The following Fedora EPEL 6 Security updates need testing:
Age URL
597
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6
409
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
109
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0376/openconnect-4.08-1.el6
67
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0823/openstack-keystone-2012.2.3-5.el6
18
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5853/owncloud-4.5.11-1.el6
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5862/python-backports-ssl_match_hostname-3.2-0.3.a3.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5893/mediawiki119-1.19.7-1.el6
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5919/livecd-tools-13.4.4-2.el6
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5928/transifex-client-0.9-1.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5992/cgit-0.9.2-1.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5994/mod_security-2.7.3-2.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5995/socat-1.7.2.2-1.el6
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6024/rubygem-passenger-3.0.21-1.el6
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6034/heat-jeos-9-1.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6044/nrpe-2.14-3.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6079/gallery3-3.0.8-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ReviewBoard-1.7.9-1.el6
dtc-1.3.0-6.el6
gallery3-3.0.8-1.el6
gperftools-2.0-11.el6.1
gridsite-1.7.25-2.el6
libyubikey-1.10-1.el6
nfacct-1.0.0-1.el6
perl-ZMQ-LibZMQ3-1.12-1.el6.1
python-djblets-0.7.15-1.el6
python-openid-cla-1.0-1.el6
python-subunit-0.0.12-5.el6
tnftp-20130505-4.el6
vmtouch-0.8.0-1.el6
Details about builds:
================================================================================
ReviewBoard-1.7.9-1.el6 (FEDORA-EPEL-2013-6061)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
- New upstream release 1.7.9
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.9/
- API Changes:
* Added new blocks and depends_on fields to the Review Request resource
- Bug Fixes:
* Fixed the max_length of the new HostingServiceAccount.hosting_url field
* Fixed the documentation for the cgit configuration for Git
* Fixed the cgit URL for Fedora Hosted
- New upstream release 1.7.8.1
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8.1/
- Bug Fixes:
* Fixed a regression with saving repositories that don't use hosting
services
- Misc. Changes:
* Compatibility changes for the upcoming PDF review plugin
- New upstream release 1.7.8
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8/
- New Features:
* Added Depends On and Blocks fields to review requests
* Added an improved support page
* Added the ability to set where Get Support takes users
* Added improved logging for many operations
- Performance Improvements:
* Reduced the upload time for many new diffs
* The templates used for rendering the various pages are now cached after
the first render, speeding up the rendering for any future renders. We've
seen speedups of ~100-120ms for review request pages
- Usability Improvements:
* The review request actions are now larger, making them more visible and
easier to hit, particularly on touch screens
* Clicking Fixed, Drop or Re-open now keeps the page in the same scroll
position
* The dashboard now reloads dynamically, without reloading the entire page
* The comment dialog now tells you when you can't make a comment (due to
being logged out or reviewing something that's part of a draft
- API Changes
* Fixed deleting pending replies to comments
* Fixed some issues returning certain lists of data
- Extensibility Improvements:
* Extensions can now customize their metadata directly in the Extension
class
* TemplateHooks can now render their own content by overriding
render_to_string()
* NavigationBarHook can now take a url_name parameter specifying the URL
name to link to
* Review UIs can now specify the link and link text for any comments on a
review by overriding get_comment_link_url() and get_comment_link_text()
* Custom hosting services can now be registered/unregistered by extensions
by using register_hosting_service() and unregister_hosting_service()
(from reviewboard.hostingsvcs.service)
* Added the ability to more easily write hosting services support that
works for self-installable services
- Bug Fixes:
* Added missing repository validation for Mercurial repositories
* Fixed replying to comments on file attachments that have since been
removed
* Fixed the display of the upload dialogs when viewing a file attachment
* Comments on file attachments in e-mails now link to the correct review UI
handling the file
* Worked around rare issues where a reset of the Open An Issue default for
a user would cause pages to break
- Misc Changes:
* E-mails now show the user’s full name instead of just their first name
* The New Review Request page now mentions RBTools instead of just
post-review
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 3 2013 Stephen Gallagher <sgall...@redhat.com> - 1.7.9-1
- New upstream release 1.7.9
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.9/
- API Changes:
* Added new blocks and depends_on fields to the Review Request resource
- Bug Fixes:
* Fixed the max_length of the new HostingServiceAccount.hosting_url field
* Fixed the documentation for the cgit configuration for Git
* Fixed the cgit URL for Fedora Hosted
* Mon Jun 3 2013 Stephen Gallagher <sgall...@redhat.com> - 1.7.8.1-1
- New upstream release 1.7.8.1
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8.1/
- Bug Fixes:
* Fixed a regression with saving repositories that don't use hosting
services
- Misc. Changes:
* Compatibility changes for the upcoming PDF review plugin
- New upstream release 1.7.8
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8/
- New Features:
* Added Depends On and Blocks fields to review requests
* Added an improved support page
* Added the ability to set where Get Support takes users
* Added improved logging for many operations
- Performance Improvements:
* Reduced the upload time for many new diffs
* The templates used for rendering the various pages are now cached after
the first render, speeding up the rendering for any future renders. We've
seen speedups of ~100-120ms for review request pages
- Usability Improvements:
* The review request actions are now larger, making them more visible and
easier to hit, particularly on touch screens
* Clicking Fixed, Drop or Re-open now keeps the page in the same scroll
position
* The dashboard now reloads dynamically, without reloading the entire page
* The comment dialog now tells you when you can't make a comment (due to
being logged out or reviewing something that's part of a draft
- API Changes
* Fixed deleting pending replies to comments
* Fixed some issues returning certain lists of data
- Extensibility Improvements:
* Extensions can now customize their metadata directly in the Extension
class
* TemplateHooks can now render their own content by overriding
render_to_string()
* NavigationBarHook can now take a url_name parameter specifying the URL
name to link to
* Review UIs can now specify the link and link text for any comments on a
review by overriding get_comment_link_url() and get_comment_link_text()
* Custom hosting services can now be registered/unregistered by extensions
by using register_hosting_service() and unregister_hosting_service()
(from reviewboard.hostingsvcs.service)
* Added the ability to more easily write hosting services support that
works for self-installable services
- Bug Fixes:
* Added missing repository validation for Mercurial repositories
* Fixed replying to comments on file attachments that have since been
removed
* Fixed the display of the upload dialogs when viewing a file attachment
* Comments on file attachments in e-mails now link to the correct review UI
handling the file
* Worked around rare issues where a reset of the Open An Issue default for
a user would cause pages to break
- Misc Changes:
* E-mails now show the user’s full name instead of just their first name
* The New Review Request page now mentions RBTools instead of just
post-review
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #970113 - ReviewBoard-1.7.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=970113
--------------------------------------------------------------------------------
================================================================================
dtc-1.3.0-6.el6 (FEDORA-EPEL-2013-6084)
Device Tree Compiler
--------------------------------------------------------------------------------
Update Information:
This update installs the libfdt_env.h correctly from the libfdt-devel package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 4 2013 Paolo Bonzini <pbonz...@redhat.com> - 1.3.0-6
- Install libfdt_env.h too (rhbz 969955)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #969955 - Fedora doesn't install libfdt_env.h
https://bugzilla.redhat.com/show_bug.cgi?id=969955
--------------------------------------------------------------------------------
================================================================================
gallery3-3.0.8-1.el6 (FEDORA-EPEL-2013-6079)
Customizable photo gallery web site
--------------------------------------------------------------------------------
Update Information:
A security flaw was found in the way uploadify and flowplayer SWF files
handling functionality of Gallery version 3, an open source project with the
goal to develop and support leading photo sharing web application solutions,
processed certain URL fragments passed to these files (certain URL fragments
were not stripped properly when these files were called via direct URL
request(s)). A remote attacker could use this flaw to conduct replay attacks.
References:
[1] http://sourceforge.net/mailarchive/message.php?msg_id=30925931
[2] http://galleryproject.org/gallery_3_0_8
Relevant upstream tickets (and patches):
* uploadify case:
[3] http://sourceforge.net/apps/trac/gallery/ticket/2068
[4]
https://github.com/gallery/gallery3/commit/80bb0f2222dd99ed2ce59e804b833bab63cc376a
* flowplayer case:
[5] http://sourceforge.net/apps/trac/gallery/ticket/2070
[6]
https://github.com/gallery/gallery3/commit/3e5bba2cd4febe8331c0158c11ea418f21c72efa
[7]
https://github.com/gallery/gallery3/commit/12e51694fdc39c752cc439424cf309866f9f914a
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 4 2013 Jon Ciesla <limburg...@gmail.com> - 3.0.8-1
- 3.0.8.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #970598 - gallery3: Improper stripping of URL fragments in
uploadify and flowplayer SWF files might lead to replay attacks [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=970598
[ 2 ] Bug #970599 - gallery3: Improper stripping of URL fragments in
uploadify and flowplayer SWF files might lead to replay attacks [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=970599
--------------------------------------------------------------------------------
================================================================================
gperftools-2.0-11.el6.1 (FEDORA-EPEL-2013-6087)
Very fast malloc and performance analysis tools
--------------------------------------------------------------------------------
Update Information:
Pull in new code updates for ARM fixes, make gperftools metapackage.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 4 2013 Tom Callaway <s...@fedoraproject.org> - 2.0-11.1
- pass -fno-strict-aliasing
- create "gperftools" metapackage.
- update to svn r218 (cleanups, some ARM fixes)
* Thu Mar 14 2013 Dan Horák <dan[at]danny.cz> - 2.0-10
- build on ppc64 as well
* Fri Mar 1 2013 Tom Callaway <s...@fedoraproject.org> - 2.0-9
- update to svn r190 (because google can't make releases)
* Thu Feb 14 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 2.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Aug 3 2012 Tom Callaway <s...@fedoraproject.org> - 2.0-7
- fix compile with glibc 2.16
* Thu Jul 19 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 2.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Feb 20 2012 Peter Robinson <pbrobin...@fedoraproject.org> - 2.0-5
- Enable ARM as a supported arch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #965585 - New gperftools packaging scheme is too complicated
https://bugzilla.redhat.com/show_bug.cgi?id=965585
--------------------------------------------------------------------------------
================================================================================
gridsite-1.7.25-2.el6 (FEDORA-EPEL-2013-6073)
Grid Security for the Web, Web platforms for Grids
--------------------------------------------------------------------------------
Update Information:
Update to Upstream version 1.7.25, Fix a potential segfault bug on httpd >=24
servers.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 4 2013 Adrien Devresse <adevress at cern.ch> - 1.7.25-2
- Upstream to 1.7.25
- Fix httpd 24 patch, remove a risk of segfault on >=EL6
* Sat Jan 26 2013 Kevin Fenzi <ke...@scrye.com> 1.7.21-4
- Rebuild for new gsoap
--------------------------------------------------------------------------------
================================================================================
libyubikey-1.10-1.el6 (FEDORA-EPEL-2013-6082)
C library for decrypting and parsing Yubikey One-time passwords
--------------------------------------------------------------------------------
Update Information:
New upstream release 1.10; enables build warnings
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 13 2013 - Maxim Burgerhout <wz...@fedoraproject.org> - 1.10-1
- New upstream release 1.10; enables build warnings
--------------------------------------------------------------------------------
================================================================================
nfacct-1.0.0-1.el6 (FEDORA-EPEL-2013-6081)
Command line tool to create/retrieve/delete accounting objects
--------------------------------------------------------------------------------
Update Information:
Command line tool to create/retrieve/delete accounting objects
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #852185 - Review Request: nfacct - Command line tool to
create/retrieve/delete accounting objects
https://bugzilla.redhat.com/show_bug.cgi?id=852185
--------------------------------------------------------------------------------
================================================================================
perl-ZMQ-LibZMQ3-1.12-1.el6.1 (FEDORA-EPEL-2013-6074)
Perl wrapper for the libzmq 3.x library
--------------------------------------------------------------------------------
Update Information:
First EPEL6 build
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.7.15-1.el6 (FEDORA-EPEL-2013-6061)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
- New upstream release 1.7.9
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.9/
- API Changes:
* Added new blocks and depends_on fields to the Review Request resource
- Bug Fixes:
* Fixed the max_length of the new HostingServiceAccount.hosting_url field
* Fixed the documentation for the cgit configuration for Git
* Fixed the cgit URL for Fedora Hosted
- New upstream release 1.7.8.1
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8.1/
- Bug Fixes:
* Fixed a regression with saving repositories that don't use hosting
services
- Misc. Changes:
* Compatibility changes for the upcoming PDF review plugin
- New upstream release 1.7.8
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8/
- New Features:
* Added Depends On and Blocks fields to review requests
* Added an improved support page
* Added the ability to set where Get Support takes users
* Added improved logging for many operations
- Performance Improvements:
* Reduced the upload time for many new diffs
* The templates used for rendering the various pages are now cached after
the first render, speeding up the rendering for any future renders. We've
seen speedups of ~100-120ms for review request pages
- Usability Improvements:
* The review request actions are now larger, making them more visible and
easier to hit, particularly on touch screens
* Clicking Fixed, Drop or Re-open now keeps the page in the same scroll
position
* The dashboard now reloads dynamically, without reloading the entire page
* The comment dialog now tells you when you can't make a comment (due to
being logged out or reviewing something that's part of a draft
- API Changes
* Fixed deleting pending replies to comments
* Fixed some issues returning certain lists of data
- Extensibility Improvements:
* Extensions can now customize their metadata directly in the Extension
class
* TemplateHooks can now render their own content by overriding
render_to_string()
* NavigationBarHook can now take a url_name parameter specifying the URL
name to link to
* Review UIs can now specify the link and link text for any comments on a
review by overriding get_comment_link_url() and get_comment_link_text()
* Custom hosting services can now be registered/unregistered by extensions
by using register_hosting_service() and unregister_hosting_service()
(from reviewboard.hostingsvcs.service)
* Added the ability to more easily write hosting services support that
works for self-installable services
- Bug Fixes:
* Added missing repository validation for Mercurial repositories
* Fixed replying to comments on file attachments that have since been
removed
* Fixed the display of the upload dialogs when viewing a file attachment
* Comments on file attachments in e-mails now link to the correct review UI
handling the file
* Worked around rare issues where a reset of the Open An Issue default for
a user would cause pages to break
- Misc Changes:
* E-mails now show the user’s full name instead of just their first name
* The New Review Request page now mentions RBTools instead of just
post-review
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 3 2013 Stephen Gallagher <sgall...@redhat.com> - 0.7.15-1
- New upstream release 0.7.15
- djblets.log:
* Added enhanced request logging
- djblets.siteconfig:
* Changing and loading the site_static_url setting will now actually cause
static media files to be loaded from that URL
- JavaScript:
* inlineEditor now emits a "cancel" event when pressing OK without any
modifications. Previously, there was no indication that it had finished.
* inlineEditor's "complete" event now has the initialValue parameter (which
comes after the new value) set correctly. Previously, it was always the
same as the value, making it hard to determine if anything had changed.
* $.fn.html() now works with setting empty strings.
- djblets.gravatars:
* Added get_gravatar_url_for_email
- djblets.webapi:
* The cache of known URI templates for a RootResource now works properly
when the path leading to the RootResource can change
* When serializing an object while using ?expand, any QuerySet will be
converted to a list. This prevents any changes from happening between
serializing and rendering
* Added a "is_webapi_handler" attribute to WebAPIResource
- djblets.extensions:
* Extension classes can now define a 'metadata' variable to override the
package's metadata. This uses standard PyPI metadata fields. Using this,
single Python package can provide several extensions.
* TemplateHooks subclasses can now override a new render_to_string function
to do their own processing and rendering, instead of simply rendering
the provided template_name.
* The template_name parameter to TemplateHook is now optional.
* The Django template loader cache is now reset when syncing extension
settings or enabling/disabling an extension
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #970113 - ReviewBoard-1.7.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=970113
--------------------------------------------------------------------------------
================================================================================
python-openid-cla-1.0-1.el6 (FEDORA-EPEL-2013-6077)
CLA extension for python-openid
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #969703 - Review Request: python-openid-cla - CLA extension for
python-openid
https://bugzilla.redhat.com/show_bug.cgi?id=969703
--------------------------------------------------------------------------------
================================================================================
python-subunit-0.0.12-5.el6 (FEDORA-EPEL-2013-6085)
Python implementation of subunit test streaming protocol
--------------------------------------------------------------------------------
Update Information:
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #908842 - Review Request: python-subunit - Python implementation of
subunit test streaming protocol
https://bugzilla.redhat.com/show_bug.cgi?id=908842
--------------------------------------------------------------------------------
================================================================================
tnftp-20130505-4.el6 (FEDORA-EPEL-2013-6078)
FTP (File Transfer Protocol) client from NetBSD
--------------------------------------------------------------------------------
Update Information:
tnftp is the NetBSD ftp client, now available for Fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #966201 - Review Request: tnftp - FTP (File Transfer Protocol)
client from NetBSD
https://bugzilla.redhat.com/show_bug.cgi?id=966201
--------------------------------------------------------------------------------
================================================================================
vmtouch-0.8.0-1.el6 (FEDORA-EPEL-2013-6076)
Portable file system cache diagnostics and control
--------------------------------------------------------------------------------
Update Information:
Vmtouch is a tool for learning about and controlling the file system cache of
Unix and Unix-like systems.
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
