EPEL Fedora 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Oct 17 18:08:52 UTC 2013
The following Fedora EPEL 6 Security updates need testing:
Age URL
543 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
57 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6
18 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11703/chicken-4.8.0.4-4.el6
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11771/mod_fcgid-2.3.9-1.el6
6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11803/dropbear-2013.59-1.el6
6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11785/phpMyAdmin-3.5.8.2-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11865/quassel-0.9.1-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11817/ReviewBoard-1.7.16-2.el6.1,python-djblets-0.7.21-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11880/GraphicsMagick-1.3.18-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GraphicsMagick-1.3.18-2.el6
R-qtl-1.28.19-1.el6
ReviewBoard-1.7.16-2.el6.1
diskimage-builder-0.0.5-1.el6
dyninst-8.1.2-4.el6
fedfs-utils-0.9.4-1.el6
fedora-review-0.5.0-3.el6
golang-bitbucket-kardianos-osext-0-0.3.hg364fb577de68.el6
golang-bitbucket-kardianos-osext-0-0.4.hg364fb577de68.el6
golang-github-coreos-go-systemd-0-0.2.git68bc612.el6
golang-github-gorilla-context-0-0.19.git708054d.el6
golang-github-kr-pty-0-0.15.git3b1f648.el6
golang-googlecode-goprotobuf-0-0.6.hg61664b8425f3.el6
golang-googlecode-net-0-0.10.hg84a4013f96e0.el6
golang-googlecode-sqlite-0-0.8.hg74691fb6f837.el6
gsoap-2.7.16-4.el6
ipwatchd-1.2.1-3.el6
libodb-2.2.3-1.el6
nagios-plugins-1.4.16-10.el6
nrpe-2.14-5.el6
nx-libs-3.5.0.21-4.el6
pagekite-0.5.6d-1.el6
pss-1.38-1.el6
python-TornadIO2-0.0.4-4.el6
python-amqp-1.3.0-1.el6
python-djblets-0.7.21-1.el6
python-flask-mongoengine-0.7-2.el6
python-oslo-sphinx-1.0-3.el6
quassel-0.9.1-1.el6
tomcat-native-1.1.29-1.el6
voms-api-java-2.0.10-4.el6
wannier90-2.0.0-1.el6
wgrib-1.8.1.2b-1.el6
x2goclient-4.0.1.1-1.el6
x2godesktopsharing-3.1.1.0-4.el6
x2goserver-4.0.1.6-5.el6
Details about builds:
================================================================================
GraphicsMagick-1.3.18-2.el6 (FEDORA-EPEL-2013-11880)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
Update to the latest GraphicsMagick release, includes an important security-related fix for exporting (some) 8-bit images.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 26 2013 Rex Dieter <rdieter at fedoraproject.org> 1.3.18-2
- GraphicsMagick needs to recognize aarch64 as 64bit arch (#978351)
* Mon Mar 11 2013 Rex Dieter <rdieter at fedoraproject.org> - 1.3.18-1
- 1.3.18 (#920064)
- add %rhel conditionals
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 1.3.17-3
- rebuild due to "jpeg8-ABI" feature drop
* Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 1.3.17-2
- rebuild against new libjpeg
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1019085 - graphicsmagick: 8-bit RGBA images export DoS vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1019085
--------------------------------------------------------------------------------
================================================================================
R-qtl-1.28.19-1.el6 (FEDORA-EPEL-2013-11876)
Tools for analyzing QTL experiments
--------------------------------------------------------------------------------
Update Information:
Update to version 1.28.
See http://rqtl.org/STATUS.txt for details.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.28.19-1
- Update to 1.28.19
* Fri Aug 2 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.27.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ReviewBoard-1.7.16-2.el6.1 (FEDORA-EPEL-2013-11817)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible).
These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase.
There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 16 2013 Stephen Gallagher <sgallagh at redhat.com> - 1.7.16-2.1
- Remove setup.py strict requirement on pytz. RHEL provides a patched
version that meets the needs.
* Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk at gmail.com> - 1.7.16-2
- Update Djblets version
* Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk at redhat.com> - 1.7.15-2
- New upstream bugfix release 1.7.16
- Fixes a breakage when accessing the Review Group Users resource
- Fixes pagination in dashboard and similar pages
* Thu Oct 10 2013 Stephen Gallagher <sgallagh at redhat.com> - 1.7.15-1
- New upstream security release 1.7.15
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15/
- Resolves: CVE-2013-4410
- Fixes access-control problems with REST API
- Resolves: CVE-2013-4411
- Fixes URL processing allowing unauthorized users to view review lists
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with REST API
https://bugzilla.redhat.com/show_bug.cgi?id=1016596
[ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows unauthorized users to view review lists
https://bugzilla.redhat.com/show_bug.cgi?id=1016599
[ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1016601
--------------------------------------------------------------------------------
================================================================================
diskimage-builder-0.0.5-1.el6 (FEDORA-EPEL-2013-11877)
Image building tools for OpenStack
--------------------------------------------------------------------------------
Update Information:
Release 0.0.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 9 2013 Jeff Peeler <jpeeler at redhat.com> 0.0.5-1
- rebase to 0.0.5
- drop unnecessary pbr patch since 0.5.21 now in EPEL
--------------------------------------------------------------------------------
================================================================================
dyninst-8.1.2-4.el6 (FEDORA-EPEL-2013-11852)
An API for Run-time Code Generation
--------------------------------------------------------------------------------
Update Information:
Dyninst is an Application Program Interface (API) to permit the insertion of code into a running program. The API also permits changing or removing subroutine calls from the application program. Run-time code changes are useful to support a variety of applications including debugging, performance monitoring, and to support composing applications out of existing packages. The goal of this API is to provide a machine independent interface to permit the creation of tools and applications that use run-time code patching.
--------------------------------------------------------------------------------
================================================================================
fedfs-utils-0.9.4-1.el6 (FEDORA-EPEL-2013-11843)
Utilities for mounting and managing FedFS
--------------------------------------------------------------------------------
Update Information:
Enable more subpackages; update to upstream 0.9.4 to address bugs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2013 Chuck Lever <chuck.lever at oracle.com> - 0.9.4-1
- update to upstream fedfs-utils 0.9.4
- "make install-strip" works now, so use it
- add -admin subpackage so single-use administrative tools are available
- add -nsdbparams subpackage because -admin requires it (and so will -server)
- add -devel subpackage so el6 mountd can be built with junction support
--------------------------------------------------------------------------------
================================================================================
fedora-review-0.5.0-3.el6 (FEDORA-EPEL-2013-11853)
Review tool for fedora rpm packages
--------------------------------------------------------------------------------
Update Information:
Update dependency on licensecheck script and fix phpci plugin dependency
Update dependency on licensecheck script and fix phpci plugin dependency
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 0.5.0-3
- Really use phpcompatinfo instead of phpci
* Mon Oct 14 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 0.5.0-2
- Fix requires for licensecheck (#1016309)
- Remove separate php plugin subpackage (#971875)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016309 - Add dependency on %{_bindir}/licensecheck
https://bugzilla.redhat.com/show_bug.cgi?id=1016309
[ 2 ] Bug #971875 - phpci command renamed to phpcompatinfo
https://bugzilla.redhat.com/show_bug.cgi?id=971875
--------------------------------------------------------------------------------
================================================================================
golang-bitbucket-kardianos-osext-0-0.3.hg364fb577de68.el6 (FEDORA-EPEL-2013-11841)
Extensions to the standard Go OS package
--------------------------------------------------------------------------------
Update Information:
