The following Fedora EPEL 6 Security updates need testing:
Age URL
821
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
168
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
153
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
62
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1471/chicken-4.8...
59
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1477/drupal7-vie...
43
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1584/python-djbl...
40
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
31
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1693/perl-Email-...
25
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1745/mediawiki11...
19
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1807/chrony-1.30...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1782/zarafa-7.1....
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1889/php-ZendFra...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1906/polarssl-1....
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1913/ipython-0.1...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1934/drupal7-7.2...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1961/cobbler-2.6...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1923/sdcc-3.2.0-...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1947/drupal6-6.3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1984/ansible-1.6...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1980/moodle-2.4....
The following builds have been pushed to Fedora EPEL 6 updates-testing
ansible-1.6.7-1.el6
ansifilter-1.8-2.el6
cpulimit-0.1-1.20140722gitcabeb99.el6
easytag-2.1.7-1.el6
fail2ban-0.8.13-1.el6
gridsite-2.2.5-2.el6
lua-ldap-1.1.0-3.el6
moodle-2.4.11-1.el6
perl-Clone-PP-1.06-1.el6
perl-Date-Holidays-DE-1.6-2.el6
perl-DateTime-Format-RFC3339-1.0.5-1.el6
php-horde-Horde-CssMinify-1.0.1-1.el6
php-horde-Horde-JavascriptMinify-1.1.0-1.el6
php-horde-Horde-Mail-Autoconfig-1.0.0-1.el6
php-horde-Horde-OpenXchange-1.0.0-1.el6
php-horde-Horde-Service-Gravatar-1.0.0-1.el6
php-horde-wicked-2.0.1-2.el6
php-mikey179-vfsstream-1.3.0-1.el6
php-ocramius-instantiator-1.0.0-1.el6
php-ocramius-lazy-map-1.0.0-1.el6
php-pecl-solr2-2.0.0-1.el6
php-pecl-ssdeep-1.0.4-1.el6
python-behave-1.2.4-2.el6
python-enum34-1.0-4.el6
python-parse_type-0.3.4-2.el6
repo_manager-0.1.0-3.el6
shinken-2.0.3-5.el6
Details about builds:
================================================================================
ansible-1.6.7-1.el6 (FEDORA-EPEL-2014-1984)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.7 Fixes CVE-2014-4966 and CVE-2014-4967
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 21 2014 Kevin Fenzi <kevin(a)scrye.com> 1.6.7-1
- Update to 1.6.7
- Fixes CVE-2014-4966 and CVE-2014-4967
--------------------------------------------------------------------------------
================================================================================
ansifilter-1.8-2.el6 (FEDORA-EPEL-2014-1973)
ANSI terminal escape code converter
--------------------------------------------------------------------------------
Update Information:
Ansifilter handles text files containing ANSI terminal escape codes. The command sequences
may be stripped or be interpreted to generate formatted output (HTML, RTF, TeX, LaTeX,
BBCode).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1111541 - Review Request: ansifilter - ANSI terminal escape code converter
https://bugzilla.redhat.com/show_bug.cgi?id=1111541
--------------------------------------------------------------------------------
================================================================================
cpulimit-0.1-1.20140722gitcabeb99.el6 (FEDORA-EPEL-2014-1976)
CPU Usage Limiter for Linux
--------------------------------------------------------------------------------
Update Information:
Rebuild based on the github sources
--------------------------------------------------------------------------------
================================================================================
easytag-2.1.7-1.el6 (FEDORA-EPEL-2014-1991)
Tag editor for mp3, ogg, flac and other music files
--------------------------------------------------------------------------------
Update Information:
Update to 2.1.7 final
--------------------------------------------------------------------------------
================================================================================
fail2ban-0.8.13-1.el6 (FEDORA-EPEL-2014-1985)
Ban IPs that make too many password failures
--------------------------------------------------------------------------------
Update Information:
- Update to 0.8.13 (should fix bug #1047363)
- Use upstream's logrotate script (bug #891798)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 21 2014 Orion Poplawski <orion(a)cora.nwra.com> - 0.8.13-1
- Update to 0.8.13 (should fix bug #1047363)
- Use upstream's logrotate script (bug #891798)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1047363 - fail2ban [asterisk] jail doesn't create both tcp and udp
iptables rules
https://bugzilla.redhat.com/show_bug.cgi?id=1047363
[ 2 ] Bug #891798 - fail2ban logrotate script is either useless or mangles up the
setting of fail2ban's logtarget
https://bugzilla.redhat.com/show_bug.cgi?id=891798
--------------------------------------------------------------------------------
================================================================================
gridsite-2.2.5-2.el6 (FEDORA-EPEL-2014-1982)
Grid Security for the Web, Web platforms for Grids
--------------------------------------------------------------------------------
Update Information:
Revision of GridSite fixing several issues:
* two or more simultaneous (overlapping) delegation operations
* time handling in signature verification functions
* memory leaks
* stability and memory handling problems
Upstream release notes:
*
https://github.com/CESNET/gridsite/wiki/Gridsite-release-page#GridSite_2221
*
https://github.com/CESNET/gridsite/wiki/Gridsite-release-page#GridSite_2231
*
https://github.com/CESNET/gridsite/wiki/Gridsite-release-page#GridSite_2251
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 21 2014 František Dvořák <valtri(a)civ.zcu.cz> - 2.2.5-2
- Bumped release versions and rebuilt properly
* Mon Jul 21 2014 František Dvořák <valtri(a)civ.zcu.cz> - 2.2.5-1
- Gridsite 2.2.5 Release, several bugfixes
- Removed cgi-bin-location.patch, move files in %install instead
- Replace MYFLAGS by CFLAGS, removed gridsite internal build flags
- Owning icons dir
- Only major version needed in library wildcard now (libgridsite.so.2.*)
- Cleanups (EL5, noarch doc subpackage, buildroot macro, formatting)
--------------------------------------------------------------------------------
================================================================================
lua-ldap-1.1.0-3.el6 (FEDORA-EPEL-2014-1987)
LDAP client library for Lua, using OpenLDAP
--------------------------------------------------------------------------------
Update Information:
LuaLDAP is a simple interface from Lua to an LDAP client.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1105015 - Review Request: lua-ldap - LDAP client library for Lua
https://bugzilla.redhat.com/show_bug.cgi?id=1105015
--------------------------------------------------------------------------------
================================================================================
moodle-2.4.11-1.el6 (FEDORA-EPEL-2014-1980)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Fixes for:
CVE-2014-3541, CVE-2014-3542, CVE-2014-3543, CVE-2014-3544, CVE-2014-3545, CVE-2014-3546,
CVE-2014-3547, CVE-2014-3548, CVE-2014-3549, CVE-2014-3550, CVE-2014-3551, CVE-2014-3552,
CVE-2014-3553
https://moodle.org/mod/forum/discuss.php?d=263858
http://seclists.org/oss-sec/2014/q3/195
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 21 2014 Jon Ciesla <limburgher(a)gmail.com> - 2.4.11-1
- 2.4.11, Fix for CVE-2014-3541, CVE-2014-3542, CVE-2014-3543,
- CVE-2014-3544, CVE-2014-3545, CVE-2014-3546, CVE-2014-3547,
- CVE-2014-3548, CVE-2014-3549, CVE-2014-3550, CVE-2014-3551,
- CVE-2014-3552, CVE-2014-3553
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1120979 - moodle: security issues fixed in the upstream 2.7.1, 2.6.4, 2.5.7,
and 2.4.11 releases [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1120979
[ 2 ] Bug #1120980 - moodle: security issues fixed in the upstream 2.7.1, 2.6.4, 2.5.7,
and 2.4.11 releases [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1120980
--------------------------------------------------------------------------------
================================================================================
perl-Clone-PP-1.06-1.el6 (FEDORA-EPEL-2014-1983)
Recursively copy Perl data-types
--------------------------------------------------------------------------------
Update Information:
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1118960 - Review Request: perl-Clone-PP - Recursively copy Perl data-types
https://bugzilla.redhat.com/show_bug.cgi?id=1118960
--------------------------------------------------------------------------------
================================================================================
perl-Date-Holidays-DE-1.6-2.el6 (FEDORA-EPEL-2014-1997)
Perl module to determine German holidays
--------------------------------------------------------------------------------
Update Information:
A perl module that creates a list of German holidays in a given year. It knows about
special holiday regulations for all of Germany's federal states and also about
"semi-holidays" and religious "silent days" that will be treated as
holidays on request. Holidays that occur on weekends can be excluded from the generated
list. The generated list can also be freely formatted using regular strftime() format
definitions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #847420 - Review Request: perl-Date-Holidays-DE - Perl module to determine
German holidays
https://bugzilla.redhat.com/show_bug.cgi?id=847420
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-Format-RFC3339-1.0.5-1.el6 (FEDORA-EPEL-2014-1992)
Parse and format RFC3339 datetime strings
--------------------------------------------------------------------------------
Update Information:
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1121302 - Review Request: perl-DateTime-Format-RFC3339 - Parse and format
RFC3339 datetime strings
https://bugzilla.redhat.com/show_bug.cgi?id=1121302
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-CssMinify-1.0.1-1.el6 (FEDORA-EPEL-2014-1993)
CSS Minification
--------------------------------------------------------------------------------
Update Information:
Abstracted interface to various CSS minification backends.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1117438 - Review Request: php-horde-Horde-CssMinify - CSS Minification
https://bugzilla.redhat.com/show_bug.cgi?id=1117438
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-JavascriptMinify-1.1.0-1.el6 (FEDORA-EPEL-2014-1977)
Javascript Minification
