Fedora EPEL 6 updates-testing report

Sat Mar 31 18:27:19 UTC 2012

The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0928/libpng10-1.0.59-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0929/drupal7-ctools-1.0-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0349/bugzilla-3.4.14-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0927/openstack-nova-2011.3.1-8.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0921/trytond-1.8.6-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0850/drupal6-date-2.8-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0943/asterisk-1.8.11.0-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0941/perl-Pod-Plainer-1.03-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0795/nginx-1.0.14-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0916/openstack-keystone-2012.1-0.12.rc1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6

The following builds have been pushed to Fedora EPEL 6 updates-testing

    asterisk-1.8.11.0-1.el6
    gambit-c-4.6.5-2.el6
    perl-Perl-Destruct-Level-0.02-2.el6
    perl-Pod-Plainer-1.03-1.el6

Details about builds:

================================================================================
 asterisk-1.8.11.0-1.el6 (FEDORA-EPEL-2012-0943)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

Update to 1.8.11.0
Update to 1.8.10.1, which fixes 2 security vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 30 2012 Russell Bryant <russell at russellbryant.net> - 1.8.11.0-1
- Update to 1.8.11.0
* Sat Mar 17 2012 Russell Bryant <russell at russellbryant.net> - 1.8.10.1-1
- Update to 1.8.10.1 from upstream.
- Fix remote stack overflow in app_milliwatt.
- Fix remote stack overflow, including possible code injection, in HTTP digest
  authentication handling.
- Diable build of SRTP on ppc64, as it doesn't build right now.
- Resolves: rhbz#804045, rhbz#804038, rhbz#804042
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #804038 - CVE-2012-1183 asterisk: Stack-based buffer overwrite by processing large audio packet in Miliwatt application (AST-2012-002)
        https://bugzilla.redhat.com/show_bug.cgi?id=804038
  [ 2 ] Bug #804042 - CVE-2012-1184 asterisk: Stack-based buffer overflow by processing certain HTTP Digest Authentication headers (AST-2012-003)
        https://bugzilla.redhat.com/show_bug.cgi?id=804042
--------------------------------------------------------------------------------

================================================================================
 gambit-c-4.6.5-2.el6 (FEDORA-EPEL-2012-0920)
 Scheme programming system
--------------------------------------------------------------------------------
Update Information:

- Latest upstream release
- Use -O1 on ppc64; -O2 causes GCC internal compiler error
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 31 2012 Michel Salim <salimma at fedoraproject.org> - 4.6.5-2
- Reduce optimization level on ppc64 to work around gcc compilation error
* Thu Mar 29 2012 Michel Salim <salimma at fedoraproject.org> - 4.6.5-1
- Update to 4.6.5
- Drop termite subpackages, they have been disabled for many releases
- Disable ppc64 target for now; broken since 4.6.4
* Wed Feb 15 2012 Michel Salim <salimma at fedoraproject.org> - 4.6.4-1
- Update to 4.6.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #790373 - gambit-c-4.6.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=790373
--------------------------------------------------------------------------------

================================================================================
 perl-Perl-Destruct-Level-0.02-2.el6 (FEDORA-EPEL-2012-0940)
 Allows you to change perl's internal destruction level
--------------------------------------------------------------------------------
Update Information:

This is the first EPEL release of perl-Perl-Destruct-Level.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #802865 - Review Request: perl-Perl-Destruct-Level - Allows you to change perl's internal destruction level
        https://bugzilla.redhat.com/show_bug.cgi?id=802865
--------------------------------------------------------------------------------

================================================================================
 perl-Pod-Plainer-1.03-1.el6 (FEDORA-EPEL-2012-0941)
 Perl extension for converting Pod to old-style Pod
--------------------------------------------------------------------------------
Update Information:

The perl(Pod::Plainer) is requred by LSB 4.1, but was obsoleted by the Perl upstream. So new software MUST NOT uses this module.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #79 - Rootshell reported bug, shits.c
        https://bugzilla.redhat.com/show_bug.cgi?id=79
  [ 2 ] Bug #9284 - files missing in latest build of irda-utils for beta3
        https://bugzilla.redhat.com/show_bug.cgi?id=9284
--------------------------------------------------------------------------------