The following Fedora EPEL 6 Security updates need testing:
Age URL
924
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
142
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
21
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3286/facter-1.6....
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3....
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3527/asterisk-1....
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3533/phpMyAdmin-...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3561/nginx-1.0.1...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3647/konversatio...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3589/hostapd-2.0...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3623/Pound-2.6-2...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3632/seamonkey-2...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2069/php-channel...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3680/php-ZendFra...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3748/tnftp-20141...
The following builds have been pushed to Fedora EPEL 6 updates-testing
createrepo_c-0.7.1-1.el6
gambit-c-4.7.3-1.el6
geany-themes-1.24-1.el6
getdns-0.1.5-1.el6
golang-github-russross-blackfriday-1.2-3.el6
libgeotiff-1.2.5-6.el6
mg-20141007-1.el6
nodejs-seq-0.3.5-3.el6
pdns-recursor-3.6.2-1.el6
php-ZendFramework2-2.2.8-2.el6
python-ase-3.8.1.3440-13.el6
tnftp-20141031-1.el6
vile-9.8o-1.el6
Details about builds:
================================================================================
createrepo_c-0.7.1-1.el6 (FEDORA-EPEL-2014-3762)
Creates a common metadata repository
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.1
Update to 0.7.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.1-1
- Mergerepo: Fix mergerepo
- Mergerepo: Add some debugging of metadata read.
* Mon Oct 20 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.0-1
- deltarpms: Update module to work with current version of drpm
- mergerepo_c: Add --omit-baseurl option
- craterepo_c: Gen empty repo if empty pkglist is used
- Docs: Output python docs to separate directory
- Several small fixes
* Tue Aug 12 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.6.1-1
- updateinfo: Use Python datetime objects in python bindings
* Tue Aug 5 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.6.0-1
- Support for updateinfo.xml manipulation (including Python bindings)
* Fri Jul 18 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.5.0-1
- Experimental delta rpm (DRPM) support (Disabled in Fedora build).
--------------------------------------------------------------------------------
================================================================================
gambit-c-4.7.3-1.el6 (FEDORA-EPEL-2014-3766)
Scheme programming system
--------------------------------------------------------------------------------
Update Information:
Latest Gambit-C release, see
https://github.com/feeley/gambit/commits for commits between
2014-02-05 and 2014-07-23 for changes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 30 2014 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 4.7.3-1
- Update to 4.7.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1124050 - gambit-c-4.7.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1124050
--------------------------------------------------------------------------------
================================================================================
geany-themes-1.24-1.el6 (FEDORA-EPEL-2014-3687)
A collection of syntax highlighting color schemes for Geany
--------------------------------------------------------------------------------
Update Information:
The is the first Geany-Themes package for EPEL6!
--------------------------------------------------------------------------------
================================================================================
getdns-0.1.5-1.el6 (FEDORA-EPEL-2014-3764)
Modern asynchronous API to the DNS
--------------------------------------------------------------------------------
Update Information:
Updated to 0.1.5 with bugfixes and persistent TCP connections
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Paul Wouters <pwouters(a)redhat.com> - 0.1.5-1
- Updated to 0.1.5 with bugfixes and persistent TCP connections
- Example code moved into spec/
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.1.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Jul 2 2014 Paul Wouters <pwouters(a)redhat.com> - 0.1.3-1
- Updated to 0.1.3
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.1.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 22 2014 Paul Wouters <pwouters(a)redhat.com> - 0.1.1-2
- Build with libevent support
--------------------------------------------------------------------------------
================================================================================
golang-github-russross-blackfriday-1.2-3.el6 (FEDORA-EPEL-2014-3750)
Markdown processor implemented in Go
--------------------------------------------------------------------------------
Update Information:
include fedora/rhel arch conditionals
--------------------------------------------------------------------------------
================================================================================
libgeotiff-1.2.5-6.el6 (FEDORA-EPEL-2014-3747)
GeoTIFF format library
--------------------------------------------------------------------------------
Update Information:
Update URL, un-retire.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 30 2014 Orion Poplawski <orion(a)cora.nwra.com> - 1.2.5-6
- Update URL and Source
- Drop buildroot, clean, and defattr
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1158983 - Review Request: libgeotiff - GeoTIFF format library
https://bugzilla.redhat.com/show_bug.cgi?id=1158983
--------------------------------------------------------------------------------
================================================================================
mg-20141007-1.el6 (FEDORA-EPEL-2014-3734)
Tiny Emacs-like editor
--------------------------------------------------------------------------------
Update Information:
upgrade to 20141007
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 30 2014 Mark McKinstry <mmckinst(a)nexcess.net> - 20141007-1
- upgrade to 20141007 (RHBZ#1150492)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
20140414-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150492 - mg-20141007 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1150492
--------------------------------------------------------------------------------
================================================================================
nodejs-seq-0.3.5-3.el6 (FEDORA-EPEL-2014-3741)
An asynchronous flow control library
--------------------------------------------------------------------------------
Update Information:
Initial package. Fix chainsaw module dependency version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1142050 - Review Request: nodejs-seq - An asynchronous flow control library
https://bugzilla.redhat.com/show_bug.cgi?id=1142050
[ 2 ] Bug #1159350 - invalid dependency on epel6
https://bugzilla.redhat.com/show_bug.cgi?id=1159350
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-3.6.2-1.el6 (FEDORA-EPEL-2014-3742)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
- Update to 3.6.2
- Enable security status polling
Version 3.6.2 is a bugfix update to 3.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Morten Stevens <mstevens(a)imt-systems.com> - 3.6.2-1
- Update to 3.6.2
- Enable security status polling
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework2-2.2.8-2.el6 (FEDORA-EPEL-2014-3680)
Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
# Security Fixes
- **ZF2014-05**: Due to an issue that existed in PHP's LDAP extension, it is possible
to perform an unauthenticated simple bind against a LDAP server by using a null byte for
the password, regardless of whether or not the user normally requires a password. We have
provided a patch in order to protect users of unpatched PHP versions (PHP 5.5 <=
5.5.11, PHP 5.4 <= 5.4.27, all versions of PHP 5.3 and below). If you use Zend\Ldap and
are on an affected version of PHP, we recommend upgrading immediately.
- **ZF2014-06**: A potential SQL injection vector existed when using a SQL Server adapter
to manually quote values due to the fact that it was not escaping null bytes. Code was
added to ensure null bytes are escaped, and thus mitigate the SQLi vector. We do not
recommend manually quoting values, but if you do, and use the SQL Server adapter without
PDO, we recommend upgrading immediately.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.2.8-2
- Removed invalid zend-resources require from Validation component
* Tue Oct 28 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.2.8-1
- Updated to 2.2.8
- BZ #1151276 / CVE-2014-8088 / ZF2014-05
- BZ #1151277 / CVE-2014-8089 / ZF2014-06
- BZ #1151278 (fedora)
- BZ #1151280 (epel6)
- Added composer virtual provides and requires
- APC optional for ProgressBar component
- Added tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP
without knowing the password (ZF2014-05)
https://bugzilla.redhat.com/show_bug.cgi?id=1151276
[ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue when using the
sqlsrv PHP extension (ZF2014-06)
https://bugzilla.redhat.com/show_bug.cgi?id=1151277
--------------------------------------------------------------------------------
================================================================================
python-ase-3.8.1.3440-13.el6 (FEDORA-EPEL-2014-3740)
Atomic Simulation Environment
--------------------------------------------------------------------------------
Update Information:
larger icon
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Marcin Dulak <Marcin.Dulak(a)gmail.com> - 3.8.1.3440-13
- larger icon -
https://bugzilla.redhat.com/show_bug.cgi?id=1157516
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.8.1.3440-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat May 3 2014 Björn Esser <bjoern.esser(a)gmail.com> - 3.8.1.3440-11
- failsafe backport of Python2-macros for RHEL <= 6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1157516 - Application icon is too small to be used in the software center
https://bugzilla.redhat.com/show_bug.cgi?id=1157516
--------------------------------------------------------------------------------
================================================================================
tnftp-20141031-1.el6 (FEDORA-EPEL-2014-3748)
FTP (File Transfer Protocol) client from NetBSD
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-8517
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 David Cantrell <dcantrell(a)redhat.com> - 20141031-1
- Upgrade to tnftp-20141031 to fix CVE-2014-8517 (#1158287)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1158286 - CVE-2014-8517 tnftp: ftp client could be forced to execute
arbitrary commands
https://bugzilla.redhat.com/show_bug.cgi?id=1158286
--------------------------------------------------------------------------------
================================================================================
vile-9.8o-1.el6 (FEDORA-EPEL-2014-3735)
VI Like Emacs
--------------------------------------------------------------------------------
Update Information:
upgrade to 9.8o
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Mark McKinstry <mmckinst(a)example.com> - 9.8o-1
- upgrade to 9.8o
* Fri Sep 12 2014 Mark McKinstry <mmckinst(a)example.com> - 9.8n-1
- upgrade to 9.8n
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
9.8m-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1116919 - vile-9.8o is available
https://bugzilla.redhat.com/show_bug.cgi?id=1116919
--------------------------------------------------------------------------------