The following Fedora EPEL 6 Security updates need testing: Age URL 519 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 38 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-3.7... 33 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21... 14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11499/roundcubemail... 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11507/tinyproxy-1.8... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11525/moodle-2.4.6-... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11556/openstack-swi... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11552/glpi-0.83.9.1... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11579/proftpd-1.3.3... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11585/Django14-1.4.... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11598/wordpress-3.6... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11626/seamonkey-2.2... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11666/xpdf-3.03-8.e... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11672/ReviewBoard-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11639/gridsite-2.0....

The following builds have been pushed to Fedora EPEL 6 updates-testing

ReviewBoard-1.7.14-1.el6 gridsite-2.0.4-2.el6 php-bartlett-PHP-CompatInfo-2.23.1-1.el6 php-bartlett-PHP-Reflect-1.8.1-1.el6 python-djblets-0.7.18-1.el6 safekeep-1.4.2-3.el6 xpdf-3.03-8.el6.1

Details about builds:

================================================================================ ReviewBoard-1.7.14-1.el6 (FEDORA-EPEL-2013-11672) Web-based code review tool -------------------------------------------------------------------------------- Update Information:

* Mon Sep 23 2013 Stephen Gallagher sgallagh@redhat.com - 1.7.14-1 - New upstream security release 1.7.14 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/ - Some API resources were accessible even if their parent resources were not, due to a missing check. In most cases, this was harmless, but it can affect those using access control on groups or review requests. -------------------------------------------------------------------------------- ChangeLog:

* Mon Sep 23 2013 Stephen Gallagher sgallagh@redhat.com - 1.7.14-1 - New upstream security release 1.7.14 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/ - Some API resources were accessible even if their parent resources were not, due to a missing check. In most cases, this was harmless, but it can affect those using access control on groups or review requests. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1008423 - ReviewBoard-1.7.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1008423 --------------------------------------------------------------------------------

================================================================================ gridsite-2.0.4-2.el6 (FEDORA-EPEL-2013-11639) Grid Security for the Web, Web platforms for Grids -------------------------------------------------------------------------------- Update Information:

* New upstream version 2.0.4. * A new package gridsite1.7-compat is added to maintain binary compatibility.

- ==== GridSite version 2.0.4 ==== * Mon Jan 21 2013 Zdeněk Šustr sustr4@cesnet.cz * When constructing a list of FQANs, a reference to the proxy is stored in the chain that contains the attribute (GGUS #79096) * Avoid looking up remote IP, it is available in the Apache context * Flapping yum update fixed - ==== GridSite version 2.0.3 ==== * Wed Nov 14 2012 Zdeněk Šustr sustr4@cesnet.cz - Segmentation fault in htproxyput fixed (occurred if run by non-root) - ==== GridSite version 2.0.2 ==== * Tue Nov 06 2012 Zdeněk Šustr sustr4@cesnet.cz - Certificates made available in the GRST structure - ==== GridSite version 2.0.1 ==== * Fri Oct 22 2012 František Dvořák valtri@civ.zcu.cz - one more update of the packaging for Debian * Fri Oct 19 2012 František Dvořák valtri@civ.zcu.cz - update of the packaging for Debian due to major version bump - add DESTDIR to install target * Thu Oct 18 2012 František Dvořák valtri@civ.zcu.cz - fix packaging for SL6 and Fedora (curl-devel -> libcurl-devel) - big library versions cleanup, using libtool to compile and link - ==== GridSite version 2.0.0 ==== * Wed Oct 17 2012 Marcel Poul marcel.poul@cern.ch - Internals rewritten to use caNl * Wed Oct 17 2012 František Dvořák valtri@civ.zcu.cz

-------------------------------------------------------------------------------- ChangeLog:

* Mon Sep 23 2013 Steve Traylen steve.traylen@cern.ch - 2.0.4-2 - Correct package interdependencies. * Thu Sep 19 2013 Steve Traylen steve.traylen@cern.ch - 2.0.4-1 - Upstream to 2.0.4, gridsite1.7-compat added. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #965532 - gridsite package should be built with PIE flags https://bugzilla.redhat.com/show_bug.cgi?id=965532 --------------------------------------------------------------------------------

================================================================================ php-bartlett-PHP-CompatInfo-2.23.1-1.el6 (FEDORA-EPEL-2013-11673) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information:

Upstream Changelog

PHP_CompatInfo Version 2.23.1 (2013-09-23)

Bug fixes: * GH-101: about json constants and pdf function in unit tests (Thanks to Remi Collet)

PHP_CompatInfo Version 2.23.0 (2013-09-19)

Additions and changes: * add both support to PHP 5.4.20 and 5.5.4 * add 3 new extensions: htscanner, PDFlib, Rar * update APCu reference to 4.0.2 * update pthreads reference to 0.0.45 * introduces an experimental DYN lazy loader references ( NOT YET OPERATIONAL, missing rules implementations ) * drop support of PHP4 reference * drop support of PHP 5.2

PHP_Reflect Version 1.8.1 (2013-09-23)

Bug fixes: * avoid wrong namespace detection if source code used a class property named namespace: $this→namespace (Thanks to Remi Collet to notice me a strong behavior in class report)

PHP_Reflect Version 1.8.0 (2013-09-19)

Additions and changes: * Latest version of branch 1.x * Little memory usage optimisation : tokens list are not kept after source parsing. * visibility property for class method parsing was added by default.

-------------------------------------------------------------------------------- ChangeLog:

* Mon Sep 23 2013 Remi Collet remi@fedoraproject.org - 2.23.1-1 - Update to 2.23.1 - raise dependencies: PHP 5.3.0, PHP_Reflect 1.8.0 (and < 2) --------------------------------------------------------------------------------

================================================================================ php-bartlett-PHP-Reflect-1.8.1-1.el6 (FEDORA-EPEL-2013-11673) Adds the ability to reverse-engineer PHP -------------------------------------------------------------------------------- Update Information:

Upstream Changelog

PHP_CompatInfo Version 2.23.1 (2013-09-23)

Bug fixes: * GH-101: about json constants and pdf function in unit tests (Thanks to Remi Collet)

PHP_CompatInfo Version 2.23.0 (2013-09-19)

Additions and changes: * add both support to PHP 5.4.20 and 5.5.4 * add 3 new extensions: htscanner, PDFlib, Rar * update APCu reference to 4.0.2 * update pthreads reference to 0.0.45 * introduces an experimental DYN lazy loader references ( NOT YET OPERATIONAL, missing rules implementations ) * drop support of PHP4 reference * drop support of PHP 5.2

PHP_Reflect Version 1.8.1 (2013-09-23)

Bug fixes: * avoid wrong namespace detection if source code used a class property named namespace: $this→namespace (Thanks to Remi Collet to notice me a strong behavior in class report)

PHP_Reflect Version 1.8.0 (2013-09-19)

Additions and changes: * Latest version of branch 1.x * Little memory usage optimisation : tokens list are not kept after source parsing. * visibility property for class method parsing was added by default.

-------------------------------------------------------------------------------- ChangeLog:

* Mon Sep 23 2013 Remi Collet remi@fedoraproject.org - 1.8.1-1 - Update to 1.8.1 --------------------------------------------------------------------------------

================================================================================ python-djblets-0.7.18-1.el6 (FEDORA-EPEL-2013-11672) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information:

* Mon Sep 23 2013 Stephen Gallagher sgallagh@redhat.com - 1.7.14-1 - New upstream security release 1.7.14 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/ - Some API resources were accessible even if their parent resources were not, due to a missing check. In most cases, this was harmless, but it can affect those using access control on groups or review requests. -------------------------------------------------------------------------------- ChangeLog:

* Mon Sep 23 2013 Stephen Gallagher sgallagh@redhat.com - 0.7.18-1 - New upstream security release 0.7.18 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.18.NEWS - Web API resource lists are now more careful about access permissions. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1008423 - ReviewBoard-1.7.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1008423 --------------------------------------------------------------------------------

================================================================================ safekeep-1.4.2-3.el6 (FEDORA-EPEL-2013-11671) The SafeKeep backup system -------------------------------------------------------------------------------- Update Information:

Added missing requirement on crontabs to spec file -------------------------------------------------------------------------------- ChangeLog:

* Sun Sep 22 2013 Jóhann B. Guðmundsson johannbg@fedoraproject.org - 1.4.2-3 - Add a missing requirement on crontabs to spec file * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #989113 - Add a missing requirement on crontabs for the cron job to the spec file https://bugzilla.redhat.com/show_bug.cgi?id=989113 --------------------------------------------------------------------------------

================================================================================ xpdf-3.03-8.el6.1 (FEDORA-EPEL-2013-11666) A PDF file viewer for the X Window System -------------------------------------------------------------------------------- Update Information:

Fix CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error messages -------------------------------------------------------------------------------- ChangeLog:

* Sun Sep 22 2013 Tom Callaway spot@fedoraproject.org - 1:3.03-8.1 - rhel still needs pdfdetach in xpdf * Sun Sep 22 2013 Tom Callaway spot@fedoraproject.org - 1:3.03-8 - fix CVE-2012-2142 - fix issue with icon name in .desktop file (except on el5) * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:3.03-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sun Feb 10 2013 Parag Nemade <paragn AT fedoraproject DOT org> - 1:3.03-6 - Remove vendor tag from desktop file as per https://fedorahosted.org/fesco/ticket/1077 * Wed Nov 14 2012 Tom Callaway spot@fedoraproject.org - 1:3.03-5 - fix desktop file to invoke xpdf with a file param (bz874644) * Sun Jul 22 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:3.03-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri May 25 2012 Tom Callaway spot@fedoraproject.org - 1:3.03-3 - drop pdfdetach, poppler-utils has it now * Sat Jan 14 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:3.03-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Aug 22 2011 Tom Callaway spot@fedoraproject.org - 1:3.03-1 - update to 3.03 * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:3.02-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Jan 21 2011 Tom Callaway spot@fedoraproject.org - 1:3.02-17 - Added pdftoppm for el5 or older, since it is not included in poppler-utils on el5 - Thanks to Ingvar Hagelund. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #789936 - CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error messages https://bugzilla.redhat.com/show_bug.cgi?id=789936 --------------------------------------------------------------------------------