The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/libpng10-1.0.55-1.el6
https://admin.fedoraproject.org/updates/drupal7-7.4-1.el6
https://admin.fedoraproject.org/updates/asterisk-1.8.4.4-3.el6
https://admin.fedoraproject.org/updates/dokuwiki-0-0.8.20110525.a.el6
https://admin.fedoraproject.org/updates/mingw32-libpng-1.2.37-3.el6
https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.3.1-1.el6
https://admin.fedoraproject.org/updates/ejabberd-2.1.8-2.el6
https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GtkAda-2.14.1-8.el6.1
PragmARC-20060427-11.1.el6
cmake-fedora-0.7.0-1.el6
cmake-fedora-0.7.1-1.el6
fedora-gnat-project-common-3.1-1.1.el6.1
gnucash-2.4.7-1.el6
gnucash-docs-2.4.1-1.el6
libpng10-1.0.55-1.el6
libpri-1.4.12-1.el6
mine_detector-6.0-7.1.el6
oz-0.5.0-2.el6
phpMyAdmin-3.4.3.1-1.el6
roundcubemail-0.5.3-1.el6
Details about builds:
================================================================================
GtkAda-2.14.1-8.el6.1 (FEDORA-EPEL-2011-3731)
Ada graphical toolkit based on Gtk+
--------------------------------------------------------------------------------
Update Information:
This update adds four packages from Fedora to EPEL 6.
--------------------------------------------------------------------------------
================================================================================
PragmARC-20060427-11.1.el6 (FEDORA-EPEL-2011-3731)
PragmAda Reusable Components, a component library for Ada
--------------------------------------------------------------------------------
Update Information:
This update adds four packages from Fedora to EPEL 6.
--------------------------------------------------------------------------------
================================================================================
cmake-fedora-0.7.0-1.el6 (FEDORA-EPEL-2011-3732)
CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:
- Fixed target: after_release_commit.
- Add "INCLUDE(ManageRelease)" in template
so new project will not get CMake command "MANAGE_RELEASE"
- Corrected TODO.
- Corrected ChangeLog.prev and SPECS/RPM-ChangeLog.prev.
- By default, the CMAKE_INSTALL_PREFIX is set as '/usr'.
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
+ M_MSG: Controllable verbose output
- ManageRelease: New module.
+ MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
(or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.7.0-1
- Fixed target: after_release_commit.
- Add "INCLUDE(ManageRelease)" in template
so new project will not get CMake command "MANAGE_RELEASE"
- Corrected TODO.
- Corrected ChangeLog.prev and SPECS/RPM-ChangeLog.prev.
- By default, the CMAKE_INSTALL_PREFIX is set as '/usr'.
* Wed Jul 6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.6.1-1
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
+ M_MSG: Controllable verbose output
- ManageRelease: New module.
+ MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
(or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6.
- Targets which perform after release now have the prefix "after_release".
* Wed Jul 6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.6.1-1
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
+ M_MSG: Controllable verbose output
- ManageRelease: New module.
+ MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
(or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6
--------------------------------------------------------------------------------
================================================================================
cmake-fedora-0.7.1-1.el6 (FEDORA-EPEL-2011-3740)
CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:
- Target release now depends on upload.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 8 2011 Ding-Yi Chen <dchen at redhat.com> - 0.7.1-1
- Target release now depends on upload.
* Fri Jul 8 2011 Ding-Yi Chen <dchen at redhat.com> - 0.7.0-1
- Fixed target: after_release_commit.
- Add "INCLUDE(ManageRelease)" in template
so new project will not get CMake command "MANAGE_RELEASE"
- Corrected TODO.
- Corrected ChangeLog.prev and SPECS/RPM-ChangeLog.prev.
- By default, the CMAKE_INSTALL_PREFIX is set as '/usr'.
* Wed Jul 6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.6.1-1
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
+ M_MSG: Controllable verbose output
- ManageRelease: New module.
+ MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
(or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6.
- Targets which perform after release now have the prefix "after_release".
* Wed Jul 6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.6.1-1
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
+ M_MSG: Controllable verbose output
- ManageRelease: New module.
+ MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
(or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6
--------------------------------------------------------------------------------
================================================================================
fedora-gnat-project-common-3.1-1.1.el6.1 (FEDORA-EPEL-2011-3731)
Files shared by Ada libraries
--------------------------------------------------------------------------------
Update Information:
This update adds four packages from Fedora to EPEL 6.
--------------------------------------------------------------------------------
================================================================================
gnucash-2.4.7-1.el6 (FEDORA-EPEL-2011-3736)
Finance management application
--------------------------------------------------------------------------------
Update Information:
This updates GnuCash to the latest upstream release, fixing assorted bugs. For more
information, see the upstream changelog at
http://gnucash.org/#110702-2.4.7.news.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 6 2011 Bill Nottingham <notting(a)redhat.com> - 2.4.7-1
- update to 2.4.7 (#712268)
- re-enable python bindings. (#712621)
* Thu May 5 2011 Bill Nottingham <notting(a)redhat.com> - 2.4.5-2
- fix tips (#702391)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #712268 - broken links
https://bugzilla.redhat.com/show_bug.cgi?id=712268
[ 2 ] Bug #712621 - Python bindings for gnucash not enabled.
https://bugzilla.redhat.com/show_bug.cgi?id=712621
--------------------------------------------------------------------------------
================================================================================
gnucash-docs-2.4.1-1.el6 (FEDORA-EPEL-2011-3736)
Help files and documentation for the GnuCash personal finanace manager
--------------------------------------------------------------------------------
Update Information:
This updates GnuCash to the latest upstream release, fixing assorted bugs. For more
information, see the upstream changelog at
http://gnucash.org/#110702-2.4.7.news.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 5 2011 Bill Nottingham <notting(a)redhat.com> - 2.4.1-1
- update to 2.4.1
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.2.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #712268 - broken links
https://bugzilla.redhat.com/show_bug.cgi?id=712268
[ 2 ] Bug #712621 - Python bindings for gnucash not enabled.
https://bugzilla.redhat.com/show_bug.cgi?id=712621
--------------------------------------------------------------------------------
================================================================================
libpng10-1.0.55-1.el6 (FEDORA-EPEL-2011-3664)
Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:
This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It
allows attackers to cause a denial of service (crash) via a malformed PNG image file that
triggers an error that causes an out-of-bounds read when creating the error message. This
is CVE-2011-2501.
Also fixed in this release are some other minor security problems and there's
additionally a bugfix backported from 1.5.3: when expanding a paletted image, always
expand to RGBA if transparency is present.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 7 2011 Paul Howarth <paul(a)city-fan.org> 1.0.55-1
- update to 1.0.55
- fixed uninitialized memory read in png_format_buffer()
(CVE-2011-2501, related to CVE-2004-0421)
- pass "" instead of '\0' to png_default_error() in png_err()
- check for up->location !PNG_AFTER_IDAT when writing unknown chunks before
IDAT
- ported bugfix in pngrtran.c from 1.5.3: when expanding a paletted image,
always expand to RGBA if transparency is present
- check for integer overflow in png_set_rgb_to_gray()
- check for sCAL chunk too short
- drop upstreamed patch for CVE-2011-2501
- add patch to fix build failure due to regression in libpng.sym creation
* Wed Jun 29 2011 Paul Howarth <paul(a)city-fan.org> 1.0.54-3
- fix 1-byte uninitialized memory reference in png_format_buffer()
(CVE-2011-2501, related to CVE-2004-0421)
- nobody else likes macros for commands
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org>
1.0.54-2
- rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #717084 - CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+
https://bugzilla.redhat.com/show_bug.cgi?id=717084
--------------------------------------------------------------------------------
================================================================================
libpri-1.4.12-1.el6 (FEDORA-EPEL-2011-3733)
An implementation of Primary Rate ISDN
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team announces the release of libpri version
1.4.12. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/libpri/
The following are some of the issues resolved in this release:
* Add call transfer exchange of subaddresses support and fix PTMP call
transfer signaling.
