The following Fedora EPEL 6 Security updates need testing:
Age URL
692
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
122
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-...
39
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
34
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-clien...
24
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0700/v8-3.14.5.1...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0730/php-sabre-d...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0747/imapsync-1....
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0751/libssh-0.5....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0756/rubygem-rbo...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0845/asterisk-1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0846/mediawiki11...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0852/lighttpd-1....
The following builds have been pushed to Fedora EPEL 6 updates-testing
ansible-1.5.3-1.el6
asterisk-1.8.26.1-1.el6
cgit-0.10.1-1.el6
dmlite-plugins-adapter-0.6.2-2.el6
dmlite-plugins-librarian-0.6.2-2.el6
dmlite-plugins-memcache-0.6.2-2.el6
dmlite-plugins-profiler-0.6.2-2.el6
dmlite-plugins-s3-0.5.1-3.el6
dmtcp-2.2-1.el6
docker-io-0.9.0-3.el6
dpm-dsi-1.9.3-1.el6
dpm-xrootd-3.3.5-1.el6
drupal7-fivestar-2.0-0.9.rc3.el6
gfal2-2.5.5-3.el6
iperf3-3.0.2-1.el6
irma_configuration-0.1-0.3.aeb8d68.el6
js-json-20140204git3d7767b-4.el6
lcgdm-1.8.8-2.el6
lcgdm-dav-0.14.1-1.el6
libsieve-2.3.1-1.el6
libyubikey-1.11-2.el6
lighttpd-1.4.35-1.el6
mediawiki119-1.19.13-1.el6
msmtp-1.4.32-1.el6
nodejs-ansistyles-0.1.3-4.el6
nodejs-grunt-contrib-nodeunit-0.3.2-1.el6
python-crypto2.6-2.6.1-1.el6
python-libcloud-0.14.1-1.el6
python-pecan-0.4.5-1.el6
python-wsme-0.6-1.el6
qt5-qtbase-5.2.1-6.el6
racoon2-20100526a-28.el6
rkhunter-1.4.2-1.el6
shogun-data-0.8.1-0.4.git20140303.6615cf0.el6
textcat-1.10-1.el6
wemux-3.2.0-1.el6
Details about builds:
================================================================================
ansible-1.5.3-1.el6 (FEDORA-EPEL-2014-0841)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
* pycrypto 2.6 forward compat package for epel6
* Updated ansible
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Toshio Kuratomi <toshio(a)fedoraproject.org> - 1.5.3-1
- Fix ansible-vault for newer python-crypto dependency
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074916 - Review Request: python-crypto2.6 - Cryptography library for Python
Description :
https://bugzilla.redhat.com/show_bug.cgi?id=1074916
--------------------------------------------------------------------------------
================================================================================
asterisk-1.8.26.1-1.el6 (FEDORA-EPEL-2014-0845)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
A stack overflow flaw was found in Asterisk's cookie processing. A remote attacker
could send specially-crafted requests that would cause Asterisk to consume a large amount
of memory, crash, or, potentially, execute arbitrary code. This issue affected all 1.8.x
and 11.x versions. It has been corrected in versions 1.8.26.1 and 11.8.1.
Upstream patches:
http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff
http://downloads.asterisk.org/pub/security/AST-2014-001-11.diff
External References:
http://downloads.asterisk.org/pub/security/AST-2014-001.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Jon Disnard <disnard(a)gmail.com> - 1.8.26.1
- bump to upstream 1.8.26.1
- BZs: 1074829, 1074825, 1074827
- CVEs: CVE-2014-2286, CVE-2014-2287
* Thu Feb 20 2014 Jon Disnard <jdisnard(a)gmail.com> - 1.8.25.0-1:
- Bump to newer upstream release
* Mon Aug 26 2013 Jeffrey Ollie <jeff(a)ocjtech.us> - 1.8.23.1-1:
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security releases
- are released as versions 1.8.15-cert2, 11.2-cert2, 1.8.23.1, 10.12.3,
10.12.3-digiumphones,
- and 11.5.1.
-
- These releases are available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of these versions resolve the following issues:
-
- * A remotely exploitable crash vulnerability exists in the SIP channel driver if
- an ACK with SDP is received after the channel has been terminated. The
- handling code incorrectly assumes that the channel will always be present.
-
- * A remotely exploitable crash vulnerability exists in the SIP channel driver if
- an invalid SDP is sent in a SIP request that defines media descriptions before
- connection information. The handling code incorrectly attempts to reference
- the socket address information even though that information has not yet been
- set.
-
- These issues and their resolutions are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2013-004 and AST-2013-005, which were
- released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
-
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/C...
-
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/C...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
- The security advisories are available at:
-
- *
http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
- *
http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.23.0.
- This release is available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk
* Mon Aug 26 2013 Jeffrey Ollie <jeff(a)ocjtech.us> - 1.8.23.0-1:
- The release of Asterisk 1.8.23.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Fix a memory copying bug in slinfactory which was causing
- mixmonitor issues.
- (Closes issue ASTERISK-21799. Reported by Michael Walton)
-
- * --- IAX2: fix race condition with nativebridge transfers.
- (Closes issue ASTERISK-21409. Reported by alecdavis)
-
- * --- Fix crash in chan_sip when a core initiated op occurs at the
- same time as a BYE
- (Closes issue ASTERISK-20225. Reported by Jeff Hoppe)
-
- * --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
- Bit
- (Closes issue ASTERISK-21246. Reported by Peter Katzmann)
-
- * --- chan_sip: Session-Expires: Set timer to correctly expire at
- (~2/3) of the interval when not the refresher
- (Closes issue ASTERISK-21742. Reported by alecdavis)
-
- For a full list of changes in this release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.23.0
* Mon May 20 2013 Jeffrey Ollie <jeff(a)ocjtech.us> - 1.8.22.0-1:
- The Asterisk Development Team has announced the release of Asterisk 1.8.22.0.
- This release is available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.22.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Fix Sorting Order For Parking Lots Stored In Static Realtime
- (Closes issue ASTERISK-21035. Reported by Alex Epshteyn)
-
- * --- Make ParkAndAnnounce return to priority + 1 when return context
- is not defined
- (Closes issue ASTERISK-20113. Reported by serginuez)
-
- * --- When a session timer expires during a T.38 call, re-invite with
- correct SDP
- (Closes issue ASTERISK-21232. Reported by Nitesh Bansal)
-
- * --- Fix several unreleased mutex locks that cause problem with
- processing calls
- (Closes issue ASTERISK-21119. Reported by Daniel Bohling)
-
- * --- Fix crash when AMI redirect action redirects two channels out of
- a bridge.
- (Closes issue ASTERISK-21356. Reported by William luke)
-
- For a full list of changes in this release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.22.0
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.21.0.
- This release is available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.21.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Fix issue where chan_mobile fails to bind to first available
- port
- (Closes issue ASTERISK-16357. Reported by challado)
-
- * --- Fix station ringback; trunk hangup issues in SLA
- (Closes issue ASTERISK-20462. Reported by dkerr)
-
- * --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
- Extension Present
- (Closes issue ASTERISK-20743. Reported by call)
-
- * --- Fix Record-Route parsing for large headers.
- (Closes issue ASTERISK-20837. Reported by Corey Farrell)
-
- * --- Fix AMI redirect action with two channels failing to redirect
- both channels.
- (Closes issue ASTERISK-18975. Reported by Ben Klang)
-
- For a full list of changes in this release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.21.0
-
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
- are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
- and 11.2.2.
-
- These releases are available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of these versions resolve the following issues:
-
- * A possible buffer overflow during H.264 format negotiation. The format
- attribute resource for H.264 video performs an unsafe read against a media
- attribute when parsing the SDP.
-
- This vulnerability only affected Asterisk 11.
-
- * A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
- in January of this year, contained a fix for Asterisk's HTTP server for a
- remotely-triggered crash. While the fix prevented the crash from being
- triggered, a denial of service vector still exists with that solution if an
- attacker sends one or more HTTP POST requests with very large Content-Length
- values.
