The following Fedora EPEL 6 Security updates need testing: Age URL 944 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 163 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6 34 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1.el6,python-astroid-1.2.1-2.el6,python-logilab-common-0.62.1-2.el6 30 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3527/asterisk-1.8.31.1-1.el6 20 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3748/tnftp-20141031-1.el6 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3851/python-requests-kerberos-0.6-1.el6 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3927/drupal7-ckeditor-1.16-2.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3962/oath-toolkit-2.0.2-5.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4005/nginx-1.0.15-11.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3975/polarssl-1.3.2-3.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2069/php-channel-phpseclib-1.3-1.el6,php-sabredav-Sabre_VObject-2.1.4-2.el6,php-sabredav-Sabre_HTTP-1.7.11-1.el6,php-sabredav-Sabre_DAVACL-1.7.9-1.el6,php-sabredav-Sabre_DAV-1.7.13-1.el6,php-sabredav-Sabre_CardDAV-1.7.9-2.el6,php-sabredav-Sabre_CalDAV-1.7.9-1.el6,php-irodsphp-3.3.0-0.4.beta1.el6,php-phpseclib-net-ssh2-0.3.9-1.el6,php-phpseclib-net-sftp-0.3.9-1.el6,php-phpseclib-crypt-twofish-0.3.9-2.el6,php-phpseclib-crypt-tripledes-0.3.9-2.el6,php-phpseclib-crypt-rsa-0.3.9-1.el6,php-phpseclib-crypt-rijndael-0.3.9-2.el6,php-phpseclib-crypt-rc4-0.3.9-2.el6,php-phpseclib-crypt-random-0.3.9-1.el6,php-phpseclib-crypt-hash-0.3.9-1.el6,php-phpseclib-crypt-des-0.3.9-2.el6,php-phpseclib-crypt-blowfish-0.3.9-2.el6,php-phpseclib-crypt-aes-0.3.9-1.el6,php-phpseclib-math-biginteger-0.3.9-1.el6,php-phpseclib-crypt-base-0.3.9-1.el6,owncloud-6.0.5-4.el6 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4057/moodle-2.5.9-1.el6 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4151/lsyncd-2.1.4-4.el6.1.1 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4144/nodejs-0.10.33-1.el6,libuv-0.10.29-1.el6 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4165/python-eyed3-0.7.4-5.el6 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4176/clamav-0.98.5-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4233/drupal6-6.34-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4237/drupal7-7.34-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4192/wordpress-4.0.1-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4211/phpMyAdmin-4.0.10.6-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing apcupsd-3.14.12-1.el6 drupal6-6.34-1.el6 drupal7-7.34-1.el6 edg-mkgridmap-4.0.0-8.el6 golang-github-emicklei-go-restful-0-0.1.gitad99b12.el6 golang-github-vishvananda-netlink-0-0.1.git2187ba6.el6 golang-github-vishvananda-netns-0-0.1.gite14a2d4.el6 gpaw-0.10.0.11364-8.el6 grass-6.4.4-6.el6 packagedb-cli-2.6-1.el6 perl-File-ConfigDir-0.014-1.el6 perl-Net-SMTPS-0.04-1.el6 phpMyAdmin-4.0.10.6-1.el6 privoxy-3.0.22-1.el6 python-copr-1.55-1.el6 python-docker-py-0.6.0-1.el6 qpid-dispatch-0.2-9.el6 wordpress-4.0.1-1.el6 Details about builds: ================================================================================ apcupsd-3.14.12-1.el6 (FEDORA-EPEL-2014-4191) APC UPS Power Control Daemon for Linux -------------------------------------------------------------------------------- Update Information: - updated to 3.14.12 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Michal Hlavinka <mhlav...@redhat.com> - 3.14.12-1 - apcupsd updated to 3.14.10 - force lock dir to /var/lock * Thu Feb 27 2014 Michal Hlavinka <mhlav...@redhat.com> - 3.14.10-3 - suppress error message when /etc/nologin does not exist -------------------------------------------------------------------------------- References: [ 1 ] Bug #1082250 - Workaround for UPS firmware bug causing killpower to execute repeatedly in a loop https://bugzilla.redhat.com/show_bug.cgi?id=1082250 -------------------------------------------------------------------------------- ================================================================================ drupal6-6.34-1.el6 (FEDORA-EPEL-2014-4233) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: https://www.drupal.org/SA-CORE-2014-006 * Update to Drupal 6. * Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Jon Ciesla <limburg...@gmail.com> - 6.34-1 - 6.34, DRUPAL-SA-CORE-2014-006 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166100 [ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1127539 [ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166246 [ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166247 -------------------------------------------------------------------------------- ================================================================================ drupal7-7.34-1.el6 (FEDORA-EPEL-2014-4237) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: https://www.drupal.org/SA-CORE-2014-006 - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Jon Ciesla <limburg...@gmail.com> - 7.34-1 - 7.34, DRUPAL-SA-CORE-2014-006. * Tue Nov 11 2014 Peter Borsa <peter.bo...@gmail.com> - 7.33-1 - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166101 [ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166249 [ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166250 -------------------------------------------------------------------------------- ================================================================================ edg-mkgridmap-4.0.0-8.el6 (FEDORA-EPEL-2014-4195) A tool to build the grid map-file from VO servers -------------------------------------------------------------------------------- Update Information: Added missing dependency on "perl(LWP::Protocol::https)" -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Alejandro Alvarez Ayllon <aalva...