The following Fedora EPEL 6 Security updates need testing: Age URL 788 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 135 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-... 120 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2... 79 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1011/php-ZendFramew... 29 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1471/chicken-4.8.0.... 25 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1477/drupal7-views-... 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1563/mono-2.10.8-2.... 14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1572/chkrootkit-0.4... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1584/python-djblets... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1608/mcollective-2.... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1612/tor-0.2.4.22-1... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1628/hiera-1.0.0-4.... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1634/python-django-... 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1648/owncloud-6.0.3... 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1649/python-jinja2-... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1657/lynis-1.5.6-1.... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1627/php-horde-Hord...

The following builds have been pushed to Fedora EPEL 6 updates-testing

iperf3-3.0.5-1.el6 isorelax-0-0.5.release20050331.el6.1 knot-1.4.7-1.el6 mom-0.4.1-1.el6 nodejs-0.10.29-1.el6 pcp-3.9.5-1.el6 pen-0.23.0-1.el6 perl-Tree-R-0.06-1.el6 python-django-dajaxice-0.6-1.el6 rubygem-deep_merge-1.0.1-5.el6 udt-4.11-2.el6 v8-3.14.5.10-9.el6

Details about builds:

================================================================================ iperf3-3.0.5-1.el6 (FEDORA-EPEL-2014-1679) Measurement tool for TCP/UDP bandwidth performance -------------------------------------------------------------------------------- Update Information:

Update to 3.0.5 -------------------------------------------------------------------------------- ChangeLog:

* Thu Jun 19 2014 Susant Sahani ssahani@redhat.com 3.0.5-1 - Update to 3.0.5 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1111027 - iperf3-3.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1111027 --------------------------------------------------------------------------------

================================================================================ isorelax-0-0.5.release20050331.el6.1 (FEDORA-EPEL-2014-1670) Public interfaces for RELAX Core -------------------------------------------------------------------------------- Update Information:

Build of isorelax for el6. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #719665 - Please build isorelax for EPEL 6 https://bugzilla.redhat.com/show_bug.cgi?id=719665 --------------------------------------------------------------------------------

================================================================================ knot-1.4.7-1.el6 (FEDORA-EPEL-2014-1681) An authoritative DNS daemon -------------------------------------------------------------------------------- Update Information:

update to 1.4.7 update to 1.4.6, DNSSEC: fix possible signing loop when doing key rollover, RRL: fixed sending of malformed UDP empty responses -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 18 2014 Jan Vcelak jvcelak@fedoraproject.org 1.4.7-1 - update to 1.4.7 + Fixed DDNS corner cases + Fixed zone EXPIRE timer + Fixed semantic checks false positives + Fixed sending malformed IXFR with automatic DNSSEC + Fixed NAPTR record serialization * Thu May 22 2014 Jan Vcelak jvcelak@fedoraproject.org 1.4.6-2 - update to 1.4.6 + DNSSEC: fix possible signing loop when doing key rollover + RRL: fixed sending of malformed UDP empty responses --------------------------------------------------------------------------------

================================================================================ mom-0.4.1-1.el6 (FEDORA-EPEL-2014-1683) Dynamically manage system resources on virtualization hosts -------------------------------------------------------------------------------- Update Information:

Update MOM to version 0.4.1 -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 18 2014 Adam Litke alitke@redhat.com - 0.4.1-1 - Upgrade to 0.4.1 * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ nodejs-0.10.29-1.el6 (FEDORA-EPEL-2014-1680) JavaScript runtime -------------------------------------------------------------------------------- Update Information:

2014.06.05, Version 0.10.29 (Stable)

* child_process: do not set args before throwing (Greg Sabia Tucker)

* child_process: spawn() does not throw TypeError (Greg Sabia Tucker)

* constants: export O_NONBLOCK (Fedor Indutny)

* crypto: improve memory usage (Alexis Campailla)

* fs: close file if fstat() fails in readFile() (cjihrig)

* lib: name EventEmitter prototype methods (Ben Noordhuis)

* tls: fix performance issue (Alexis Campailla)

The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a stable distribution release. This build of nodejs will behave as if NODE_INVALID_UTF8 was set. For more information on the implications, see: http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/

Additionally, a minor bug in v8 has been fixed that caused certain integer comparisons to return true when they should have returned false.

Please note that there is no OpenSSL security fixes as part of this update as there were upstream; nodejs in EPEL uses the system OpenSSL library included with RHEL and thus receives security updates as soon as the "openssl" packages on your system are updated. -------------------------------------------------------------------------------- ChangeLog:

* Thu Jun 19 2014 T.C. Hollingsworth tchollingsworth@gmail.com - 0.10.29-1 - new upstream release 0.10.29 http://blog.nodejs.org/2014/06/16/node-v0-10-29-stable/ - The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a stable distribution release. This build of nodejs will behave as if NODE_INVALID_UTF8 was set. For more information on the implications, see: http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/ --------------------------------------------------------------------------------

================================================================================ pcp-3.9.5-1.el6 (FEDORA-EPEL-2014-1678) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information:

Daemon signal handlers no longer use unsafe APIs (BZ 847343), Handle /var/run setups on a temporary filesystem (BZ 656659), Resolve pmlogcheck sigsegv for some archives (BZ 1077432), Ensure pcp-gui-{testsuite,debuginfo} packages get replaced, Revive support for EPEL5 builds, post pcp-gui merge, Update to latest PCP sources. -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 18 2014 Dave Brolley brolley@redhat.com - 3.9.5-1 - Daemon signal handlers no longer use unsafe APIs (BZ 847343) - Handle /var/run setups on a temporary filesystem (BZ 656659) - Resolve pmlogcheck sigsegv for some archives (BZ 1077432) - Ensure pcp-gui-{testsuite,debuginfo} packages get replaced. - Revive support for EPEL5 builds, post pcp-gui merge. - Update to latest PCP sources. * Fri Jun 6 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.9.4-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #847343 - pcp: pmcd signal handlers are unsafe https://bugzilla.redhat.com/show_bug.cgi?id=847343 [ 2 ] Bug #656659 - Please Update Spec File to use %ghost on files in /var/run and /var/lock https://bugzilla.redhat.com/show_bug.cgi?id=656659 [ 3 ] Bug #1077432 - pmlogcheck SEGV https://bugzilla.redhat.com/show_bug.cgi?id=1077432 --------------------------------------------------------------------------------

================================================================================ pen-0.23.0-1.el6 (FEDORA-EPEL-2014-1675) Load balancer for "simple" tcp based protocols such as http or smtp -------------------------------------------------------------------------------- Update Information:

This release adds support for IPv6 for backend servers as well as the listening socket.

Usage: http://morestuff.siag.nu/2014/04/14/using-pen-as-an-address-family-adapter/ -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 18 2014 Christopher Meng rpm@cicku.me - 0.23.0-1 - Update to 0.23.0 * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.22.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Apr 3 2014 Christopher Meng rpm@cicku.me - 0.22.1-1 - Update to 0.22.1 - Patch merged upstream. * Wed Apr 2 2014 Christopher Meng rpm@cicku.me - 0.22.0-2 - Patch messed with syntax. --------------------------------------------------------------------------------

================================================================================ perl-Tree-R-0.06-1.el6 (FEDORA-EPEL-2014-1671) Perl extension for the R-tree data structure and algorithms -------------------------------------------------------------------------------- Update Information:

Initial release -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1110246 - Review Request: perl-Tree-R - Perl extension for the Rtree data structure and algorithms https://bugzilla.redhat.com/show_bug.cgi?id=1110246 --------------------------------------------------------------------------------

================================================================================ python-django-dajaxice-0.6-1.el6 (FEDORA-EPEL-2014-1672) Agnostic and easy to use AJAX library for Django -------------------------------------------------------------------------------- Update Information:

New upstream release 0.6. You can find the changes in the upstream description at http://django-dajaxice.readthedocs.org/en/latest/changelog.html#id1 -------------------------------------------------------------------------------- ChangeLog:

* Tue Jun 17 2014 Richard Marko rmarko@fedoraproject.org - 0.6-1 - New upstream release --------------------------------------------------------------------------------

================================================================================ rubygem-deep_merge-1.0.1-5.el6 (FEDORA-EPEL-2014-1673) Merge Deeply Nested Hashes -------------------------------------------------------------------------------- Update Information:

New package rubygem-deep_merge - Merges deep hashes in ruby -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1064352 - Review Request: rubygem-deep_merge - Merges deep hashes in ruby. https://bugzilla.redhat.com/show_bug.cgi?id=1064352 --------------------------------------------------------------------------------

================================================================================ udt-4.11-2.el6 (FEDORA-EPEL-2014-1676) UDP based Data Transfer Protocol -------------------------------------------------------------------------------- Update Information:

UDT is a reliable UDP based application level data transport protocol for distributed data intensive applications over wide area high-speed networks. UDT uses UDP to transfer bulk data with its own eliability control and congestion control mechanisms. The new protocol can transfer data at a much higher speed than TCP does. UDT is also a highly configurable framework that can accommodate various congestion control algorithms.

-------------------------------------------------------------------------------- References:

[ 1 ] Bug #1107441 - Review Request: udt - UDP based Data Transfer Protocol https://bugzilla.redhat.com/show_bug.cgi?id=1107441 --------------------------------------------------------------------------------

================================================================================ v8-3.14.5.10-9.el6 (FEDORA-EPEL-2014-1680) JavaScript Engine -------------------------------------------------------------------------------- Update Information:

2014.06.05, Version 0.10.29 (Stable)

* child_process: do not set args before throwing (Greg Sabia Tucker)

* child_process: spawn() does not throw TypeError (Greg Sabia Tucker)

* constants: export O_NONBLOCK (Fedor Indutny)

* crypto: improve memory usage (Alexis Campailla)

* fs: close file if fstat() fails in readFile() (cjihrig)

* lib: name EventEmitter prototype methods (Ben Noordhuis)

* tls: fix performance issue (Alexis Campailla)

The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a stable distribution release. This build of nodejs will behave as if NODE_INVALID_UTF8 was set. For more information on the implications, see: http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/

Additionally, a minor bug in v8 has been fixed that caused certain integer comparisons to return true when they should have returned false.

Please note that there is no OpenSSL security fixes as part of this update as there were upstream; nodejs in EPEL uses the system OpenSSL library included with RHEL and thus receives security updates as soon as the "openssl" packages on your system are updated. -------------------------------------------------------------------------------- ChangeLog:

* Thu Jun 19 2014 T.C. Hollingsworth tchollingsworth@gmail.com - 1:3.14.5.10-9 - fix corner case in integer comparisons (v8 bug#2416; nodejs bug#7528) --------------------------------------------------------------------------------