The following Fedora EPEL 6 Security updates need testing:
Age URL
955
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
174
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6
45
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1.el6,python-astroid-1.2.1-2.el6,python-logilab-common-0.62.1-2.el6
20
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4151/lsyncd-2.1.4-4.el6.1.1
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4144/nodejs-0.10.33-1.el6,libuv-0.10.29-1.el6
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4165/python-eyed3-0.7.4-5.el6
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4237/drupal7-7.34-1.el6
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4192/wordpress-4.0.1-1.el6
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4233/drupal6-6.34-1.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4242/facter-1.6.18-8.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4243/asterisk-1.8.32.1-1.el6
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2069/php-channel-phpseclib-1.3-1.el6,php-sabredav-Sabre_VObject-2.1.4-2.el6,php-sabredav-Sabre_HTTP-1.7.11-1.el6,php-sabredav-Sabre_DAVACL-1.7.9-1.el6,php-sabredav-Sabre_DAV-1.7.13-1.el6,php-sabredav-Sabre_CardDAV-1.7.9-2.el6,php-sabredav-Sabre_CalDAV-1.7.9-1.el6,php-irodsphp-3.3.0-0.4.beta1.el6,php-phpseclib-net-ssh2-0.3.9-1.el6,php-phpseclib-net-sftp-0.3.9-1.el6,php-phpseclib-crypt-twofish-0.3.9-2.el6,php-phpseclib-crypt-tripledes-0.3.9-2.el6,php-phpseclib-crypt-rsa-0.3.9-1.el6,php-phpseclib-crypt-rijndael-0.3.9-2.el6,php-phpseclib-crypt-rc4-0.3.9-2.el6,php-phpseclib-crypt-random-0.3.9-1.el6,php-phpseclib-crypt-hash-0.3.9-1.el6,php-phpseclib-crypt-des-0.3.9-2.el6,php-phpseclib-crypt-blowfish-0.3.9-2.el6,php-phpseclib-crypt-aes-0.3.9-1.el6,php-phpseclib-math-biginteger-0.3.9-1.el6,php-phpseclib-crypt-base-0.3.9-1.el6,owncloud-6.0.6-1.el6
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4281/docker-io-1.3.2-2.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4404/perl-YAML-LibYAML-0.38-5.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4384/antiword-0.37-17.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4407/pkcs11-helper-1.11-3.el6,openvpn-2.3.6-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
antiword-0.37-17.el6
cp2k-2.4-3.20140428svn13818.el6
openvpn-2.3.6-1.el6
perl-YAML-LibYAML-0.38-5.el6
php-aws-sdk-2.7.6-1.el6
pkcs11-helper-1.11-3.el6
pyhoca-gui-0.5.0.3-1.el6
python-cliapp-1.20140719-1.el6
python-x2go-0.5.0.2-1.el6
scotch-6.0.3-2.el6
statsd-0.7.2-3.el6
xpdf-3.04-6.el6
Details about builds:
================================================================================
antiword-0.37-17.el6 (FEDORA-EPEL-2014-4384)
MS Word to ASCII/Postscript converter
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-8123
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Adrian Reber <adr...@lisas.de> - 0.37-17
- added patch for "CVE-2014-8123 antiword: buffer overflow of
atPPSlist[].szName[]" (#1169665)
- fixed dates in changelog
* Fri Aug 15 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.37-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.37-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.37-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.37-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jul 18 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.37-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.37-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Feb 7 2011 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.37-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169665 - CVE-2014-8123 antiword: buffer overflow of
atPPSlist[].szName[]
https://bugzilla.redhat.com/show_bug.cgi?id=1169665
--------------------------------------------------------------------------------
================================================================================
cp2k-2.4-3.20140428svn13818.el6 (FEDORA-EPEL-2014-4396)
Ab Initio Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:
This update fixes the broken dependencies caused by RHEL/CentOS 6.6 upgrade and
updates the code to latest snapshot from the stable 2.4 branch.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2014 Dominik Mierzejewski <r...@greysector.net> -
2.4-3.20140428svn13818
- update to latest 2.4 branch snapshot
- fix build against current blacs/scalapack
- mpich2 got renamed to mpich
- fix description (cp2k doesn't implement Car-Parinello Molecular Dynamics)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1155075 - cp2k-mpich2 and cp2k-openmpi got broken by rhel 6.6
update
https://bugzilla.redhat.com/show_bug.cgi?id=1155075
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.6-1.el6 (FEDORA-EPEL-2014-4407)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Jon Ciesla <limburg...@gmail.com> 2.3.6-1
- 2.3.6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS
OpenVPN by sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS
OpenVPN by sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
perl-YAML-LibYAML-0.38-5.el6 (FEDORA-EPEL-2014-4404)
Perl YAML Serialization using XS and libyaml
--------------------------------------------------------------------------------
Update Information:
An assertion failure was found in the way the libyaml library parsed wrapped
strings. An attacker able to load specially crafted YAML input into an
application using libyaml could cause the application to crash.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Paul Howarth <p...@city-fan.org> - 0.38-5
- Fix assert failure when parsing wrapped strings (CVE-2014-9130)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing
wrapped strings
https://bugzilla.redhat.com/show_bug.cgi?id=1169369
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk-2.7.6-1.el6 (FEDORA-EPEL-2014-4391)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 2.7.6 - 2014-11-20
* Added support for AWS KMS integration to the Amazon Redshift Client.
* Fixed cn-north-1 endpoint for AWS Identity and Access Management.
* Updated `S3Client::getBucketLocation` method to work cross-region regardless
of the region's signature requirements.
* Fixed an issue with the DynamoDbClient that allows it to work better with
with DynamoDB Local.
## 2.7.5 - 2014-11-13
* Added support for AWS Lambda.
* Added support for event notifications to the Amazon S3 client.
* Fixed an issue with S3 pre-signed URLs when using Signature V4.
## 2.7.4 - 2014-11-12
* Added support for the AWS Key Management Service (AWS KMS).
* Added support for AWS CodeDeploy.
* Added support for AWS Config.
* Added support for AWS KMS encryption to the Amazon S3 client.
* Added support for AWS KMS encryption to the Amazon EC2 client.
* Added support for Amazon CloudWatch Logs delivery to the AWS CloudTrail
client.
* Added the GetTemplateSummary operation to the AWS CloudFormation client.
* Fixed an issue with sending signature version 4 Amazon S3 requests that
contained a 0 length body.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 25 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 2.7.6-1
- Updated to 2.7.6 (BZ #1164158)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164158 - php-aws-sdk-2.7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1164158
--------------------------------------------------------------------------------
================================================================================
pkcs11-helper-1.11-3.el6 (FEDORA-EPEL-2014-4407)
A library for using PKCS#11 providers
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Apr 11 2014 Jon Ciesla <limburg...@gmail.com> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.
* Sun Aug 4 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr 2 2013 Kalev Lember <kalevlem...@gmail.com> - 1.10-1
- Update to 1.10
* Thu Feb 14 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.09-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.09-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.09-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Aug 17 2011 Kalev Lember <kalevlem...@gmail.com> - 1.09-1
- Update to 1.09
* Sun Jun 19 2011 Kalev Lember <ka...@smartlink.ee> - 1.08-1
- Update to 1.08
- Clean up the spec file for modern rpmbuild
* Wed Feb 9 2011 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.07-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS
OpenVPN by sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS
OpenVPN by sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
pyhoca-gui-0.5.0.3-1.el6 (FEDORA-EPEL-2014-4383)
Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still
referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Orion Poplawski <or...@cora.nwra.com> - 0.5.0.3-1
- Update to 0.5.0.3
--------------------------------------------------------------------------------
================================================================================
python-cliapp-1.20140719-1.el6 (FEDORA-EPEL-2014-4405)
Python framework for Unix command line programs
--------------------------------------------------------------------------------
Update Information:
Version 1.20140719
* The way logging is set up has been split into smaller methods, to allow
overriding better.
* Plugins no longer need to define a `disable` method: the default
implementation is now a no-op.
Bug fixes:
* When getting help for a subcommand, cliapp would crash saying
`get_help_text_formatter` couldn't be found. This has been fixed.
Version 1.20140315
------------------
* `cliapp` now logs the current working directory, uid, effective uid, gid, and
effective gid at startup.
* `cliapp` (`Settings.load_configs`) now reports an unknown
variable in a configuration file with a nice error message, rather than a
stack trace.
* Allow overriding how the full help text for a subcommand is to be formatted.
* The `cliapp.Settings.require` method now accepts many setting names, and
check for all of them.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Michel Alexandre Salim <sali...@fedoraproject.org> -
1.20140719-1
- Update to 1.20140719
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1077600 - python-cliapp-1.20140719 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1077600
--------------------------------------------------------------------------------
================================================================================
python-x2go-0.5.0.2-1.el6 (FEDORA-EPEL-2014-4383)
Python module providing X2Go client API
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still
referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Orion Poplawski <or...@cora.nwra.com> - 0.5.0.2-1
- Update to 0.5.0.2
--------------------------------------------------------------------------------
================================================================================
scotch-6.0.3-2.el6 (FEDORA-EPEL-2014-4381)
Graph, mesh and hypergraph partitioning library
--------------------------------------------------------------------------------
Update Information:
New package for el6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1112738 - please build for EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1112738
--------------------------------------------------------------------------------
================================================================================
statsd-0.7.2-3.el6 (FEDORA-EPEL-2014-4401)
A simple, lightweight network daemon to collect metrics over UDP
--------------------------------------------------------------------------------
Update Information:
fix end of line encodings
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164496 - Review Request: statsd - A simple, lightweight network
daemon to collect metrics over UDP
https://bugzilla.redhat.com/show_bug.cgi?id=1164496
--------------------------------------------------------------------------------
================================================================================
xpdf-3.04-6.el6 (FEDORA-EPEL-2014-4399)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
fix proper display of international strings in the title
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Tom Callaway <s...@fedoraproject.org> - 1:3.04-6
- fix proper display of international strings in the title (bz 1169301)
* Fri Sep 12 2014 Tom Callaway <s...@fedoraproject.org> - 1:3.04-5
- fix .desktop file
* Mon Aug 18 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1:3.04-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1:3.04-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169301 - xpdf does not show non-ASCII paths correctly
https://bugzilla.redhat.com/show_bug.cgi?id=1169301
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