Initial upload.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018501 - Review Request: golang-bitbucket-kardianos-osext - Extensions to the standard Go OS package
https://bugzilla.redhat.com/show_bug.cgi?id=1018501
--------------------------------------------------------------------------------
================================================================================
golang-bitbucket-kardianos-osext-0-0.4.hg364fb577de68.el6 (FEDORA-EPEL-2013-11866)
Extensions to the standard Go OS package
--------------------------------------------------------------------------------
Update Information:
removed double quotes from Provides.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020121 - remove double quotes from provides
https://bugzilla.redhat.com/show_bug.cgi?id=1020121
--------------------------------------------------------------------------------
================================================================================
golang-github-coreos-go-systemd-0-0.2.git68bc612.el6 (FEDORA-EPEL-2013-11858)
Go bindings to systemd socket activation, journal and D-BUS APIs
--------------------------------------------------------------------------------
Update Information:
Initial upload.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018533 - Review Request: golang-github-coreos-go-systemd - Go bindings to systemd socket activation, journal and D-BUS APIs
https://bugzilla.redhat.com/show_bug.cgi?id=1018533
--------------------------------------------------------------------------------
================================================================================
golang-github-gorilla-context-0-0.19.git708054d.el6 (FEDORA-EPEL-2013-11872)
A golang registry for global request variables
--------------------------------------------------------------------------------
Update Information:
removed double quotes from Provides.
noarch for f19+ and rhel7+, exclusivearch otherwise.
no longer noarch, cause no golang for ppc64.
pkg archives no longer installed,dep for gorilla/mux.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020109 - remove double quotes from provides
https://bugzilla.redhat.com/show_bug.cgi?id=1020109
[ 2 ] Bug #1001300 - Review Request: golang-github-gorilla-context - A golang registry for global request variables
https://bugzilla.redhat.com/show_bug.cgi?id=1001300
--------------------------------------------------------------------------------
================================================================================
golang-github-kr-pty-0-0.15.git3b1f648.el6 (FEDORA-EPEL-2013-11860)
PTY interface for Go
--------------------------------------------------------------------------------
Update Information:
removed double quotes from Provides.
noarch for f19+ and rhel7+, exclusivearch otherwise.
no longer noarch, cause no golang for ppc64.
Fixes docker first run error.
pkg archives no longer installed,dep for docker.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020118 - remove double quotes from provides
https://bugzilla.redhat.com/show_bug.cgi?id=1020118
[ 2 ] Bug #1001396 - Review Request: golang-github-kr-pty - PTY interface for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1001396
[ 3 ] Bug #1012701 - update for O_NOCTTY fix
https://bugzilla.redhat.com/show_bug.cgi?id=1012701
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-goprotobuf-0-0.6.hg61664b8425f3.el6 (FEDORA-EPEL-2013-11842)
Go support for Google protocol buffers
--------------------------------------------------------------------------------
Update Information:
* Initial build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018057 - Review Request: golang-googlecode-goprotobuf - Go support for Google protocol buffers
https://bugzilla.redhat.com/show_bug.cgi?id=1018057
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-net-0-0.10.hg84a4013f96e0.el6 (FEDORA-EPEL-2013-11854)
Supplementary Go networking libraries
--------------------------------------------------------------------------------
Update Information:
removed double quotes from Provides.
noarch for f19+ and rhel7+, exclusivearch otherwise.
no longer noarch, cause no golang for ppc64.
pkg archives no longer installed,dep for docker.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020119 - remove double quotes from provides
https://bugzilla.redhat.com/show_bug.cgi?id=1020119
[ 2 ] Bug #1009967 - Review Request: golang-googlecode-net - Supplementary Go networking libraries
https://bugzilla.redhat.com/show_bug.cgi?id=1009967
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-sqlite-0-0.8.hg74691fb6f837.el6 (FEDORA-EPEL-2013-11862)
Trivial sqlite3 binding for Go
--------------------------------------------------------------------------------
Update Information:
removed double quotes from Provides.
Initial package upload.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020126 - remove double quotes from provides
https://bugzilla.redhat.com/show_bug.cgi?id=1020126
[ 2 ] Bug #1015857 - Review Request: golang-googlecode-sqlite - Trivial sqlite3 binding for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1015857
--------------------------------------------------------------------------------
================================================================================
gsoap-2.7.16-4.el6 (FEDORA-EPEL-2013-11867)
Generator Tools for Coding SOAP/XML Web Services in C and C++
--------------------------------------------------------------------------------
Update Information:
Pad non-ipv6 struct gsoap to match ipv6 version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 16 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.7.16-4
- Pad non-ipv6 struct gsoap to match ipv6 version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #978872 - stdsoap2.h: struct soap should match exactly with what libgsoap uses
https://bugzilla.redhat.com/show_bug.cgi?id=978872
--------------------------------------------------------------------------------
================================================================================
ipwatchd-1.2.1-3.el6 (FEDORA-EPEL-2013-11844)
IP conflict detection tool
--------------------------------------------------------------------------------
Update Information:
IPwatchD is a simple daemon that analyses all incoming ARP packets in order to detect IP conflicts on Linux. It can be configured to listen on one or more interfaces (alias interfaces are also supported) in active or passive mode. In active mode IPwatchD protects your host before IP takeover by answering Gratuitous ARP requests received from conflicting system. In passive mode it just records information about conflict through standard syslog interface.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #726989 - Review Request: ipwatchd - IP conflict detection tool
https://bugzilla.redhat.com/show_bug.cgi?id=726989
--------------------------------------------------------------------------------
================================================================================
libodb-2.2.3-1.el6 (FEDORA-EPEL-2013-11864)
Common ODB runtime library from Code Synthesis
--------------------------------------------------------------------------------
Update Information:
- Initial build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #975312 - Review Request: libodb - Common ODB runtime library
https://bugzilla.redhat.com/show_bug.cgi?id=975312
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-1.4.16-10.el6 (FEDORA-EPEL-2013-11845)
Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:
- Remove EL4 and EL5 support
- Backport patches to fix check_linux_raid in case of resyncing (rhbz #504721)
- Fix smart attribute comparison (rhbz #913085)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 16 2013 Peter Lemenkov <lemenkov at gmail.com> - 1.4.16-10
- Remove EL4 and EL5 support
- Backport patches to fix check_linux_raid in case of resyncing (rhbz #504721)
- Fix smart attribute comparison (rhbz #913085)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.16-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 21 2013 Petr Pisar <ppisar at redhat.com> - 1.4.16-8
- Perl 5.18 rebuild
* Wed May 22 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.4.16-7
- Build package with PIE flags (#965536)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.16-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #504721 - Check Linux raid Nagios plugin fails to report recovery status of software RAID controller
https://bugzilla.redhat.com/show_bug.cgi?id=504721
[ 2 ] Bug #913085 - check_ide_smart issues errors when value equals threshold
https://bugzilla.redhat.com/show_bug.cgi?id=913085
--------------------------------------------------------------------------------
================================================================================
nrpe-2.14-5.el6 (FEDORA-EPEL-2013-11848)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
- Allow building for aarch64 (rhbz #926244)
- Allow user to redefine default commands (rhbz #963703)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 16 2013 Peter Lemenkov <lemenkov at gmail.com> - 2.14-5
- Allow building for aarch64 (rhbz #926244)
- Allow user to redefine default commands (rhbz #963703)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #926244 - nrpe: Does not support aarch64 in f19 and rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=926244
[ 2 ] Bug #963703 - nrpe.cfg set config values after including user configuration(s)
https://bugzilla.redhat.com/show_bug.cgi?id=963703
--------------------------------------------------------------------------------
================================================================================
nx-libs-3.5.0.21-4.el6 (FEDORA-EPEL-2013-11818)
NX X11 protocol compression libraries
--------------------------------------------------------------------------------
Update Information:
X2Go is a server based computing environment with
- session resuming
- low bandwidth support
- LDAP support
- client side mass storage mounting support
- audio support
- authentication by smartcard and USB stick
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018556 - x2goagent has unsatisfied dependencies: x2goserver
https://bugzilla.redhat.com/show_bug.cgi?id=1018556
--------------------------------------------------------------------------------
================================================================================
pagekite-0.5.6d-1.el6 (FEDORA-EPEL-2013-11873)
Makes localhost servers visible to the world
--------------------------------------------------------------------------------
Update Information:
The fast, reliable localhost tunneling solution
--------------------------------------------------------------------------------
================================================================================
pss-1.38-1.el6 (FEDORA-EPEL-2013-11870)
A power-tool for searching inside source code files
--------------------------------------------------------------------------------
Update Information:
New update of pss tool.
--------------------------------------------------------------------------------
================================================================================
python-TornadIO2-0.0.4-4.el6 (FEDORA-EPEL-2013-11874)
Socket.io server on top of Tornado framework
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #980168 - Review Request: python-TornadIO2 - Socket.io server on top of Tornado framework
https://bugzilla.redhat.com/show_bug.cgi?id=980168
--------------------------------------------------------------------------------
================================================================================
python-amqp-1.3.0-1.el6 (FEDORA-EPEL-2013-11857)
Low-level AMQP client for Python (fork of amqplib)
--------------------------------------------------------------------------------
Update Information:
Introduce python-amqp-1.3.0
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.7.21-1.el6 (FEDORA-EPEL-2013-11817)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible).
These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase.
There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk at gmail.com> - 0.7.21-1
- New upstream bugfix release 0.7.21
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS
- Added a has_list_access_permissions function, which is used to
determine access to a list resource.
* Fri Oct 11 2013 Stephen Gallagher <sgallagh at redhat.com> - 0.7.20-1
- New upstream bugfix release 0.7.20
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.20.NEWS
- Fixed regression with pagination on the datagrid
* Thu Oct 10 2013 Stephen Gallagher <sgallagh at redhat.com> - 0.7.19-1
- New upstream security release 0.7.19
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.19.NEWS
- Resolves: CVE-2013-4409
- Resolves unsanitized eval() vulnerability
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with REST API
https://bugzilla.redhat.com/show_bug.cgi?id=1016596
[ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows unauthorized users to view review lists
https://bugzilla.redhat.com/show_bug.cgi?id=1016599
[ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1016601
--------------------------------------------------------------------------------
================================================================================
python-flask-mongoengine-0.7-2.el6 (FEDORA-EPEL-2013-11875)
Flask extension that provides integration with MongoEngine
--------------------------------------------------------------------------------
Update Information:
Flask support for MongoDB
--------------------------------------------------------------------------------
================================================================================
python-oslo-sphinx-1.0-3.el6 (FEDORA-EPEL-2013-11861)
OpenStack Sphinx Extensions
--------------------------------------------------------------------------------
Update Information:
- New savanna build dependency
--------------------------------------------------------------------------------
================================================================================
quassel-0.9.1-1.el6 (FEDORA-EPEL-2013-11865)
A modern distributed IRC system
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2013-4422 - Postgresql, possible SQL injection vulnerability
New package for EPEL - quassel IRC
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1017437 - CVE-2013-4422 quassel: potential SQL injection flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1017437
--------------------------------------------------------------------------------
================================================================================
tomcat-native-1.1.29-1.el6 (FEDORA-EPEL-2013-11851)
Tomcat native library
--------------------------------------------------------------------------------
Update Information:
Update to version 1.1.29.
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2013 Ville Skyttä <ville.skytta at iki.fi> - 1.1.29-1
- Update to 1.1.29.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1019169 - tomcat-native-1.1.29 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1019169
--------------------------------------------------------------------------------
================================================================================
voms-api-java-2.0.10-4.el6 (FEDORA-EPEL-2013-11869)
Virtual Organization Membership Service Java API
--------------------------------------------------------------------------------
Update Information:
Disable tests that fail due to expired CRL in sources.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 14 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.0.10-4
- Disable CRL tests (the CRL in the sources has expired)
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
wannier90-2.0.0-1.el6 (FEDORA-EPEL-2013-11868)
Maximally-localised Wannier functions
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.0. See changelog at http://www.wannier.org/doc/CHANGE.log
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2013 Susi Lehtola <jussilehtola at fedoraproject.org> - 2.0.0-1
- Update to 2.0.0.
* Mon Sep 23 2013 Susi Lehtola <jussilehtola at fedoraproject.org> - 1.2-9
- Rebuild against new ATLAS.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Mar 6 2013 Susi Lehtola <jussilehtola at fedoraproject.org> - 1.2-7
- Fix FTBFS in rawhide.
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1019173 - wannier90-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1019173
--------------------------------------------------------------------------------
================================================================================
wgrib-1.8.1.2b-1.el6 (FEDORA-EPEL-2013-11863)
Manipulate, inventory and decode GRIB files
--------------------------------------------------------------------------------
Update Information:
- added JMA table 200 for JRA-55
- added fflush(dump_file) and fflush(stdout), enhancement for potential apps
- changes from Jeffery S Smith for Albers equal area projection
- seekgrib: scan entire file for grib data because ECMWF files have grib1+grib2 data
- Paul Schou: fixed #define GDS_Lambert_LonSP(gds) INT3(gds[37],gds[38],gds[39])
- update ncep table 129, 130, 133
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 16 2013 - Orion Poplawski <orion at cora.nwra.com> - 1.8.1.2b-1
- Update to 1.8.1.2b
* Fri Jul 29 2011 - Orion Poplawski <orion at cora.nwra.com> - 1.8.1.2a-1
- Update to 1.8.1.2a
* Thu May 26 2011 - Orion Poplawski <orion at cora.nwra.com> - 1.8.1.0h-1
- Update to 1.8.1.0h
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.1.0d-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Oct 2 2010 - Orion Poplawski <orion at cora.nwra.com> - 1.8.1.0d-1
- Update to 1.8.1.0d
--------------------------------------------------------------------------------
================================================================================
x2goclient-4.0.1.1-1.el6 (FEDORA-EPEL-2013-11818)
Graphical client for use with the X2Go network based computing environment
--------------------------------------------------------------------------------
Update Information:
X2Go is a server based computing environment with
- session resuming
- low bandwidth support
- LDAP support
- client side mass storage mounting support
- audio support
- authentication by smartcard and USB stick
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018556 - x2goagent has unsatisfied dependencies: x2goserver
https://bugzilla.redhat.com/show_bug.cgi?id=1018556
--------------------------------------------------------------------------------
================================================================================
x2godesktopsharing-3.1.1.0-4.el6 (FEDORA-EPEL-2013-11818)
Share X2Go desktops with other users
--------------------------------------------------------------------------------
Update Information:
X2Go is a server based computing environment with
- session resuming
- low bandwidth support
- LDAP support
- client side mass storage mounting support
- audio support
- authentication by smartcard and USB stick
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018556 - x2goagent has unsatisfied dependencies: x2goserver
https://bugzilla.redhat.com/show_bug.cgi?id=1018556
--------------------------------------------------------------------------------
================================================================================
x2goserver-4.0.1.6-5.el6 (FEDORA-EPEL-2013-11818)
X2Go server daemon scripts
--------------------------------------------------------------------------------
Update Information:
X2Go is a server based computing environment with
- session resuming
- low bandwidth support
- LDAP support
- client side mass storage mounting support
- audio support
- authentication by smartcard and USB stick
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018556 - x2goagent has unsatisfied dependencies: x2goserver
https://bugzilla.redhat.com/show_bug.cgi?id=1018556
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list