@cern.ch> - 4.0.0-8 - Added Requires perl(LWP::Protocol::https) * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 4.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 4.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <ppi...@redhat.com> - 4.0.0-5 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165991 - edg-mkgridmap missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1165991 -------------------------------------------------------------------------------- ================================================================================ golang-github-emicklei-go-restful-0-0.1.gitad99b12.el6 (FEDORA-EPEL-2014-4209) Package for building REST-style Web Services using Google Go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164152 - Review Request: golang-github-emicklei-go-restful - Package for building REST-style Web Services using Google Go https://bugzilla.redhat.com/show_bug.cgi?id=1164152 -------------------------------------------------------------------------------- ================================================================================ golang-github-vishvananda-netlink-0-0.1.git2187ba6.el6 (FEDORA-EPEL-2014-4227) Simple netlink library for go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164176 - Review Request: golang-github-vishvananda-netlink - Simple netlink library for go https://bugzilla.redhat.com/show_bug.cgi?id=1164176 -------------------------------------------------------------------------------- ================================================================================ golang-github-vishvananda-netns-0-0.1.gite14a2d4.el6 (FEDORA-EPEL-2014-4234) Simple network namespace handling for go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164170 - Review Request: golang-github-vishvananda-netns - Simple network namespace handling for go https://bugzilla.redhat.com/show_bug.cgi?id=1164170 -------------------------------------------------------------------------------- ================================================================================ gpaw-0.10.0.11364-8.el6 (FEDORA-EPEL-2014-4190) A grid-based real-space PAW method DFT code -------------------------------------------------------------------------------- Update Information: Fixes #1155087 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Marcin Dulak <marcin.du...@gmail.com> - 0.10.0.11364-8 - new style of linking blacs on EL6 * Thu Oct 23 2014 Marcin Dulak <marcin.du...@gmail.com> - 0.10.0.11364-7 - mpich version 3 in EL6 - use atlas on aarch64 - ppc64 on EL7 * Sat Aug 16 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.10.0.11364-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155087 - gpaw-mpich2 and gpaw-openmpi broke on rhel 6.6 update https://bugzilla.redhat.com/show_bug.cgi?id=1155087 -------------------------------------------------------------------------------- ================================================================================ grass-6.4.4-6.el6 (FEDORA-EPEL-2014-4199) GRASS - Geographic Resources Analysis Support System -------------------------------------------------------------------------------- Update Information: Adding grass to EPEL -------------------------------------------------------------------------------- ================================================================================ packagedb-cli-2.6-1.el6 (FEDORA-EPEL-2014-4203) A CLI for pkgdb -------------------------------------------------------------------------------- Update Information: * Update to packagedb-cli 2.6 * New structure: use the traditional python module structure instead of two python files * Do one API call for `orphan --retire` * Prevent user from retiring packages that have no dead.package file * Add support for obsoleting ACL requests (Stanislav Ochotnicky) * Enable restricting orphan to a specific user (while specifying more branches) * Enable restricting give to a specific user (while specifying more branches) * Let the unorphan action call the unorphan API endpoint * When listing packages, encode the output as UTF-8 before printing -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Pierre-Yves Chibon <pin...@pingoured.fr> - 2.6-1 - Update to 2.6 - New structure: use the traditional python module structure instead of two python files - Do one API call for `orphan --retire` - Prevent user from retiring packages that have no dead.package file - Add support for obsoleting ACL requests (Stanislav Ochotnicky) - Enable restricting orphan to a specific user (while specifying more branches) - Enable restricting give to a specific user (while specifying more branches) - Let the unorphan action call the unorphan API endpoint - When listing packages, encode the output as UTF-8 before printing -------------------------------------------------------------------------------- ================================================================================ perl-File-ConfigDir-0.014-1.el6 (FEDORA-EPEL-2014-4222) Get directories of configuration files -------------------------------------------------------------------------------- Update Information: Fix typo in pod, update README -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 22 2014 David Dick <dd...@cpan.org> - 0.014-1 - Fix typo in pod, update README * Fri Aug 29 2014 Jitka Plesnikova <jples...@redhat.com> - 0.013-2 - Perl 5.20 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163231 - perl-File-ConfigDir-0.014 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163231 -------------------------------------------------------------------------------- ================================================================================ perl-Net-SMTPS-0.04-1.el6 (FEDORA-EPEL-2014-4214) SSL/STARTTLS support for Net::SMTP -------------------------------------------------------------------------------- Update Information: Update to Authen::SASL version requirements -------------------------------------------------------------------------------- References: [ 1 ] Bug #1159516 - perl-Net-SMTPS-0.04 is available https://bugzilla.redhat.com/show_bug.cgi?id=1159516 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.0.10.6-1.el6 (FEDORA-EPEL-2014-4211) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.0.10.6 (2014-11-20) ================================ - [security] XSS vulnerability in table print view - [security] XSS vulnerability in zoom search page - [security] Path traversal in file inclusion of GIS factory - [security] XSS in multi submit - [security] XSS through pma_fontsize cookie -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Robert Scheck <rob...@fedoraproject.org> 4.0.10.6-1 - Upgrade to 4.0.10.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13) https://bugzilla.redhat.com/show_bug.cgi?id=1166619 [ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) https://bugzilla.redhat.com/show_bug.cgi?id=1166626 -------------------------------------------------------------------------------- ================================================================================ privoxy-3.0.22-1.el6 (FEDORA-EPEL-2014-4201) Privacy enhancing proxy -------------------------------------------------------------------------------- Update Information: Latest upstream bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Jon Ciesla <limburg...@gmail.com> - 3.0.22-1 - Update to 3.0.22, BZ 1166398. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166398 - privoxy-3.0.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166398 -------------------------------------------------------------------------------- ================================================================================ python-copr-1.55-1.el6 (FEDORA-EPEL-2014-4215) Python interface for Copr -------------------------------------------------------------------------------- Update Information: update python-copr to 1.55 New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1131616 - Review Request: python-copr - Python client to access copr service https://bugzilla.redhat.com/show_bug.cgi?id=1131616 -------------------------------------------------------------------------------- ================================================================================ python-docker-py-0.6.0-1.el6 (FEDORA-EPEL-2014-4225) An API client for docker written in Python -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1160293 - update to 0.6.0 Resolves: rhbz#1145511 - version bump to 0.5.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Lokesh Mandvekar <l...@fedoraproject.org> - 0.6.0-1 - Resolves: rhbz#1160293 - update to 0.6.0 * Thu Oct 23 2014 Lokesh Mandvekar <l...@fedoraproject.org> - 0.5.3-2 - Resolves: rhbz#1145895 - versioned python-requests req only for f21+ * Wed Oct 22 2014 Lokesh Mandvekar <l...@fedoraproject.org> - 0.5.3-1 - Resolves: rhbz#1153991 - update to 0.5.3 * Tue Sep 23 2014 Tom Prince <tom.pri...@clusterhq.com> - 0.5.0-2 - Specify depedencies to match those in setup.py * Mon Sep 22 2014 Tom Prince <tom.pri...@clusterhq.com> - 0.5.0-1 - Resolves: rhbz#1145511 - version bump to 0.5.0 * Tue Aug 26 2014 Lokesh Mandvekar <l...@fedoraproject.org> - 0.4.0-3 - correct bogus date * Tue Aug 26 2014 Lokesh Mandvekar <l...@fedoraproject.org> - 0.4.0-2 - rewrite BR&R conditionals for docker/docker-io * Thu Aug 21 2014 Lokesh Mandvekar <l...@fedoraproject.org> - 0.4.0-1 - update to 0.4.0 - Resolves: rhbz#1132604 (epel7 only) * Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1160293 - python-docker-py-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1160293 [ 2 ] Bug #1145511 - python-docker-py-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1145511 -------------------------------------------------------------------------------- ================================================================================ qpid-dispatch-0.2-9.el6 (FEDORA-EPEL-2014-4189) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information: Fixed a merge issue that resulted in two patches not being applied. DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Darryl L. Pierce <dpie...@redhat.com> - 0.2-9 - Fixed a merge issue that resulted in two patches not being applied. - Resolves: BZ#1165691 * Wed Nov 19 2014 Darryl L. Pierce <dpie...@redhat.com> - 0.2-8 - DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. - Include systemd service file for EPEL7 packages. - Brought systemd support up to current Fedora packaging guidelines. - Resolves: BZ#1165691 - Resolves: BZ#1165681 * Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165691 - Man page for qdstat.conf is missing https://bugzilla.redhat.com/show_bug.cgi?id=1165691 [ 2 ] Bug #1165681 - RPMs do not provide a systemd service unit file https://bugzilla.redhat.com/show_bug.cgi?id=1165681 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.0.1-1.el6 (FEDORA-EPEL-2014-4192) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: WordPress 4.0.1 Security Release See: https://wordpress.org/news/2014/11/wordpress-4-0-1/ -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Remi Collet <r...@fedoraproject.org> - 4.0.1-1 - WordPress 4.0.1 Security Release - use system php-getid3 when available #1145574 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release https://bugzilla.redhat.com/show_bug.cgi?id=1166468 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel