The following Fedora EPEL 6 Security updates need testing: Age URL 440 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 35 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6034/heat-jeos-9-1.el6 29 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6090/ssmtp-2.61-20.el6 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10532/python-bugzilla-0.9.0-1.el6 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10586/rubygem-passenger-3.0.21-3.el6 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10617/wordpress-3.5.2-1.el6 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10621/openstack-keystone-2012.2.4-5.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10581/glpi-0.83.9.1-1.el6 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10623/ReviewBoard-1.7.11-1.el6 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10654/php-pecl-radius-1.2.7-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10750/zeroinstall-injector-2.3-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10754/ansible-1.2.1-2.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10756/gallery3-3.0.9-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing ansible-1.2.1-2.el6 drupal7-admin_language-1.0-0.2.dev.20130226.el6 drupal7-crumbs-1.9-2.el6 drupal7-ds-2.4-1.el6 drupal7-l10n_server-1.0-0.2.dev.20130220.el6 drupal7-lang_dropdown-1.5-2.el6 drupal7-path_breadcrumbs-3.0-0.3.beta3.el6 drupal7-tmgmt-1.0-0.2.alpha3.el6 gallery3-3.0.9-1.el6 nodejs-ain2-1.2.1-5.el6 nodejs-buffer-crc32-0.2.1-5.el6 nodejs-buffer-equal-0.0.0-3.el6 nodejs-bunker-0.1.2-3.el6 nodejs-burrito-0.2.12-6.el6 nodejs-bytes-0.2.1-3.el6 nodejs-charm-0.1.2-2.el6 nodejs-cli-0.4.4.2-4.el6 nodejs-collections-0.1.21-1.el6 nodejs-less-1.4.1-1.el6 php-Raven-0.6.1-1.el6 zeroinstall-injector-2.3-1.el6 Details about builds: ================================================================================ ansible-1.2.1-2.el6 (FEDORA-EPEL-2013-10754) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Upstream 1.2.1 version. See: https://groups.google.com/forum/#!topic/ansible-project/Bj0TmfsExhk for more info. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Kevin Fenzi <ke...@scrye.com> 1.2.1-2 - Update to newer upstream re-release to fix a syntax error * Thu Jul 4 2013 Kevin Fenzi <ke...@scrye.com> 1.2.1-1 - Update to 1.2.1 - Fixes CVE-2013-2233 -------------------------------------------------------------------------------- References: [ 1 ] Bug #980821 - CVE-2013-2233 ansible: Does not cache SSH host keys (preventing possibility of server's host key to be checked against system host keys) https://bugzilla.redhat.com/show_bug.cgi?id=980821 -------------------------------------------------------------------------------- ================================================================================ drupal7-admin_language-1.0-0.2.dev.20130226.el6 (FEDORA-EPEL-2013-10765) Displays administration pages in preferred language -------------------------------------------------------------------------------- Update Information: This module lets the administrator see all administration pages in her preferred language. You can use this to display the front-end of the site in one language and still keep most of the back-end in English (or another language of your choice). You can use the standard Languages page to choose the language of the admin pages. This package provides the following Drupal module: * admin_language -------------------------------------------------------------------------------- ================================================================================ drupal7-crumbs-1.9-2.el6 (FEDORA-EPEL-2013-10753) The ultimate breadcrumbs module -------------------------------------------------------------------------------- Update Information: Crumbs is a powerful breadcrumb-building machine, generating high-quality breadcrumbs for most every page on your site, with minimal configuration. The Crumbs engine takes advantage of the hierarchical nature inherent to breadcrumbs: It calculates the parent of the current page, the parent of the parent, etc, until it has the complete breadcrumb trail. Crumbs uses plugins with fine-grained user-defined priorities, for each step in this process. Plugins for most of your favorite modules are already built-in, and you can add more. A lot of stuff that would require laborious configuration with other breadcrumb-building modules, does work out of the box with Crumbs. And if it doesn't, there are powerful and ways to configure, customize and extend. Where in other breadcrumb-customizing modules you need to define complete breadcrumbs for various pages and their all their children, in Crumbs you mostly just say "A is the parent of B", and it can solve all the rest of the puzzle by itself. This package provides the following Drupal module: * crumbs -------------------------------------------------------------------------------- ================================================================================ drupal7-ds-2.4-1.el6 (FEDORA-EPEL-2013-10761) Extend the display options for every entity type -------------------------------------------------------------------------------- Update Information: Display Suite allows you to take full control over how your content is displayed using a drag and drop interface. Arrange your nodes, views, comments, user data etc. the way you want without having to work your way