EPEL Fedora 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jul 5 21:32:18 UTC 2013
The following Fedora EPEL 6 Security updates need testing:
Age URL
440 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
35 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6034/heat-jeos-9-1.el6
29 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6090/ssmtp-2.61-20.el6
15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10532/python-bugzilla-0.9.0-1.el6
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10586/rubygem-passenger-3.0.21-3.el6
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10617/wordpress-3.5.2-1.el6
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10621/openstack-keystone-2012.2.4-5.el6
9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10581/glpi-0.83.9.1-1.el6
7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10623/ReviewBoard-1.7.11-1.el6
7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10654/php-pecl-radius-1.2.7-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10750/zeroinstall-injector-2.3-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10754/ansible-1.2.1-2.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10756/gallery3-3.0.9-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ansible-1.2.1-2.el6
drupal7-admin_language-1.0-0.2.dev.20130226.el6
drupal7-crumbs-1.9-2.el6
drupal7-ds-2.4-1.el6
drupal7-l10n_server-1.0-0.2.dev.20130220.el6
drupal7-lang_dropdown-1.5-2.el6
drupal7-path_breadcrumbs-3.0-0.3.beta3.el6
drupal7-tmgmt-1.0-0.2.alpha3.el6
gallery3-3.0.9-1.el6
nodejs-ain2-1.2.1-5.el6
nodejs-buffer-crc32-0.2.1-5.el6
nodejs-buffer-equal-0.0.0-3.el6
nodejs-bunker-0.1.2-3.el6
nodejs-burrito-0.2.12-6.el6
nodejs-bytes-0.2.1-3.el6
nodejs-charm-0.1.2-2.el6
nodejs-cli-0.4.4.2-4.el6
nodejs-collections-0.1.21-1.el6
nodejs-less-1.4.1-1.el6
php-Raven-0.6.1-1.el6
zeroinstall-injector-2.3-1.el6
Details about builds:
================================================================================
ansible-1.2.1-2.el6 (FEDORA-EPEL-2013-10754)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Upstream 1.2.1 version. See: https://groups.google.com/forum/#!topic/ansible-project/Bj0TmfsExhk for more info.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Kevin Fenzi <kevin at scrye.com> 1.2.1-2
- Update to newer upstream re-release to fix a syntax error
* Thu Jul 4 2013 Kevin Fenzi <kevin at scrye.com> 1.2.1-1
- Update to 1.2.1
- Fixes CVE-2013-2233
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #980821 - CVE-2013-2233 ansible: Does not cache SSH host keys (preventing possibility of server's host key to be checked against system host keys)
https://bugzilla.redhat.com/show_bug.cgi?id=980821
--------------------------------------------------------------------------------
================================================================================
drupal7-admin_language-1.0-0.2.dev.20130226.el6 (FEDORA-EPEL-2013-10765)
Displays administration pages in preferred language
--------------------------------------------------------------------------------
Update Information:
This module lets the administrator see all administration pages in her
preferred language.
You can use this to display the front-end of the site in one language and still
keep most of the back-end in English (or another language of your choice).
You can use the standard Languages page to choose the language of the admin
pages.
This package provides the following Drupal module:
* admin_language
--------------------------------------------------------------------------------
================================================================================
drupal7-crumbs-1.9-2.el6 (FEDORA-EPEL-2013-10753)
The ultimate breadcrumbs module
--------------------------------------------------------------------------------
Update Information:
Crumbs is a powerful breadcrumb-building machine, generating high-quality
breadcrumbs for most every page on your site, with minimal configuration.
The Crumbs engine takes advantage of the hierarchical nature inherent to
breadcrumbs: It calculates the parent of the current page, the parent of
the parent, etc, until it has the complete breadcrumb trail.
Crumbs uses plugins with fine-grained user-defined priorities, for each
step in this process. Plugins for most of your favorite modules are already
built-in, and you can add more.
A lot of stuff that would require laborious configuration with other
breadcrumb-building modules, does work out of the box with Crumbs. And if it
doesn't, there are powerful and ways to configure, customize and extend.
