The following Fedora EPEL 6 Security updates need testing:
Age URL
519
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
38
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-...
33
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11499/roundcubem...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11507/tinyproxy-...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11525/moodle-2.4...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11556/openstack-...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11552/glpi-0.83....
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11579/proftpd-1....
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11585/Django14-1...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11598/wordpress-...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11626/seamonkey-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11666/xpdf-3.03-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11672/ReviewBoar...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11639/gridsite-2...
The following builds have been pushed to Fedora EPEL 6 updates-testing
ReviewBoard-1.7.14-1.el6
gridsite-2.0.4-2.el6
php-bartlett-PHP-CompatInfo-2.23.1-1.el6
php-bartlett-PHP-Reflect-1.8.1-1.el6
python-djblets-0.7.18-1.el6
safekeep-1.4.2-3.el6
xpdf-3.03-8.el6.1
Details about builds:
================================================================================
ReviewBoard-1.7.14-1.el6 (FEDORA-EPEL-2013-11672)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
* Mon Sep 23 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 1.7.14-1
- New upstream security release 1.7.14
-
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/
- Some API resources were accessible even if their parent resources were not, due to a
missing check. In most cases, this was harmless, but it can affect those using access
control on groups or review requests.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 1.7.14-1
- New upstream security release 1.7.14
-
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/
- Some API resources were accessible even if their parent resources were not,
due to a missing check. In most cases, this was harmless, but it can affect
those using access control on groups or review requests.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1008423 - ReviewBoard-1.7.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1008423
--------------------------------------------------------------------------------
================================================================================
gridsite-2.0.4-2.el6 (FEDORA-EPEL-2013-11639)
Grid Security for the Web, Web platforms for Grids
--------------------------------------------------------------------------------
Update Information:
* New upstream version 2.0.4.
* A new package gridsite1.7-compat is added to maintain binary compatibility.
- ==== GridSite version 2.0.4 ====
* Mon Jan 21 2013 Zdeněk Šustr <sustr4(a)cesnet.cz>
* When constructing a list of FQANs, a reference to the proxy is stored in the chain that
contains the attribute (GGUS #79096)
* Avoid looking up remote IP, it is available in the Apache context
* Flapping yum update fixed
- ==== GridSite version 2.0.3 ====
* Wed Nov 14 2012 Zdeněk Šustr <sustr4(a)cesnet.cz>
- Segmentation fault in htproxyput fixed (occurred if run by non-root)
- ==== GridSite version 2.0.2 ====
* Tue Nov 06 2012 Zdeněk Šustr <sustr4(a)cesnet.cz>
- Certificates made available in the GRST structure
- ==== GridSite version 2.0.1 ====
* Fri Oct 22 2012 František Dvořák <valtri(a)civ.zcu.cz>
- one more update of the packaging for Debian
* Fri Oct 19 2012 František Dvořák <valtri(a)civ.zcu.cz>
- update of the packaging for Debian due to major version bump
- add DESTDIR to install target
* Thu Oct 18 2012 František Dvořák <valtri(a)civ.zcu.cz>
- fix packaging for SL6 and Fedora (curl-devel -> libcurl-devel)
- big library versions cleanup, using libtool to compile and link
- ==== GridSite version 2.0.0 ====
* Wed Oct 17 2012 Marcel Poul <marcel.poul(a)cern.ch>
- Internals rewritten to use caNl
* Wed Oct 17 2012 František Dvořák <valtri(a)civ.zcu.cz>
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2013 Steve Traylen <steve.traylen(a)cern.ch> - 2.0.4-2
- Correct package interdependencies.
* Thu Sep 19 2013 Steve Traylen <steve.traylen(a)cern.ch> - 2.0.4-1
- Upstream to 2.0.4, gridsite1.7-compat added.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #965532 - gridsite package should be built with PIE flags
https://bugzilla.redhat.com/show_bug.cgi?id=965532
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-CompatInfo-2.23.1-1.el6 (FEDORA-EPEL-2013-11673)
Find out version and the extensions required for a piece of code to run
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog
PHP_CompatInfo Version 2.23.1 (2013-09-23)
Bug fixes:
* GH-101: about json constants and pdf function in unit tests (Thanks to Remi Collet)
PHP_CompatInfo Version 2.23.0 (2013-09-19)
Additions and changes:
* add both support to PHP 5.4.20 and 5.5.4
* add 3 new extensions: htscanner, PDFlib, Rar
* update APCu reference to 4.0.2
* update pthreads reference to 0.0.45
* introduces an experimental DYN lazy loader references ( NOT YET OPERATIONAL, missing
rules implementations )
* drop support of PHP4 reference
* drop support of PHP 5.2
PHP_Reflect Version 1.8.1 (2013-09-23)
Bug fixes:
* avoid wrong namespace detection if source code used a class property named namespace:
$this→namespace (Thanks to Remi Collet to notice me a strong behavior in class report)
PHP_Reflect Version 1.8.0 (2013-09-19)
Additions and changes:
* Latest version of branch 1.x
* Little memory usage optimisation : tokens list are not kept after source parsing.
* visibility property for class method parsing was added by default.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2013 Remi Collet <remi(a)fedoraproject.org> - 2.23.1-1
- Update to 2.23.1
- raise dependencies: PHP 5.3.0, PHP_Reflect 1.8.0 (and < 2)
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-Reflect-1.8.1-1.el6 (FEDORA-EPEL-2013-11673)
Adds the ability to reverse-engineer PHP
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog
PHP_CompatInfo Version 2.23.1 (2013-09-23)
Bug fixes:
* GH-101: about json constants and pdf function in unit tests (Thanks to Remi Collet)
PHP_CompatInfo Version 2.23.0 (2013-09-19)
Additions and changes:
* add both support to PHP 5.4.20 and 5.5.4
* add 3 new extensions: htscanner, PDFlib, Rar
* update APCu reference to 4.0.2
* update pthreads reference to 0.0.45
* introduces an experimental DYN lazy loader references ( NOT YET OPERATIONAL, missing
rules implementations )
* drop support of PHP4 reference
* drop support of PHP 5.2
PHP_Reflect Version 1.8.1 (2013-09-23)
Bug fixes:
* avoid wrong namespace detection if source code used a class property named namespace:
$this→namespace (Thanks to Remi Collet to notice me a strong behavior in class report)
PHP_Reflect Version 1.8.0 (2013-09-19)
Additions and changes:
* Latest version of branch 1.x
* Little memory usage optimisation : tokens list are not kept after source parsing.
* visibility property for class method parsing was added by default.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2013 Remi Collet <remi(a)fedoraproject.org> - 1.8.1-1
- Update to 1.8.1
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.7.18-1.el6 (FEDORA-EPEL-2013-11672)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
* Mon Sep 23 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 1.7.14-1
- New upstream security release 1.7.14
-
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.14/
- Some API resources were accessible even if their parent resources were not, due to a
missing check. In most cases, this was harmless, but it can affect those using access
control on groups or review requests.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 0.7.18-1
- New upstream security release 0.7.18
-
http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.18.NEWS
- Web API resource lists are now more careful about access permissions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1008423 - ReviewBoard-1.7.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1008423
--------------------------------------------------------------------------------
================================================================================
safekeep-1.4.2-3.el6 (FEDORA-EPEL-2013-11671)
The SafeKeep backup system
--------------------------------------------------------------------------------
Update Information:
Added missing requirement on crontabs to spec file
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 22 2013 Jóhann B. Guðmundsson <johannbg(a)fedoraproject.org> - 1.4.2-3
- Add a missing requirement on crontabs to spec file
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #989113 - Add a missing requirement on crontabs for the cron job to the spec
file
https://bugzilla.redhat.com/show_bug.cgi?id=989113
--------------------------------------------------------------------------------
================================================================================
xpdf-3.03-8.el6.1 (FEDORA-EPEL-2013-11666)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the
error messages
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 22 2013 Tom Callaway <spot(a)fedoraproject.org> - 1:3.03-8.1
- rhel still needs pdfdetach in xpdf
* Sun Sep 22 2013 Tom Callaway <spot(a)fedoraproject.org> - 1:3.03-8
- fix CVE-2012-2142
- fix issue with icon name in .desktop file (except on el5)
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1:3.03-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Feb 10 2013 Parag Nemade <paragn AT fedoraproject DOT org> - 1:3.03-6
- Remove vendor tag from desktop file as per
https://fedorahosted.org/fesco/ticket/1077
* Wed Nov 14 2012 Tom Callaway <spot(a)fedoraproject.org> - 1:3.03-5
- fix desktop file to invoke xpdf with a file param (bz874644)
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1:3.03-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri May 25 2012 Tom Callaway <spot(a)fedoraproject.org> - 1:3.03-3
- drop pdfdetach, poppler-utils has it now
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1:3.03-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Aug 22 2011 Tom Callaway <spot(a)fedoraproject.org> - 1:3.03-1
- update to 3.03
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1:3.02-18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Jan 21 2011 Tom Callaway <spot(a)fedoraproject.org> - 1:3.02-17
- Added pdftoppm for el5 or older, since it is not included in poppler-utils on el5
- Thanks to Ingvar Hagelund.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #789936 - CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape
sequences in the error messages
https://bugzilla.redhat.com/show_bug.cgi?id=789936
--------------------------------------------------------------------------------