The following Fedora EPEL 6 Security updates need testing:
Age URL
657
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
87
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-...
51
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12427/seamonkey-...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0378/quassel-0.9...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0398/socat-1.7.2...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0401/libyaml-0.1...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0409/zarafa-7.1....
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0429/mediawiki11...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0426/tpp-1.3.1-1...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0466/python-gnup...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0465/lighttpd-1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0395/libpng10-1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-clien...
The following builds have been pushed to Fedora EPEL 6 updates-testing
boinc-client-7.2.33-3.git1994cc8.el6
duply-1.6.0-1.el6
libpng10-1.0.61-1.el6
nwchem-6.3.2-7.el6
perl-Test-Carp-0.2-2.el6
remctl-3.8-2.el6
Details about builds:
================================================================================
boinc-client-7.2.33-3.git1994cc8.el6 (FEDORA-EPEL-2014-0483)
The BOINC client core
--------------------------------------------------------------------------------
Update Information:
Upgrade boinc to 7.2.33
Fixes various security flaws
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 7 2014 Mattia Verga <mattia.verga(a)tiscali.it> - 7.2.33-3.git1994cc8
- Upgrade to 7.2.33 to pair with F20
- Clean up specfile
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #957771 - CVE-2013-2298 boinc-client: Multiple stack overflow flaws when
parsing XML files
https://bugzilla.redhat.com/show_bug.cgi?id=957771
[ 2 ] Bug #957775 - CVE-2013-2019 boinc-client: Stack-overflow by processing XML element
with multiple file signatures
https://bugzilla.redhat.com/show_bug.cgi?id=957775
[ 3 ] Bug #957795 - boinc-client: Format string flaw by writing account file
https://bugzilla.redhat.com/show_bug.cgi?id=957795
--------------------------------------------------------------------------------
================================================================================
duply-1.6.0-1.el6 (FEDORA-EPEL-2014-0487)
Wrapper for duplicity
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable version.
Changes in 1.6.0:
- support gs backend
- support dropbox backend
- add gpg-agent support to gpg test routines
- autoenable --use-agent if passwords were not defined in config
- GPG_OPTS are now honored everywhere, keyrings or complete gpg homedir can thus be
configured to be located anywhere
- always import both secret and public key if avail from config profile
- new explanatory comments in initial exclude file
- bugfix 7: Duply only imports one key at a time
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 28 2014 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.6.0-1
- Update to 1.6.0.
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5.11-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libpng10-1.0.61-1.el6 (FEDORA-EPEL-2014-0395)
Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:
This is the current cumulative bug-fix update from upstream. Only minor issues addressed,
as per the changelog.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 7 2014 Paul Howarth <paul(a)city-fan.org> 1.0.61-1
- update to 1.0.61
- ignore, with a warning, out-of-range value of num_trans in png_set_tRNS()
- replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h]) in
configure.ac
- changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h
- avoid a possible memory leak in contrib/gregbook/readpng.c
- revised libpng.3 so that "doclifter" can process it
- changed '"%s"m' to '"%s" m' in png_debug macros to
improve portability
among compilers
- rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1
- removed potentially misleading warning from png_check_IHDR()
- quiet set-but-not-used warnings in pngset.c
- quiet an uninitialized memory warning from VC2013 in png_get_png()
- quiet unused variable warnings from clang by porting PNG_UNUSED() from
libpng-1.4.6
- added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile
- added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c
- drop upstreamed aarch64 patch
- drop patch for CVE-2013-6954, which only actually affected libpng versions
1.6.1 to 1.6.7
* Thu Jan 23 2014 Paul Howarth <paul(a)city-fan.org> 1.0.60-6
- handle zero-length PLTE chunk or NULL palette with png_error(), to avoid
later reading from a NULL pointer (png_ptr->palette) in
png_do_expand_palette() (CVE-2013-6954)
* Sat Jul 27 2013 Paul Howarth <paul(a)city-fan.org> 1.0.60-5
- install docs to %{_pkgdocdir} where available
* Sun Mar 24 2013 Paul Howarth <paul(a)city-fan.org> 1.0.60-4
- tweak config.guess and config.sub to add aarch64 support (#925862)
- update source URL, moved upstream
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org>
1.0.60-3
- rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org>
1.0.60-2
- rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 11 2012 Paul Howarth <paul(a)city-fan.org> 1.0.60-1
- update to 1.0.60
- changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL
palette
https://bugzilla.redhat.com/show_bug.cgi?id=1045561
--------------------------------------------------------------------------------
================================================================================
nwchem-6.3.2-7.el6 (FEDORA-EPEL-2014-0481)
Delivering High-Performance Computational Chemistry to Science
--------------------------------------------------------------------------------
Update Information:
Delivering High-Performance Computational Chemistry to Science
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #984605 - Review Request: nwchem - Delivering High-Performance Computational
Chemistry
https://bugzilla.redhat.com/show_bug.cgi?id=984605
--------------------------------------------------------------------------------
================================================================================
perl-Test-Carp-0.2-2.el6 (FEDORA-EPEL-2014-0484)
Test your code for calls to Carp functions
--------------------------------------------------------------------------------
Update Information:
First EPEL 6 release. Test::Carp allows Perl developers to call given code (with given
arguments) and test whether the given Carp function (or their imported versions) are
called (with a given value) or not.
--------------------------------------------------------------------------------
================================================================================
remctl-3.8-2.el6 (FEDORA-EPEL-2014-0482)
Client/server for Kerberos-authenticated command execution
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release (v3.8). This update fixes a client memory leak and
improves Perl module argument validation. For a full list of changes, see the [upstream
changelog](http://www.eyrie.org/~eagle/software/remctl/news.html).
The Fedora packaging also includes the following changes:
* This update ships each of the README documentation files for the PHP, Python, and Ruby
libraries.
* This update links against libpcre for PCRE support.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 8 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 3.8-2
- Add tarball for 3.8
* Sat Feb 8 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 3.8-1
- Update to 3.8
- Alphabetize BRs
- Optimize python file list (#1062765, thanks Remi Ferrand)
- Enable pcre support (#1062765, thanks Remi Ferrand)
* Fri Jan 24 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 3.7-2
- Adjust UnversionedDocdirs conditional to support Fedora 19
* Thu Jan 23 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 3.7-1
- Update to 3.7
- Drop upstreamed EL5 perl patch
- Drop RPM conditionals for Fedoras earlier than 19
- Add systemd support
- Use upstream's php.ini instead of our own
- Ship upstream's READMEs for PHP, Python, and Ruby
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062765 - remctld is not linked against libpcre
https://bugzilla.redhat.com/show_bug.cgi?id=1062765
--------------------------------------------------------------------------------