The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/xml-security-c-1.6.0-2.el6
https://admin.fedoraproject.org/updates/bugzilla-3.4.11-1.el6
https://admin.fedoraproject.org/updates/rt3-3.8.10-2.el6.1
https://admin.fedoraproject.org/updates/cgit-0.9.0.2-2.el6
https://admin.fedoraproject.org/updates/squirrelmail-1.4.22-2.el6
https://admin.fedoraproject.org/updates/ejabberd-2.1.8-2.el6
https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
RackTables-0.19.6-1.el6
RackTables-0.19.6-2.el6
botan-1.8.13-2.el6
cgit-0.9.0.2-2.el6
cronolog-1.6.2-10.el6
etckeeper-0.56-1.el6
exo-0.6.2-2.el6
i3-3.e-6.bf2.el6
libev-4.03-3.el6
perl-Net-FTP-AutoReconnect-0.3-3.el6
perl-Net-FTP-RetrHandle-0.2-3.el6
perl-Package-Stash-0.30-1.el6
perl-Package-Stash-XS-0.22-1.el6
php-PHPMailer-5.1-4.el6
phpldapadmin-1.2.1.1-1.el6
python-html5lib-0.90-1.el6
python-kombu-1.1.3-1.el6
rubygem-aws-sdk-1.0.1-1.el6
shorewall-4.4.21.1-3.el6
tnef-1.4.8-4.el6
zanata-python-client-1.2.6-1.el6
Details about builds:
================================================================================
RackTables-0.19.6-1.el6 (FEDORA-EPEL-2011-3893)
A data-center asset management system
--------------------------------------------------------------------------------
Update Information:
Rebase to v0.19.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 20 2011 Colin Coe <colin.coe(a)gmail.com> - 0.19.6-1
- Rebase to v0.19.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #718970 - RackTables-0.19.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=718970
--------------------------------------------------------------------------------
================================================================================
RackTables-0.19.6-2.el6 (FEDORA-EPEL-2011-3902)
A data-center asset management system
--------------------------------------------------------------------------------
Update Information:
Preserve secret.php across updates
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2011 Colin Coe <colin.coe(a)gmail.com> - 0.19.6-2
- Stop blatting secret.php if it exists
* Wed Jul 20 2011 Colin Coe <colin.coe(a)gmail.com> - 0.19.6-1
- Rebase to v0.19.6
--------------------------------------------------------------------------------
================================================================================
botan-1.8.13-2.el6 (FEDORA-EPEL-2011-3889)
Crypto library written in C++
--------------------------------------------------------------------------------
Update Information:
Botan 1.8.13 has been released with a fix for a recently discovered bug that could cause
crashes in multithreaded code.
A full description of the problem can be found on the mailing list:
http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html
Update to the latest version of the 1.8 series, 1.8.12.
Relevant items from the upstream changelog:
* If EMSA3(Raw) was used for more than one signature, it would produce incorrect output.
* Fix a memory leak in the constructors of DataSource_Stream and DataSink_Stream which
would occur if opening the file failed. PR 144
See
http://botan.randombit.net/log.html#version-1-8-12-2011-06-20.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 21 2011 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.8.13-2
- Patch to revert the soname change.
* Wed Jul 20 2011 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.8.13-1
- Update to 1.8.13.
* Sat Jul 2 2011 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.8.12-1
- Update to 1.8.12.
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.8.11-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
cgit-0.9.0.2-2.el6 (FEDORA-EPEL-2011-3900)
A fast web interface for git
--------------------------------------------------------------------------------
Update Information:
This update fixes a potential XSS vulnerability¹. A malicious user would need push access
to the git server in order to exploit this issue. Refer to the cgit mailing list for:
Numerous minor bugs are also fixed. For details, refer to the upstream release
announcements for 0.9.0.1² and 0.9.0.2³.
¹
http://hjemli.net/pipermail/cgit/2011-July/000276.html
²
http://hjemli.net/pipermail/cgit/2011-June/000183.html
³
http://hjemli.net/pipermail/cgit/2011-July/000273.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2011 Todd Zullinger <tmz(a)pobox.com> - 0.9.0.2-2
- Fix potential XSS vulnerability in rename hint
* Thu Jul 21 2011 Todd Zullinger <tmz(a)pobox.com> - 0.9.0.2-1
- Update to 0.9.0.2
--------------------------------------------------------------------------------
================================================================================
cronolog-1.6.2-10.el6 (FEDORA-EPEL-2011-3899)
Web log rotation program for Apache
--------------------------------------------------------------------------------
Update Information:
EPEL 6 release. \n cronolog is a simple filter program that reads log file entries from
standard input and writes each entry to the output file specified by a filename template
and the current date and time. When the expanded filename changes, the current file is
closed and a new one opened. cronolog is intended to be used in conjunction with a Web
server, such as Apache, to split the access log into daily or monthly logs.
