The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0928/libpng10-1.0.5... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0929/drupal7-ctools... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0349/bugzilla-3.4.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0927/openstack-nova... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0921/trytond-1.8.6-... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0850/drupal6-date-2... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0943/asterisk-1.8.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0941/perl-Pod-Plain... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0795/nginx-1.0.14-1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0916/openstack-keys... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribbl...
The following builds have been pushed to Fedora EPEL 6 updates-testing
asterisk-1.8.11.0-1.el6 gambit-c-4.6.5-2.el6 perl-Perl-Destruct-Level-0.02-2.el6 perl-Pod-Plainer-1.03-1.el6
Details about builds:
================================================================================ asterisk-1.8.11.0-1.el6 (FEDORA-EPEL-2012-0943) The Open Source PBX -------------------------------------------------------------------------------- Update Information:
Update to 1.8.11.0 Update to 1.8.10.1, which fixes 2 security vulnerabilities. -------------------------------------------------------------------------------- ChangeLog:
* Fri Mar 30 2012 Russell Bryant russell@russellbryant.net - 1.8.11.0-1 - Update to 1.8.11.0 * Sat Mar 17 2012 Russell Bryant russell@russellbryant.net - 1.8.10.1-1 - Update to 1.8.10.1 from upstream. - Fix remote stack overflow in app_milliwatt. - Fix remote stack overflow, including possible code injection, in HTTP digest authentication handling. - Diable build of SRTP on ppc64, as it doesn't build right now. - Resolves: rhbz#804045, rhbz#804038, rhbz#804042 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #804038 - CVE-2012-1183 asterisk: Stack-based buffer overwrite by processing large audio packet in Miliwatt application (AST-2012-002) https://bugzilla.redhat.com/show_bug.cgi?id=804038 [ 2 ] Bug #804042 - CVE-2012-1184 asterisk: Stack-based buffer overflow by processing certain HTTP Digest Authentication headers (AST-2012-003) https://bugzilla.redhat.com/show_bug.cgi?id=804042 --------------------------------------------------------------------------------
================================================================================ gambit-c-4.6.5-2.el6 (FEDORA-EPEL-2012-0920) Scheme programming system -------------------------------------------------------------------------------- Update Information:
- Latest upstream release - Use -O1 on ppc64; -O2 causes GCC internal compiler error -------------------------------------------------------------------------------- ChangeLog:
* Sat Mar 31 2012 Michel Salim salimma@fedoraproject.org - 4.6.5-2 - Reduce optimization level on ppc64 to work around gcc compilation error * Thu Mar 29 2012 Michel Salim salimma@fedoraproject.org - 4.6.5-1 - Update to 4.6.5 - Drop termite subpackages, they have been disabled for many releases - Disable ppc64 target for now; broken since 4.6.4 * Wed Feb 15 2012 Michel Salim salimma@fedoraproject.org - 4.6.4-1 - Update to 4.6.4 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #790373 - gambit-c-4.6.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=790373 --------------------------------------------------------------------------------
================================================================================ perl-Perl-Destruct-Level-0.02-2.el6 (FEDORA-EPEL-2012-0940) Allows you to change perl's internal destruction level -------------------------------------------------------------------------------- Update Information:
This is the first EPEL release of perl-Perl-Destruct-Level. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #802865 - Review Request: perl-Perl-Destruct-Level - Allows you to change perl's internal destruction level https://bugzilla.redhat.com/show_bug.cgi?id=802865 --------------------------------------------------------------------------------
================================================================================ perl-Pod-Plainer-1.03-1.el6 (FEDORA-EPEL-2012-0941) Perl extension for converting Pod to old-style Pod -------------------------------------------------------------------------------- Update Information:
The perl(Pod::Plainer) is requred by LSB 4.1, but was obsoleted by the Perl upstream. So new software MUST NOT uses this module. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #79 - Rootshell reported bug, shits.c https://bugzilla.redhat.com/show_bug.cgi?id=79 [ 2 ] Bug #9284 - files missing in latest build of irda-utils for beta3 https://bugzilla.redhat.com/show_bug.cgi?id=9284 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org
-
updates@fedoraproject.org