[EPEL-devel] Fedora EPEL 6 updates-testing report

updates Sat, 01 Nov 2014 16:47:15 -0700

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 924  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
 142  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6
  21  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3286/facter-1.6.18-5.el6
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1.el6,python-astroid-1.2.1-2.el6,python-logilab-common-0.62.1-2.el6
  10  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3527/asterisk-1.8.31.1-1.el6
  10  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3533/phpMyAdmin-4.0.10.5-1.el6
   9  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3561/nginx-1.0.15-10.el6
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3647/konversation-1.3.1-2.el6
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3589/hostapd-2.0-5.el6
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3623/Pound-2.6-2.el6.1
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3632/seamonkey-2.28-1.ESR_31.2.0.el6
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2069/php-channel-phpseclib-1.3-1.el6,php-sabredav-Sabre_VObject-2.1.4-2.el6,php-sabredav-Sabre_HTTP-1.7.11-1.el6,php-sabredav-Sabre_DAVACL-1.7.9-1.el6,php-sabredav-Sabre_DAV-1.7.13-1.el6,php-sabredav-Sabre_CardDAV-1.7.9-2.el6,php-sabredav-Sabre_CalDAV-1.7.9-1.el6,php-irodsphp-3.3.0-0.4.beta1.el6,php-phpseclib-net-ssh2-0.3.5-3.el6,php-phpseclib-net-sftp-0.3.5-2.el6,php-phpseclib-crypt-twofish-0.3.5-3.el6,php-phpseclib-crypt-tripledes-0.3.5-3.el6,php-phpseclib-crypt-rsa-0.3.5-3.el6,php-phpseclib-crypt-rijndael-0.3.5-2.el6,php-phpseclib-crypt-rc4-0.3.5-2.el6,php-phpseclib-crypt-random-0.3.5-2.el6,php-phpseclib-crypt-hash-0.3.5-2.el6,php-phpseclib-crypt-des-0.3.5-3.el6,php-phpseclib-crypt-blowfish-0.3.5-4.el6,php-phpseclib-crypt-aes-0.3.5-2.el6,php-phpseclib-math-biginteger-0.3.5-2.el6,owncloud-6.0.5-4.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3680/php-ZendFramework2-2.2.8-2.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3748/tnftp-20141031-1.el6



The following builds have been pushed to Fedora EPEL 6 updates-testing

    createrepo_c-0.7.1-1.el6
    gambit-c-4.7.3-1.el6
    geany-themes-1.24-1.el6
    getdns-0.1.5-1.el6
    golang-github-russross-blackfriday-1.2-3.el6
    libgeotiff-1.2.5-6.el6
    mg-20141007-1.el6
    nodejs-seq-0.3.5-3.el6
    pdns-recursor-3.6.2-1.el6
    php-ZendFramework2-2.2.8-2.el6
    python-ase-3.8.1.3440-13.el6
    tnftp-20141031-1.el6
    vile-9.8o-1.el6

Details about builds:


================================================================================
 createrepo_c-0.7.1-1.el6 (FEDORA-EPEL-2014-3762)
 Creates a common metadata repository
--------------------------------------------------------------------------------
Update Information:

Update to 0.7.1
Update to 0.7.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.1-1
- Mergerepo: Fix mergerepo
- Mergerepo: Add some debugging of metadata read.
* Mon Oct 20 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.0-1
- deltarpms: Update module to work with current version of drpm
- mergerepo_c: Add --omit-baseurl option
- craterepo_c: Gen empty repo if empty pkglist is used
- Docs: Output python docs to separate directory
- Several small fixes
* Tue Aug 12 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.6.1-1
- updateinfo: Use Python datetime objects in python bindings
* Tue Aug  5 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.6.0-1
- Support for updateinfo.xml manipulation (including Python bindings)
* Fri Jul 18 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.5.0-1
- Experimental delta rpm (DRPM) support (Disabled in Fedora build).
--------------------------------------------------------------------------------


================================================================================
 gambit-c-4.7.3-1.el6 (FEDORA-EPEL-2014-3766)
 Scheme programming system
--------------------------------------------------------------------------------
Update Information:

Latest Gambit-C release, see https://github.com/feeley/gambit/commits for 
commits between 2014-02-05 and 2014-07-23 for changes
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 30 2014 Michel Alexandre Salim <sali...@fedoraproject.org> - 4.7.3-1
- Update to 4.7.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1124050 - gambit-c-4.7.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1124050
--------------------------------------------------------------------------------


================================================================================
 geany-themes-1.24-1.el6 (FEDORA-EPEL-2014-3687)
 A collection of syntax highlighting color schemes for Geany
--------------------------------------------------------------------------------
Update Information:

The is the first Geany-Themes package for EPEL6!
--------------------------------------------------------------------------------


================================================================================
 getdns-0.1.5-1.el6 (FEDORA-EPEL-2014-3764)
 Modern asynchronous API to the DNS
--------------------------------------------------------------------------------
Update Information:

Updated to 0.1.5 with bugfixes and persistent TCP connections
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Paul Wouters <pwout...@redhat.com> - 0.1.5-1
- Updated to 0.1.5 with bugfixes and persistent TCP connections
- Example code moved into spec/
* Sat Aug 16 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 0.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Jul  2 2014 Paul Wouters <pwout...@redhat.com> - 0.1.3-1
- Updated to 0.1.3
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 0.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 22 2014 Paul Wouters <pwout...@redhat.com> - 0.1.1-2
- Build with libevent support
--------------------------------------------------------------------------------


================================================================================
 golang-github-russross-blackfriday-1.2-3.el6 (FEDORA-EPEL-2014-3750)
 Markdown processor implemented in Go
--------------------------------------------------------------------------------
Update Information:

include fedora/rhel arch conditionals
--------------------------------------------------------------------------------


