The following Fedora EPEL 6 Security updates need testing: Age URL 908 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 240 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2.0.2-4.el6 127 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6 23 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2719/nodejs-0.10.32-1.el6,v8-3.14.5.10-14.el6 22 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2811/nodejs-qs-0.6.6-3.el6 22 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2821/nodejs-send-0.3.0-4.el6 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3064/mediawiki119-1.19.20-1.el6 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3202/python-oauth2-1.5.211-8.el6 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2850/nginx-1.0.15-8.el6 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3264/getmail-4.46.0-2.el6 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3279/php-ZendFramework-1.12.9-1.el6 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3286/facter-1.6.18-5.el6 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3297/catdoc-0.94.2-10.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3427/rubygem-httpclient-2.4.0-2.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3421/drupal7-7.32-1.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1.el6,python-astroid-1.2.1-1.el6,python-logilab-common-0.62.1-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing davfs2-1.4.7-8.el6 drupal7-7.32-1.el6 dvisvgm-1.8.1-1.el6 gccxml-0.9.0-0.25.20140718.gitab651a2.el6 golang-github-mitchellh-mapstructure-0-0.2.git740c764.el6 lcgdm-1.8.9-2.el6 mozilla-https-everywhere-4.0.2-1.el6 onionshare-0.6-6.el6 perl-Spreadsheet-XLSX-0.13-8.el6 php-Smarty-2.6.28-1.el6 php-doctrine-orm-2.4.6-1.el6 pylint-1.3.1-1.el6 python-astroid-1.2.1-1.el6 python-flask-openid-1.2.3-1.el6 python-logilab-common-0.62.1-2.el6 qtlockedfile-2.4-11.el6 roundcubemail-1.0.3-1.el6 rubygem-httpclient-2.4.0-2.el6 salt-2014.1.13-1.el6 scponly-4.8-15.el6 zarafa-7.1.11-1.el6 Details about builds: ================================================================================ davfs2-1.4.7-8.el6 (FEDORA-EPEL-2014-3443) A filesystem driver for WebDAV -------------------------------------------------------------------------------- Update Information: Add symlink in /sbin pointing to /usr/sbin for el6 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 13 2014 Moez Roy <moez....@gmail.com> - 1.4.7-8 -Add symlink in /sbin pointing to /usr/sbin for el6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151273 - davfs2 conflicts with filesystem-2.4.30-3.el6.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1151273 -------------------------------------------------------------------------------- ================================================================================ drupal7-7.32-1.el6 (FEDORA-EPEL-2014-3421) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Jared Smith <jsm...@fedoraproject.org> - 7.32-1 - Update to upstream 7.32 security release for SA-CORE-2014-005 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153402 - CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005) https://bugzilla.redhat.com/show_bug.cgi?id=1153402 -------------------------------------------------------------------------------- ================================================================================ dvisvgm-1.8.1-1.el6 (FEDORA-EPEL-2014-3426) DVI to SVG converter -------------------------------------------------------------------------------- Update Information: This update to the latest release fixes a couple of bugs, brings many improvements and introduces new features like support for XDV files and DVI files created with pTeX. For further details see: http://dvisvgm.sourceforge.net/News -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Martin Gieseking <martin.giesek...@uos.de> 1.8.1-1 - Updated to release 1.8.1 - Added patch to support old kapthasea library -------------------------------------------------------------------------------- ================================================================================ gccxml-0.9.0-0.25.20140718.gitab651a2.el6 (FEDORA-EPEL-2014-3411) XML output extension to GCC -------------------------------------------------------------------------------- Update Information: Synch with upstream - improved gcc 4.9 support files. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Mattias Ellert <mattias.ell...@fysast.uu.se> - 0.9.0-0.25.20140718.gitab651a2 - Updated git snapshot with updated gcc 4.9 support files * Sat Aug 16 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.9.0-0.24.20140610.gita012b8fe - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ golang-github-mitchellh-mapstructure-0-0.2.git740c764.el6 (FEDORA-EPEL-2014-3403) Go library for decoding generic map values into native Go structures -------------------------------------------------------------------------------- Update Information: New golang package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153724 - Review Request: golang-github-mitchellh-mapstructure - Go library for decoding generic map values into native Go structures https://bugzilla.redhat.com/show_bug.cgi?id=1153724 -------------------------------------------------------------------------------- ================================================================================ lcgdm-1.8.9-2.el6 (FEDORA-EPEL-2014-2840) LHC Computing Grid Data Management -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Alejandro Alvarez Ayllon <aalva...