The following Fedora EPEL 6 Security updates need testing:
Age URL
893
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
225
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2.0.2-4.el6
112
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2655/python-oauth2-1.5.211-7.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2750/libsrtp-1.4.4-10.20101004cvs.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2719/nodejs-0.10.32-1.el6,v8-3.14.5.10-14.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2742/TeXmacs-1.0.7.2-3.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2713/putty-0.63-3.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2850/nginx-1.0.15-7.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2811/nodejs-qs-0.6.6-3.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2821/nodejs-send-0.3.0-4.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2801/seamonkey-2.21-8.ESR_24.8.0.el6
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2981/check-mk-1.2.4p5-2.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3080/phpMyAdmin-4.0.10.4-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3024/rssh-2.3.4-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3082/golang-1.3.3-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
golang-1.3.3-1.el6
jbrout-0.4-0.13.git20140930reva7c8fb8.el6
jglobus-2.1.0-1.el6
mediawiki119-1.19.20-1.el6
perl-Array-Unique-0.08-2.el6
php-tcpdf-6.0.094-1.el6
phpMyAdmin-4.0.10.4-1.el6
pkgwat-0.10-3.el6
pyexiv2-0.3.2-13.el6
python-behave-1.2.4-4.el6
python-mwclient-0.7.0-1.el6
python-pkgwat-api-0.12-3.el6
uid_wrapper-1.0.2-3.el6
Details about builds:
================================================================================
golang-1.3.3-1.el6 (FEDORA-EPEL-2014-3082)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
update to go1.3.3 (bz1146882)
update to go1.3.2 (bz1147324)
more work to get cgo.a timestamps to line up, due to build-env
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Vincent Batts <[email protected]> - 1.3.3-1
- update to go1.3.3 (bz1146882)
* Mon Sep 29 2014 Vincent Batts <[email protected]> - 1.3.2-1
- update to go1.3.2 (bz1147324)
* Wed Aug 13 2014 Vincent Batts <[email protected]> - 1.2.2-22
- more work to get cgo.a timestamps to line up, due to build-env
* Wed Aug 13 2014 Vincent Batts <[email protected]> - 1.2.2-21
- touch cgo.a regardless
* Wed Aug 13 2014 Vincent Batts <[email protected]> - 1.2.2-20
- rpm dependency ordering for %post
* Tue Aug 12 2014 Vincent Batts <[email protected]> - 1.2.2-19
- finally check for a Stale cgo in a %post
* Tue Aug 12 2014 Vincent Batts <[email protected]> - 1.2.2-18
- explicitly list all the files and directories for the packages trees
* Tue Aug 12 2014 Vincent Batts <[email protected]> - 1.2.2-17
- explicitly list all the files and directories of the src tree, to preserve
timestamps
* Mon Aug 11 2014 Vincent Batts <[email protected]> - 1.2.2-16
- touch all the built archives to be the same
* Mon Aug 11 2014 Vincent Batts <[email protected]> - 1.2.2-15
- make golang-src 'noarch' again, since that was not a fix, and takes up more
space
* Mon Aug 11 2014 Vincent Batts <[email protected]> - 1.2.2-14
- update timestamps of source files during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <[email protected]> - 1.2.2-13
- update timestamps of source during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <[email protected]> - 1.2.2-12
- set another version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <[email protected]> - 1.2.2-11
- set a version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <[email protected]> - 1.2.2-10
- make the source subpackage arch'ed, instead of noarch
* Tue Jul 15 2014 Vincent Batts <[email protected]> - 1.2.2-9
- fix the loading of gdb safe-path. bz981356
* Tue Jul 8 2014 Vincent Batts <[email protected]> - 1.2.2-8
- `go install std` requires gcc, to build cgo. bz1105901, bz1101508
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1147324 - CVE-2014-7189 golang: TLS client authentication issue
fixed in version 1.3.2
https://bugzilla.redhat.com/show_bug.cgi?id=1147324
--------------------------------------------------------------------------------
================================================================================
jbrout-0.4-0.13.git20140930reva7c8fb8.el6 (FEDORA-EPEL-2014-3085)
Photo manager, written in python/pygtk
--------------------------------------------------------------------------------
Update Information:
New checkout from the upstream.
New package introducced to EL-6 branch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1114394 - [abrt] jbrout: jbrout.py:42:<module>:TypeError: sequence
item 0: expected string, NoneType found
https://bugzilla.redhat.com/show_bug.cgi?id=1114394
[ 2 ] Bug #749473 - Please, create EL6 branch in EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=749473
--------------------------------------------------------------------------------
================================================================================
jglobus-2.1.0-1.el6 (FEDORA-EPEL-2014-3072)
Globus Java client libraries
--------------------------------------------------------------------------------
Update Information:
JGlobus 2.1.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Mattias Ellert <[email protected]> - 2.1.0-1
- 2.1.0 final release
- Drop patches included upstream
- Install pom files
--------------------------------------------------------------------------------
================================================================================
mediawiki119-1.19.20-1.el6 (FEDORA-EPEL-2014-3064)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
(bug 70672) SECURITY: OutputPage: Remove separation of css and js module
allowance
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 Patrick Uiterwijk <[email protected]> - 1.19.20-1
- Update to 1.19.20
- (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
allowance
* Thu Sep 25 2014 Patrick Uiterwijk <[email protected]> - 1.19.19-1
- Update to 1.19.19
- (bug 69008) SECURITY: Enhance CSS filtering in SVG files
--------------------------------------------------------------------------------
================================================================================
perl-Array-Unique-0.08-2.el6 (FEDORA-EPEL-2014-3068)
Tie-able array that allows only unique values
--------------------------------------------------------------------------------
Update Information:
perl-Array-Unique: initial submission
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139043 - Review Request: perl-Array-Unique - Tie-able array that
allows only unique values
https://bugzilla.redhat.com/show_bug.cgi?id=1139043
--------------------------------------------------------------------------------
================================================================================
php-tcpdf-6.0.094-1.el6 (FEDORA-EPEL-2014-3084)
PHP class for generating PDF documents and barcodes
--------------------------------------------------------------------------------
Update Information:
6.0.094 (2014-09-30)
* Bug item #978 "Variable Undefined: $cborder" was fixed.
6.0.093 (2014-09-02)
* Security fix: some serialize/unserialize methods were replaced with
json_encode/json_decode to avoid a potential object injection with user
supplied content. Thanks to ownCloud Inc. for reporting this issue.
* K_TIMEZONE constant was added to the default configuration to supress
date-time warnings.
6.0.092 (2014-09-01)
* Bug item #956 "Monospaced fonts are not alignd at the baseline" was fixed.
* Bug item #964 "Problem when changing font size" was fixed.
* Bug item #969 "ImageSVG with radialGradient problem" was fixed.
* sRGB.icc file was replaced with the one from the Debian package
icc-profiles-free (2.0.1+dfsg-1)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 Remi Collet <[email protected]> - 6.0.094-1
- update to 6.0.094
* Wed Sep 17 2014 Robert Scheck <[email protected]> - 6.0.091-2
- buildrequire php-cli >= 5.3 (#1121745)
- added provides for php-* if package is used on EL-5 (#1121745)
- corrected inter-package dependencies (Remi Collet)
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.4-1.el6 (FEDORA-EPEL-2014-3080)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.4 (2014-10-01)
================================
- [security] XSS vulnerabilities in table search and table structure pages
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 Robert Scheck <[email protected]> 4.0.10.4-1
- Upgrade to 4.0.10.4 (#1148664)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148664 - CVE-2014-7217 phpmyadmin: cross-site scripting (XSS)
flaw fixed in versions 4.0.10.4, 4.1.14.5, and 4.2.9.1 (PMASA-2014-11)
https://bugzilla.redhat.com/show_bug.cgi?id=1148664
--------------------------------------------------------------------------------
================================================================================
pkgwat-0.10-3.el6 (FEDORA-EPEL-2014-3063)
CLI tool for querying the fedora packages webapp
--------------------------------------------------------------------------------
Update Information:
Branch for epel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148215 - Please package pkgwat for EL6 and EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1148215
--------------------------------------------------------------------------------
================================================================================
pyexiv2-0.3.2-13.el6 (FEDORA-EPEL-2014-3078)
Python binding to exiv2
--------------------------------------------------------------------------------
Update Information:
Rebuilt for EPEL-6
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering <[email protected]>
- 0.3.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <[email protected]>
- 0.3.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 23 2014 David Tardon <[email protected]> - 0.3.2-11
- rebuild for boost 1.55.0
* Tue Dec 3 2013 Rex Dieter <[email protected]> - 0.3.2-10
- rebuild (exiv2)
* Sun Aug 4 2013 Fedora Release Engineering <[email protected]>
- 0.3.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sat Jul 27 2013 [email protected] - 0.3.2-8
- Rebuild for boost 1.54.0
* Sun Feb 10 2013 Denis Arnaud <[email protected]> - 0.3.2-7
- Rebuild for Boost-1.53.0
* Sat Feb 9 2013 Denis Arnaud <[email protected]> - 0.3.2-6
- Rebuild for Boost-1.53.0
--------------------------------------------------------------------------------
================================================================================
python-behave-1.2.4-4.el6 (FEDORA-EPEL-2014-3081)
Tools for the behavior-driven development, Python style
--------------------------------------------------------------------------------
Update Information:
Add another patch to fix an Unicode error (thanks to vbenes for help)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 12 2014 Matěj Cepl <[email protected]> - 1.2.4-4
- Add another patch to fix an Unicode error (thanks for vbenes for
fixing my earlier proposal).
--------------------------------------------------------------------------------
================================================================================
python-mwclient-0.7.0-1.el6 (FEDORA-EPEL-2014-3089)
Mwclient is a client to the MediaWiki API
--------------------------------------------------------------------------------
Update Information:
This update provides the new 0.7.0 release of python-mwclient. The upstream
changelog is available at
https://github.com/mwclient/mwclient/blob/v0.7.0/RELEASE-NOTES.md . Notably,
the Page.edit() method is technically deprecated in this release, though the
deprecation notice is silent by default and it will continue to work fine. The
new name is Page.text(). There should be no API incompatibility with the
previous 0.6.5 release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Adam Williamson <[email protected]> - 0.7.0-1
- new release: 0.7.0
- update for github source, use of setuptools and modern Python packaging rules
* Sat Jun 7 2014 Fedora Release Engineering <[email protected]>
- 0.6.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 4 2013 Fedora Release Engineering <[email protected]>
- 0.6.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <[email protected]>
- 0.6.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <[email protected]>
- 0.6.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <[email protected]>
- 0.6.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-pkgwat-api-0.12-3.el6 (FEDORA-EPEL-2014-3083)
Python API for querying the fedora packages webapp
--------------------------------------------------------------------------------
Update Information:
Branch for epel
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 7 2014 Fedora Release Engineering <[email protected]>
- 0.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Kalev Lember <[email protected]> - 0.12-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148215 - Please package pkgwat for EL6 and EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1148215
--------------------------------------------------------------------------------
================================================================================
uid_wrapper-1.0.2-3.el6 (FEDORA-EPEL-2014-3075)
A wrapper for privilege separation
--------------------------------------------------------------------------------
Update Information:
Do not own /usr/lib64/cmake.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 - Andreas Schneider <[email protected]> - 1.0.2-3
- resolves: #1146410 - Do not own /usr/lib64/cmake.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1146410 - uid_wrapper owns /usr/lib64/cmake
https://bugzilla.redhat.com/show_bug.cgi?id=1146410
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