through dozens of template files. A predefined list of layouts (D7 only) is available for even more drag and drop fun! By defining custom view modes (build modes in D6), you can define how one piece of content should be displayed in different places such as teaser lists, search results, the full node, views etc. Watch a screen-cast (http://drupal.org/node/644706) to see it all in action! This package provides the following Drupal modules: * ds * ds_ui * ds_devel (NOTE: Requires install of the devel module) * ds_format * ds_extras * ds_search * ds_forms -------------------------------------------------------------------------------- ================================================================================ drupal7-l10n_server-1.0-0.2.dev.20130220.el6 (FEDORA-EPEL-2013-10759) Localization server -------------------------------------------------------------------------------- Update Information: The localization server is a set of Drupal modules powering http://localize.drupal.org/, https://translate.openatrium.com/, http://localize.openpublishapp.com/ and even the non-Drupal based http://translate.musescore.org/ among other translation communities. It provides a generic translation database back-end with a community localization user interface, which allows people to collaborate on translating projects to different languages. It currently contains tools to translate Drupal projects as well as general Gettext based sources. This package provides the following Drupal modules: * l10n_community * l10n_groups (NOTE: Requires install of the og module) * l10n_remote * l10n_packager * l10n_server * l10n_drupal * l10n_gettext -------------------------------------------------------------------------------- ================================================================================ drupal7-lang_dropdown-1.5-2.el6 (FEDORA-EPEL-2013-10764) Provides a dropdown select to switch between available languages -------------------------------------------------------------------------------- Update Information: Language Switcher Dropdown is a very simple module that exposes a new block, similar to the default Language Switcher block provided by Locale module. The new block allows site visitors to switch languages using a drop-down select list instead of using hyperlinks. The module also integrates well with Language Icons (http://drupal.org/project/languageicons) module if installed. This package provides the following Drupal module: * lang_dropdown -------------------------------------------------------------------------------- ================================================================================ drupal7-path_breadcrumbs-3.0-0.3.beta3.el6 (FEDORA-EPEL-2013-10755) Allows creation of custom breadcrumbs for any page using contexts -------------------------------------------------------------------------------- Update Information: Updated to 3.0-beta3 Release notes: https://drupal.org/node/2022711 Path breadcrumbs module helps you to create breadcrumbs for any page with any selection rules and load any entity from the URL. Features * Breadcrumbs navigation may be added to any kind of page: static (example: node/1) or dynamic (example: node/NID). * You can load contexts from URL and use it like tokens for breadcrumb path or title. * You can use selection rules for every breadcrumbs navigation. * Supports ALL tokens from Entity tokens module (part of Entity module). * You can import/export breadcrumbs (supports single operations, Features and Ctools bulk export). * Breadcrumbs can be cloned to save you time while building navigation. * Module provides rich snippets support for breadcrumbs (RDFa and Microdata). * Module provides first/last/odd/even classes to every breadcrumb link. * You can change breadcrumbs delimiter. * Breadcrumbs could be hidden if they contain only one element. * You can disable breadcrumbs and enable them later. * All breadcrumb titles are translatable. * Usable interface. This package provides the following Drupal modules: * path_breadcrumbs * path_breadcrumbs_ui * path_breadcrumbs_i18n (Requires manual install of the i18n module) -------------------------------------------------------------------------------- References: [ 1 ] Bug #981354 - drupal7-path_breadcrumbs-3.0-beta3 is available https://bugzilla.redhat.com/show_bug.cgi?id=981354 -------------------------------------------------------------------------------- ================================================================================ drupal7-tmgmt-1.0-0.2.alpha3.el6 (FEDORA-EPEL-2013-10747) Translation Management Tool -------------------------------------------------------------------------------- Update Information: The Translation Management Tool (TMGMT) module provides a tool set for translating content from different sources. The translation can be done by people or translation services of all kinds. It builds on and uses existing language tools and data structures in Drupal and can be used in automated workflow scenarios. This module does not make i18n or any other language module for Drupal obsolete. It does only facilitate the translation process. The second alpha has been released, huge improvements have been made (see the release notes for details) and there's even more work to do. Please test the new version and report any bugs that you can find. Important: The external translator plugins (Microsoft, MyGengo, Nativy, Supertext) have