[EPEL-devel] Fedora EPEL 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Dec 3 06:38:45 UTC 2014
The following Fedora EPEL 6 Security updates need testing:
Age URL
955 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
174 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6
45 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1.el6,python-astroid-1.2.1-2.el6,python-logilab-common-0.62.1-2.el6
20 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1
13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4151/lsyncd-2.1.4-4.el6.1.1
13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4144/nodejs-0.10.33-1.el6,libuv-0.10.29-1.el6
12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4165/python-eyed3-0.7.4-5.el6
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4237/drupal7-7.34-1.el6
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4192/wordpress-4.0.1-1.el6
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4233/drupal6-6.34-1.el6
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4242/facter-1.6.18-8.el6
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4243/asterisk-1.8.32.1-1.el6
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2069/php-channel-phpseclib-1.3-1.el6,php-sabredav-Sabre_VObject-2.1.4-2.el6,php-sabredav-Sabre_HTTP-1.7.11-1.el6,php-sabredav-Sabre_DAVACL-1.7.9-1.el6,php-sabredav-Sabre_DAV-1.7.13-1.el6,php-sabredav-Sabre_CardDAV-1.7.9-2.el6,php-sabredav-Sabre_CalDAV-1.7.9-1.el6,php-irodsphp-3.3.0-0.4.beta1.el6,php-phpseclib-net-ssh2-0.3.9-1.el6,php-phpseclib-net-sftp-0.3.9-1.el6,php-phpseclib-crypt-twofish-0.3.9-2.el6,php-phpseclib-crypt-tripledes-0.3.9-2.el6,php-phpseclib-crypt-rsa-0.3.9-1.el6,php-phpseclib-crypt-rijndael-0.3.9-2.el6,php-phpseclib-crypt-rc4-0.3.9-2.el6,php-phpseclib-crypt-random-0.3.9-1.el6,php-phpseclib-crypt-hash-0.3.9-1.el6,php-phpseclib-crypt-des-0.3.9-2.el6,php-phpseclib-crypt-blowfish-0.3.9-2.el6,php-phpseclib-crypt-aes-0.3.9-1.el6,php-phpseclib-math-biginteger-0.3.9-1.el6,php-phpseclib-crypt-base-0.3.9-1.el6,owncloud-6.0.6-1.el6
7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4281/docker-io-1.3.2-2.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4404/perl-YAML-LibYAML-0.38-5.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4384/antiword-0.37-17.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4407/pkcs11-helper-1.11-3.el6,openvpn-2.3.6-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
antiword-0.37-17.el6
cp2k-2.4-3.20140428svn13818.el6
openvpn-2.3.6-1.el6
perl-YAML-LibYAML-0.38-5.el6
php-aws-sdk-2.7.6-1.el6
pkcs11-helper-1.11-3.el6
pyhoca-gui-0.5.0.3-1.el6
python-cliapp-1.20140719-1.el6
python-x2go-0.5.0.2-1.el6
scotch-6.0.3-2.el6
statsd-0.7.2-3.el6
xpdf-3.04-6.el6
Details about builds:
================================================================================
antiword-0.37-17.el6 (FEDORA-EPEL-2014-4384)
MS Word to ASCII/Postscript converter
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-8123
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Adrian Reber <adrian at lisas.de> - 0.37-17
- added patch for "CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]" (#1169665)
- fixed dates in changelog
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169665 - CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]
https://bugzilla.redhat.com/show_bug.cgi?id=1169665
--------------------------------------------------------------------------------
================================================================================
cp2k-2.4-3.20140428svn13818.el6 (FEDORA-EPEL-2014-4396)
Ab Initio Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:
This update fixes the broken dependencies caused by RHEL/CentOS 6.6 upgrade and updates the code to latest snapshot from the stable 2.4 branch.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2014 Dominik Mierzejewski <rpm at greysector.net> - 2.4-3.20140428svn13818
- update to latest 2.4 branch snapshot
- fix build against current blacs/scalapack
- mpich2 got renamed to mpich
- fix description (cp2k doesn't implement Car-Parinello Molecular Dynamics)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1155075 - cp2k-mpich2 and cp2k-openmpi got broken by rhel 6.6 update
https://bugzilla.redhat.com/show_bug.cgi?id=1155075
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.6-1.el6 (FEDORA-EPEL-2014-4407)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Jon Ciesla <limburgher at gmail.com> 2.3.6-1
- 2.3.6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
perl-YAML-LibYAML-0.38-5.el6 (FEDORA-EPEL-2014-4404)
Perl YAML Serialization using XS and libyaml
--------------------------------------------------------------------------------
Update Information:
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Paul Howarth <paul at city-fan.org> - 0.38-5
- Fix assert failure when parsing wrapped strings (CVE-2014-9130)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings
https://bugzilla.redhat.com/show_bug.cgi?id=1169369
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk-2.7.6-1.el6 (FEDORA-EPEL-2014-4391)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 2.7.6 - 2014-11-20
* Added support for AWS KMS integration to the Amazon Redshift Client.
