The following Fedora EPEL 6 Security updates need testing:
Age URL
505
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
24
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-...
19
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11393/nagios-3.5...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11417/graphite-w...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11429/mediawiki1...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11445/perl-Crypt...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11453/python-pyr...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11499/roundcubem...
The following builds have been pushed to Fedora EPEL 6 updates-testing
bdii-5.2.22-1.el6
mysql-utilities-1.3.5-1.el6
nodejs-dateformat-1.0.6-1.el6
php-pecl-redis-2.2.4-1.el6
qpdf-5.0.0-5.el6
roundcubemail-0.9.4-1.el6
Details about builds:
================================================================================
bdii-5.2.22-1.el6 (FEDORA-EPEL-2013-11498)
The Berkeley Database Information Index (BDII)
--------------------------------------------------------------------------------
Update Information:
- New upstream version 5.2.22
- Do not hardcode run directory
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 9 2013 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 5.2.22-1
- New upstream version 5.2.22
- Do not hardcode run directory
--------------------------------------------------------------------------------
================================================================================
mysql-utilities-1.3.5-1.el6 (FEDORA-EPEL-2013-11495)
MySQL Utilities
--------------------------------------------------------------------------------
Update Information:
Upstream changelog:
Release 1.3.5 (Released August 21, 2013)
- BUG#17061126: mysqldiff needs an auto_increment ignoring option
- BUG#17205680: non-deterministic failure of rpl_admin tests
- BUG#17256821: Commercial and GPL msi distro shares build descriptor
- BUG#17271100: mysqldbexport does not export fkeys
- BUG#17316515: Community distros contain both GPL and Commercial license
- BUG#17353571: GPL & Commercial msi installers create separate installs
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 9 2013 Remi Collet <remi(a)fedoraproject.org> - 1.3.5-1
- update to 1.3.5 GA
--------------------------------------------------------------------------------
================================================================================
nodejs-dateformat-1.0.6-1.el6 (FEDORA-EPEL-2013-11496)
Steven Levithan's excellent dateFormat() function for Node.js
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #977118 - Review Request: nodejs-dateformat - Steven Levithan's excellent
dateFormat() function for Node.js
https://bugzilla.redhat.com/show_bug.cgi?id=977118
--------------------------------------------------------------------------------
================================================================================
php-pecl-redis-2.2.4-1.el6 (FEDORA-EPEL-2013-11501)
Extension for communicating with the Redis key-value store
--------------------------------------------------------------------------------
Update Information:
Features / Improvements
* Randomized reconnect delay for RedisArray @mobli. This feature adds an optional
parameter when constructing a RedisArray object such that a random delay will be
introduced if reconnections are made, mitigating any 'thundering herd' type
problems.
* Lazy connections to RedisArray servers @mobli. By default, RedisArray will attempt to
connect to each server you pass in
the ring on construction. This feature lets you specify that you would rather have
RedisArray only attempt a connection when it needs to get data from a particular node
(throughput/performance improvement).
* Allow LONG and STRING keys in MGET/MSET
* Extended SET options for Redis >= 2.6.12
* Persistent connections and UNIX SOCKET support for RedisArray
* Allow aggregates for ZUNION/ZINTER without weights @mheijkoop
* Support for SLOWLOG command
* Reworked MGET algorithm to run in linear time regardless of key count.
* Reworked ZINTERSTORE/ZUNIONSTORE algorithm to run in linear time
Bug fixes
* C99 Compliance (or rather lack thereof) fix @mobli
* Added ZEND_ACC_CTOR and ZEND_ACC_DTOR @euskadi31
* Stop throwing and clearing an exception on connect failure @matmoi
* Fix a false positive unit test failure having to do with TTL returns
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 9 2013 Remi Collet <remi(a)fedoraproject.org> - 2.2.4-1
- Update to 2.2.4
--------------------------------------------------------------------------------
================================================================================
qpdf-5.0.0-5.el6 (FEDORA-EPEL-2013-11497)
Command-line tools and library for transforming PDF files
--------------------------------------------------------------------------------
Update Information:
This brings qpdf into EPEL-6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1004710 - [RFE] Pleas create EPEL-6 branch for this component
https://bugzilla.redhat.com/show_bug.cgi?id=1004710
--------------------------------------------------------------------------------
================================================================================
roundcubemail-0.9.4-1.el6 (FEDORA-EPEL-2013-11499)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
0.9.4, latest upstream.
Require webserver rather than httpd.
Two XSS flaws were fixed in roundcube 0.9.3 [1]:
* Fix XSS vulnerability when saving HTML signatures [2],[3]
* Fix XSS vulnerability when editing a message "as new" or draft [2],[4]
[1]
http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3
[2]
http://trac.roundcube.net/ticket/1489251
[3]
http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae87...
[4]
http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8...
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 9 2013 Jon Ciesla <limburgher(a)gmail.com> - 0.9.4-1
- 0.9.4
- Change httpd dep to webserver, BZ 1005696.
* Fri Aug 23 2013 Adam Williamson <awilliam(a)redhat.com> - 0.9.3-2
- patch tinymce to cope elegantly with Flash binary being removed
* Fri Aug 23 2013 Jon Ciesla <limburgher(a)gmail.com> - 0.9.3-1
- Fix two XSS vulnerabilities:
-
http://trac.roundcube.net/ticket/1489251
* Fri Aug 16 2013 Jon Ciesla <limburgher(a)gmail.com> - 0.9.2-3
- Drop precompiled flash.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.9.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jun 17 2013 Adam Williamson <awilliam(a)redhat.com> - 0.9.2-1
- latest upstream
- correct License field, add comment on complex licensing case
* Wed May 1 2013 Adam Williamson <awilliam(a)redhat.com> - 0.9.0-1
- latest upstream
- drop MDB2 dependencies, add php-pdo dependency (upstream now using
pdo not MDB2)
- drop the update.sh script as it requires the installer framework we
don't ship
- update the Fedora README for changes to sqlite and update process
- drop strict.patch, upstream actually merged it years ago, just in
a slightly different format, and we kept dumbly diffing it
- drop references to obsolete patches (all merged upstream long ago)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1005696 - roundcubemail depends on httpd (apache)
https://bugzilla.redhat.com/show_bug.cgi?id=1005696
[ 2 ] Bug #1000511 - roundcubemail: two XSS flaws fixed in 0.9.3 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1000511
[ 3 ] Bug #1000512 - roundcubemail: two XSS flaws fixed in 0.9.3 [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1000512
--------------------------------------------------------------------------------