The following Fedora EPEL 6 Security updates need testing:
Age URL
967
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
185
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6
56
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1.el6,python-astroid-1.2.1-2.el6,python-logilab-common-0.62.1-2.el6
31
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1
20
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4242/facter-1.6.18-8.el6
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4404/perl-YAML-LibYAML-0.38-5.el6
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4384/antiword-0.37-17.el6
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4407/pkcs11-helper-1.11-3.el6,openvpn-2.3.6-1.el6
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4411/llvm-3.4.2-3.el6
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4444/php-horde-kronolith-4.2.4-1.el6
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4442/icecast-2.4.1-1.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4485/python-tornado-2.2.1-7.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4472/pwgen-2.07-1.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4496/seamonkey-2.28-2.ESR_31.3.0.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4624/xrdp-0.6.1-1.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4575/links-2.8-4.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4563/firebird-2.5.3.26778.0-2.el6
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4663/docker-io-1.4.0-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4669/libhtp-0.5.16-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4693/denyhosts-2.6-19.el6.1
The following builds have been pushed to Fedora EPEL 6 updates-testing
2048-cli-0.9-4.git20141214.723738c.el6
denyhosts-2.6-19.el6.1
drupal7-ctools-1.5-1.el6
libhtp-0.5.16-1.el6
liveusb-creator-3.13.2-1.el6
python-argcomplete-0.8.4-1.el6
python-fedmsg-meta-fedora-infrastructure-0.3.8-1.el6
python-mwclient-0.7.1-1.el6
python-regex-2014.11.14-1.el6
tcalc-1.4-1.el6
Details about builds:
================================================================================
2048-cli-0.9-4.git20141214.723738c.el6 (FEDORA-EPEL-2014-4423)
The game 2048 for your Linux terminal
--------------------------------------------------------------------------------
Update Information:
initial rpm-release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1170231 - Review Request: 2048-cli - The game 2048 for your Linux
terminal
https://bugzilla.redhat.com/show_bug.cgi?id=1170231
--------------------------------------------------------------------------------
================================================================================
denyhosts-2.6-19.el6.1 (FEDORA-EPEL-2014-4693)
A script to help thwart ssh server attacks
--------------------------------------------------------------------------------
Update Information:
Fix security bug
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 14 2014 Till Maas <[email protected]> - 2.6-19.1
- Add patch from master for CVE-2013-6890 (rhbz #1045984)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1045982 - CVE-2013-6890 denyhosts: remote denial of ssh service
https://bugzilla.redhat.com/show_bug.cgi?id=1045982
--------------------------------------------------------------------------------
================================================================================
drupal7-ctools-1.5-1.el6 (FEDORA-EPEL-2014-4667)
Primarily a set of APIs and tools to improve the developer experience
--------------------------------------------------------------------------------
Update Information:
# 7.x-1.5
## API Additions:
* **ctools_ajax_icon_text_button()**: The ctools_ajax_icon_text_button()
function provides the ability to render an icon and related text as a link.
This will automatically apply an AJAX class to the link and add the appropriate
javascript to make this happen.
* **String Context:**: The string context plugin now provides a proper settings
form for creating arbitrary string contexts.
## Issues:
* Revert "Issue #1917658 by codycraven: Empty context value results in missing
argument in views argument"
* Issue #2195211 fix Missing argument 4 error when checking entity access
* Issue #2195471 by Eric_A, DamienMcKenna: Only variables should be passed by
reference in ctools_entity_from_field_context
* Issue #1315900 by tim.plunkett: Add reset_html_ids option to stop form ids
from changing when validation fails.
* Issue #1774434 by axel.rutz, Angry Dan: Allow string context to be created in
the UI
* Issue #2257367 by loopduplicate: Update homepage configuration link to d7
* Issue #955070 by azinck, EclipseGc: Update the token replacements in ctools
to work against a fully rendered page.
* Issue #2280875 by cboyden: Add icon+text renderer to avoid duplicate links
for text and icons in Panels IPE
* Issue #581670 by mariacha1, hass: Autocomplete loses selected item after
selection
* Issue #2054803 by Mac_Weber, Kazanir, merlinofchaos Added documentation for
the classes array in plugin definitions.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 13 2014 Shawn Iwinski <[email protected]> - 1.5-1
- Updated to 1.5 (BZ #1166343)
- Removed RPM README b/c it only explained common Drupal workflow
- %license usage
- Spec cleanup
* Sat Jun 7 2014 Fedora Release Engineering <[email protected]>
- 1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166343 - drupal7-ctools-1.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1166343
--------------------------------------------------------------------------------
================================================================================
libhtp-0.5.16-1.el6 (FEDORA-EPEL-2014-4669)
Security-aware parser for the HTTP protocol and the related bits and pieces
--------------------------------------------------------------------------------
Update Information:
This is a major update. API/ABI breaks are to be expected.
Extensive testing will be more than welcome.
Below is the upstream changelog from version 0.5.3 to the latest 0.5.16.
Unfortunately, upstream didn't maintain a changelog before that.
More details can be obtained by [comparing the current version in EPEL6, 0.3.0,
and the one in this
update](https://github.com/OISF/libhtp/compare/0.3.0...0.5.16).
### 0.5.16 (11 December 2014)
* Per personality requestline leading whitespace handling [Victor Julien]
* Improve request line parsing with leading spaces [Victor Julien]
* Harden decompress code against memory stress [Victor Julien]
### 0.5.15 (1 August 2014)
* Fixed [#78] Make a case-insensitive comparision for the pattern "chunked" for
"Transfer-Encoding" [Anoop Saldanha]
### 0.5.14 (22 July 2014)
* Fixed the tests sometimes not returning the correct status code. Increased
the the compiler warnings for the tests.
* Fixed [#77] Fix compiler warnings in the tests
### 0.5.13 (16 July 2014)
* Fixed [#56] Investigate clean-up performance with a large number of
transactions on a single connection
### 0.5.12 (25 June 2014)
* Fixed [#73] Fix double Content-Length issue [Wesley Shields]
### 0.5.11 (5 April 2014)
* Fixed [#72] On CONNECT requests inbound tx progress prematurely set to
complete
* Fixed [#71] Fix missing files in distribution target [Pierre Chifflier]
### 0.5.10 (3 March 2014)
* Fixed [#63] Final response body data callback missing on compressed responses.
* Do not consume the byte that comes after an invalid UTF-8 character.
* Use case insensitive comparison for content-coding values. Warn if unknown
response content encoding is encountered.
* Small fixes. [#66, #69] [Victor Julien]
### 0.5.9 (19 November 2013)
* Fixed an `HTP_HOST_AMBIGUOUS` false positive.
* Fixed the tests not compiling on OS X 10.9.
### 0.5.8 (21 October 2013)
* Fixed [#54] Compression and base64 tests failing on some architectures.
* Fixed [#55] Incorrect ambiguous host warning on some CONNECT requests.
### 0.5.7 (18 September 2013)
* Use `umask()` with `mkstemp()` to ensure that temporary files are created
with correct permissions. This addresses the potential security problem, but
creates another, because umask() is not thread safe. For this and other reasons
(see #52), file extraction will be removed in a future release.
* Fix copying `hook_response_complete` instead of `hook_transaction_complete`.
* Fix several small memory leaks that occur when memory allocation fails.
### 0.5.6 (22 July 2013)
* Fix memory leaks in `htp_tx_t::request_auth_username` and
`htp_tx_t::request_auth_password`.
* [#43] When processing the response line, treat stream closure as the end of
line.
* Fix normalization when the URL begins with `./`.
* Do not fail a stream with an incorrectly formed digest username.
* Do not stop processing request headers on PUT requests.
