The following Fedora EPEL 6 Security updates need testing:
Age URL
900
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
232
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
119
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2750/libsrtp-1.4...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2719/nodejs-0.10...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2742/TeXmacs-1.0...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2713/putty-0.63-...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2811/nodejs-qs-0...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2821/nodejs-send...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2981/check-mk-1....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3024/rssh-2.3.4-...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3064/mediawiki11...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3082/golang-1.3....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3202/python-oaut...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2850/nginx-1.0.1...
The following builds have been pushed to Fedora EPEL 6 updates-testing
R-3.1.1-7.el6
ansible-1.7.2-2.el6
elk-2.3.22-9.el6
fedmsg-0.11.0-1.el6
golang-github-SeanDolphin-bqschema-0-0.1.gita713d26.el6
golang-github-bmizerany-assert-0-0.1.gite17e998.el6
golang-github-bmizerany-pat-0-0.1.gitb8a3500.el6
golang-github-golang-glog-0-0.2.gitd1c4472.el6
golang-github-influxdb-go-cache-0-0.1.git7d1d6d6.el6
golang-github-jmhodges-levigo-0-0.1.git253793d.el6
golang-github-kr-fs-0-0.1.git2788f0d.el6
golang-github-onsi-ginkgo-0-0.1.git90d6a47.el6
golang-github-onsi-gomega-0-0.1.gita0ee4df.el6
golang-github-stretchr-objx-0-0.2.gitcbeaeb1.el6
golang-github-stretchr-testify-0-0.3.gitda775f0.el6
golang-googlecode-go-exp-0-0.1.hgbd8df7009305.el6
golang-googlecode-gomock-0-0.1.hge033c7513ca3.el6
golang-googlecode-log4go-0-0.1.hgc3294304d93f.el6
igraph-0.7.1-1.el6
inxi-2.2.14-1.el6
nagios-plugins-fts-3.2.0-1.el6
nginx-1.0.15-8.el6
perl-Redis-1.976-1.el6
perl-Test-XML-0.08-2.el6
php-phpunit-environment-1.1.0-1.el6
python-fedmsg-meta-fedora-infrastructure-0.3.5-1.el6
python-fedora-0.3.36-1.el6
python-oauth2-1.5.211-8.el6
python-urllib2_kerberos-0.1.6-14.el6
rubygem-ffi-1.0.9-10.el6
Details about builds:
================================================================================
R-3.1.1-7.el6 (FEDORA-EPEL-2014-3259)
A language for data analysis and graphics
--------------------------------------------------------------------------------
Update Information:
Fix java Requires/BuildRequires to be more permissive.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2014 Orion Poplawski <orion(a)cora.nwra.com> - 3.1.1-7
- Just BR/R java instead of java-1.5.0-gcj (bug #1110684)
* Tue Sep 16 2014 David Sommerseth <davids(a)redhat.com> - 3.1.1-6
- Setting ulimit when running make check, to avoid segfault due to too small stack (needed
on PPC64)
* Tue Aug 26 2014 David Tardon <dtardon(a)redhat.com> - 3.1.1-5
- rebuild for ICU 53.1
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.1.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110684 - R-java update has new dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1110684
--------------------------------------------------------------------------------
================================================================================
ansible-1.7.2-2.el6 (FEDORA-EPEL-2014-3201)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
* fix problem with ansible --vault-password not working.
Update to 1.7.2
Update to 1.7.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2014 Toshio Kuratomi <toshio(a)fedoraproject.org> - 1.7.2-2
- Add /usr/bin/ansible to the rhel6 newer pycrypto patch
* Wed Sep 24 2014 Kevin Fenzi <kevin(a)scrye.com> 1.7.2-1
- Update to 1.7.2
* Thu Aug 14 2014 Kevin Fenzi <kevin(a)scrye.com> 1.7.1-1
- Update to 1.7.1
--------------------------------------------------------------------------------
================================================================================
elk-2.3.22-9.el6 (FEDORA-EPEL-2014-3223)
FP-LAPW Code
--------------------------------------------------------------------------------
Update Information:
build against new openmpi on fc21 + epel7 package
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 7 2014 Marcin Dulak <Marcin.Dulak(a)gmail.com> - 2.3.22-9
- build against new openmpi
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.3.22-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
fedmsg-0.11.0-1.el6 (FEDORA-EPEL-2014-3239)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
New fedmsg.meta.msg2long_form API. Other IRC-related bugfixes and enhancements.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2014 Ralph Bean <rbean(a)redhat.com> - 0.11.0-1
- Fix harmless error about twisted.words at daemon startup.
- Optional shortening of links in IRC.
- IRC bot now reconnects when dropped.
- New fedmsg.meta.msg2long_form API.
--------------------------------------------------------------------------------
================================================================================
golang-github-SeanDolphin-bqschema-0-0.1.gita713d26.el6 (FEDORA-EPEL-2014-3248)
Package for creating Google Big Query from Go structs
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148460 - Review Request: golang-github-SeanDolphin-bqschema - Package for
creating Google Big Query from Go structs
https://bugzilla.redhat.com/show_bug.cgi?id=1148460
--------------------------------------------------------------------------------
================================================================================
golang-github-bmizerany-assert-0-0.1.gite17e998.el6 (FEDORA-EPEL-2014-3233)
Assertions for Go tests
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148700 - Review Request: golang-github-bmizerany-assert - Assertions for Go
tests
https://bugzilla.redhat.com/show_bug.cgi?id=1148700
--------------------------------------------------------------------------------
================================================================================
golang-github-bmizerany-pat-0-0.1.gitb8a3500.el6 (FEDORA-EPEL-2014-3217)
A Sinatra style pattern muxer for Go's net/http library
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148702 - Review Request: golang-github-bmizerany-pat - A Sinatra style
pattern muxer for Go's net/http library
https://bugzilla.redhat.com/show_bug.cgi?id=1148702
--------------------------------------------------------------------------------
================================================================================
golang-github-golang-glog-0-0.2.gitd1c4472.el6 (FEDORA-EPEL-2014-3245)
Leveled execution logs for Go
--------------------------------------------------------------------------------
Update Information:
New golang package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1141861 - Review Request: golang-github-golang-glog - Leveled execution logs
for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1141861
--------------------------------------------------------------------------------
================================================================================
golang-github-influxdb-go-cache-0-0.1.git7d1d6d6.el6 (FEDORA-EPEL-2014-3256)
An in-memory key:value store/cache library for Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148692 - Review Request: golang-github-influxdb-go-cache - An in-memory
key:value store/cache library for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1148692
--------------------------------------------------------------------------------
================================================================================
golang-github-jmhodges-levigo-0-0.1.git253793d.el6 (FEDORA-EPEL-2014-3237)
Go wrapper for LevelDB
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148705 - Review Request: golang-github-jmhodges-levigo - Go wrapper for
LevelDB
https://bugzilla.redhat.com/show_bug.cgi?id=1148705
--------------------------------------------------------------------------------
================================================================================
golang-github-kr-fs-0-0.1.git2788f0d.el6 (FEDORA-EPEL-2014-3213)
Provides Go filesystem-related functions
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148447 - Review Request: golang-github-kr-fs - Provides Go
filesystem-related functions
https://bugzilla.redhat.com/show_bug.cgi?id=1148447
--------------------------------------------------------------------------------
================================================================================
golang-github-onsi-ginkgo-0-0.1.git90d6a47.el6 (FEDORA-EPEL-2014-3247)
A Golang BDD Testing Framework
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148456 - Review Request: golang-github-onsi-ginkgo - A Golang BDD Testing
Framework
https://bugzilla.redhat.com/show_bug.cgi?id=1148456
--------------------------------------------------------------------------------
================================================================================
golang-github-onsi-gomega-0-0.1.gita0ee4df.el6 (FEDORA-EPEL-2014-3240)
Ginkgo's Preferred Matcher Library
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148452 - Review Request: golang-github-onsi-gomega - Ginkgo's Preferred
Matcher Library
https://bugzilla.redhat.com/show_bug.cgi?id=1148452
--------------------------------------------------------------------------------
================================================================================
golang-github-stretchr-objx-0-0.2.gitcbeaeb1.el6 (FEDORA-EPEL-2014-3243)
Go package for dealing with maps, slices, JSON and other data
--------------------------------------------------------------------------------
Update Information:
New golang package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1141864 - Review Request: golang-github-stretchr-objx - Go package for
dealing with maps, slices, JSON and other data
https://bugzilla.redhat.com/show_bug.cgi?id=1141864
--------------------------------------------------------------------------------
================================================================================
golang-github-stretchr-testify-0-0.3.gitda775f0.el6 (FEDORA-EPEL-2014-3227)
Tools for testifying that your code will behave as you intend
--------------------------------------------------------------------------------
Update Information:
New golang package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1141872 - Review Request: golang-github-stretchr-testify - Tools for
testifying that your code will behave as you intend
https://bugzilla.redhat.com/show_bug.cgi?id=1141872
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-go-exp-0-0.1.hgbd8df7009305.el6 (FEDORA-EPEL-2014-3203)
Experimental tools and packages for Go
--------------------------------------------------------------------------------
Update Information:
new golang package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148481 - Review Request: golang-googlecode-go-exp - Experimental tools and
packages for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1148481
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-gomock-0-0.1.hge033c7513ca3.el6 (FEDORA-EPEL-2014-3246)
Mocking framework for the Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148477 - Review Request: golang-googlecode-gomock - Mocking framework for
the Go
https://bugzilla.redhat.com/show_bug.cgi?id=1148477
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-log4go-0-0.1.hgc3294304d93f.el6 (FEDORA-EPEL-2014-3257)
Logging package similar to log4j for the Go programming language
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148735 - Review Request: golang-googlecode-log4go - Logging package similar
to log4j for the Go programming language
https://bugzilla.redhat.com/show_bug.cgi?id=1148735
--------------------------------------------------------------------------------
================================================================================
igraph-0.7.1-1.el6 (FEDORA-EPEL-2014-3219)
Library for creating and manipulating graphs
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.1 in EPEL 6 and EPEL7
--------------------------------------------------------------------------------
================================================================================
inxi-2.2.14-1.el6 (FEDORA-EPEL-2014-3221)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 2.2.14
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2014 Vasiliy N. Glazov <vascom2(a)gmail.com> 2.2.14-1
- Update to 2.2.14
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-fts-3.2.0-1.el6 (FEDORA-EPEL-2014-3210)
Nagios probes to be run remotely against FTS3 machines
--------------------------------------------------------------------------------
Update Information:
Initial build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1149178 - Review Request: nagios-plugins-fts - provides the nagios probes for
FTS3
https://bugzilla.redhat.com/show_bug.cgi?id=1149178
--------------------------------------------------------------------------------
================================================================================
nginx-1.0.15-8.el6 (FEDORA-EPEL-2014-2850)
A high performance web server and reverse proxy server
--------------------------------------------------------------------------------
Update Information:
* Security fix for CVE-2014-3616
* Create nginx-filesystem subpackage
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1.0.15-8
- fix typo in Requires
* Mon Sep 22 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1.0.15-7
- create nginx-filesystem subpackage (patch from Remi Collet)
* Mon Sep 22 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1.0.15-6
- fix CVE-2014-3616 virtual host confusion (#1142573, #1142576)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1142573 - CVE-2014-3616 nginx: virtual host confusion
https://bugzilla.redhat.com/show_bug.cgi?id=1142573
--------------------------------------------------------------------------------
================================================================================
perl-Redis-1.976-1.el6 (FEDORA-EPEL-2014-3242)
Perl binding for Redis database
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.976.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2014 David Dick <ddick(a)cpan.org> - 1.976-1
- Upgrade to 1.976.
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.975-2
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150530 - perl-Redis-1.976 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1150530
--------------------------------------------------------------------------------
================================================================================
perl-Test-XML-0.08-2.el6 (FEDORA-EPEL-2014-3207)
Compare XML in perl tests
--------------------------------------------------------------------------------
Update Information:
This is the first Fedora/EPEL release of perl-Test-XML.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148580 - Review Request: perl-Test-XML - Compare XML in perl tests
https://bugzilla.redhat.com/show_bug.cgi?id=1148580
--------------------------------------------------------------------------------
================================================================================
php-phpunit-environment-1.1.0-1.el6 (FEDORA-EPEL-2014-3231)
Handle HHVM/PHP environments
--------------------------------------------------------------------------------
Update Information:
* Add Console::hasColorSupport()
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2014 Remi Collet <remi(a)fedoraproject.org> - 1.1.0-1
- update to 1.1.0
- enable test suite
- composer dependencies
- add generated autoload.php
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.3.5-1.el6 (FEDORA-EPEL-2014-3238)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Fix to anitya processor.
