The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/asterisk-1.8.4.3-1.el6 https://admin.fedoraproject.org/updates/dokuwiki-0-0.8.20110525.a.el6 https://admin.fedoraproject.org/updates/mingw32-libpng-1.2.37-3.el6 https://admin.fedoraproject.org/updates/libpng10-1.0.54-3.el6 https://admin.fedoraproject.org/updates/libmodplug-0.8.8.3-2.el6 https://admin.fedoraproject.org/updates/ejabberd-2.1.8-2.el6 https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
389-admin-1.1.19-1.el6 389-dsgw-1.1.7-1.el6 R-qtl-1.21.2-1.el6 etckeeper-0.55-1.el6 libpng10-1.0.54-3.el6 mingw32-libpng-1.2.37-3.el6 packagedb-cli-1.0.0-3.el6 php-voms-admin-0.6-1.el6 python-argparse-1.2.1-2.el6 xrootd-3.0.4-2.el6
Details about builds:
================================================================================ 389-admin-1.1.19-1.el6 (FEDORA-EPEL-2011-3669) 389 Administration Server (admin) -------------------------------------------------------------------------------- Update Information:
look for separate openldap ldif library skip rebranding current brand - add support for different skins The 1.1.17 release -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 28 2011 Rich Megginson rmeggins@redhat.com - 1.1.19-1 - look for separate openldap ldif library * Tue Jun 21 2011 Rich Megginson rmeggins@redhat.com - 1.1.18-1 - skip rebranding current brand - support for skins * Fri May 13 2011 Rich Megginson rmeggins@redhat.com - 1.1.17-1 - 1.1.17 - support "in-place" upgrade and rebranding from Red Hat to 389 - many fixes for coverity issues * Tue Mar 29 2011 Rich Megginson rmeggins@redhat.com - 1.1.16-1 - 389-admin-1.1.16 - Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user - Bug 614690 - Don't use exec to call genrb - Bug 158926 - Unable to install CA certificate when using - hardware token ( LunaSA ) - Bug 211296 - Clean up all HTML pages (Admin Express, Repl Monitor, etc) * Wed Feb 23 2011 Rich Megginson rmeggins@redhat.com - 1.1.15-1 - 1.1.15 release - git tag 389-admin-1.1.15 - Bug 493424 - remove unneeded modules for admin server apache config - Bug 618897 - Wrong permissions when creating instance from Console - Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH - Bug 245278 - Changing to a password with a single quote does not work - Bug 604881 - admin server log files have incorrect permissions/ownerships - Bug 387981 - plain files can be chosen on the Restore Directory dialog - Bug 668950 - Add posix group support to Console - Bug 618858 - move start-ds-admin env file into main admin server config path - Bug 616260 - libds-admin-serv linking fails due to unresolved link-time depe ndencies - start-ds-admin.in -- replaced "return 1" with "exit 1" - Bug 151705 - Need to update Console Cipher Preferences with new ciphers - Bug 470576 - Migration could do addition checks before commiting actions * Wed Jan 5 2011 Rich Megginson rmeggins@redhat.com - 1.1.14-1 - 1.1.14 release - Bug 664671 - Admin server segfault when full SSL access (http+ldap+console) required - Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled * Mon Nov 29 2010 Rich Megginson rmeggins@redhat.com - 1.1.13-2 - fix Conflicts for selinux policy * Tue Nov 23 2010 Rich Megginson rmeggins@redhat.com - 1.1.13-1 - This is the final 1.1.13 release - git tag 389-admin-1.1.13 - Bug 656441 - Missing library path entry causes LD_PRELOAD error - setup-ds-admin.pl -u exits with ServerAdminID and as_uid related error * Thu Nov 18 2010 Nathan Kinder nkinder@redhat.com - 1.1.12-2 - This is the final 1.1.12 release - git tag 389-admin-1.1.12 - Corrected conflict version for selinux-policy * Fri Nov 12 2010 Nathan Kinder nkinder@redhat.com - 1.1.1.12-1 - This is the final 1.1.12 release - git tag 389-admin-1.1.12 * Fri Nov 12 2010 Nathan Kinder nkinder@redhat.com - 1.1.1.12-1 - Bug 648949 - Merge dirsrv and dirsrv-admin policy modules into base policy * Tue Oct 26 2010 Rich Megginson rmeggins@redhat.com - 1.1.12-0.2.a2 - fix mozldap build breakage * Tue Sep 28 2010 Rich Megginson rmeggins@redhat.com - 1.1.12-0.1.a1 - This is the 1.1.12 alpha 1 release - with openldap support * Thu Aug 26 2010 Rich Megginson rmeggins@redhat.com - 1.1.11-1 - This is the final 1.1.11 release * Wed Aug 4 2010 Rich Megginson rmeggins@redhat.com - 1.1.11-0.6.rc2 - 1.1.11.rc2 release - git tag 389-admin-1.1.11.rc2 - Bug 594745 - Get rid of dirsrv_lib_t label --------------------------------------------------------------------------------
================================================================================ 389-dsgw-1.1.7-1.el6 (FEDORA-EPEL-2011-3663) 389 Directory Server Gateway (dsgw) -------------------------------------------------------------------------------- Update Information:
look for separate openldap ldif library The 1.1.6 release -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 28 2011 Rich Megginson rmeggins@redhat.com - 1.1.7-1 - look for separate openldap ldif library - remove old fedora-ds cruft * Fri Oct 8 2010 Rich Megginson rmeggins@redhat.com - 1.1.6-1 - bump version to 1.1.6 - support for openldap --------------------------------------------------------------------------------
================================================================================ R-qtl-1.21.2-1.el6 (FEDORA-EPEL-2011-3667) Tools for analyzing QTL experiments -------------------------------------------------------------------------------- Update Information:
New version from http://www.rqtl.org/ -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 29 2011 Mattias Ellert mattias.ellert@fysast.uu.se - 1.21.2-1 - New upstream release * Mon Feb 7 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.19.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ etckeeper-0.55-1.el6 (FEDORA-EPEL-2011-3668) Store /etc in a SCM system (git, mercurial, bzr or darcs) -------------------------------------------------------------------------------- Update Information:
