The following Fedora EPEL 6 Security updates need testing:
Age URL
608
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
123
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61...
65
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11865/quassel-0....
38
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12324/munin-2.0....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12361/libreswan-...
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12386/v8-3.14.5....
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12403/djvulibre-...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12424/perl-Proc-...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12426/ngircd-21-...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12427/seamonkey-...
The following builds have been pushed to Fedora EPEL 6 updates-testing
NLopt-2.4.1-1.el6
dsniff-2.4-0.17.b1.el6
glite-lb-common-9.0.8-2.el6
libnet-1.1.6-7.el6
libuv-0.10.21-1.el6
ngrep-1.45-8.git20131221.16ba99a.el6
nodejs-0.10.24-1.el6
proftpd-1.3.3g-4.el6
trustedqsl-2.0.1-1.el6
youtube-dl-2013.12.17.2-1.el6
Details about builds:
================================================================================
NLopt-2.4.1-1.el6 (FEDORA-EPEL-2013-12452)
Open-Source library for nonlinear optimization
--------------------------------------------------------------------------------
Update Information:
new upstream release: v2.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 20 2013 Björn Esser <bjoern.esser(a)gmail.com> - 2.4.1-1
- new upstream release: v2.4.1
- adapted %{source0} to match %{name}
- changed `%global lc_name` to `%define lc_name`, because of globbing problems
- use `tr` instead of shell-builtin for `%define lc_name`
- move `README.md` only if existing
* Fri Dec 20 2013 Björn Esser <bjoern.esser(a)gmail.com> - 2.4-3.git20130903.35e6377
- made %clean-target conditional on el5
- restructured spec-file for quick switching between snapshot and release
- moved package-specific macros to the corresponding subpackage
--------------------------------------------------------------------------------
================================================================================
dsniff-2.4-0.17.b1.el6 (FEDORA-EPEL-2013-12451)
Tools for network auditing and penetration testing
--------------------------------------------------------------------------------
Update Information:
- Corrected patch which touches tabular data stream protocol handler
- Added a patch to add both communication partners in arpspoof
- Added patch to allow multiple targets to be imitated simultaniously
- Added patch to allow the selection of source hw address in arpspoof
- Added a patch which fixes and modernizes the POP decoder
- Fixed segmentation faults related to libnet_name2addr4() (#1009879)
- Added a patch to fix bit-shift in pntohl() macro (#714958, #850496)
- Avoid xdrs being used without being initialised (#715042, #850494)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 20 2013 Robert Scheck <robert(a)fedoraproject.org> 2.4-0.17.b1
- Corrected patch which touches tabular data stream protocol handler
- Added a patch to add both communication partners in arpspoof
- Added patch to allow multiple targets to be imitated simultaniously
- Added patch to allow the selection of source hw address in arpspoof
- Added a patch which fixes and modernizes the POP decoder
- Fixed segmentation faults related to libnet_name2addr4() (#1009879)
- Added a patch to fix bit-shift in pntohl() macro (#714958, #850496)
- Avoid xdrs being used without being initialised (#715042, #850494)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.4-0.16.b1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.4-0.15.b1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1009879 - [abrt] dsniff-2.4-0.14.b1.fc18: ___vsnprintf_chk: Process
/usr/sbin/arpspoof was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=1009879
[ 2 ] Bug #714958 - [PATCH] incorrect bit-shift in pntohl() macro
https://bugzilla.redhat.com/show_bug.cgi?id=714958
[ 3 ] Bug #850496 - [PATCH] incorrect bit-shift in pntohl() macro
https://bugzilla.redhat.com/show_bug.cgi?id=850496
[ 4 ] Bug #715042 - dsniff segfaults when decoding RPC packets on x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=715042
[ 5 ] Bug #850494 - dsniff segfaults when decoding RPC packets on x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=850494
--------------------------------------------------------------------------------
================================================================================
glite-lb-common-9.0.8-2.el6 (FEDORA-EPEL-2013-12453)
gLite Logging and Bookkeeping common headers and library
--------------------------------------------------------------------------------
Update Information:
Fix context initialization and failing unittests on 32-bit PowerPC platform.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 20 2013 František Dvořák <valtri(a)civ.zcu.cz> - 9.0.8-2
- Patch to fix build on 32-bit PPC (#1040396)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1040396 - FTBFS: self checks failing on PPC
https://bugzilla.redhat.com/show_bug.cgi?id=1040396
--------------------------------------------------------------------------------
================================================================================
libnet-1.1.6-7.el6 (FEDORA-EPEL-2013-12447)
C library for portable packet creation and injection
--------------------------------------------------------------------------------
Update Information:
- Upgrade to 1.1.6
- Conditionalized usage of %{_lib} vs %{_libdir} for RHEL < 7
- Tight run-time dependencies between sub-packages via %{?_isa}
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 20 2013 Robert Scheck <robert(a)fedoraproject.org> 1.1.6-7
- Run autoreconf to recognize aarch64 (#925813)
- Conditionalized usage of %{_lib} vs %{_libdir} for RHEL < 7
- Tight run-time dependencies between sub-packages via %{?_isa}
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.6-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.6-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.6-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Apr 2 2012 Jon Ciesla <limburgher(a)gmail.com> - 1.1.6-3
- Removed redundant leading slashes.
* Mon Apr 2 2012 Jon Ciesla <limburgher(a)gmail.com> - 1.1.6-2
- Move from lib to libdir.
* Fri Mar 30 2012 Jon Ciesla <limburgher(a)gmail.com> - 1.1.6-1
- Upgrade to 1.1.6, BZ 808394.
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libuv-0.10.21-1.el6 (FEDORA-EPEL-2013-12448)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
2013.12.18, node.js Version 0.10.24 (Stable)
* build: unix install node and dep library headers (Timothy J Fontaine)
* cluster, v8: fix --logfile=%p.log (Ben Noordhuis)
* module: only cache package main (Wyatt Preul)
2013.12.19, libuv Version 0.10.21 (Stable)
* unix: fix a possible memory leak in uv_fs_readdir (Alex Crichton)
2013.12.12, node.js Version 0.10.23 (Stable)
* build: include postmortem symbols on linux (Timothy J Fontaine)
* crypto: Make Decipher._flush() emit errors. (Kai Groner)
* dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny)
* events: do not accept NaN in setMaxListeners (Fedor Indutny)
* events: avoid calling `once` functions twice (Tim Wood)
* events: fix TypeError in removeAllListeners (Jeremy Martin)
* fs: report correct path when EEXIST (Fedor Indutny)
* process: enforce allowed signals for kill (Sam Roberts)
* tls: emit 'end' on .receivedShutdown (Fedor Indutny)
* tls: fix potential data corruption (Fedor Indutny)
* tls: handle `ssl.start()` errors appropriately (Fedor Indutny)
* tls: reset NPN callbacks after SNI (Fedor Indutny)
2013.12.13, libuv Version 0.10.20 (Stable)
* linux: fix up SO_REUSEPORT back-port (Ben Noordhuis)
* fs-event: fix invalid memory access (huxingyi)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 19 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1:0.10.21-1
- new upstream release 0.10.21
https://github.com/joyent/libuv/blob/v0.10.21/ChangeLog
* Thu Dec 12 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1:0.10.20-1
- new upstream release 0.10.20
https://github.com/joyent/libuv/blob/v0.10.20/ChangeLog
--------------------------------------------------------------------------------
================================================================================
ngrep-1.45-8.git20131221.16ba99a.el6 (FEDORA-EPEL-2013-12444)
Network layer grep tool
--------------------------------------------------------------------------------
Update Information:
- Checkout from official repo(BZ#1044630).
- Remove patch for system pcre as configure script can handle it now.
- Add format security check fix due to dumb GCC.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 21 2013 Christopher Meng <rpm(a)cicku.me> - 1.45-8.git20131221.16ba99a
- Checkout from official repo(BZ#1044630).
- Remove patch for system pcre as configure script can handle it now.
- Add format security check fix due to dumb GCC.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1044630 - ngrep completely broken with latest libpcap 1.5 snapshot
https://bugzilla.redhat.com/show_bug.cgi?id=1044630
--------------------------------------------------------------------------------
================================================================================
nodejs-0.10.24-1.el6 (FEDORA-EPEL-2013-12448)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
2013.12.18, node.js Version 0.10.24 (Stable)
* build: unix install node and dep library headers (Timothy J Fontaine)
* cluster, v8: fix --logfile=%p.log (Ben Noordhuis)
* module: only cache package main (Wyatt Preul)
2013.12.19, libuv Version 0.10.21 (Stable)
* unix: fix a possible memory leak in uv_fs_readdir (Alex Crichton)
2013.12.12, node.js Version 0.10.23 (Stable)
* build: include postmortem symbols on linux (Timothy J Fontaine)
* crypto: Make Decipher._flush() emit errors. (Kai Groner)
* dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny)
* events: do not accept NaN in setMaxListeners (Fedor Indutny)
* events: avoid calling `once` functions twice (Tim Wood)
* events: fix TypeError in removeAllListeners (Jeremy Martin)
* fs: report correct path when EEXIST (Fedor Indutny)
* process: enforce allowed signals for kill (Sam Roberts)
* tls: emit 'end' on .receivedShutdown (Fedor Indutny)
* tls: fix potential data corruption (Fedor Indutny)
* tls: handle `ssl.start()` errors appropriately (Fedor Indutny)
* tls: reset NPN callbacks after SNI (Fedor Indutny)
2013.12.13, libuv Version 0.10.20 (Stable)
* linux: fix up SO_REUSEPORT back-port (Ben Noordhuis)
* fs-event: fix invalid memory access (huxingyi)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 19 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.10.24-1
- new upstream release 0.10.24
http://blog.nodejs.org/2013/12/19/node-v0-10-24-stable/
- upstream install script installs the headers now
* Thu Dec 12 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.10.23-1
- new upstream release 0.10.23
http://blog.nodejs.org/2013/12/11/node-v0-10-23-stable/
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3g-4.el6 (FEDORA-EPEL-2013-12446)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update adds 3072-bit, 7680-bit and 8192-bit Diffie-Hellman group parameters, needed
for support of some ciphers such as aes-256-ctr.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 20 2013 Paul Howarth <paul(a)city-fan.org> 1.3.3g-4
- Fix support for 8192-bit DH parameters (#1044586)
- Add 3072-bit and 7680-bit DH parameters (upstream bug 4002)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1044586 - proftpd does not ship 8192 bit dh parameter
https://bugzilla.redhat.com/show_bug.cgi?id=1044586
--------------------------------------------------------------------------------
================================================================================
trustedqsl-2.0.1-1.el6 (FEDORA-EPEL-2013-12449)
TrustedQSL ham-radio applications
--------------------------------------------------------------------------------
Update Information:
- Update to version 2.0.1.
- Add conditionals for EPEL-6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1013145 - trustedqsl-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1013145
[ 2 ] Bug #991687 - [abrt] trustedqsl-1.13-4.fc18: _M_data: Process /usr/bin/tqsl was
killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=991687
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2013.12.17.2-1.el6 (FEDORA-EPEL-2013-12455)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Just sync of EL-6 package with Rawhide.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 19 2013 Christopher Meng <rpm(a)cicku.me> - 2013.12.17.2-1
- Update to 2013.12.17.2
* Tue Dec 3 2013 Christopher Meng <rpm(a)cicku.me> - 2013.12.09.4-1
- Update to 2013.12.09.4
* Tue Dec 3 2013 Christopher Meng <rpm(a)cicku.me> - 2013.12.04-1
- Update to 2013.12.04
* Tue Dec 3 2013 Christopher Meng <rpm(a)cicku.me> - 2013.12.02-1
- Update to 2013.12.02
--------------------------------------------------------------------------------