The following Fedora EPEL 6 Security updates need testing: Age URL 508 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 27 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-3.7.3-1.el6 22 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11393/nagios-3.5.1-1.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11417/graphite-web-0.9.12-1.el6 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11445/perl-Crypt-DSA-1.17-10.el6 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11453/python-pyrad-2.0-3.el6 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11499/roundcubemail-0.9.4-1.el6 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11507/tinyproxy-1.8.3-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11525/moodle-2.4.6-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11556/openstack-swift-1.7.4-3.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11550/Django14-1.4.7-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11552/glpi-0.83.9.1-4.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing Django14-1.4.7-1.el6 glpi-0.83.9.1-4.el6 ldapvi-1.7-17.el6 nf3d-0.8-1.el6 openstack-swift-1.7.4-3.el6 openvpn-2.3.2-2.el6 perl-File-KeePass-2.03-3.el6 php-htmLawed-1.1.16-1.el6 qt5-qtgraphicaleffects-5.1.1-1.el6 qt5-qtimageformats-5.1.1-1.el6 qt5-qtsvg-5.1.1-1.el6 qt5-qttools-5.1.1-3.el6 qt5-qtwebkit-5.1.1-1.el6 qt5-qtxmlpatterns-5.1.1-1.el6 qtbrowserplugin-2.4-3.el6 racoon2-20100526a-23.el6 wcd-5.2.4-1.el6 Details about builds: ================================================================================ Django14-1.4.7-1.el6 (FEDORA-EPEL-2013-11550) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: Rebase to 1.4.7, fixes CVE-2013-4315 -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 12 2013 Matthias Runge <mru...@redhat.com> - 1.4.7-1 - update to 1.4.7, fix CVE 2013-4315, fixes rhbz 1007020 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1004969 - CVE-2013-4315 python-django: directory traversal with "ssi" template tag https://bugzilla.redhat.com/show_bug.cgi?id=1004969 -------------------------------------------------------------------------------- ================================================================================ glpi-0.83.9.1-4.el6 (FEDORA-EPEL-2013-11552) Free IT asset management software -------------------------------------------------------------------------------- Update Information: Security improvement: restrict access to installation wizard from local server only. Remote access need to be explicitly allowed in configuration (/etc/httpd/conf.d/glpi.conf). -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 12 2013 Remi Collet <r...@fedoraproject.org> - 0.83.9.1-4 - restrict access for install to local for security - drop bundled Flash files files, #1000251 - Add a missing requirement on crontabs to spec file -------------------------------------------------------------------------------- ================================================================================ ldapvi-1.7-17.el6 (FEDORA-EPEL-2013-11546) An interactive LDAP client -------------------------------------------------------------------------------- Update Information: Add fix of double free() crash (#949157), also fix old FSF address -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 11 2013 Matěj Cepl <mc...@redhat.com> - 1.7-17 - Add fix of double free() crash (#949157) - Fix old FSF address * Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.7-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.7-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jul 19 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.7-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.7-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #949157 - [PATCH] fix use-after-free in sasl code https://bugzilla.redhat.com/show_bug.cgi?id=949157 -------------------------------------------------------------------------------- ================================================================================ nf3d-0.8-1.el6 (FEDORA-EPEL-2013-11551) GANTT-style visualization for netfilter connections and logged packets -------------------------------------------------------------------------------- Update Information: New RPM. -------------------------------------------------------------------------------- References: [ 1 ] Bug #967485 - Review Request: nf3d - GANTT-style visualization for Netfilter connections and logged packets https://bugzilla.redhat.com/show_bug.cgi?id=967485 -------------------------------------------------------------------------------- ================================================================================ openstack-swift-1.7.4-3.el6 (FEDORA-EPEL-2013-11556) OpenStack Object Storage (swift) -------------------------------------------------------------------------------- Update Information: This update fixes the possibility to fill up a Swift fluster with invalid tombstone files by attacking with DELETE requests with a special timestamp. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 11 2013 Pete Zaitcev <zait...@redhat.com> - 1.7.4-3 - CVE-2013-4155 "Fix handling of DELETE obj reqs with old timestamp" * Wed Jan 23 2013 Martin Magr <mm...@redhat.com> - 1.7.4-2.3 - Added python-keystone requirement * Fri Jan 18 2013 Pete Zaitcev <zait...@redhat.com> 1.7.4-2.3 - Relocate object-expirer to proxy subpackage - cleanups from Smokestack spec (Dan Prince) * Thu Jan 17 2013 Alan Pevec <ape...@redhat.com> 1.7.4-2.2 - adjust openstack-swift-functions for new init scripts * Wed Jan 9 2013 Pete Zaitcev <zait...@redhat.com> - 1.7.4-2.1 - Add missing Upstart jobs and init scripts for daemons, bz#885530 - Drop duplicated /var/run directories from the spec -------------------------------------------------------------------------------- References: [ 1 ] Bug #994666 - CVE-2013-4155 openstack-swift: OpenStack: Swift Denial of Service using superfluous object tombstones [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=994666 -------------------------------------------------------------------------------- ================================================================================ openvpn-2.3.2-2.el6 (FEDORA-EPEL-2013-11538) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information: Enable --enable-x509-alt-username. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 12 2013 Jon Ciesla <limburg...@gmail.com> 2.3.2-2 - Enable --enable-x509-alt-username, BZ 1007184. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007184 - Request to enable the "--enable-x509-alt-username" compile-time option https://bugzilla.redhat.com/show_bug.cgi?id=1007184 -------------------------------------------------------------------------------- ================================================================================ perl-File-KeePass-2.03-3.el6 (FEDORA-EPEL-2013-11540) Interface to KeePass V1 and V2 database files -------------------------------------------------------------------------------- Update Information: Interface to KeePass V1 and V2 database files -------------------------------------------------------------------------------- References: [ 1 ] Bug #1002321 - Review Request: perl-File-KeePass - Interface to KeePass V1 and V2 database files https://bugzilla.redhat.com/show_bug.cgi?id=1002321 -------------------------------------------------------------------------------- ================================================================================ php-htmLawed-1.1.16-1.el6 (FEDORA-EPEL-2013-11543) PHP code to purify and filter HTML -------------------------------------------------------------------------------- Update Information: htmLawed 1.1.16, 29 August 2013: - fix for a potential security vulnerability arising from specialy encoded space characters in URL schemes/protocols -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 12 2013 Remi Collet <r...@fedoraproject.org> - 1.1.16-1 - update to 1.1.16, fix for a potential security vulnerability arising from specialy encoded space characters in URL schemes/protocols -------------------------------------------------------------------------------- ================================================================================ qt5-qtgraphicaleffects-5.1.1-1.el6 (FEDORA-EPEL-2013-11553) Qt5 - QtGraphicalEffects component -------------------------------------------------------------------------------- Update Information: The Qt Graphical Effects module provides a set of QML types for adding visually impressive and configurable effects to user interfaces. -------------------------------------------------------------------------------- References: [ 1 ] Bug #915913 - Review Request: qt5-qtgraphicaleffects - Qt5 - QtGraphicalEffects component https://bugzilla.redhat.com/show_bug.cgi?id=915913 -------------------------------------------------------------------------------- ================================================================================ qt5-qtimageformats-5.1.1-1.el6 (FEDORA-EPEL-2013-11554) Qt5 - QtImageFormats component -------------------------------------------------------------------------------- Update Information: The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA, TIFF, WBMP. -------------------------------------------------------------------------------- References: [ 1 ] Bug #915916 - Review Request: qt5-qtimageformats - Qt5 - QtImageFormats component https://bugzilla.redhat.com/show_bug.cgi?id=915916 -------------------------------------------------------------------------------- ================================================================================ qt5-qtsvg-5.1.1-1.el6 (FEDORA-EPEL-2013-11547) Qt5 - Support for rendering and displaying SVG -------------------------------------------------------------------------------- Update Information: Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. -------------------------------------------------------------------------------- References: [ 1 ] Bug #915920 - Review Request: qt5-qtsvg - Qt5 - QtSvg component https://bugzilla.redhat.com/show_bug.cgi?id=915920 -------------------------------------------------------------------------------- ================================================================================ qt5-qttools-5.1.1-3.el6 (FEDORA-EPEL-2013-11531) Qt5 - QtTool components -------------------------------------------------------------------------------- Update Information: QtWebKit, and Tools modules portion of Qt 5.1.1 release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1006254 - wrong path to lrelease https://bugzilla.redhat.com/show_bug.cgi?id=1006254 -------------------------------------------------------------------------------- ================================================================================ qt5-qtwebkit-5.1.1-1.el6 (FEDORA-EPEL-2013-11531) Qt5 - QtWebKit components -------------------------------------------------------------------------------- Update Information: QtWebKit, and Tools modules portion of Qt 5.1.1 release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1006254 - wrong path to lrelease https://bugzilla.redhat.com/show_bug.cgi?id=1006254 -------------------------------------------------------------------------------- ================================================================================ qt5-qtxmlpatterns-5.1.1-1.el6 (FEDORA-EPEL-2013-11544) Qt5 - QtXmlPatterns component -------------------------------------------------------------------------------- Update Information: The Qt XML Patterns module provides support for XPath, XQuery, XSLT, and XML Schema validation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #915923 - Review Request: qt5-qtxmlpatterns - Qt5 - QtXmlPatterns component https://bugzilla.redhat.com/show_bug.cgi?id=915923 -------------------------------------------------------------------------------- ================================================================================ qtbrowserplugin-2.4-3.el6 (FEDORA-EPEL-2013-11549) Qt Solutions Component: Browser Plugin -------------------------------------------------------------------------------- Update Information: The QtBrowserPlugin solution is useful for implementing plugins for web browser. -------------------------------------------------------------------------------- ================================================================================ racoon2-20100526a-23.el6 (FEDORA-EPEL-2013-11541) An implementation of key management system for IPsec -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 12 2013 Pavel Šimerda <psime...@redhat.com> - 20100526a-23 - prefix init script daemon names with /racoon2-/ (#1006613, patch by Grant Hammond) * Sun Aug 4 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 20100526a-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <ppi...@redhat.com> - 20100526a-21 - Perl 5.18 rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 20100526a-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jan 17 2013 Pavel Šimerda <psime...@redhat.com> - 20100526a-19 - Fix racoon2 script to call prefixed binaries * Sat Jul 21 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 20100526a-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1006613 - init script has incorrect daemon names https://bugzilla.redhat.com/show_bug.cgi?id=1006613 -------------------------------------------------------------------------------- ================================================================================ wcd-5.2.4-1.el6 (FEDORA-EPEL-2013-11539) Chdir for DOS and Unix -------------------------------------------------------------------------------- Update Information: New upstream version 5.2.4. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 11 2013 Erwin Waterlander <water...@xs4all.nl> - 5.2.4-1 - New upstream version 5.2.4. -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel