The following Fedora EPEL 6 Security updates need testing: Age URL 790 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 137 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-... 122 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2... 81 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1011/php-ZendFramew... 31 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1471/chicken-4.8.0.... 27 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1477/drupal7-views-... 17 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1563/mono-2.10.8-2.... 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1572/chkrootkit-0.4... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1584/python-djblets... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1608/mcollective-2.... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1612/tor-0.2.4.22-1... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1628/hiera-1.0.0-4.... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1634/python-django-... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1648/owncloud-6.0.3... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1649/python-jinja2-... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1657/lynis-1.5.6-1.... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1627/php-horde-Hord... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1694/zabbix-1.8.20-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1693/perl-Email-Add... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1698/zabbix20-2.0.1...

The following builds have been pushed to Fedora EPEL 6 updates-testing

libgit2-0.21.0-1.el6 perl-Email-Address-1.905-1.el6 silvia-0.2.2-0.6.f14d948git.el6 sys_basher-2.0.1-5.el6 zabbix-1.8.20-2.el6 zabbix20-2.0.12-2.el6

Details about builds:

================================================================================ libgit2-0.21.0-1.el6 (FEDORA-EPEL-2014-1692) C implementation of the Git core methods as a library with a solid API -------------------------------------------------------------------------------- Update Information:

libgit 0.21.0 --------------------------------------------------------------------------------

================================================================================ perl-Email-Address-1.905-1.el6 (FEDORA-EPEL-2014-1693) RFC 2822 Address Parsing and Creation -------------------------------------------------------------------------------- Update Information:

Update to 1.905, fixes CVE-2014-0477. -------------------------------------------------------------------------------- ChangeLog:

* Fri Jun 20 2014 Tom Callaway spot@fedoraproject.org - 1.905-1 - update to 1.905 * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.903-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Apr 22 2014 Tom Callaway spot@fedoraproject.org - 1.903-1 - update to 1.903 * Thu Feb 13 2014 Tom Callaway spot@fedoraproject.org - 1.901-1 - update to 1.901 * Fri Aug 16 2013 Tom Callaway spot@fedoraproject.org - 1.900-1 - update to 1.900 * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.898-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sat Jul 20 2013 Petr Pisar ppisar@redhat.com - 1.898-3 - Perl 5.18 rebuild * Wed Jun 26 2013 Jitka Plesnikova jplesnik@redhat.com - 1.898-2 - Specify all dependencies - Drop %defattr, remove %clean section - Don't need to remove empty directories from the buildroot - Use DESTDIR rather than PERL_INSTALL_ROOT * Fri Feb 8 2013 Tom Callaway spot@fedoraproject.org - 1.898-1 - update to 1.898 * Wed Dec 19 2012 Tom Callaway spot@fedoraproject.org - 1.897-1 - update to 1.897 * Tue Sep 18 2012 Marcela Mašláňová mmaslano@redhat.com 1.896-1 - update to 1.896 * Fri Jul 20 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.889-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jun 12 2012 Petr Pisar ppisar@redhat.com - 1.889-11 - Perl 5.16 rebuild * Fri Jan 13 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.889-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Jun 20 2011 Marcela Mašláňová mmaslano@redhat.com - 1.889-9 - Perl mass rebuild * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.889-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Dec 16 2010 Marcela Maslanova mmaslano@redhat.com - 1.889-7 - 661697 rebuild for fixing problems with vendorach/lib * Sat May 1 2010 Marcela Maslanova mmaslano@redhat.com - 1.889-6 - Mass rebuild with perl-5.12.0 * Fri Apr 30 2010 Marcela Maslanova mmaslano@redhat.com - 1.889-5 - Mass rebuild with perl-5.12.0 * Mon Dec 7 2009 Stepan Kasal skasal@redhat.com - 1.889-4 - rebuild against perl 5.10.1 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1110723 - CVE-2014-0477 perl-Email-Address: Denial-of-Service in Email::Address::parse https://bugzilla.redhat.com/show_bug.cgi?id=1110723 --------------------------------------------------------------------------------

================================================================================ silvia-0.2.2-0.6.f14d948git.el6 (FEDORA-EPEL-2014-1695) SImple Library for the Verification and Issuance of Attributes -------------------------------------------------------------------------------- Update Information:

Update to newest git version. This version introduces silvia_manager and silvia_proxy. --------------------------------------------------------------------------------

================================================================================ sys_basher-2.0.1-5.el6 (FEDORA-EPEL-2014-1691) A multithreaded hardware exerciser -------------------------------------------------------------------------------- Update Information:

Added the ability to identify an individual DIMM -------------------------------------------------------------------------------- ChangeLog:

* Thu Jun 19 2014 Joshua Rosen bjrosen@polybus.com - 2.0.1-5 Excluded all arms, added CPU Frequency tracking, added sys_basher_setup script to generate DMI info for sys_basher * Wed Jun 18 2014 Joshua Rosen bjrosen@polybus.com - 2.0.1-4 Excluded armv7hl * Tue Jun 17 2014 Joshua Rosen bjrosen@polybus.com - 2.0.1-2 Can now identify the location of a bad DIMM * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.1.25-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ zabbix-1.8.20-2.el6 (FEDORA-EPEL-2014-1694) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information:

Patch CVE-2014-3005 (local file inclusion via XXE attack) https://support.zabbix.com/browse/ZBX-8151 -------------------------------------------------------------------------------- ChangeLog:

* Fri Jun 20 2014 Volker Fröhlich volker27@gmx.at - 1.8.20-2 - Patch for ZBX-8151 (Local file inclusion via XXE attack) -- CVE-2014-3005 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1110496 - CVE-2014-3005 zabbix: local file inclusion via XXE attack https://bugzilla.redhat.com/show_bug.cgi?id=1110496 --------------------------------------------------------------------------------

================================================================================ zabbix20-2.0.12-2.el6 (FEDORA-EPEL-2014-1698) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information:

Patch CVE-2014-3005 (local file inclusion via XXE attack)

https://support.zabbix.com/browse/ZBX-8151 -------------------------------------------------------------------------------- ChangeLog:

* Fri Jun 20 2014 Volker Fröhlich volker27@gmx.at - 2.0.12-2 - Patch for ZBX-8151 (Local file inclusion via XXE attack) -- CVE-2014-3005 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1110496 - CVE-2014-3005 zabbix: local file inclusion via XXE attack https://bugzilla.redhat.com/show_bug.cgi?id=1110496 --------------------------------------------------------------------------------