[EPEL-devel] Fedora EPEL 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Apr 30 17:13:46 UTC 2015 

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 1103  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
 168  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1
  29  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1501/strongswan-5.3.0-1.el6
  19  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5742/asterisk-1.8.32.3-1.el6
  12  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5859/cherokee-1.2.103-6.el6
  12  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5836/mod_proxy_fcgi-2.4.10-1.20150415gitd45a11f.el6
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5972/testdisk-7.0-2.el6
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5964/ikiwiki-3.20150329-1.el6
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5985/python-crypto2.1-2.1.0-4.el6
   3  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6009/dpkg-1.16.16-5.el6
   1  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5933/wordpress-4.2.1-1.el6
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6089/drupal7-views-3.11-1.el6
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6083/clamav-0.98.7-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    clamav-0.98.7-1.el6
    drupal7-views-3.11-1.el6
    mash-0.6.14-1.el6
    opendmarc-1.3.1-13.el6
    perl-Crypt-PBKDF2-0.150900-1.el6
    wildmagic5-5.13-9.el6

Details about builds:


================================================================================
 clamav-0.98.7-1.el6 (FEDORA-EPEL-2015-6083)
 Anti-virus software
--------------------------------------------------------------------------------
Update Information:

ClamAV 0.98.7
=============

This release contains new scanning features and bug fixes.

  - Improvements to PDF processing: decryption, escape sequence handling, and file property collection.
  - Scanning/analysis of additional Microsoft Office 2003 XML format.
  - Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
  - Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
  - Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong.
  - Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior.
  - Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior.
  - Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668.
  - Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes.
  - Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305.
  - Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
  - Fix segfault scanning certain HTML files. Reported with sample by Kai Risku.
  - Improve detections within xar/pkg files.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2015 Robert Scheck <robert at fedoraproject.org> - 0.98.7-1
- Upgrade to 0.98.7 and updated daily.cvd (#1217014)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1217206 - CVE-2015-2221: clamav Infinite loop condition on crafted y0da cryptor file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217206
  [ 2 ] Bug #1217207 - CVE-2015-2222 clamav: crash on crafted petite packed file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217207
  [ 3 ] Bug #1217208 - CVE-2015-2668 clamav: Infinite loop condition on a crafted "xz" archive file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217208
  [ 4 ] Bug #1217209 - CVE-2015-2170: clamav: Crash in upx decoder with crafted file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217209
--------------------------------------------------------------------------------


================================================================================
 drupal7-views-3.11-1.el6 (FEDORA-EPEL-2015-6089)
 Provides a method for site designers to control content presentation
--------------------------------------------------------------------------------
Update Information:

- Release 3.11 is a security fix release
- Upstream changelog is at https://www.drupal.org/node/2480259
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 30 2015 Peter Borsa <peter.borsa at gmail.com> - 3.11-1
- Release 3.11 is a security fix release
- Upstream changelog is at https://www.drupal.org/node/2480259
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1217279 - drupal7-views-3.11 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1217279
--------------------------------------------------------------------------------


================================================================================
 mash-0.6.14-1.el6 (FEDORA-EPEL-2015-6087)
 Koji buildsystem to yum repository converter
--------------------------------------------------------------------------------
Update Information:

blacklist php and httpd from being multilib rhbz#1217168 (dennis)
Make blacklist/whitelist into config values. based on patch from Ralph Bean in rhbz#1082832 (dennis)
Pass the config object into the multilib method objects. (rbean)
Add configs for stg. (rbean)
update the mash configs for rawhide (dennis)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2015 Dennis Gilmore <dennis at ausil.us> - 0.6.14-1
- blacklist php and httpd from being multilib rhbz#1217168 (dennis)
- Make blacklist/whitelist into config values. based on patch from Ralph Bean
  in rhbz#1082832 (dennis)
- Pass the config object into the multilib method objects. (rbean)
- Add configs for stg. (rbean)
- update the mash configs for rawhide (dennis)
* Tue Feb 10 2015 Dennis Gilmore <dennis at ausil.us> - 0.6.13-2
- add patch moving rawhide to f23
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1217168 - httpd and php should not be multilib
        https://bugzilla.redhat.com/show_bug.cgi?id=1217168
  [ 2 ] Bug #1082832 - RFE: make whitelist and blacklist config options instead of hard coded
        https://bugzilla.redhat.com/show_bug.cgi?id=1082832
--------------------------------------------------------------------------------


================================================================================
 opendmarc-1.3.1-13.el6 (FEDORA-EPEL-2015-6073)
 A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
--------------------------------------------------------------------------------
Update Information:

- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
- Added libspf2-devel to BuildRequires
- libspf2 support now provided for all branches

--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-13
- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
* Mon Apr 13 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-12
- Added libspf2-devel to BuildRequires
- libspf2 support now provided for all branches
* Thu Apr  9 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-11
- Added --with-libspf2 support for all branches except EL5
* Fri Apr  3 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-10
- policycoreutils now only required for EL5
* Mon Mar 30 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-9
- policycoreutils* now only required for Fedora and EL6+
- Added --with-sql-backend configure support
- Changed a few macros
* Sun Mar 29 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-8
- removed unecessary Requires packages
- moved libbsd back to BuildRequires
- removed unecessary %defattr
- added support for BSD and Sendmail in place of %doc
- Changed some opendmarc macro usages
* Sat Mar 28 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-7
- added (x86-64) to Requires where necessary
- added sendmail-milter to Requires
- moved libbsd from BuildRequires to Requires
- added policycoreutils and policycoreutils-python to Requires(post)
* Sat Mar 28 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-6
- Removed uneeded _pkgdocdir reference
* Fri Mar 27 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-5
- Combined systemd and SysV spec files using conditionals
- Set AuthservID configuration option to HOSTNAME by default
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
        https://bugzilla.redhat.com/show_bug.cgi?id=905304
--------------------------------------------------------------------------------


================================================================================
 perl-Crypt-PBKDF2-0.150900-1.el6 (FEDORA-EPEL-2015-6075)
 PBKDF2 password hashing algorithm
--------------------------------------------------------------------------------
Update Information:

Upgrade to 0.150900.  Bugfix
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 30 2015 David Dick <ddick at cpan.org> - 0.150900-1
- Upgrade to 0.150900.  Bugfix
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1207883 - perl-Crypt-PBKDF2-0.150900 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1207883
--------------------------------------------------------------------------------


================================================================================
 wildmagic5-5.13-9.el6 (FEDORA-EPEL-2015-6086)
 Wild Magic libraries
--------------------------------------------------------------------------------
Update Information:

- **New package**
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1211362 - Review Request: wildmagic5 - Wild Magic libraries
        https://bugzilla.redhat.com/show_bug.cgi?id=1211362
--------------------------------------------------------------------------------

More information about the epel-devel mailing list