Bugfixes to anitya and pkgdb processors.
New koschei and anitya processors.
Handle new pkgdb messages, certain legacy messages, and new bugzilla messages. git
messages now return the full patch via a call to msg2long_form
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.5-1
- Further fixes to anitya.
* Wed Oct 8 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.4-1
- Fixes to pkgdb and anitya processors.
* Fri Oct 3 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.3-1
- New koschei and anitya processors.
* Mon Sep 29 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.2-1
- Latest upstream.
- Handle different types of legacy messages.
- git messages now return the full patch via a call to msg2long_form.
- future-proofing against new types of bugzilla messages.
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.3.36-1.el6 (FEDORA-EPEL-2014-3205)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
New upstream release fixing logging in openidbaseclient
* Update to new upstream:
https://github.com/fedora-infra/python-fedora/blob/develop/NEWS
* Update to new upstream:
https://github.com/fedora-infra/python-fedora/blob/develop/NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 7 2014 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.36-1
- New upstream release fixing logging in openidbaseclient
* Wed Aug 6 2014 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.35-1
- Upstream 0.3.35 release that adds openidbaseclient
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3.34-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150301 - Using "pkgdb-cli" leads to "NameError: name
'NullHandler' is not defined"
https://bugzilla.redhat.com/show_bug.cgi?id=1150301
--------------------------------------------------------------------------------
================================================================================
python-oauth2-1.5.211-8.el6 (FEDORA-EPEL-2014-3202)
Python support for improved oauth
--------------------------------------------------------------------------------
Update Information:
Actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson).
Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski.
Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2014 Tom Callaway <spot(a)fedoraproject.org> - 1.5.211-8
- actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson)
* Fri Sep 12 2014 Tom Callaway <spot(a)fedoraproject.org> - 1.5.211-7
- Fix CVE-2013-4346 and CVE-2013-4347 (thanks to Philippe Makowski)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5.211-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1007746 - CVE-2013-4346 python-oauth2: _check_signature() ignores the nonce
value when validating signed urls
https://bugzilla.redhat.com/show_bug.cgi?id=1007746
[ 2 ] Bug #1007758 - CVE-2013-4347 python-oauth2: Uses poor PRNG in nonce
https://bugzilla.redhat.com/show_bug.cgi?id=1007758
--------------------------------------------------------------------------------
================================================================================
python-urllib2_kerberos-0.1.6-14.el6 (FEDORA-EPEL-2014-2747)
Kerberos over HTTP Negotiate/SPNEGO support for urllib2
--------------------------------------------------------------------------------
Update Information:
Fix logging format for Python 2.6 (#1065576)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2014 Steve Traylen <steve.traylen(a)cern.ch> - 0.1.6-14
- Remove debug from add-logging.patch. #1065576
* Thu Jul 3 2014 Matěj Cepl <mcepl(a)redhat.com> - 0.1.6-13
- Fix logging format for Python 2.6 (#1065576)
* Mon Jun 30 2014 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.1.6-12
- Replace python-setuptools-devel BR with python-setuptools
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1065576 - Add additional patches to urllib2_kerberos
https://bugzilla.redhat.com/show_bug.cgi?id=1065576
--------------------------------------------------------------------------------
================================================================================
rubygem-ffi-1.0.9-10.el6 (FEDORA-EPEL-2014-3216)
FFI Extensions for Ruby
--------------------------------------------------------------------------------
Update Information:
- Fix support for bools in structs
- Backport of fix for upstream issue #114
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2014 Dominic Cleal <dcleal(a)redhat.com> - 1.0.9-10
- Fix support for bools in structs (upstream #114)
--------------------------------------------------------------------------------