EPEL Fedora 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Sep 12 17:35:57 UTC 2013
The following Fedora EPEL 6 Security updates need testing:
Age URL
508 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
27 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-3.7.3-1.el6
22 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11393/nagios-3.5.1-1.el6
9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11417/graphite-web-0.9.12-1.el6
7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11445/perl-Crypt-DSA-1.17-10.el6
6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11453/python-pyrad-2.0-3.el6
3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11499/roundcubemail-0.9.4-1.el6
1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11507/tinyproxy-1.8.3-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11525/moodle-2.4.6-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11556/openstack-swift-1.7.4-3.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11550/Django14-1.4.7-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11552/glpi-0.83.9.1-4.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
Django14-1.4.7-1.el6
glpi-0.83.9.1-4.el6
ldapvi-1.7-17.el6
nf3d-0.8-1.el6
openstack-swift-1.7.4-3.el6
openvpn-2.3.2-2.el6
perl-File-KeePass-2.03-3.el6
php-htmLawed-1.1.16-1.el6
qt5-qtgraphicaleffects-5.1.1-1.el6
qt5-qtimageformats-5.1.1-1.el6
qt5-qtsvg-5.1.1-1.el6
qt5-qttools-5.1.1-3.el6
qt5-qtwebkit-5.1.1-1.el6
qt5-qtxmlpatterns-5.1.1-1.el6
qtbrowserplugin-2.4-3.el6
racoon2-20100526a-23.el6
wcd-5.2.4-1.el6
Details about builds:
================================================================================
Django14-1.4.7-1.el6 (FEDORA-EPEL-2013-11550)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
Rebase to 1.4.7, fixes CVE-2013-4315
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 12 2013 Matthias Runge <mrunge at redhat.com> - 1.4.7-1
- update to 1.4.7, fix CVE 2013-4315, fixes rhbz 1007020
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1004969 - CVE-2013-4315 python-django: directory traversal with "ssi" template tag
https://bugzilla.redhat.com/show_bug.cgi?id=1004969
--------------------------------------------------------------------------------
================================================================================
glpi-0.83.9.1-4.el6 (FEDORA-EPEL-2013-11552)
Free IT asset management software
--------------------------------------------------------------------------------
Update Information:
Security improvement: restrict access to installation wizard from local server only.
Remote access need to be explicitly allowed in configuration (/etc/httpd/conf.d/glpi.conf).
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 12 2013 Remi Collet <remi at fedoraproject.org> - 0.83.9.1-4
- restrict access for install to local for security
- drop bundled Flash files files, #1000251
- Add a missing requirement on crontabs to spec file
--------------------------------------------------------------------------------
================================================================================
ldapvi-1.7-17.el6 (FEDORA-EPEL-2013-11546)
An interactive LDAP client
--------------------------------------------------------------------------------
Update Information:
Add fix of double free() crash (#949157), also fix old FSF address
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 11 2013 Matěj Cepl <mcepl at redhat.com> - 1.7-17
- Add fix of double free() crash (#949157)
- Fix old FSF address
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #949157 - [PATCH] fix use-after-free in sasl code
https://bugzilla.redhat.com/show_bug.cgi?id=949157
--------------------------------------------------------------------------------
================================================================================
nf3d-0.8-1.el6 (FEDORA-EPEL-2013-11551)
GANTT-style visualization for netfilter connections and logged packets
--------------------------------------------------------------------------------
Update Information:
New RPM.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967485 - Review Request: nf3d - GANTT-style visualization for Netfilter connections and logged packets
https://bugzilla.redhat.com/show_bug.cgi?id=967485
--------------------------------------------------------------------------------
================================================================================
openstack-swift-1.7.4-3.el6 (FEDORA-EPEL-2013-11556)
OpenStack Object Storage (swift)
--------------------------------------------------------------------------------
Update Information:
This update fixes the possibility to fill up a Swift fluster with invalid tombstone files by attacking with DELETE requests with a special timestamp.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 11 2013 Pete Zaitcev <zaitcev at redhat.com> - 1.7.4-3
- CVE-2013-4155 "Fix handling of DELETE obj reqs with old timestamp"
* Wed Jan 23 2013 Martin Magr <mmagr at redhat.com> - 1.7.4-2.3
- Added python-keystone requirement
* Fri Jan 18 2013 Pete Zaitcev <zaitcev at redhat.com> 1.7.4-2.3
- Relocate object-expirer to proxy subpackage
- cleanups from Smokestack spec (Dan Prince)
* Thu Jan 17 2013 Alan Pevec <apevec at redhat.com> 1.7.4-2.2
- adjust openstack-swift-functions for new init scripts
* Wed Jan 9 2013 Pete Zaitcev <zaitcev at redhat.com> - 1.7.4-2.1
- Add missing Upstart jobs and init scripts for daemons, bz#885530
- Drop duplicated /var/run directories from the spec
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #994666 - CVE-2013-4155 openstack-swift: OpenStack: Swift Denial of Service using superfluous object tombstones [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=994666
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.2-2.el6 (FEDORA-EPEL-2013-11538)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Enable --enable-x509-alt-username.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 12 2013 Jon Ciesla <limburgher at gmail.com> 2.3.2-2
- Enable --enable-x509-alt-username, BZ 1007184.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1007184 - Request to enable the "--enable-x509-alt-username" compile-time option
https://bugzilla.redhat.com/show_bug.cgi?id=1007184
--------------------------------------------------------------------------------
================================================================================
perl-File-KeePass-2.03-3.el6 (FEDORA-EPEL-2013-11540)
Interface to KeePass V1 and V2 database files
--------------------------------------------------------------------------------
Update Information:
Interface to KeePass V1 and V2 database files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1002321 - Review Request: perl-File-KeePass - Interface to KeePass V1 and V2 database files
https://bugzilla.redhat.com/show_bug.cgi?id=1002321
--------------------------------------------------------------------------------
================================================================================
php-htmLawed-1.1.16-1.el6 (FEDORA-EPEL-2013-11543)
PHP code to purify and filter HTML
--------------------------------------------------------------------------------
Update Information:
htmLawed 1.1.16, 29 August 2013:
- fix for a potential security vulnerability arising from specialy encoded space characters in URL schemes/protocols
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 12 2013 Remi Collet <remi at fedoraproject.org> - 1.1.16-1
- update to 1.1.16, fix for a potential security vulnerability
arising from specialy encoded space characters in URL schemes/protocols
--------------------------------------------------------------------------------
================================================================================
qt5-qtgraphicaleffects-5.1.1-1.el6 (FEDORA-EPEL-2013-11553)
Qt5 - QtGraphicalEffects component
--------------------------------------------------------------------------------
Update Information:
The Qt Graphical Effects module provides a set of QML types for adding visually impressive and configurable effects to user interfaces.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #915913 - Review Request: qt5-qtgraphicaleffects - Qt5 - QtGraphicalEffects component
https://bugzilla.redhat.com/show_bug.cgi?id=915913
--------------------------------------------------------------------------------
================================================================================
qt5-qtimageformats-5.1.1-1.el6 (FEDORA-EPEL-2013-11554)
Qt5 - QtImageFormats component
--------------------------------------------------------------------------------
Update Information:
The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA, TIFF, WBMP.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #915916 - Review Request: qt5-qtimageformats - Qt5 - QtImageFormats component
https://bugzilla.redhat.com/show_bug.cgi?id=915916
--------------------------------------------------------------------------------
================================================================================
qt5-qtsvg-5.1.1-1.el6 (FEDORA-EPEL-2013-11547)
Qt5 - Support for rendering and displaying SVG
--------------------------------------------------------------------------------
Update Information:
Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #915920 - Review Request: qt5-qtsvg - Qt5 - QtSvg component
https://bugzilla.redhat.com/show_bug.cgi?id=915920
--------------------------------------------------------------------------------
================================================================================
qt5-qttools-5.1.1-3.el6 (FEDORA-EPEL-2013-11531)
Qt5 - QtTool components
--------------------------------------------------------------------------------
Update Information:
QtWebKit, and Tools modules portion of Qt 5.1.1 release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1006254 - wrong path to lrelease
https://bugzilla.redhat.com/show_bug.cgi?id=1006254
--------------------------------------------------------------------------------
================================================================================
qt5-qtwebkit-5.1.1-1.el6 (FEDORA-EPEL-2013-11531)
Qt5 - QtWebKit components
--------------------------------------------------------------------------------
Update Information:
QtWebKit, and Tools modules portion of Qt 5.1.1 release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1006254 - wrong path to lrelease
https://bugzilla.redhat.com/show_bug.cgi?id=1006254
--------------------------------------------------------------------------------
================================================================================
qt5-qtxmlpatterns-5.1.1-1.el6 (FEDORA-EPEL-2013-11544)
Qt5 - QtXmlPatterns component
--------------------------------------------------------------------------------
Update Information:
The Qt XML Patterns module provides support for XPath, XQuery, XSLT, and XML Schema validation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #915923 - Review Request: qt5-qtxmlpatterns - Qt5 - QtXmlPatterns component
https://bugzilla.redhat.com/show_bug.cgi?id=915923
--------------------------------------------------------------------------------
================================================================================
qtbrowserplugin-2.4-3.el6 (FEDORA-EPEL-2013-11549)
Qt Solutions Component: Browser Plugin
--------------------------------------------------------------------------------
Update Information:
The QtBrowserPlugin solution is useful for implementing plugins
for web browser.
--------------------------------------------------------------------------------
================================================================================
racoon2-20100526a-23.el6 (FEDORA-EPEL-2013-11541)
An implementation of key management system for IPsec
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 12 2013 Pavel Šimerda <psimerda at redhat.com> - 20100526a-23
- prefix init script daemon names with /racoon2-/ (#1006613, patch by Grant Hammond)
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20100526a-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar at redhat.com> - 20100526a-21
- Perl 5.18 rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20100526a-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jan 17 2013 Pavel Šimerda <psimerda at redhat.com> - 20100526a-19
- Fix racoon2 script to call prefixed binaries
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20100526a-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1006613 - init script has incorrect daemon names
https://bugzilla.redhat.com/show_bug.cgi?id=1006613
--------------------------------------------------------------------------------
================================================================================
wcd-5.2.4-1.el6 (FEDORA-EPEL-2013-11539)
Chdir for DOS and Unix
--------------------------------------------------------------------------------
Update Information:
New upstream version 5.2.4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 11 2013 Erwin Waterlander <waterlan at xs4all.nl> - 5.2.4-1
- New upstream version 5.2.4.
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list