-
- This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
-
- * A potential username disclosure exists in the SIP channel driver. When
- authenticating a SIP request with alwaysauthreject enabled, allowguest
- disabled, and autocreatepeer disabled, Asterisk discloses whether a user
- exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
-
- This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
-
- These issues and their resolutions are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
- released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
-
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/C...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
- The security advisories are available at:
-
- *
http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
- *
http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
- *
http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.20.1.
- This release is available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.20.1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following are the issues resolved in this release:
-
- * --- Fix astcanary startup problem due to wrong pid value from before
- daemon call
- (Closes issue ASTERISK-20947. Reported by Jakob Hirsch)
-
- * --- Update init.d scripts to handle stderr; readd splash screen for
- remote consoles
- (Closes issue ASTERISK-20945. Reported by Warren Selby)
-
- * --- Reset RTP timestamp; sequence number on SSRC change
- (Closes issue ASTERISK-20906. Reported by Eelco Brolman)
-
- For a full list of changes in this release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074825 - CVE-2014-2286 asterisk: cookie processing stack overflow
(AST-2014-001)
https://bugzilla.redhat.com/show_bug.cgi?id=1074825
--------------------------------------------------------------------------------
================================================================================
cgit-0.10.1-1.el6 (FEDORA-EPEL-2014-0830)
A fast web interface for git
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 27 2014 Kevin Fenzi <kevin(a)scrye.com> 0.10.1-1
- Update to 0.10.1
- Correctly enable lua filters.
* Wed Feb 19 2014 Kevin Fenzi <kevin(a)scrye.com> 0.10-1
- Update to 0.10
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.9.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-adapter-0.6.2-2.el6 (FEDORA-EPEL-2014-0875)
Adapter plug-in for dmlite
--------------------------------------------------------------------------------
Update Information:
bugfixes and synchronization with dmlite 0.6.2
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Push dmlite adapter 0.6.2 on EPEL/fedora
* Thu Feb 20 2014 Fabrizio Furano <fabrizio.furano(a)cern.ch> - 0.6.2-1
- Update for new upstream release
- Version alignment with dmlite
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.6.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata(a)redhat.com> - 0.6.1-2
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-librarian-0.6.2-2.el6 (FEDORA-EPEL-2014-0832)
Librarian plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Update for synchronization with dmlite 0.6.2
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Update for synchronization with dmlite 0.6.2
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-memcache-0.6.2-2.el6 (FEDORA-EPEL-2014-0853)
Memcached plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Update 0.6.2, bugfixes and synchronization with dmlite 0.6.2
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Update for synchronization with dmlite 0.6.2
* Fri Feb 21 2014 Martin Hellmich <mhellmic(a)cern.ch> - 0.6.2-1
- Update for new upstream release
* Wed Sep 25 2013 Martin Hellmich <mhellmic(a)cern.ch> - 0.5.1-1
- Update for new upstream release
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata(a)redhat.com> - 0.5.0-6
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-profiler-0.6.2-2.el6 (FEDORA-EPEL-2014-0839)
Profiler plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Release 0.5.1 for dmlite 0.6.2 synchronization
Update to new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Update for synchronization with dmlite 0.6.2
* Thu Feb 20 2014 Fabrizio Furano <fabrizio.furano(a)cern.ch> - 0.6.2-1
- Rebuild for dmlite core 0.6 update
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata(a)redhat.com> - 0.5.0-5
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-s3-0.5.1-3.el6 (FEDORA-EPEL-2014-0838)
S3 plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Push 0.6.2 on fedora/EPEL
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.5.1-3
- Release 0.5.1 for dmlite 0.6.2 synchronization
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dmtcp-2.2-1.el6 (FEDORA-EPEL-2014-0843)
Checkpoint/Restart functionality for Linux processes
--------------------------------------------------------------------------------
Update Information:
Preparing for upstream release 2.2.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 10 2014 Kapil Arya <kapil(a)ccs.neu.edu> - 2.2-1
- Preparing for upstream release 2.2.
- Remove libmtcp* packages.
- Install all docs in _pkgdocdir
- Added --retry-once flag to autotest.
--------------------------------------------------------------------------------
================================================================================
docker-io-0.9.0-3.el6 (FEDORA-EPEL-2014-0871)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
Add lxc requirement for EPEL6 and patch init script to use lxc driver
lxc removed (optional)
BZ 1074880 - upstream version bump to v0.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 Adam Miller <maxamillion(a)fedoraproject.org> - 0.9.0-3
- Add lxc requirement for EPEL6 and patch init script to use lxc driver
- Remove tar dep, no longer needed
- Require libcgroup only for EPEL6
* Tue Mar 11 2014 Lokesh Mandvekar <lsm5(a)redhat.com> - 0.9.0-2
- lxc removed (optional)
http://blog.docker.io/2014/03/docker-0-9-introducing-execution-drivers-an...
* Tue Mar 11 2014 Lokesh Mandvekar <lsm5(a)redhat.com> - 0.9.0-1
- BZ 1074880 - upstream version bump to v0.9.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1076198 - container networking not working with 0.9.0-2el6 package of
docker-io
https://bugzilla.redhat.com/show_bug.cgi?id=1076198
[ 2 ] Bug #1074880 - docker-io-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1074880
--------------------------------------------------------------------------------
================================================================================
dpm-dsi-1.9.3-1.el6 (FEDORA-EPEL-2014-0858)
Disk Pool Manager (DPM) plugin for the Globus GridFTP server
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 1.9.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 1.9.3-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
dpm-xrootd-3.3.5-1.el6 (FEDORA-EPEL-2014-0851)
XROOT interface to the Disk Pool Manager (DPM)
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 3.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 3.3.5-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
drupal7-fivestar-2.0-0.9.rc3.el6 (FEDORA-EPEL-2014-0863)
Enables fivestar ratings on content, users, etc
--------------------------------------------------------------------------------
Update Information:
- Updated to 2.0-rc3 (BZ #1074882; release notes
https://drupal.org/node/2215277)
Updated to 2.0-rc1
* Release notes:
https://drupal.org/node/2208927
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Peter Borsa <peter.borsa(a)gmail.com> - 2.0-0.9.rc3
- Updated to 2.0-rc3 (BZ #1074882; release notes
https://drupal.org/node/2215277)
* Thu Mar 6 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.0-0.8.rc1
- Updated to 2.0-rc1 (BZ #1066281; release notes
https://drupal.org/node/2208927)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074882 - drupal7-fivestar-2.0-rc2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1074882
[ 2 ] Bug #1066281 - drupal7-fivestar-2.0-rc1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1066281
--------------------------------------------------------------------------------
================================================================================
gfal2-2.5.5-3.el6 (FEDORA-EPEL-2014-0867)
Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
Backported fix for segfault on the srm plugin
Release 2.5.5 of GFAL2
Release 2.5.5 of GFAL2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 Alejandro Alvarez <aalvarez at cern.ch> - 2.5.5-3
- Backported patch that fixes segfault on the SRM plugin when
listing empty directories
* Wed Feb 26 2014 Adrien Devresse <adevress at cern.ch> - 2.5.5-1
- Release 2.5.5 of GFAL2
--------------------------------------------------------------------------------
================================================================================
iperf3-3.0.2-1.el6 (FEDORA-EPEL-2014-0872)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:
iperf3-3.0.2 is available
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2014 Susant Sahani <ssahani(a)redhat.com> 3.0.2-1
- Update to 3.0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074900 - iperf3-3.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1074900
--------------------------------------------------------------------------------
================================================================================
irma_configuration-0.1-0.3.aeb8d68.el6 (FEDORA-EPEL-2014-0854)
IRMA Card configuration data
--------------------------------------------------------------------------------
Update Information:
Initial Packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075277 - Review Request: irma_configuration - IRMA Card configuration data
https://bugzilla.redhat.com/show_bug.cgi?id=1075277
--------------------------------------------------------------------------------
================================================================================
js-json-20140204git3d7767b-4.el6 (FEDORA-EPEL-2014-0829)
An implementation of JSON encoders/decoders in JavaScript
--------------------------------------------------------------------------------
Update Information:
move files to the correct location on EPEL 6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> -
20140204git3d7767b-4
- move files to the correct location on EPEL 6
--------------------------------------------------------------------------------
================================================================================
lcgdm-1.8.8-2.el6 (FEDORA-EPEL-2014-0847)
LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 1.8.8
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 1.8.8-2
- Upstream provided a wrong tag by mistake. Rebuild with the new code
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 1.8.8-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
lcgdm-dav-0.14.1-1.el6 (FEDORA-EPEL-2014-0870)
HTTP/DAV front end to the DPM/LFC services
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 0.14.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 0.14.1-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
libsieve-2.3.1-1.el6 (FEDORA-EPEL-2014-0855)
A library for parsing, sorting and filtering your mail
--------------------------------------------------------------------------------
Update Information:
v 2.3.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2014 Bernard Johnson <bjohnson(a)symetrix.com> - 2.3.1-1
- v 2.3.1
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.2.7-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.2.7-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.2.7-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.2.7-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.2.7-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1004370 - Please update it to 2.3.1
https://bugzilla.redhat.com/show_bug.cgi?id=1004370
--------------------------------------------------------------------------------
================================================================================
libyubikey-1.11-2.el6 (FEDORA-EPEL-2014-0833)
C library for decrypting and parsing Yubikey One-time passwords
--------------------------------------------------------------------------------
Update Information:
Update to latest release
New upstream release 1.10; enables build warnings
New upstream release 1.10; enables build warnings
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 - Nick Bebout <nb(a)fedoraproject.org> - 1.11-2
- Bump release so I can rebuild deleted build
* Thu Nov 28 2013 - Maxim Burgerhout <wzzrd(a)fedoraproject.org> - 1.11-1
- New upstream release 1.11; adds man pages
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon May 13 2013 - Maxim Burgerhout <wzzrd(a)fedoraproject.org> - 1.10-1
- New upstream release 1.10; enables build warnings
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.35-1.el6 (FEDORA-EPEL-2014-0852)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
1.4.35, fixes SA-2014-01, CVE-2014-2323, CVE-2014-2324
[1]
http://seclists.org/oss-sec/2014/q1/561
[2]
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
[3]
http://www.lighttpd.net/2014/3/12/1.4.35/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Jon Ciesla <limburgher(a)gmail.com> - 1.4.35-1
- 1.4.35, SA-2014-01.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075711 - CVE-2014-2324 CVE-2014-2323 lighttpd: SQL injection and directory
traversal vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1075711
[ 2 ] Bug #1075710 - CVE-2014-2324 CVE-2014-2323 lighttpd: SQL injection and directory
traversal vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1075710
--------------------------------------------------------------------------------
================================================================================
mediawiki119-1.19.13-1.el6 (FEDORA-EPEL-2014-0846)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
Update to 1.19.13
Fix permissions on cache and images directories.
Update to 1.19.12
Update to 1.19.12
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 Patrick Uiterwijk <puiterwijk(a)redhat.com> - 1.19.13-1
- Update to 1.19.13
* Mon Mar 3 2014 Patrick Uiterwijk <puiterwijk(a)redhat.com> - 1.19.12-2
- Fix directory permissions
* Fri Feb 28 2014 Patrick Uiterwijk <puiterwijk(a)redhat.com> - 1.19.12-1
- Update to 1.19.12
- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces.
Also disallow iframe elements. User will get an error including the namespace name if they
use a non- whitelisted namespace.
- (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token
comparison would be vulnerable to timing attacks. This will take constant time.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1071139 - CVE-2014-2244 mediawiki: HTML injection
https://bugzilla.redhat.com/show_bug.cgi?id=1071139
[ 2 ] Bug #1071136 - CVE-2014-2243 mediawiki: timing attack on token
https://bugzilla.redhat.com/show_bug.cgi?id=1071136
[ 3 ] Bug #1071135 - CVE-2014-2242 mediawiki: cross-site scripting flaw when handling
SVG images
https://bugzilla.redhat.com/show_bug.cgi?id=1071135
--------------------------------------------------------------------------------
================================================================================
msmtp-1.4.32-1.el6 (FEDORA-EPEL-2014-0827)
SMTP client
--------------------------------------------------------------------------------
Update Information:
Update to version 1.4.32
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 Niels de Vos <devos(a)fedoraproject.org> - 1.4.32-1
- Ver. 1.4.32 (#1074922)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074922 - msmtp-1.4.32 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1074922
--------------------------------------------------------------------------------
================================================================================
nodejs-ansistyles-0.1.3-4.el6 (FEDORA-EPEL-2014-0848)
Functions that surround a string with ansistyle codes so it prints in style
--------------------------------------------------------------------------------
Update Information:
add BuildArch noarch
--------------------------------------------------------------------------------
================================================================================
nodejs-grunt-contrib-nodeunit-0.3.2-1.el6 (FEDORA-EPEL-2014-0866)
Run Nodeunit unit tests with grunt
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #977124 - Review Request: nodejs-grunt-contrib-nodeunit - Run Nodeunit unit
tests with grunt
https://bugzilla.redhat.com/show_bug.cgi?id=977124
--------------------------------------------------------------------------------
================================================================================
python-crypto2.6-2.6.1-1.el6 (FEDORA-EPEL-2014-0841)
Cryptography library for Python
--------------------------------------------------------------------------------
Update Information:
* pycrypto 2.6 forward compat package for epel6
* Updated ansible
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074916 - Review Request: python-crypto2.6 - Cryptography library for Python
Description :
https://bugzilla.redhat.com/show_bug.cgi?id=1074916
--------------------------------------------------------------------------------
================================================================================
python-libcloud-0.14.1-1.el6 (FEDORA-EPEL-2014-0850)
A Python library to address multiple cloud provider APIs
--------------------------------------------------------------------------------
Update Information:
Release 0.14.1 includes some bug-fixes, improvements and new features
--------------------------------------------------------------------------------
================================================================================
python-pecan-0.4.5-1.el6 (FEDORA-EPEL-2014-0864)
A lean WSGI object-dispatching web framework
--------------------------------------------------------------------------------
Update Information:
- Latest upstream
--------------------------------------------------------------------------------
================================================================================
python-wsme-0.6-1.el6 (FEDORA-EPEL-2014-0842)
Web Services Made Easy
--------------------------------------------------------------------------------
Update Information:
- Latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 10 2014 Pádraig Brady <pbrady(a)redhat.com> - 0.6-1
- Latest upstream
* Mon Dec 16 2013 Pádraig Brady <pbrady(a)redhat.com> - 0.5b5-1
- Latest upstream
--------------------------------------------------------------------------------
================================================================================
qt5-qtbase-5.2.1-6.el6 (FEDORA-EPEL-2014-0809)
Qt5 - QtBase components
--------------------------------------------------------------------------------
Update Information:
This update fixes the Qt 5 QMake configuration to not strip built binaries, so that
dependent packages get valid -debuginfo packages.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 5.2.1-6
- reenable documentation
* Sat Mar 8 2014 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 5.2.1-5
- make the QMAKE_STRIP sed not sensitive to whitespace (see #1074041 in Qt 4)
* Tue Feb 18 2014 Rex Dieter <rdieter(a)fedoraproject.org> 5.2.1-4
- undefine QMAKE_STRIP (and friends), so we get useful -debuginfo pkgs (#1065636)
* Wed Feb 12 2014 Rex Dieter <rdieter(a)fedoraproject.org> 5.2.1-3
- bootstrap for libicu bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1065636 - python-qt5-debuginfo-5.2-3.fc21 is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1065636
[ 2 ] Bug #1074862 - docs accidentally dropped on epel6 testing
https://bugzilla.redhat.com/show_bug.cgi?id=1074862
--------------------------------------------------------------------------------
================================================================================
racoon2-20100526a-28.el6 (FEDORA-EPEL-2014-0771)
An implementation of key management system for IPsec
--------------------------------------------------------------------------------
Update Information:
This updated fixes a number of bug reports filed with the respective Fedora package.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 Pavel Šimerda <psimerda(a)redhat.com> - 20100526a-28
- #995743 - avoid recently added dependency
* Wed Feb 19 2014 Pavel Šimerda <psimerda(a)redhat.com> - 20100526a-27
- #995745 - /etc/racoon2/psk and /etc/racoon2/cert references in vals.conf are not
created
- #995743 - racoon2-genpsk missing dependancies
* Mon Feb 17 2014 Pavel Šimerda <psimerda(a)redhat.com> - 20100526a-26
- #955458 - hardened build
- fix build failure by reconfiguring spmd subdirectory
* Mon Feb 17 2014 Pavel Šimerda <psimerda(a)redhat.com> - 20100526a-25
- #914426 - fix build failure affecting Fedora >= 18
* Tue Jan 7 2014 Pavel Šimerda <psimerda(a)redhat.com> - 20100526a-24
- #850290 - use systemd-rpm macros
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074260 - racoon2 unresolved dependencies on epel6
https://bugzilla.redhat.com/show_bug.cgi?id=1074260
--------------------------------------------------------------------------------
================================================================================
rkhunter-1.4.2-1.el6 (FEDORA-EPEL-2014-0859)
A host-based tool to scan for rootkits, backdoors and local exploits
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.2 with a number of bugfixes and enhancements
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Kevin Fenzi <kevin(a)scrye.com> 1.4.2-1
- Update to 1.4.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #828331 - check scan incorrectly handles file names with spaces
https://bugzilla.redhat.com/show_bug.cgi?id=828331
[ 2 ] Bug #1062865 - Rkhunter stops short when syslog daemon is not running
https://bugzilla.redhat.com/show_bug.cgi?id=1062865
[ 3 ] Bug #994706 - rkhunter needs to correctly handle unhide output
https://bugzilla.redhat.com/show_bug.cgi?id=994706
[ 4 ] Bug #1071547 - Error: Invalid display - keyword cannot be found: Display line:
display --to LOG --type INFO NETWORK_PROMISC_NO_IP
https://bugzilla.redhat.com/show_bug.cgi?id=1071547
--------------------------------------------------------------------------------
================================================================================
shogun-data-0.8.1-0.4.git20140303.6615cf0.el6 (FEDORA-EPEL-2014-0869)
Data-files for the SHOGUN machine learning toolbox
--------------------------------------------------------------------------------
Update Information:
* updated to new snapshot git20140303.6615cf007634595d459853bf4dc6f1a227d2450c
* added a macro for use in other spec-files
* place rpm-macros into proper location
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1068941 - shogun-data 0.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1068941
[ 2 ] Bug #1074285 - shogun-data installs macros files to /etc/rpm
https://bugzilla.redhat.com/show_bug.cgi?id=1074285
--------------------------------------------------------------------------------
================================================================================
textcat-1.10-1.el6 (FEDORA-EPEL-2014-0828)
Written language identification
--------------------------------------------------------------------------------
Update Information:
initial rpm release (#1075662)
-----
TextCat is an implementation of the text categorization algorithm presented in Cavnar, W.
B. and J. M. Trenkle, "N-Gram-Based Text Categorization". TextCat uses this the
technique to implement a written language identification. At the moment, it knows about 69
natural languages (counting Esperanto as a natural language).
-----
Testing is quite easy: Take a sample text in some language with a few sentences and save
it as plain text. Invoke `textcat $yourtext` and it should give you the name of the
language the text is written in to stdout. If it doesn't know the language you will
get message about, too. If there are different possibilities of languages to will give
you the list of possible languages concaternated by 'or'.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075662 - Review Request: textcat - Written language identification
https://bugzilla.redhat.com/show_bug.cgi?id=1075662
--------------------------------------------------------------------------------
================================================================================
wemux-3.2.0-1.el6 (FEDORA-EPEL-2014-0874)
Multi-user terminal multiplexing utility
--------------------------------------------------------------------------------
Update Information:
This version contains the new summon commands which lets the host bring his loyal rogues
and pairs to his screen any time, or set all users to mirrored mode at all.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------