The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 741  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
  88  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-1.el6
  83  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-client-7.2.33-3.git1994cc8.el6
  73  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2.0.2-4.el6
  32  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1011/php-ZendFramework-1.12.5-1.el6
  24  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1073/cacti-0.8.8b-5.el6
  10  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1206/Django14-1.4.11-1.el6
   9  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1226/ndjbdns-1.06-1.el6
   7  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1236/prosody-0.8.2-7.el6
   6  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1254/qt5-qtbase-5.2.1-8.el6
   3  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1275/mediawiki119-1.19.15-1.el6
   3  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1282/dmlite-0.6.2-2.el6
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1292/nrpe-2.15-2.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1304/rxvt-unicode-9.20-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1319/python-fmn-web-0.2.4-3.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1312/python-fedora-0.3.34-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    drupal7-variable-2.5-1.el6
    libuv-0.10.27-1.el6
    lua-term-0.03-3.el6
    nodejs-0.10.28-1.el6
    perl-Cpanel-JSON-XS-3.0104-1.el6
    perl-File-DesktopEntry-0.08-1.el6
    perl-File-MimeInfo-0.25-1.el6
    python-fedora-0.3.34-1.el6
    python-fmn-web-0.2.4-3.el6
    v8-3.14.5.10-8.el6
    web-assets-5-2.el6

Details about builds:


================================================================================
 drupal7-variable-2.5-1.el6 (FEDORA-EPEL-2014-1316)
 Provides a registry for meta-data about Drupal variables
--------------------------------------------------------------------------------
Update Information:

- Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839)

--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 Peter Borsa <peter.bo...@gmail.com> - 2.5-1
- Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1090883 - drupal7-variable-2.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1090883
--------------------------------------------------------------------------------


================================================================================
 libuv-0.10.27-1.el6 (FEDORA-EPEL-2014-1314)
 Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:

There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora.  
The latest nodejs update contained a fixed npm, which is shipped seperately in 
Fedora.  The latest libuv update contains only fixes for Windows.  

Nonetheless, the latest version of both has been packaged to avoid confusion.  
However, only these changelog entries from the previous releases are relevant:

2014.05.01, Version 0.10.27 (Stable)

* dns: fix certain txt entries (Fedor Indutny)

* assert: Ensure reflexivity of deepEqual (Mike Pennisi)

* child_process: fix deadlock when sending handles (Fedor Indutny)

* child_process: fix sending handle twice (Fedor Indutny)

* crypto: do not lowercase cipher/hash names (Fedor Indutny)

* http: do not emit EOF non-readable socket (Fedor Indutny)

* http: invoke createConnection when no agent (Nathan Rajlich)

* stream: remove useless check (Brian White)

* timer: don't reschedule timer bucket in a domain (Greg Brail)

* url: treat  the same as / (isaacs)

* util: format as Error if instanceof Error (Rod Vagg)


2014.04.07, Version 0.10.26 (Stable)

* process: don't close stdio fds during spawn (Tonis Tiigi)

* kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny)

* linux: always deregister closing fds from epoll (Geoffry Song)

* error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny)
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 T.C. Hollingsworth <tchollingswo...@gmail.com> - 1:0.10.27-1
- new upstream release 0.10.27
  https://github.com/joyent/libuv/blob/v0.10.27/ChangeLog
--------------------------------------------------------------------------------


================================================================================
 lua-term-0.03-3.el6 (FEDORA-EPEL-2014-1321)
 Terminal functions for Lua
--------------------------------------------------------------------------------
Update Information:

Lua module for manipulating a terminal.
--------------------------------------------------------------------------------


================================================================================
 nodejs-0.10.28-1.el6 (FEDORA-EPEL-2014-1314)
 JavaScript runtime
--------------------------------------------------------------------------------
Update Information:

There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora.  
The latest nodejs update contained a fixed npm, which is shipped seperately in 
Fedora.  The latest libuv update contains only fixes for Windows.  

