The following Fedora EPEL 6 Security updates need testing: Age URL 207 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13367/seamonkey-2.1... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13432/weechat-0.3.8... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13477/cgit-0.9.1-1.... 33 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13155/cobbler-2.4.0... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13222/xlockmore-5.4... 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13442/roundup-1.4.2... 31 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13172/ssmtp-2.61-19... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13088/python-django... 31 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13176/icecast-2.3.3... 130 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13478/mod_security-... 395 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribbl...
The following builds have been pushed to Fedora EPEL 6 updates-testing
cgit-0.9.1-1.el6 mod_security-2.7.1-3.el6 mod_security_crs-2.2.6-3.el6 qemu-1.2.0-19.el6.1
Details about builds:
================================================================================ cgit-0.9.1-1.el6 (FEDORA-EPEL-2012-13477) A fast web interface for git -------------------------------------------------------------------------------- Update Information:
Update to new upsteam version with 2 security fixes, enhancements and misc other bug fixes. See http://git.zx2c4.com/cgit/commit/?id=a6a932e198e8b6b564d7a4bb43e78078d829602... for details. -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 15 2012 Kevin Fenzi kevin@scrye.com 0.9.1-1 - Update to 0.9.1 - Fixes bug #870714 - CVE-2012-4548 - Fixes bug #820733 - CVE-2012-4465 * Wed Jul 18 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.9.0.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jan 12 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.9.0.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #870714 - CVE-2012-4548 cgit: syntax-highlighting.sh command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=870714 [ 2 ] Bug #820733 - avoid stack-smash when processing unusual commit [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=820733 --------------------------------------------------------------------------------
================================================================================ mod_security-2.7.1-3.el6 (FEDORA-EPEL-2012-13478) Security module for the Apache HTTP Server -------------------------------------------------------------------------------- Update Information:
- Update to 2.7.1 - Update Core rules set to 2.2.6 - Fix build against libxml2 >= 2.9 (upstreamed) - Add some missing directives RHBZ #569360 - Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774) -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 15 2012 Athmane Madjoudj athmane@fedoraproject.org 2.7.1-3 - Add some missing directives RHBZ #569360 - Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774) * Thu Nov 15 2012 Athmane Madjoudj athmane@fedoraproject.org 2.7.1-2 - Fix mod_security.conf * Thu Nov 15 2012 Athmane Madjoudj athmane@fedoraproject.org 2.7.1-1 - Update to 2.7.1 - Remove libxml2 build patch (upstreamed) - Update spec since upstream moved to github * Thu Oct 18 2012 Athmane Madjoudj athmane@fedoraproject.org 2.7.0-2 - Add a patch to fix failed build against libxml2 >= 2.9.0 * Wed Oct 17 2012 Athmane Madjoudj athmane@fedoraproject.org 2.7.0-1 - Update to 2.7.0 * Fri Sep 28 2012 Athmane Madjoudj athmane@fedoraproject.org 2.6.8-1 - Update to 2.6.8 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #867424 - CVE-2012-4528 mod_security: multipart/invalid part ruleset bypass https://bugzilla.redhat.com/show_bug.cgi?id=867424 --------------------------------------------------------------------------------
================================================================================ mod_security_crs-2.2.6-3.el6 (FEDORA-EPEL-2012-13478) ModSecurity Rules -------------------------------------------------------------------------------- Update Information:
- Update to 2.7.1 - Update Core rules set to 2.2.6 - Fix build against libxml2 >= 2.9 (upstreamed) - Add some missing directives RHBZ #569360 - Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774) -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 17 2012 Athmane Madjoudj athmane@fedoraproject.org 2.2.6-3 - Remove the patch since we're requiring mod_security >= 2.7.0 - Require mod_security >= 2.7.0 * Mon Oct 1 2012 Athmane Madjoudj athmane@fedoraproject.org 2.2.6-2 - Add a patch to fix incompatible rules. - Update to new git release * Sat Sep 15 2012 Athmane Madjoudj athmane@fedoraproject.org 2.2.6-1 - Update to 2.2.6 - Update spec file since upstream moved to Github. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #867424 - CVE-2012-4528 mod_security: multipart/invalid part ruleset bypass https://bugzilla.redhat.com/show_bug.cgi?id=867424 --------------------------------------------------------------------------------
================================================================================ qemu-1.2.0-19.el6.1 (FEDORA-EPEL-2012-13479) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information:
This update brings QEMU, the machine emulator, to EPEL for Enterprise Linux 6.
Parts of QEMU (KVM for x86 with basic hardware emulation support, imaging utilities, guest agent in particular) and are shipped with Enterprise Linux for x86_64 architecture. EPEL packages can't conflict with or replace packages shipped with Enterprise Linux, and thus on x86_64 architecture this package supplements what's already shipped with the distribution. --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org