The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5944/python-torn...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5854/perl-Config...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5955/socat-1.7.2...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gri...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5960/moodle-2.1....
The following builds have been pushed to Fedora EPEL 6 updates-testing
erlang-gen_leader-1.0-1.el6
gitolite3-3.03-1.el6
ldns-1.6.13-1.el6
moodle-2.1.6-1.el6
rubygem-aws-sdk-1.4.1-1.el6
rubygem-aws-sdk-1.4.1-2.el6
socat-1.7.2.1-1.el6
zeroinstall-injector-1.8-1.el6
Details about builds:
================================================================================
erlang-gen_leader-1.0-1.el6 (FEDORA-EPEL-2012-5957)
A leader election behavior modeled after gen_server
--------------------------------------------------------------------------------
Update Information:
* First stable release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 22 2012 Peter Lemenkov <lemenkov(a)gmail.com> - 1.0-1
- Ver. 1.0
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0-0.4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0-0.3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
gitolite3-3.03-1.el6 (FEDORA-EPEL-2012-5954)
Highly flexible server for git directory version tracker
--------------------------------------------------------------------------------
Update Information:
3.03.
New upstream.
New package for gitolite 3.01.
New package for gitolite 3.01.
New package for gitolite 3.01.
New upstream.
New package for gitolite 3.01.
New package for gitolite 3.01.
New package for gitolite 3.01.
New upstream.
New package for gitolite 3.01.
New package for gitolite 3.01.
New package for gitolite 3.01.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #821838 - Review Request: gitolite3 - Highly flexible server for git directory
version tracker
https://bugzilla.redhat.com/show_bug.cgi?id=821838
--------------------------------------------------------------------------------
================================================================================
ldns-1.6.13-1.el6 (FEDORA-EPEL-2012-5956)
Lowlevel DNS(SEC) library with API
--------------------------------------------------------------------------------
Update Information:
Various minor bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 21 2012 Paul Wouters <pwouters(a)redhat.com> - 1.6.13-1
- Upgraded to 1.6.13, bugfix release
- Added --disable-ecdsa as ECC is still banned
- Removed --with-sha2 - it is always enabled and option was removed
--------------------------------------------------------------------------------
================================================================================
moodle-2.1.6-1.el6 (FEDORA-EPEL-2012-5960)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
CVE-2012-2353 MSA-12-0024: Hidden information access issue
CVE-2012-2354 MSA-12-0025: Personal communication access issue
CVE-2012-2355 MSA-12-0026: Quiz capability issue
CVE-2012-2356 MSA-12-0027: Question bank capability issues
CVE-2012-2357 MSA-12-0028: Insecure authentication issue
CVE-2012-2358 MSA-12-0029: Information editing access issue
CVE-2012-2359 MSA-12-0030: Capability manipulation issue
CVE-2012-2360 MSA-12-0031: Cross-site scripting vulnerability in Wiki
CVE-2012-2361 MSA-12-0032: Cross-site scripting vulnerability in Web services
CVE-2012-2362 MSA-12-0033: Cross-site scripting vulnerability in Blog
CVE-2012-2363 MSA-12-0034: Potential SQL injection issue
CVE-2012-2364 MSA-12-0035: Cross-site scripting vulnerability in "download all"
CVE-2012-2365 MSA-12-0036: Cross-site scripting vulnerability in category identifier
CVE-2012-2366 MSA-12-0037: Write access issue in Database activity module
CVE-2012-2367 MSA-12-0038: Calendar event write permission issue
Correct CAS unbundling.
Drop bundled language packs.
New upstreams, multiple vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 23 2012 Jon Ciesla <limburgher(a)gmail.com> - 2.1.6-1
- 2.1.6, security fixes, BZ 824482.
* Thu May 10 2012 Jon Ciesla <limburgher(a)gmail.com> - 2.1.5-3
- Fixed CAS unbundling per rcollet.
* Wed May 9 2012 Jon Ciesla <limburgher(a)gmail.com> - 2.1.5-2
- Dropped bundled language packs, BZ 748958.
* Mon Apr 2 2012 Jon Ciesla <limburgher(a)gmail.com> - 2.1.5-1
- New upstream, BZ 809227.
--------------------------------------------------------------------------------
================================================================================
rubygem-aws-sdk-1.4.1-1.el6 (FEDORA-EPEL-2012-5952)
AWS SDK for Ruby
--------------------------------------------------------------------------------
Update Information:
Update rubygem-aws-sdk in EPEL to latest version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 23 2012 Brett Lentz <blentz(a)redhat.com> - 1.4.1-1
- Upstream release 1.4.1
* Thu Mar 15 2012 Brett Lentz <blentz(a)redhat.com> - 1.3.7-1
- Upstream release 1.3.7
--------------------------------------------------------------------------------
================================================================================
rubygem-aws-sdk-1.4.1-2.el6 (FEDORA-EPEL-2012-5953)
AWS SDK for Ruby
--------------------------------------------------------------------------------
Update Information:
Updated aws-sdk for el6
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 23 2012 Brett Lentz <blentz(a)redhat.com> - 1.4.1-2
- Re-add dropped patch to fix nokogiri deps.
* Wed May 23 2012 Brett Lentz <blentz(a)redhat.com> - 1.4.1-1
- Upstream release 1.4.1
* Thu Mar 15 2012 Brett Lentz <blentz(a)redhat.com> - 1.3.7-1
- Upstream release 1.3.7
--------------------------------------------------------------------------------
================================================================================
socat-1.7.2.1-1.el6 (FEDORA-EPEL-2012-5955)
Bidirectional data relay between two data channels ('netcat++')
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2012-0219 heap-based buffer overflow
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 23 2012 Paul Wouters <pwouters(a)redhat.com> - 1.7.2.1-1
- Updated to 1.7.2.1 for CVE-2012-0219, rhbz#821554, rhbz#821688
- Remove patch merged upstream
- Remove --disable-fips from configure
- Added socat-1.7.2.1-errqueue.patch
--------------------------------------------------------------------------------
================================================================================
zeroinstall-injector-1.8-1.el6 (FEDORA-EPEL-2012-5959)
The Zero Install Injector (0launch)
--------------------------------------------------------------------------------
Update Information:
Latest upstream release; see
http://article.gmane.org/gmane.comp.file-systems.zero-install.devel/5866
for details.
New features:
- Warn about replaced interfaces in "0install update".
- Attempting to create an alias to a replaced interface uses the replacement.
- Allow <command> inside <package-implementation>.
Many bug fixes; see
http://article.gmane.org/gmane.comp.file-systems.zero-install.devel/5493 for details
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 23 2012 Michel Salim <salimma(a)fedoraproject.org> - 1.8-1
- Update to 1.8
* Tue Apr 24 2012 Michel Salim <salimma(a)fedoraproject.org> - 1.7-1
- Update to 1.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #789695 - zeroinstall-injector-1.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=789695
--------------------------------------------------------------------------------