EPEL Fedora 6 updates-testing report

updates Thu, 27 Mar 2014 13:45:22 -0700

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 704  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
 134  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.el6
  51  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-1.el6
  46  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-client-7.2.33-3.git1994cc8.el6
  36  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2.0.2-4.el6
  12  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0845/asterisk-1.8.26.1-1.el6
  12  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0846/mediawiki119-1.19.13-1.el6
  12  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0852/lighttpd-1.4.35-1.el6
   8  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0888/v8-3.14.5.10-7.el6
   8  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0889/moodle-2.4.9-1.el6
   2  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0938/seamonkey-2.21-5.ESR_24.4.0.el6
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0951/check-mk-1.2.4-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0972/munin-2.0.19-2.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0980/perl-YAML-LibYAML-0.38-4.el6



The following builds have been pushed to Fedora EPEL 6 updates-testing

    cscppc-1.0.3-1.el6
    cswrap-1.0.3-1.el6
    munin-2.0.19-2.el6
    open-vm-tools-9.4.0-8.el6
    ovirt-engine-cli-3.4.0.5-1.el6
    ovirt-engine-sdk-python-3.4.0.6-1.el6
    perl-Rose-DB-Object-0.811-1.el6
    perl-YAML-LibYAML-0.38-4.el6
    python-iso8601-0.1.10-1.el6
    yapet-1.0-1.el6

Details about builds:


================================================================================
 cscppc-1.0.3-1.el6 (FEDORA-EPEL-2014-0978)
 A compiler wrapper that runs cppcheck in background
--------------------------------------------------------------------------------
Update Information:

initial packaging
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1066026 - Review Request: cscppc - A compiler wrapper that runs 
cppcheck in background
        https://bugzilla.redhat.com/show_bug.cgi?id=1066026
--------------------------------------------------------------------------------


================================================================================
 cswrap-1.0.3-1.el6 (FEDORA-EPEL-2014-0976)
 Generic compiler wrapper
--------------------------------------------------------------------------------
Update Information:

initial packaging
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1066028 - Review Request: cswrap - Generic compiler wrapper
        https://bugzilla.redhat.com/show_bug.cgi?id=1066028
--------------------------------------------------------------------------------


================================================================================
 munin-2.0.19-2.el6 (FEDORA-EPEL-2014-0972)
 Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:

minor bugfix release:
- BZ# 1081254: Start asyncd after node
- BZ# 1028075: munin-node doesn't get added to chkconfig
Upstream update to 2.0.18, fixes CVE-2013-6359
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 26 2014 D. Johnson <fenri...@fedoraproject.org> - 2.0.19-2
- BZ# 1081254: Start asyncd after node
- BZ# 1028075: munin-node doesn't get added to chkconfig
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037888 - CVE-2013-6048 CVE-2013-6359 munin: two denial of service 
flaws fixed in 2.0.18
        https://bugzilla.redhat.com/show_bug.cgi?id=1037888
--------------------------------------------------------------------------------


================================================================================
 open-vm-tools-9.4.0-8.el6 (FEDORA-EPEL-2014-0967)
 Open Virtual Machine Tools for virtual machines hosted on VMware
--------------------------------------------------------------------------------
Update Information:

Added package dependencies to address BZ#1045709 and BZ#1077320.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 26 2014 Ravindra Kumar <ravindraku...@vmware.com> - 9.4.0-8
- Add missing package dependency on 'which' (BZ#1045709)
* Tue Mar 25 2014 Ravindra Kumar <ravindraku...@vmware.com> - 9.4.0-7
- Add -D_DEFAULT_SOURCE to suppress warning as suggested in
  https://sourceware.org/bugzilla/show_bug.cgi?id=16632
* Fri Mar 21 2014 Ravindra Kumar <ravindraku...@vmware.com> - 9.4.0-6
- Add missing package dependencies (BZ#1045709, BZ#1077320)
* Tue Feb 18 2014 Igor Gnatenko <i.gnatenko.br...@gmail.com> - 9.4.0-5
- Fix FTBFS g_info redefine (RHBZ #1063847)
* Fri Feb 14 2014 David Tardon <dtar...@redhat.com> - 9.4.0-4
- rebuild for new ICU
* Tue Feb 11 2014 Richard W.M. Jones <rjo...@redhat.com> - 9.4.0-3
- Only build on x86-64 for RHEL 7 (RHBZ#1054608).
* Wed Dec  4 2013 Richard W.M. Jones <rjo...@redhat.com> - 9.4.0-2
- Rebuild for procps SONAME bump.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1045709 - open-vm-tools should depend on which
        https://bugzilla.redhat.com/show_bug.cgi?id=1045709
  [ 2 ] Bug #1077320 - open-vm-tools should depend on ifconfig
        https://bugzilla.redhat.com/show_bug.cgi?id=1077320
--------------------------------------------------------------------------------


================================================================================
 ovirt-engine-cli-3.4.0.5-1.el6 (FEDORA-EPEL-2014-0977)
 oVirt Engine Command Line Interface
--------------------------------------------------------------------------------
Update Information:

Update to upstream 3.4.0.5
Update to upstream 3.3.0.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 27 2014 Juan Hernandez <juan.hernan...@redhat.com> - 3.4.0.5-1
- Update to upstream 3.4.0.5 in order to support version 3.4 of the
  oVirt project.
* Wed Oct  9 2013 Juan Hernandez <juan.hernan...@redhat.com> - 3.3.0.5-1
- Update to upstream 3.3.0.5
--------------------------------------------------------------------------------


================================================================================
 ovirt-engine-sdk-python-3.4.0.6-1.el6 (FEDORA-EPEL-2014-0974)
 oVirt Engine Software Development Kit (Python)
--------------------------------------------------------------------------------
Update Information:

Update to upstream version 3.4.0.6
Update to upstream 3.3.0.7
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 27 2014 Juan Hernandez <juan.hernan...@redhat.com> - 3.4.0.6-1
- Update to upstream version 3.4.0.6 in order to support release 3.4 of
  the oVirt project.
* Wed Oct  9 2013 Juan Hernandez <juan.hernan...@redhat.com> - 3.3.0.7-1
- Update to upstream 3.3.0.7
--------------------------------------------------------------------------------


================================================================================
 perl-Rose-DB-Object-0.811-1.el6 (FEDORA-EPEL-2014-0973)
 Extensible, high performance object-relational mapper (ORM)
--------------------------------------------------------------------------------
Update Information:

update to version 0.811
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 26 2014 Bill Pemberton <wf...@worldbroken.com> - 0.811-1
- update to version 0.811
- fixes a bug that prevented many-to-many map records from being saved
  to the database
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1055297 - perl-Rose-DB-Object-0.811 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1055297
--------------------------------------------------------------------------------


================================================================================
 perl-YAML-LibYAML-0.38-4.el6 (FEDORA-EPEL-2014-0980)
 Perl YAML Serialization using XS and libyaml
--------------------------------------------------------------------------------
Update Information:

This update addresses two security issues.

CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML 
before 0.1.5 performs an incorrect cast, which allows remote attackers to cause 
a denial of service (application crash) and possibly execute arbitrary code via 
crafted tags in a YAML document, which triggers a heap-based buffer overflow.

CVE-2014-2525: The library is affected by a heap-based buffer overflow which 
can lead to arbitrary code execution. The vulnerability is caused by lack of 
proper expansion for the string passed to the yaml_parser_scan_uri_escapes() 
function. A specially crafted YAML file, with a long sequence of 
percent-encoded characters in a URL, can be used to trigger the overflow.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 27 2014 Paul Howarth <p...@city-fan.org> - 0.38-4
- Fix LibYAML input sanitization errors (CVE-2014-2525)
- Fix heap-based buffer overflow when parsing YAML tags (CVE-2013-6393)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1078083 - CVE-2014-2525 libyaml: heap-based buffer overflow when 
parsing URLs
        https://bugzilla.redhat.com/show_bug.cgi?id=1078083
  [ 2 ] Bug #1033990 - CVE-2013-6393 libyaml: heap-based buffer overflow when 
parsing YAML tags
        https://bugzilla.redhat.com/show_bug.cgi?id=1033990
--------------------------------------------------------------------------------


================================================================================
 python-iso8601-0.1.10-1.el6 (FEDORA-EPEL-2014-0970)
 Simple module to parse ISO 8601 dates
--------------------------------------------------------------------------------
Update Information:

- New release to improve parsing validation
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 27 2014 Pádraig Brady <pbr...@redhat.com> - 0.1.10-1
- Latest upstream
--------------------------------------------------------------------------------


================================================================================
 yapet-1.0-1.el6 (FEDORA-EPEL-2014-0975)
 Curses based password encryption tool
--------------------------------------------------------------------------------
Update Information:

YAPET 1.0

* new user interface.
* colors can be customized in the configuration file.
* can be suspended by pressing ^Z (Control-Z).
* PET files can be exported to CSV using yapet2csv.
* dropped support of long command line options.
* new files are created by pressing 'E'.
* experimental support for multi-byte characters.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 27 2014 Christopher Meng <r...@cicku.me> - 1.0-1
- Update to 1.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1070207 - yapet-1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1070207
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

EPEL Fedora 6 updates-testing report

Reply via email to