The following Fedora EPEL 6 Security updates need testing:
Age URL
830
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
177
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
162
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
71
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1471/chicken-4.8...
67
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1477/drupal7-vie...
49
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
39
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1693/perl-Email-...
34
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1745/mediawiki11...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1961/cobbler-2.6...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1923/sdcc-3.2.0-...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1947/drupal6-6.3...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1980/moodle-2.4....
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1940/phpMyAdmin-...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1999/exim-4.72-6...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2045/ansible-1.6...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2050/drupal7-7.3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2084/drupal7-dat...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2088/tor-0.2.4.2...
The following builds have been pushed to Fedora EPEL 6 updates-testing
Xnee-3.19-1.el6
drupal7-date-2.8-1.el6
drupal7-features-2.1-1.el6
golang-github-codegangsta-cli-1.1.0-1.el6
golang-github-tchap-go-patricia-1.0.1-4.el6
opendkim-2.9.2-1.el6
packagedb-cli-2.5-1.el6
python-flask-admin-1.0.8-2.el6
python-six-1.7.3-1.el6
retrace-server-1.12-2.el6
tor-0.2.4.23-1.el6
Details about builds:
================================================================================
Xnee-3.19-1.el6 (FEDORA-EPEL-2014-2091)
X11 environment recorder
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 30 2014 Matthieu Saulnier <fantom(a)fedoraproject.org> - 3.19-1
- Update to 3.19
- Fix spelling-error in summary and description
- Fix bogus date in %changelog section in spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1095296 - Xnee-3.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1095296
--------------------------------------------------------------------------------
================================================================================
drupal7-date-2.8-1.el6 (FEDORA-EPEL-2014-2084)
This package contains both the Date module and a Date API module
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.8 release due to security fix for CVE-2014-5169
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 31 2014 Jared Smith <jsmith(a)fedoraproject.org> 2.8-1
- Update to upstream 2.8 release
- This release fixes an XSS issue, CVE-2014-5169
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1125283 - CVE-2014-5169 drupal7-date: Cross Site Scripting (XSS)
https://bugzilla.redhat.com/show_bug.cgi?id=1125283
--------------------------------------------------------------------------------
================================================================================
drupal7-features-2.1-1.el6 (FEDORA-EPEL-2014-2090)
Provides feature management for Drupal
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.1 release for bug fixes. For more details, refer to:
https://www.drupal.org/node/2311903
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 30 2014 Paul W. Frields <stickster(a)gmail.com> - 2.1-1
- Update to upstream 2.1 release for bug fixes
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1124742 - drupal7-features-2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1124742
--------------------------------------------------------------------------------
================================================================================
golang-github-codegangsta-cli-1.1.0-1.el6 (FEDORA-EPEL-2014-2083)
Package for building command line apps in Go
--------------------------------------------------------------------------------
Update Information:
27ecc97192df1bf053a22b04463f2b51b8b8373e tagged 1.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1114175 - Review Request: golang-github-codegangsta-cli - Package for
building command line apps in Go
https://bugzilla.redhat.com/show_bug.cgi?id=1114175
--------------------------------------------------------------------------------
================================================================================
golang-github-tchap-go-patricia-1.0.1-4.el6 (FEDORA-EPEL-2014-2086)
A generic patricia trie implemented in Go
--------------------------------------------------------------------------------
Update Information:
Resolves: rhbz#1117562 - package review request
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1117562 - Review Request: golang-github-tchap-go-patricia - A generic
patricia trie implemented in Go
https://bugzilla.redhat.com/show_bug.cgi?id=1117562
--------------------------------------------------------------------------------
================================================================================
opendkim-2.9.2-1.el6 (FEDORA-EPEL-2014-2078)
A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
--------------------------------------------------------------------------------
Update Information:
Updating to newer upstream source: 2.9.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 30 2014 Steve Jenkins <steve(a)stevejenkins.com> - 2.9.2-1
- Updated to use newer upstream 2.9.2 source code
- Fixed invalid date in changelog
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.9.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #973541 - opendkim-2.9.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=973541
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-2.5-1.el6 (FEDORA-EPEL-2014-2085)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
Packagedb-cli Release 2.5
* Fix logging (cf rhbz#1123524)
* Add the update_critpath
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 30 2014 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 2.5-1
- Update to 2.5
- Fixes
https://bugzilla.redhat.com/1123524 (Don't add stream handler to root
logger in library)
- Add the update_critpath method to pkgdb2client
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1123524 - Don't add stream handler to root logger in library
https://bugzilla.redhat.com/show_bug.cgi?id=1123524
--------------------------------------------------------------------------------
================================================================================
python-flask-admin-1.0.8-2.el6 (FEDORA-EPEL-2014-2082)
Simple and extensible admin interface framework for Flask
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.8
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Apr 29 2014 Matej Stuchlik <mstuchli(a)redhat.com> - 1.0.8-1
- Updated to 1.0.8
- Removed unnecessary requires
* Wed Jan 8 2014 Matej Stuchlik <mstuchli(a)redhat.com> - 1.0.7-1
- Updated to 1.0.7
* Tue Aug 13 2013 Matej Stuchlik <mstuchli(a)redhat.com> - 1.0.6-1
- Updated to 1.0.6
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1122044 - Update version?
