The following Fedora EPEL 6 Security updates need testing:
Age URL
848
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
195
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
180
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
67
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
58
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1693/perl-Email-...
18
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2084/drupal7-dat...
18
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2088/tor-0.2.4.2...
17
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2099/v8-3.14.5.1...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2123/ReviewBoard...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2117/ansible-1.7...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2144/mediawiki11...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2159/iodine-0.7....
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2158/drupal7-7.3...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2148/drupal6-6.3...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2162/wordpress-3...
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2185/sks-1.1.5-2...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2218/pen-0.25.1-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2229/phpMyAdmin-...
The following builds have been pushed to Fedora EPEL 6 updates-testing
ceph-0.80.5-6.el6
fedora-review-0.5.2-1.el6
fts-mysql-3.2.26.2-1.el6
httpd-itk-2.2.22-7.el6
mlmmj-1.2.18.1-1.el6
pcc-1.1.0-0.2.20140817cvs.el6.1
php-gliph-0.1.8-1.el6
php-horde-Horde-Util-2.5.1-1.el6
php-htmLawed-1.1.18-1.el6
phpMyAdmin-4.0.10.2-1.el6
pidgin-sipe-1.18.3-1.el6
Details about builds:
================================================================================
ceph-0.80.5-6.el6 (FEDORA-EPEL-2014-2240)
User space components of the Ceph file system
--------------------------------------------------------------------------------
Update Information:
We need to downgrade the package to the latest stable version for epel 6, too. This
package also fixes many spec file bugs (several of them filed against rawhide).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1017495 - pkg Requires: ceph-disk utility imports 'argparse' module
https://bugzilla.redhat.com/show_bug.cgi?id=1017495
[ 2 ] Bug #1030402 - mount.ceph helper in wrong directory
https://bugzilla.redhat.com/show_bug.cgi?id=1030402
[ 3 ] Bug #1109895 - missing librbd symlink to enable CEPH support in qemu-kvm-rhev
https://bugzilla.redhat.com/show_bug.cgi?id=1109895
--------------------------------------------------------------------------------
================================================================================
fedora-review-0.5.2-1.el6 (FEDORA-EPEL-2014-2238)
Review tool for fedora rpm packages
--------------------------------------------------------------------------------
Update Information:
Update to latest bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 14 2014 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0.5.2-1
- Update to latest upstream bugfix release
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
fts-mysql-3.2.26.2-1.el6 (FEDORA-EPEL-2014-2237)
File Transfer Service V3 mysql plug-in
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 15 2014 Michal Simon <michal.simon(a)cern.ch> - 3.2.26.2-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
httpd-itk-2.2.22-7.el6 (FEDORA-EPEL-2014-2228)
MPM Itk for Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
Add httpd-2.2.15-CVE-2014-0226.patch (bz#1123504)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 18 2014 Pavel Alexeev <Pahan(a)Hubbitus.info> - 2.2.22-7
- Add httpd-2.2.15-CVE-2014-0226.patch (bz#1123504)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1123504 - upgrade of httpd of rhel6 to httpd.x86_64 0:2.2.15-31.el6_5 causes
of the latest version of httpd-itk (httpd-itk-2.2.22-6.el6.x86_64) to fail to start with
undefined symbol error.
https://bugzilla.redhat.com/show_bug.cgi?id=1123504
--------------------------------------------------------------------------------
================================================================================
mlmmj-1.2.18.1-1.el6 (FEDORA-EPEL-2014-2239)
A simple and slim mailing list manager inspired by ezmlm
--------------------------------------------------------------------------------
Update Information:
1.2.18.1
* Stop mlmmj-maintd deleting list posts while they are being sent
* Fix +list from crashing Mlmmj
* Fix bug that made double subscription possible
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 18 2014 Christopher Meng <rpm(a)cicku.me> - 1.2.18.1-1
- Update to 1.2.18.1
--------------------------------------------------------------------------------
================================================================================
pcc-1.1.0-0.2.20140817cvs.el6.1 (FEDORA-EPEL-2014-2233)
The Portable C Compiler
--------------------------------------------------------------------------------
Update Information:
Update to 20140817 by request of upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Susi Lehtola <jussilehtola(a)fedoraproject.org> -
1.1.0-0.1.20140817cvs
- Update to 20140817.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.0-0.2.20140420cvs.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 6 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.0-0.1.20140420cvs.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
php-gliph-0.1.8-1.el6 (FEDORA-EPEL-2014-2230)
A graph library for PHP
--------------------------------------------------------------------------------
Update Information:
[
0.1.8](https://github.com/sdboyer/gliph/releases/tag/0.1.8)
-------
* Detach the right splos
[
0.1.7](https://github.com/sdboyer/gliph/releases/tag/0.1.7)
-------
* Add _cleanupSplosTraversal() for callability in closures.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 0.1.8-1
- Updated to 0.1.8 (BZ #1125361)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1125361 - php-gliph-0.1.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1125361
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Util-2.5.1-1.el6 (FEDORA-EPEL-2014-2189)
Horde Utility Libraries
--------------------------------------------------------------------------------
Update Information:
Horde_Util 2.5.1
* [mms] Fix another issue with older versions of PHP in Horde_String_Transliterate.
Horde_Util 2.5.0
* [mms] Fix regression in Horde_String_Transliterate for PHP 5.3 (Bug #13419).
* [mms] Added Horde_String::ipos() and Horde_String::ripos().
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 16 2014 Remi Collet <remi(a)fedoraproject.org> - 2.5.1-1
- Update to 2.5.1
* Mon Aug 11 2014 Remi Collet <remi(a)fedoraproject.org> - 2.5.0-1
- Update to 2.5.0
--------------------------------------------------------------------------------
================================================================================
php-htmLawed-1.1.18-1.el6 (FEDORA-EPEL-2014-2235)
PHP code to purify and filter HTML
--------------------------------------------------------------------------------
Update Information:
Version 1.1.18 - 2 August 2014.
* Fix for a potential security vulnerability arising from specially encoded text with
serial opening tags
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Remi Collet <remi(a)fedoraproject.org> - 1.1.18-1
- update to 1.1.18 (security)
- fix license handling
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.2-1.el6 (FEDORA-EPEL-2014-2229)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.2 (2014-08-17)
================================
- [security] XSS in table browse page
- [security] Self-XSS in enum value editor
- [security] Self-XSSes in monitor
- [security] Self-XSS in query charts
- [security] XSS in relation view
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 18 2014 Robert Scheck <robert(a)fedoraproject.org> 4.0.10.2-1
- Upgrade to 4.0.10.2 (#1130865)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1130865 - CVE-2014-5273 phpMyAdmin: multiple cross-site scripting issues
(PMASA-2014-8)
https://bugzilla.redhat.com/show_bug.cgi?id=1130865
[ 2 ] Bug #1130866 - CVE-2014-5274 phpMyAdmin: cross-site scripting flaw on view
operations page (PMASA-2014-9)
https://bugzilla.redhat.com/show_bug.cgi?id=1130866
--------------------------------------------------------------------------------
================================================================================
pidgin-sipe-1.18.3-1.el6 (FEDORA-EPEL-2014-2234)
Pidgin protocol plugin to connect to MS Office Communicator
--------------------------------------------------------------------------------
Update Information:
New upstream release:
* adds support for EWS Autodiscover redirection
* fixes false "not delivered" errors in conference
* fixes incorrect HTML escaping for URLs
* fixes endless loop with failed HTTP Basic authentication
* fixes EWS autodiscover for some Office 365 users
* fixes missing "Copy to" in buddy menu
* fixes crash when PersistentChat sends BYE
* fixes joining of conference for some users
* fixes conference call ending in error message
* fixes EWS autodiscover for some Office 365 users
* UCS now honors email URL set by user
* fixes assert triggered by EWS autodiscover in older libxml2 versions
* fixes crash triggered by EWS autodiscover when glib2 < 2.30.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 16 2014 Stefan Becker <chemobejk(a)gmail.com> - 1.18.3-1
- update to 1.18.3:
- fixes audio/video call if host has IPv6 address (bz #1124510)
- fixes assert triggered by EWS autodiscover in older libxml2 versions
- fixes crash triggered by EWS autodiscover when glib2 < 2.30.0
* Sat Jun 7 2014 Stefan Becker <chemobejk(a)gmail.com> - 1.18.2-1
- update to 1.18.2:
- fixes crash when PersistentChat sends BYE
- fixes joining of conference for some users
- fixes conference call ending in error message
- fixes EWS autodiscover for some Office 365 users
- UCS now honors email URL set by user
* Sat Apr 12 2014 Stefan Becker <chemobejk(a)gmail.com> - 1.18.1-1
- update to 1.18.1:
- fixes false "not delivered" errors in conference
- fixes incorrect HTML escaping for URLs
- fixes endless loop with failed HTTP Basic authentication
- fixes EWS autodiscover for some Office 365 users
- fixes missing "Copy to" in buddy menu
* Sat Jan 11 2014 Stefan Becker <chemobejk(a)gmail.com> - 1.18.0-1
- update to 1.18.0:
- added support for EWS Autodiscover redirection
--------------------------------------------------------------------------------