The following Fedora EPEL 6 Security updates need testing:
Age URL
811
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
158
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
143
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
52
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1471/chicken-4.8...
49
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1477/drupal7-vie...
33
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1584/python-djbl...
30
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
21
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1693/perl-Email-...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1745/mediawiki11...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1772/cacti-0.8.8...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1807/chrony-1.30...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1816/ansible-1.6...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1827/lz4-r119-1.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1832/pnp4nagios-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1782/zarafa-7.1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1889/php-ZendFra...
The following builds have been pushed to Fedora EPEL 6 updates-testing
GeoIP-1.5.1-5.el6
golang-googlecode-net-0-0.15.hg84a4013f96e0.el6
lynis-1.5.7-1.el6
nfs-ganesha-2.1.0-4.el6
php-ZendFramework-1.12.7-1.el6
python-fedmsg-meta-fedora-infrastructure-0.2.15-2.el6
wxGTK3-3.0.1-1.el6
youtube-dl-2014.07.11.3-1.el6
Details about builds:
================================================================================
GeoIP-1.5.1-5.el6 (FEDORA-EPEL-2014-1891)
Library for country/city/organization to IP address or hostname mapping
--------------------------------------------------------------------------------
Update Information:
Provide all the datafiles in geoip-lite, allowing it to be deprecated.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 6 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Feb 25 2014 Paul Howarth <paul(a)city-fan.org> - 1.5.1-4
- Add %check, so we can run tests by building using --with tests
- Update databases from upstream
* Fri Aug 2 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Jun 18 2013 Paul Howarth <paul(a)city-fan.org> - 1.5.1-2
- Properly provide all of the GeoLite databases and their IPv6 equivalents, as
per the geoip-geolite package that we're obsoleting/providing
- Provide compatibility symlinks for database files that historically had
different names in GeoIP and geoip-geolite
- Don't distribute unbundled LICENSE files, as per packaging guidelines
- Update license tag to reflect distribution of CC-BY-SA database content
- No longer try to update the databases in %post
- Maintain timestamps where possible
- Set up GeoIP.dat symlink in package and don't touch it again
- Add update6 package to update the IPv6 databases; have to use wget for this
rather than geoipupdate as the databases are still in beta
* Wed Jun 12 2013 Philip Prindeville <philipp(a)fedoraproject.org> - 1.5.1-1
- Bump to version 1.5.1
- Fix exit codes for various situations (MaxMind support #129155)
- Use versioned obsoletes/provides for geoip-geolite
- Update UTF8 patch
- Change symlink from GeoIP-initial.dat to GeoLiteCountry.dat if we had a
successful download and now have the latter file.
* Mon Jun 10 2013 Philip Prindeville <philipp(a)fedoraproject.org> - 1.5.0-7
- Annotate conflict with geoip-geolite package (#968074)
* Mon Jun 10 2013 Paul Howarth <paul(a)city-fan.org> - 1.5.0-6
- Update sub-package requires main package for geoipupdate script
* Sat Jun 8 2013 Paul Howarth <paul(a)city-fan.org> - 1.5.0-5
- Make GeoIP.dat -> GeoIP-initial.dat symlink in %install, not %post,
and don't %ghost it
- Run geoipupdate silently in %post and cron job
- Create empty database files for %ghost to work with old rpm versions
- Don't try to use noarch subpackages on old rpm versions
- Update %description to mention database updates
- Drop outdated README.Fedora
* Sat Jun 8 2013 Philip Prindeville <philipp(a)fedoraproject.org> - 1.5.0-4
- Revert ability to replace 3rd-party package
* Fri Jun 7 2013 Philip Prindeville <philipp(a)fedoraproject.org> - 1.5.0-3
- Add attributes for %ghost files
* Fri Jun 7 2013 Philip Prindeville <philipp(a)fedoraproject.org> - 1.5.0-2
- Make update subpackage be noarch.
* Fri Jun 7 2013 Philip Prindeville <philipp(a)fedoraproject.org> - 1.5.0-1
- Version bump to 1.5.0
- Have GeoIP.dat be a symlink to the real data, and install the canned
GeoIP.dat as GeoIP-initial.dat
- Change config as per Boris' instructions to use 'lite' databases which are
regularly updated.
- Add pkgconfig (.pc) file into devel subpackage
- Add cron support for refreshing the lite databases and make a separate
subpackage.
* Sun Mar 24 2013 Paul Howarth <paul(a)city-fan.org> - 1.4.8-6
- Fix config.guess and config.sub to add aarch64 support (#925403)
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.8-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Oct 22 2012 Paul Howarth <paul(a)city-fan.org> - 1.4.8-4
- libGeoIPUpdate and geoipupdate (which is linked against it) are GPL-licensed
rather than LGPL-licensed (#840896)
- Don't package generic INSTALL file (#661625)
- Kill bogus rpaths on x86_64
- Hardcode library sonames in %files list to avoid nasty surprises in the
future
- Drop %defattr, redundant since rpm 4.4
- Recode docs as UTF-8
- Don't use macros for commands
- Use tabs
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.8-3.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.8-2.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #968074 - GeoIP in collision with geoip-geolite
https://bugzilla.redhat.com/show_bug.cgi?id=968074
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-net-0-0.15.hg84a4013f96e0.el6 (FEDORA-EPEL-2014-1890)
Supplementary Go networking libraries
--------------------------------------------------------------------------------
Update Information:
don't fail on ipv6 test bz1056185
golang exclusivearch for el6+
revert golang >= 1.2 version requirement
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 0-0.15.hg84a4013f96e0
- don't fail on ipv6 test bz1056185
* Fri Jan 17 2014 Lokesh Mandvekar <lsm5(a)redhat.com> 0-0.13.hg84a4013f96e0
- golang exclusivearch for el6+
- add check
* Fri Jan 17 2014 Lokesh Mandvekar <lsm5(a)redhat.com> 0-0.12.hg84a4013f96e0
- revert golang >= 1.2 version requirement
* Wed Jan 15 2014 Lokesh Mandvekar <lsm5(a)redhat.com> 0-0.11.hg84a4013f96e0
- require golang 1.2 and up
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1056185 - go test
code.google.com/p/go.net/ipv6 test fails
https://bugzilla.redhat.com/show_bug.cgi?id=1056185
--------------------------------------------------------------------------------
================================================================================
lynis-1.5.7-1.el6 (FEDORA-EPEL-2014-1893)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
1.5.7 (2014-07-09)
New:
- Implementation of SafePerms function
- Added notification when exceptions are found
Changes:
- Fix for error_log handling in nginx
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Christopher Meng <rpm(a)cicku.me> - 1.5.7-1
- Update to 1.5.7
--------------------------------------------------------------------------------
================================================================================
nfs-ganesha-2.1.0-4.el6 (FEDORA-EPEL-2014-1887)
Ganesha NFS Server
--------------------------------------------------------------------------------
Update Information:
keep fsal .so files, implementation now uses them
static libuid2grp
add libuid2grp.so
nfs-ganesha-2.1.0 GA
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-4
- keep fsal .so files, implementation now uses them
* Tue Jul 1 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-3
- static libuid2grp
* Tue Jul 1 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-2
- add libuid2grp.so
* Mon Jun 30 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-1
- nfs-ganesha-2.1.0 GA
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0.0-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework-1.12.7-1.el6 (FEDORA-EPEL-2014-1889)
Leading open-source PHP framework
--------------------------------------------------------------------------------
Update Information:
Update to 1.12.7 fixes CVE-2014-4914 aka. ZF2014-04: Potential SQL injection in the ORDER
implementation of Zend_Db_Select
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 12 2014 Felix Kaechele <heffer(a)fedoraproject.org> - 1.12.7-1
- update to 1.12.7
- fixes
http://framework.zend.com/security/advisory/ZF2014-04 / CVE-2014-4914
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1117545 - CVE-2014-4914 Zend FrameWork: ZF2014-04: Potential SQL injection in
the ORDER implementation of Zend_Db_Select
https://bugzilla.redhat.com/show_bug.cgi?id=1117545
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.2.15-2.el6 (FEDORA-EPEL-2014-1888)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Fix edge case with github status messages.
New kerneltest processor.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.15-2
- Patch to handle github edge case.
* Thu Jul 10 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.15-1
- New kerneltest processor
- Fixes to pkgdb, coprs, elections, github, and releng.
--------------------------------------------------------------------------------
================================================================================
wxGTK3-3.0.1-1.el6 (FEDORA-EPEL-2014-1892)
GTK port of the wxWidgets GUI library
--------------------------------------------------------------------------------
Update Information:
Bump to 3.0.1 RH#1111903
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 5 2014 Jeremy Newton <alexjnewt(a)hotmail.com> - 3.0.1-1
- Bump to 3.0.1 RH#1076617
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1111903 - wxGTK3-3.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1111903
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2014.07.11.3-1.el6 (FEDORA-EPEL-2014-1886)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to 2014.07.11.3
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 12 2014 Christopher Meng <rpm(a)cicku.me> - 2014.07.11.3-1
- Update to 2014.07.11.3
--------------------------------------------------------------------------------