The following Fedora EPEL 6 Security updates need testing: Age URL 508 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 27 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-3.7... 22 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11393/nagios-3.5.1-... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11417/graphite-web-... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11445/perl-Crypt-DS... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11453/python-pyrad-... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11499/roundcubemail... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11507/tinyproxy-1.8... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11525/moodle-2.4.6-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11556/openstack-swi... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11550/Django14-1.4.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11552/glpi-0.83.9.1...
The following builds have been pushed to Fedora EPEL 6 updates-testing
Django14-1.4.7-1.el6 glpi-0.83.9.1-4.el6 ldapvi-1.7-17.el6 nf3d-0.8-1.el6 openstack-swift-1.7.4-3.el6 openvpn-2.3.2-2.el6 perl-File-KeePass-2.03-3.el6 php-htmLawed-1.1.16-1.el6 qt5-qtgraphicaleffects-5.1.1-1.el6 qt5-qtimageformats-5.1.1-1.el6 qt5-qtsvg-5.1.1-1.el6 qt5-qttools-5.1.1-3.el6 qt5-qtwebkit-5.1.1-1.el6 qt5-qtxmlpatterns-5.1.1-1.el6 qtbrowserplugin-2.4-3.el6 racoon2-20100526a-23.el6 wcd-5.2.4-1.el6
Details about builds:
================================================================================ Django14-1.4.7-1.el6 (FEDORA-EPEL-2013-11550) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information:
Rebase to 1.4.7, fixes CVE-2013-4315 -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 12 2013 Matthias Runge mrunge@redhat.com - 1.4.7-1 - update to 1.4.7, fix CVE 2013-4315, fixes rhbz 1007020 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1004969 - CVE-2013-4315 python-django: directory traversal with "ssi" template tag https://bugzilla.redhat.com/show_bug.cgi?id=1004969 --------------------------------------------------------------------------------
================================================================================ glpi-0.83.9.1-4.el6 (FEDORA-EPEL-2013-11552) Free IT asset management software -------------------------------------------------------------------------------- Update Information:
Security improvement: restrict access to installation wizard from local server only.
Remote access need to be explicitly allowed in configuration (/etc/httpd/conf.d/glpi.conf). -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 12 2013 Remi Collet remi@fedoraproject.org - 0.83.9.1-4 - restrict access for install to local for security - drop bundled Flash files files, #1000251 - Add a missing requirement on crontabs to spec file --------------------------------------------------------------------------------
================================================================================ ldapvi-1.7-17.el6 (FEDORA-EPEL-2013-11546) An interactive LDAP client -------------------------------------------------------------------------------- Update Information:
Add fix of double free() crash (#949157), also fix old FSF address -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 11 2013 Matěj Cepl mcepl@redhat.com - 1.7-17 - Add fix of double free() crash (#949157) - Fix old FSF address * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.7-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.7-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jul 19 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.7-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.7-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #949157 - [PATCH] fix use-after-free in sasl code https://bugzilla.redhat.com/show_bug.cgi?id=949157 --------------------------------------------------------------------------------
================================================================================ nf3d-0.8-1.el6 (FEDORA-EPEL-2013-11551) GANTT-style visualization for netfilter connections and logged packets -------------------------------------------------------------------------------- Update Information:
New RPM. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #967485 - Review Request: nf3d - GANTT-style visualization for Netfilter connections and logged packets https://bugzilla.redhat.com/show_bug.cgi?id=967485 --------------------------------------------------------------------------------
================================================================================ openstack-swift-1.7.4-3.el6 (FEDORA-EPEL-2013-11556) OpenStack Object Storage (swift) -------------------------------------------------------------------------------- Update Information:
This update fixes the possibility to fill up a Swift fluster with invalid tombstone files by attacking with DELETE requests with a special timestamp. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 11 2013 Pete Zaitcev zaitcev@redhat.com - 1.7.4-3 - CVE-2013-4155 "Fix handling of DELETE obj reqs with old timestamp" * Wed Jan 23 2013 Martin Magr mmagr@redhat.com - 1.7.4-2.3 - Added python-keystone requirement * Fri Jan 18 2013 Pete Zaitcev zaitcev@redhat.com 1.7.4-2.3 - Relocate object-expirer to proxy subpackage - cleanups from Smokestack spec (Dan Prince) * Thu Jan 17 2013 Alan Pevec apevec@redhat.com 1.7.4-2.2 - adjust openstack-swift-functions for new init scripts * Wed Jan 9 2013 Pete Zaitcev zaitcev@redhat.com - 1.7.4-2.1 - Add missing Upstart jobs and init scripts for daemons, bz#885530 - Drop duplicated /var/run directories from the spec -------------------------------------------------------------------------------- References:
[ 1 ] Bug #994666 - CVE-2013-4155 openstack-swift: OpenStack: Swift Denial of Service using superfluous object tombstones [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=994666 --------------------------------------------------------------------------------
================================================================================ openvpn-2.3.2-2.el6 (FEDORA-EPEL-2013-11538) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information:
Enable --enable-x509-alt-username. -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 12 2013 Jon Ciesla limburgher@gmail.com 2.3.2-2 - Enable --enable-x509-alt-username, BZ 1007184. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1007184 - Request to enable the "--enable-x509-alt-username" compile-time option https://bugzilla.redhat.com/show_bug.cgi?id=1007184 --------------------------------------------------------------------------------
================================================================================ perl-File-KeePass-2.03-3.el6 (FEDORA-EPEL-2013-11540) Interface to KeePass V1 and V2 database files -------------------------------------------------------------------------------- Update Information:
Interface to KeePass V1 and V2 database files -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1002321 - Review Request: perl-File-KeePass - Interface to KeePass V1 and V2 database files https://bugzilla.redhat.com/show_bug.cgi?id=1002321 --------------------------------------------------------------------------------
================================================================================ php-htmLawed-1.1.16-1.el6 (FEDORA-EPEL-2013-11543) PHP code to purify and filter HTML -------------------------------------------------------------------------------- Update Information:
htmLawed 1.1.16, 29 August 2013: - fix for a potential security vulnerability arising from specialy encoded space characters in URL schemes/protocols -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 12 2013 Remi Collet remi@fedoraproject.org - 1.1.16-1 - update to 1.1.16, fix for a potential security vulnerability arising from specialy encoded space characters in URL schemes/protocols --------------------------------------------------------------------------------
================================================================================ qt5-qtgraphicaleffects-5.1.1-1.el6 (FEDORA-EPEL-2013-11553) Qt5 - QtGraphicalEffects component -------------------------------------------------------------------------------- Update Information:
The Qt Graphical Effects module provides a set of QML types for adding visually impressive and configurable effects to user interfaces. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #915913 - Review Request: qt5-qtgraphicaleffects - Qt5 - QtGraphicalEffects component https://bugzilla.redhat.com/show_bug.cgi?id=915913 --------------------------------------------------------------------------------
================================================================================ qt5-qtimageformats-5.1.1-1.el6 (FEDORA-EPEL-2013-11554) Qt5 - QtImageFormats component -------------------------------------------------------------------------------- Update Information:
The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA, TIFF, WBMP. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #915916 - Review Request: qt5-qtimageformats - Qt5 - QtImageFormats component https://bugzilla.redhat.com/show_bug.cgi?id=915916 --------------------------------------------------------------------------------
================================================================================ qt5-qtsvg-5.1.1-1.el6 (FEDORA-EPEL-2013-11547) Qt5 - Support for rendering and displaying SVG -------------------------------------------------------------------------------- Update Information:
Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #915920 - Review Request: qt5-qtsvg - Qt5 - QtSvg component https://bugzilla.redhat.com/show_bug.cgi?id=915920 --------------------------------------------------------------------------------
================================================================================ qt5-qttools-5.1.1-3.el6 (FEDORA-EPEL-2013-11531) Qt5 - QtTool components -------------------------------------------------------------------------------- Update Information:
QtWebKit, and Tools modules portion of Qt 5.1.1 release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1006254 - wrong path to lrelease https://bugzilla.redhat.com/show_bug.cgi?id=1006254 --------------------------------------------------------------------------------
================================================================================ qt5-qtwebkit-5.1.1-1.el6 (FEDORA-EPEL-2013-11531) Qt5 - QtWebKit components -------------------------------------------------------------------------------- Update Information:
QtWebKit, and Tools modules portion of Qt 5.1.1 release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1006254 - wrong path to lrelease https://bugzilla.redhat.com/show_bug.cgi?id=1006254 --------------------------------------------------------------------------------
================================================================================ qt5-qtxmlpatterns-5.1.1-1.el6 (FEDORA-EPEL-2013-11544) Qt5 - QtXmlPatterns component -------------------------------------------------------------------------------- Update Information:
The Qt XML Patterns module provides support for XPath, XQuery, XSLT, and XML Schema validation. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #915923 - Review Request: qt5-qtxmlpatterns - Qt5 - QtXmlPatterns component https://bugzilla.redhat.com/show_bug.cgi?id=915923 --------------------------------------------------------------------------------
================================================================================ qtbrowserplugin-2.4-3.el6 (FEDORA-EPEL-2013-11549) Qt Solutions Component: Browser Plugin -------------------------------------------------------------------------------- Update Information:
The QtBrowserPlugin solution is useful for implementing plugins for web browser.
--------------------------------------------------------------------------------
================================================================================ racoon2-20100526a-23.el6 (FEDORA-EPEL-2013-11541) An implementation of key management system for IPsec -------------------------------------------------------------------------------- Update Information:
Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 12 2013 Pavel Šimerda psimerda@redhat.com - 20100526a-23 - prefix init script daemon names with /racoon2-/ (#1006613, patch by Grant Hammond) * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 20100526a-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar ppisar@redhat.com - 20100526a-21 - Perl 5.18 rebuild * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 20100526a-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jan 17 2013 Pavel Šimerda psimerda@redhat.com - 20100526a-19 - Fix racoon2 script to call prefixed binaries * Sat Jul 21 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 20100526a-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1006613 - init script has incorrect daemon names https://bugzilla.redhat.com/show_bug.cgi?id=1006613 --------------------------------------------------------------------------------
================================================================================ wcd-5.2.4-1.el6 (FEDORA-EPEL-2013-11539) Chdir for DOS and Unix -------------------------------------------------------------------------------- Update Information:
New upstream version 5.2.4. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 11 2013 Erwin Waterlander waterlan@xs4all.nl - 5.2.4-1 - New upstream version 5.2.4. --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org