### 0.5.5 (18 July 2013)
* Tagging for a Suricata beta release.
* [#46] Fix the segfault that occurs under certain conditions when an invalid
hostname is supplied.
* [#44] Fix libiconv detection on OpenBSD. [Victor Julien]
### 0.5.4 (17 July 2013)
* Tagging for a Suricata beta release.
* Added `htp_get_version()`, which returns the complete library name (e.g.,
"LibHTP v0.5.4").
* Hard field limit is now treated as specifying the maximum amount of memory
LibHTP will use for buffering per stream. Fields (e.g., headers) longer than
this limit will be accepted if they are contained within a single buffer
submitted to LibHTP (i.e., if LibHTP does not have to do any buffering in order
to process them). Soft limits are currently not creating any warnings. This
area will be improved in a future release.
* Invalid headers no longer fail the entire stream. They are now treated as
headers without a name.
* `htp_conn_remove_tx()` now returns `HTP_DECLINED` (was `HTTP_ERROR`) if the
specified transaction cannot be found.
* `htp_list_array_replace()` now returns `HTP_DECLINED` (was `HTP_ERROR`) if
the element at the specified position does not exist.
* New public functions:
* `htp_status_t htp_urldecode_inplace(htp_cfg_t *cfg, enum htp_decoder_ctx_t
ctx, bstr *input, uint64_t *flags);`
* `htp_status_t htp_urldecode_inplace_ex(htp_cfg_t *cfg, enum
htp_decoder_ctx_t ctx, bstr *input, uint64_t *flags, int
*expected_status_code);`
* Improved test coverage (84.1% lines, 91.3% functions).
### 0.5.3 (14 June 2013)
* Fix stream error when valid Basic Authentication information is provided.
* Do not fail the entire stream if the Authorization header is invalid. Raise
`HTP_AUTH_INVALID` instead.
* When a request does not contain the request URI, leave
`htp_tx_t::request_uri` `NULL`.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 12 2014 Mathieu Bridon <[email protected]> - 0.5.16-1
- Update to 0.5.16
- Among other things, this fixes a security issue
https://bugzilla.redhat.com/show_bug.cgi?id=1173605
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1173605 - libhtp: denial of service with specific packets
https://bugzilla.redhat.com/show_bug.cgi?id=1173605
--------------------------------------------------------------------------------
================================================================================
liveusb-creator-3.13.2-1.el6 (FEDORA-EPEL-2014-4668)
A liveusb creator
--------------------------------------------------------------------------------
Update Information:
* Support a new installation mode that uses `dd` to copy the iso directly to
the device. This method tends to be more reliable than the non-destructive
approach.
* Added a new `--dd` command-line option
* DVD iso support with the 'overwrite device' method
* Improved UI layout
* Added AppData metadata
* The `--calculcate-liveos-checksum` now works on Linux
* Fixed the code that automatically populates the available releases
* Switched to use polkit on Linux instead of consolehelper for authentication
* Translation updates
* Improved error handling
* Can automatically download all supported Fedora products and spins
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 12 2014 Luke Macken <[email protected]> - 3.13.2-1
- Added all products and spins to the release list
* Mon Dec 8 2014 Rex Dieter <[email protected]> 3.13.1-2
- Requires: PolicyKit-authentication-agent (#1171583)
* Thu Nov 27 2014 Luke Macken <[email protected]> - 3.13.1-1
- Latest upstream release
* Thu Nov 27 2014 Gene Czarcinski <[email protected]> 3.13.0-2
- convert to using polkit (pkexec) instead of consolehelper
* Wed Nov 26 2014 Luke Macken <[email protected]> - 3.13.0-1
- Latest upstream release with bug fixes and interface improvements.
* Sat Jun 7 2014 Fedora Release Engineering <[email protected]>
- 3.12.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Feb 21 2014 Luke Macken <[email protected]> 3.12.1-1
- Update to 3.12.1 with more translations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096460 - [abrt] liveusb-creator:
grabber.py:1727:_do_grab:URLGrabError: [Errno 14] curl#7 - "Failed to connect
to 2a02:6b8::183: Сеть недоступна"
https://bugzilla.redhat.com/show_bug.cgi?id=1096460
[ 2 ] Bug #995258 - Cannot install Fedora 19 on MacBook pro
https://bugzilla.redhat.com/show_bug.cgi?id=995258
[ 3 ] Bug #1006270 - [abrt] liveusb-creator-3.11.8-3.fc19:
creator.py:362:get_liveos:TypeError: unsupported operand type(s) for +:
'NoneType' and 'str'
https://bugzilla.redhat.com/show_bug.cgi?id=1006270
[ 4 ] Bug #1033489 - [abrt] liveusb-creator-3.11.8-3.fc19:
creator.py:341:delete_liveos:UnicodeDecodeError: 'ascii' codec can't decode
byte 0xc3 in position 12: ordinal not in range(128)
https://bugzilla.redhat.com/show_bug.cgi?id=1033489
[ 5 ] Bug #1044309 - [abrt] liveusb-creator: gui.py:470:status:TypeError:
QTextEdit.append(QString): argument 1 has unexpected type 'int'
https://bugzilla.redhat.com/show_bug.cgi?id=1044309
[ 6 ] Bug #1045692 - [abrt] liveusb-creator: gui.py:80:__init__:LiveUSBError:
Unknown release: RFRemix 20 i686 XFCE
https://bugzilla.redhat.com/show_bug.cgi?id=1045692
[ 7 ] Bug #1057640 - [abrt] liveusb-creator:
creator.py:732:get_free_bytes:OSError: [Errno 2] File o directory non
esistente: '/run/media/lorenzo/F28B-8137'
https://bugzilla.redhat.com/show_bug.cgi?id=1057640
[ 8 ] Bug #1089453 - [abrt] liveusb-creator:
linux_dialog.py:10:<module>:ImportError:
/usr/lib/python2.7/site-packages/PyQt4/QtCore.so: undefined symbol:
_ZTI13QStateMachine
https://bugzilla.redhat.com/show_bug.cgi?id=1089453
[ 9 ] Bug #1098725 - [abrt] liveusb-creator:
creator.py:341:delete_liveos:UnicodeDecodeError: 'ascii' codec can't decode
byte 0xc3 in position 21: ordinal not in range(128)
https://bugzilla.redhat.com/show_bug.cgi?id=1098725
[ 10 ] Bug #1101288 - Created F20 liveusb boot problem
https://bugzilla.redhat.com/show_bug.cgi?id=1101288
[ 11 ] Bug #1120893 - unable to boot supermicro X10ssl-f and C7Z87
https://bugzilla.redhat.com/show_bug.cgi?id=1120893
[ 12 ] Bug #1149782 - liveusb-creator creates non-booting Live USB
https://bugzilla.redhat.com/show_bug.cgi?id=1149782
[ 13 ] Bug #1154779 - [abrt] liveusb-creator: python2.7 killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1154779
[ 14 ] Bug #1156489 - liveusb-creator for Windows (Win 8.1) produces not
bootable usb media
https://bugzilla.redhat.com/show_bug.cgi?id=1156489
[ 15 ] Bug #1160979 - Trying to boot from USB just says "No OS found", or
something like that
https://bugzilla.redhat.com/show_bug.cgi?id=1160979
[ 16 ] Bug #1161867 - Create a F20-DVD work but USB fail to boot
https://bugzilla.redhat.com/show_bug.cgi?id=1161867
[ 17 ] Bug #1164589 - Fedora Live unable to boot from USB 3.0 device
https://bugzilla.redhat.com/show_bug.cgi?id=1164589
[ 18 ] Bug #537577 - Ability to build LiveUSB from within a LiveDVD/CD
https://bugzilla.redhat.com/show_bug.cgi?id=537577
[ 19 ] Bug #1044243 - Installing from USB has wrong file paths
https://bugzilla.redhat.com/show_bug.cgi?id=1044243
[ 20 ] Bug #1054465 - [abrt] liveusb-creator:
creator.py:362:get_liveos:TypeError: unsupported operand type(s) for +:
'NoneType' and 'str'
https://bugzilla.redhat.com/show_bug.cgi?id=1054465
[ 21 ] Bug #1145813 - RFE: use polkit instead of consolehelper
https://bugzilla.redhat.com/show_bug.cgi?id=1145813
[ 22 ] Bug #1171583 - liveusb-creator: Please remove hardcoded Requires:
polkit-gnome
https://bugzilla.redhat.com/show_bug.cgi?id=1171583
--------------------------------------------------------------------------------