================================================================================
 libgeotiff-1.2.5-6.el6 (FEDORA-EPEL-2014-3747)
 GeoTIFF format library
--------------------------------------------------------------------------------
Update Information:

Update URL, un-retire.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 30 2014 Orion Poplawski <or...@cora.nwra.com> - 1.2.5-6
- Update URL and Source
- Drop buildroot, clean, and defattr
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1158983 - Review Request: libgeotiff - GeoTIFF format library
        https://bugzilla.redhat.com/show_bug.cgi?id=1158983
--------------------------------------------------------------------------------


================================================================================
 mg-20141007-1.el6 (FEDORA-EPEL-2014-3734)
 Tiny Emacs-like editor
--------------------------------------------------------------------------------
Update Information:

upgrade to 20141007
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 30 2014 Mark McKinstry <mmcki...@nexcess.net> - 20141007-1
- upgrade to 20141007 (RHBZ#1150492)
* Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 20140414-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1150492 - mg-20141007 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1150492
--------------------------------------------------------------------------------


================================================================================
 nodejs-seq-0.3.5-3.el6 (FEDORA-EPEL-2014-3741)
 An asynchronous flow control library
--------------------------------------------------------------------------------
Update Information:

Initial package. Fix chainsaw module dependency version

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1142050 - Review Request: nodejs-seq - An asynchronous flow 
control library
        https://bugzilla.redhat.com/show_bug.cgi?id=1142050
  [ 2 ] Bug #1159350 - invalid dependency on epel6
        https://bugzilla.redhat.com/show_bug.cgi?id=1159350
--------------------------------------------------------------------------------


================================================================================
 pdns-recursor-3.6.2-1.el6 (FEDORA-EPEL-2014-3742)
 Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:

- Update to 3.6.2
- Enable security status polling

Version 3.6.2 is a bugfix update to 3.6.1.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Morten Stevens <mstev...@imt-systems.com> - 3.6.2-1
- Update to 3.6.2
- Enable security status polling
--------------------------------------------------------------------------------


================================================================================
 php-ZendFramework2-2.2.8-2.el6 (FEDORA-EPEL-2014-3680)
 Zend Framework 2
--------------------------------------------------------------------------------
Update Information:

# Security Fixes

- **ZF2014-05**: Due to an issue that existed in PHP's LDAP extension, it is 
possible to perform an unauthenticated simple bind against a LDAP server by 
using a null byte for the password, regardless of whether or not the user 
normally requires a password. We have provided a patch in order to protect 
users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all 
versions of PHP 5.3 and below). If you use Zend\Ldap and are on an affected 
version of PHP, we recommend upgrading immediately.
- **ZF2014-06**: A potential SQL injection vector existed when using a SQL 
Server adapter to manually quote values due to the fact that it was not 
escaping null bytes. Code was added to ensure null bytes are escaped, and thus 
mitigate the SQLi vector. We do not recommend manually quoting values, but if 
you do, and use the SQL Server adapter without PDO, we recommend upgrading 
immediately.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 2.2.8-2
- Removed invalid zend-resources require from Validation component
* Tue Oct 28 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 2.2.8-1
- Updated to 2.2.8
- BZ #1151276 / CVE-2014-8088 / ZF2014-05
- BZ #1151277 / CVE-2014-8089 / ZF2014-06
- BZ #1151278 (fedora)
- BZ #1151280 (epel6)
- Added composer virtual provides and requires
- APC optional for ProgressBar component
- Added tests
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue, 
connect to LDAP without knowing the password (ZF2014-05)
        https://bugzilla.redhat.com/show_bug.cgi?id=1151276
  [ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue 
when using the sqlsrv PHP extension (ZF2014-06)
        https://bugzilla.redhat.com/show_bug.cgi?id=1151277
--------------------------------------------------------------------------------


================================================================================
 python-ase-3.8.1.3440-13.el6 (FEDORA-EPEL-2014-3740)
 Atomic Simulation Environment
--------------------------------------------------------------------------------
Update Information:

larger icon
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Marcin Dulak <marcin.du...@gmail.com> - 3.8.1.3440-13
- larger icon - https://bugzilla.redhat.com/show_bug.cgi?id=1157516
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 3.8.1.3440-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat May  3 2014 Björn Esser <bjoern.es...@gmail.com> - 3.8.1.3440-11
- failsafe backport of Python2-macros for RHEL <= 6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1157516 - Application icon is too small to be used in the software 
center
        https://bugzilla.redhat.com/show_bug.cgi?id=1157516
--------------------------------------------------------------------------------


================================================================================
 tnftp-20141031-1.el6 (FEDORA-EPEL-2014-3748)
 FTP (File Transfer Protocol) client from NetBSD
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-8517
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 David Cantrell <dcantr...@redhat.com> - 20141031-1
- Upgrade to tnftp-20141031 to fix CVE-2014-8517 (#1158287)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1158286 - CVE-2014-8517 tnftp: ftp client could be forced to 
execute arbitrary commands
        https://bugzilla.redhat.com/show_bug.cgi?id=1158286
--------------------------------------------------------------------------------


================================================================================
 vile-9.8o-1.el6 (FEDORA-EPEL-2014-3735)
 VI Like Emacs
--------------------------------------------------------------------------------
Update Information:

upgrade to 9.8o
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Mark McKinstry <mmcki...@example.com> - 9.8o-1
- upgrade to 9.8o
* Fri Sep 12 2014 Mark McKinstry <mmcki...@example.com> - 9.8n-1
- upgrade to 9.8n
* Mon Aug 18 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 9.8m-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1116919 - vile-9.8o is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1116919
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

[EPEL-devel] Fedora EPEL 6 updates-testing report

Reply via email to