The following Fedora EPEL 6 Security updates need testing: Age URL 955 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 174 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-... 45 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1... 20 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils... 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4151/lsyncd-2.1.4-4... 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4144/nodejs-0.10.33... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4165/python-eyed3-0... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4237/drupal7-7.34-1... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4192/wordpress-4.0.... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4233/drupal6-6.34-1... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4242/facter-1.6.18-... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4243/asterisk-1.8.3... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2069/php-channel-ph... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4281/docker-io-1.3.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4404/perl-YAML-LibY... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4384/antiword-0.37-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4407/pkcs11-helper-...
The following builds have been pushed to Fedora EPEL 6 updates-testing
antiword-0.37-17.el6 cp2k-2.4-3.20140428svn13818.el6 openvpn-2.3.6-1.el6 perl-YAML-LibYAML-0.38-5.el6 php-aws-sdk-2.7.6-1.el6 pkcs11-helper-1.11-3.el6 pyhoca-gui-0.5.0.3-1.el6 python-cliapp-1.20140719-1.el6 python-x2go-0.5.0.2-1.el6 scotch-6.0.3-2.el6 statsd-0.7.2-3.el6 xpdf-3.04-6.el6
Details about builds:
================================================================================ antiword-0.37-17.el6 (FEDORA-EPEL-2014-4384) MS Word to ASCII/Postscript converter -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2014-8123 -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 2 2014 Adrian Reber adrian@lisas.de - 0.37-17 - added patch for "CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]" (#1169665) - fixed dates in changelog * Fri Aug 15 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.37-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.37-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.37-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.37-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Jul 18 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.37-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jan 12 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.37-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Feb 7 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.37-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169665 - CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[] https://bugzilla.redhat.com/show_bug.cgi?id=1169665 --------------------------------------------------------------------------------
================================================================================ cp2k-2.4-3.20140428svn13818.el6 (FEDORA-EPEL-2014-4396) Ab Initio Molecular Dynamics -------------------------------------------------------------------------------- Update Information:
This update fixes the broken dependencies caused by RHEL/CentOS 6.6 upgrade and updates the code to latest snapshot from the stable 2.4 branch. -------------------------------------------------------------------------------- ChangeLog:
* Sun Nov 30 2014 Dominik Mierzejewski rpm@greysector.net - 2.4-3.20140428svn13818 - update to latest 2.4 branch snapshot - fix build against current blacs/scalapack - mpich2 got renamed to mpich - fix description (cp2k doesn't implement Car-Parinello Molecular Dynamics) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1155075 - cp2k-mpich2 and cp2k-openmpi got broken by rhel 6.6 update https://bugzilla.redhat.com/show_bug.cgi?id=1155075 --------------------------------------------------------------------------------
================================================================================ openvpn-2.3.6-1.el6 (FEDORA-EPEL-2014-4407) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 2 2014 Jon Ciesla limburgher@gmail.com 2.3.6-1 - 2.3.6. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1169487 [ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1169488 --------------------------------------------------------------------------------
================================================================================ perl-YAML-LibYAML-0.38-5.el6 (FEDORA-EPEL-2014-4404) Perl YAML Serialization using XS and libyaml -------------------------------------------------------------------------------- Update Information:
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 2 2014 Paul Howarth paul@city-fan.org - 0.38-5 - Fix assert failure when parsing wrapped strings (CVE-2014-9130) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings https://bugzilla.redhat.com/show_bug.cgi?id=1169369 --------------------------------------------------------------------------------
================================================================================ php-aws-sdk-2.7.6-1.el6 (FEDORA-EPEL-2014-4391) Amazon Web Services framework for PHP -------------------------------------------------------------------------------- Update Information:
## 2.7.6 - 2014-11-20
* Added support for AWS KMS integration to the Amazon Redshift Client. * Fixed cn-north-1 endpoint for AWS Identity and Access Management. * Updated `S3Client::getBucketLocation` method to work cross-region regardless of the region's signature requirements. * Fixed an issue with the DynamoDbClient that allows it to work better with with DynamoDB Local.
## 2.7.5 - 2014-11-13
* Added support for AWS Lambda. * Added support for event notifications to the Amazon S3 client. * Fixed an issue with S3 pre-signed URLs when using Signature V4.
