--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11995
2013-10-30 16:29:51
--------------------------------------------------------------------------------
Name : liquibase
Product : Fedora EPEL 6
Version : 3.0.7
Release : 4.el6
URL : http://liquibase.org/
Summary : Database Refactoring Tool
Description :
LiquiBase is an open source (Apache 2.0 License), database-independent library
for tracking, managing and applying database changes. It is built on a simple
premise: All database changes are stored in a human readable but tracked in
source control.
--------------------------------------------------------------------------------
Update Information:
Liquibase 3.0.7 features numerous bug fixes and additional extension support.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1023523 - Liquibase package needs an update
https://bugzilla.redhat.com/show_bug.cgi?id=1023523
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update liquibase' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11987
2013-10-29 17:18:34
--------------------------------------------------------------------------------
Name : fts
Product : Fedora EPEL 6
Version : 3.1.33
Release : 1.el6
URL : https://svnweb.cern.ch/trac/fts3/wiki
Summary : File Transfer Service V3
Description :
The File Transfer Service V3 is the successor of File Transfer Service V2.
It is a service and a set of command line tools for managing third party
transfers, most importantly the aim of FTS3 is to transfer the data produced
by CERN's LHC into the computing GRID.
--------------------------------------------------------------------------------
Update Information:
GRID middleware, which manages reliable third-party transfer
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update fts' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12086
2013-11-13 17:36:29
--------------------------------------------------------------------------------
Name : drupal6-context
Product : Fedora EPEL 6
Version : 3.3
Release : 1.el6
URL : http://drupal.org/project/context
Summary : Context Module for Drupal6
Description :
Context allows you to manage contextual conditions and reactions for
different portions of your site.
--------------------------------------------------------------------------------
Update Information:
CVE-2013-4445/CVE-2013-4446
Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues.
First issue is that the module allows execution of PHP code via manipulation of a URL argument in a path used for AJAX operations when running in a configuration without a json_decode function provided by PHP or the PECL JSON library. The vulnerability is
This vulnerability is only exploitable on a server running a PHP version prior to 5.2 that does not have the json library installed.
Second issue is that the module uses Drupal's token scheme to restrict access to the json rendering of a block. This control mechanism is insufficient as Drupal's token scheme is designed to provide security between two different sessions (or a session and a non authenticated user) and is not designed to provide security within a session. The vulnerability is mitigated by needing blocks that have sensitive information.
The suggested fix is to update Drupal6-context to 6.x-3.2 and Drupal7-context to 7.x-3.0.
References:
http://seclists.org/fulldisclosure/2013/Oct/118https://drupal.org/node/2113317
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020780 - drupal6-context: drupal-context: multiple vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1020780
[ 2 ] Bug #1020783 - drupal6-context: drupal-context: multiple vulnerabilities [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1020783
[ 3 ] Bug #1020256 - drupal6-context-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1020256
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update drupal6-context' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11976
2013-10-28 17:35:50
--------------------------------------------------------------------------------
Name : mozilla-noscript
Product : Fedora EPEL 6
Version : 2.6.8.4
Release : 1.el6
URL : http://noscript.net/
Summary : JavaScript white list extension for Mozilla Firefox
Description :
The NoScript Firefox extension provides extra protection for Firefox.
It allows JavaScript, Java, Flash and other plug-ins to be executed only by
trusted web sites of your choice (e.g. your online bank) and additionally
provides Anti-XSS protection.
--------------------------------------------------------------------------------
Update Information:
A full list of changes is here:
http://noscript.net/changelog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #958170 - mozilla-noscript-2.6.8.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=958170
[ 2 ] Bug #1023548 - mozilla-noscript needs updated
https://bugzilla.redhat.com/show_bug.cgi?id=1023548
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update mozilla-noscript' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11981
2013-10-28 17:36:01
--------------------------------------------------------------------------------
Name : mozilla-noscript
Product : Fedora EPEL 5
Version : 2.6.8.4
Release : 1.el5
URL : http://noscript.net/
Summary : JavaScript white list extension for Mozilla Firefox
Description :
The NoScript Firefox extension provides extra protection for Firefox.
It allows JavaScript, Java, Flash and other plug-ins to be executed only by
trusted web sites of your choice (e.g. your online bank) and additionally
provides Anti-XSS protection.
--------------------------------------------------------------------------------
Update Information:
A full list of changes is here:
http://noscript.net/changelog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #958170 - mozilla-noscript-2.6.8.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=958170
[ 2 ] Bug #1023548 - mozilla-noscript needs updated
https://bugzilla.redhat.com/show_bug.cgi?id=1023548
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update mozilla-noscript' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11962
2013-10-26 17:40:30
--------------------------------------------------------------------------------
Name : python-tahrir-api
Product : Fedora EPEL 6
Version : 0.4.0
Release : 1.el6
URL : http://pypi.python.org/pypi/tahrir-api
Summary : An API for interacting with the Tahrir database
Description :
API for interacting with the Tahrir database Based on the `Tahrir
<https://github.com/fedora-infra/tahrir>`_ database model.
There are two classes that can be used in this module. The first is
TahrirDatabase class located in tahrir_api.dbapi and the second is the database
model located in tahrir_api.model. The TahrirDatabase class is a high level way
to interact with the database. The model is used for a slightly more low level
way of interacting with the database. It allows for custom interactions with
the database without having to use the TahrirDatabase class.
--------------------------------------------------------------------------------
Update Information:
Latest upstream with login tracking and leaderboard improvements.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-tahrir-api' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11975
2013-10-28 17:35:48
--------------------------------------------------------------------------------
Name : php-PHP-CSS-Parser
Product : Fedora EPEL 6
Version : 5.1.1
Release : 1.el6
URL : https://github.com/sabberworm/PHP-CSS-Parser
Summary : A Parser for CSS Files
Description :
PHP CSS Parser: a Parser for CSS Files written in PHP.
Allows extraction of CSS files into a data structure, manipulation
of said structure and output as (optimized) CSS.
--------------------------------------------------------------------------------
Update Information:
Version 5.1.0 (2013-10-24)
* Performance enhancements by Michael M Slusarz
* More rescue entry points for lenient parsing (unexpected tokens between declaration blocks and unclosed comments)
* No backwards-incompatible changes
* No deprecations
Version 5.1.1 (2013-10-28)
* Updated CHANGELOG.md to reflect changes since 5.0.4
* No backwards-incompatible changes
* No deprecations
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-PHP-CSS-Parser' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11985
2013-10-29 17:18:31
--------------------------------------------------------------------------------
Name : perl-Rose-DB
Product : Fedora EPEL 6
Version : 0.773
Release : 1.el6
URL : http://search.cpan.org/dist/Rose-DB/
Summary : DBI wrapper and abstraction layer
Description :
Rose::DB is a wrapper and abstraction layer for DBI-related functionality.
A Rose::DB object "has a" DBI object; it is not a subclass of DBI.
--------------------------------------------------------------------------------
Update Information:
update to version 0.773
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #993106 - perl-Rose-DB-0.773 is available
https://bugzilla.redhat.com/show_bug.cgi?id=993106
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update perl-Rose-DB' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11970
2013-10-28 17:35:38
--------------------------------------------------------------------------------
Name : python-backports-ssl_match_hostname
Product : Fedora EPEL 6
Version : 3.4.0.2
Release : 1.el6
URL : https://bitbucket.org/brandon/backports.ssl_match_hostname
Summary : The ssl.match_hostname() function from Python 3
Description :
The Secure Sockets layer is only actually secure if you check the hostname in
the certificate returned by the server to which you are connecting, and verify
that it matches to hostname that you are trying to reach.
But the matching logic, defined in RFC2818, can be a bit tricky to implement on
your own. So the ssl package in the Standard Library of Python 3.2 now includes
a match_hostname() function for performing this check instead of requiring
every application to implement the check separately.
This backport brings match_hostname() to users of earlier versions of Python.
The actual code inside comes verbatim from Python 3.2.
--------------------------------------------------------------------------------
Update Information:
Fixes issue raised in this upstream bug report: http://bugs.python.org/issue17997#msg194950
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-backports-ssl_match_hostname' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11971
2013-10-28 17:35:40
--------------------------------------------------------------------------------
Name : admesh
Product : Fedora EPEL 6
Version : 0.97.2
Release : 1.el6
URL : http://github.com/hroncok/admesh/
Summary : Diagnose and/or repair problems with STereo Lithography files
Description :
ADMesh is a program for diagnosing and/or repairing commonly encountered
problems with STL (STereo Lithography) data files. It can remove degenerate
and unconnected facets, connect nearby facets, fill holes by adding facets,
and repair facet normals. Simple transformations such as scaling,
translation and rotation are also supported. ADMesh can read both
ASCII and binary format STL files, while the output can be in
AutoCAD DXF, Geomview OFF, STL, or VRML format.
--------------------------------------------------------------------------------
Update Information:
This is a new package.
ADMesh is a program for diagnosing and/or repairing commonly encountered problems with STL (STereo Lithography) data files. It can remove degenerate and unconnected facets, connect nearby facets, fill holes by adding facets, and repair facet normals. Simple transformations such as scaling, translation and rotation are also supported. ADMesh can read both ASCII and binary format STL files, while the output can be in AutoCAD DXF, Geomview OFF, STL, or VRML format.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1008284 - Review Request: admesh - Diagnose and/or repair common problems with STL files
https://bugzilla.redhat.com/show_bug.cgi?id=1008284
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update admesh' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------