Update to 0.55, a bugfix version. From the upstream changelog:
* Avoid being noisy in post-install after automatic yum updates. (Tuomo Soini) * Ignore FHS violating prelink.cache and openvpn-status.log. * Ignore *.LOCK files, as used by selinux policies. * Add AVOID_SPECIAL_FILE_WARNING to config file, and set it in cron job to avoid daily noise. (gulikoza)
Also, the patch to fix error propagation to yum, which makes AVOID_COMMIT_BEFORE_INSTALL work (bz 709487) has been applied upstream. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 24 2011 Thomas Moschny thomas.moschny@gmx.de - 0.55-1 - Update to 0.55. --------------------------------------------------------------------------------
================================================================================ libpng10-1.0.54-3.el6 (FEDORA-EPEL-2011-3664) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information:
This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 29 2011 Paul Howarth paul@city-fan.org 1.0.54-3 - fix 1-byte uninitialized memory reference in png_format_buffer() (CVE-2011-2501, related to CVE-2004-0421) - nobody else likes macros for commands * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org 1.0.54-2 - rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #717084 - CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ https://bugzilla.redhat.com/show_bug.cgi?id=717084 --------------------------------------------------------------------------------
================================================================================ mingw32-libpng-1.2.37-3.el6 (FEDORA-EPEL-2011-3670) MinGW Windows Libpng library -------------------------------------------------------------------------------- Update Information:
Fix for CVE-2011-2501. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #717513 - CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=717513 --------------------------------------------------------------------------------
================================================================================ packagedb-cli-1.0.0-3.el6 (FEDORA-EPEL-2011-3665) A CLI for pkgdb -------------------------------------------------------------------------------- Update Information:
First release of packagedb-cli -------------------------------------------------------------------------------- References:
[ 1 ] Bug #717555 - Review Request: packagedb-cli - A CLI for pkgdb https://bugzilla.redhat.com/show_bug.cgi?id=717555 --------------------------------------------------------------------------------
================================================================================ php-voms-admin-0.6-1.el6 (FEDORA-EPEL-2011-3592) Web based interface to control VOMS parameters written in PHP -------------------------------------------------------------------------------- Update Information:
PHP VOMS-Admin (PVA) originally implemented the same functions as the traditional JAVA-based VOMS-Admin (v.2.0.18) interface for Apache Tomcat. It was designed to be more flexible and stable, provide easy scalability and minimize resource usage. PVA is fully compatible with the vomsd mysql backend.
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #603346 - Review Request: php-voms-admin - Web based interface to control VOMS parameters written in PHP https://bugzilla.redhat.com/show_bug.cgi?id=603346 --------------------------------------------------------------------------------
================================================================================ python-argparse-1.2.1-2.el6 (FEDORA-EPEL-2011-3658) Optparse inspired command line parser for Python -------------------------------------------------------------------------------- Update Information:
* Add the LICENSE.txt file -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 29 2011 Toshio Kuratomi toshio@fedoraproject.org - 1.2.1-2 - Include LICENSE.txt file * Wed Jun 29 2011 Toshio Kuratomi toshio@fedoraproject.org - 1.2.1-1 - New compatble upstream with some bugfixes and a GPL2 vompatible license - Enable test suite * Wed Feb 10 2010 Toshio Kuratomi toshio@fedoraproject.org - 1.0.1-1.1 - First build for EL-5 - Small change to %files section so lack of egg-info on EL-5 is okay. --------------------------------------------------------------------------------
================================================================================ xrootd-3.0.4-2.el6 (FEDORA-EPEL-2011-3649) Extended ROOT file server -------------------------------------------------------------------------------- Update Information:
Update of xrootd to version 3.0.4. For a list of new features and fixed bugs see: http://www.xrootd.org/download/ReleaseNotes.html -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 28 2011 Mattias Ellert mattias.ellert@fysast.uu.se - 1:3.0.4-2 - Add missing BuildRequires ncurses-devel * Tue Jun 28 2011 Mattias Ellert mattias.ellert@fysast.uu.se - 1:3.0.4-1.1 - Remove xrootdfs man page on EPEL 4 * Mon Jun 27 2011 Mattias Ellert mattias.ellert@fysast.uu.se - 1:3.0.4-1 - Update to version 3.0.4 - Drop patches fixed upstream: xrootd-man.patch, xrootd-rhel5-no-atomic.patch - Drop the remaining man-pages copied from root - now provided by upstream * Fri Jun 17 2011 Marcela Mašláňová mmaslano@redhat.com - 1:3.0.3-3 - Perl mass rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #716843 - RFE: Please update to 3.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=716843 --------------------------------------------------------------------------------