## 2.7.4 - 2014-11-12
* Added support for the AWS Key Management Service (AWS KMS). * Added support for AWS CodeDeploy. * Added support for AWS Config. * Added support for AWS KMS encryption to the Amazon S3 client. * Added support for AWS KMS encryption to the Amazon EC2 client. * Added support for Amazon CloudWatch Logs delivery to the AWS CloudTrail client. * Added the GetTemplateSummary operation to the AWS CloudFormation client. * Fixed an issue with sending signature version 4 Amazon S3 requests that contained a 0 length body. -------------------------------------------------------------------------------- ChangeLog:
* Tue Nov 25 2014 Shawn Iwinski shawn.iwinski@gmail.com - 2.7.6-1 - Updated to 2.7.6 (BZ #1164158) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1164158 - php-aws-sdk-2.7.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1164158 --------------------------------------------------------------------------------
================================================================================ pkcs11-helper-1.11-3.el6 (FEDORA-EPEL-2014-4407) A library for using PKCS#11 providers -------------------------------------------------------------------------------- Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b -------------------------------------------------------------------------------- ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Apr 11 2014 Jon Ciesla limburgher@gmail.com - 1.11-1 - Latest upstream, required for openvpn 2.3.3. * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Apr 2 2013 Kalev Lember kalevlember@gmail.com - 1.10-1 - Update to 1.10 * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.09-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sat Jul 21 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.09-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jan 14 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.09-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Wed Aug 17 2011 Kalev Lember kalevlember@gmail.com - 1.09-1 - Update to 1.09 * Sun Jun 19 2011 Kalev Lember kalev@smartlink.ee - 1.08-1 - Update to 1.08 - Clean up the spec file for modern rpmbuild * Wed Feb 9 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.07-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1169487 [ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1169488 --------------------------------------------------------------------------------
================================================================================ pyhoca-gui-0.5.0.3-1.el6 (FEDORA-EPEL-2014-4383) Graphical X2Go client written in (wx)Python -------------------------------------------------------------------------------- Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature - Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix - Danish translation update - Point to our new mailing list server where the old one (BerliOS) was still referenced.
-------------------------------------------------------------------------------- ChangeLog:
* Mon Dec 1 2014 Orion Poplawski orion@cora.nwra.com - 0.5.0.3-1 - Update to 0.5.0.3 --------------------------------------------------------------------------------
================================================================================ python-cliapp-1.20140719-1.el6 (FEDORA-EPEL-2014-4405) Python framework for Unix command line programs -------------------------------------------------------------------------------- Update Information:
Version 1.20140719
* The way logging is set up has been split into smaller methods, to allow overriding better. * Plugins no longer need to define a `disable` method: the default implementation is now a no-op.
Bug fixes:
* When getting help for a subcommand, cliapp would crash saying `get_help_text_formatter` couldn't be found. This has been fixed.
Version 1.20140315 ------------------
* `cliapp` now logs the current working directory, uid, effective uid, gid, and effective gid at startup. * `cliapp` (`Settings.load_configs`) now reports an unknown variable in a configuration file with a nice error message, rather than a stack trace. * Allow overriding how the full help text for a subcommand is to be formatted. * The `cliapp.Settings.require` method now accepts many setting names, and check for all of them.
-------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 2 2014 Michel Alexandre Salim salimma@fedoraproject.org - 1.20140719-1 - Update to 1.20140719 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1077600 - python-cliapp-1.20140719 is available https://bugzilla.redhat.com/show_bug.cgi?id=1077600 --------------------------------------------------------------------------------
================================================================================ python-x2go-0.5.0.2-1.el6 (FEDORA-EPEL-2014-4383) Python module providing X2Go client API -------------------------------------------------------------------------------- Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature - Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix - Danish translation update - Point to our new mailing list server where the old one (BerliOS) was still referenced.
-------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 27 2014 Orion Poplawski orion@cora.nwra.com - 0.5.0.2-1 - Update to 0.5.0.2 --------------------------------------------------------------------------------
================================================================================ scotch-6.0.3-2.el6 (FEDORA-EPEL-2014-4381) Graph, mesh and hypergraph partitioning library -------------------------------------------------------------------------------- Update Information:
New package for el6. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1112738 - please build for EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1112738 --------------------------------------------------------------------------------
================================================================================ statsd-0.7.2-3.el6 (FEDORA-EPEL-2014-4401) A simple, lightweight network daemon to collect metrics over UDP -------------------------------------------------------------------------------- Update Information:
fix end of line encodings -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1164496 - Review Request: statsd - A simple, lightweight network daemon to collect metrics over UDP https://bugzilla.redhat.com/show_bug.cgi?id=1164496 --------------------------------------------------------------------------------
================================================================================ xpdf-3.04-6.el6 (FEDORA-EPEL-2014-4399) A PDF file viewer for the X Window System -------------------------------------------------------------------------------- Update Information:
fix proper display of international strings in the title -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 2 2014 Tom Callaway spot@fedoraproject.org - 1:3.04-6 - fix proper display of international strings in the title (bz 1169301) * Fri Sep 12 2014 Tom Callaway spot@fedoraproject.org - 1:3.04-5 - fix .desktop file * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:3.04-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:3.04-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169301 - xpdf does not show non-ASCII paths correctly https://bugzilla.redhat.com/show_bug.cgi?id=1169301 --------------------------------------------------------------------------------