The following Fedora EPEL 6 Security updates need testing:
Age URL
893
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
225
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
112
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2655/python-oaut...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2750/libsrtp-1.4...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2719/nodejs-0.10...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2742/TeXmacs-1.0...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2713/putty-0.63-...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2850/nginx-1.0.1...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2811/nodejs-qs-0...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2821/nodejs-send...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2801/seamonkey-2...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2981/check-mk-1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3080/phpMyAdmin-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3024/rssh-2.3.4-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3082/golang-1.3....
The following builds have been pushed to Fedora EPEL 6 updates-testing
golang-1.3.3-1.el6
jbrout-0.4-0.13.git20140930reva7c8fb8.el6
jglobus-2.1.0-1.el6
mediawiki119-1.19.20-1.el6
perl-Array-Unique-0.08-2.el6
php-tcpdf-6.0.094-1.el6
phpMyAdmin-4.0.10.4-1.el6
pkgwat-0.10-3.el6
pyexiv2-0.3.2-13.el6
python-behave-1.2.4-4.el6
python-mwclient-0.7.0-1.el6
python-pkgwat-api-0.12-3.el6
uid_wrapper-1.0.2-3.el6
Details about builds:
================================================================================
golang-1.3.3-1.el6 (FEDORA-EPEL-2014-3082)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
update to go1.3.3 (bz1146882)
update to go1.3.2 (bz1147324)
more work to get cgo.a timestamps to line up, due to build-env
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3.3-1
- update to go1.3.3 (bz1146882)
* Mon Sep 29 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3.2-1
- update to go1.3.2 (bz1147324)
* Wed Aug 13 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-22
- more work to get cgo.a timestamps to line up, due to build-env
* Wed Aug 13 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-21
- touch cgo.a regardless
* Wed Aug 13 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-20
- rpm dependency ordering for %post
* Tue Aug 12 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-19
- finally check for a Stale cgo in a %post
* Tue Aug 12 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-18
- explicitly list all the files and directories for the packages trees
* Tue Aug 12 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-17
- explicitly list all the files and directories of the src tree, to preserve timestamps
* Mon Aug 11 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-16
- touch all the built archives to be the same
* Mon Aug 11 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-15
- make golang-src 'noarch' again, since that was not a fix, and takes up more
space
* Mon Aug 11 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-14
- update timestamps of source files during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-13
- update timestamps of source during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-12
- set another version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-11
- set a version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-10
- make the source subpackage arch'ed, instead of noarch
* Tue Jul 15 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-9
- fix the loading of gdb safe-path. bz981356
* Tue Jul 8 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.2.2-8
- `go install std` requires gcc, to build cgo. bz1105901, bz1101508
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1147324 - CVE-2014-7189 golang: TLS client authentication issue fixed in
version 1.3.2
https://bugzilla.redhat.com/show_bug.cgi?id=1147324
--------------------------------------------------------------------------------
================================================================================
jbrout-0.4-0.13.git20140930reva7c8fb8.el6 (FEDORA-EPEL-2014-3085)
Photo manager, written in python/pygtk
--------------------------------------------------------------------------------
Update Information:
New checkout from the upstream.
New package introducced to EL-6 branch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1114394 - [abrt] jbrout: jbrout.py:42:<module>:TypeError: sequence item
0: expected string, NoneType found
https://bugzilla.redhat.com/show_bug.cgi?id=1114394
[ 2 ] Bug #749473 - Please, create EL6 branch in EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=749473
--------------------------------------------------------------------------------
================================================================================
jglobus-2.1.0-1.el6 (FEDORA-EPEL-2014-3072)
Globus Java client libraries
--------------------------------------------------------------------------------
Update Information:
JGlobus 2.1.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 2.1.0-1
- 2.1.0 final release
- Drop patches included upstream
- Install pom files
--------------------------------------------------------------------------------
================================================================================
mediawiki119-1.19.20-1.el6 (FEDORA-EPEL-2014-3064)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
(bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 Patrick Uiterwijk <puiterwijk(a)redhat.com> - 1.19.20-1
- Update to 1.19.20
- (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance
* Thu Sep 25 2014 Patrick Uiterwijk <puiterwijk(a)redhat.com> - 1.19.19-1
- Update to 1.19.19
- (bug 69008) SECURITY: Enhance CSS filtering in SVG files
--------------------------------------------------------------------------------
================================================================================
perl-Array-Unique-0.08-2.el6 (FEDORA-EPEL-2014-3068)
Tie-able array that allows only unique values
--------------------------------------------------------------------------------
Update Information:
perl-Array-Unique: initial submission
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139043 - Review Request: perl-Array-Unique - Tie-able array that allows only
unique values
https://bugzilla.redhat.com/show_bug.cgi?id=1139043
--------------------------------------------------------------------------------
================================================================================
php-tcpdf-6.0.094-1.el6 (FEDORA-EPEL-2014-3084)
PHP class for generating PDF documents and barcodes
--------------------------------------------------------------------------------
Update Information:
6.0.094 (2014-09-30)
* Bug item #978 "Variable Undefined: $cborder" was fixed.
6.0.093 (2014-09-02)
* Security fix: some serialize/unserialize methods were replaced with
json_encode/json_decode to avoid a potential object injection with user supplied content.