--------------------------------------------------------------------------------
Update Information:
Abstracted interface to various javascript minification backends.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1117444 - Review Request: php-horde-Horde-JavascriptMinify - Javascript
Minification
https://bugzilla.redhat.com/show_bug.cgi?id=1117444
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Mail-Autoconfig-1.0.0-1.el6 (FEDORA-EPEL-2014-1971)
Horde Mail Autoconfiguration
--------------------------------------------------------------------------------
Update Information:
Attempts to automatically determine configuration options for various remote mail services
(IMAP/POP3/SMTP).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1117476 - Review Request: php-horde-Horde-Mail-Autoconfig - Horde Mail
Autoconfiguration
https://bugzilla.redhat.com/show_bug.cgi?id=1117476
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-OpenXchange-1.0.0-1.el6 (FEDORA-EPEL-2014-1981)
Open-Xchange Connector
--------------------------------------------------------------------------------
Update Information:
Library to interact with Open-Xchange servers.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1118273 - Review Request: php-horde-Horde-OpenXchange - Open-Xchange
Connector
https://bugzilla.redhat.com/show_bug.cgi?id=1118273
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Service-Gravatar-1.0.0-1.el6 (FEDORA-EPEL-2014-1975)
API accessor for
gravatar.com
--------------------------------------------------------------------------------
Update Information:
A library for accessing the Avatar services at
gravatar.com.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1118289 - Review Request: php-horde-Horde-Service-Gravatar -
php-horde-Horde-Service-Gravatar
https://bugzilla.redhat.com/show_bug.cgi?id=1118289
--------------------------------------------------------------------------------
================================================================================
php-horde-wicked-2.0.1-2.el6 (FEDORA-EPEL-2014-1974)
Wiki application
--------------------------------------------------------------------------------
Update Information:
Wicked is a wiki application for Horde.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1087769 - Review Request: php-horde-wicked - Wiki application
https://bugzilla.redhat.com/show_bug.cgi?id=1087769
--------------------------------------------------------------------------------
================================================================================
php-mikey179-vfsstream-1.3.0-1.el6 (FEDORA-EPEL-2014-1989)
PHP stream wrapper for a virtual file system
--------------------------------------------------------------------------------
Update Information:
1.3.0 (2014-07-21)
* implemented #79: possibility to mock large files without large memory footprint, see
https://github.com/mikey179/vfsStream/wiki/MockingLargeFiles
* implemented #67: added partial support for text-mode translation flag (i.e., no actual
translation of line endings takes place) so it no longer throws an exception (provided by
Anthon Pang)
* fixed issue #74: issue with trailing windows path separators (provided by Sebastian
Krüger)
* fixed issue #50: difference between real file system and vfs with
`RecursiveDirectoryIterator`
* fixed issue #80: touch with no arguments for modification and access time behave
incorrect
* deprecated `org\bovigo\vfs\vfsStreamFile::readUntilEnd()`
* deprecated `org\bovigo\vfs\vfsStreamFile::getBytesRead()`
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 22 2014 Remi Collet <remi(a)fedoraproject.org> - 1.3.0-1
- update to 1.3.0
- fix license handling
--------------------------------------------------------------------------------
================================================================================
php-ocramius-instantiator-1.0.0-1.el6 (FEDORA-EPEL-2014-1978)
Instantiate objects in PHP without invoking their constructors
--------------------------------------------------------------------------------
Update Information:
This library provides a way of avoiding usage of constructors when instantiating PHP
classes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1120563 - Review Request: php-ocramius-instantiator - Instantiate objects in
PHP without invoking their constructors
https://bugzilla.redhat.com/show_bug.cgi?id=1120563
--------------------------------------------------------------------------------
================================================================================
php-ocramius-lazy-map-1.0.0-1.el6 (FEDORA-EPEL-2014-1986)
Lazy instantiation logic for a map of objects
--------------------------------------------------------------------------------
Update Information:
This small library aims at providing a very simple and efficient map of lazy-instantiating
objects.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1120543 - Review Request: php-ocramius-lazy-map - Lazy instantiation logic
for a map of objects
https://bugzilla.redhat.com/show_bug.cgi?id=1120543
--------------------------------------------------------------------------------
================================================================================
php-pecl-solr2-2.0.0-1.el6 (FEDORA-EPEL-2014-1969)
Object oriented API to Apache Solr
--------------------------------------------------------------------------------
Update Information:
It effectively simplifies the process of interacting with Apache Solr using PHP5 and it
already comes with built-in readiness for the latest features.