Nonetheless, the latest version of both has been packaged to avoid confusion.  
However, only these changelog entries from the previous releases are relevant:

2014.05.01, Version 0.10.27 (Stable)

* dns: fix certain txt entries (Fedor Indutny)

* assert: Ensure reflexivity of deepEqual (Mike Pennisi)

* child_process: fix deadlock when sending handles (Fedor Indutny)

* child_process: fix sending handle twice (Fedor Indutny)

* crypto: do not lowercase cipher/hash names (Fedor Indutny)

* http: do not emit EOF non-readable socket (Fedor Indutny)

* http: invoke createConnection when no agent (Nathan Rajlich)

* stream: remove useless check (Brian White)

* timer: don't reschedule timer bucket in a domain (Greg Brail)

* url: treat  the same as / (isaacs)

* util: format as Error if instanceof Error (Rod Vagg)


2014.04.07, Version 0.10.26 (Stable)

* process: don't close stdio fds during spawn (Tonis Tiigi)

* kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny)

* linux: always deregister closing fds from epoll (Geoffry Song)

* error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny)
--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 T.C. Hollingsworth <tchollingswo...@gmail.com> - 0.10.28-1
- new upstream release 0.10.28
  There is no dfference between 0.10.27 and 0.10.28 for Fedora, as the only
  thing updated was npm, which is shipped seperately.  The latest was only
  packaged to avoid confusion.  Please see the v0.10.27 changelog for relevant
  changes in this update:
  http://blog.nodejs.org/2014/05/01/node-v0-10-27-stable/
--------------------------------------------------------------------------------


================================================================================
 perl-Cpanel-JSON-XS-3.0104-1.el6 (FEDORA-EPEL-2014-1320)
 JSON::XS for Cpanel, fast and correct serializing
--------------------------------------------------------------------------------
Update Information:

This update adds compatibility with JSON::XS 3.x booleans and support for LZMA 
compression using Compress::LZF.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 26 2014 Paul Howarth <p...@city-fan.org> - 3.0104-1
- Update to 3.0104
  - Add t/z_leaktrace.t
  - Restore build on C89
  - Fix small cxt->sv_json leak on interp exit
* Tue Apr 22 2014 Paul Howarth <p...@city-fan.org> - 3.0103-1
- Update to 3.0103
  - Change booleans interop logic (again) for JSON-XS-3.01
    - Check now for Types::Serialiser::Boolean i.e. JSON::PP::Boolean refs
      (https://github.com/rurban/Cpanel-JSON-XS/issues/18) to avoid
      allow_blessed for JSON-XS-3.01 booleans
  - Fix boolean representation for JSON-XS-3.01/Types::Serialiser::Boolean
    interop (arrayref, not hashref)
  - Add t/52_object.t from JSON::XS
  - Backport encode_hv HE sort on stack < 64 or heap to avoid stack overflows
    from JSON-XS-3.01; do not use alloca
  - Backport allow_tags, decode_tag, FREEZE/THAW callbacks from JSON-XS-3.01
  - Added pod for OBJECT SERIALISATION (allow_tags, FREEZE/THAW)
* Thu Apr 17 2014 Paul Howarth <p...@city-fan.org> - 3.0102-1
- Update to 3.0102
  - Added PERL_NO_GET_CONTEXT for better performance on threaded Perls
  - MANIFEST: added t/96_interop.t
  - Document deprecated functions
  - Change booleans interop logic for JSON-XS-3.01
- Enable CLZF support via Compress::LZF
* Wed Apr 16 2014 Paul Howarth <p...@city-fan.org> - 3.0101-1
- Update to 3.0101
  - Added ithreads support: Cpanel::JSON::XS is now thread-safe
  - const'ed a translation table for memory savings
  - Fixed booleans for JSON 2.9 and JSON-XS-3.01 interop; JSON does not
    support JSON::XS booleans anymore, so I cannot think of any reason to
    still use JSON::XS
--------------------------------------------------------------------------------


================================================================================
 perl-File-DesktopEntry-0.08-1.el6 (FEDORA-EPEL-2014-1317)
 Object to handle .desktop files
--------------------------------------------------------------------------------
Update Information:

