The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0835/asterisk-1.8.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0928/libpng10-1.0.5... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0929/drupal7-ctools... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0349/bugzilla-3.4.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0927/openstack-nova... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0921/trytond-1.8.6-... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0850/drupal6-date-2... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0763/php-pear-CAS-1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0795/nginx-1.0.14-1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0916/openstack-keys... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribbl...
The following builds have been pushed to Fedora EPEL 6 updates-testing
ddclient-3.8.1-1.el6 drupal7-ctools-1.0-1.el6 gambit-c-4.6.5-1.el6 gtk-chtheme-0.3.1-11.el6 keepalived-1.2.2-3.el6 libpng10-1.0.59-1.el6 msktutil-0.4.1-1.el6 opendnssec-1.4.0-0.a1.el6.2 openscada-0.7.2-4.el6 openstack-keystone-2012.1-0.12.rc1.el6 openstack-nova-2011.3.1-8.el6 python-eventlet-0.9.16-5.el6 python-keystoneclient-2012.1-0.5.e4.el6 python-requests-0.10.6-3.el6 relevation-1.1-3.el6 rubygem-dynect_rest-0.4.1-1.el6 trytond-1.8.6-1.el6
Details about builds:
================================================================================ ddclient-3.8.1-1.el6 (FEDORA-EPEL-2012-0926) Client to update dynamic DNS host entries -------------------------------------------------------------------------------- Update Information:
New upstream, bugfix release. -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 29 2012 Jon Ciesla limburgher@gmail.com - 3.8.1-1 - Latest upstream, BZ 720627. * Thu Feb 10 2011 Robert Scheck robert@fedoraproject.org 3.8.0-4 - Replaced Requires(hint) by Requires as RPM 4.9 dropped support * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #720627 - ddclient-3.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=720627 --------------------------------------------------------------------------------
================================================================================ drupal7-ctools-1.0-1.el6 (FEDORA-EPEL-2012-0929) This suite is primarily a set of APIs and tools for other Drupal modules -------------------------------------------------------------------------------- Update Information:
Update to upstream release 1.0, including fix for SA-CONTRIB-2012-054 -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 29 2012 Jared Smith jsmith@fedoraproject.org - 1.0-1 - Update to upstream 1.0 release * Wed Mar 28 2012 Jared Smith jsmith@fedoraproject.org - 1.0-0.2.rc2 - Update to upstream rc2 release * Fri Jan 13 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0-0.2.rc1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #808002 - Drupal's ctools 7.x-1.0 module has been released https://bugzilla.redhat.com/show_bug.cgi?id=808002 --------------------------------------------------------------------------------
================================================================================ gambit-c-4.6.5-1.el6 (FEDORA-EPEL-2012-0920) Scheme programming system -------------------------------------------------------------------------------- Update Information:
- Latest upstream release - [EPEL6] ppc64 target is temporarily disable, broken since 4.6.4 -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 29 2012 Michel Salim salimma@fedoraproject.org - 4.6.5-1 - Update to 4.6.5 - Drop termite subpackages, they have been disabled for many releases - Disable ppc64 target for now; broken since 4.6.4 * Wed Feb 15 2012 Michel Salim salimma@fedoraproject.org - 4.6.4-1 - Update to 4.6.4 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #790373 - gambit-c-4.6.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=790373 --------------------------------------------------------------------------------
================================================================================ gtk-chtheme-0.3.1-11.el6 (FEDORA-EPEL-2012-0938) Gtk+ 2.0 theme preview and selection made slick -------------------------------------------------------------------------------- Update Information:
