The following Fedora EPEL 6 Security updates need testing:
Age URL
622
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
136
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6
78
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11865/quassel-0.9.1-1.el6
51
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.el6
21
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12361/libreswan-3.7-1.el6
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12427/seamonkey-2.21-3.esr2.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12477/gitolite3-3.5.3.1-1.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12483/puppet-2.7.24-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0026/x2goserver-4.0.1.10-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
glite-lb-state-machine-2.0.7-1.el6
iperf-2.0.5-11.el6
jupp-26-1.el6
oz-0.12.0-1.el6
php-horde-Horde-Autoloader-2.0.1-4.el6
x2goserver-4.0.1.10-1.el6
Details about builds:
================================================================================
glite-lb-state-machine-2.0.7-1.el6 (FEDORA-EPEL-2014-0023)
gLite Logging and Bookkeeping state machine
--------------------------------------------------------------------------------
Update Information:
glite-lb-state-machine is the gLite L&B job state machine -- server core
processing L&B events to produce job state presented to the user. This package
contains the state machine library (linked by server) and dynamic plugin (used
by other tools and Job Provenance).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1046513 - Review Request: glite-lb-state-machine - gLite Logging
and Bookkeeping state machine
https://bugzilla.redhat.com/show_bug.cgi?id=1046513
--------------------------------------------------------------------------------
================================================================================
iperf-2.0.5-11.el6 (FEDORA-EPEL-2014-0028)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:
patch to exit on port bind failure (#1047172, #1047569)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 3 2014 Gabriel Somlo <somlo at cmu.edu> 2.0.5-11
- patch to exit on port bind failure (#1047172, #1047569)
* Sun Dec 22 2013 Gabriel Somlo <somlo at cmu.edu> 2.0.5-10
- added patch to build with format security enabled (#1037132)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1047172 - Iperf pretend to listen on a port even if bind fails
https://bugzilla.redhat.com/show_bug.cgi?id=1047172
[ 2 ] Bug #1047569 - socket/bind fails it's a warning . Rather it should be
treated as error
https://bugzilla.redhat.com/show_bug.cgi?id=1047569
--------------------------------------------------------------------------------
================================================================================
jupp-26-1.el6 (FEDORA-EPEL-2014-0025)
Compact and feature-rich WordStar-compatible editor
--------------------------------------------------------------------------------
Update Information:
Jupp is a compact and feature-rich WordStar-compatible editor and also the
MirOS fork of the JOE 3.x editor which provides easy conversion for former PC
users as well as powerfulness for programmers, while not doing annoying things
like word wrap "automagically". It can double as a hex editor and comes with a
character map plus Unicode support. Additionally it contains an extension to
visibly display tabs and spaces, has a cleaned up, extended and beautified
options menu, more CUA style key-bindings, an improved math functionality and a
bracketed paste mode automatically used with Xterm.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1046812 - Review Request: jupp - Compact and feature-rich
WordStar-compatible editor
https://bugzilla.redhat.com/show_bug.cgi?id=1046812
--------------------------------------------------------------------------------
================================================================================
oz-0.12.0-1.el6 (FEDORA-EPEL-2014-0027)
Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
Update Information:
Update to Oz 0.12.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 3 2014 Chris Lalancette <clalance...@gmail.com> - 0.12.0-1
- Update to release 0.12.0
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Autoloader-2.0.1-4.el6 (FEDORA-EPEL-2014-0022)
Horde Autoloader
--------------------------------------------------------------------------------
Update Information:
Patch default autoloader to ensure Sabre class are loaded from
/usr/share/php/Sabre (required version provided by php-sabre-dav) and not from
/usr/share/pear/Sabre (old version provided by php-sabredav-Sabre*, still used
by ownclound)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 3 2014 Remi Collet <r...@fedoraproject.org> - 2.0.1-2
- patch autoloader for Sabre
- spec cleanup
- add --with tests option
--------------------------------------------------------------------------------
================================================================================
x2goserver-4.0.1.10-1.el6 (FEDORA-EPEL-2014-0026)
X2Go Server
--------------------------------------------------------------------------------
Update Information:
This release pulls in all changes that got introduced in the Baikal LTS release
4.0.0.8, including a severe vulnerability in
x2gocleansessions. Gains of the LTS version 4.0.0.8 of x2goserver are:
o Improve parsing of the NX session.log file. Fix session
suspending/resuming when in fails in some occasions.
o Fix severe vulnerability in x2gocleansessions.
o Sanitize session ID string, port numbers, display numbers
and agent PID numbers before writing them as strings to the
session DB.
Please note::: This release fixes a severe vulnerability in X2Go Server that
allowed an attacker with user permissions to gain root access tothe X2Go Server
machine. Everyone, please upgrade your X2Go Server installations.
New gains of the version 4.0.1.10 of x2goserver are:
o Fix x2goresume-session that we broke in 4.0.1.9.
o Ship x2goserver-fmbindings
o Allow enabling/disabling of TCP listening of x2goagent.
- Disable Xsession support for now - Debian specific (Bug #1038834)
Update to 4.0.1.9 - incorporate changes from 4.0.0.7 LTS bugfix release.
- Drop incorrect keyboard patch- Use mktemp instead of tempfile
- Fix Xsession.d link creation
- Add patch to fix keyboard setting (bug #1033876)
Update to 4.0.1.8:
- Fix resizing when resuming sessions.
- Fix automatic keyboard setup (via x2gosetkeyboard) while resuming a session.
(Fixes: #285).
- Provide sudoers.d/x2goserver file that allows sudoed commands under KDE (by
pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276).
- With PostgreSQL as session db backend, prevent the root user from launching
sessions. Also, prevent x2gouser_root from being added as a PostgreSQL user.
(Fixes: #310).
- Execute DB status changes as late as possible during suspend / terminate.
- Start/resume rootless sessions without geometry parameter. Esp. using
X2GO_GEOMETRY=fullscreen for rootless sessions lead to an extra 1x1 px session
window (nxagentCreateIconWindow in nxagent's Window.c).
- Typo fix in x2goruncommand (for MATE session startup).
- Make umask that is used when mounting client-side folders via SSHFS
configurable in x2goserver.conf. (Fixes: #331).
- Use bash-builtin 'type' instead of to be avoided 'which'. (Fixes: #305).
- Disable Xsession support for now - Debian specific (Bug #1038834)
Update to 4.0.1.9 - incorporate changes from 4.0.0.7 LTS bugfix release.
- Drop incorrect keyboard patch
- Use mktemp instead of tempfile
- Fix Xsession.d link creation
- Add patch to fix keyboard setting (bug #1033876)
Update to 4.0.1.8:
- Fix resizing when resuming sessions.
- Fix automatic keyboard setup (via x2gosetkeyboard) while resuming a session.
(Fixes: #285).
- Provide sudoers.d/x2goserver file that allows sudoed commands under KDE (by
pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276).
- With PostgreSQL as session db backend, prevent the root user from launching
sessions. Also, prevent x2gouser_root from being added as a PostgreSQL user.
(Fixes: #310).
- Execute DB status changes as late as possible during suspend / terminate.
- Start/resume rootless sessions without geometry parameter. Esp. using
X2GO_GEOMETRY=fullscreen for rootless sessions lead to an extra 1x1 px session
window (nxagentCreateIconWindow in nxagent's Window.c).
- Typo fix in x2goruncommand (for MATE session startup).
- Make umask that is used when mounting client-side folders via SSHFS
configurable in x2goserver.conf. (Fixes: #331).
- Use bash-builtin 'type' instead of to be avoided 'which'. (Fixes: #305).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 3 2014 Orion Poplawski <or...@cora.nwra.com> - 4.0.1.10-1
- Update to 4.0.1.10
- Drop pwgen and mktemp patches applied upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1038834 - /etc/x2go/Xsession script broken
https://bugzilla.redhat.com/show_bug.cgi?id=1038834
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
