The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/rt3-3.8.10-2.el6.1
https://admin.fedoraproject.org/updates/bugzilla-3.4.11-1.el6
https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.1...
https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el6
https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.5-1.el6
https://admin.fedoraproject.org/updates/perl-FCGI-0.71-4.el6
https://admin.fedoraproject.org/updates/puppet-2.6.6-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
RBTools-0.3.4-1.el6
askbot-0.7.23-1.el6
django-authenticator-0.1.4-1.el6
mongodb-1.8.2-2.el6
moodle-2.1.1-2.el6
proftpd-1.3.3f-1.el6
puppet-2.6.6-2.el6
shorewall-4.4.23.3-1.el6
Details about builds:
================================================================================
RBTools-0.3.4-1.el6 (FEDORA-EPEL-2011-4555)
Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:
* Tue Sep 27 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 0.3.4-1
- New upstream 0.3.4 release
-
http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/
- New Features:
- post-review:
- Added a --change-description option for setting the Change Description
text on drafts
- Bugfixes:
- post-review:
- Newlines in summaries on Git are now converted to spaces, preventing
errors when using --guess-summary
- Fixed authentication failures when accessing a protected /api/info/
URL. This was problematic particularly on RBCommons
- Fixed diff upload problems on Python 2.7
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 0.3.4-1
- New upstream 0.3.4 release
-
http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/
- New Features:
- post-review:
- Added a --change-description option for setting the Change Description
text on drafts
- Bugfixes:
- post-review:
- Newlines in summaries on Git are now converted to spaces, preventing
errors when using --guess-summary
- Fixed authentication failures when accessing a protected /api/info/
URL. This was problematic particularly on RBCommons
- Fixed diff upload problems on Python 2.7
--------------------------------------------------------------------------------
================================================================================
askbot-0.7.23-1.el6 (FEDORA-EPEL-2011-4550)
Question and Answer forum
--------------------------------------------------------------------------------
Update Information:
upfiles alias for httpd configuration. several minor enhancements and bug fixes
* if RHEL, then depend on python-dateutil15 instead of python-dateutil
* add README.fedora and configuration files for multi-site deployment
* update wsgi, apache httpd configuration and settings.py setup template
* thanks to Toshio Kuriotami for suggesting and reviewing the changes
--------------------------------------------------------------------------------
================================================================================
django-authenticator-0.1.4-1.el6 (FEDORA-EPEL-2011-4557)
Authentication client for django
--------------------------------------------------------------------------------
Update Information:
django-authenticator isn a forked version of django-authopenid module. It is developed for
the Askbot project.
--------------------------------------------------------------------------------
================================================================================
mongodb-1.8.2-2.el6 (FEDORA-EPEL-2011-4552)
High-performance, schema-free document-oriented database
--------------------------------------------------------------------------------
Update Information:
Update EPEL 6 to mongodb 1.8.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 13 2011 Chris Lalancette <clalance(a)redhat.com> - 1.8.2-2
- Make mongodb-devel require boost-devel (BZ 703184)
* Fri Jul 1 2011 Chris Lalancette <clalance(a)redhat.com> - 1.8.2-1
- Update to upstream 1.8.2
- Add patch to ignore TERM
* Fri Jul 1 2011 Chris Lalancette <clalance(a)redhat.com> - 1.8.0-3
- Bump release to build against new boost package
* Sat Mar 19 2011 Nathaniel McCallum <nathaniel(a)natemccallum.com> - 1.8.0-2
- Make mongod bind only to 127.0.0.1 by default
* Sat Mar 19 2011 Nathaniel McCallum <nathaniel(a)natemccallum.com> - 1.8.0-1
- Update to 1.8.0
- Remove upstreamed nonce patch
* Wed Feb 16 2011 Nathaniel McCallum <nathaniel(a)natemccallum.com> - 1.7.5-5
- Add nonce patch
* Sun Feb 13 2011 Nathaniel McCallum <nathaniel(a)natemccallum.com> - 1.7.5-4
- Manually define to use boost-fs v2
* Sat Feb 12 2011 Nathaniel McCallum <nathaniel(a)natemccallum.com> - 1.7.5-3
- Disable extra warnings
* Fri Feb 11 2011 Nathaniel McCallum <nathaniel(a)natemccallum.com> - 1.7.5-2
- Disable compilation errors on warnings
* Fri Feb 11 2011 Nathaniel McCallum <nathaniel(a)natemccallum.com> - 1.7.5-1
- Update to 1.7.5
- Remove CPPFLAGS override
- Added libmongodb package
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.6.4-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
moodle-2.1.1-2.el6 (FEDORA-EPEL-2011-4551)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Minor change to cron setup.
Update to 2.1.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2011 Jon Ciesla <limb(a)jcomserv.net> - 2.1.1-2
- Switched to cli cron script, BZ 733957.
* Tue Aug 16 2011 Jon Ciesla <limb(a)jcomserv.net> - 2.1.1-1
- New upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #733957 - cron path change in moodle-2.1.1-1.el6.noarch
https://bugzilla.redhat.com/show_bug.cgi?id=733957
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3f-1.el6 (FEDORA-EPEL-2011-4556)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update, to the current upstream maintenance release, fixes a number of bugs as
described in the changelog.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2011 Paul Howarth <paul(a)city-fan.org> 1.3.3f-1
- Update to 1.3.3f, fixing a large number of bugs reported upstream:
- Avoid spinning proftpd process if read(2) returns EAGAIN (bug 3639)
- Segfault seen in mod_sql_mysql if "SQLAuthenticate groupsetfast" used
(bug 3642)
- Disable signal handling for exiting session processes (bug 3644)
- TCPAccessSyslogLevel directive broken by Bug#3317 (bug 3652)
- TLSVerifyOrder directive is broken (bug 3658)
- Segmentation fault if there is regex <IfUser> section in a <VirtualHost>
section; this is a regression caused by a bad backport of the fix for
Bug#3625 to the 1.3.3 branch (bug 3659)
- Filenames with embedded IAC do not get processed correctly (bug 3697)
- Drop upstreamed nostrip patch
- Use new --disable-strip option to retain debugging symbols
- Use upstream LDAP quota table schema rather than our own copy
--------------------------------------------------------------------------------
================================================================================
puppet-2.6.6-2.el6 (FEDORA-EPEL-2011-4553)
A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
A vulnerability was discovered in puppet that would allow an attacker to install a valid
X509 Certificate Signing Request at any location on disk, with the privileges of the
Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce274...
Unless you enable puppet's listen mode on clients, only the puppet master is
vulnerable to this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2011 Todd Zullinger <tmz(a)pobox.com> - 2.6.6-2
- Apply upstream patch for CVE-2011-3848
--------------------------------------------------------------------------------
================================================================================
shorewall-4.4.23.3-1.el6 (FEDORA-EPEL-2011-4558)
An iptables front end for firewall configuration
--------------------------------------------------------------------------------
Update Information:
Update to 4.4.23.3
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.23/releasenotes...
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------