EPEL Fedora 6 updates-testing report

Sat, 08 Feb 2014 12:48:24 -0800 

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 657  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
  87  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.el6
  51  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12427/seamonkey-2.21-3.esr2.el6
  10  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0378/quassel-0.9.2-1.el6
   9  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0398/socat-1.7.2.3-1.el6
   8  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0401/libyaml-0.1.3-4.el6
   8  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0409/zarafa-7.1.8-1.el6
   6  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0429/mediawiki119-1.19.11-2.el6
   6  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0426/tpp-1.3.1-17.el6
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-1.el6
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0466/python-gnupg-0.3.6-1.el6
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0465/lighttpd-1.4.34-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0395/libpng10-1.0.61-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-client-7.2.33-3.git1994cc8.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    boinc-client-7.2.33-3.git1994cc8.el6
    duply-1.6.0-1.el6
    libpng10-1.0.61-1.el6
    nwchem-6.3.2-7.el6
    perl-Test-Carp-0.2-2.el6
    remctl-3.8-2.el6

Details about builds:


================================================================================
 boinc-client-7.2.33-3.git1994cc8.el6 (FEDORA-EPEL-2014-0483)
 The BOINC client core
--------------------------------------------------------------------------------
Update Information:

Upgrade boinc to 7.2.33
Fixes various security flaws
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb  7 2014 Mattia Verga <mattia.ve...@tiscali.it> - 7.2.33-3.git1994cc8
- Upgrade to 7.2.33 to pair with F20
- Clean up specfile
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #957771 - CVE-2013-2298 boinc-client: Multiple stack overflow flaws 
when parsing XML files
        https://bugzilla.redhat.com/show_bug.cgi?id=957771
  [ 2 ] Bug #957775 - CVE-2013-2019 boinc-client: Stack-overflow by processing 
XML element with multiple file signatures
        https://bugzilla.redhat.com/show_bug.cgi?id=957775
  [ 3 ] Bug #957795 - boinc-client: Format string flaw by writing account file
        https://bugzilla.redhat.com/show_bug.cgi?id=957795
--------------------------------------------------------------------------------


================================================================================
 duply-1.6.0-1.el6 (FEDORA-EPEL-2014-0487)
 Wrapper for duplicity
--------------------------------------------------------------------------------
Update Information:

Update to the latest stable version.

Changes in 1.6.0:
- support gs backend
- support dropbox backend
- add gpg-agent support to gpg test routines
- autoenable --use-agent if passwords were not defined in config
- GPG_OPTS are now honored everywhere, keyrings or complete gpg homedir can 
thus be configured to be located anywhere
- always import both secret and public key if avail from config profile
- new explanatory comments in initial exclude file
- bugfix 7: Duply only imports one key at a time

--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 28 2014 Thomas Moschny <thomas.mosc...@gmx.de> - 1.6.0-1
- Update to 1.6.0.
* Sat Aug  3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.5.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 libpng10-1.0.61-1.el6 (FEDORA-EPEL-2014-0395)
 Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:

This is the current cumulative bug-fix update from upstream. Only minor issues 
addressed, as per the changelog.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb  7 2014 Paul Howarth <p...@city-fan.org> 1.0.61-1
- update to 1.0.61
  - ignore, with a warning, out-of-range value of num_trans in png_set_tRNS()
  - replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h]) in
    configure.ac
  - changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h
  - avoid a possible memory leak in contrib/gregbook/readpng.c
  - revised libpng.3 so that "doclifter" can process it
  - changed '"%s"m' to '"%s" m' in png_debug macros to improve portability
    among compilers
  - rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1
  - removed potentially misleading warning from png_check_IHDR()
  - quiet set-but-not-used warnings in pngset.c
  - quiet an uninitialized memory warning from VC2013 in png_get_png()
  - quiet unused variable warnings from clang by porting PNG_UNUSED() from
    libpng-1.4.6
  - added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile
  - added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c
- drop upstreamed aarch64 patch
- drop patch for CVE-2013-6954, which only actually affected libpng versions
  1.6.1 to 1.6.7
* Thu Jan 23 2014 Paul Howarth <p...@city-fan.org> 1.0.60-6
- handle zero-length PLTE chunk or NULL palette with png_error(), to avoid
  later reading from a NULL pointer (png_ptr->palette) in
  png_do_expand_palette() (CVE-2013-6954)
* Sat Jul 27 2013 Paul Howarth <p...@city-fan.org> 1.0.60-5
- install docs to %{_pkgdocdir} where available
* Sun Mar 24 2013 Paul Howarth <p...@city-fan.org> 1.0.60-4
- tweak config.guess and config.sub to add aarch64 support (#925862)
- update source URL, moved upstream
* Thu Feb 14 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
1.0.60-3
- rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
1.0.60-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 11 2012 Paul Howarth <p...@city-fan.org> 1.0.60-1
- update to 1.0.60
  - changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk 
or NULL palette
        https://bugzilla.redhat.com/show_bug.cgi?id=1045561
--------------------------------------------------------------------------------


================================================================================
 nwchem-6.3.2-7.el6 (FEDORA-EPEL-2014-0481)
 Delivering High-Performance Computational Chemistry to Science
--------------------------------------------------------------------------------
Update Information:

Delivering High-Performance Computational Chemistry to Science
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #984605 - Review Request: nwchem - Delivering High-Performance 
Computational Chemistry
        https://bugzilla.redhat.com/show_bug.cgi?id=984605
--------------------------------------------------------------------------------


================================================================================
 perl-Test-Carp-0.2-2.el6 (FEDORA-EPEL-2014-0484)
 Test your code for calls to Carp functions
--------------------------------------------------------------------------------
Update Information:

First EPEL 6 release. Test::Carp allows Perl developers to call given code 
(with given arguments) and test whether the given Carp function (or their 
imported versions) are called (with a given value) or not.
--------------------------------------------------------------------------------


================================================================================
 remctl-3.8-2.el6 (FEDORA-EPEL-2014-0482)
 Client/server for Kerberos-authenticated command execution
--------------------------------------------------------------------------------
Update Information:

Update to the latest upstream release (v3.8). This update fixes a client memory 
leak and improves Perl module argument validation. For a full list of changes, 
see the [upstream 
changelog](http://www.eyrie.org/~eagle/software/remctl/news.html).

The Fedora packaging also includes the following changes:
* This update ships each of the README documentation files for the PHP, Python, 
and Ruby libraries.
* This update links against libpcre for PCRE support.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb  8 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 3.8-2
- Add tarball for 3.8
* Sat Feb  8 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 3.8-1
- Update to 3.8
- Alphabetize BRs
- Optimize python file list (#1062765, thanks Remi Ferrand)
- Enable pcre support (#1062765, thanks Remi Ferrand)
* Fri Jan 24 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 3.7-2
- Adjust UnversionedDocdirs conditional to support Fedora 19
* Thu Jan 23 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 3.7-1
- Update to 3.7
- Drop upstreamed EL5 perl patch
- Drop RPM conditionals for Fedoras earlier than 19
- Add systemd support
- Use upstream's php.ini instead of our own
- Ship upstream's READMEs for PHP, Python, and Ruby
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1062765 - remctld is not linked against libpcre
        https://bugzilla.redhat.com/show_bug.cgi?id=1062765
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

Reply via email to