The following Fedora EPEL 6 Security updates need testing:
Age URL
710
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
57
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
52
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-clien...
42
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
17
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0846/mediawiki11...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0888/v8-3.14.5.1...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0889/moodle-2.4....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0938/seamonkey-2...
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0980/perl-YAML-L...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0996/munin-2.0.2...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0990/libyaml-0.1...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1011/php-ZendFra...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1020/php-ZendFra...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1039/mod_securit...
The following builds have been pushed to Fedora EPEL 6 updates-testing
duply-1.7.1-1.el6
iperf3-3.0.3-2.el6
mod_security-2.7.3-3.el6
nodejs-jade-1.3.0-3.el6
nodejs-supertest-0.9.0-1.el6
opendnssec-1.4.4-3.el6
pen-0.22.0-1.el6
python-fedmsg-genacls-0.2-1.el6
uglify-js-2.4.13-3.el6
xvkbd-3.5-1.el6
Details about builds:
================================================================================
duply-1.7.1-1.el6 (FEDORA-EPEL-2014-0933)
Wrapper for duplicity
--------------------------------------------------------------------------------
Update Information:
Update to the latest released version.
Changes in version 1.7.0:
- disabled gpg key id plausibility check, too many valid possibilities
- featreq 7 "Halt if precondition fails": added and(+), or(-) batch
command(separator) support
- featreq 26 "pre/post script with shebang line": if a script is flagged
executable it's executed in a subshell now as opposed to sourced to bash, which is the
default
- bugfix: do not check if dpbx, swift credentials are set anymore
- bugfix: properly escape profile name, archdir if used as arguments
- add DUPL_PRECMD conf setting for use with e.g. trickle
Changes in version 1.7.1:
- bugfix: purge-* commands renamed to purgeFull, purgeIncr due to incompatibility with
new minus batch separator
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.7.1-1
- Update to 1.7.1
- Update %description.
* Fri Mar 21 2014 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.7.0-1
- Update to 1.7.0.
--------------------------------------------------------------------------------
================================================================================
iperf3-3.0.3-2.el6 (FEDORA-EPEL-2014-1037)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:
Moved static library to devel section
Update to 3.0.3 and added devel rpm support
Update to 3.0.3 and added devel rpm support
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2014 Susant Sahani <ssahani(a)redhat.com> 3.0.3-2
- Moved static library to devel section only .
* Sun Mar 30 2014 Susant Sahani <ssahani(a)redhat.com> 3.0.3-1
- Update to 3.0.3 and added devel rpm support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1081486 - iperf3-3.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1081486
--------------------------------------------------------------------------------
================================================================================
mod_security-2.7.3-3.el6 (FEDORA-EPEL-2014-1039)
Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
Fix Chunked string case sensitive issue (CVE-2013-5705, RHBZ #1082904 #1082905 #1082906)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Athmane Madjoudj <athmane(a)fedoraproject.org> 2.7.3-3
- Fix Chunked string case sensitive issue (CVE-2013-5705, RHBZ #1082904 #1082905
#1082906)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1082904 - CVE-2013-5705 mod_security: bypass of intended rules via chunked
requests
https://bugzilla.redhat.com/show_bug.cgi?id=1082904
--------------------------------------------------------------------------------
================================================================================
nodejs-jade-1.3.0-3.el6 (FEDORA-EPEL-2014-1035)
Jade template engine for Node.js
--------------------------------------------------------------------------------
Update Information:
introduce symlink to /usr/bin/jade-nodejs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1.3.0-3
- include _bindir/jade-nodejs
* Sat Mar 15 2014 <jamielinux(a)fedoraproject.org> - 1.3.0-2
- temporarily disable tests due to circular dependency
* Mon Mar 3 2014 <jamielinux(a)fedoraproject.org> - 1.3.0-1
- update to upstream release 1.3.0
* Sun Mar 2 2014 <jamielinux(a)fedoraproject.org> - 1.2.0-1
- update to upstream release 1.2.0
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.28.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1082964 - no commandline jade
https://bugzilla.redhat.com/show_bug.cgi?id=1082964
--------------------------------------------------------------------------------
================================================================================