@cern.ch> - 1.8.9-2 - Patch for dpm-listspaces and dav publishing * Wed Sep 24 2014 Alejandro Alvarez <aalva...@cern.ch> - 1.8.9-1 - Update for new upstream release -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-4.0.2-1.el6 (FEDORA-EPEL-2014-3438) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: - Disable SSL 3 to Prevent POODLE attack: -- https://github.com/EFForg/https-everywhere/pull/674 - NEW: HTTP Nowhere mode. Block all plaintext http - Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn, Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix, net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung, Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook, F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie, localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub, Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal Institute of GB, Wall Street Journal -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Russell Golden <niveusl...@niveusluna.org> - 4.0.2-1 - Disable SSL 3 to Prevent POODLE attack: -- https://github.com/EFForg/https-everywhere/pull/674 - NEW: HTTP Nowhere mode. Block all plaintext http - Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn, Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix, net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung, Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook, F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie, localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub, Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal Institute of GB, Wall Street Journal -------------------------------------------------------------------------------- ================================================================================ onionshare-0.6-6.el6 (FEDORA-EPEL-2014-3423) Securely and anonymously share files of any size -------------------------------------------------------------------------------- Update Information: * onionshare - share files securely and anonymously. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151747 - Review request: onionshare - share files of any size securely and anonymously https://bugzilla.redhat.com/show_bug.cgi?id=1151747 -------------------------------------------------------------------------------- ================================================================================ perl-Spreadsheet-XLSX-0.13-8.el6 (FEDORA-EPEL-2014-3445) Perl extension for reading Microsoft Excel 2007 files -------------------------------------------------------------------------------- Update Information: Value "0" parsed as empty string when value is part of shared string table -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Robert Scheck <rob...@fedoraproject.org> 0.13-8 - Modified existing patch to parse value "0" correct (#1152739) * Fri Aug 29 2014 Jitka Plesnikova <jples...@redhat.com> - 0.13-7 - Perl 5.20 rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.13-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Aug 4 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.13-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 31 2013 Petr Pisar <ppi...@redhat.com> - 0.13-4 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152739 - value "0" parsed as empty string when value is part of shared string table https://bugzilla.redhat.com/show_bug.cgi?id=1152739 -------------------------------------------------------------------------------- ================================================================================ php-Smarty-2.6.28-1.el6 (FEDORA-EPEL-2014-3441) Template/Presentation Framework for PHP -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Johan Cwiklinski <johan AT x-tnd DOT be> 2.6.28-1 - Latest upstream release -------------------------------------------------------------------------------- ================================================================================ php-doctrine-orm-2.4.6-1.el6 (FEDORA-EPEL-2014-3451) Doctrine Object-Relational-Mapper (ORM) -------------------------------------------------------------------------------- Update Information: ### 2.4.6 * [1154: PHP 5.6 internal classes/Serializable serialization fix](https://github.com/doctrine/doctrine2/pull/1154) * [DDC-3120](http://www.doctrine-project.org/jira/browse/DDC-3120) * [DDC-3339](http://www.doctrine-project.org/jira/browse/DDC-3339) ### 2.4.5 * [1142: `func_get_args()` call order fix for HHVM bug](https://github.com/doctrine/doctrine2/pull/1142) * [DDC-3317](http://www.doctrine-project.org/jira/browse/DDC-3317) ### 2.4.4 * [1074: Regression in change set state after `UnitOfWork::recomputeSingleEntityChangeSet()`](https://github.com/doctrine/doctrine2/pull/1074) * [DDC-2996](http://www.doctrine-project.org/jira/browse/DDC-2996) * [DDC-3160](http://www.doctrine-project.org/jira/browse/DDC-3160) * [DDC-3208](http://www.doctrine-project.org/jira/browse/DDC-3208) ### 2.4.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 2.4.6-1 - Updated to 2.4.6 (BZ #1108129) - Manual git clone source instead of GitHub archive URL (to include tests) - Removed Patch1 (%{name}-upstream.patch) - Added tests -------------------------------------------------------------------------------- References: [ 1 ] Bug #1108129 - php-doctrine-orm-2.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1108129 -------------------------------------------------------------------------------- ================================================================================ pylint-1.3.1-1.el6 (FEDORA-EPEL-2014-3434) Analyzes Python code looking for bugs and signs of poor quality -------------------------------------------------------------------------------- Update Information: Rebase to current upstream pylint v1.3.1 Fixes CVE-2014-1838 and CVE-2014-1839 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Brian C. Lane <b...@redhat.com> 1.3.1-1 - Upstream v1.3.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060304 - CVE-2014-1838 CVE-2014-1839 python-logilab-common: multiple temporary file vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1060304 -------------------------------------------------------------------------------- ================================================================================ python-astroid-1.2.1-1.el6 (FEDORA-EPEL-2014-3434) Python Abstract Syntax Tree New Generation -------------------------------------------------------------------------------- Update Information: Rebase to current upstream pylint v1.3.1 Fixes CVE-2014-1838 and CVE-2014-1839 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060304 - CVE-2014-1838 CVE-2014-1839 python-logilab-common: multiple temporary file vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1060304 -------------------------------------------------------------------------------- ================================================================================ python-flask-openid-1.2.3-1.el6 (FEDORA-EPEL-2014-3450) OpenID support for Flask -------------------------------------------------------------------------------- Update Information: Fedora: Fixes the upgrade path from F20 to F21+ Upstream: 1.2.3: - Fix compatibility issue with python<2.7 introduced in 1.2.2. 1.2.2 - Make it easier to start the example by removing init_db. - Make OpenID errors more descriptive. - First try to utf8 encode, but skip for python3. - Make the checks for string type work. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 17 2014 Pierre-Yves Chibon <pin...@pingoured.fr> - 1.2.3-1 - Updated to 1.2.3 fixing the upgrade path at the same time * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1154036 - python-flask-openid: Please provide EPEL7 update https://bugzilla.redhat.com/show_bug.cgi?id=1154036 -------------------------------------------------------------------------------- ================================================================================ python-logilab-common-0.62.1-2.el6 (FEDORA-EPEL-2014-3434) Common libraries for Logilab projects -------------------------------------------------------------------------------- Update Information: Rebase to current upstream pylint v1.3.1 Fixes CVE-2014-1838 and CVE-2014-1839 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Brian C. Lane <b...@redhat.com> 0.62.1-2 - Add python-unittest2 to BuildRequires so %check unset DISPLAY will pass * Thu Oct 16 2014 Brian C. Lane <b...@redhat.com> 0.62.1-1 - Rebase on upstream v0.62.1 - Add python-unittest2 requirement for python2.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060304 - CVE-2014-1838 CVE-2014-1839 python-logilab-common: multiple temporary file vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1060304 -------------------------------------------------------------------------------- ================================================================================ qtlockedfile-2.4-11.el6 (FEDORA-EPEL-2014-3415) QFile extension with advisory locking functions -------------------------------------------------------------------------------- Update Information: Porting of qtlockedfile to EPEL6 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-1.0.3-1.el6 (FEDORA-EPEL-2014-3448) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: This update provides Roundcube 1.0.3. It is a minor bugfix update from 1.0.2 and should apply smoothly with no manual intervention. For details on the changes, refer to http://roundcube.net/news/2014/09/29/update-1.0.3-released/ . Thanks to Jeff Mings for reminding me of the availability of the new release. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Adam Williamson <awill...