The following Fedora EPEL 6 Security updates need testing: Age URL 944 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 163 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-... 34 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1... 30 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3527/asterisk-1.8.3... 20 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3748/tnftp-20141031... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3851/python-request... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3927/drupal7-ckedit... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3962/oath-toolkit-2... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4005/nginx-1.0.15-1... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3975/polarssl-1.3.2... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2069/php-channel-ph... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4057/moodle-2.5.9-1... 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4151/lsyncd-2.1.4-4... 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4144/nodejs-0.10.33... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4165/python-eyed3-0... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4176/clamav-0.98.5-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4233/drupal6-6.34-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4237/drupal7-7.34-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4192/wordpress-4.0.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4211/phpMyAdmin-4.0...

The following builds have been pushed to Fedora EPEL 6 updates-testing

apcupsd-3.14.12-1.el6 drupal6-6.34-1.el6 drupal7-7.34-1.el6 edg-mkgridmap-4.0.0-8.el6 golang-github-emicklei-go-restful-0-0.1.gitad99b12.el6 golang-github-vishvananda-netlink-0-0.1.git2187ba6.el6 golang-github-vishvananda-netns-0-0.1.gite14a2d4.el6 gpaw-0.10.0.11364-8.el6 grass-6.4.4-6.el6 packagedb-cli-2.6-1.el6 perl-File-ConfigDir-0.014-1.el6 perl-Net-SMTPS-0.04-1.el6 phpMyAdmin-4.0.10.6-1.el6 privoxy-3.0.22-1.el6 python-copr-1.55-1.el6 python-docker-py-0.6.0-1.el6 qpid-dispatch-0.2-9.el6 wordpress-4.0.1-1.el6

Details about builds:

================================================================================ apcupsd-3.14.12-1.el6 (FEDORA-EPEL-2014-4191) APC UPS Power Control Daemon for Linux -------------------------------------------------------------------------------- Update Information:

- updated to 3.14.12 -------------------------------------------------------------------------------- ChangeLog:

* Fri Nov 21 2014 Michal Hlavinka mhlavink@redhat.com - 3.14.12-1 - apcupsd updated to 3.14.10 - force lock dir to /var/lock * Thu Feb 27 2014 Michal Hlavinka mhlavink@redhat.com - 3.14.10-3 - suppress error message when /etc/nologin does not exist -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1082250 - Workaround for UPS firmware bug causing killpower to execute repeatedly in a loop https://bugzilla.redhat.com/show_bug.cgi?id=1082250 --------------------------------------------------------------------------------

================================================================================ drupal6-6.34-1.el6 (FEDORA-EPEL-2014-4233) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:

https://www.drupal.org/SA-CORE-2014-006 * Update to Drupal 6. * Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes.

-------------------------------------------------------------------------------- ChangeLog:

* Thu Nov 20 2014 Jon Ciesla limburgher@gmail.com - 6.34-1 - 6.34, DRUPAL-SA-CORE-2014-006 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166100 [ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1127539 [ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166246 [ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166247 --------------------------------------------------------------------------------

================================================================================ drupal7-7.34-1.el6 (FEDORA-EPEL-2014-4237) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:

https://www.drupal.org/SA-CORE-2014-006 - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- ChangeLog:

* Thu Nov 20 2014 Jon Ciesla limburgher@gmail.com - 7.34-1 - 7.34, DRUPAL-SA-CORE-2014-006. * Tue Nov 11 2014 Peter Borsa peter.borsa@gmail.com - 7.33-1 - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166101 [ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166249 [ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166250 --------------------------------------------------------------------------------

================================================================================ edg-mkgridmap-4.0.0-8.el6 (FEDORA-EPEL-2014-4195) A tool to build the grid map-file from VO servers -------------------------------------------------------------------------------- Update Information:

Added missing dependency on "perl(LWP::Protocol::https)" -------------------------------------------------------------------------------- ChangeLog:

* Fri Nov 21 2014 Alejandro Alvarez Ayllon aalvarez@cern.ch - 4.0.0-8 - Added Requires perl(LWP::Protocol::https) * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar ppisar@redhat.com - 4.0.0-5 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1165991 - edg-mkgridmap missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1165991 --------------------------------------------------------------------------------

================================================================================ golang-github-emicklei-go-restful-0-0.1.gitad99b12.el6 (FEDORA-EPEL-2014-4209) Package for building REST-style Web Services using Google Go -------------------------------------------------------------------------------- Update Information:

First package for Fedora -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1164152 - Review Request: golang-github-emicklei-go-restful - Package for building REST-style Web Services using Google Go https://bugzilla.redhat.com/show_bug.cgi?id=1164152 --------------------------------------------------------------------------------

