The following Fedora EPEL 6 Security updates need testing:
Age URL
563
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
78
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61...
38
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11703/chicken-4....
26
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11785/phpMyAdmin...
20
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11865/quassel-0....
18
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11891/libuv-0.10...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11970/python-bac...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12025/seamonkey-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12040/python-djb...
The following builds have been pushed to Fedora EPEL 6 updates-testing
ReviewBoard-1.7.17-1.el6.1
drupal7-rules-2.6-1.el6
gimp-gap-2.7.0-8.GITe75bd46.el6
mock-1.1.35-1.el6
polarssl-1.3.2-1.el6
python-djblets-0.7.23-1.el6
tubo-5.0.10-2.el6
Details about builds:
================================================================================
ReviewBoard-1.7.17-1.el6.1 (FEDORA-EPEL-2013-12040)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
- New upstream security release 1.7.17
-
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/
- Resolves: CVE-2013-4519
- Security Fixes:
* Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions.
* Added a 'X-Frame-Options' header to prevent clickjacking.
- New Features:
* Remove the need for SSH keys for GitHub repositories.
* Improved validation for GitHub repositories.
* Added support for permissions on Local Sites.
- Performance Improvements:
* Reduced query counts on all pages.
* Reduced query counts in the web API when returning empty lists.
- Extensibility:
* Extensions using the ``configure_extension`` view an now pass in a custom
``template_name`` pointing to a template for the configuration page, if it needs
additional customization.
* Enabling, disabling or reconfiguring extensions will now invalidate the caches for
pages, ensuring that hooks will take affect.
* Extension configuration now works properly on subdirectory installs.
- Bug Fixes:
* Fixed showing private review requests on a submitter page.
* The description for submitted or discarded review requests is now shown on the diff
viewer.
* Discarding, reopening and then closing a review request no longer makes the review
request private.
* Fixed a naming conflict with older PyCrypto packages, such as the default package on
CentOS 6.4.
* Users with the 'can_change_status' permission no longer need the
'can_edit_reviewrequest' permission in order to close or reopen review requests.
* Switching a repository from using a hosting service to Custom no longer reverts back
to the hosting service.
* Fixed editing a repository if its associated hosting service can't be loaded (such
as if an extension providing that hosting service is disabled).
* Many diff validation errors weren't being shown on the New Review Request page,
generating 500 errors instead.
* Fixed caching issues with the Blocks field on review requests.
* Editing JSON text fields in the administration UI now works, validates, and won't
result in warnings in the log.
* Fixed breakages with looking up URLs internally with Local Sites.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 6 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 1.7.17-1.1
- Drop upstreamed patch for pytz requirement
* Tue Nov 5 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 1.7.17-1
- New upstream security release 1.7.17
-
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/
- Resolves: CVE-2013-4519
- Security Fixes:
* Fixed XSS vulnerabilities for the 'Branch' field and uploaded file
captions.
* Added a 'X-Frame-Options' header to prevent clickjacking.
- New Features:
* Remove the need for SSH keys for GitHub repositories.
* Improved validation for GitHub repositories.
* Added support for permissions on Local Sites.
- Performance Improvements:
* Reduced query counts on all pages.
* Reduced query counts in the web API when returning empty lists.
- Extensibility:
* Extensions using the ``configure_extension`` view an now pass in a custom
``template_name`` pointing to a template for the configuration page, if it
needs additional customization.
* Enabling, disabling or reconfiguring extensions will now invalidate the
caches for pages, ensuring that hooks will take affect.
* Extension configuration now works properly on subdirectory installs.
- Bug Fixes:
* Fixed showing private review requests on a submitter page.
* The description for submitted or discarded review requests is now shown on
the diff viewer.
* Discarding, reopening and then closing a review request no longer makes the
review request private.
* Fixed a naming conflict with older PyCrypto packages, such as the default
package on CentOS 6.4.
* Users with the 'can_change_status' permission no longer need the
'can_edit_reviewrequest' permission in order to close or reopen review
requests.
* Switching a repository from using a hosting service to Custom no longer
reverts back to the hosting service.
* Fixed editing a repository if its associated hosting service can't be
loaded (such as if an extension providing that hosting service is
disabled).
* Many diff validation errors weren't being shown on the New Review Request
page, generating 500 errors instead.
* Fixed caching issues with the Blocks field on review requests.
* Editing JSON text fields in the administration UI now works, validates, and
won't result in warnings in the log.
