The following Fedora EPEL 6 Security updates need testing: Age URL 519 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.... 38 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-... 33 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61... 14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11499/roundcubem... 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11507/tinyproxy-... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11525/moodle-2.4... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11556/openstack-... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11552/glpi-0.83.... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11579/proftpd-1.... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11585/Django14-1... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11598/wordpress-... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11626/seamonkey-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11666/xpdf-3.03-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11672/ReviewBoar... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11639/gridsite-2... The following builds have been pushed to Fedora EPEL 6 updates-testing ReviewBoard-1.7.14-1.el6 gridsite-2.0.4-2.el6 php-bartlett-PHP-CompatInfo-2.23.1-1.el6 php-bartlett-PHP-Reflect-1.8.1-1.el6 python-djblets-0.7.18-1.el6 safekeep-1.4.2-3.el6 xpdf-3.03-8.el6.1 Details about builds: ================================================================================ ReviewBoard-1.7.14-1.el6 (FEDORA-EPEL-2013-11672) Web-based code review tool -------------------------------------------------------------------------------- Update Information: * Mon Sep 23 2013 Stephen Gallagher <sgallagh(a)redhat.com&gt; - 1.7.14-1 - New upstream security release 1.7.14 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/ - Some API resources were accessible even if their parent resources were not, due to a missing check. In most cases, this was harmless, but it can affect those using access control on groups or review requests. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2013 Stephen Gallagher <sgallagh(a)redhat.com&gt; - 1.7.14-1 - New upstream security release 1.7.14 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/ - Some API resources were accessible even if their parent resources were not, due to a missing check. In most cases, this was harmless, but it can affect those using access control on groups or review requests. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1008423 - ReviewBoard-1.7.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1008423 -------------------------------------------------------------------------------- ================================================================================ gridsite-2.0.4-2.el6 (FEDORA-EPEL-2013-11639) Grid Security for the Web, Web platforms for Grids -------------------------------------------------------------------------------- Update Information: * New upstream version 2.0.4. * A new package gridsite1.7-compat is added to maintain binary compatibility. - ==== GridSite version 2.0.4 ==== * Mon Jan 21 2013 Zdeněk Šustr <sustr4(a)cesnet.cz&gt; * When constructing a list of FQANs, a reference to the proxy is stored in the chain that contains the attribute (GGUS #79096) * Avoid looking up remote IP, it is available in the Apache context * Flapping yum update fixed - ==== GridSite version 2.0.3 ==== * Wed Nov 14 2012 Zdeněk Šustr <sustr4(a)cesnet.cz&gt; - Segmentation fault in htproxyput fixed (occurred if run by non-root) - ==== GridSite version 2.0.2 ==== * Tue Nov 06 2012 Zdeněk Šustr <sustr4(a)cesnet.cz&gt; - Certificates made available in the GRST structure - ==== GridSite version 2.0.1 ==== * Fri Oct 22 2012 František Dvořák <valtri(a)civ.zcu.cz&gt; - one more update of the packaging for Debian * Fri Oct 19 2012 František Dvořák <valtri(a)civ.zcu.cz&gt; - update of the packaging for Debian due to major version bump - add DESTDIR to install target * Thu Oct 18 2012 František Dvořák <valtri(a)civ.zcu.cz&gt; - fix packaging for SL6 and Fedora (curl-devel -> libcurl-devel) - big library versions cleanup, using libtool to compile and link - ==== GridSite version 2.0.0 ==== * Wed Oct 17 2012 Marcel Poul <marcel.poul(a)cern.ch&gt; - Internals rewritten to use caNl * Wed Oct 17 2012 František Dvořák <valtri(a)civ.zcu.cz&gt; -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2013 Steve Traylen <steve.traylen(a)cern.ch&gt; - 2.0.4-2 - Correct package interdependencies. * Thu Sep 19 2013 Steve Traylen <steve.traylen(a)cern.ch&gt; - 2.0.4-1 - Upstream to 2.0.4, gridsite1.7-compat added. -------------------------------------------------------------------------------- References: [ 1 ] Bug #965532 - gridsite package should be built with PIE flags https://bugzilla.redhat.com/show_bug.cgi?id=965532 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-CompatInfo-2.23.1-1.el6 (FEDORA-EPEL-2013-11673) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information: Upstream Changelog PHP_CompatInfo Version 2.23.1 (2013-09-23) Bug fixes: * GH-101: about json constants and pdf function in unit tests (Thanks to Remi Collet) PHP_CompatInfo Version 2.23.0 (2013-09-19) Additions and changes: * add both support to PHP 5.4.20 and 5.5.4 * add 3 new extensions: htscanner, PDFlib, Rar * update APCu reference to 4.0.2 * update pthreads reference to 0.0.45 * introduces an experimental DYN lazy loader references ( NOT YET OPERATIONAL, missing rules implementations ) * drop support of PHP4 reference * drop support of PHP 5.2 PHP_Reflect Version 1.8.1 (2013-09-23) Bug fixes: * avoid wrong namespace detection if source code used a class property named namespace: $this→namespace (Thanks to Remi Collet to notice me a strong behavior in class report) PHP_Reflect Version 1.8.0 (2013-09-19) Additions and changes: * Latest version of branch 1.x * Little memory usage optimisation : tokens list are not kept after source parsing. * visibility property for class method parsing was added by default. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2013 Remi Collet <remi(a)fedoraproject.org&gt; - 2.23.1-1 - Update to 2.23.1 - raise dependencies: PHP 5.3.0, PHP_Reflect 1.8.0 (and < 2) -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-Reflect-1.8.1-1.el6 (FEDORA-EPEL-2013-11673) Adds the ability to reverse-engineer PHP -------------------------------------------------------------------------------- Update Information: Upstream Changelog PHP_CompatInfo Version 2.23.1 (2013-09-23) Bug fixes: * GH-101: about json constants and pdf function in unit tests (Thanks to Remi Collet) PHP_CompatInfo Version 2.23.0 (2013-09-19) Additions and changes: * add both support to PHP 5.4.20 and 5.5.4 * add 3 new extensions: htscanner, PDFlib, Rar * update APCu reference to 4.0.2 * update pthreads reference to 0.0.45 * introduces an experimental DYN lazy loader references ( NOT YET OPERATIONAL, missing rules implementations ) * drop support of PHP4 reference * drop support of PHP 5.2 PHP_Reflect Version 1.8.1 (2013-09-23) Bug fixes: * avoid wrong namespace detection if source code used a class property named namespace: $this→namespace (Thanks to Remi Collet to notice me a strong behavior in class report) PHP_Reflect Version 1.8.0 (2013-09-19) Additions and changes: * Latest version of branch 1.x * Little memory usage optimisation : tokens list are not kept after source parsing. * visibility property for class method parsing was added by default. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2013 Remi Collet <remi(a)fedoraproject.org&gt; - 1.8.1-1 - Update to 1.8.1 -------------------------------------------------------------------------------- ================================================================================ python-djblets-0.7.18-1.el6 (FEDORA-EPEL-2013-11672) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information: * Mon Sep 23 2013 Stephen Gallagher <sgallagh(a)redhat.com&gt; - 1.7.14-1 - New upstream security release 1.7.14 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/ - Some API resources were accessible even if their parent resources were not, due to a missing check. In most cases, this was harmless, but it can affect those using access control on groups or review requests. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2013 Stephen Gallagher <sgallagh(a)redhat.com&gt; - 0.7.18-1 - New upstream security release 0.7.18 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.18.NEWS - Web API resource lists are now more careful about access permissions. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1008423 - ReviewBoard-1.7.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1008423 -------------------------------------------------------------------------------- ================================================================================ safekeep-1.4.2-3.el6 (FEDORA-EPEL-2013-11671) The SafeKeep backup system -------------------------------------------------------------------------------- Update Information: Added missing requirement on crontabs to spec file -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 22 2013 Jóhann B. Guðmundsson <johannbg(a)fedoraproject.org&gt; - 1.4.2-3 - Add a missing requirement on crontabs to spec file * Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org&gt; - 1.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #989113 - Add a missing requirement on crontabs for the cron job to the spec file https://bugzilla.redhat.com/show_bug.cgi?id=989113 -------------------------------------------------------------------------------- ================================================================================ xpdf-3.03-8.el6.1 (FEDORA-EPEL-2013-11666) A PDF file viewer for the X Window System -------------------------------------------------------------------------------- Update Information: Fix CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error messages -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 22 2013 Tom Callaway <spot(a)fedoraproject.org&gt; - 1:3.03-8.1 - rhel still needs pdfdetach in xpdf * Sun Sep 22 2013 Tom Callaway <spot(a)fedoraproject.org&gt; - 1:3.03-8 - fix CVE-2012-2142 - fix issue with icon name in .desktop file (except on el5) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org&gt; - 1:3.03-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sun Feb 10 2013 Parag Nemade <paragn AT fedoraproject DOT org> - 1:3.03-6 - Remove vendor tag from desktop file as per https://fedorahosted.org/fesco/ticket/1077 * Wed Nov 14 2012 Tom Callaway <spot(a)fedoraproject.org&gt; - 1:3.03-5 - fix desktop file to invoke xpdf with a file param (bz874644) * Sun Jul 22 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org&gt; - 1:3.03-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri May 25 2012 Tom Callaway <spot(a)fedoraproject.org&gt; - 1:3.03-3 - drop pdfdetach, poppler-utils has it now * Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org&gt; - 1:3.03-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Aug 22 2011 Tom Callaway <spot(a)fedoraproject.org&gt; - 1:3.03-1 - update to 3.03 * Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org&gt; - 1:3.02-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Jan 21 2011 Tom Callaway <spot(a)fedoraproject.org&gt; - 1:3.02-17 - Added pdftoppm for el5 or older, since it is not included in poppler-utils on el5 - Thanks to Ingvar Hagelund. -------------------------------------------------------------------------------- References: [ 1 ] Bug #789936 - CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error messages https://bugzilla.redhat.com/show_bug.cgi?id=789936 --------------------------------------------------------------------------------