The following Fedora EPEL 6 Security updates need testing:
Age URL
944
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
163
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
34
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3....
30
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3527/asterisk-1....
20
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3748/tnftp-20141...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3851/python-requ...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3927/drupal7-cke...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3962/oath-toolki...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4005/nginx-1.0.1...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binut...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3975/polarssl-1....
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2069/php-channel...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4057/moodle-2.5....
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4151/lsyncd-2.1....
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4144/nodejs-0.10...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4165/python-eyed...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4176/clamav-0.98...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4233/drupal6-6.3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4237/drupal7-7.3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4192/wordpress-4...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4211/phpMyAdmin-...
The following builds have been pushed to Fedora EPEL 6 updates-testing
apcupsd-3.14.12-1.el6
drupal6-6.34-1.el6
drupal7-7.34-1.el6
edg-mkgridmap-4.0.0-8.el6
golang-github-emicklei-go-restful-0-0.1.gitad99b12.el6
golang-github-vishvananda-netlink-0-0.1.git2187ba6.el6
golang-github-vishvananda-netns-0-0.1.gite14a2d4.el6
gpaw-0.10.0.11364-8.el6
grass-6.4.4-6.el6
packagedb-cli-2.6-1.el6
perl-File-ConfigDir-0.014-1.el6
perl-Net-SMTPS-0.04-1.el6
phpMyAdmin-4.0.10.6-1.el6
privoxy-3.0.22-1.el6
python-copr-1.55-1.el6
python-docker-py-0.6.0-1.el6
qpid-dispatch-0.2-9.el6
wordpress-4.0.1-1.el6
Details about builds:
================================================================================
apcupsd-3.14.12-1.el6 (FEDORA-EPEL-2014-4191)
APC UPS Power Control Daemon for Linux
--------------------------------------------------------------------------------
Update Information:
- updated to 3.14.12
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Michal Hlavinka <mhlavink(a)redhat.com> - 3.14.12-1
- apcupsd updated to 3.14.10
- force lock dir to /var/lock
* Thu Feb 27 2014 Michal Hlavinka <mhlavink(a)redhat.com> - 3.14.10-3
- suppress error message when /etc/nologin does not exist
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1082250 - Workaround for UPS firmware bug causing killpower to execute
repeatedly in a loop
https://bugzilla.redhat.com/show_bug.cgi?id=1082250
--------------------------------------------------------------------------------
================================================================================
drupal6-6.34-1.el6 (FEDORA-EPEL-2014-4233)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/SA-CORE-2014-006
* Update to Drupal 6.
* Drupal 6.33 release notes can be found here,
https://www.drupal.org/drupal-6.33-release-notes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher(a)gmail.com> - 6.34-1
- 6.34, DRUPAL-SA-CORE-2014-006
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default
content in Tooltip widget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166100
[ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004)
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1127539
[ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability
(SA-CORE-2014-006) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166246
[ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability
(SA-CORE-2014-006) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166247
--------------------------------------------------------------------------------
================================================================================
drupal7-7.34-1.el6 (FEDORA-EPEL-2014-4237)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/SA-CORE-2014-006
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher(a)gmail.com> - 7.34-1
- 7.34, DRUPAL-SA-CORE-2014-006.