The extension has features such as built-in, serializable query string builder objects
which effectively simplifies the manipulation of name-value pair request parameters across
repeated requests.
The response from the Solr server is also automatically parsed into native php objects
whose properties can be accessed as array keys or object properties without any additional
configuration on the client-side.
Its advanced HTTP client reuses the same connection across multiple requests and provides
built-in support for connecting to Solr servers secured behind HTTP Authentication or HTTP
proxy servers. It is also able to connect to SSL-enabled containers.
Please consult the documentation for more details on features.
*
http://php.net/solr
Warning: PECL Solr 2 is not compatible with Solr Server < 4.0. PECL Solr 1 is available
in php-pecl-solr package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1112705 - Review Request: php-pecl-solr2 - Object oriented API to Apache
Solr
https://bugzilla.redhat.com/show_bug.cgi?id=1112705
--------------------------------------------------------------------------------
================================================================================
php-pecl-ssdeep-1.0.4-1.el6 (FEDORA-EPEL-2014-1994)
Wrapper for libfuzzy library
--------------------------------------------------------------------------------
Update Information:
The ssdeep project page describes it as a library for "...computing context triggered
piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have
homologies. Such inputs have sequences of identical bytes in the same order, although
bytes in between these sequences may be different in both content and length".
For an in depth paper explaining context triggered piecewise hashes please see
http://dfrws.org/2006/proceedings/12-Kornblum.pdf
This extensions wraps the ssdeep fuzzy hashing API created by Jesse Kornblum.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1104032 - Review Request: php-pecl-ssdeep - Wrapper for libfuzzy library
https://bugzilla.redhat.com/show_bug.cgi?id=1104032
--------------------------------------------------------------------------------
================================================================================
python-behave-1.2.4-2.el6 (FEDORA-EPEL-2014-1979)
Tools for the behavior-driven development, Python style
--------------------------------------------------------------------------------
Update Information:
Upgrade to the latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 17 2014 Matěj Cepl <mcepl(a)redhat.com> - 1.2.4-2
- Build documentation even on EPEL-7.
* Thu Jun 19 2014 Matěj Cepl <mcepl(a)redhat.com> - 1.2.4-1
- New upstream release
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.2.3-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-enum34-1.0-4.el6 (FEDORA-EPEL-2014-1990)
Backport of Python 3.4 Enum
--------------------------------------------------------------------------------
Update Information:
Make package available on all versions of Fedora/EPEL
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 21 2014 Matěj Cepl <mcepl(a)redhat.com> - 1.0-4
- No, we don’t have python3 in RHEL-7 :'(
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Kalev Lember <kalevlember(a)gmail.com> - 1.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Changes/Python_3.4
* Mon May 26 2014 Eric Smith <brouhaha(a)fedoraproject.org> 1.0-1
- Updated to latest upstream.
--------------------------------------------------------------------------------
================================================================================
python-parse_type-0.3.4-2.el6 (FEDORA-EPEL-2014-1972)
Simplifies to build parse types based on the parse module
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1121710 - FTBFS on EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1121710
--------------------------------------------------------------------------------
================================================================================
repo_manager-0.1.0-3.el6 (FEDORA-EPEL-2014-1995)
Manage your RPM repositories easily
--------------------------------------------------------------------------------
Update Information:
New package : repo_manager to easily manage RPM repositories
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1114696 - Review Request: repo_manager - Manage your RPM repositories easily
https://bugzilla.redhat.com/show_bug.cgi?id=1114696
--------------------------------------------------------------------------------
================================================================================
shinken-2.0.3-5.el6 (FEDORA-EPEL-2014-1988)
Python Monitoring tool
--------------------------------------------------------------------------------
Update Information:
Add forgot doc dir.
Add forgot dir.
Add shinken manpage.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 21 2014 David Hannequin <david.hannequin(a)gmail.com> - 2.0.3-5
- Add forgot doc dir.
* Fri Jul 18 2014 David Hannequin <david.hannequin(a)gmail.com> - 2.0.3-4
- Add forgot dir.
* Mon Jul 7 2014 David Hannequin <david.hannequin(a)gmail.com> - 2.0.3-3
- Add shinken manpage.
* Thu Jul 3 2014 David Hannequin <david.hannequin(a)gmail.com> - 2.0.3-2
- Delete python mysql require.
* Fri Jun 13 2014 David Hannequin <david.hannequin(a)gmail.com> - 2.0.3-1
- Update from upstream.
* Fri Apr 25 2014 David Hannequin <david.hannequin(a)gmail.com> - 2.0.2-1
- Update from upstream.
* Thu Apr 17 2014 David Hannequin <david.hannequin(a)gmail.com> - 2.0-1
- Update from upstream.
--------------------------------------------------------------------------------