[EPEL-devel] Fedora EPEL 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Aug 5 05:35:48 UTC 2015
The following Fedora EPEL 6 Security updates need testing:
Age URL
265 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1
56 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1501/strongswan-5.3.2-1.el6
45 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6828/chicken-4.9.0.1-4.el6
27 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7031/python-virtualenv-12.0.7-1.el6
22 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7116/nx-libs-3.5.0.32-1.el6
21 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7168/rubygem-crack-0.3.2-2.el6
12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7304/uwsgi-2.0.11.1-1.el6
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7362/drupal6-cck-2.10-1.el6
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7347/lighttpd-1.4.36-1.el6
2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7497/lxc-1.0.7-2.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7353/wordpress-4.2.4-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
globus-gass-cache-9.7-1.el6
globus-gram-job-manager-14.27-1.el6
globus-proxy-utils-6.13-1.el6
globus-simple-ca-4.22-1.el6
golang-github-armon-go-radix-0-0.2.git0bab926.el6
hitch-1.0.0-0.4.2.beta4.el6
openvpn-2.3.8-1.el6
ripright-0.9-3.el6
wordpress-4.2.4-1.el6
Details about builds:
================================================================================
globus-gass-cache-9.7-1.el6 (FEDORA-EPEL-2015-7509)
Globus Toolkit - Globus Gass Cache
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 9.7-1
- GT6 update: GT-618: GASS Cache error mishandling causes crash
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 9.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-14.27-1.el6 (FEDORA-EPEL-2015-7509)
Globus Toolkit - GRAM Jobmanager
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 14.27-1
- GT6 update: GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
================================================================================
globus-proxy-utils-6.13-1.el6 (FEDORA-EPEL-2015-7509)
Globus Toolkit - Globus GSI Proxy Utility Programs
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.13-1
- GT6 update: Add explicit name comparison mode selection option
--------------------------------------------------------------------------------
================================================================================
globus-simple-ca-4.22-1.el6 (FEDORA-EPEL-2015-7509)
Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.22-1
- GT6 update: Use 4096-bit RSA key for globus-simple-ca
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
golang-github-armon-go-radix-0-0.2.git0bab926.el6 (FEDORA-EPEL-2015-7501)
Golang implementation of Radix trees
--------------------------------------------------------------------------------
Update Information:
Update of spec file to spec-2.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 30 2015 Fridolin Pokorny <fpokorny at redhat.com> - 0-0.2.git0bab926
- Update of spec file to spec-2.0
resolves: #1248654
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248654 - Tracker for golang-github-armon-go-radix
https://bugzilla.redhat.com/show_bug.cgi?id=1248654
--------------------------------------------------------------------------------
================================================================================
hitch-1.0.0-0.4.2.beta4.el6 (FEDORA-EPEL-2015-7511)
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:
New upstream beta release
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1235305 - Review Request: hitch - Network proxy that terminates TLS/SSL connections
https://bugzilla.redhat.com/show_bug.cgi?id=1235305
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.8-1.el6 (FEDORA-EPEL-2015-7518)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Jon Ciesla <limburgher at gmail.com> 2.3.8-1
- 2.3.8
--------------------------------------------------------------------------------
================================================================================
ripright-0.9-3.el6 (FEDORA-EPEL-2015-7517)
A minimal CD ripper
--------------------------------------------------------------------------------
Update Information:
* Rebuild for ImageMagick-6.7.2.7-2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Christopher Meng <rpm at cicku.me> - 0.9-3
- Rebuilt for ImageMagick 6.7.2.7-2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249941 - Needs to be rebuilt for new ImageMagick
https://bugzilla.redhat.com/show_bug.cgi?id=1249941
--------------------------------------------------------------------------------
================================================================================
wordpress-4.2.4-1.el6 (FEDORA-EPEL-2015-7353)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.2.4 Security and Maintenance Release**
WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-SandĂ of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.4 also fixes four bugs. For more information, see:
the release notes or consult the list of changes.
* the release notes: https://codex.wordpress.org/Version_4.2.4
* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396
**WordPress 4.2.3 Security and Maintenance Release**
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:
* the release notes: https://codex.wordpress.org/Version_4.2.3
* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Remi Collet <remi at fedoraproject.org> - 4.2.4-1
- WordPress 4.2.4 Security and Maintenance Release
* Fri Jul 24 2015 Remi Collet <remi at fedoraproject.org> - 4.2.3-1
- WordPress 4.2.3 Security and Maintenance Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246396 - CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in wordpress 4.2.3
https://bugzilla.redhat.com/show_bug.cgi?id=1246396
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list