0.1.4-1
- update to upstream release 0.1.4
- add ExclusiveArch logic
* Sat Aug 3 2013 Fedora Release Engineering <[email protected]>
- 0.1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jul 5 2013 Jamie Nguyen <[email protected]> - 0.1.2-1
- update to upstream release 0.1.2
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
perl-Net-SSH-Expect-1.09-7.el6 (FEDORA-EPEL-2013-11386)
Net-SSH-Expect - SSH wrapper to execute remote commands
--------------------------------------------------------------------------------
Update Information:
Fixed a permissions issue in the %files section of the spec file that
incorrectly set directory permissions to 644 instead of 755
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Carl Thompson <[email protected]> - 1.09-7
- fixed permissions in %files section
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #972946 - perl-Net-SSH-Expect 1.09-6 Bad Directory Permissions
https://bugzilla.redhat.com/show_bug.cgi?id=972946
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-CompatInfo-2.22.0-1.el6 (FEDORA-EPEL-2013-11215)
Find out version and the extensions required for a piece of code to run
--------------------------------------------------------------------------------
Update Information:
Version 2.22.0 (2013-08-22)
Additions and changes:
* add both support to PHP 5.4.19 and 5.5.3
* phar --version switch now print the latest version rather than DEV
* add new function setExcludeVersions() in abstract
PHP_CompatInfo_Reference_PluginsAbstract class that allow to exclude one or
more version for an element ( related to issue GH-99 )
Bug fixes:
* GH-99: SO_BINDTODEVICE exists in php >= 5.4.18 and >= 5.5.1 (so not in 5.5.0)
Version 2.21.0 (2013-08-17)
Additions and changes:
* add both support to PHP 5.4.18 and 5.5.2
* update mongo reference to 1.4.3
* update libxml reference for PHP 5.5.2
Bug fixes:
* request #98 fixed mongo, sockets and standard references (thanks to Remi
Collet)
* GH-97: False positive classMemberAccessOnInstantiation detection
Version 2.20.0 (2013-07-20)
Additions and changes:
* add support to PHP 5.5.1
* update session and intl references sync with PHP 5.5.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 23 2013 Remi Collet <[email protected]> - 2.22.0-1
- Update to 2.22.0
* Thu Jul 25 2013 Remi Collet <[email protected]> - 2.20.0-1
- Update to 2.20.0
- patch from https://github.com/llaville/php-compat-info/pull/98
--------------------------------------------------------------------------------
================================================================================
quassel-0.9.0-1.el6 (FEDORA-EPEL-2013-11377)
A modern distributed IRC system
--------------------------------------------------------------------------------
Update Information:
New package for EPEL - quassel IRC
--------------------------------------------------------------------------------
================================================================================
savanna-image-elements-0.3-0.2.88511begit.el6 (FEDORA-EPEL-2013-11298)
Savanna diskimage-builder elements
--------------------------------------------------------------------------------
Update Information:
Diskimage-builder elements for Savanna
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #998702 - Review Request: savanna-image-elements - Savanna
diskimage-builder elements
https://bugzilla.redhat.com/show_bug.cgi?id=998702
[ 2 ] Bug #1000293 - savanna-image-elements-0.3-0.2.88511begit.el6 has
unresolved dependency diskimage-builder
https://bugzilla.redhat.com/show_bug.cgi?id=1000293
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