* Fixed cn-north-1 endpoint for AWS Identity and Access Management.
* Updated `S3Client::getBucketLocation` method to work cross-region regardless of the region's signature requirements.
* Fixed an issue with the DynamoDbClient that allows it to work better with with DynamoDB Local.
## 2.7.5 - 2014-11-13
* Added support for AWS Lambda.
* Added support for event notifications to the Amazon S3 client.
* Fixed an issue with S3 pre-signed URLs when using Signature V4.
## 2.7.4 - 2014-11-12
* Added support for the AWS Key Management Service (AWS KMS).
* Added support for AWS CodeDeploy.
* Added support for AWS Config.
* Added support for AWS KMS encryption to the Amazon S3 client.
* Added support for AWS KMS encryption to the Amazon EC2 client.
* Added support for Amazon CloudWatch Logs delivery to the AWS CloudTrail client.
* Added the GetTemplateSummary operation to the AWS CloudFormation client.
* Fixed an issue with sending signature version 4 Amazon S3 requests that contained a 0 length body.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 25 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.7.6-1
- Updated to 2.7.6 (BZ #1164158)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164158 - php-aws-sdk-2.7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1164158
--------------------------------------------------------------------------------
================================================================================
pkcs11-helper-1.11-3.el6 (FEDORA-EPEL-2014-4407)
A library for using PKCS#11 providers
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Apr 11 2014 Jon Ciesla <limburgher at gmail.com> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr 2 2013 Kalev Lember <kalevlember at gmail.com> - 1.10-1
- Update to 1.10
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.09-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.09-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.09-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Aug 17 2011 Kalev Lember <kalevlember at gmail.com> - 1.09-1
- Update to 1.09
* Sun Jun 19 2011 Kalev Lember <kalev at smartlink.ee> - 1.08-1
- Update to 1.08
- Clean up the spec file for modern rpmbuild
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.07-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
pyhoca-gui-0.5.0.3-1.el6 (FEDORA-EPEL-2014-4383)
Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Orion Poplawski <orion at cora.nwra.com> - 0.5.0.3-1
- Update to 0.5.0.3
--------------------------------------------------------------------------------
================================================================================
python-cliapp-1.20140719-1.el6 (FEDORA-EPEL-2014-4405)
Python framework for Unix command line programs
--------------------------------------------------------------------------------
Update Information:
Version 1.20140719
* The way logging is set up has been split into smaller methods, to allow overriding better.
* Plugins no longer need to define a `disable` method: the default implementation is now a no-op.
Bug fixes:
* When getting help for a subcommand, cliapp would crash saying
`get_help_text_formatter` couldn't be found. This has been fixed.
Version 1.20140315
------------------
* `cliapp` now logs the current working directory, uid, effective uid, gid, and effective gid at startup.
* `cliapp` (`Settings.load_configs`) now reports an unknown
variable in a configuration file with a nice error message, rather than a stack trace.
* Allow overriding how the full help text for a subcommand is to be formatted.
* The `cliapp.Settings.require` method now accepts many setting names, and check for all of them.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Michel Alexandre Salim <salimma at fedoraproject.org> - 1.20140719-1
- Update to 1.20140719
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1077600 - python-cliapp-1.20140719 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1077600
--------------------------------------------------------------------------------
================================================================================
python-x2go-0.5.0.2-1.el6 (FEDORA-EPEL-2014-4383)
Python module providing X2Go client API
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Orion Poplawski <orion at cora.nwra.com> - 0.5.0.2-1
- Update to 0.5.0.2
--------------------------------------------------------------------------------
================================================================================
scotch-6.0.3-2.el6 (FEDORA-EPEL-2014-4381)
Graph, mesh and hypergraph partitioning library
--------------------------------------------------------------------------------
Update Information:
New package for el6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1112738 - please build for EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1112738
--------------------------------------------------------------------------------
================================================================================
statsd-0.7.2-3.el6 (FEDORA-EPEL-2014-4401)
A simple, lightweight network daemon to collect metrics over UDP
--------------------------------------------------------------------------------
Update Information:
fix end of line encodings
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164496 - Review Request: statsd - A simple, lightweight network daemon to collect metrics over UDP
https://bugzilla.redhat.com/show_bug.cgi?id=1164496
--------------------------------------------------------------------------------
================================================================================
xpdf-3.04-6.el6 (FEDORA-EPEL-2014-4399)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
fix proper display of international strings in the title
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Tom Callaway <spot at fedoraproject.org> - 1:3.04-6
- fix proper display of international strings in the title (bz 1169301)
* Fri Sep 12 2014 Tom Callaway <spot at fedoraproject.org> - 1:3.04-5
- fix .desktop file
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:3.04-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:3.04-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169301 - xpdf does not show non-ASCII paths correctly
https://bugzilla.redhat.com/show_bug.cgi?id=1169301
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list