The following Fedora EPEL 6 Security updates need testing:
Age URL
589
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gri...
401
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
102
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0376/openconnect...
59
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0823/openstack-k...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5801/python-virt...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5853/owncloud-4....
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5862/python-back...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5865/moodle-2.2....
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5893/mediawiki11...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5919/livecd-tool...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5928/transifex-c...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5992/cgit-0.9.2-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5994/mod_securit...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5995/socat-1.7.2...
The following builds have been pushed to Fedora EPEL 6 updates-testing
cgit-0.9.2-1.el6
libmspack-0.4-0.1.alpha.el6
mod_security-2.7.3-2.el6
nodejs-async-0.2.9-1.el6
nodejs-request-2.16.6-4.el6
qgit-2.5-1.el6
socat-1.7.2.2-1.el6
Details about builds:
================================================================================
cgit-0.9.2-1.el6 (FEDORA-EPEL-2013-5992)
A fast web interface for git
--------------------------------------------------------------------------------
Update Information:
A directory traversal vulnerability was discovered in cgit. By default, cgit is not
affected. However, if cgit is configured to use a readme file from a filesystem path
instead of from the git repo itself then files outside of the repository can be read.
Refer to the discussion on oss-security for further details:
http://www.openwall.com/lists/oss-security/2013/05/25/3
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 27 2013 Todd Zullinger <tmz(a)pobox.com> - 0.9.2-1
- Update to 0.9.2, fixes CVE-2013-2117
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.9.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Nov 21 2012 Kevin Fenzi <kevin(a)scrye.com> 0.9.1-3
- Fixed ldflags. Fixes bug 878611
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967346 - CVE-2013-2117 cgit: directory traversal
https://bugzilla.redhat.com/show_bug.cgi?id=967346
--------------------------------------------------------------------------------
================================================================================
libmspack-0.4-0.1.alpha.el6 (FEDORA-EPEL-2013-5997)
Library for CAB and related files compression and decompression
--------------------------------------------------------------------------------
Update Information:
update to version 0.4
- add support for decompressing a new file format, the Exchange Offline Address Book
(OAB)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 28 2013 Dan Horák <dan[at]danny.cz> - 0.4-0.1.alpha
- updated to 0.4alpha
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3-0.4.alpha
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3-0.3.alpha
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3-0.2.alpha
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon May 16 2011 Dan Horák <dan[at]danny.cz> - 0.3-0.1.alpha
- updated to 0.3alpha
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.2-0.2.20100723alpha
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mod_security-2.7.3-2.el6 (FEDORA-EPEL-2013-5994)
Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) and a possible memory leak.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 28 2013 Athmane Madjoudj <athmane(a)fedoraproject.org> 2.7.3-2
- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
- Fix a possible memory leak.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967615 - mod_security: NULL pointer dereference (DoS, crash) when
forceRequestBodyVariable action triggered and unknown Content-Type was used
https://bugzilla.redhat.com/show_bug.cgi?id=967615
--------------------------------------------------------------------------------
================================================================================
nodejs-async-0.2.9-1.el6 (FEDORA-EPEL-2013-5993)
Higher-order functions and common patterns for asynchronous code
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 0.2.9.
Update to upstream release 0.2.8
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 28 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.2.9-1
- update to upstream release 0.2.9
- add %check
* Sat May 25 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.2.8-1
- update to upstream release 0.2.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967820 - nodejs-async-0.2.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=967820
[ 2 ] Bug #950370 - nodejs-async-0.2.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=950370
--------------------------------------------------------------------------------
================================================================================
nodejs-request-2.16.6-4.el6 (FEDORA-EPEL-2013-5998)
Simplified HTTP request client
--------------------------------------------------------------------------------
Update Information:
Fix versioned dependency on npm(qs).
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 28 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 2.16.6-4
- make versioned dependency on npm(qs) less specific
- add %check
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967581 - Broken dependency on npm(qs)
https://bugzilla.redhat.com/show_bug.cgi?id=967581
--------------------------------------------------------------------------------
================================================================================
qgit-2.5-1.el6 (FEDORA-EPEL-2013-5989)
GUI browser for git repositories
--------------------------------------------------------------------------------
Update Information:
update to new upstream version 2.5
- Chris OBryan fixed the sorting of the tree-view with non-latin locales
- Tim Blechmann contributed a better support for dark GUI color schemes
- the annoying bug of off-sync line numbers in the annotation file view is now gone
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 27 2013 Dan Horák <dan[at]danny.cz> - 2.5-1
- update to 2.5
* Fri Feb 22 2013 Toshio Kuratomi <toshio(a)fedoraproject.org> - 2.4-6
- iremove --vendor from desktop-file-install
https://fedorahosted.org/fesco/ticket/1077
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.4-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
socat-1.7.2.2-1.el6 (FEDORA-EPEL-2013-5995)
Bidirectional data relay between two data channels ('netcat++')
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2013-3571: Denial of service due to file descriptor leak
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 27 2013 Paul Wouters <pwouters(a)redhat.com> - 1.7.2.2-1
- Updated to 1.7.2.2 for CVE-2013-3571, rhbz#967540
* Tue Nov 20 2012 Paul Wouters <pwouters(a)redhat.com> - 1.7.2.1-3
- Patch for procan-cdefs.c warning: format '%Zu' expects argumentof type
'size_t',
but argument 3 has type 'int' [-Wformat]. This fixes two of the three failing
test cases in test.sh
- Added commented out check section, as it does not support "make check"
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967345 - CVE-2013-3571 socat: Denial of service due to file descriptor leak
https://bugzilla.redhat.com/show_bug.cgi?id=967345
--------------------------------------------------------------------------------