The following Fedora EPEL 6 Security updates need testing:
Age URL
681
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
111
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-...
28
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
23
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-clien...
16
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0536/drupal6-cto...
16
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0538/drupal7-cto...
16
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0535/drupal6-ima...
16
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0567/drupal6-fil...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0644/easy-rsa-2....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0653/perl-CGI-Ap...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0700/v8-3.14.5.1...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0695/mod_auth_sh...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0730/php-sabre-d...
The following builds have been pushed to Fedora EPEL 6 updates-testing
ReviewBoard-1.7.22-1.el6
nf3d-0.8-2.el6
nodejs-asap-1.0.0-1.el6
opari2-1.1.2-3.el6
Details about builds:
================================================================================
ReviewBoard-1.7.22-1.el6 (FEDORA-EPEL-2014-0739)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
- New upstream security release 1.7.22
-
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.22/
- Security Fixes:
* An XSS vulnerability was found in the Search field's auto-complete.
- New Features:
* Added support for anonymous access to public Local Sites.
* Added support for parallel-installed versions of Django.
- API Changes:
* The documentation for Review Group Resource no longer says that review groups cannot
be created through the API.
- Bug Fixes:
* Install/Upgrade:
* Fixed compatibility with Apache 2.4's method for authorization in newly
generated config files.
* Fixed an issue on some configurations where loading in initial schema data for the
database would fail
* rb-site upgrade --all-sites no longer throws an error if there are no valid sites
configured.
* Administration:
* Administrators now have access to all repositories, instead of just public ones or
ones they're a member of.
* Repositories backed by paths that no longer exist can now be hidden.
* Fixed creating groups and repositories that had conflicting "unique"
fields.
* Password fields no longer appear blank when they have a value in forms.
* Setting https in the server URL now properly marks the server as using HTTPS. All
URLs generated for the API and e-mails will include https instead of http.
* Fixed incorrect labelling for the review request status graph in the Admin
dashboard.
* LDAP:
* Usernames, passwords, and other information are properly encoded to UTF-8 before
authenticating.
* Users without e-mail addresses in LDAP no longer break when first authenticating.
* Dashboard:
* Fixed support for accessing watched groups through the Dashboard.
* Repositories:
* Copied files in Git diffs no longer results in File Not Found errors, and properly
handles showing the state much like moved files.
* Added better compatibility with Mercurial repository when accessing hg-history URLs,
when the server name didn't contain a trailing slash.
* Added better CVS compatibility for repositories that don’t contain
CVSROOT/modules.
* Fixed issues with Clear Case in multi-site mode when OIDs weren't yet available
on the server.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 3 2014 Stephen Gallagher <sgallagh(a)redhat.com> 1.7.22-1
- New upstream security release 1.7.22
-
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.22/
- Security Fixes:
* An XSS vulnerability was found in the Search field's auto-complete.
- New Features:
* Added support for anonymous access to public Local Sites.
* Added support for parallel-installed versions of Django.
- API Changes:
* The documentation for Review Group Resource no longer says that review
groups cannot be created through the API.
- Bug Fixes:
* Install/Upgrade:
* Fixed compatibility with Apache 2.4's method for authorization in newly
generated config files.
* Fixed an issue on some configurations where loading in initial schema
data for the database would fail
* rb-site upgrade --all-sites no longer throws an error if there are no
valid sites configured.
* Administration:
* Administrators now have access to all repositories, instead of just
public ones or ones they're a member of.
* Repositories backed by paths that no longer exist can now be hidden.
* Fixed creating groups and repositories that had conflicting "unique"
fields.
* Password fields no longer appear blank when they have a value in forms.
* Setting https in the server URL now properly marks the server as using
HTTPS. All URLs generated for the API and e-mails will include https
instead of http.
* Fixed incorrect labelling for the review request status graph in the
Admin dashboard.
* LDAP:
* Usernames, passwords, and other information are properly encoded to UTF-8
before authenticating.
* Users without e-mail addresses in LDAP no longer break when first
authenticating.
* Dashboard:
* Fixed support for accessing watched groups through the Dashboard.
* Repositories:
* Copied files in Git diffs no longer results in File Not Found errors, and
properly handles showing the state much like moved files.
* Added better compatibility with Mercurial repository when accessing
hg-history URLs, when the server name didn't contain a trailing slash.
* Added better CVS compatibility for repositories that don’t contain
CVSROOT/modules.
* Fixed issues with Clear Case in multi-site mode when OIDs weren’t yet
available on the server.
* Fri Feb 21 2014 Stephen Gallagher <sgallagh(a)redhat.com> 1.7.21-5
- Require patched version of Djblets to handle requires.txt
* Fri Feb 21 2014 Stephen Gallagher <sgallagh(a)redhat.com> 1.7.21-4
- Fix mimeparse requirement
* Fri Feb 21 2014 Stephen Gallagher <sgallagh(a)redhat.com> 1.7.21-3
- Support parallel-installable python-django14 package
* Mon Jan 27 2014 Stephen Gallagher <sgallagh(a)redhat.com> 1.7.21-2
- Fix apache configuration to support new authorization directive
--------------------------------------------------------------------------------
================================================================================
nf3d-0.8-2.el6 (FEDORA-EPEL-2014-0740)
3D Netfilter visualization utility
--------------------------------------------------------------------------------
Update Information:
Add missing Requires:
Requires: PyGreSQL
Requires: python-configobj
Requires: python-visual
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 3 2014 Christopher Meng <rpm(a)cicku.me> - 0.8-2
- Add missing dependencies.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1071552 - [abrt] nf3d: nf3d:23:<module>:ImportError: No module named
pg
https://bugzilla.redhat.com/show_bug.cgi?id=1071552
--------------------------------------------------------------------------------
================================================================================
nodejs-asap-1.0.0-1.el6 (FEDORA-EPEL-2014-0738)
High-priority task queue for Node.js and browser
--------------------------------------------------------------------------------
Update Information:
initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1071670 - Review Request: nodejs-asap - High-priority task queue for Node.js
and browser
https://bugzilla.redhat.com/show_bug.cgi?id=1071670
--------------------------------------------------------------------------------
================================================================================
opari2-1.1.2-3.el6 (FEDORA-EPEL-2014-0737)
An OpenMP runtime performance measurement instrumenter
--------------------------------------------------------------------------------
Update Information:
OPARI2 is a source-to-source instrumentation tool for OpenMP and hybrid codes. It
surrounds OpenMP directives and runtime library calls with calls to the POMP2 measurement
interface.
OPARI2 will provide you with a new initialization method that allows for multi-directory
and parallel builds as well as the usage of pre-instrumented libraries. Furthermore, an
efficient way of tracking parent-child relationships was added. Additionally, we extended
OPARI2 to support instrumentation of OpenMP 3.0 tied tasks.
--------------------------------------------------------------------------------