The following Fedora EPEL 6 Security updates need testing: Age URL 704 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 134 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.el6 51 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-1.el6 46 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-client-7.2.33-3.git1994cc8.el6 36 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2.0.2-4.el6 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0845/asterisk-1.8.26.1-1.el6 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0846/mediawiki119-1.19.13-1.el6 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0852/lighttpd-1.4.35-1.el6 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0888/v8-3.14.5.10-7.el6 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0889/moodle-2.4.9-1.el6 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0938/seamonkey-2.21-5.ESR_24.4.0.el6 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0951/check-mk-1.2.4-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0972/munin-2.0.19-2.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0980/perl-YAML-LibYAML-0.38-4.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing cscppc-1.0.3-1.el6 cswrap-1.0.3-1.el6 munin-2.0.19-2.el6 open-vm-tools-9.4.0-8.el6 ovirt-engine-cli-3.4.0.5-1.el6 ovirt-engine-sdk-python-3.4.0.6-1.el6 perl-Rose-DB-Object-0.811-1.el6 perl-YAML-LibYAML-0.38-4.el6 python-iso8601-0.1.10-1.el6 yapet-1.0-1.el6 Details about builds: ================================================================================ cscppc-1.0.3-1.el6 (FEDORA-EPEL-2014-0978) A compiler wrapper that runs cppcheck in background -------------------------------------------------------------------------------- Update Information: initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066026 - Review Request: cscppc - A compiler wrapper that runs cppcheck in background https://bugzilla.redhat.com/show_bug.cgi?id=1066026 -------------------------------------------------------------------------------- ================================================================================ cswrap-1.0.3-1.el6 (FEDORA-EPEL-2014-0976) Generic compiler wrapper -------------------------------------------------------------------------------- Update Information: initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066028 - Review Request: cswrap - Generic compiler wrapper https://bugzilla.redhat.com/show_bug.cgi?id=1066028 -------------------------------------------------------------------------------- ================================================================================ munin-2.0.19-2.el6 (FEDORA-EPEL-2014-0972) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information: minor bugfix release: - BZ# 1081254: Start asyncd after node - BZ# 1028075: munin-node doesn't get added to chkconfig Upstream update to 2.0.18, fixes CVE-2013-6359 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 D. Johnson <fenri...@fedoraproject.org> - 2.0.19-2 - BZ# 1081254: Start asyncd after node - BZ# 1028075: munin-node doesn't get added to chkconfig -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037888 - CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18 https://bugzilla.redhat.com/show_bug.cgi?id=1037888 -------------------------------------------------------------------------------- ================================================================================ open-vm-tools-9.4.0-8.el6 (FEDORA-EPEL-2014-0967) Open Virtual Machine Tools for virtual machines hosted on VMware -------------------------------------------------------------------------------- Update Information: Added package dependencies to address BZ#1045709 and BZ#1077320. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Ravindra Kumar <ravindraku...@vmware.com> - 9.4.0-8 - Add missing package dependency on 'which' (BZ#1045709) * Tue Mar 25 2014 Ravindra Kumar <ravindraku...@vmware.com> - 9.4.0-7 - Add -D_DEFAULT_SOURCE to suppress warning as suggested in https://sourceware.org/bugzilla/show_bug.cgi?id=16632 * Fri Mar 21 2014 Ravindra Kumar <ravindraku...@vmware.com> - 9.4.0-6 - Add missing package dependencies (BZ#1045709, BZ#1077320) * Tue Feb 18 2014 Igor Gnatenko <i.gnatenko.br...@gmail.com> - 9.4.0-5 - Fix FTBFS g_info redefine (RHBZ #1063847) * Fri Feb 14 2014 David Tardon <dtar...@redhat.com> - 9.4.0-4 - rebuild for new ICU * Tue Feb 11 2014 Richard W.M. Jones <rjo...@redhat.com> - 9.4.0-3 - Only build on x86-64 for RHEL 7 (RHBZ#1054608). * Wed Dec 4 2013 Richard W.M. Jones <rjo...@redhat.com> - 9.4.0-2 - Rebuild for procps SONAME bump. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1045709 - open-vm-tools should depend on which https://bugzilla.redhat.com/show_bug.cgi?id=1045709 [ 2 ] Bug #1077320 - open-vm-tools should depend on ifconfig https://bugzilla.redhat.com/show_bug.cgi?id=1077320 -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-cli-3.4.0.5-1.el6 (FEDORA-EPEL-2014-0977) oVirt Engine Command Line Interface -------------------------------------------------------------------------------- Update Information: Update to upstream 3.4.0.5 Update to upstream 3.3.0.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Juan Hernandez <juan.hernan...@redhat.com> - 3.4.0.5-1 - Update to upstream 3.4.0.5 in order to support version 3.4 of the oVirt project. * Wed Oct 9 2013 Juan Hernandez <juan.hernan...@redhat.com> - 3.3.0.5-1 - Update to upstream 3.3.0.5 -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-sdk-python-3.4.0.6-1.el6 (FEDORA-EPEL-2014-0974) oVirt Engine Software Development Kit (Python) -------------------------------------------------------------------------------- Update Information: Update to upstream version 3.4.0.6 Update to upstream 3.3.0.7 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Juan Hernandez <juan.hernan...@redhat.com> - 3.4.0.6-1 - Update to upstream version 3.4.0.6 in order to support release 3.4 of the oVirt project. * Wed Oct 9 2013 Juan Hernandez <juan.hernan...@redhat.com> - 3.3.0.7-1 - Update to upstream 3.3.0.7 -------------------------------------------------------------------------------- ================================================================================ perl-Rose-DB-Object-0.811-1.el6 (FEDORA-EPEL-2014-0973) Extensible, high performance object-relational mapper (ORM) -------------------------------------------------------------------------------- Update Information: update to version 0.811 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Bill Pemberton <wf...@worldbroken.com> - 0.811-1 - update to version 0.811 - fixes a bug that prevented many-to-many map records from being saved to the database -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055297 - perl-Rose-DB-Object-0.811 is available https://bugzilla.redhat.com/show_bug.cgi?id=1055297 -------------------------------------------------------------------------------- ================================================================================ perl-YAML-LibYAML-0.38-4.el6 (FEDORA-EPEL-2014-0980) Perl YAML Serialization using XS and libyaml -------------------------------------------------------------------------------- Update Information: This update addresses two security issues. CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. CVE-2014-2525: The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Paul Howarth <p...@city-fan.org> - 0.38-4 - Fix LibYAML input sanitization errors (CVE-2014-2525) - Fix heap-based buffer overflow when parsing YAML tags (CVE-2013-6393) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078083 - CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs https://bugzilla.redhat.com/show_bug.cgi?id=1078083 [ 2 ] Bug #1033990 - CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags https://bugzilla.redhat.com/show_bug.cgi?id=1033990 -------------------------------------------------------------------------------- ================================================================================ python-iso8601-0.1.10-1.el6 (FEDORA-EPEL-2014-0970) Simple module to parse ISO 8601 dates -------------------------------------------------------------------------------- Update Information: - New release to improve parsing validation -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Pádraig Brady <pbr...@redhat.com> - 0.1.10-1 - Latest upstream -------------------------------------------------------------------------------- ================================================================================ yapet-1.0-1.el6 (FEDORA-EPEL-2014-0975) Curses based password encryption tool -------------------------------------------------------------------------------- Update Information: YAPET 1.0 * new user interface. * colors can be customized in the configuration file. * can be suspended by pressing ^Z (Control-Z). * PET files can be exported to CSV using yapet2csv. * dropped support of long command line options. * new files are created by pressing 'E'. * experimental support for multi-byte characters. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 27 2014 Christopher Meng <r...@cicku.me> - 1.0-1 - Update to 1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1070207 - yapet-1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1070207 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel