The following Fedora EPEL 6 Security updates need testing: Age URL 741 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 88 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-1.el6 83 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-client-7.2.33-3.git1994cc8.el6 73 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2.0.2-4.el6 32 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1011/php-ZendFramework-1.12.5-1.el6 24 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1073/cacti-0.8.8b-5.el6 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1206/Django14-1.4.11-1.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1226/ndjbdns-1.06-1.el6 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1236/prosody-0.8.2-7.el6 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1254/qt5-qtbase-5.2.1-8.el6 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1275/mediawiki119-1.19.15-1.el6 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1282/dmlite-0.6.2-2.el6 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1292/nrpe-2.15-2.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1304/rxvt-unicode-9.20-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1319/python-fmn-web-0.2.4-3.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1312/python-fedora-0.3.34-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing drupal7-variable-2.5-1.el6 libuv-0.10.27-1.el6 lua-term-0.03-3.el6 nodejs-0.10.28-1.el6 perl-Cpanel-JSON-XS-3.0104-1.el6 perl-File-DesktopEntry-0.08-1.el6 perl-File-MimeInfo-0.25-1.el6 python-fedora-0.3.34-1.el6 python-fmn-web-0.2.4-3.el6 v8-3.14.5.10-8.el6 web-assets-5-2.el6 Details about builds: ================================================================================ drupal7-variable-2.5-1.el6 (FEDORA-EPEL-2014-1316) Provides a registry for meta-data about Drupal variables -------------------------------------------------------------------------------- Update Information: - Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839) -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 Peter Borsa <peter.bo...@gmail.com> - 2.5-1 - Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1090883 - drupal7-variable-2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1090883 -------------------------------------------------------------------------------- ================================================================================ libuv-0.10.27-1.el6 (FEDORA-EPEL-2014-1314) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora. The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora. The latest libuv update contains only fixes for Windows. Nonetheless, the latest version of both has been packaged to avoid confusion. However, only these changelog entries from the previous releases are relevant: 2014.05.01, Version 0.10.27 (Stable) * dns: fix certain txt entries (Fedor Indutny) * assert: Ensure reflexivity of deepEqual (Mike Pennisi) * child_process: fix deadlock when sending handles (Fedor Indutny) * child_process: fix sending handle twice (Fedor Indutny) * crypto: do not lowercase cipher/hash names (Fedor Indutny) * http: do not emit EOF non-readable socket (Fedor Indutny) * http: invoke createConnection when no agent (Nathan Rajlich) * stream: remove useless check (Brian White) * timer: don't reschedule timer bucket in a domain (Greg Brail) * url: treat the same as / (isaacs) * util: format as Error if instanceof Error (Rod Vagg) 2014.04.07, Version 0.10.26 (Stable) * process: don't close stdio fds during spawn (Tonis Tiigi) * kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny) * linux: always deregister closing fds from epoll (Geoffry Song) * error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny) -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 T.C. Hollingsworth <tchollingswo...@gmail.com> - 1:0.10.27-1 - new upstream release 0.10.27 https://github.com/joyent/libuv/blob/v0.10.27/ChangeLog -------------------------------------------------------------------------------- ================================================================================ lua-term-0.03-3.el6 (FEDORA-EPEL-2014-1321) Terminal functions for Lua -------------------------------------------------------------------------------- Update Information: Lua module for manipulating a terminal. -------------------------------------------------------------------------------- ================================================================================ nodejs-0.10.28-1.el6 (FEDORA-EPEL-2014-1314) JavaScript runtime -------------------------------------------------------------------------------- Update Information: There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora. The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora. The latest libuv update contains only fixes for Windows. Nonetheless, the latest version of both has been packaged to avoid confusion. However, only these changelog entries from the previous releases are relevant: 2014.05.01, Version 0.10.27 (Stable) * dns: fix certain txt entries (Fedor Indutny) * assert: Ensure reflexivity of deepEqual (Mike Pennisi) * child_process: fix deadlock when sending handles (Fedor Indutny) * child_process: fix sending handle twice (Fedor Indutny) * crypto: do not lowercase cipher/hash names (Fedor Indutny) * http: do not emit EOF non-readable socket (Fedor Indutny) * http: invoke createConnection when no agent (Nathan Rajlich) * stream: remove useless check (Brian White) * timer: don't reschedule timer bucket in a domain (Greg Brail) * url: treat the same as / (isaacs) * util: format as Error if instanceof Error (Rod Vagg) 2014.04.07, Version 0.10.26 (Stable) * process: don't close stdio fds during spawn (Tonis Tiigi) * kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny) * linux: always deregister closing fds from epoll (Geoffry Song) * error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny) -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 T.C. Hollingsworth <tchollingswo...@gmail.com> - 0.10.28-1 - new upstream release 0.10.28 There is no dfference between 0.10.27 and 0.10.28 for Fedora, as the only thing updated was npm, which is shipped seperately. The latest was only packaged to avoid confusion. Please see the v0.10.27 changelog for relevant changes in this update: http://blog.nodejs.org/2014/05/01/node-v0-10-27-stable/ -------------------------------------------------------------------------------- ================================================================================ perl-Cpanel-JSON-XS-3.0104-1.el6 (FEDORA-EPEL-2014-1320) JSON::XS for Cpanel, fast and correct serializing -------------------------------------------------------------------------------- Update Information: This update adds compatibility with JSON::XS 3.x booleans and support for LZMA compression using Compress::LZF. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 26 2014 Paul Howarth <p...@city-fan.org> - 3.0104-1 - Update to 3.0104 - Add t/z_leaktrace.t - Restore build on C89 - Fix small cxt->sv_json leak on interp exit * Tue Apr 22 2014 Paul Howarth <p...@city-fan.org> - 3.0103-1 - Update to 3.0103 - Change booleans interop logic (again) for JSON-XS-3.01 - Check now for Types::Serialiser::Boolean i.e. JSON::PP::Boolean refs (https://github.com/rurban/Cpanel-JSON-XS/issues/18) to avoid allow_blessed for JSON-XS-3.01 booleans - Fix boolean representation for JSON-XS-3.01/Types::Serialiser::Boolean interop (arrayref, not hashref) - Add t/52_object.t from JSON::XS - Backport encode_hv HE sort on stack < 64 or heap to avoid stack overflows from JSON-XS-3.01; do not use alloca - Backport allow_tags, decode_tag, FREEZE/THAW callbacks from JSON-XS-3.01 - Added pod for OBJECT SERIALISATION (allow_tags, FREEZE/THAW) * Thu Apr 17 2014 Paul Howarth <p...@city-fan.org> - 3.0102-1 - Update to 3.0102 - Added PERL_NO_GET_CONTEXT for better performance on threaded Perls - MANIFEST: added t/96_interop.t - Document deprecated functions - Change booleans interop logic for JSON-XS-3.01 - Enable CLZF support via Compress::LZF * Wed Apr 16 2014 Paul Howarth <p...@city-fan.org> - 3.0101-1 - Update to 3.0101 - Added ithreads support: Cpanel::JSON::XS is now thread-safe - const'ed a translation table for memory savings - Fixed booleans for JSON 2.9 and JSON-XS-3.01 interop; JSON does not support JSON::XS booleans anymore, so I cannot think of any reason to still use JSON::XS -------------------------------------------------------------------------------- ================================================================================ perl-File-DesktopEntry-0.08-1.el6 (FEDORA-EPEL-2014-1317) Object to handle .desktop files -------------------------------------------------------------------------------- Update Information: This is the first EPEL-6 release of perl-File-DesktopEntry. -------------------------------------------------------------------------------- References: [ 1 ] Bug #210323 - Review Request: perl-File-DesktopEntry - Object to handle .desktop files https://bugzilla.redhat.com/show_bug.cgi?id=210323 -------------------------------------------------------------------------------- ================================================================================ perl-File-MimeInfo-0.25-1.el6 (FEDORA-EPEL-2014-1318) Determine file type and open application -------------------------------------------------------------------------------- Update Information: This is the first EPEL-6 release of perl-File-MimeInfo. -------------------------------------------------------------------------------- References: [ 1 ] Bug #210322 - Review Request: perl-File-MimeInfo - Determine file type https://bugzilla.redhat.com/show_bug.cgi?id=210322 -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.3.34-1.el6 (FEDORA-EPEL-2014-1312) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: Fix two security issues for services using python-fedora's TG1 and flask helpers. The TG1 fix quotes variables that could have been used to launch an XSS attack. The flask fix addresses OpenID Covert Redirect for web services which use flask_fas_openid to authenticate against the Fedora Account System. -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 Toshio Kuratomi <tos...@fedoraproject.org> - 0.3.34-1 - Upstream 0.3.34 release with security fixes for TG and flask services built with python-fedora * Fri Mar 14 2014 Toshio Kuratomi <tos...@fedoraproject.org> - 0.3.33-3 - Do not build the TG1 subpackage on EPEL7. Infrastructure is going to port its applications away from TG1 by the time they switch to RHEL7. So we want to get rid of TurboGears1 packages before RHEL7. - Fix conditionals so that they include the proper packages on epel7 * Fri Jan 10 2014 Dennis Gilmore <den...@ausil.us> - 0.3.33-2 - clean up some rhel logic in the spec -------------------------------------------------------------------------------- ================================================================================ python-fmn-web-0.2.4-3.el6 (FEDORA-EPEL-2014-1319) Frontend Web Application for Fedora Notifications -------------------------------------------------------------------------------- Update Information: Fix for Covert Redirect. -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 Ralph Bean <rb...@redhat.com> - 0.2.4-3 - Actually apply that patch. * Fri May 2 2014 Ralph Bean <rb...@redhat.com> - 0.2.4-2 - Patch for Covert Redirect. -------------------------------------------------------------------------------- ================================================================================ v8-3.14.5.10-8.el6 (FEDORA-EPEL-2014-1322) JavaScript Engine -------------------------------------------------------------------------------- Update Information: This update modifies the way V8 queries the system time, greatly improving performance on virtual machines where the real time clock is virtualized. For more information, see: https://github.com/joyent/node/commit/f9ced08de30c37838756e8227bd091f80ad9cafa -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 T.C. Hollingsworth <tchollingswo...@gmail.com> - 1:3.14.5.10-8 - use clock_gettime() instead of gettimeofday(), which increases V8 performance dramatically on virtual machines -------------------------------------------------------------------------------- ================================================================================ web-assets-5-2.el6 (FEDORA-EPEL-2014-1323) A simple framework for bits pushed to browsers -------------------------------------------------------------------------------- Update Information: This update introduces the base filesystem layout for Web Assets to EPEL 6. The proposed shared http path for Web Assets is not implemented in this update. This will enable packagers to unbundle libraries from their packages and utilize the new standard directories for doing so as they desire. Use of the functionality provided by this package is entirely optional. No coordinated unbundling effort will take place for this release. For more information, see: https://fedoraproject.org/wiki/Changes/Web_Assets This update introduces the base filesystem layout for Web Assets to Fedora EPEL 6. The proposed shared http path for Web Assets is *not* implemented in this update. This will enable packagers to unbundle libraries from their packages and utilize the new standard directories for doing so as they desire. Use of the functionality provided by this package is entirely optional. No coordinated unbundling effort will take place in EPEL at this time. For more information, see: https://fedoraproject.org/wiki/Changes/Web_Assets -------------------------------------------------------------------------------- References: [ 1 ] Bug #997678 - Review Request: web-assets - A simple framework for bits pushed to browsers https://bugzilla.redhat.com/show_bug.cgi?id=997678 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel