The following Fedora EPEL 6 Security updates need testing:
Age URL
540
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
54
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11703/chicken-4.8.0.4-4.el6
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11706/fedmsg-0.7.1-2.el6
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11733/php-pecl-xhprof-0.9.4-1.el6
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11771/mod_fcgid-2.3.9-1.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11803/dropbear-2013.59-1.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11785/phpMyAdmin-3.5.8.2-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11817/ReviewBoard-1.7.16-2.el6,python-djblets-0.7.21-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ReviewBoard-1.7.16-2.el6
archivemount-0.8.1-2.el6
cppcheck-1.62-1.el6
drbdlinks-1.25-1.el6
fedora-review-0.5.0-2.el6
kobo-0.4.1-1.el6
perl-Crypt-Blowfish_PP-1.12-7.el6
perl-Term-Size-0.207-6.el6
perl-WWW-Salesforce-0.20-1.el6
php-bartlett-PHP-Reflect-1.9.0-1.el6
php-xcache-3.0.4-1.el6
python-djblets-0.7.21-1.el6
python-wsme-0.5b5-2.el6
qpdfview-0.4.6-1.el6
qtdbf-1.0.0-1.el6
tinyxml2-1.0.11-4.20130805git0323851.el6
tlock-1.5-8.el6
transifex-1.2.1-2.el6
xalan-c-1.11.0-1.el6
Details about builds:
================================================================================
ReviewBoard-1.7.16-2.el6 (FEDORA-EPEL-2013-11817)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users
could access certain data they should not have been able to access, if using
the Local Sites feature, invite-only groups, or private repositories. It also
fixes cases with invite-only groups where the group name and list of private
review requests would show up on some pages (though the review requests
themselves were not accessible).
These issues do not affect most of the installations out there, but we
strongly recommend upgrading anyway. There are no known cases of anyone
exploiting these bugs, and in fact we discovered these internally while
building new tools to test for security vulnerabilities in our codebase.
There are also some other bug fixes, and important changes needed for
extensions that provide their own REST APIs.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 13 2013 Patrick Uiterwijk <[email protected]> - 1.7.16-2
- Update Djblets version
* Sun Oct 13 2013 Patrick Uiterwijk <[email protected]> - 1.7.15-2
- New upstream bugfix release 1.7.16
- Fixes a breakage when accessing the Review Group Users resource
- Fixes pagination in dashboard and similar pages
* Thu Oct 10 2013 Stephen Gallagher <[email protected]> - 1.7.15-1
- New upstream security release 1.7.15
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15/
- Resolves: CVE-2013-4410
- Fixes access-control problems with REST API
- Resolves: CVE-2013-4411
- Fixes URL processing allowing unauthorized users to view review lists
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with
REST API
https://bugzilla.redhat.com/show_bug.cgi?id=1016596
[ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows
unauthorized users to view review lists
https://bugzilla.redhat.com/show_bug.cgi?id=1016599
[ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval()
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1016601
--------------------------------------------------------------------------------
================================================================================
archivemount-0.8.1-2.el6 (FEDORA-EPEL-2013-11838)
FUSE based filesystem for mounting compressed archives
--------------------------------------------------------------------------------
Update Information:
Update to the latest release of archivemount
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 13 2013 Niels de Vos <[email protected]> - 0.8.1-2
- Do not call fuse_main() to prevent a confusing error message (#1018587)
* Wed Sep 25 2013 Niels de Vos <[email protected]> - 0.8.1-1
- Update to version 0.8.1 (#1011795)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018587 - confusing message "fuse: missing mountpoint parameter"
is displayed upon successful mount
https://bugzilla.redhat.com/show_bug.cgi?id=1018587
[ 2 ] Bug #1011795 - Update archivemount to the latest release 0.8.1
https://bugzilla.redhat.com/show_bug.cgi?id=1011795
--------------------------------------------------------------------------------
================================================================================
cppcheck-1.62-1.el6 (FEDORA-EPEL-2013-11840)
Tool for static C/C++ code analysis
--------------------------------------------------------------------------------
Update Information:
First release of tinyxml2 in EPEL.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 13 2013 Susi Lehtola <[email protected]> - 1.62-1
- Update to 1.62.
* Sat Aug 10 2013 Susi Lehtola <[email protected]> - 1.61-1
- Update to 1.61.
* Sat Aug 3 2013 Fedora Release Engineering <[email protected]>
- 1.60.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jun 3 2013 François Cami <[email protected]> - 1.60.1-1
- Update to 1.60.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #996042 - Review Request: tinyxml2 - Simple, small and efficient
C++ XML parser
https://bugzilla.redhat.com/show_bug.cgi?id=996042
--------------------------------------------------------------------------------
================================================================================
drbdlinks-1.25-1.el6 (FEDORA-EPEL-2013-11821)
A program for managing links into a DRBD shared partition
--------------------------------------------------------------------------------
Update Information:
Upstream changes:
* Fixing string formatting exception in initialize_shared_storage (Fix by
Flavio Grossi)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 13 2013 Robert Scheck <[email protected]> 1.25-1
- Upgrade to 1.25
--------------------------------------------------------------------------------
================================================================================
fedora-review-0.5.0-2.el6 (FEDORA-EPEL-2013-11828)
Review tool for fedora rpm packages
--------------------------------------------------------------------------------
Update Information:
Update dependency on licensecheck script and fix phpci plugin dependency
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 14 2013 Stanislav Ochotnicky <[email protected]> - 0.5.0-2
- Fix requires for licensecheck (#1016309)
- Remove separate php plugin subpackage (#971875)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #971875 - phpci command renamed to phpcompatinfo
https://bugzilla.redhat.com/show_bug.cgi?id=971875
[ 2 ] Bug #1016309 - Add dependency on %{_bindir}/licensecheck
https://bugzilla.redhat.com/show_bug.cgi?id=1016309
--------------------------------------------------------------------------------
================================================================================
kobo-0.4.1-1.el6 (FEDORA-EPEL-2013-11837)
Python modules for tools development
--------------------------------------------------------------------------------
Update Information:
Bump version to 0.4.1.
Completely remove Django support on el5 and el6.
New upstream release
New upstream release
Completely remove Django support on el5 and el6.
New upstream release
New upstream release
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 14 2013 Daniel Mach <[email protected]> - 0.4.1-1
- Return 'nosrc' arch when RPMTAG_NOPATCH RPM header is set. (Daniel Mach)
- Fix 'ImproperlyConfigured: The SECRET_KEY setting must not be empty.'
exception in test_types.py. (Daniel Mach)
- Fix setup script to install additional package data. (Daniel Mach)
- Fix reading RPMTAG_NOSOURCE and RPMTAG_NOPATCH headers from 'nosrc' RPMs.