Built for epel-6. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #604501 - Review Request: gtk-chtheme - Gtk+ 2.0 theme preview and selection made slick https://bugzilla.redhat.com/show_bug.cgi?id=604501 --------------------------------------------------------------------------------
================================================================================ keepalived-1.2.2-3.el6 (FEDORA-EPEL-2012-0922) High Availability monitor built upon LVS, VRRP and service pollers -------------------------------------------------------------------------------- Update Information:
Fix IPv4 address comparison. -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 20 2012 Ryan O'Hara rohara@redhat.com 1.2.2-3 - Fix IPv4 address comparison (#768119). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #768119 - keepalived reload does not remove real server https://bugzilla.redhat.com/show_bug.cgi?id=768119 --------------------------------------------------------------------------------
================================================================================ libpng10-1.0.59-1.el6 (FEDORA-EPEL-2012-0928) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information:
This update includes a fix for a potential memory corruption issue (CVE-2011-3048). -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 29 2012 Paul Howarth paul@city-fan.org 1.0.59-1 - update to 1.0.59 - revised png_set_text_2() to avoid potential memory corruption (CVE-2011-3048) - prevent PNG_EXPAND+PNG_SHIFT doing the shift twice -------------------------------------------------------------------------------- References:
[ 1 ] Bug #808139 - CVE-2011-3048 libpng: memory corruption flaw https://bugzilla.redhat.com/show_bug.cgi?id=808139 --------------------------------------------------------------------------------
================================================================================ msktutil-0.4.1-1.el6 (FEDORA-EPEL-2012-0939) Program for interoperability with Active Directory -------------------------------------------------------------------------------- Update Information:
New package. Msktutil is a program for interoperability with Active Directory that can:
* Create a computer account in Active Directory * Create a system Kerberos keytab * Add and remove principals to and from that keytab * Change the computer account's password
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #713313 - Review Request: msktutil - Program for interoperability with Active Directory https://bugzilla.redhat.com/show_bug.cgi?id=713313 --------------------------------------------------------------------------------
================================================================================ opendnssec-1.4.0-0.a1.el6.2 (FEDORA-EPEL-2012-0930) DNSSEC key and zone management software -------------------------------------------------------------------------------- Update Information:
Initial release of opendnssec for EL6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #711899 - Review Request: opendnssec - DNSSEC key and zone management software https://bugzilla.redhat.com/show_bug.cgi?id=711899 --------------------------------------------------------------------------------
================================================================================ openscada-0.7.2-4.el6 (FEDORA-EPEL-2012-0923) Open SCADA system project -------------------------------------------------------------------------------- Update Information:
Rebuild for CentOs 6.x -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 14 2012 Aleksey Popkov aleksey@oscada.org - 0.7.2-4 - Rebuild for Centos 6.x * Thu Dec 8 2011 Aleksey Popkov aleksey@oscada.org - 0.7.2-3 - Fixed of source code for build on the el5. - Fixed of Source0 and Source1 directives. - Some cosmetics. * Thu Dec 8 2011 Aleksey Popkov aleksey@oscada.org - 0.7.2-2 - Some cosmetics. --------------------------------------------------------------------------------
================================================================================ openstack-keystone-2012.1-0.12.rc1.el6 (FEDORA-EPEL-2012-0916) OpenStack Identity Service -------------------------------------------------------------------------------- Update Information:
Update from Diablo to Essex RC1!
-------------------------------------------------------------------------------- ChangeLog:
* Sat Mar 24 2012 Alan Pevec apevec@redhat.com 2012.1-0.12.rc1 - upate to final essex rc1 * Wed Mar 21 2012 Alan Pevec apevec@redhat.com 2012.1-0.11.rc1 - essex rc1 * Thu Mar 8 2012 Alan Pevec apevec@redhat.com 2012.1-0.10.e4 - change default catalog backend to sql rhbz#800704 - update sample-data script - add missing keystoneclient dependency * Thu Mar 1 2012 Alan Pevec apevec@redhat.com 2012.1-0.9.e4 - essex-4 milestone - change default database to mysql - switch all backends to sql - separate library to python-keystone -------------------------------------------------------------------------------- References:
[ 1 ] Bug #807346 - CVE-2012-1572 openstack-keystone: extremely long passwords can crash Keystone [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=807346 --------------------------------------------------------------------------------
================================================================================ openstack-nova-2011.3.1-8.el6 (FEDORA-EPEL-2012-0927) OpenStack Compute (nova) -------------------------------------------------------------------------------- Update Information:
CVE-2012-1585: Long server names grow nova-api log files significantly -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 29 2012 Pádraig Brady P@draigBrady.com - 2011.3.1-8 - Remove the dependency on the not yet available dnsmasq-utils * Thu Mar 29 2012 Russell Bryant rbryant@redhat.com - 2011.3.1-7 - CVE-2012-1585 - Long server names grow nova-api log files significantly - Resolves: rhbz#808148 * Mon Mar 26 2012 Mark McLoughlin markmc@redhat.com - 2011.3.1-6 - Avoid killing dnsmasq on network service shutdown (#805947) * Tue Mar 6 2012 Pádraig Brady P@draigBrady.com - 2011.3.1-5 - Require bridge-utils * Mon Feb 13 2012 Pádraig Brady P@draigBrady.com - 2011.3.1-4 - Support --force_dhcp_release (#788485) * Fri Jan 27 2012 Pádraig Brady P@draigBrady.com - 2011.3.1-3 - Suppress erroneous output to stdout on package install (#785115) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #808148 - CVE-2012-1585 openstack-nova: Long server names grow nova-api log files significantly [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=808148 --------------------------------------------------------------------------------
================================================================================ python-eventlet-0.9.16-5.el6 (FEDORA-EPEL-2012-0932) Highly concurrent networking library -------------------------------------------------------------------------------- Update Information:
Fixes resource leak -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 27 2012 Pádraig Brady <P@draigBrady.com - 0.9.16-5 - Update patch to avoid leak of _DummyThread objects * Wed Feb 29 2012 Pádraig Brady <P@draigBrady.com - 0.9.16-4 - Apply a patch to avoid leak of _DummyThread objects --------------------------------------------------------------------------------
================================================================================ python-keystoneclient-2012.1-0.5.e4.el6 (FEDORA-EPEL-2012-0918) Python API and CLI for OpenStack Keystone -------------------------------------------------------------------------------- Update Information:
This is required by the recent essex update for openstack-keystone (specifically the openstack-keystone-sample-data script) --------------------------------------------------------------------------------
================================================================================ python-requests-0.10.6-3.el6 (FEDORA-EPEL-2012-0919) HTTP library, written in Python, for human beings -------------------------------------------------------------------------------- Update Information:
python-requests on EPEL6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #730570 - Review Request: python-requests - Python HTTP library for Humans https://bugzilla.redhat.com/show_bug.cgi?id=730570 --------------------------------------------------------------------------------
================================================================================ relevation-1.1-3.el6 (FEDORA-EPEL-2012-0924) Command-line search for Revelation Password Manager files -------------------------------------------------------------------------------- Update Information:
Fix missing package requirement, which could result in the program failing to run. Initial Fedora package release. Initial Fedora package release. Initial Fedora package release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #807335 - relevation requires python-lxml ??? https://bugzilla.redhat.com/show_bug.cgi?id=807335 --------------------------------------------------------------------------------
================================================================================ rubygem-dynect_rest-0.4.1-1.el6 (FEDORA-EPEL-2012-0935) Dynect REST API library -------------------------------------------------------------------------------- Update Information:
Upstream update to 0.4.1 -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 29 2012 Russell Harrison rharriso@redhat.com 0.4.1-1 - Update to 0.4.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #808020 - rubygem-dynect_rest-0.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=808020 --------------------------------------------------------------------------------
================================================================================ trytond-1.8.6-1.el6 (FEDORA-EPEL-2012-0921) Server for the Tryton application framework -------------------------------------------------------------------------------- Update Information:
update for CVE-2012-0215 -------------------------------------------------------------------------------- ChangeLog:
* Fri Mar 30 2012 Dan Horák dan@danny.cz - 1.8.6-1 - new upstream version 1.8.6 (CVE-2012-0215) --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org
-
updates@fedoraproject.org