The following Fedora EPEL 6 Security updates need testing:
Age URL
512
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gri...
324
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
247
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3...
24
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0376/openconnect...
17
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0420/awstats-7.0...
17
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0423/nginx-1.0.1...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0532/euca2ools-2...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0568/mediawiki11...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0622/firebird-2....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0632/privoxy-3.0...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0634/openstack-k...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0637/seamonkey-2...
The following builds have been pushed to Fedora EPEL 6 updates-testing
erlang-erlydtl-0.7.0-1.20130214git6a9845f.el6
erlang-rebar-2.1.0-0.4.el6
fedocal-0.1.0-3.el6
libiscsi-1.7.0-3.el6
openstack-cinder-2012.2.3-1.el6
openstack-keystone-2012.2.3-4.el6
openstack-quantum-2012.2.3-2.el6
ovirt-engine-cli-3.2.0.11-1.el6
ovirt-engine-sdk-3.2.0.10-1.el6
privoxy-3.0.21-1.el6
python-django-dajax-0.9.2-1.el6
python-django-dajaxice-0.5.5-2.el6
python-glanceclient-0.8.0-1.el6
python-tahrir-api-0.1.7-3.el6
python-websockify-0.2.0-4.el6
salt-api-0.7.5-3.el6
seamonkey-2.16.1-1.el6
Details about builds:
================================================================================
erlang-erlydtl-0.7.0-1.20130214git6a9845f.el6 (FEDORA-EPEL-2013-0638)
Erlang implementation of the Django Template Language
--------------------------------------------------------------------------------
Update Information:
* Update to the latest git snapshot
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
erlang-rebar-2.1.0-0.4.el6 (FEDORA-EPEL-2013-0633)
Erlang Build Tools
--------------------------------------------------------------------------------
Update Information:
* Backported fix for ErlyDTL templates compilation.
* Fix building ports
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2013 Peter Lemenkov <lemenkov(a)gmail.com> - 2.1.0-0.4
- backported fix for ErlyDTL templates compilation
* Wed Mar 6 2013 Peter Lemenkov <lemenkov(a)gmail.com> - 2.1.0-0.3
- Don't bootstrap anymore - use rebar for building rebar
* Sun Mar 3 2013 Peter Lemenkov <lemenkov(a)gmail.com> - 2.1.0-0.2
- Backported fix for suppress building *.so libraries everytime
* Sat Mar 2 2013 Peter Lemenkov <lemenkov(a)gmail.com> - 2.1.0-0.1
- Ver. 2.1.0-pre
- Remove R12B-related patches (EL5-related)
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
fedocal-0.1.0-3.el6 (FEDORA-EPEL-2013-0639)
A web based calendar application
--------------------------------------------------------------------------------
Update Information:
Bring fedocal 0.0.1 into the Fedora repositories.
--------------------------------------------------------------------------------
================================================================================
libiscsi-1.7.0-3.el6 (FEDORA-EPEL-2013-0626)
iSCSI client library
--------------------------------------------------------------------------------
Update Information:
libiscsi is an iSCSI initiator implemented entirely in userspace. It can be used with QEMU
to access iSCSI shares from a virtual machine.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #914752 - Review Request: libiscsi - userspace iSCSI initiator
https://bugzilla.redhat.com/show_bug.cgi?id=914752
--------------------------------------------------------------------------------
================================================================================
openstack-cinder-2012.2.3-1.el6 (FEDORA-EPEL-2013-0623)
OpenStack Volume service
--------------------------------------------------------------------------------
Update Information:
- Update to stable Folsom 2012.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 18 2013 Eric Harney <eharney(a)redhat.com> - 2012.2.3-1
- Update to Folsom stable release 3
* Wed Jan 23 2013 Martin Magr <mmagr(a)redhat.com> - 2012.2.1-1
- Added python-keystone requirement
--------------------------------------------------------------------------------
================================================================================
openstack-keystone-2012.2.3-4.el6 (FEDORA-EPEL-2013-0634)
OpenStack Identity Service
--------------------------------------------------------------------------------
Update Information:
update to stable folsom release 2012.2.3 and security updates
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Alan Pevec <apevec(a)redhat.com> 2012.2.3-4
- openssl is required for PKI tokens rhbz#918757
* Sat Feb 23 2013 Alan Pevec <apevec(a)redhat.com> 2012.2.3-3
- ensure user and tenant are enabled CVE-2013-0282
- disable XML entity parsing CVE-2013-1664, CVE-2013-1665
* Fri Feb 8 2013 Alan Pevec <apevec(a)redhat.com> 2012.2.3-2
- limit parameters and tokens size CVE-2013-0247
* Sat Feb 2 2013 Alan Pevec <apevec(a)redhat.com> 2012.2.3-1
- updated to stable folsom release 2012.2.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #906171 - CVE-2013-0247 OpenStack Keystone: denial of service through invalid
token requests
https://bugzilla.redhat.com/show_bug.cgi?id=906171
[ 2 ] Bug #910928 - CVE-2013-0282 OpenStack Keystone: EC2-style authentication accepts
disabled user/tenants
https://bugzilla.redhat.com/show_bug.cgi?id=910928
[ 3 ] Bug #910221 - CVE-2013-1664 CVE-2013-1665 OpenStack keystone: XML entity parsing
https://bugzilla.redhat.com/show_bug.cgi?id=910221
--------------------------------------------------------------------------------
================================================================================
openstack-quantum-2012.2.3-2.el6 (FEDORA-EPEL-2013-0625)
Virtual network service for OpenStack (quantum)
--------------------------------------------------------------------------------
Update Information:
- Update to stable Folsom 2012.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 4 2013 Terry Wilson <twilson(a)redhat.com> 2012.2.3-2
- Add quantum-ovs-cleanup.service
* Mon Feb 11 2013 Alan Pevec <apevec(a)redhat.com> 2012.2.3-1
- Update to folsom stable 2012.2.3
* Wed Jan 23 2013 Martin Magr <mmagr(a)redhat.com> - 2012.2.1-2
- Added python-keystone requirement
* Mon Jan 21 2013 Gary Kotton <gkotton(a)redhat.com> - 2012.2.1-2
- Ensure libvirt_vif_driver is set with node installation (bug 885932)
- Cleanup of symbolic link plugin.ini (bug 901959)
--------------------------------------------------------------------------------
================================================================================
ovirt-engine-cli-3.2.0.11-1.el6 (FEDORA-EPEL-2013-0635)
oVirt Engine Command Line Interface
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.2.0.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Juan Hernandez <juan.hernandez(a)redhat.com> - 3.2.0.11-1
- Update to upstream 3.2.0.11
--------------------------------------------------------------------------------
================================================================================
ovirt-engine-sdk-3.2.0.10-1.el6 (FEDORA-EPEL-2013-0627)
oVirt Engine Software Development Kit
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.2.0.10
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Juan Hernandez <juan.hernandez(a)redhat.com> - 3.2.0.10-1
- Update to upstream 3.2.0.10
--------------------------------------------------------------------------------
================================================================================
privoxy-3.0.21-1.el6 (FEDORA-EPEL-2013-0632)
Privacy enhancing proxy
--------------------------------------------------------------------------------
Update Information:
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2503 to the following
vulnerability:
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization
headers in the client-server data stream, which makes it easier for remote HTTP servers to
spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status
code.
References:
[1]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2503
[2]
http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exp...
[3]
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revisio...
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2013 Jon Ciesla <limburgher(a)gmail.com> - 3.0.21-1
- 3.0.21, fix for CVE-2013-2503.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #920645 - CVE-2013-2503 privoxy: Proxy-Authentication response spoofing
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=920645
[ 2 ] Bug #920647 - CVE-2013-2503 privoxy: Proxy-Authentication response spoofing
[epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=920647
--------------------------------------------------------------------------------
================================================================================
python-django-dajax-0.9.2-1.el6 (FEDORA-EPEL-2013-0628)
Library to create asynchronous presentation logic with Django and dajaxice
--------------------------------------------------------------------------------
Update Information:
* Fixed unicode issues
* Fixed django 1.5 compatibility
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 20 2013 Jakub Filak <jfilak(a)redhat.com> - 0.9.2-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
python-django-dajaxice-0.5.5-2.el6 (FEDORA-EPEL-2013-0628)
Agnostic and easy to use AJAX library for Django
--------------------------------------------------------------------------------
Update Information:
* Fixed unicode issues
* Fixed django 1.5 compatibility
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Jakub Filak <jfilak(a)redhat.com> - 0.5.5-2
- Fix requires
* Wed Feb 20 2013 Jakub Filak <jfilak(a)redhat.com> - 0.5.5-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
python-glanceclient-0.8.0-1.el6 (FEDORA-EPEL-2013-0630)
Python API and CLI for OpenStack Glance
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.0 and use pypi sources.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Jakub Ruzicka <jruzicka(a)redhat.com> -
- Update to 0.8.0.
- Switch from
tarballs.openstack.org to pypi sources.
--------------------------------------------------------------------------------
================================================================================
python-tahrir-api-0.1.7-3.el6 (FEDORA-EPEL-2013-0640)
An API for interacting with the Tahrir database
--------------------------------------------------------------------------------
Update Information:
Configuration for httpd
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Ralph Bean <rbean(a)redhat.com> - 0.1.7-3
- Force version of python-webob
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.1.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-websockify-0.2.0-4.el6 (FEDORA-EPEL-2013-0629)
WSGI based adapter for the Websockets protocol
--------------------------------------------------------------------------------
Update Information:
- Add runtime dependency on setuptools
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2013 Pádraig Brady <P(a)draigBrady.com> - 0.2.0-4
- Add runtime dependency on setuptools
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #920371 - ImportError: No module named pkg_resources
https://bugzilla.redhat.com/show_bug.cgi?id=920371
--------------------------------------------------------------------------------
================================================================================
salt-api-0.7.5-3.el6 (FEDORA-EPEL-2013-0631)
A web api for to access salt the parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
================================================================================
seamonkey-2.16.1-1.el6 (FEDORA-EPEL-2013-0637)
Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.16.1
Fix CVE-2013-0787
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2013 Dmitry Butskoy <Dmitry(a)Butskoy.name> 2.16.1-1
- update to 2.16.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #919680 - seamonkey-2.16.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=919680
--------------------------------------------------------------------------------