================================================================================
python-argcomplete-0.8.4-1.el6 (FEDORA-EPEL-2014-4676)
Bash tab completion for argparse
--------------------------------------------------------------------------------
Update Information:
Updating package to 0.8.4
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 14 2014 - Dale Macartney <[email protected]> 0.8.4-1
- Updating package to 0.8.4
* Fri Sep 12 2014 - Steve Traylen <[email protected]> 0.8.1-1
- Updating package to 0.8.1
* Sat Jun 7 2014 Fedora Release Engineering <[email protected]>
- 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1160288 - python-argcomplete-0.8.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1160288
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.3.8-1.el6 (FEDORA-EPEL-2014-4682)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Handle a new type of anitya message.
Latest upstream. New mirrormanager2 processor. Bugfixes to the fedimg
processor. Able now to distinguish between some prod and stg messages.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 12 2014 Ralph Bean <[email protected]> - 0.3.8-1
- Fixes to anitya messages (new distro.delete message).
* Sat Dec 6 2014 Ralph Bean <[email protected]> - 0.3.7-1
- New mirrormanager2 processor.
- Bugfix to the fedimg processor.
- Be able to distinguish between some prod and stg messages.
* Fri Nov 21 2014 Ralph Bean <[email protected]> - 0.3.6-1
- Latest upstream with some bugfixes.
- Disable network test with patch.
--------------------------------------------------------------------------------
================================================================================
python-mwclient-0.7.1-1.el6 (FEDORA-EPEL-2014-4685)
Mwclient is a client to the MediaWiki API
--------------------------------------------------------------------------------
Update Information:
This update provides the latest upstream release of mwclient. It is a minor
release that does not change the API, and mostly fixes bugs. See
https://github.com/mwclient/mwclient/blob/master/RELEASE-NOTES.md for details.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 12 2014 Adam Williamson <[email protected]> - 0.7.1-1
- new release 0.7.1, bit of spec cleaning
* Fri Oct 31 2014 Adam Williamson <[email protected]> - 0.7.0-2
- requires python-requests
--------------------------------------------------------------------------------
================================================================================
python-regex-2014.11.14-1.el6 (FEDORA-EPEL-2014-4690)
Alternative regular expression module, to replace re
--------------------------------------------------------------------------------
Update Information:
This new regex implementation is intended eventually to replace Python's
current re module implementation.
For testing and comparison with the current 're' module the new implementation
is in the form of a module called 'regex'.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1155778 - Review Request: python-regex - Alternative regular
expression module, to replace re
https://bugzilla.redhat.com/show_bug.cgi?id=1155778
--------------------------------------------------------------------------------
================================================================================
tcalc-1.4-1.el6 (FEDORA-EPEL-2014-4683)
The terminal calculator
--------------------------------------------------------------------------------
Update Information:
Added '-table' option to print multiplication tables
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2014 Mohammed Isam <[email protected]> 1.4-1
- Added '-table' option to print multiplication tables
- Added handling for input redirection from command line
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