================================================================================ golang-github-vishvananda-netlink-0-0.1.git2187ba6.el6 (FEDORA-EPEL-2014-4227) Simple netlink library for go -------------------------------------------------------------------------------- Update Information:

First package for Fedora -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1164176 - Review Request: golang-github-vishvananda-netlink - Simple netlink library for go https://bugzilla.redhat.com/show_bug.cgi?id=1164176 --------------------------------------------------------------------------------

================================================================================ golang-github-vishvananda-netns-0-0.1.gite14a2d4.el6 (FEDORA-EPEL-2014-4234) Simple network namespace handling for go -------------------------------------------------------------------------------- Update Information:

First package for Fedora -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1164170 - Review Request: golang-github-vishvananda-netns - Simple network namespace handling for go https://bugzilla.redhat.com/show_bug.cgi?id=1164170 --------------------------------------------------------------------------------

================================================================================ gpaw-0.10.0.11364-8.el6 (FEDORA-EPEL-2014-4190) A grid-based real-space PAW method DFT code -------------------------------------------------------------------------------- Update Information:

Fixes #1155087 -------------------------------------------------------------------------------- ChangeLog:

* Thu Nov 20 2014 Marcin Dulak Marcin.Dulak@gmail.com - 0.10.0.11364-8 - new style of linking blacs on EL6 * Thu Oct 23 2014 Marcin Dulak Marcin.Dulak@gmail.com - 0.10.0.11364-7 - mpich version 3 in EL6 - use atlas on aarch64 - ppc64 on EL7 * Sat Aug 16 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.10.0.11364-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1155087 - gpaw-mpich2 and gpaw-openmpi broke on rhel 6.6 update https://bugzilla.redhat.com/show_bug.cgi?id=1155087 --------------------------------------------------------------------------------

================================================================================ grass-6.4.4-6.el6 (FEDORA-EPEL-2014-4199) GRASS - Geographic Resources Analysis Support System -------------------------------------------------------------------------------- Update Information:

Adding grass to EPEL --------------------------------------------------------------------------------

================================================================================ packagedb-cli-2.6-1.el6 (FEDORA-EPEL-2014-4203) A CLI for pkgdb -------------------------------------------------------------------------------- Update Information:

* Update to packagedb-cli 2.6 * New structure: use the traditional python module structure instead of two python files * Do one API call for `orphan --retire` * Prevent user from retiring packages that have no dead.package file * Add support for obsoleting ACL requests (Stanislav Ochotnicky) * Enable restricting orphan to a specific user (while specifying more branches) * Enable restricting give to a specific user (while specifying more branches) * Let the unorphan action call the unorphan API endpoint * When listing packages, encode the output as UTF-8 before printing -------------------------------------------------------------------------------- ChangeLog:

* Fri Nov 21 2014 Pierre-Yves Chibon pingou@pingoured.fr - 2.6-1 - Update to 2.6 - New structure: use the traditional python module structure instead of two python files - Do one API call for `orphan --retire` - Prevent user from retiring packages that have no dead.package file - Add support for obsoleting ACL requests (Stanislav Ochotnicky) - Enable restricting orphan to a specific user (while specifying more branches) - Enable restricting give to a specific user (while specifying more branches) - Let the unorphan action call the unorphan API endpoint - When listing packages, encode the output as UTF-8 before printing --------------------------------------------------------------------------------

================================================================================ perl-File-ConfigDir-0.014-1.el6 (FEDORA-EPEL-2014-4222) Get directories of configuration files -------------------------------------------------------------------------------- Update Information:

Fix typo in pod, update README -------------------------------------------------------------------------------- ChangeLog:

* Sat Nov 22 2014 David Dick ddick@cpan.org - 0.014-1 - Fix typo in pod, update README * Fri Aug 29 2014 Jitka Plesnikova jplesnik@redhat.com - 0.013-2 - Perl 5.20 rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1163231 - perl-File-ConfigDir-0.014 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163231 --------------------------------------------------------------------------------

================================================================================ perl-Net-SMTPS-0.04-1.el6 (FEDORA-EPEL-2014-4214) SSL/STARTTLS support for Net::SMTP -------------------------------------------------------------------------------- Update Information:

Update to Authen::SASL version requirements -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1159516 - perl-Net-SMTPS-0.04 is available https://bugzilla.redhat.com/show_bug.cgi?id=1159516 --------------------------------------------------------------------------------

================================================================================ phpMyAdmin-4.0.10.6-1.el6 (FEDORA-EPEL-2014-4211) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:

phpMyAdmin 4.0.10.6 (2014-11-20) ================================

- [security] XSS vulnerability in table print view - [security] XSS vulnerability in zoom search page - [security] Path traversal in file inclusion of GIS factory - [security] XSS in multi submit - [security] XSS through pma_fontsize cookie -------------------------------------------------------------------------------- ChangeLog:

* Thu Nov 20 2014 Robert Scheck robert@fedoraproject.org 4.0.10.6-1 - Upgrade to 4.0.10.6 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13) https://bugzilla.redhat.com/show_bug.cgi?id=1166619 [ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) https://bugzilla.redhat.com/show_bug.cgi?id=1166626 --------------------------------------------------------------------------------

================================================================================ privoxy-3.0.22-1.el6 (FEDORA-EPEL-2014-4201) Privacy enhancing proxy -------------------------------------------------------------------------------- Update Information:

Latest upstream bugfix release. -------------------------------------------------------------------------------- ChangeLog:

* Fri Nov 21 2014 Jon Ciesla limburgher@gmail.com - 3.0.22-1 - Update to 3.0.22, BZ 1166398. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1166398 - privoxy-3.0.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166398 --------------------------------------------------------------------------------

================================================================================ python-copr-1.55-1.el6 (FEDORA-EPEL-2014-4215) Python interface for Copr -------------------------------------------------------------------------------- Update Information:

update python-copr to 1.55 New package -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1131616 - Review Request: python-copr - Python client to access copr service https://bugzilla.redhat.com/show_bug.cgi?id=1131616 --------------------------------------------------------------------------------

================================================================================ python-docker-py-0.6.0-1.el6 (FEDORA-EPEL-2014-4225) An API client for docker written in Python -------------------------------------------------------------------------------- Update Information:

Resolves: rhbz#1160293 - update to 0.6.0 Resolves: rhbz#1145511 - version bump to 0.5.0 -------------------------------------------------------------------------------- ChangeLog:

* Fri Nov 21 2014 Lokesh Mandvekar lsm5@fedoraproject.org - 0.6.0-1 - Resolves: rhbz#1160293 - update to 0.6.0 * Thu Oct 23 2014 Lokesh Mandvekar lsm5@fedoraproject.org - 0.5.3-2 - Resolves: rhbz#1145895 - versioned python-requests req only for f21+ * Wed Oct 22 2014 Lokesh Mandvekar lsm5@fedoraproject.org - 0.5.3-1 - Resolves: rhbz#1153991 - update to 0.5.3 * Tue Sep 23 2014 Tom Prince tom.prince@clusterhq.com - 0.5.0-2 - Specify depedencies to match those in setup.py * Mon Sep 22 2014 Tom Prince tom.prince@clusterhq.com - 0.5.0-1 - Resolves: rhbz#1145511 - version bump to 0.5.0 * Tue Aug 26 2014 Lokesh Mandvekar lsm5@fedoraproject.org - 0.4.0-3 - correct bogus date * Tue Aug 26 2014 Lokesh Mandvekar lsm5@fedoraproject.org - 0.4.0-2 - rewrite BR&R conditionals for docker/docker-io * Thu Aug 21 2014 Lokesh Mandvekar lsm5@fedoraproject.org - 0.4.0-1 - update to 0.4.0 - Resolves: rhbz#1132604 (epel7 only) * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1160293 - python-docker-py-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1160293 [ 2 ] Bug #1145511 - python-docker-py-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1145511 --------------------------------------------------------------------------------

================================================================================ qpid-dispatch-0.2-9.el6 (FEDORA-EPEL-2014-4189) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information:

Fixed a merge issue that resulted in two patches not being applied. DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. -------------------------------------------------------------------------------- ChangeLog:

* Thu Nov 20 2014 Darryl L. Pierce dpierce@redhat.com - 0.2-9 - Fixed a merge issue that resulted in two patches not being applied. - Resolves: BZ#1165691 * Wed Nov 19 2014 Darryl L. Pierce dpierce@redhat.com - 0.2-8 - DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. - Include systemd service file for EPEL7 packages. - Brought systemd support up to current Fedora packaging guidelines. - Resolves: BZ#1165691 - Resolves: BZ#1165681 * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1165691 - Man page for qdstat.conf is missing https://bugzilla.redhat.com/show_bug.cgi?id=1165691 [ 2 ] Bug #1165681 - RPMs do not provide a systemd service unit file https://bugzilla.redhat.com/show_bug.cgi?id=1165681 --------------------------------------------------------------------------------

================================================================================ wordpress-4.0.1-1.el6 (FEDORA-EPEL-2014-4192) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:

WordPress 4.0.1 Security Release

See: https://wordpress.org/news/2014/11/wordpress-4-0-1/ -------------------------------------------------------------------------------- ChangeLog:

* Fri Nov 21 2014 Remi Collet remi@fedoraproject.org - 4.0.1-1 - WordPress 4.0.1 Security Release - use system php-getid3 when available #1145574 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release https://bugzilla.redhat.com/show_bug.cgi?id=1166468 --------------------------------------------------------------------------------