* Invalid PTMP redirecting signaling as TE towards NT.
* Add Q931_IE_TIME_DATE to CONNECT message when in network mode.
(issue #18047 (JIRA PRI-114). Reported by: wuwu. Patched by rmudgett)
* Swap of master/slave in pri_enslave() incorrect.
(issue #18769 (JIRA PRI-120). Reported by: jcollie. Patched by jcollie)
* Fix I-frame retransmission quirks.
* Crash if NFAS swaps D channels on a call with an active timer.
* DMS-100 not receiving caller name anymore.
(issue #18822 (JIRA PRI-121). Reported by: cmorford. Patched by rmudgett)
* B channel lost by incoming call in BRI NT PTMP mode.
* Implement the mandatory T312 timer for NT PTMP broadcast SETUP calls.
This release contains several new features, among them:
1.) ETSI and Q.SIG Call Completion Supplementary Service (CCSS) support
2.) ETSI Advice Of Charge (AOC) support
3.) ETSI Explicit Call Transfer (ECT) support
4.) ETSI Call Waiting support for ISDN phones
5.) ETSI Malicious Call ID support
6.) Add Display IE text handling options.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/libpri/releases/ChangeLog-1.4.12
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 6 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.4.12-1
- The Asterisk Development Team announces the release of libpri version
- 1.4.12. This release is available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/libpri/
-
- The following are some of the issues resolved in this release:
-
- * Add call transfer exchange of subaddresses support and fix PTMP call
- transfer signaling.
-
- * Invalid PTMP redirecting signaling as TE towards NT.
-
- * Add Q931_IE_TIME_DATE to CONNECT message when in network mode.
- (issue #18047 (JIRA PRI-114). Reported by: wuwu. Patched by rmudgett)
-
- * Swap of master/slave in pri_enslave() incorrect.
- (issue #18769 (JIRA PRI-120). Reported by: jcollie. Patched by jcollie)
-
- * Fix I-frame retransmission quirks.
-
- * Crash if NFAS swaps D channels on a call with an active timer.
-
- * DMS-100 not receiving caller name anymore.
- (issue #18822 (JIRA PRI-121). Reported by: cmorford. Patched by rmudgett)
-
- * B channel lost by incoming call in BRI NT PTMP mode.
-
- * Implement the mandatory T312 timer for NT PTMP broadcast SETUP calls.
-
- This release contains several new features, among them:
-
- 1.) ETSI and Q.SIG Call Completion Supplementary Service (CCSS) support
- 2.) ETSI Advice Of Charge (AOC) support
- 3.) ETSI Explicit Call Transfer (ECT) support
- 4.) ETSI Call Waiting support for ISDN phones
- 5.) ETSI Malicious Call ID support
- 6.) Add Display IE text handling options.
-
- For a full list of changes in this release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/libpri/releases/ChangeLog-1.4.12
* Tue Feb 8 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.4.12-0.3.beta3
-
- The following are some of the issues resolved in this beta release:
-
- * Prevent a CONNECT message from sending a CONNECT ACKNOWLEDGE in the
- wrong state.
- (issue #17360. Reported by: shawkris. Patched by rmudgett)
-
- * Made Q.921 delay events to Q.931 if the event could immediately
- generate response frames.
- (closes issue #17360. Reported by: shawkris. Patched by rmudgett)
-
- * BRI PTMP: Active channels not cleared when the interface goes down.
- (closes issue #17865. Reported by: wimpy. Patched by rmudgett)
-
- * Segfault in pri_schedule_del() - ctrl value is invalid.
- (closes issue #17522)
- (closes issue #18032. Reported by: schmoozecom. Patched by rmudgett)
-
- * Crash when receiving an unknown/unsupported message type.
- (closes issue #17968. Reported by: gelo. Patched by rmudgett)
-
- * B410P gets incoming call packets on ISDN but Asterisk doesn't see the
- call.
- (closes issue #18232. Reported by: lelio. Patched by rmudgett)
-
- * SABME flood on backup D-channel in NFAS configuration.
- (closes issue #18255. Reported by: bklang. Patched by rmudgett)
-
- * Asterisk is getting a "No D-channels available!" warning message every
- 4 seconds.
- (closes issue #17270. Reported by: jmls. Patched by rmudgett)
-
- This beta release contains several new features, among them:
-
- 1.) ETSI and Q.SIG Call Completion Supplementary Service (CCSS) support
- 2.) ETSI Advice Of Charge (AOC) support
- 3.) ETSI Explicit Call Transfer (ECT) support
- 4.) ETSI Call Waiting support for ISDN phones
- 5.) ETSI Malicious Call ID support
-
- For a full list of changes in the current release candidate, please see
- the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/libpri/releases/ChangeLog-1.4...
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.12-0.2.beta2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mine_detector-6.0-7.1.el6 (FEDORA-EPEL-2011-3731)
Mine Detector, a mine-finding game
--------------------------------------------------------------------------------
Update Information:
This update adds four packages from Fedora to EPEL 6.
--------------------------------------------------------------------------------
================================================================================
oz-0.5.0-2.el6 (FEDORA-EPEL-2011-3739)
Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
Update Information:
Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #713320 - Review Request: oz - Library and utilities for automated guest OS
installs
https://bugzilla.redhat.com/show_bug.cgi?id=713320
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-3.4.3.1-1.el6 (FEDORA-EPEL-2011-3738)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
Changes for 3.4.3.1 (2011-06-07)
- [PMASA-2011-5] Possible session manipulation in Swekey authentication
(
http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php)
- [PMASA-2011-6] Possible code injection in setup script in case session variables are
compromised (
http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php)
- [PMASA-2011-7] Regular expression quoting issue in Synchronize code
(
http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php)
- [PMASA-2011-8] Possible directory traversal
(
http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php)
Changes for 3.4.3.0 (2011-06-27)
- [sync] Missing helper icons in Synchronize
- [setup] Redefine a lable that was wrong
- [parser] master is not a reserved word
- [edit] Inline edit updates multiple duplicate rows
- [edit] Inline edit does not escape backslashes
- [interface] Columns class sometimes changed for nothing
- [interface] Some tooltips do not disappear
- [search] Fix search in non unicode tables
- [display] Inline query edit broken
- [privileges] Generate password option missing on new accounts
- [edit] Inline edit places HTML line breaks in edit area
- [interface] Inline query edit does not escape special characters
- [security] minor XSS (require a valid token)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 6 2011 Robert Scheck <robert(a)fedoraproject.org> 3.4.3.1-1
- Upgrade to 3.4.3.1 (#718964)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #718964 - phpMyAdmin-3.4.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=718964
--------------------------------------------------------------------------------
================================================================================
roundcubemail-0.5.3-1.el6 (FEDORA-EPEL-2011-3741)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 5 2011 Jon Ciesla <limb(a)jcomserv.net> = 0.5.3-1
- New upstream.
* Tue May 17 2011 Jon Ciesla <limb(a)jcomserv.net> = 0.5.2-1
- New upstream.
* Thu Feb 10 2011 Jon Ciesla <limb(a)jcomserv.net> = 0.5.1-1
- New upstream.
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.4.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Oct 18 2010 Jon Ciesla <limb(a)jcomserv.net> = 0.4.2-1
- New upstream.
* Mon Oct 4 2010 Jon Ciesla <limb(a)jcomserv.net> = 0.4.1-1
- New upstream.
--------------------------------------------------------------------------------