The following Fedora EPEL 6 Security updates need testing:
Age URL
754
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
101
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-1.el6
86
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2.0.2-4.el6
45
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1011/php-ZendFramework-1.12.5-1.el6
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1304/rxvt-unicode-9.20-1.el6
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1319/python-fmn-web-0.2.4-3.el6
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1312/python-fedora-0.3.34-1.el6
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1379/seamonkey-2.21-6.ESR_24.5.0.el6
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1388/botan-1.8.14-2.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1414/gajim-0.14.4-4.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ceph-0.80.1-2.el6
docker-io-0.11.1-4.el6
dpm-dsi-1.9.3-2.el6
fts-mysql-3.2.25-1.el6
gajim-0.14.4-4.el6
golang-1.2.2-2.el6
nagios-plugins-bonding-1.4-1.el6
packagedb-cli-2.2-1.el6
pcp-3.9.4-1.el6
piglit-1-0.15.20140414GIT8775223.el6
python-anyjson-0.3.3-1.el6
python-behave-1.2.3-13.el6
python-humanize-0.5-4.el6
python-junitxml-0.7-1.el6
rubygem-mizuho-0.9.20-3.el6
stompclt-1.2-1.el6
xl2tpd-1.3.6-1.el6
Details about builds:
================================================================================
ceph-0.80.1-2.el6 (FEDORA-EPEL-2014-1432)
User space components of the Ceph file system
--------------------------------------------------------------------------------
Update Information:
build epel-6
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 14 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.80.1-2
- build epel-6
- exclude %{_libdir}/ceph/erasure-code in base package
* Tue May 13 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.80.1-1
- Update to latest stable upstream release, BZ 1095201
- PIE, _hardened_build, BZ 955174
* Thu Feb 6 2014 Ken Dreyer <ken.dre...@inktank.com> - 0.72.2-2
- Move plugins from -devel into -libs package (#891993). Thanks Michael
Schwendt.
* Mon Jan 6 2014 Ken Dreyer <ken.dre...@inktank.com> 0.72.2-1
- Update to latest stable upstream release
- Use HTTPS for URLs
- Submit Automake 1.12 patch upstream
- Move unversioned shared libs from ceph-libs into ceph-devel
* Wed Dec 18 2013 Marcin Juszkiewicz <mjuszkiew...@redhat.com> 0.67.3-4
- build without tcmalloc on aarch64 (no gperftools)
* Sat Nov 30 2013 Peter Robinson <pbrobin...@fedoraproject.org> 0.67.3-3
- gperftools not currently available on aarch64
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1095201 - ceph-0.80.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1095201
[ 2 ] Bug #955174 - ceph package should be built with PIE flags
https://bugzilla.redhat.com/show_bug.cgi?id=955174
--------------------------------------------------------------------------------
================================================================================
docker-io-0.11.1-4.el6 (FEDORA-EPEL-2014-1419)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
el6 capabilities fix from Vincent Batts <vba...@redhat.com>
regenerate btrfs removal patch
BZ 1080799 - upstream version bump
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 14 2014 Lokesh Mandvekar <l...@redhat.com> - 0.11.1-4
- el6 capabilities fix from Vincent Batts <vba...@redhat.com>
https://github.com/vbatts/docker/commit/a8b720e191e149cb9abf4230c0c5fd410282400d
* Tue May 13 2014 Stephen Price <ste...@gmail.com> - 0.11.1-3
- add selinux to sysconfig
* Tue May 13 2014 Stephen Price <ste...@gmail.com> - 0.11.1-2
- add lxc patch back
- use md2man-all.sh to generate man pages
- add selinux
* Mon May 12 2014 Stephen Price <ste...@gmail.com> - 0.11.1-1
- Upstream version bump
- Update changed paths
- Remove lxc patch
* Fri May 9 2014 Lokesh Mandvekar <l...@redhat.com> - 0.10.0-3
- remove fedora/rhel conditionals (not built)
* Mon Apr 14 2014 Lokesh Mandvekar <l...@redhat.com> - 0.10.0-2
- regenerate btrfs removal patch
- update commit value
* Mon Apr 14 2014 Lokesh Mandvekar <l...@redhat.com> - 0.10.0-1
- include manpages from contrib
* Wed Apr 9 2014 Bobby Powers <bobbypow...@gmail.com> - 0.10.0-1
- Upstream version bump
* Thu Mar 27 2014 Lokesh Mandvekar <l...@redhat.com> - 0.9.1-1
- BZ 1080799 - upstream version bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096868 - Docker 0.11 released
https://bugzilla.redhat.com/show_bug.cgi?id=1096868
[ 2 ] Bug #1087223 - docker-io-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1087223
[ 3 ] Bug #1086430 - Update to latest version 0.10.0
https://bugzilla.redhat.com/show_bug.cgi?id=1086430
[ 4 ] Bug #1080799 - docker-io-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1080799
--------------------------------------------------------------------------------
================================================================================
dpm-dsi-1.9.3-2.el6 (FEDORA-EPEL-2014-1425)
Disk Pool Manager (DPM) plugin for the Globus GridFTP server
--------------------------------------------------------------------------------
Update Information:
Patch for proper EOF handling
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2014 Alejandro Alvarez <aalva...@cern.ch> - 1.9.3-2
- Patch for proper EOF handling
--------------------------------------------------------------------------------
================================================================================
fts-mysql-3.2.25-1.el6 (FEDORA-EPEL-2014-1428)
File Transfer Service V3 mysql plug-in
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Michal Simon <michal.si...@cern.ch> - 3.2.25-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
gajim-0.14.4-4.el6 (FEDORA-EPEL-2014-1414)
Jabber client written in PyGTK
--------------------------------------------------------------------------------
Update Information:
patch for CVE-2012-5524
Gajim performed verification of invalid (broken / expired) x.509v3 SSL
certificates (True as return value was returned always regardless if error
during certificate validation occurred or not). A rogue XMPP server could use
this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to
accept the certificate even when it was invalid / should not be accepted.
This release fixes this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 29 2014 Matěj Cepl <mc...@redhat.com> - 0.14.4-4
- CVE-2012-5524
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #875809 - CVE-2012-5524 gajim: Improper handling of invalid
certificates
https://bugzilla.redhat.com/show_bug.cgi?id=875809
--------------------------------------------------------------------------------
================================================================================
golang-1.2.2-2.el6 (FEDORA-EPEL-2014-1416)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Version bump to go1.2.2. Provide packages to allow cross compile of go source
code. Provide an rpm macros file.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 9 2014 Vincent Batts <vba...@redhat.com> 1.2.2-2
- more arch file shuffling
* Fri May 9 2014 Vincent Batts <vba...@redhat.com> 1.2.2-1
- update to go1.2.2
* Thu May 8 2014 Vincent Batts <vba...@redhat.com> 1.2.1-8
- RHEL6 rpm macros can't %exlude missing files
* Wed May 7 2014 Vincent Batts <vba...@redhat.com> 1.2.1-7
- missed two arch-dependent src files
* Wed May 7 2014 Vincent Batts <vba...@redhat.com> 1.2.1-6
- put generated arch-dependent src in their respective RPMs
* Fri Apr 11 2014 Vincent Batts <vba...@redhat.com> 1.2.1-5
- skip test that is causing a SIGABRT on fc21 bz1086900
* Thu Apr 10 2014 Vincent Batts <vba...@fedoraproject.org> 1.2.1-4
- fixing file and directory ownership bz1010713
* Wed Apr 9 2014 Vincent Batts <vba...@fedoraproject.org> 1.2.1-3
- including more to macros (%go_arches)
- set a standard goroot as /usr/lib/golang, regardless of arch
- include sub-packages for compiler toolchains, for all golang supported
architectures
* Wed Mar 26 2014 Vincent Batts <vba...@fedoraproject.org> 1.2.1-2
- provide a system rpm macros. Starting with /usr/share/gocode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1095622 - golang-1.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1095622
[ 2 ] Bug #1096218 - RFE: provide compiler bootstrapping for all go-compiler
supported architectures
https://bugzilla.redhat.com/show_bug.cgi?id=1096218
[ 3 ] Bug #1010713 - create and own %{_datadir}/gocode and
%{_datadir}/gocode/src
https://bugzilla.redhat.com/show_bug.cgi?id=1010713
[ 4 ] Bug #1057340 - rpm macros for golang
https://bugzilla.redhat.com/show_bug.cgi?id=1057340
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-bonding-1.4-1.el6 (FEDORA-EPEL-2014-1427)
Nagios plugin to monitor Linux bonding interfaces
--------------------------------------------------------------------------------
Update Information:
Upstream release 1.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #887821 - Review Request: nagios-plugins-bonding - Nagios plugin to
monitor Linux bonding interfaces
https://bugzilla.redhat.com/show_bug.cgi?id=887821
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-2.2-1.el6 (FEDORA-EPEL-2014-1418)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
Update to 2.2
* Replaces `devel` by `master`
* Fix layout for groups
* Rely on /api/critpath for the get_critpath_packages method
* Log URLs before calling them rather than after
Update to 2.1, for the pkgdb2 upgrade
Update to 2.1, for the pkgdb2 upgrade
Update to 2.1, for the pkgdb2 upgrade
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2014 Pierre-Yves Chibon <pin...@pingoured.fr> - 2.2-1
- Update to 2.2
- Replaces `devel` by `master`
- Fix layout for groups
- Rely on /api/critpath for the get_critpath_packages method
- Log URLs before calling them rather than after
* Thu May 15 2014 Pierre-Yves Chibon <pin...@pingoured.fr> - 2.1-1
- Update to 2.1
- Adds supports to pkgdb2client for the critpath filtering or querying
* Wed May 14 2014 Pierre-Yves Chibon <pin...@pingoured.fr> - 2.0-1
- Update to 2.0 for pkgdb2
- Adjust spec to rely on the newly included setup.py
- Add BR on python-setuptools (and explicitely on python-requests)
- Adjust the BR now that we use setup.py, all R are also BR
--------------------------------------------------------------------------------
================================================================================
pcp-3.9.4-1.el6 (FEDORA-EPEL-2014-1423)
System-level performance monitoring and performance management
--------------------------------------------------------------------------------
Update Information:
Update to latest PCP sources
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2014 Nathan Scott <nath...@redhat.com> - 3.9.4-1
- Merged pcp-gui and pcp-doc packages into core PCP.
- Allow for conditional libmicrohttpd builds in spec file.
- Adopt slow-start capability in systemd PMDA (BZ 1073658)
- Resolve pmcollectl network/disk mis-reporting (BZ 1097095)
- Update to latest PCP sources.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1073658 - intermittent pmdasystemd failure at pmcd startup during
system boot
https://bugzilla.redhat.com/show_bug.cgi?id=1073658
--------------------------------------------------------------------------------
================================================================================
piglit-1-0.15.20140414GIT8775223.el6 (FEDORA-EPEL-2014-1424)
Collection of automated tests for OpenGL implementations
--------------------------------------------------------------------------------
Update Information:
Put ExcludeArch back for ppc64 and missing python-importlib Require
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1098113 - missing lib/ include
https://bugzilla.redhat.com/show_bug.cgi?id=1098113
[ 2 ] Bug #1098170 - summary.py tries to access the "templates" dir in
current dir
https://bugzilla.redhat.com/show_bug.cgi?id=1098170
--------------------------------------------------------------------------------
================================================================================
python-anyjson-0.3.3-1.el6 (FEDORA-EPEL-2014-1420)
Wraps the best available JSON implementation available
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version 0.3.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 14 2014 Fabian Affolter <m...@fabian-affolter.ch> - 0.3.3-1
- Update to new upstream version 0.3.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1097206 - Update python-anyjson to 0.3.3
https://bugzilla.redhat.com/show_bug.cgi?id=1097206
--------------------------------------------------------------------------------
================================================================================
python-behave-1.2.3-13.el6 (FEDORA-EPEL-2014-1433)
Tools for the behavior-driven development, Python style
--------------------------------------------------------------------------------
Update Information:
Remove bundled compatibility libraries and add Requires
Add python-setuptools dependency (fix #1084996)
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 9 2014 Matěj Cepl <mc...@redhat.com> - 1.2.3-13
- Remove bundled compatibility libraries and add Requires
(fix #1096220).