* Fixed breakages with looking up URLs internally with Local Sites.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1027010 - CVE-2013-4519 ReviewBoard: two XSS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1027010
--------------------------------------------------------------------------------
================================================================================
drupal7-rules-2.6-1.el6 (FEDORA-EPEL-2013-12038)
It allows site administrators to define conditionally executed actions
--------------------------------------------------------------------------------
Update Information:
- Update to upstream 2.6 release for bug fixes
- Upstream changelog for this release is available at
https://drupal.org/node/2123171
- Update to upstream 2.5 release for bug fixes
- Upstream changelog for this release is available at
https://drupal.org/node/2092781
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 6 2013 Peter Borsa <peter.borsa(a)gmail.com> - 2.6-1
- Update to upstream 2.6 release for bug fixes
- Upstream changelog for this release is available at
https://drupal.org/node/2123171
* Thu Sep 26 2013 Peter Borsa <peter.borsa(a)gmail.com> - 2.5-1
- Update to upstream 2.5 release for bug fixes
- Upstream changelog for this release is available at
https://drupal.org/node/2092781
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1024829 - drupal7-rules-2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1024829
[ 2 ] Bug #1009500 - drupal7-rules-2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1009500
--------------------------------------------------------------------------------
================================================================================
gimp-gap-2.7.0-8.GITe75bd46.el6 (FEDORA-EPEL-2013-12036)
The GIMP Animation Package
--------------------------------------------------------------------------------
Update Information:
Initial add gimp-gap into Fedora/epel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #954108 - Review Request: gimp-gap - The GIMP Animation Package
https://bugzilla.redhat.com/show_bug.cgi?id=954108
--------------------------------------------------------------------------------
================================================================================
mock-1.1.35-1.el6 (FEDORA-EPEL-2013-12039)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
Fixed %%post scriptlet to properly set default.cfg symlink
various bugfixes
Removed f17 configs and added f20 configs
Removed f17 configs and added f20 configs
various bugfixes
Removed f17 configs and added f20 configs
Removed f17 configs and added f20 configs
various bugfixes
Removed f17 configs and added f20 configs
Removed f17 configs and added f20 configs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 5 2013 Clark Williams <williams(a)redhat.com> - 1.1.35-1
- modified %post logic to set default config correctly
* Tue Oct 29 2013 Clark Williams <williams(a)redhat.com> - 1.1.34-1
- fixed specfile to include mass rebuild changelog entry
- package_state: drop privs when writing available_packages data [BZ# 916685]
- unconditionally update default.cfg on install [BZ# 858822]
- attempt to make mock more EL5 friendly [BZ# 949616]
- do not ignore missing dependencies [BZ# 955478]
- set the group defined in chrootgid [BZ# 953519]
- add the --nocheck option to mock [BZ# 1015790]
- raise privs before deleting rpm db files in chroot [BZ# 973617]
- clean up orphan processes even if chroot not cleaned [BZ# 972868]
- do not remove the chroot builddir if not cleaning the chroot [BZ# 483486]
- use root object environment in package_state plugin [BZ# 921221]
- Pass values of --plugin-option through literal_eval [BZ# 1018359]
- add default mode to mount in tmpfs plugin [BZ# 598257]
- exit mockbuild.util.logOutput() when child process dies [BZ# 885405]
* Wed Aug 21 2013 Clark Williams <williams(a)redhat.com> - 1.1.33-1
- removed f17 configs
- added f20 configs
- fixed mockchain to use mock config default setup [BZ# 962573]
- remove bogus lockfile dir in _setupDirs() [BZ# 894305]
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.32-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #916685 - mock ... foo.src.rpm fails if foo.src.rpm is on nfs filesytem
https://bugzilla.redhat.com/show_bug.cgi?id=916685
[ 2 ] Bug #858822 - Mock's default configuration is not updated, becomes outdated
over time
https://bugzilla.redhat.com/show_bug.cgi?id=858822
[ 3 ] Bug #949616 - Suggested patches to mock 1.1.30 to build and work on EL5
https://bugzilla.redhat.com/show_bug.cgi?id=949616
[ 4 ] Bug #955478 - Unresolved dependencies silently ignored
https://bugzilla.redhat.com/show_bug.cgi?id=955478
[ 5 ] Bug #953519 - After changing config_opts['chrootgid'], the process still
runs with mock group privileges
https://bugzilla.redhat.com/show_bug.cgi?id=953519
[ 6 ] Bug #1015790 - Add --nocheck to mock
https://bugzilla.redhat.com/show_bug.cgi?id=1015790
[ 7 ] Bug #973617 - [abrt] mock-1.1.32-1.fc19: backend.py:540:_nuke_rpm_db:OSError:
[Errno 13] Permission denied:
'/var/lib/mock/fedora-rawhide-x86_64/root/var/lib/rpm/__db.001'
https://bugzilla.redhat.com/show_bug.cgi?id=973617
[ 8 ] Bug #972868 - [abrt] mock-1.1.32-1.fc18: shutil.py:252:rmtree:OSError: [Errno 16]
Device or resource busy: '/var/lib/mock/epel-6-x86_64/root/dev/shm'
https://bugzilla.redhat.com/show_bug.cgi?id=972868