(Daniel Mach)
* Mon Jul 29 2013 Daniel Mach <[email protected]> - 0.4.0-2
- Drop admin subpackage on rhel <= 5
- Drop admin, django and hub subpackages on epel 6
* Thu Jul 25 2013 Daniel Mach <[email protected]> - 0.4.0-1
- Drop django and hub subpackages on rhel <= 5
- Set filename to be real name of a downloaded file. (Tomas Tomecek)
- Fix logwatcher to scroll to latest logs. (Tomas Tomecek)
- Remove obsolete function kobo.django.views.generic._object_list(). (Tomas
Kopecek)
- Updated README for 0.4.0 release (Tomas Kopecek)
- Revamp setup.py and related files. (Daniel Mach)
- LongnameUser table has auth_user db table name for easier upgrade. (Tomas
Kopecek)
- Add checksum_type to SimpleRpmWrapper. (Tomas Kopecek)
- Add kobo.threads.run_in_threads() helper. (Tomas Kopecek)
- Django 1.5 rebase. (Tomas Kopecek)
- Remove unnecessary slots from pkgset.FileCache. (Daniel Mach)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #997735 - Error in packaging default.conf
https://bugzilla.redhat.com/show_bug.cgi?id=997735
[ 2 ] Bug #990016 - "make bkradd" is failing as kobo-client does not provide
default.conf
https://bugzilla.redhat.com/show_bug.cgi?id=990016
--------------------------------------------------------------------------------
================================================================================
perl-Crypt-Blowfish_PP-1.12-7.el6 (FEDORA-EPEL-2013-11830)
Blowfish encryption algorithm implemented purely in Perl
--------------------------------------------------------------------------------
Update Information:
Initial epel-6 build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018334 - Please build for EPEL-6
https://bugzilla.redhat.com/show_bug.cgi?id=1018334
--------------------------------------------------------------------------------
================================================================================
perl-Term-Size-0.207-6.el6 (FEDORA-EPEL-2013-11823)
Simple way to get terminal size
--------------------------------------------------------------------------------
Update Information:
Initial epel-6 build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018332 - Please build for EPEL-6
https://bugzilla.redhat.com/show_bug.cgi?id=1018332
--------------------------------------------------------------------------------
================================================================================
perl-WWW-Salesforce-0.20-1.el6 (FEDORA-EPEL-2013-11822)
WWW::Salesforce Perl module
--------------------------------------------------------------------------------
Update Information:
Update to a later version.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 14 2013 Lubomir Rintel (GoodData) <[email protected]> - 0.20-1
- Update to later version
* Mon Aug 5 2013 Petr Pisar <[email protected]> - 0.13-8
- Perl 5.18 rebuild
* Sun Aug 4 2013 Fedora Release Engineering <[email protected]>
- 0.13-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <[email protected]>
- 0.13-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jul 20 2012 Fedora Release Engineering <[email protected]>
- 0.13-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun 29 2012 Petr Pisar <[email protected]> - 0.13-4
- Perl 5.16 rebuild
* Fri Jan 13 2012 Fedora Release Engineering <[email protected]>
- 0.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Jul 19 2011 Petr Sabata <[email protected]> - 0.13-2
- Perl mass rebuild
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-Reflect-1.9.0-1.el6 (FEDORA-EPEL-2013-11835)
Adds the ability to reverse-engineer PHP
--------------------------------------------------------------------------------
Update Information:
Version 1.9.0 (2013-10-12)
Additions and changes:
* drop support of PHP 5.2
* add Composer support
Bug fixes:
* avoid wrong trait detection if source code used a class property named trait:
$this->trait
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 12 2013 Remi Collet <[email protected]> - 1.9.0-1
- Update to 1.9.0
- raise dependency on PHP >= 5.3
--------------------------------------------------------------------------------
================================================================================
php-xcache-3.0.4-1.el6 (FEDORA-EPEL-2013-11825)
Fast, stable PHP opcode cacher
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.4 bugfixes version
Upstream Changelog:
* cacher: fixed #324: xcache.readonly_protection = Off cause SEGV under mass
concurrent
* cacher: fixed #323: refix locking impl for threaded env
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 12 2013 Remi Collet <[email protected]> - 3.0.4-1
- version 3.0.4 (bugfixes)
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.7.21-1.el6 (FEDORA-EPEL-2013-11817)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users
could access certain data they should not have been able to access, if using
the Local Sites feature, invite-only groups, or private repositories. It also
fixes cases with invite-only groups where the group name and list of private
review requests would show up on some pages (though the review requests
themselves were not accessible).
These issues do not affect most of the installations out there, but we
strongly recommend upgrading anyway. There are no known cases of anyone
exploiting these bugs, and in fact we discovered these internally while
building new tools to test for security vulnerabilities in our codebase.
There are also some other bug fixes, and important changes needed for
extensions that provide their own REST APIs.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 13 2013 Patrick Uiterwijk <[email protected]> - 0.7.21-1
- New upstream bugfix release 0.7.21
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS
- Added a has_list_access_permissions function, which is used to
determine access to a list resource.
* Fri Oct 11 2013 Stephen Gallagher <[email protected]> - 0.7.20-1
- New upstream bugfix release 0.7.20
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.20.NEWS
- Fixed regression with pagination on the datagrid
* Thu Oct 10 2013 Stephen Gallagher <[email protected]> - 0.7.19-1
- New upstream security release 0.7.19
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.19.NEWS
- Resolves: CVE-2013-4409
- Resolves unsanitized eval() vulnerability
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with
REST API
https://bugzilla.redhat.com/show_bug.cgi?id=1016596
[ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows
unauthorized users to view review lists
https://bugzilla.redhat.com/show_bug.cgi?id=1016599
[ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval()
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1016601
--------------------------------------------------------------------------------
================================================================================
python-wsme-0.5b5-2.el6 (FEDORA-EPEL-2013-11826)
Web Services Made Easy
--------------------------------------------------------------------------------
Update Information:
- Latest upstream
- Latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 10 2013 Dan Prince <[email protected]> - 0.5b5-2
- Don't remove egg.info required by pbr
* Thu Oct 10 2013 Pádraig Brady <[email protected]> - 0.5b5-1
- Latest upstream
* Sun Aug 4 2013 Fedora Release Engineering <[email protected]>
- 0.5b2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
qpdfview-0.4.6-1.el6 (FEDORA-EPEL-2013-11833)
Tabbed PDF Viewer
--------------------------------------------------------------------------------
Update Information:
Version bump.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 13 2013 TI_Eugene <[email protected]> 0.4.6-1
- Version bump
* Fri Sep 6 2013 TI_Eugene <[email protected]> 0.4.5-1
- Version bump
--------------------------------------------------------------------------------
================================================================================
qtdbf-1.0.0-1.el6 (FEDORA-EPEL-2013-11839)
A simple DBF viewer and editor
--------------------------------------------------------------------------------
Update Information:
Version bump.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 13 2013 TI_Eugene <[email protected]> 1.0.0-1
- Version bump
* Thu Aug 29 2013 TI_Eugene <[email protected]> 0.9.11-1
- Version bump
--------------------------------------------------------------------------------
================================================================================
tinyxml2-1.0.11-4.20130805git0323851.el6 (FEDORA-EPEL-2013-11840)
Simple, small and efficient C++ XML parser
--------------------------------------------------------------------------------
Update Information:
First release of tinyxml2 in EPEL.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #996042 - Review Request: tinyxml2 - Simple, small and efficient
C++ XML parser
https://bugzilla.redhat.com/show_bug.cgi?id=996042
--------------------------------------------------------------------------------
================================================================================
tlock-1.5-8.el6 (FEDORA-EPEL-2013-11827)
Terminal lock
--------------------------------------------------------------------------------
Update Information:
Update autoconf(1) scripts to version >= 2.69.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #926640 - tlock: Does not support aarch64 in f19 and rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=926640
--------------------------------------------------------------------------------
================================================================================
transifex-1.2.1-2.el6 (FEDORA-EPEL-2013-11829)
A system for distributed translation submissions
--------------------------------------------------------------------------------
Update Information:
A system for distributed translation submissions
--------------------------------------------------------------------------------
================================================================================
xalan-c-1.11.0-1.el6 (FEDORA-EPEL-2013-11831)
Xalan XSLT processor for C
--------------------------------------------------------------------------------
Update Information:
Updated to 1.11 to fix segfault issue in bug #807816
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 8 2013 Nick Le Mouton <[email protected]> - 1.11.0-1
- Rebuilt for xalan-c 1.11, fixes a few problems with using newer xerces-c
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #807816 - Xalan-c segfaults on any input
https://bugzilla.redhat.com/show_bug.cgi?id=807816
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