--------------------------------------------------------------------------------
================================================================================
etckeeper-0.56-1.el6 (FEDORA-EPEL-2011-3890)
Store /etc in a SCM system (git, mercurial, bzr or darcs)
--------------------------------------------------------------------------------
Update Information:
Update to 0.56, a bugfix version. Relevant items from the upstream changelog:
* Handle files with % in their names.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 21 2011 Thomas Moschny <thomas.moschny(a)gmx.de> - 0.56-1
- Update to 0.56.
--------------------------------------------------------------------------------
================================================================================
exo-0.6.2-2.el6 (FEDORA-EPEL-2011-3891)
Application library for the Xfce desktop environment
--------------------------------------------------------------------------------
Update Information:
- Don't run gio-querymodules on post in EL6
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 21 2011 Orion Poplawski <orion(a)cora.nwra.com> - 0.6.2-2
- Don't run gio-quuerymodules on post in EL6 (bug #722335)
* Fri Jun 10 2011 Christoph Wickert <cwickert(a)fedoraproject.org> - 0.6.2-1
- Update to 0.6.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #722335 - postinstall script uses unavailable binary gio-querymodules-32
https://bugzilla.redhat.com/show_bug.cgi?id=722335
--------------------------------------------------------------------------------
================================================================================
i3-3.e-6.bf2.el6 (FEDORA-EPEL-2011-3897)
Improved tiling window manager
--------------------------------------------------------------------------------
Update Information:
Update libev (now: 4.03 before: 3.80)
Rebuild i3 against new libev
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 21 2011 Simon Wesp <cassmodiah(a)fedoraproject.org> - 3.e-6.bf2
- rebuild against newest libev
* Wed Jan 19 2011 Simon Wesp <cassmodiah(a)fedoraproject.org> - 3.e-5.bf2
- New upstream release
* Tue Jan 11 2011 Simon Wesp <cassmodiah(a)fedoraproject.org> - 3.e-4.bf1
- rebuild against newest libev
--------------------------------------------------------------------------------
================================================================================
libev-4.03-3.el6 (FEDORA-EPEL-2011-3897)
High-performance event loop/event model with lots of features
--------------------------------------------------------------------------------
Update Information:
Update libev (now: 4.03 before: 3.80)
Rebuild i3 against new libev
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 16 2011 Simon Wesp <cassmodiah(a)fedoraproject.org> - 4.03-3
- Imported from F15
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.03-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Feb 5 2011 Michal Nowak <mnowak(a)redhat.com> - 4.03-1
- 4.03; RHBZ#674022
- add a -source subpackage (Mathieu Bridon); RHBZ#672153
* Mon Jan 10 2011 Michal Nowak <mnowak(a)redhat.com> - 4.01-1
- 4.01
- fix grammar in %description
* Sat Jan 2 2010 Michal Nowak <mnowak(a)redhat.com> - 3.90-1
- 3.9
--------------------------------------------------------------------------------
================================================================================
perl-Net-FTP-AutoReconnect-0.3-3.el6 (FEDORA-EPEL-2011-3878)
FTP client class with automatic reconnect on failure
--------------------------------------------------------------------------------
Update Information:
This is a FTP client class with automatic reconnect on failure.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #720085 - Review Request: perl-Net-FTP-AutoReconnect - FTP client class with
automatic reconnect on failure
https://bugzilla.redhat.com/show_bug.cgi?id=720085
--------------------------------------------------------------------------------
================================================================================
perl-Net-FTP-RetrHandle-0.2-3.el6 (FEDORA-EPEL-2011-3898)
Provides a file reading interface for reading files on a remote FTP server
--------------------------------------------------------------------------------
Update Information:
Support for skipping the beginning of the file is implemented with the FTP REST
command, which starts a retrieval at any point in the file. Support for
skipping the end of the file is implemented with the FTP ABOR command, which
stops the transfer. With these two commands and some careful tracking of the
current file position, we're able to reliably emulate a seek/read pair, and get
only the parts of the file that are actually read.
This was originally designed for use with Archive::Zip; it's reliable enough
that the table of contents and individual files can be extracted from a remote
ZIP archive without downloading the whole thing.
An interface compatible with IO::Handle is provided, along with a tie-based
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #720086 - Review Request: perl-Net-FTP-RetrHandle - Provides a file reading
interface for reading files on a remote FTP server
https://bugzilla.redhat.com/show_bug.cgi?id=720086
--------------------------------------------------------------------------------
================================================================================
perl-Package-Stash-0.30-1.el6 (FEDORA-EPEL-2011-3894)
Routines for manipulating stashes
--------------------------------------------------------------------------------
Update Information:
This update fixes various namespace cache issues.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 21 2011 Paul Howarth <paul(a)city-fan.org> - 0.30-1
- Update to 0.30
- Fix compiler detection in Makefile.PL
- Update patch for old ExtUtils::MakeMaker versions
- Drop usage of macros for commands
- Drop redundant %{?perl_default_filter}
- perl(Pod::Coverage::TrustPod) now available everywhere
* Tue Jul 19 2011 Petr Sabata <contyk(a)redhat.com> - 0.29-2
- Perl mass rebuild
* Wed Apr 6 2011 Paul Howarth <paul(a)city-fan.org> - 0.29-1
- Update to 0.29
- Really skip the package-stash-conflict script in the compile test
* Wed Mar 30 2011 Paul Howarth <paul(a)city-fan.org> - 0.28-1
- Update to 0.28
- META.json fixes
- Update patch for old ExtUtils::MakeMaker versions to apply cleanly
* Mon Mar 28 2011 Paul Howarth <paul(a)city-fan.org> - 0.27-1
- Update to 0.27
- Skip the package-stash-conflicts script in the compile test
* Sat Mar 5 2011 Paul Howarth <paul(a)city-fan.org> - 0.26-1
- Update to 0.26
- Make the namespace cache lazy and weak, in case the stash is deleted
- However, this doesn't work on 5.8, so disable the namespace caching
entirely there
- Update patches to apply cleanly
- Bump perl(Package::Stash::XS) version requirement to 0.22
- Bump perl(Dist::CheckConflicts) version requirement to 0.02
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.25-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Jan 25 2011 Paul Howarth <paul(a)city-fan.org> - 0.25-1
- Update to 0.25 (make the leak tests author-only, since some smokers run
release tests)
- Update patches to apply cleanly
- Bump perl(Package::Stash::XS) version requirement to 0.21
- Drop buildreq perl(Test::Exception), no longer needed
--------------------------------------------------------------------------------
================================================================================
perl-Package-Stash-XS-0.22-1.el6 (FEDORA-EPEL-2011-3894)
Faster and more correct implementation of the Package::Stash API
--------------------------------------------------------------------------------
Update Information:
This update fixes various namespace cache issues.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 5 2011 Paul Howarth <paul(a)city-fan.org> - 0.22-1
- Update to 0.22
- Make the namespace cache lazy and weak, in case the stash is deleted
- However, this doesn't work on 5.8, so disable the namespace caching
entirely there
- Update patches to apply cleanly
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.21-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Jan 25 2011 Paul Howarth <paul(a)city-fan.org> - 0.21-1
- Update to 0.21
- Make the leak tests author-only, since some smokers run release tests
- Fix some XS forward compat stuff
- Update patches to apply cleanly
--------------------------------------------------------------------------------
================================================================================
php-PHPMailer-5.1-4.el6 (FEDORA-EPEL-2011-3879)
PHP email transport class with a lot of features
--------------------------------------------------------------------------------
Update Information:
Fixes a bug that prevented sending signed e-mails.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 21 2011 Remi Collet <remi(a)fedoraproject.org> 5.1-4.el6
- latest change from rawhide (sign patch)
* Mon Jul 18 2011 Patrick Monnerat <pm(a)datasphere.ch> 5.1-4
- Patch "sign" to fix mail signing.
https://sourceforge.net/tracker/?func=detail&aid=3370322&group_id...
--------------------------------------------------------------------------------
================================================================================
phpldapadmin-1.2.1.1-1.el6 (FEDORA-EPEL-2011-3885)
Web-based tool for managing LDAP servers
--------------------------------------------------------------------------------
Update Information:
update to latest version 1.2.1.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2011 Dmitry Butskoy <Dmitry(a)Butskoy.name> - 1.2.1.1-1
- update to 1.2.1.1
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.2.0.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Sep 23 2010 Dmitry Butskoy <Dmitry(a)Butskoy.name> - 1.2.0.5-2
- add patches from Patrick Monnerat <pm(a)datasphere.ch>:
* fix typo (close comment) in config file (#628067)
* avoid php-5.3 deprecation errors (#628061)
* fix add of parent class attributes (#628060)
--------------------------------------------------------------------------------
================================================================================
python-html5lib-0.90-1.el6 (FEDORA-EPEL-2011-3901)
A python based HTML parser/tokenizer
--------------------------------------------------------------------------------
Update Information:
A python based HTML parser/tokenizer
--------------------------------------------------------------------------------
================================================================================
python-kombu-1.1.3-1.el6 (FEDORA-EPEL-2011-3892)
AMQP Messaging Framework for Python
--------------------------------------------------------------------------------
Update Information:
AMQP is the Advanced Message Queuing Protocol, an open standard protocol for message
orientation, queuing, routing, reliability and security.
One of the most popular implementations of AMQP is RabbitMQ.
The aim of Kombu is to make messaging in Python as easy as possible by providing an
idiomatic high-level interface for the AMQP protocol, and also provide proven and tested
solutions to common messaging problems.
--------------------------------------------------------------------------------
================================================================================
rubygem-aws-sdk-1.0.1-1.el6 (FEDORA-EPEL-2011-3886)
AWS SDK for Ruby
--------------------------------------------------------------------------------
Update Information:
New package: rubygem-aws-sdk - AWS SDK for Ruby
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #723472 - Review Request: rubygem-aws-sdk - AWS SDK for Ruby
https://bugzilla.redhat.com/show_bug.cgi?id=723472
--------------------------------------------------------------------------------
================================================================================
shorewall-4.4.21.1-3.el6 (FEDORA-EPEL-2011-3882)
An iptables front end for firewall configuration
--------------------------------------------------------------------------------
Update Information:
Release notes:
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.21/releasenotes...
New upstream bugfix version. Release notes:
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.17/releasenotes...
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 21 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.21-3
- Properly use PERLLIB environment variable for installation of the perl libraries
* Thu Jul 21 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.21-2
- Fix Source URL versioning in spec file
* Thu Jul 21 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.21-1
- Update to 4.4.21.1
- Fix BZ 720713 (incorrect init file LSB headers)
* Wed May 25 2011 Orion Poplawski <orion(a)cora.nwra.com> - 4.4.19.4-1
- Update to 4.4.19.4
* Sat Mar 5 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.17-2
- Add executable permission to getparams
* Mon Feb 14 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.17-1
- Update to 4.4.17
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #720713 - Copy-and-paste error in /etc/rc.d/init.d/shorewall6
https://bugzilla.redhat.com/show_bug.cgi?id=720713
[ 2 ] Bug #654787 - shorewall-4.4.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=654787
--------------------------------------------------------------------------------
================================================================================
tnef-1.4.8-4.el6 (FEDORA-EPEL-2011-3888)
Extract files from email attachments like WINMAIL.DAT
--------------------------------------------------------------------------------
Update Information:
Initial packaging of TNEF in Fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #522920 - Review Request: tnef - Extract files from email attachments like
winmail.dat
https://bugzilla.redhat.com/show_bug.cgi?id=522920
--------------------------------------------------------------------------------
================================================================================
zanata-python-client-1.2.6-1.el6 (FEDORA-EPEL-2011-3877)
Python Client for Zanata Server
--------------------------------------------------------------------------------
Update Information:
Fix bugs and improve usability
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 20 2011 James Ni <jni(a)redhat.com> - 1.2.6-1
- Change to version 1.2.6
* Thu Jun 2 2011 James Ni <jni(a)redhat.com> - 1.2.5-3
- Fix error of onditionals of RHEL5
* Thu Jun 2 2011 James Ni <jni(a)redhat.com> - 1.2.5-2
- Add python-simplejson requires for RHEL5
* Wed Jun 1 2011 James Ni <jni(a)redhat.com> - 1.2.5-1
- Bug fix and usability improvement
--------------------------------------------------------------------------------