The following Fedora EPEL 6 Security updates need testing: Age URL 657 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 87 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.e... 51 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12427/seamonkey-2.2... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0378/quassel-0.9.2-... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0398/socat-1.7.2.3-... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0401/libyaml-0.1.3-... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0409/zarafa-7.1.8-1... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0429/mediawiki119-1... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0426/tpp-1.3.1-17.e... 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0466/python-gnupg-0... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0465/lighttpd-1.4.3... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0395/libpng10-1.0.6... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-client-7...
The following builds have been pushed to Fedora EPEL 6 updates-testing
boinc-client-7.2.33-3.git1994cc8.el6 duply-1.6.0-1.el6 libpng10-1.0.61-1.el6 nwchem-6.3.2-7.el6 perl-Test-Carp-0.2-2.el6 remctl-3.8-2.el6
Details about builds:
================================================================================ boinc-client-7.2.33-3.git1994cc8.el6 (FEDORA-EPEL-2014-0483) The BOINC client core -------------------------------------------------------------------------------- Update Information:
Upgrade boinc to 7.2.33 Fixes various security flaws -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 7 2014 Mattia Verga mattia.verga@tiscali.it - 7.2.33-3.git1994cc8 - Upgrade to 7.2.33 to pair with F20 - Clean up specfile -------------------------------------------------------------------------------- References:
[ 1 ] Bug #957771 - CVE-2013-2298 boinc-client: Multiple stack overflow flaws when parsing XML files https://bugzilla.redhat.com/show_bug.cgi?id=957771 [ 2 ] Bug #957775 - CVE-2013-2019 boinc-client: Stack-overflow by processing XML element with multiple file signatures https://bugzilla.redhat.com/show_bug.cgi?id=957775 [ 3 ] Bug #957795 - boinc-client: Format string flaw by writing account file https://bugzilla.redhat.com/show_bug.cgi?id=957795 --------------------------------------------------------------------------------
================================================================================ duply-1.6.0-1.el6 (FEDORA-EPEL-2014-0487) Wrapper for duplicity -------------------------------------------------------------------------------- Update Information:
Update to the latest stable version.
Changes in 1.6.0: - support gs backend - support dropbox backend - add gpg-agent support to gpg test routines - autoenable --use-agent if passwords were not defined in config - GPG_OPTS are now honored everywhere, keyrings or complete gpg homedir can thus be configured to be located anywhere - always import both secret and public key if avail from config profile - new explanatory comments in initial exclude file - bugfix 7: Duply only imports one key at a time
-------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 28 2014 Thomas Moschny thomas.moschny@gmx.de - 1.6.0-1 - Update to 1.6.0. * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.5.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ libpng10-1.0.61-1.el6 (FEDORA-EPEL-2014-0395) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information:
This is the current cumulative bug-fix update from upstream. Only minor issues addressed, as per the changelog. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 7 2014 Paul Howarth paul@city-fan.org 1.0.61-1 - update to 1.0.61 - ignore, with a warning, out-of-range value of num_trans in png_set_tRNS() - replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h]) in configure.ac - changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h - avoid a possible memory leak in contrib/gregbook/readpng.c - revised libpng.3 so that "doclifter" can process it - changed '"%s"m' to '"%s" m' in png_debug macros to improve portability among compilers - rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1 - removed potentially misleading warning from png_check_IHDR() - quiet set-but-not-used warnings in pngset.c - quiet an uninitialized memory warning from VC2013 in png_get_png() - quiet unused variable warnings from clang by porting PNG_UNUSED() from libpng-1.4.6 - added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile - added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c - drop upstreamed aarch64 patch - drop patch for CVE-2013-6954, which only actually affected libpng versions 1.6.1 to 1.6.7 * Thu Jan 23 2014 Paul Howarth paul@city-fan.org 1.0.60-6 - handle zero-length PLTE chunk or NULL palette with png_error(), to avoid later reading from a NULL pointer (png_ptr->palette) in png_do_expand_palette() (CVE-2013-6954) * Sat Jul 27 2013 Paul Howarth paul@city-fan.org 1.0.60-5 - install docs to %{_pkgdocdir} where available * Sun Mar 24 2013 Paul Howarth paul@city-fan.org 1.0.60-4 - tweak config.guess and config.sub to add aarch64 support (#925862) - update source URL, moved upstream * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org 1.0.60-3 - rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jul 19 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org 1.0.60-2 - rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed Jul 11 2012 Paul Howarth paul@city-fan.org 1.0.60-1 - update to 1.0.60 - changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette https://bugzilla.redhat.com/show_bug.cgi?id=1045561 --------------------------------------------------------------------------------
================================================================================ nwchem-6.3.2-7.el6 (FEDORA-EPEL-2014-0481) Delivering High-Performance Computational Chemistry to Science -------------------------------------------------------------------------------- Update Information:
Delivering High-Performance Computational Chemistry to Science -------------------------------------------------------------------------------- References:
[ 1 ] Bug #984605 - Review Request: nwchem - Delivering High-Performance Computational Chemistry https://bugzilla.redhat.com/show_bug.cgi?id=984605 --------------------------------------------------------------------------------
================================================================================ perl-Test-Carp-0.2-2.el6 (FEDORA-EPEL-2014-0484) Test your code for calls to Carp functions -------------------------------------------------------------------------------- Update Information:
First EPEL 6 release. Test::Carp allows Perl developers to call given code (with given arguments) and test whether the given Carp function (or their imported versions) are called (with a given value) or not. --------------------------------------------------------------------------------
================================================================================ remctl-3.8-2.el6 (FEDORA-EPEL-2014-0482) Client/server for Kerberos-authenticated command execution -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream release (v3.8). This update fixes a client memory leak and improves Perl module argument validation. For a full list of changes, see the [upstream changelog](http://www.eyrie.org/~eagle/software/remctl/news.html).
The Fedora packaging also includes the following changes: * This update ships each of the README documentation files for the PHP, Python, and Ruby libraries. * This update links against libpcre for PCRE support. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 8 2014 Ken Dreyer ktdreyer@ktdreyer.com - 3.8-2 - Add tarball for 3.8 * Sat Feb 8 2014 Ken Dreyer ktdreyer@ktdreyer.com - 3.8-1 - Update to 3.8 - Alphabetize BRs - Optimize python file list (#1062765, thanks Remi Ferrand) - Enable pcre support (#1062765, thanks Remi Ferrand) * Fri Jan 24 2014 Ken Dreyer ktdreyer@ktdreyer.com - 3.7-2 - Adjust UnversionedDocdirs conditional to support Fedora 19 * Thu Jan 23 2014 Ken Dreyer ktdreyer@ktdreyer.com - 3.7-1 - Update to 3.7 - Drop upstreamed EL5 perl patch - Drop RPM conditionals for Fedoras earlier than 19 - Add systemd support - Use upstream's php.ini instead of our own - Ship upstream's READMEs for PHP, Python, and Ruby -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1062765 - remctld is not linked against libpcre https://bugzilla.redhat.com/show_bug.cgi?id=1062765 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org