been moved to separate projects. When any of these plugins, make sure to download them as well and then run update.php when updating. This package provides the following Drupal modules: * tmgmt * tmgmt_local * tmgmt_skills * tmgmt_file * tmgmt_entity * tmgmt_entity_ui * tmgmt_node * tmgmt_node_ui * tmgmt_field * tmgmt_i18n_string * tmgmt_ui -------------------------------------------------------------------------------- ================================================================================ gallery3-3.0.9-1.el6 (FEDORA-EPEL-2013-10756) Customizable photo gallery web site -------------------------------------------------------------------------------- Update Information: Fixes for CVE-2013-2240, CVE-2013-2241. A security flaw was found in the way flowplayer SWF file handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to this file (certain URL fragments were not stripped properly when these files were called via direct URL request(s)). A remote attacker could use this flaw to conduct replay attacks. Multiple information exposure flaws were found in the way data rest core module of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, used to previously restrict access to certain items of the photo album. A remote attacker, valid Gallery 3 user, could use this flaw to possibly obtain sensitive information (file, resize or thumb path of the item in question). -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jon Ciesla <limburg...@gmail.com> - 3.0.9-1 - 3.0.9. -------------------------------------------------------------------------------- References: [ 1 ] Bug #981218 - CVE-2013-2138 gallery3 various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=981218 [ 2 ] Bug #981219 - CVE-2013-2138 gallery3 various flaws [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=981219 -------------------------------------------------------------------------------- ================================================================================ nodejs-ain2-1.2.1-5.el6 (FEDORA-EPEL-2013-10760) A Node.js module for syslog logging (and a continuation of ain) -------------------------------------------------------------------------------- Update Information: Rebuild to restrict to compatible architectures. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 1.2.1-5 - restrict to compatible arches -------------------------------------------------------------------------------- ================================================================================ nodejs-buffer-crc32-0.2.1-5.el6 (FEDORA-EPEL-2013-10757) A pure JavaScript CRC32 algorithm that plays nice with binary data -------------------------------------------------------------------------------- Update Information: Rebuild to restrict to compatible architectures. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 0.2.1-5 - restrict to compatible arches * Wed Jun 19 2013 T.C. Hollingsworth <tchollingswo...@gmail.com> - 0.2.1-4 - rebuild for missing npm(buffer-crc32) provides on EL6 -------------------------------------------------------------------------------- ================================================================================ nodejs-buffer-equal-0.0.0-3.el6 (FEDORA-EPEL-2013-10762) Returns whether two buffers are equal -------------------------------------------------------------------------------- Update Information: Rebuild to restrict to compatible architectures. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 0.0.0-3 - restrict to compatible arches -------------------------------------------------------------------------------- ================================================================================ nodejs-bunker-0.1.2-3.el6 (FEDORA-EPEL-2013-10752) Code coverage in native JavaScript -------------------------------------------------------------------------------- Update Information: Rebuild to restrict to compatible architectures. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 0.1.2-3 - restrict to compatible arches -------------------------------------------------------------------------------- ================================================================================ nodejs-burrito-0.2.12-6.el6 (FEDORA-EPEL-2013-10748) Wrap up expressions with a trace function while walking the AST -------------------------------------------------------------------------------- Update Information: Rebuild to restrict to compatible architectures. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 0.2.12-6 - restrict to compatible arches -------------------------------------------------------------------------------- ================================================================================ nodejs-bytes-0.2.1-3.el6 (FEDORA-EPEL-2013-10751) Byte size string parser/serializer for Node.js -------------------------------------------------------------------------------- Update Information: Rebuild to restrict to compatible architectures. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 0.2.1-3 - restrict to compatible arches * Wed Jun 19 2013 T.C. Hollingsworth <tchollingswo...@gmail.com> - 0.2.1-2 - rebuild for missing npm(bytes) provides -------------------------------------------------------------------------------- ================================================================================ nodejs-charm-0.1.2-2.el6 (FEDORA-EPEL-2013-10758) ANSI control sequences for terminal cursor hopping and colors -------------------------------------------------------------------------------- Update Information: Rebuild to restrict to compatible architectures. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 0.1.2-2 - restrict to compatible arches -------------------------------------------------------------------------------- ================================================================================ nodejs-cli-0.4.4.2-4.el6 (FEDORA-EPEL-2013-10766) Node.js module for rapidly building command line apps -------------------------------------------------------------------------------- Update Information: Rebuild to restrict to compatible architectures. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 0.4.4.2-4 - restrict to compatible arches -------------------------------------------------------------------------------- ================================================================================ nodejs-collections-0.1.21-1.el6 (FEDORA-EPEL-2013-10763) Data structures with idiomatic JavaScript collection interfaces -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.1.21, which is a minor bug fix release. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 0.1.21-1 - update to upstream release 0.2.21 * Fri Jul 5 2013 Jamie Nguyen <jamieli...@fedoraproject.org> - 0.1.20-3 - restrict to compatible arches -------------------------------------------------------------------------------- ================================================================================ nodejs-less-1.4.1-1.el6 (FEDORA-EPEL-2013-10749) Less.js The dynamic stylesheet language -------------------------------------------------------------------------------- Update Information: - New upstream release 1.4.1 - https://github.com/less/less.js/blob/v1.4.1/CHANGELOG.md - Fix syncImports and yui-compress option, as they were being ignored - Fixed several global variable leaks - Handle getting null or undefined passed as the options object -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Stephen Gallagher <sgall...@redhat.com> - 1.4.1-1 - New upstream release 1.4.1 - https://github.com/less/less.js/blob/v1.4.1/CHANGELOG.md - Fix syncImports and yui-compress option, as they were being ignored - Fixed several global variable leaks - Handle getting null or undefined passed as the options object -------------------------------------------------------------------------------- References: [ 1 ] Bug #981590 - nodejs-less-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=981590 -------------------------------------------------------------------------------- ================================================================================ php-Raven-0.6.1-1.el6 (FEDORA-EPEL-2013-10746) A PHP client for Sentry -------------------------------------------------------------------------------- Update Information: Updated to 0.6.1 0.6.0 to 0.6.1: https://github.com/getsentry/raven-php/compare/0.6.0...0.6.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Shawn Iwinski <shawn.iwin...@gmail.com> 0.6.1-1 - Updated to 0.6.1 (BZ #981406) -------------------------------------------------------------------------------- References: [ 1 ] Bug #981406 - php-Raven-0.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=981406 -------------------------------------------------------------------------------- ================================================================================ zeroinstall-injector-2.3-1.el6 (FEDORA-EPEL-2013-10750) The Zero Install Injector (0launch) -------------------------------------------------------------------------------- Update Information: Enhancements: - upstream now ships an experimental OCaml front-end, this is not yet enabled - Add fish-shell command completion - Allow relative files in <archive> and <file> for local feeds. This makes it easy to test feeds before passing them to 0repo. Bug fixes: - Better handling of default="" in <environment> bindings. This now specifies that the default should be "", overriding any system default. - Fixed --refresh with "download" and "run" for apps. - Updated ssl_match_hostname based on latest bug-fixes. This fix is intended to fix a denial-of-service attack, which doesn't really matter to 0install, but we might as well have the latest version. CVE-2013-2099 - Better error when the <rename> source does not exist. - Allow selecting local archives even in offline mode. - Support the use of the system store with recipes. This is especially important now that we treat all downloads as recipes! - Removed old zeroinstall-add.desktop file. Changes for APIs we depend on - Cope with more PyGObject API changes. Based on patch in http://twistedmatrix.com/trac/ticket/6369 - Keep gobject and glib separate. Sometimes we need GLib, sometimes we need GObject. - Updates to avoid PyGIDeprecationWarning. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 5 2013 Michel Salim <sali...@fedoraproject.org> - 2.3-1 - Update to 2.3 * Mon May 6 2013 Michel Salim <sali...@fedoraproject.org> - 2.2-1 - Update to 2.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #958834 - zeroinstall-injector-2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=958834 [ 2 ] Bug #966273 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=966273 [ 3 ] Bug #966274 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=966274 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel