Fedora EPEL 6 updates-testing report - epel-devel - Fedora mailing-lists

12 Mar 2013


      The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 512  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribbl...
 324  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1...
 247  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1....
  24  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0376/openconnect-4....
  17  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0420/awstats-7.0-3....
  17  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0423/nginx-1.0.15-4...
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0532/euca2ools-2.1....
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0568/mediawiki119-1...
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0622/firebird-2.5.2...
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0632/privoxy-3.0.21...
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0634/openstack-keys...
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0637/seamonkey-2.16...
The following builds have been pushed to Fedora EPEL 6 updates-testing
erlang-erlydtl-0.7.0-1.20130214git6a9845f.el6
    erlang-rebar-2.1.0-0.4.el6
    fedocal-0.1.0-3.el6
    libiscsi-1.7.0-3.el6
    openstack-cinder-2012.2.3-1.el6
    openstack-keystone-2012.2.3-4.el6
    openstack-quantum-2012.2.3-2.el6
    ovirt-engine-cli-3.2.0.11-1.el6
    ovirt-engine-sdk-3.2.0.10-1.el6
    privoxy-3.0.21-1.el6
    python-django-dajax-0.9.2-1.el6
    python-django-dajaxice-0.5.5-2.el6
    python-glanceclient-0.8.0-1.el6
    python-tahrir-api-0.1.7-3.el6
    python-websockify-0.2.0-4.el6
    salt-api-0.7.5-3.el6
    seamonkey-2.16.1-1.el6
Details about builds:
================================================================================
 erlang-erlydtl-0.7.0-1.20130214git6a9845f.el6 (FEDORA-EPEL-2013-0638)
 Erlang implementation of the Django Template Language
--------------------------------------------------------------------------------
Update Information:
* Update to the latest git snapshot
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
 erlang-rebar-2.1.0-0.4.el6 (FEDORA-EPEL-2013-0633)
 Erlang Build Tools
--------------------------------------------------------------------------------
Update Information:
* Backported fix for ErlyDTL templates compilation.
* Fix building ports
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2013 Peter Lemenkov lemenkov@gmail.com - 2.1.0-0.4
- backported fix for ErlyDTL templates compilation
* Wed Mar  6 2013 Peter Lemenkov lemenkov@gmail.com - 2.1.0-0.3
- Don't bootstrap anymore - use rebar for building rebar
* Sun Mar  3 2013 Peter Lemenkov lemenkov@gmail.com - 2.1.0-0.2
- Backported fix for suppress building *.so libraries everytime
* Sat Mar  2 2013 Peter Lemenkov lemenkov@gmail.com - 2.1.0-0.1
- Ver. 2.1.0-pre
- Remove R12B-related patches (EL5-related)
* Wed Feb 13 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.0.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 fedocal-0.1.0-3.el6 (FEDORA-EPEL-2013-0639)
 A web based calendar application
--------------------------------------------------------------------------------
Update Information:
Bring fedocal 0.0.1 into the Fedora repositories.
--------------------------------------------------------------------------------
================================================================================
 libiscsi-1.7.0-3.el6 (FEDORA-EPEL-2013-0626)
 iSCSI client library
--------------------------------------------------------------------------------
Update Information:
libiscsi is an iSCSI initiator implemented entirely in userspace. It can be used with QEMU to access iSCSI shares from a virtual machine.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #914752 - Review Request: libiscsi - userspace iSCSI initiator
        https://bugzilla.redhat.com/show_bug.cgi?id=914752
--------------------------------------------------------------------------------
================================================================================
 openstack-cinder-2012.2.3-1.el6 (FEDORA-EPEL-2013-0623)
 OpenStack Volume service
--------------------------------------------------------------------------------
Update Information:
- Update to stable Folsom 2012.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 18 2013 Eric Harney eharney@redhat.com - 2012.2.3-1
- Update to Folsom stable release 3
* Wed Jan 23 2013 Martin Magr mmagr@redhat.com - 2012.2.1-1
- Added python-keystone requirement
--------------------------------------------------------------------------------
================================================================================
 openstack-keystone-2012.2.3-4.el6 (FEDORA-EPEL-2013-0634)
 OpenStack Identity Service
--------------------------------------------------------------------------------
Update Information:
update to stable folsom release 2012.2.3 and security updates
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Alan Pevec apevec@redhat.com 2012.2.3-4
- openssl is required for PKI tokens rhbz#918757
* Sat Feb 23 2013 Alan Pevec apevec@redhat.com 2012.2.3-3
- ensure user and tenant are enabled CVE-2013-0282
- disable XML entity parsing CVE-2013-1664, CVE-2013-1665
* Fri Feb  8 2013 Alan Pevec apevec@redhat.com 2012.2.3-2
- limit parameters and tokens size CVE-2013-0247
* Sat Feb  2 2013 Alan Pevec apevec@redhat.com 2012.2.3-1
- updated to stable folsom release 2012.2.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #906171 - CVE-2013-0247 OpenStack Keystone: denial of service through invalid token requests
        https://bugzilla.redhat.com/show_bug.cgi?id=906171
  [ 2 ] Bug #910928 - CVE-2013-0282 OpenStack Keystone: EC2-style authentication accepts disabled user/tenants
        https://bugzilla.redhat.com/show_bug.cgi?id=910928
  [ 3 ] Bug #910221 - CVE-2013-1664 CVE-2013-1665 OpenStack keystone: XML entity parsing
        https://bugzilla.redhat.com/show_bug.cgi?id=910221
--------------------------------------------------------------------------------
================================================================================
 openstack-quantum-2012.2.3-2.el6 (FEDORA-EPEL-2013-0625)
 Virtual network service for OpenStack (quantum)
--------------------------------------------------------------------------------
Update Information:
- Update to stable Folsom 2012.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar  4 2013 Terry Wilson twilson@redhat.com 2012.2.3-2
- Add quantum-ovs-cleanup.service
* Mon Feb 11 2013 Alan Pevec apevec@redhat.com 2012.2.3-1
- Update to folsom stable 2012.2.3
* Wed Jan 23 2013 Martin Magr mmagr@redhat.com - 2012.2.1-2
- Added python-keystone requirement
* Mon Jan 21 2013 Gary Kotton gkotton@redhat.com - 2012.2.1-2
- Ensure libvirt_vif_driver is set with node installation (bug 885932)
- Cleanup of symbolic link plugin.ini (bug 901959)
--------------------------------------------------------------------------------
================================================================================
 ovirt-engine-cli-3.2.0.11-1.el6 (FEDORA-EPEL-2013-0635)
 oVirt Engine Command Line Interface
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.2.0.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Juan Hernandez juan.hernandez@redhat.com - 3.2.0.11-1
- Update to upstream 3.2.0.11
--------------------------------------------------------------------------------
================================================================================
 ovirt-engine-sdk-3.2.0.10-1.el6 (FEDORA-EPEL-2013-0627)
 oVirt Engine Software Development Kit
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.2.0.10
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Juan Hernandez juan.hernandez@redhat.com - 3.2.0.10-1
- Update to upstream 3.2.0.10
--------------------------------------------------------------------------------
================================================================================
 privoxy-3.0.21-1.el6 (FEDORA-EPEL-2013-0632)
 Privacy enhancing proxy
--------------------------------------------------------------------------------
Update Information:
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2503 to the following vulnerability:
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2503
[2] http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposu...
[3] http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1...
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2013 Jon Ciesla limburgher@gmail.com - 3.0.21-1
- 3.0.21, fix for CVE-2013-2503.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #920645 - CVE-2013-2503 privoxy: Proxy-Authentication response spoofing [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=920645
  [ 2 ] Bug #920647 - CVE-2013-2503 privoxy: Proxy-Authentication response spoofing [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=920647
--------------------------------------------------------------------------------
================================================================================
 python-django-dajax-0.9.2-1.el6 (FEDORA-EPEL-2013-0628)
 Library to create asynchronous presentation logic with Django and dajaxice
--------------------------------------------------------------------------------
Update Information:
* Fixed unicode issues
* Fixed django 1.5 compatibility
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 20 2013 Jakub Filak jfilak@redhat.com - 0.9.2-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
 python-django-dajaxice-0.5.5-2.el6 (FEDORA-EPEL-2013-0628)
 Agnostic and easy to use AJAX library for Django
--------------------------------------------------------------------------------
Update Information:
* Fixed unicode issues
* Fixed django 1.5 compatibility
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Jakub Filak jfilak@redhat.com - 0.5.5-2
- Fix requires
* Wed Feb 20 2013 Jakub Filak jfilak@redhat.com - 0.5.5-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
 python-glanceclient-0.8.0-1.el6 (FEDORA-EPEL-2013-0630)
 Python API and CLI for OpenStack Glance
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.0 and use pypi sources.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Jakub Ruzicka jruzicka@redhat.com - 
- Update to 0.8.0.
- Switch from tarballs.openstack.org to pypi sources.
--------------------------------------------------------------------------------
================================================================================
 python-tahrir-api-0.1.7-3.el6 (FEDORA-EPEL-2013-0640)
 An API for interacting with the Tahrir database
--------------------------------------------------------------------------------
Update Information:
Configuration for httpd
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 11 2013 Ralph Bean rbean@redhat.com - 0.1.7-3
- Force version of python-webob
* Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.1.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 python-websockify-0.2.0-4.el6 (FEDORA-EPEL-2013-0629)
 WSGI based adapter for the Websockets protocol
--------------------------------------------------------------------------------
Update Information:
- Add runtime dependency on setuptools
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2013 Pádraig Brady P@draigBrady.com - 0.2.0-4
- Add runtime dependency on setuptools
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #920371 - ImportError: No module named pkg_resources
        https://bugzilla.redhat.com/show_bug.cgi?id=920371
--------------------------------------------------------------------------------
================================================================================
 salt-api-0.7.5-3.el6 (FEDORA-EPEL-2013-0631)
 A web api for to access salt the parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
================================================================================
 seamonkey-2.16.1-1.el6 (FEDORA-EPEL-2013-0637)
 Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.16.1
Fix CVE-2013-0787
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2013 Dmitry Butskoy Dmitry@Butskoy.name 2.16.1-1
- update to 2.16.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #919680 - seamonkey-2.16.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=919680
--------------------------------------------------------------------------------