nodejs-supertest-0.9.0-1.el6 (FEDORA-EPEL-2014-1042)
A superagent driven library for testing HTTP servers
--------------------------------------------------------------------------------
Update Information:
initial package
--------------------------------------------------------------------------------
================================================================================
opendnssec-1.4.4-3.el6 (FEDORA-EPEL-2014-1033)
DNSSEC key and zone management software
--------------------------------------------------------------------------------
Update Information:
Add buildrequires for ods-kasp2html (rhbz#1073313), bump ZSK to 2048bits
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Paul Wouters <pwouters(a)redhat.com> - 1.4.4-3
- Add buildrequires for ods-kasp2html (rhbz#1073313)
* Fri Mar 28 2014 Paul Wouters <pwouters(a)redhat.com> - 1.4.4-2
- Add requires for ods-kasp2html (rhbz#1073313)
- Updated to 1.4.4 (rhbz#1080862)
(compatibility with non RFC 5155 errata 3441 implementations)
- Change the default ZSK policy from 1024 to 2048 bit RSA keys
- Fix post to be quiet when upgrading opendnssec
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1073313 - libxslt is missing in Requires and BuildRequires
https://bugzilla.redhat.com/show_bug.cgi?id=1073313
--------------------------------------------------------------------------------
================================================================================
pen-0.22.0-1.el6 (FEDORA-EPEL-2014-1038)
Load balancer for "simple" tcp based protocols such as http or smtp
--------------------------------------------------------------------------------
Update Information:
140331
* Updated pen manpage to clarify what the control socket does.
* Resist opening control socket running as root.
* Remove the default file name for web log.
* New feature: unix domain listening sockets.
* Released 0.22.0.
140204
* Moved defines for ACE_IPV4 et al outside #ifdef HAVE_SSL clause.
* Otherwise pen won't compile without ssl.
* Released 0.21.1.
140204
* GeoIP access lists.
* Released 0.21.0.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Christopher Meng <rpm(a)cicku.me> - 0.22.0-1
- Update to 0.22.0
- Built with GeoIP support.
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-genacls-0.2-1.el6 (FEDORA-EPEL-2014-1034)
A fedmsg consumer that sets gitosis acls in response to pkgdb messages
--------------------------------------------------------------------------------
Update Information:
Fix mis-use of subprocess.Popen.
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1080094 - Review Request: python-fedmsg-genacls - A fedmsg consumer that sets
gitosis acls in response to pkgdb messages
https://bugzilla.redhat.com/show_bug.cgi?id=1080094
--------------------------------------------------------------------------------
================================================================================
uglify-js-2.4.13-3.el6 (FEDORA-EPEL-2014-1043)
JavaScript parser, mangler/compressor and beautifier toolkit
--------------------------------------------------------------------------------
Update Information:
pretrans script should run in js-uglify subpackage (#1082946)
port to new multi-version and browser JavaScript guidelines
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 2.4.13-3
- pretrans script should run in js-uglify subpackage (#1082946)
* Sat Mar 15 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 2.4.13-2
- add logic for building on EPEL 6 as web-assets-{devel,filesystem} are not
yet available
* Thu Mar 13 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 2.4.13-1
- update to upstream release 2.4.13
* Mon Jan 20 2014 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 2.2.5-4
- port to new JS guidelines
- provide the nodejs- form
* Sun Jan 19 2014 Tom Hughes <tom(a)compton.nu> - 2.2.5-3
- use new multi-version packaging rules
- update to latest nodejs packaging standards
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.2.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1082946 - Update from uglify-js-common to js-uglify fails
https://bugzilla.redhat.com/show_bug.cgi?id=1082946
[ 2 ] Bug #1055177 - uglify-js should be using the proper system for packaging multiple
npm versions
https://bugzilla.redhat.com/show_bug.cgi?id=1055177
--------------------------------------------------------------------------------
================================================================================
xvkbd-3.5-1.el6 (FEDORA-EPEL-2014-1040)
Virtual Keyboard for X Window System
--------------------------------------------------------------------------------
Update Information:
xvkbd is a virtual (graphical) keyboard program for X Window System which provides
facility to enter characters onto other clients (software) by clicking on a keyboard
displayed on the screen. This may be used for systems without a hardware keyboard such as
kiosk terminals or hand-held devices. This program also has facility to send characters
specified as the command line option to another client.
--------------------------------------------------------------------------------