Thanks to ownCloud Inc. for reporting this issue.
* K_TIMEZONE constant was added to the default configuration to supress date-time
warnings.
6.0.092 (2014-09-01)
* Bug item #956 "Monospaced fonts are not alignd at the baseline" was fixed.
* Bug item #964 "Problem when changing font size" was fixed.
* Bug item #969 "ImageSVG with radialGradient problem" was fixed.
* sRGB.icc file was replaced with the one from the Debian package icc-profiles-free
(2.0.1+dfsg-1)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 Remi Collet <remi(a)fedoraproject.org> - 6.0.094-1
- update to 6.0.094
* Wed Sep 17 2014 Robert Scheck <robert(a)fedoraproject.org> - 6.0.091-2
- buildrequire php-cli >= 5.3 (#1121745)
- added provides for php-* if package is used on EL-5 (#1121745)
- corrected inter-package dependencies (Remi Collet)
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.4-1.el6 (FEDORA-EPEL-2014-3080)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.4 (2014-10-01)
================================
- [security] XSS vulnerabilities in table search and table structure pages
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 Robert Scheck <robert(a)fedoraproject.org> 4.0.10.4-1
- Upgrade to 4.0.10.4 (#1148664)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148664 - CVE-2014-7217 phpmyadmin: cross-site scripting (XSS) flaw fixed in
versions 4.0.10.4, 4.1.14.5, and 4.2.9.1 (PMASA-2014-11)
https://bugzilla.redhat.com/show_bug.cgi?id=1148664
--------------------------------------------------------------------------------
================================================================================
pkgwat-0.10-3.el6 (FEDORA-EPEL-2014-3063)
CLI tool for querying the fedora packages webapp
--------------------------------------------------------------------------------
Update Information:
Branch for epel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148215 - Please package pkgwat for EL6 and EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1148215
--------------------------------------------------------------------------------
================================================================================
pyexiv2-0.3.2-13.el6 (FEDORA-EPEL-2014-3078)
Python binding to exiv2
--------------------------------------------------------------------------------
Update Information:
Rebuilt for EPEL-6
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3.2-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3.2-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 23 2014 David Tardon <dtardon(a)redhat.com> - 0.3.2-11
- rebuild for boost 1.55.0
* Tue Dec 3 2013 Rex Dieter <rdieter(a)fedoraproject.org> - 0.3.2-10
- rebuild (exiv2)
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3.2-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sat Jul 27 2013 pmachata(a)redhat.com - 0.3.2-8
- Rebuild for boost 1.54.0
* Sun Feb 10 2013 Denis Arnaud <denis.arnaud_fedora(a)m4x.org> - 0.3.2-7
- Rebuild for Boost-1.53.0
* Sat Feb 9 2013 Denis Arnaud <denis.arnaud_fedora(a)m4x.org> - 0.3.2-6
- Rebuild for Boost-1.53.0
--------------------------------------------------------------------------------
================================================================================
python-behave-1.2.4-4.el6 (FEDORA-EPEL-2014-3081)
Tools for the behavior-driven development, Python style
--------------------------------------------------------------------------------
Update Information:
Add another patch to fix an Unicode error (thanks to vbenes for help)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 12 2014 Matěj Cepl <mcepl(a)redhat.com> - 1.2.4-4
- Add another patch to fix an Unicode error (thanks for vbenes for
fixing my earlier proposal).
--------------------------------------------------------------------------------
================================================================================
python-mwclient-0.7.0-1.el6 (FEDORA-EPEL-2014-3089)
Mwclient is a client to the MediaWiki API
--------------------------------------------------------------------------------
Update Information:
This update provides the new 0.7.0 release of python-mwclient. The upstream changelog is
available at
https://github.com/mwclient/mwclient/blob/v0.7.0/RELEASE-NOTES.md . Notably,
the Page.edit() method is technically deprecated in this release, though the deprecation
notice is silent by default and it will continue to work fine. The new name is
Page.text(). There should be no API incompatibility with the previous 0.6.5 release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Adam Williamson <awilliam(a)redhat.com> - 0.7.0-1
- new release: 0.7.0
- update for github source, use of setuptools and modern Python packaging rules
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.6.5-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.6.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.6.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.6.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.6.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-pkgwat-api-0.12-3.el6 (FEDORA-EPEL-2014-3083)
Python API for querying the fedora packages webapp
--------------------------------------------------------------------------------
Update Information:
Branch for epel
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.12-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Kalev Lember <kalevlember(a)gmail.com> - 0.12-2
- Rebuilt for
https://fedoraproject.org/wiki/Changes/Python_3.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148215 - Please package pkgwat for EL6 and EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1148215
--------------------------------------------------------------------------------
================================================================================
uid_wrapper-1.0.2-3.el6 (FEDORA-EPEL-2014-3075)
A wrapper for privilege separation
--------------------------------------------------------------------------------
Update Information:
Do not own /usr/lib64/cmake.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 - Andreas Schneider <asn(a)redhat.com> - 1.0.2-3
- resolves: #1146410 - Do not own /usr/lib64/cmake.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1146410 - uid_wrapper owns /usr/lib64/cmake
https://bugzilla.redhat.com/show_bug.cgi?id=1146410
--------------------------------------------------------------------------------