* Tue Nov 11 2014 Peter Borsa <peter.borsa(a)gmail.com> - 7.33-1
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default
content in Tooltip widget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166101
[ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability
(SA-CORE-2014-006) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166249
[ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability
(SA-CORE-2014-006) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166250
--------------------------------------------------------------------------------
================================================================================
edg-mkgridmap-4.0.0-8.el6 (FEDORA-EPEL-2014-4195)
A tool to build the grid map-file from VO servers
--------------------------------------------------------------------------------
Update Information:
Added missing dependency on "perl(LWP::Protocol::https)"
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Alejandro Alvarez Ayllon <aalvarez(a)cern.ch> - 4.0.0-8
- Added Requires perl(LWP::Protocol::https)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.0.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.0.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar(a)redhat.com> - 4.0.0-5
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165991 - edg-mkgridmap missing dependency
https://bugzilla.redhat.com/show_bug.cgi?id=1165991
--------------------------------------------------------------------------------
================================================================================
golang-github-emicklei-go-restful-0-0.1.gitad99b12.el6 (FEDORA-EPEL-2014-4209)
Package for building REST-style Web Services using Google Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164152 - Review Request: golang-github-emicklei-go-restful - Package for
building REST-style Web Services using Google Go
https://bugzilla.redhat.com/show_bug.cgi?id=1164152
--------------------------------------------------------------------------------
================================================================================
golang-github-vishvananda-netlink-0-0.1.git2187ba6.el6 (FEDORA-EPEL-2014-4227)
Simple netlink library for go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164176 - Review Request: golang-github-vishvananda-netlink - Simple netlink
library for go
https://bugzilla.redhat.com/show_bug.cgi?id=1164176
--------------------------------------------------------------------------------
================================================================================
golang-github-vishvananda-netns-0-0.1.gite14a2d4.el6 (FEDORA-EPEL-2014-4234)
Simple network namespace handling for go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164170 - Review Request: golang-github-vishvananda-netns - Simple network
namespace handling for go
https://bugzilla.redhat.com/show_bug.cgi?id=1164170
--------------------------------------------------------------------------------
================================================================================
gpaw-0.10.0.11364-8.el6 (FEDORA-EPEL-2014-4190)
A grid-based real-space PAW method DFT code
--------------------------------------------------------------------------------
Update Information:
Fixes #1155087
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Marcin Dulak <Marcin.Dulak(a)gmail.com> - 0.10.0.11364-8
- new style of linking blacs on EL6
* Thu Oct 23 2014 Marcin Dulak <Marcin.Dulak(a)gmail.com> - 0.10.0.11364-7
- mpich version 3 in EL6
- use atlas on aarch64
- ppc64 on EL7
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.10.0.11364-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1155087 - gpaw-mpich2 and gpaw-openmpi broke on rhel 6.6 update
https://bugzilla.redhat.com/show_bug.cgi?id=1155087
--------------------------------------------------------------------------------
================================================================================
grass-6.4.4-6.el6 (FEDORA-EPEL-2014-4199)
GRASS - Geographic Resources Analysis Support System
--------------------------------------------------------------------------------
Update Information:
Adding grass to EPEL
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-2.6-1.el6 (FEDORA-EPEL-2014-4203)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
* Update to packagedb-cli 2.6
* New structure: use the traditional python module structure instead of two python files
* Do one API call for `orphan --retire`
* Prevent user from retiring packages that have no dead.package file
* Add support for obsoleting ACL requests (Stanislav Ochotnicky)
* Enable restricting orphan to a specific user (while specifying more branches)
* Enable restricting give to a specific user (while specifying more branches)
* Let the unorphan action call the unorphan API endpoint
* When listing packages, encode the output as UTF-8 before printing
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 2.6-1
- Update to 2.6
- New structure: use the traditional python module structure instead of two
python files
- Do one API call for `orphan --retire`
- Prevent user from retiring packages that have no dead.package file
- Add support for obsoleting ACL requests (Stanislav Ochotnicky)
- Enable restricting orphan to a specific user (while specifying more branches)
- Enable restricting give to a specific user (while specifying more branches)
- Let the unorphan action call the unorphan API endpoint
- When listing packages, encode the output as UTF-8 before printing
--------------------------------------------------------------------------------
================================================================================
perl-File-ConfigDir-0.014-1.el6 (FEDORA-EPEL-2014-4222)
Get directories of configuration files
--------------------------------------------------------------------------------
Update Information:
Fix typo in pod, update README
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 22 2014 David Dick <ddick(a)cpan.org> - 0.014-1
- Fix typo in pod, update README
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.013-2
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1163231 - perl-File-ConfigDir-0.014 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1163231
--------------------------------------------------------------------------------
================================================================================
perl-Net-SMTPS-0.04-1.el6 (FEDORA-EPEL-2014-4214)
SSL/STARTTLS support for Net::SMTP
--------------------------------------------------------------------------------
Update Information:
Update to Authen::SASL version requirements
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1159516 - perl-Net-SMTPS-0.04 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1159516
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.6-1.el6 (FEDORA-EPEL-2014-4211)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.6 (2014-11-20)
================================
- [security] XSS vulnerability in table print view
- [security] XSS vulnerability in zoom search page
- [security] Path traversal in file inclusion of GIS factory
- [security] XSS in multi submit
- [security] XSS through pma_fontsize cookie
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Robert Scheck <robert(a)fedoraproject.org> 4.0.10.6-1
- Upgrade to 4.0.10.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities
(PMASA-2014-13)
https://bugzilla.redhat.com/show_bug.cgi?id=1166619
[ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability
(PMASA-2014-14)
https://bugzilla.redhat.com/show_bug.cgi?id=1166626
--------------------------------------------------------------------------------
================================================================================
privoxy-3.0.22-1.el6 (FEDORA-EPEL-2014-4201)
Privacy enhancing proxy
--------------------------------------------------------------------------------
Update Information:
Latest upstream bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Jon Ciesla <limburgher(a)gmail.com> - 3.0.22-1
- Update to 3.0.22, BZ 1166398.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166398 - privoxy-3.0.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1166398
--------------------------------------------------------------------------------
================================================================================
python-copr-1.55-1.el6 (FEDORA-EPEL-2014-4215)
Python interface for Copr
--------------------------------------------------------------------------------
Update Information:
update python-copr to 1.55
New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1131616 - Review Request: python-copr - Python client to access copr service
https://bugzilla.redhat.com/show_bug.cgi?id=1131616
--------------------------------------------------------------------------------
================================================================================
python-docker-py-0.6.0-1.el6 (FEDORA-EPEL-2014-4225)
An API client for docker written in Python
--------------------------------------------------------------------------------
Update Information:
Resolves: rhbz#1160293 - update to 0.6.0
Resolves: rhbz#1145511 - version bump to 0.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.6.0-1
- Resolves: rhbz#1160293 - update to 0.6.0
* Thu Oct 23 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.5.3-2
- Resolves: rhbz#1145895
- versioned python-requests req only for f21+
* Wed Oct 22 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.5.3-1
- Resolves: rhbz#1153991 - update to 0.5.3
* Tue Sep 23 2014 Tom Prince <tom.prince(a)clusterhq.com> - 0.5.0-2
- Specify depedencies to match those in setup.py
* Mon Sep 22 2014 Tom Prince <tom.prince(a)clusterhq.com> - 0.5.0-1
- Resolves: rhbz#1145511 - version bump to 0.5.0
* Tue Aug 26 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.4.0-3
- correct bogus date
* Tue Aug 26 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.4.0-2
- rewrite BR&R conditionals for docker/docker-io
* Thu Aug 21 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.4.0-1
- update to 0.4.0
- Resolves: rhbz#1132604 (epel7 only)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1160293 - python-docker-py-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1160293
[ 2 ] Bug #1145511 - python-docker-py-0.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1145511
--------------------------------------------------------------------------------
================================================================================
qpid-dispatch-0.2-9.el6 (FEDORA-EPEL-2014-4189)
Dispatch router for Qpid
--------------------------------------------------------------------------------
Update Information:
Fixed a merge issue that resulted in two patches not being applied.
DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Darryl L. Pierce <dpierce(a)redhat.com> - 0.2-9
- Fixed a merge issue that resulted in two patches not being applied.
- Resolves: BZ#1165691
* Wed Nov 19 2014 Darryl L. Pierce <dpierce(a)redhat.com> - 0.2-8
- DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage.
- Include systemd service file for EPEL7 packages.
- Brought systemd support up to current Fedora packaging guidelines.
- Resolves: BZ#1165691
- Resolves: BZ#1165681
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.2-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165691 - Man page for qdstat.conf is missing
https://bugzilla.redhat.com/show_bug.cgi?id=1165691
[ 2 ] Bug #1165681 - RPMs do not provide a systemd service unit file
https://bugzilla.redhat.com/show_bug.cgi?id=1165681
--------------------------------------------------------------------------------
================================================================================
wordpress-4.0.1-1.el6 (FEDORA-EPEL-2014-4192)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
WordPress 4.0.1 Security Release
See:
https://wordpress.org/news/2014/11/wordpress-4-0-1/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Remi Collet <remi(a)fedoraproject.org> - 4.0.1-1
- WordPress 4.0.1 Security Release
- use system php-getid3 when available #1145574
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release
https://bugzilla.redhat.com/show_bug.cgi?id=1166468
--------------------------------------------------------------------------------