Where in other breadcrumb-customizing modules you need to define complete
breadcrumbs for various pages and their all their children, in Crumbs you
mostly just say "A is the parent of B", and it can solve all the rest of
the puzzle by itself.
This package provides the following Drupal module:
* crumbs
--------------------------------------------------------------------------------
================================================================================
drupal7-ds-2.4-1.el6 (FEDORA-EPEL-2013-10761)
Extend the display options for every entity type
--------------------------------------------------------------------------------
Update Information:
Display Suite allows you to take full control over how your content is displayed
using a drag and drop interface. Arrange your nodes, views, comments, user data
etc. the way you want without having to work your way through dozens of template
files. A predefined list of layouts (D7 only) is available for even more drag
and drop fun!
By defining custom view modes (build modes in D6), you can define how one piece
of content should be displayed in different places such as teaser lists, search
results, the full node, views etc.
Watch a screen-cast (http://drupal.org/node/644706) to see it all in action!
This package provides the following Drupal modules:
* ds
* ds_ui
* ds_devel (NOTE: Requires install of the devel module)
* ds_format
* ds_extras
* ds_search
* ds_forms
--------------------------------------------------------------------------------
================================================================================
drupal7-l10n_server-1.0-0.2.dev.20130220.el6 (FEDORA-EPEL-2013-10759)
Localization server
--------------------------------------------------------------------------------
Update Information:
The localization server is a set of Drupal modules powering
http://localize.drupal.org/, https://translate.openatrium.com/,
http://localize.openpublishapp.com/ and even the non-Drupal based
http://translate.musescore.org/ among other translation communities.
It provides a generic translation database back-end with a community
localization user interface, which allows people to collaborate on
translating projects to different languages. It currently contains
tools to translate Drupal projects as well as general Gettext based
sources.
This package provides the following Drupal modules:
* l10n_community
* l10n_groups (NOTE: Requires install of the og module)
* l10n_remote
* l10n_packager
* l10n_server
* l10n_drupal
* l10n_gettext
--------------------------------------------------------------------------------
================================================================================
drupal7-lang_dropdown-1.5-2.el6 (FEDORA-EPEL-2013-10764)
Provides a dropdown select to switch between available languages
--------------------------------------------------------------------------------
Update Information:
Language Switcher Dropdown is a very simple module that exposes a new block,
similar to the default Language Switcher block provided by Locale module.
The new block allows site visitors to switch languages using a drop-down
select list instead of using hyperlinks.
The module also integrates well with Language Icons
(http://drupal.org/project/languageicons) module if installed.
This package provides the following Drupal module:
* lang_dropdown
--------------------------------------------------------------------------------
================================================================================
drupal7-path_breadcrumbs-3.0-0.3.beta3.el6 (FEDORA-EPEL-2013-10755)
Allows creation of custom breadcrumbs for any page using contexts
--------------------------------------------------------------------------------
Update Information:
Updated to 3.0-beta3
Release notes: https://drupal.org/node/2022711
Path breadcrumbs module helps you to create breadcrumbs for any page with any
selection rules and load any entity from the URL.
Features
* Breadcrumbs navigation may be added to any kind of page: static
(example: node/1) or dynamic (example: node/NID).
* You can load contexts from URL and use it like tokens for breadcrumb path or
title.
* You can use selection rules for every breadcrumbs navigation.
* Supports ALL tokens from Entity tokens module (part of Entity module).
* You can import/export breadcrumbs (supports single operations, Features and
Ctools bulk export).
* Breadcrumbs can be cloned to save you time while building navigation.
* Module provides rich snippets support for breadcrumbs (RDFa and Microdata).
* Module provides first/last/odd/even classes to every breadcrumb link.
* You can change breadcrumbs delimiter.
* Breadcrumbs could be hidden if they contain only one element.
* You can disable breadcrumbs and enable them later.
* All breadcrumb titles are translatable.
* Usable interface.
This package provides the following Drupal modules:
* path_breadcrumbs
* path_breadcrumbs_ui
* path_breadcrumbs_i18n (Requires manual install of the i18n module)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #981354 - drupal7-path_breadcrumbs-3.0-beta3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=981354
--------------------------------------------------------------------------------
================================================================================
drupal7-tmgmt-1.0-0.2.alpha3.el6 (FEDORA-EPEL-2013-10747)
Translation Management Tool
--------------------------------------------------------------------------------
Update Information:
The Translation Management Tool (TMGMT) module provides a tool set for
translating content from different sources. The translation can be done
by people or translation services of all kinds. It builds on and uses
existing language tools and data structures in Drupal and can be used
in automated workflow scenarios.
This module does not make i18n or any other language module for Drupal
obsolete. It does only facilitate the translation process.
The second alpha has been released, huge improvements have been made
(see the release notes for details) and there's even more work to do.
Please test the new version and report any bugs that you can find.
Important: The external translator plugins (Microsoft, MyGengo, Nativy,
Supertext) have been moved to separate projects. When any of these plugins,
make sure to download them as well and then run update.php when updating.
This package provides the following Drupal modules:
* tmgmt
* tmgmt_local
* tmgmt_skills
* tmgmt_file
* tmgmt_entity
* tmgmt_entity_ui
* tmgmt_node
* tmgmt_node_ui
* tmgmt_field
* tmgmt_i18n_string
* tmgmt_ui
--------------------------------------------------------------------------------
================================================================================
gallery3-3.0.9-1.el6 (FEDORA-EPEL-2013-10756)
Customizable photo gallery web site
--------------------------------------------------------------------------------
Update Information:
Fixes for CVE-2013-2240, CVE-2013-2241.
A security flaw was found in the way flowplayer SWF file handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to this file (certain URL fragments were not stripped properly when these files were called via direct URL request(s)). A remote attacker could use this flaw to conduct replay attacks.
Multiple information exposure flaws were found in the way data rest core module of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, used to previously restrict access to certain items of the photo album. A remote attacker, valid Gallery 3 user, could use this flaw to possibly obtain sensitive information (file, resize or thumb path of the item in question).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jon Ciesla <limburgher at gmail.com> - 3.0.9-1
- 3.0.9.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #981218 - CVE-2013-2138 gallery3 various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=981218
[ 2 ] Bug #981219 - CVE-2013-2138 gallery3 various flaws [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=981219
--------------------------------------------------------------------------------
================================================================================
nodejs-ain2-1.2.1-5.el6 (FEDORA-EPEL-2013-10760)
A Node.js module for syslog logging (and a continuation of ain)
--------------------------------------------------------------------------------
Update Information:
Rebuild to restrict to compatible architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1.2.1-5
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
nodejs-buffer-crc32-0.2.1-5.el6 (FEDORA-EPEL-2013-10757)
A pure JavaScript CRC32 algorithm that plays nice with binary data
--------------------------------------------------------------------------------
Update Information:
Rebuild to restrict to compatible architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.2.1-5
- restrict to compatible arches
* Wed Jun 19 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 0.2.1-4
- rebuild for missing npm(buffer-crc32) provides on EL6
--------------------------------------------------------------------------------
================================================================================
nodejs-buffer-equal-0.0.0-3.el6 (FEDORA-EPEL-2013-10762)
Returns whether two buffers are equal
--------------------------------------------------------------------------------
Update Information:
Rebuild to restrict to compatible architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.0.0-3
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
nodejs-bunker-0.1.2-3.el6 (FEDORA-EPEL-2013-10752)
Code coverage in native JavaScript
--------------------------------------------------------------------------------
Update Information:
Rebuild to restrict to compatible architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.1.2-3
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
nodejs-burrito-0.2.12-6.el6 (FEDORA-EPEL-2013-10748)
Wrap up expressions with a trace function while walking the AST
--------------------------------------------------------------------------------
Update Information:
Rebuild to restrict to compatible architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.2.12-6
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
nodejs-bytes-0.2.1-3.el6 (FEDORA-EPEL-2013-10751)
Byte size string parser/serializer for Node.js
--------------------------------------------------------------------------------
Update Information:
Rebuild to restrict to compatible architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.2.1-3
- restrict to compatible arches
* Wed Jun 19 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 0.2.1-2
- rebuild for missing npm(bytes) provides
--------------------------------------------------------------------------------
================================================================================
nodejs-charm-0.1.2-2.el6 (FEDORA-EPEL-2013-10758)
ANSI control sequences for terminal cursor hopping and colors
--------------------------------------------------------------------------------
Update Information:
Rebuild to restrict to compatible architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.1.2-2
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
nodejs-cli-0.4.4.2-4.el6 (FEDORA-EPEL-2013-10766)
Node.js module for rapidly building command line apps
--------------------------------------------------------------------------------
Update Information:
Rebuild to restrict to compatible architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.4.4.2-4
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
nodejs-collections-0.1.21-1.el6 (FEDORA-EPEL-2013-10763)
Data structures with idiomatic JavaScript collection interfaces
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 0.1.21, which is a minor bug fix release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.1.21-1
- update to upstream release 0.2.21
* Fri Jul 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.1.20-3
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
nodejs-less-1.4.1-1.el6 (FEDORA-EPEL-2013-10749)
Less.js The dynamic stylesheet language
--------------------------------------------------------------------------------
Update Information:
- New upstream release 1.4.1
- https://github.com/less/less.js/blob/v1.4.1/CHANGELOG.md
- Fix syncImports and yui-compress option, as they were being ignored
- Fixed several global variable leaks
- Handle getting null or undefined passed as the options object
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Stephen Gallagher <sgallagh at redhat.com> - 1.4.1-1
- New upstream release 1.4.1
- https://github.com/less/less.js/blob/v1.4.1/CHANGELOG.md
- Fix syncImports and yui-compress option, as they were being ignored
- Fixed several global variable leaks
- Handle getting null or undefined passed as the options object
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #981590 - nodejs-less-1.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=981590
--------------------------------------------------------------------------------
================================================================================
php-Raven-0.6.1-1.el6 (FEDORA-EPEL-2013-10746)
A PHP client for Sentry
--------------------------------------------------------------------------------
Update Information:
Updated to 0.6.1
0.6.0 to 0.6.1: https://github.com/getsentry/raven-php/compare/0.6.0...0.6.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Shawn Iwinski <shawn.iwinski at gmail.com> 0.6.1-1
- Updated to 0.6.1 (BZ #981406)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #981406 - php-Raven-0.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=981406
--------------------------------------------------------------------------------
================================================================================
zeroinstall-injector-2.3-1.el6 (FEDORA-EPEL-2013-10750)
The Zero Install Injector (0launch)
--------------------------------------------------------------------------------
Update Information:
Enhancements:
- upstream now ships an experimental OCaml front-end, this is not yet enabled
- Add fish-shell command completion
- Allow relative files in <archive> and <file> for local feeds. This makes it easy to test feeds before passing them to 0repo.
Bug fixes:
- Better handling of default="" in <environment> bindings. This now specifies that the default should be "", overriding any system default.
- Fixed --refresh with "download" and "run" for apps.
- Updated ssl_match_hostname based on latest bug-fixes. This fix is intended to fix a denial-of-service attack, which doesn't really matter to 0install, but we might as well have the latest version. CVE-2013-2099
- Better error when the <rename> source does not exist.
- Allow selecting local archives even in offline mode.
- Support the use of the system store with recipes. This is especially important now that we treat all downloads as recipes!
- Removed old zeroinstall-add.desktop file.
Changes for APIs we depend on
- Cope with more PyGObject API changes. Based on patch in
http://twistedmatrix.com/trac/ticket/6369
- Keep gobject and glib separate. Sometimes we need GLib, sometimes we need GObject.
- Updates to avoid PyGIDeprecationWarning.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2013 Michel Salim <salimma at fedoraproject.org> - 2.3-1
- Update to 2.3
* Mon May 6 2013 Michel Salim <salimma at fedoraproject.org> - 2.2-1
- Update to 2.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #958834 - zeroinstall-injector-2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=958834
[ 2 ] Bug #966273 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=966273
[ 3 ] Bug #966274 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=966274
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list