@redhat.com> - 1.0.3-1 - update to 1.0.3 - drop small chunk of confpath.patch that got done upstream -------------------------------------------------------------------------------- ================================================================================ rubygem-httpclient-2.4.0-2.el6 (FEDORA-EPEL-2014-3427) HTTP Client interface for ruby -------------------------------------------------------------------------------- Update Information: Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Troy Dawson <tdaw...@redhat.com> - 2.4.0-2 - Fix spec make it build and install on epel7 and older versions of fedora * Fri Jun 13 2014 Troy Dawson <tdaw...@redhat.com> - 2.4.0-1 - Update to latest upstream * Sun Jun 8 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.3.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Jan 31 2014 Adam Miller <maxamill...@fedoraproject.org> - 2.3.4.1-1 - Update to latest upstream * Sun Aug 4 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.3.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Mar 13 2013 Troy Dawson <tdaw...@redhat.com> - 2.3.2-6 - Fix to make it build/install on F19+ -------------------------------------------------------------------------------- ================================================================================ salt-2014.1.13-1.el6 (FEDORA-EPEL-2014-3410) A parallel remote execution system -------------------------------------------------------------------------------- Update Information: Update to bugfix release 2014.1.13 Update to bugfix release 2014.1.11 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 17 2014 Erik Johnson <e...@saltstack.com> - 2014.1.13-1 - Update to bugfix release 2014.1.13 * Mon Sep 29 2014 Erik Johnson <e...@saltstack.com> - 2014.1.11-1 - Update to bugfix release 2014.1.11 -------------------------------------------------------------------------------- ================================================================================ scponly-4.8-15.el6 (FEDORA-EPEL-2014-3442) Restricted shell for ssh based file services -------------------------------------------------------------------------------- Update Information: Update to unify spec across epel/fedora -------------------------------------------------------------------------------- ================================================================================ zarafa-7.1.11-1.el6 (FEDORA-EPEL-2014-3416) Open Source Edition of the Zarafa Collaboration Platform -------------------------------------------------------------------------------- Update Information: Zarafa Collaboration Platform 7.1.11 final R1 [46050] ===================================================== General ------- This R1 release of the 7.1.11 final release addresses the WebAccess install problem on RPM-based systems and resolves the dependencies problems under Ubuntu 14.04. Backend ------- * ZCP-12472: zarafa-search crashes on ubuntu 14.0.4 LTS * ZCP-12405: zarafa-search do not start on Ubuntu 14.04 * ZCP-12581: config files are being saved as config.cfg.dpkg-new on ubuntu 14.04 * ZCP-12570: install.sh for Ubuntu 14.04 * ZCP-12582: installing webaccess on rhel based systems result in scriptlet failed, exit status 1 Zarafa Collaboration Platform 7.1.11 final [45875] ================================================== General ------- This release brings a few new features while maintaining stability. With this release we address a few segfaults in zarafa-search to match this final release. Backend ------- * ZCP-11809: zarafa-gateway is unable to create RTF text stream * ZCP-11862: zarafa-backup zarafa-restore breaks textfiles * ZCP-11934: Enhance MariaDB support by modifying sql_mode * ZCP-12012: zarafa-server segfaults when running zarafa-stats --system * ZCP-12097: Disposition-Notification-To double colons in middle of line. dagent crashes * ZCP-12110: Segfault zarafa-server 7.1.8 R1 * ZCP-12127: Support for Apache 2.4 * ZCP-12134: Randomly lost e-mail attachments in e-mails * ZCP-12266: [BIG5] Customer requires an option to set the default character encoding of incoming mail when no encoding is set. * ZCP-12269: public folder shows MAPI_E_STORE_FULL when creating new element * ZCP-12272: WebAccess: .htaccess is not marked as a configuration file in rpm * ZCP-12436: jpegPhoto included twice in ldap.propmap.cfg * ZCP-12500: Zarafa stores rfc enforced linebreaks as actual line breaks * ZCP-12511: zarafa-gateway is unable to create RTF text stream * ZCP-12537: ical issue when password contains a colon * ZCP-12547: As a hoster I need a way to reduce the performance impact on LDAP caused by zarafa-licensed. * ZCP-12563: Create configuration setting to indicate if folder owners automatically get full access rights or not * ZCP-12548: zarafa-search segfault -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Robert Scheck <rob...@fedoraproject.org> 7.1.11-1 - Upgrade to 7.1.11 (#1139442) - Removed bundled PHP PEAR files/libraries - Added patch to allow mitigation of SSLv3/POODLE vulnerability - Added patch to implement ECDHE support (depending on OpenSSL) - Added patch to allow plaintext authentication from 127.0.0.1 * Tue Aug 26 2014 David Tardon <dtar...@redhat.com> - 7.1.10-5 - rebuild for ICU 53.1 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel