The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.el6
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6
https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6
https://admin.fedoraproject.org/updates/libmodplug-0.8.8.2-1.el6
https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el6
https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.el6
https://admin.fedoraproject.org/updates/tmux-1.4-3.el6
https://admin.fedoraproject.org/updates/asterisk-1.8.3.3-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ack-1.94-1.el6
asterisk-1.8.3.3-1.el6
lua-wsapi-1.3.4-4.el6
perl-JavaScript-Minifier-1.05-6.el6
python-demjson-1.6-1.el6
Details about builds:
================================================================================
ack-1.94-1.el6 (FEDORA-EPEL-2011-3137)
Grep-like text finder
--------------------------------------------------------------------------------
Update Information:
Update to 1.94
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 <ianburrell(a)gmail.com> - 1.94-1
- Update to 1.94
--------------------------------------------------------------------------------
================================================================================
asterisk-1.8.3.3-1.el6 (FEDORA-EPEL-2011-3141)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:
* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)
The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
Security advisory AST-2011-005 and AST-2011-006 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.8.3.3-1
- The Asterisk Development Team has announced security releases for Asterisk
- branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
- released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
-
- These releases are available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
- issues:
-
- * File Descriptor Resource Exhaustion (AST-2011-005)
- * Asterisk Manager User Shell Access (AST-2011-006)
-
- The issues and resolutions are described in the AST-2011-005 and AST-2011-006
- security advisories.
-
- For more information about the details of these vulnerabilities, please read the
- security advisories AST-2011-005 and AST-2011-006, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
- Security advisory AST-2011-005 and AST-2011-006 are available at:
-
-
http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
-
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
* Wed Mar 23 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.8.3.2-2
- Bump release and rebuild for mysql 5.5.10 soname change.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #698916 - CVE-2011-1507 Asterisk: file descriptor resource exhaustion
(AST-2011-005)
https://bugzilla.redhat.com/show_bug.cgi?id=698916
[ 2 ] Bug #698917 - CVE-2011-1599 Asterisk: Shell command execution via manager
Originate action (AST-2011-006)
https://bugzilla.redhat.com/show_bug.cgi?id=698917
--------------------------------------------------------------------------------
================================================================================
lua-wsapi-1.3.4-4.el6 (FEDORA-EPEL-2011-3138)
Lua Web Server API
--------------------------------------------------------------------------------
Update Information:
Require lua-coxpcall, fixes #666090
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Tim Niemueller <tim(a)niemueller.de> - 1.3.4-4
- Require lua-coxpcall, fixes #666090
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #666090 - broken lua-wsapi package
https://bugzilla.redhat.com/show_bug.cgi?id=666090
--------------------------------------------------------------------------------
================================================================================
perl-JavaScript-Minifier-1.05-6.el6 (FEDORA-EPEL-2011-3139)
Perl extension for minifying JavaScript code
--------------------------------------------------------------------------------
Update Information:
First EPEL build.
--------------------------------------------------------------------------------
================================================================================
python-demjson-1.6-1.el6 (FEDORA-EPEL-2011-3136)
Python JSON module and lint checker
--------------------------------------------------------------------------------
Update Information:
Update to version 1.6, with these improvements and changes:
* Bug fix: The jsonlint tool failed to accept a JSON document from standard input (stdin).
Also added a --version and --copyright option support to jsonlint.
--------------------------------------------------------------------------------