[ 9 ] Bug #483486 - Can't build 'nosrc' srpms using mock (--no-clean does
not work)
https://bugzilla.redhat.com/show_bug.cgi?id=483486
[ 10 ] Bug #921221 - Activation of package_state in 1.1.29 breaks setups with http proxy
servers
https://bugzilla.redhat.com/show_bug.cgi?id=921221
[ 11 ] Bug #1018359 - [PATCH] Pass values of --plugin-option through literal_eval
https://bugzilla.redhat.com/show_bug.cgi?id=1018359
[ 12 ] Bug #885405 - mock hangs when rpm %check fails (reproducer)
https://bugzilla.redhat.com/show_bug.cgi?id=885405
[ 13 ] Bug #962573 - mockchain fails on complicated config files
https://bugzilla.redhat.com/show_bug.cgi?id=962573
[ 14 ] Bug #894305 - directory /var/lock/rpm unowned
https://bugzilla.redhat.com/show_bug.cgi?id=894305
--------------------------------------------------------------------------------
================================================================================
polarssl-1.3.2-1.el6 (FEDORA-EPEL-2013-12037)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
New package for EPEL
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.7.23-1.el6 (FEDORA-EPEL-2013-12040)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
- New upstream security release 1.7.17
-
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/
- Resolves: CVE-2013-4519
- Security Fixes:
* Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions.
* Added a 'X-Frame-Options' header to prevent clickjacking.
- New Features:
* Remove the need for SSH keys for GitHub repositories.
* Improved validation for GitHub repositories.
* Added support for permissions on Local Sites.
- Performance Improvements:
* Reduced query counts on all pages.
* Reduced query counts in the web API when returning empty lists.
- Extensibility:
* Extensions using the ``configure_extension`` view an now pass in a custom
``template_name`` pointing to a template for the configuration page, if it needs
additional customization.
* Enabling, disabling or reconfiguring extensions will now invalidate the caches for
pages, ensuring that hooks will take affect.
* Extension configuration now works properly on subdirectory installs.
- Bug Fixes:
* Fixed showing private review requests on a submitter page.
* The description for submitted or discarded review requests is now shown on the diff
viewer.
* Discarding, reopening and then closing a review request no longer makes the review
request private.
* Fixed a naming conflict with older PyCrypto packages, such as the default package on
CentOS 6.4.
* Users with the 'can_change_status' permission no longer need the
'can_edit_reviewrequest' permission in order to close or reopen review requests.
* Switching a repository from using a hosting service to Custom no longer reverts back
to the hosting service.
* Fixed editing a repository if its associated hosting service can't be loaded (such
as if an extension providing that hosting service is disabled).
* Many diff validation errors weren't being shown on the New Review Request page,
generating 500 errors instead.
* Fixed caching issues with the Blocks field on review requests.
* Editing JSON text fields in the administration UI now works, validates, and won't
result in warnings in the log.
* Fixed breakages with looking up URLs internally with Local Sites.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 5 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 0.7.23-1
- New upstream release 0.7.23
-
http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS
* djblets.webapi:
* Added a has_list_access_permissions function, which is used to determine
access to a list resource.
-
http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.22.NEWS
* djblets.extensions:
* AJAX_SERIAL is updated when extensions are enabled/disabled or their
configuration changes, allowing templates using AJAX_SERIAL as part of
their cache to invalidate.
* djblets.siteconfig:
* Reduced query counts for installs using siteconfig.
* djblets.webapi:
* Reduced query counts when returning payloads for list resources with no
entries.
* Common attribute lookups on WebAPIResource are now cached.
-
http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.23.NEWS
* djblets.extensions:
* Fix URL errors when configuring extensions with a custom SITE_ROOT.
* djblets.util.fields:
* JSONFields can now be safely edited through the administration UI,
complete with validation.
* jquery.gravy:
* Fixed hiding the pencil icons on an inlineEditor when disabled.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1027010 - CVE-2013-4519 ReviewBoard: two XSS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1027010
--------------------------------------------------------------------------------
================================================================================
tubo-5.0.10-2.el6 (FEDORA-EPEL-2013-12034)
Library to thread process std-in/std-err/std-out from fork() child
--------------------------------------------------------------------------------
Update Information:
*Update to 5.0.10
*'example' and 'tuboexec' binaries are now packaged
*Added glib2-devel BR
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016807 - Review Request: tubo - Library to thread process
std-in/std-err/std-out from fork() child
https://bugzilla.redhat.com/show_bug.cgi?id=1016807
--------------------------------------------------------------------------------