The following Fedora EPEL 6 Security updates need testing:
Age URL
277
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0112/ettercap-0....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0174/tinymce-spe...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0193/couchdb-1.0...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0194/seamonkey-2...
19
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0018/drupal7-con...
53
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13610/drupal6-ct...
199
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3...
465
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gri...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0081/nagios-3.4....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0123/python-tw2-...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0106/moodle-2.1....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0128/php-symfony...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0157/proftpd-1.3...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0144/zabbix-1.8....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0170/asterisk-1....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0141/drupal7-7.1...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0155/zabbix20-2....
The following builds have been pushed to Fedora EPEL 6 updates-testing
canl-c-2.0.3-1.el6
couchdb-1.0.4-2.el6
fedmsg-0.6.6-1.el6
ghc-rpm-macros-0.15.11-1.el6
ghc-xmonad-contrib-0.10-7.el6
libguac-client-rdp-0.7.2-1.el6
libguac-client-vnc-0.7.0-2.el6
mozilla-https-everywhere-3.1.3-1.el6
nordugrid-arc-2.0.1-2.el6
packagedb-cli-1.3.0-1.el6
php-PsrLog-1.0.0-2.el6
php-Raven-0.4.0-2.el6
python-cliff-1.3-1.el6
python-fedora-0.3.31-1.el6
python-pkgwat-api-0.5-1.el6
seamonkey-2.15.1-1.el6
tinymce-spellchecker-2.0.5-6.el6
ucarp-1.5.2-7.el6
weechat-0.4.0-2.el6
whatsup-1.14-1.el6
xmonad-0.10-3.4.2.el6
Details about builds:
================================================================================
canl-c-2.0.3-1.el6 (FEDORA-EPEL-2013-0190)
EMI Common Authentication library - bindings for C
--------------------------------------------------------------------------------
Update Information:
This is the C part of the EMI caNl -- the Common Authentication Library.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #867368 - Review Request: canl-c - Common Authentication Library for C
https://bugzilla.redhat.com/show_bug.cgi?id=867368
--------------------------------------------------------------------------------
================================================================================
couchdb-1.0.4-2.el6 (FEDORA-EPEL-2013-0193)
A document database server, accessible via a RESTful JSON API
--------------------------------------------------------------------------------
Update Information:
* Ver. 1.0.4 (security release)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 23 2013 Peter Lemenkov <lemenkov(a)gmail.com> - 1.0.4-2
- Fix for EPEL 5 (Erlang R12B)
* Wed Jan 23 2013 Peter Lemenkov <lemenkov(a)gmail.com> - 1.0.4-1
- Ver. 1.0.4
- Fixes CVE-2012-5649, CVE-2012-5650
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #784792 - Request: update CouchDB to 1.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=784792
[ 2 ] Bug #895599 - CVE-2012-5649 CVE-2012-5650 couchdb various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=895599
--------------------------------------------------------------------------------
================================================================================
fedmsg-0.6.6-1.el6 (FEDORA-EPEL-2013-0129)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 21 2013 Ralph Bean <rbean(a)redhat.com> - 0.6.6-1
- Typofix.
- Support loading remote CA cert for end-user message validation.
* Mon Jan 21 2013 Ralph Bean <rbean(a)redhat.com> - 0.6.5-1
- Latest upstream
- Fix JSON encoding between php and python
- Stop fedmsg-tweet from falling over.
- Improved logging.
- Improved crl cache location; don't keep it in /tmp/
- Fix a crl permissions issue with fedmsg-tail.
- Remove duplicate help strings for commands.
- Added systemd service files.
- Multiple outbound relay endpoints are now possible.
- Removed old chkconfig statements.
* Fri Dec 7 2012 Ralph Bean <rbean(a)redhat.com> - 0.6.3-2
- Removed a file that shouldn't have been included.
--------------------------------------------------------------------------------
================================================================================
ghc-rpm-macros-0.15.11-1.el6 (FEDORA-EPEL-2013-0140)
Macros for building packages for GHC
--------------------------------------------------------------------------------
Update Information:
- fix ownership of package library dir
- add cabal-tweak-flag script
- new %ghc_fix_dynamic_rpath
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Jens Petersen <petersen(a)redhat.com> - 0.15.11-1
- simplify cabal-tweak-flag script to take one flag value
- new ghc_fix_dynamic_rpath macro for cleaning up package executables
linked against their own libraries
* Sat Jan 19 2013 Jens Petersen <petersen(a)redhat.com> - 0.15.10-1
- be more careful about library pkgdir ownership (#893777)
- add cabal-tweak-flag script for toggling flag default
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #893777 - duplicate directory between ghc-base and ghc-base-devel
https://bugzilla.redhat.com/show_bug.cgi?id=893777
--------------------------------------------------------------------------------
================================================================================
ghc-xmonad-contrib-0.10-7.el6 (FEDORA-EPEL-2013-0176)
Third party extensions for xmonad
--------------------------------------------------------------------------------
Update Information:
Backport current Fedora changes
- fix input focus issue with Java applications
- backport xmonad-basic subpackage
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 17 2012 Jens Petersen <petersen(a)redhat.com> - 0.10-7
- add ICCCMFocus patch from upstream for WM_TAKE_FOCUS move to core (#874855)
- use a patch for use_xft flag
- condition X11-1.6 patch to fedora >= 18
- update packaging with cabal-rpm
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.10-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #874855 - xmonad does not follow ICCCM and ignores WM_TAKE_FOCUS protocol
https://bugzilla.redhat.com/show_bug.cgi?id=874855
--------------------------------------------------------------------------------
================================================================================
libguac-client-rdp-0.7.2-1.el6 (FEDORA-EPEL-2013-0172)
RDP support for guacd
--------------------------------------------------------------------------------
Update Information:
Guacamole stack 0.7.2 update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Simone Caronni <negativo17(a)gmail.com> - 0.7.2-1
- Updated to 0.7.2, still requires libguac 0.7.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #853922 - Review Request: guacamole - The main Guacamole web application
https://bugzilla.redhat.com/show_bug.cgi?id=853922
--------------------------------------------------------------------------------
================================================================================
libguac-client-vnc-0.7.0-2.el6 (FEDORA-EPEL-2013-0172)
VNC support for guacd
--------------------------------------------------------------------------------
Update Information:
Guacamole stack 0.7.2 update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Simone Caronni <negativo17(a)gmail.com> - 0.7.0-2
- Require libguac 0.7.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #853922 - Review Request: guacamole - The main Guacamole web application
https://bugzilla.redhat.com/show_bug.cgi?id=853922
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-3.1.3-1.el6 (FEDORA-EPEL-2013-0180)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s
and product images), Libav, Google Maps, UserEcho
https://trac.torproject.org/projects/tor/ticket/7931
https://trac.torproject.org/projects/tor/ticket/7888
https://trac.torproject.org/projects/tor/ticket/7594
https://trac.torproject.org/projects/tor/ticket/7539
https://trac.torproject.org/projects/tor/ticket/7698
Disable broken: Coursera, EBay, Etsy, OpenOffice,
Ping.fm, Pinterest :(
https://trac.torproject.org/projects/tor/ticket/7336
https://trac.torproject.org/projects/tor/ticket/7825
https://trac.torproject.org/projects/tor/ticket/7774
https://trac.torproject.org/projects/tor/ticket/7695
https://trac.torproject.org/projects/tor/ticket/7777
https://trac.torproject.org/projects/tor/ticket/7865
Update cert whitelist
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 21 2013 Russell Golden <niveusluna(a)niveusluna.org> - 3.1.3-1
- Internet Freedom Day stable bugfix release
- Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav,
Google Maps, UserEcho
https://trac.torproject.org/projects/tor/ticket/7931
https://trac.torproject.org/projects/tor/ticket/7888
https://trac.torproject.org/projects/tor/ticket/7594
https://trac.torproject.org/projects/tor/ticket/7539
https://trac.torproject.org/projects/tor/ticket/7698
- Disable broken: Coursera, EBay, Etsy, OpenOffice, Ping.fm, Pinterest :(
https://trac.torproject.org/projects/tor/ticket/7336
https://trac.torproject.org/projects/tor/ticket/7825
https://trac.torproject.org/projects/tor/ticket/7774
https://trac.torproject.org/projects/tor/ticket/7695
https://trac.torproject.org/projects/tor/ticket/7777
https://trac.torproject.org/projects/tor/ticket/7865
- Update cert whitelist
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-2.0.1-2.el6 (FEDORA-EPEL-2013-0192)
Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:
SE Linux fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 23 2013 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 2.0.1-2
- Additional selinux contexts
- Fix for python wrappers using swig 2.0.9
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-1.3.0-1.el6 (FEDORA-EPEL-2013-0182)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.0 which provides some bugs fix including one for the use of the
'all' keyword for the branch.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #887950 - packagedb-cli: silently fails to change ACLs
https://bugzilla.redhat.com/show_bug.cgi?id=887950
--------------------------------------------------------------------------------
================================================================================
php-PsrLog-1.0.0-2.el6 (FEDORA-EPEL-2013-0185)
Common interface for logging libraries
--------------------------------------------------------------------------------
Update Information:
This package holds all interfaces/classes/traits related to PSR-3
(
https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-3-logge...).
Note that this is not a logger of its own. It is merely an interface that
describes a logger. See the specification for more details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #894167 - Review Request: php-PsrLog - Common interface for logging libraries
https://bugzilla.redhat.com/show_bug.cgi?id=894167
--------------------------------------------------------------------------------
================================================================================
php-Raven-0.4.0-2.el6 (FEDORA-EPEL-2013-0177)
A PHP client for Sentry
--------------------------------------------------------------------------------
Update Information:
A PHP client for Sentry (
http://getsentry.com).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #901742 - Review Request: php-Raven - A PHP client for Sentry
https://bugzilla.redhat.com/show_bug.cgi?id=901742
--------------------------------------------------------------------------------
================================================================================
python-cliff-1.3-1.el6 (FEDORA-EPEL-2013-0186)
Command Line Interface Formulation Framework
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Ralph Bean <rbean(a)redhat.com> - 1.3-1
- Latest upstream.
- Enabled python3 subpackage.
- Remove requirement on python-tablib
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #902707 - auto-creation of pkgwat.log
https://bugzilla.redhat.com/show_bug.cgi?id=902707
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.3.31-1.el6 (FEDORA-EPEL-2013-0175)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
* Fixes a problem with soprovidercsrf if the database doesn't set an encoding
* Fixes an issue with the login templates if the template is being translated.
* Added a lookup_email parameter to fedora.client.AccountSystem.gravatar_url()
to allow generating gravaar urls without looking up email addresses in fas.
* Fixed a bug in fedora.tg.utils.tg_absolute_url() where it was still appending
the csrf_token.
* Add an auth adapter for flask web apps to authenticate to FAS
* New minimum version of python: requires python-2.5 or higher
* Fix localization of login templates (laxathom)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.31-1
- Minor bugfix release
* Thu Jan 10 2013 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.30-1
- Make TG's loginForm and CSRF's text translated from tg-apps (laxathom).
- Fix a bug in fedora.tg.utils.tg_absolute_url
- Add a lookup email parameter to gravatar lookups
- Add an auth provider for flask
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3.29-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-pkgwat-api-0.5-1.el6 (FEDORA-EPEL-2013-0189)
Python API for querying the fedora packages webapp
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
Latest upstream with support for newer python-requests.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Ralph Bean <rbean(a)redhat.com> - 0.5-1
- Latest upstream; Fix to the karma formatting.
* Wed Jan 16 2013 Ralph Bean <rbean(a)redhat.com> - 0.4-1
- Latest upstream with support for newer python-requests.
* Sat Aug 4 2012 David Malcolm <dmalcolm(a)redhat.com> - 0.3-5
- rebuild for
https://fedoraproject.org/wiki/Features/Python_3.3
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #902714 - mangled releases output
https://bugzilla.redhat.com/show_bug.cgi?id=902714
--------------------------------------------------------------------------------
================================================================================
seamonkey-2.15.1-1.el6 (FEDORA-EPEL-2013-0194)
Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.15.1
Update to 2.15
Fixes CVE-2013-0743, CVE-2013-{0744-0760},
CVE-2013-0762, CVE-2013-0764, CVE-2013-{0766-0770}
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 21 2013 Dmitry Butskoy <Dmitry(a)Butskoy.name> 2.15.1-1
- update to 2.15.1
- add fix for #304121 (derived from Xulrunner)
* Wed Jan 9 2013 Dmitry Butskoy <Dmitry(a)Butskoy.name> 2.15-1
- update to 2.15
- disable WebRTC support until nss >= 3.14 appear in RHEL6
- fix build with RHEL6 system nss-3.13.5 (actually cosmetic things was changed)
- fix build with RHEL6 libjpeg library (just use some little old stuff from 3.14.1)
- don't try to change global user settings for default browser/mail etc.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #902244 - seamonkey-2.15.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=902244
[ 2 ] Bug #893717 - seamonkey-2.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=893717
--------------------------------------------------------------------------------
================================================================================
tinymce-spellchecker-2.0.5-6.el6 (FEDORA-EPEL-2013-0174)
TinyMCE spellchecker plugin
--------------------------------------------------------------------------------
Update Information:
backport security fix for CVE-2012-6112
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Matthias Runge <mrunge(a)redhat.com> - 2.0.5-6
- fix CVE-2012-6112
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #902726 - CVE-2012-6112 tinymce-spellchecker (Google Spellchecker): Control
characters not sanitized properly from $lang and $str arguments in _getMatches
https://bugzilla.redhat.com/show_bug.cgi?id=902726
--------------------------------------------------------------------------------
================================================================================
ucarp-1.5.2-7.el6 (FEDORA-EPEL-2013-0188)
Common Address Redundancy Protocol (CARP) for Unix
--------------------------------------------------------------------------------
Update Information:
Remove MASTER from init script.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 23 2013 Jon Ciesla <limburgher(a)gmail.com> - 1.5.2-7
- Dropped MASTER from init, BZ 896576.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896576 - New init.d ucarp script wrong setting advskew=1 to all nodes if no
MASTER variable set.
https://bugzilla.redhat.com/show_bug.cgi?id=896576
--------------------------------------------------------------------------------
================================================================================
weechat-0.4.0-2.el6 (FEDORA-EPEL-2013-0178)
Portable, fast, light and extensible IRC client
--------------------------------------------------------------------------------
Update Information:
Reimplement enchant patch, with new support for spelling suggestions
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.4.0-2
- reimplement enchant support as a separate patch
- implement additional enchant support for displaying spelling suggestions
in weechat_aspell_get_suggestions(), which is a new function introduced by
upstream in 0.4.0
* Mon Jan 21 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.4.0-1
- update to upstream release 0.4.0
- add CMAKE options (DPREFIX and DLIBDIR) which negate the need to patch
- remove enchant patches to keep close to upstream
--------------------------------------------------------------------------------
================================================================================
whatsup-1.14-1.el6 (FEDORA-EPEL-2013-0181)
Node up/down detection utility
--------------------------------------------------------------------------------
Update Information:
This is an upstream version bump.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 21 2013 David Brown <david.brown(a)pnnl.gov> - 1.14-1
- New upstream version of whatsup
- added libtool-ltdl-devel build deps
- added genders build deps and sub packages
* Mon Sep 10 2012 David Brown <david.brown(a)pnnl.gov> - 1.13-6
- get the damn macro right for postun
* Mon Sep 10 2012 David Brown <david.brown(a)pnnl.gov> - 1.13-5
- add systemd macros to post postun preun
--------------------------------------------------------------------------------
================================================================================
xmonad-0.10-3.4.2.el6 (FEDORA-EPEL-2013-0176)
A tiling window manager
--------------------------------------------------------------------------------
Update Information:
Backport current Fedora changes
- fix input focus issue with Java applications
- backport xmonad-basic subpackage
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Jens Petersen <petersen(a)redhat.com> - 0.10-3.4.2
- xmonad-gnome now requires gnome-panel and gnome-settings-daemon to start
- add upstream patches for ICCCM WM_TAKE_FOCUS protocol and
tracking currently processing event to fix focus for Java apps:
see
http://code.google.com/p/xmonad/issues/detail?id=177 (#874855)
- update to cabal-rpm packaging
- change prof BRs to devel
- allow building with X11-1.6
- backport xmonad-basic subpackaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #874855 - xmonad does not follow ICCCM and ignores WM_TAKE_FOCUS protocol
https://bugzilla.redhat.com/show_bug.cgi?id=874855
--------------------------------------------------------------------------------