This is the first EPEL-6 release of perl-File-DesktopEntry.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #210323 - Review Request: perl-File-DesktopEntry - Object to handle 
.desktop files
        https://bugzilla.redhat.com/show_bug.cgi?id=210323
--------------------------------------------------------------------------------


================================================================================
 perl-File-MimeInfo-0.25-1.el6 (FEDORA-EPEL-2014-1318)
 Determine file type and open application
--------------------------------------------------------------------------------
Update Information:

This is the first EPEL-6 release of perl-File-MimeInfo.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #210322 - Review Request: perl-File-MimeInfo - Determine file type
        https://bugzilla.redhat.com/show_bug.cgi?id=210322
--------------------------------------------------------------------------------


================================================================================
 python-fedora-0.3.34-1.el6 (FEDORA-EPEL-2014-1312)
 Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:

Fix two security issues for services using python-fedora's TG1 and flask 
helpers.

The TG1 fix quotes variables that could have been used to launch an XSS attack.

The flask fix addresses OpenID Covert Redirect for web services which use 
flask_fas_openid to authenticate against the Fedora Account System.
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 Toshio Kuratomi <tos...@fedoraproject.org> - 0.3.34-1
- Upstream 0.3.34 release with security fixes for TG and flask services built
  with python-fedora
* Fri Mar 14 2014 Toshio Kuratomi <tos...@fedoraproject.org> - 0.3.33-3
- Do not build the TG1 subpackage on EPEL7.  Infrastructure is going to port
  its applications away from TG1 by the time they switch to RHEL7.  So we want
  to get rid of TurboGears1 packages before RHEL7.
- Fix conditionals so that they include the proper packages on epel7
* Fri Jan 10 2014 Dennis Gilmore <den...@ausil.us> - 0.3.33-2
- clean up some rhel logic in the spec
--------------------------------------------------------------------------------


================================================================================
 python-fmn-web-0.2.4-3.el6 (FEDORA-EPEL-2014-1319)
 Frontend Web Application for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:

Fix for Covert Redirect.
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 Ralph Bean <rb...@redhat.com> - 0.2.4-3
- Actually apply that patch.
* Fri May  2 2014 Ralph Bean <rb...@redhat.com> - 0.2.4-2
- Patch for Covert Redirect.
--------------------------------------------------------------------------------


================================================================================
 v8-3.14.5.10-8.el6 (FEDORA-EPEL-2014-1322)
 JavaScript Engine
--------------------------------------------------------------------------------
Update Information:

This update modifies the way V8 queries the system time, greatly improving 
performance on virtual machines where the real time clock is virtualized.

For more information, see: 
https://github.com/joyent/node/commit/f9ced08de30c37838756e8227bd091f80ad9cafa

--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 T.C. Hollingsworth <tchollingswo...@gmail.com> - 1:3.14.5.10-8
- use clock_gettime() instead of gettimeofday(), which increases V8 performance
  dramatically on virtual machines
--------------------------------------------------------------------------------


================================================================================
 web-assets-5-2.el6 (FEDORA-EPEL-2014-1323)
 A simple framework for bits pushed to browsers
--------------------------------------------------------------------------------
Update Information:

This update introduces the base filesystem layout for Web Assets to EPEL 6. The 
proposed shared http path for Web Assets is not implemented in this update.

This will enable packagers to unbundle libraries from their packages and 
utilize the new standard directories for doing so as they desire.
Use of the functionality provided by this package is entirely optional. No 
coordinated unbundling effort will take place for this release.

For more information, see: https://fedoraproject.org/wiki/Changes/Web_Assets

This update introduces the base filesystem layout for Web Assets to Fedora EPEL 
6.  The proposed shared http path for Web Assets is *not* implemented in this 
update.

This will enable packagers to unbundle libraries from their packages and utilize
the new standard directories for doing so as they desire.  

Use of the functionality provided by this package is entirely optional.  No 
coordinated unbundling effort will take place in EPEL at this time.

For more information, see:
https://fedoraproject.org/wiki/Changes/Web_Assets
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #997678 - Review Request: web-assets - A simple framework for bits 
pushed to browsers
        https://bugzilla.redhat.com/show_bug.cgi?id=997678
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

Reply via email to