The following Fedora EPEL 6 Security updates need testing:
Age URL
704
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
134
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-...
51
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
46
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-clien...
36
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0845/asterisk-1....
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0846/mediawiki11...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0852/lighttpd-1....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0888/v8-3.14.5.1...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0889/moodle-2.4....
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0938/seamonkey-2...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0951/check-mk-1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0972/munin-2.0.1...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0980/perl-YAML-L...
The following builds have been pushed to Fedora EPEL 6 updates-testing
cscppc-1.0.3-1.el6
cswrap-1.0.3-1.el6
munin-2.0.19-2.el6
open-vm-tools-9.4.0-8.el6
ovirt-engine-cli-3.4.0.5-1.el6
ovirt-engine-sdk-python-3.4.0.6-1.el6
perl-Rose-DB-Object-0.811-1.el6
perl-YAML-LibYAML-0.38-4.el6
python-iso8601-0.1.10-1.el6
yapet-1.0-1.el6
Details about builds:
================================================================================
cscppc-1.0.3-1.el6 (FEDORA-EPEL-2014-0978)
A compiler wrapper that runs cppcheck in background
--------------------------------------------------------------------------------
Update Information:
initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1066026 - Review Request: cscppc - A compiler wrapper that runs cppcheck in
background
https://bugzilla.redhat.com/show_bug.cgi?id=1066026
--------------------------------------------------------------------------------
================================================================================
cswrap-1.0.3-1.el6 (FEDORA-EPEL-2014-0976)
Generic compiler wrapper
--------------------------------------------------------------------------------
Update Information:
initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1066028 - Review Request: cswrap - Generic compiler wrapper
https://bugzilla.redhat.com/show_bug.cgi?id=1066028
--------------------------------------------------------------------------------
================================================================================
munin-2.0.19-2.el6 (FEDORA-EPEL-2014-0972)
Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:
minor bugfix release:
- BZ# 1081254: Start asyncd after node
- BZ# 1028075: munin-node doesn't get added to chkconfig
Upstream update to 2.0.18, fixes CVE-2013-6359
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 D. Johnson <fenris02(a)fedoraproject.org> - 2.0.19-2
- BZ# 1081254: Start asyncd after node
- BZ# 1028075: munin-node doesn't get added to chkconfig
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037888 - CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws
fixed in 2.0.18
https://bugzilla.redhat.com/show_bug.cgi?id=1037888
--------------------------------------------------------------------------------
================================================================================
open-vm-tools-9.4.0-8.el6 (FEDORA-EPEL-2014-0967)
Open Virtual Machine Tools for virtual machines hosted on VMware
--------------------------------------------------------------------------------
Update Information:
Added package dependencies to address BZ#1045709 and BZ#1077320.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Ravindra Kumar <ravindrakumar(a)vmware.com> - 9.4.0-8
- Add missing package dependency on 'which' (BZ#1045709)
* Tue Mar 25 2014 Ravindra Kumar <ravindrakumar(a)vmware.com> - 9.4.0-7
- Add -D_DEFAULT_SOURCE to suppress warning as suggested in
https://sourceware.org/bugzilla/show_bug.cgi?id=16632
* Fri Mar 21 2014 Ravindra Kumar <ravindrakumar(a)vmware.com> - 9.4.0-6
- Add missing package dependencies (BZ#1045709, BZ#1077320)
* Tue Feb 18 2014 Igor Gnatenko <i.gnatenko.brain(a)gmail.com> - 9.4.0-5
- Fix FTBFS g_info redefine (RHBZ #1063847)
* Fri Feb 14 2014 David Tardon <dtardon(a)redhat.com> - 9.4.0-4
- rebuild for new ICU
* Tue Feb 11 2014 Richard W.M. Jones <rjones(a)redhat.com> - 9.4.0-3
- Only build on x86-64 for RHEL 7 (RHBZ#1054608).
* Wed Dec 4 2013 Richard W.M. Jones <rjones(a)redhat.com> - 9.4.0-2
- Rebuild for procps SONAME bump.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1045709 - open-vm-tools should depend on which
https://bugzilla.redhat.com/show_bug.cgi?id=1045709
[ 2 ] Bug #1077320 - open-vm-tools should depend on ifconfig
https://bugzilla.redhat.com/show_bug.cgi?id=1077320
--------------------------------------------------------------------------------
================================================================================
ovirt-engine-cli-3.4.0.5-1.el6 (FEDORA-EPEL-2014-0977)
oVirt Engine Command Line Interface
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.4.0.5
Update to upstream 3.3.0.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Juan Hernandez <juan.hernandez(a)redhat.com> - 3.4.0.5-1
- Update to upstream 3.4.0.5 in order to support version 3.4 of the
oVirt project.
* Wed Oct 9 2013 Juan Hernandez <juan.hernandez(a)redhat.com> - 3.3.0.5-1
- Update to upstream 3.3.0.5
--------------------------------------------------------------------------------
================================================================================
ovirt-engine-sdk-python-3.4.0.6-1.el6 (FEDORA-EPEL-2014-0974)
oVirt Engine Software Development Kit (Python)
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 3.4.0.6
Update to upstream 3.3.0.7
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Juan Hernandez <juan.hernandez(a)redhat.com> - 3.4.0.6-1
- Update to upstream version 3.4.0.6 in order to support release 3.4 of
the oVirt project.
* Wed Oct 9 2013 Juan Hernandez <juan.hernandez(a)redhat.com> - 3.3.0.7-1
- Update to upstream 3.3.0.7
--------------------------------------------------------------------------------
================================================================================
perl-Rose-DB-Object-0.811-1.el6 (FEDORA-EPEL-2014-0973)
Extensible, high performance object-relational mapper (ORM)
--------------------------------------------------------------------------------
Update Information:
update to version 0.811
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Bill Pemberton <wfp5p(a)worldbroken.com> - 0.811-1
- update to version 0.811
- fixes a bug that prevented many-to-many map records from being saved
to the database
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1055297 - perl-Rose-DB-Object-0.811 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1055297
--------------------------------------------------------------------------------
================================================================================
perl-YAML-LibYAML-0.38-4.el6 (FEDORA-EPEL-2014-0980)
Perl YAML Serialization using XS and libyaml
--------------------------------------------------------------------------------
Update Information:
This update addresses two security issues.
CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5
performs an incorrect cast, which allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via crafted tags in a YAML
document, which triggers a heap-based buffer overflow.
CVE-2014-2525: The library is affected by a heap-based buffer overflow which can lead to
arbitrary code execution. The vulnerability is caused by lack of proper expansion for the
string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML
file, with a long sequence of percent-encoded characters in a URL, can be used to trigger
the overflow.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Paul Howarth <paul(a)city-fan.org> - 0.38-4
- Fix LibYAML input sanitization errors (CVE-2014-2525)
- Fix heap-based buffer overflow when parsing YAML tags (CVE-2013-6393)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1078083 - CVE-2014-2525 libyaml: heap-based buffer overflow when parsing
URLs
https://bugzilla.redhat.com/show_bug.cgi?id=1078083
[ 2 ] Bug #1033990 - CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML
tags
https://bugzilla.redhat.com/show_bug.cgi?id=1033990
--------------------------------------------------------------------------------
================================================================================
python-iso8601-0.1.10-1.el6 (FEDORA-EPEL-2014-0970)
Simple module to parse ISO 8601 dates
--------------------------------------------------------------------------------
Update Information:
- New release to improve parsing validation
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Pádraig Brady <pbrady(a)redhat.com> - 0.1.10-1
- Latest upstream
--------------------------------------------------------------------------------
================================================================================
yapet-1.0-1.el6 (FEDORA-EPEL-2014-0975)
Curses based password encryption tool
--------------------------------------------------------------------------------
Update Information:
YAPET 1.0
* new user interface.
* colors can be customized in the configuration file.
* can be suspended by pressing ^Z (Control-Z).
* PET files can be exported to CSV using yapet2csv.
* dropped support of long command line options.
* new files are created by pressing 'E'.
* experimental support for multi-byte characters.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 27 2014 Christopher Meng <rpm(a)cicku.me> - 1.0-1
- Update to 1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1070207 - yapet-1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1070207
--------------------------------------------------------------------------------