https://bugzilla.redhat.com/show_bug.cgi?id=1122044
--------------------------------------------------------------------------------
================================================================================
python-six-1.7.3-1.el6 (FEDORA-EPEL-2014-2079)
Python 2 and 3 compatibility utilities
--------------------------------------------------------------------------------
Update Information:
- Latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 31 2014 Pádraig Brady <pbrady(a)redhat.com> - 1.7.3-1
- Latest upstream
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.6.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 8 2014 Orion Poplawski <orion(a)cora.nwra.com> - 1.6.1-2
- Rebuild for Python 3.4
--------------------------------------------------------------------------------
================================================================================
retrace-server-1.12-2.el6 (FEDORA-EPEL-2014-2089)
Application for remote coredump analysis
--------------------------------------------------------------------------------
Update Information:
update to 1.12
update to 1.11
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 31 2014 Michal Toman <mtoman(a)redhat.com> 1.12-1
- do not run kmem on vmcores by default
- fix group readability of vmcores
- add support for lzop compression
- add DeleteFailedTaskAfter config option
- add arch-based remote execution
- add set-success and set-fail actions to retrace-server-interact
- add config sanity checks to retrace-server-cleanup
* Thu Feb 27 2014 Michal Toman <mtoman(a)redhat.com> 1.11-1
- do not die trying to chmod a hardling
- do not hardlink unpacked vmcores
- print command line formatted correctly
- allow submitting vmcores with spaces in file name
- do not run makedumpfile when not necessary
- allow to specify kernel VRA with custom cores
- do not require the trailing slash in task manager URL
- do not kill retrace-server-cleanup when retrace_log does not exist
- cache kernel version into task directory
- add support for ppc64, s390x
- include floating point registers in userspace backtraces
- execute ABRT's exploitability plugin if available
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1095349 - Lessen risk of premature vmcore removal by clarifing comments in
retrace-server.conf and possibly add checks to avoid misconfiguration of cleanup job
https://bugzilla.redhat.com/show_bug.cgi?id=1095349
[ 2 ] Bug #1124477 - permanent non-final task state possible, forcing fail value into
'status' file crashes web UI
https://bugzilla.redhat.com/show_bug.cgi?id=1124477
[ 3 ] Bug #1099144 - Some vmcores kernel version (RHEL5 at least) not automatically
detected but require using "Kernel VRA" to setup debuginfo symbols
https://bugzilla.redhat.com/show_bug.cgi?id=1099144
[ 4 ] Bug #1080199 - abrt retrace-server needs to support lzo un-compression
https://bugzilla.redhat.com/show_bug.cgi?id=1080199
[ 5 ] Bug #1086321 - RFE: Add more aggressive removal option for retrace-server tasks
with 'status == STATUS_FAIL' after X days
https://bugzilla.redhat.com/show_bug.cgi?id=1086321
[ 6 ] Bug #1074596 - don't run 'kmem -f by default
https://bugzilla.redhat.com/show_bug.cgi?id=1074596
[ 7 ] Bug #999643 - Allow case number to be added on the screen where you submit a
vmcore
https://bugzilla.redhat.com/show_bug.cgi?id=999643
[ 8 ] Bug #1015177 - Handle vmcores uploaded with spaces in the name
https://bugzilla.redhat.com/show_bug.cgi?id=1015177
[ 9 ] Bug #1033668 - manual crash command to run 32-bit vmcores has a minor problem -
should be enclosed in double quotes
https://bugzilla.redhat.com/show_bug.cgi?id=1033668
[ 10 ] Bug #1038731 - Queuing a gzipped file via "Custom Core Location" hangs
indefinitely - manually gunzip and resubmit works
https://bugzilla.redhat.com/show_bug.cgi?id=1038731
[ 11 ] Bug #1051091 - retrace-server-cleanup job crashes if retrace_log does not exist
https://bugzilla.redhat.com/show_bug.cgi?id=1051091
[ 12 ] Bug #1053186 - "retrace-server-interact <taskid> crash" should
not try to detect the kernel version but should obtain it from a saved location
https://bugzilla.redhat.com/show_bug.cgi?id=1053186
[ 13 ] Bug #1054509 - If the user specifies a "Custom core location", Retrace
skips the "Start Task" confirmation page
https://bugzilla.redhat.com/show_bug.cgi?id=1054509
[ 14 ] Bug #1059376 - Submitting a local file vmcore with 'custom core location'
may stay at "Post-processing downloaded file"
https://bugzilla.redhat.com/show_bug.cgi?id=1059376
[ 15 ] Bug #1067188 - retrace-server should only run makedumpfile with dump_level which
is different from the server generating the vmcore
https://bugzilla.redhat.com/show_bug.cgi?id=1067188
--------------------------------------------------------------------------------
================================================================================
tor-0.2.4.23-1.el6 (FEDORA-EPEL-2014-2088)
Anonymizing overlay network for TCP (The onion router)
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-5117
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 31 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.2.4.23-1
- update to upstream release 0.2.4.23
- CVE-2014-5117: potential for traffic-confirmation attacks
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1124964 - CVE-2014-5117 tor: potential for traffic-confirmation attacks
https://bugzilla.redhat.com/show_bug.cgi?id=1124964
--------------------------------------------------------------------------------