* Mon Apr 7 2014 Matěj Cepl <mc...@redhat.com> - 1.2.3-12
- Add python-setuptools dependency (fix #1084996)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096220 - python-behave package should depend on python-importlib
https://bugzilla.redhat.com/show_bug.cgi?id=1096220
[ 2 ] Bug #1084996 - Behave package should depend on python-setuptools
https://bugzilla.redhat.com/show_bug.cgi?id=1084996
--------------------------------------------------------------------------------
================================================================================
python-humanize-0.5-4.el6 (FEDORA-EPEL-2014-1426)
Turns dates in to human readable format, e.g '3 minutes ago'
--------------------------------------------------------------------------------
Update Information:
First version of package in Fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1088882 - Review Request: python-humanize - Turns dates in to
human readable format, e.g '3 minutes ago'
https://bugzilla.redhat.com/show_bug.cgi?id=1088882
--------------------------------------------------------------------------------
================================================================================
python-junitxml-0.7-1.el6 (FEDORA-EPEL-2014-1430)
PyJUnitXML, a pyunit extension to output JUnit compatible XML
--------------------------------------------------------------------------------
Update Information:
Initial package. pyunit extension to output JUnit compatible XML
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1093406 - Review Request: python-junitxml - pyunit extension to
output JUnit compatible XML
https://bugzilla.redhat.com/show_bug.cgi?id=1093406
--------------------------------------------------------------------------------
================================================================================
rubygem-mizuho-0.9.20-3.el6 (FEDORA-EPEL-2014-1431)
Mizuho documentation formatting tool
--------------------------------------------------------------------------------
Update Information:
Fix native templated directory (#1072246), fix epel6 dependencies
Newpackage
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1072246 - TEMPLATES_DIR does not point to proper path
https://bugzilla.redhat.com/show_bug.cgi?id=1072246
--------------------------------------------------------------------------------
================================================================================
stompclt-1.2-1.el6 (FEDORA-EPEL-2014-1421)
Versatile STOMP client
--------------------------------------------------------------------------------
Update Information:
Update to upstream, rhbz #1097055.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 13 2014 Alexandre Beche <alexandre.be...@gmail.com> 1.2-1
- Update to upstream, rhbz #1097055.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1097055 - Upgrade to new upstream version
https://bugzilla.redhat.com/show_bug.cgi?id=1097055
--------------------------------------------------------------------------------
================================================================================
xl2tpd-1.3.6-1.el6 (FEDORA-EPEL-2014-1415)
Layer 2 Tunnelling Protocol Daemon (RFC 2661)
--------------------------------------------------------------------------------
Update Information:
Updated to 1.3.6 which fixes listening on the ANY address and revert of ipparam
manipulation
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Paul Wouters <pwout...@redhat.com> - 1.3.6-1
- Updated to 1.3.6 - using github-only monstrosity packaging
- Resolves: rhbz#1051785 (new upstream version available)
- Resolves: rhbz#868391 - xl2tpd sends response packets from wrong IP address
- Revert: rhbz#929447 - Incorrect "ipparam" manipulation
- Removed patches merged in upstream.
- FIPS patch updated with advertising clause for openssl in xl2tpd -V
(although the GPL code was already basically taken from openssl)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1051785 - xl2tpd-1.3.7dev1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1051785
[ 2 ] Bug #868391 - xl2tpd sends response packets from wrong IP address
https://bugzilla.redhat.com/show_bug.cgi?id=868391
[ 3 ] Bug #929447 - Incorrect "ipparam" manipulation
https://bugzilla.redhat.com/show_bug.cgi?id=929447
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
