The following Fedora EPEL 6 Security updates need testing:
Age URL
494
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11175/php-symfon...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11194/cacti-0.8....
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11183/php-symfon...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11187/libzrtpcpp...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11222/seamonkey-...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11195/chrony-1.2...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11179/libtommath...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11250/Django14-1...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11245/python-vir...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11257/drupal7-en...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11301/drupal7-th...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11327/php-pear-A...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11330/ngircd-20....
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11311/roundcubem...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11339/lighttpd-1...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11385/nagios-3.5...
The following builds have been pushed to Fedora EPEL 6 updates-testing
MUMPS-4.10.0-14.el6
fail2ban-0.8.10-3.el6
freetiger-5-2.el6
fts-monitoring-3.1.1-1.el6
glite-px-proxyrenewal-1.3.34-1.el6
nagios-3.5.0-2.el6
nodejs-commander-1.2.0-5.el6
nodejs-connect-2.8.5-1.el6
nodejs-express-3.3.5-1.el6
nodejs-fresh-0.2.0-1.el6
nodejs-keypress-0.2.1-1.el6
nodejs-minimist-0.0.1-2.el6
nodejs-send-0.1.4-1.el6
perl-Net-SSH-Expect-1.09-7.el6
php-bartlett-PHP-CompatInfo-2.22.0-1.el6
quassel-0.9.0-1.el6
savanna-image-elements-0.3-0.2.88511begit.el6
Details about builds:
================================================================================
MUMPS-4.10.0-14.el6 (FEDORA-EPEL-2013-11374)
A MUltifrontal Massively Parallel sparse direct Solver
--------------------------------------------------------------------------------
Update Information:
Defined which version of MUMPS-* subpackages are obsolete (bz#993574)
- Obsolete packages are now versioned (bz#993574)
- Adding redefined _pkgdocdir macro for earlier Fedora versions to conform this spec with
'F-20 unversioned docdir' change (bz#993984)
- Conform to MPI Guidelines
- Old MUMPS packages are now obsoletes
Update to conform MUMPS packaging to MPI Guidelines.
- Conform to MPI Guidelines
- Old MUMPS packages are now obsoletes
Update to conform MUMPS packaging to MPI Guidelines.
- Conform to MPI Guidelines
- Old MUMPS packages are now obsoletes
Update to conform MUMPS packaging to MPI Guidelines.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Antonio Trande <sagitter(a)fedoraproject.org> - 4.10.0-14
- 'blacs-openmpi-devel' request unversioned
- Defined which version of MUMPS-doc package is obsolete
* Wed Aug 7 2013 Antonio Trande <sagitter(a)fedoraproject.org> - 4.10.0-13
- Obsolete packages are now versioned (bz#993574)
- Adding redefined _pkgdocdir macro for earlier Fedora versions to conform
this spec with 'F-20 unversioned docdir' change (bz#993984)
* Mon Jul 29 2013 Antonio Trande <sagitter(a)fedoraproject.org> - 4.10.0-12
- Old MUMPS subpackages are now obsoletes
* Sat Jul 27 2013 Antonio Trande <sagitter(a)fedoraproject.org> - 4.10.0-11
- Added new macros for 'openmpi' destination directories
- Done some package modifications according to MPI guidelines
- This .spec file now produces '-openmpi', '-openmpi-devel',
'-common' packages
- Added MUMPS packaging in "serial mode"
- %{name}-common package is a noarch
- Added an '-examples' subpackage that contains all test programs
* Tue Jul 23 2013 Antonio Trande <sagitter(a)fedoraproject.org> - 4.10.0-10
- 'openmpi-devel' BR changed to 'openmpi-devel>=1.7'
- 'blacs-openmpi-devel' BR changed to 'blacs-openmpi-devel>=1.1-50'
- Removed '-lmpi_f77' library link, deprecated starting from
'openmpi-1.7.2'
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #993984 - MUMPS possibly affected by F-20 unversioned docdir change
https://bugzilla.redhat.com/show_bug.cgi?id=993984
[ 2 ] Bug #986708 - MUMPS: Obey MPI guidelines
https://bugzilla.redhat.com/show_bug.cgi?id=986708
--------------------------------------------------------------------------------
================================================================================
fail2ban-0.8.10-3.el6 (FEDORA-EPEL-2013-11384)
Ban IPs that make too many password failures
--------------------------------------------------------------------------------
Update Information:
- Add upstream patch to fix mailx argument ordering (bug #998020)
- Fix hostsdeny permission issue
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Orion Poplawski <orion(a)cora.nwra.com> - 0.8.10-3
- Add upstream patch to fix mailx argument ordering (bug #998020)
* Fri Aug 16 2013 Orion Poplawski <orion(a)cora.nwra.com> - 0.8.10-2
- Add upstream patch to fix hostsdeny permission issue
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #998020 - dshield.conf: mailx confused by order of <dest>
<mailargs>
https://bugzilla.redhat.com/show_bug.cgi?id=998020
--------------------------------------------------------------------------------
================================================================================
freetiger-5-2.el6 (FEDORA-EPEL-2013-11382)
Free implementation of the tiger hash algorithm
--------------------------------------------------------------------------------
Update Information:
freetiger is an implementation of the tiger hash algorithm made looking only at the tiger
reference paper (thus ignoring the reference code until a working implementation was
made). It also includes a modified version of the main program included with the tiger
reference implementation which was used for benchmarking purposes. It has been optimized
for usage in the TTH calculation algorithm and includes optimized versions that will
calculate the hashes for the 1024 byte file chunks and the 48 byte hash concatenation
appending the proper suffix automatically thus minimizing memory to memory copying. Also
freetiger features interleaved hashing where the hashes of two different blocks are
calculated at the same time interleaving the operations of one and the other. Using this
increases the implementation performance. freetiger also supports SSE2 for key scheduling
during the tiger rounds which also increases performance on processors supporting it and
provides an implementation of the partial hashing scheme for a more secure password
storage when authenticating clients using the GPA command in ADC.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #969387 - Review Request: freetiger - Free implementation of the tiger hash
algorithm
https://bugzilla.redhat.com/show_bug.cgi?id=969387
--------------------------------------------------------------------------------
================================================================================
fts-monitoring-3.1.1-1.el6 (FEDORA-EPEL-2013-11376)
FTS3 Web Application for monitoring
--------------------------------------------------------------------------------
Update Information:
FTS v3 web application for monitoring.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #989425 - Review Request: fts-monitoring - FTS v3 web application for
monitoring
https://bugzilla.redhat.com/show_bug.cgi?id=989425
--------------------------------------------------------------------------------
================================================================================
glite-px-proxyrenewal-1.3.34-1.el6 (FEDORA-EPEL-2013-11380)
gLite proxyrenewal renews existing proxy certificates for grid users
--------------------------------------------------------------------------------
Update Information:
The gLite proxyrenewal daemon is responsible for secure and controlled way of periodical
renewal of user proxy certificates. Its primary goal is to support long-time jobs running
on the grid.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #892698 - Review Request: glite-px-proxyrenewal - Tools for renew of the
existing proxy certificates for grid users
https://bugzilla.redhat.com/show_bug.cgi?id=892698
--------------------------------------------------------------------------------
================================================================================
nagios-3.5.0-2.el6 (FEDORA-EPEL-2013-11385)
Nagios monitors hosts and services and yells if somethings breaks
--------------------------------------------------------------------------------
Update Information:
Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294); Init script overwrites
pid file unnecessarily (#983129)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 29 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.5.0-2
- Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294)
- Init script overwrites pid file unnecessarily (#983129)
- Corrected bogus dates
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #958015 - CVE-2013-2029 Nagios core: Insecure temporary file usage in
nagios.upgrade_to_v3.sh
https://bugzilla.redhat.com/show_bug.cgi?id=958015
--------------------------------------------------------------------------------
================================================================================
nodejs-commander-1.2.0-5.el6 (FEDORA-EPEL-2013-11354)
Node.js command-line interfaces made easy
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1.2.0-5
- fix version of dependency on nodejs-keypress
* Mon Aug 26 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1.2.0-4
- rebuild to enable tests
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.2.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sat Jul 6 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1.2.0-2
- fix compatible arches for f18/el6
* Fri Jul 5 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1.2.0-1
- restrict to compatible arches
- update to upstream release 1.2.0
--------------------------------------------------------------------------------
================================================================================
nodejs-connect-2.8.5-1.el6 (FEDORA-EPEL-2013-11354)
High performance middleware framework for Node.js
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 2.8.5-1
- update to upstream release 2.8.5
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.7.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nodejs-express-3.3.5-1.el6 (FEDORA-EPEL-2013-11354)
Sinatra inspired web development framework for Node.js
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 3.3.5-1
- update to upstream release 3.3.5
- add ExclusiveArch logic
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.3.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jul 5 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 3.3.3-1
- update to upstream release 3.3.3
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
nodejs-fresh-0.2.0-1.el6 (FEDORA-EPEL-2013-11354)
HTTP response freshness testing for Node.js
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.2.0-1
- update to upstream release 0.2.0
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.1.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nodejs-keypress-0.2.1-1.el6 (FEDORA-EPEL-2013-11354)
Make any Node ReadableStream emit "keypress" events
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.2.1-1
- update to upstream release 0.2.1
--------------------------------------------------------------------------------
================================================================================
nodejs-minimist-0.0.1-2.el6 (FEDORA-EPEL-2013-11378)
Parse argument options in Node.js
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #992322 - Review Request: nodejs-minimist - Parse argument options in Node.js
https://bugzilla.redhat.com/show_bug.cgi?id=992322
--------------------------------------------------------------------------------
================================================================================
nodejs-send-0.1.4-1.el6 (FEDORA-EPEL-2013-11354)
Better streaming static file server with Range and conditional-GET support
--------------------------------------------------------------------------------
Update Information:
Update nodejs-connect from 2.7.10 to 2.8.5. Upstream changelog:
https://raw.github.com/senchalabs/connect/2.8.5/History.md
Update nodejs-express from 3.2.5 to 3.3.5. Upstream changelog:
https://raw.github.com/visionmedia/express/3.3.5/History.md
Update nodejs-fresh from 0.1.0 to 0.2.0. Upstream commits:
https://github.com/visionmedia/node-fresh/commits/0.2.0
Update nodejs-send from 0.1.0 to 0.1.4. Upstream changelog:
https://raw.github.com/visionmedia/send/0.1.4/History.md
Update nodejs-commander from 1.1.1 to 1.2.0. Upstream changelog:
https://raw.github.com/visionmedia/commander.js/2.0.0/History.md
Update nodejs-keypress from 1.0.0 to 1.2.1. This is a minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.1.4-1
- update to upstream release 0.1.4
- add ExclusiveArch logic
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.1.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jul 5 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.1.2-1
- update to upstream release 0.1.2
- restrict to compatible arches
--------------------------------------------------------------------------------
================================================================================
perl-Net-SSH-Expect-1.09-7.el6 (FEDORA-EPEL-2013-11386)
Net-SSH-Expect - SSH wrapper to execute remote commands
--------------------------------------------------------------------------------
Update Information:
Fixed a permissions issue in the %files section of the spec file that incorrectly set
directory permissions to 644 instead of 755
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 28 2013 Carl Thompson <fedora(a)red-dragon.com> - 1.09-7
- fixed permissions in %files section
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #972946 - perl-Net-SSH-Expect 1.09-6 Bad Directory Permissions
https://bugzilla.redhat.com/show_bug.cgi?id=972946
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-CompatInfo-2.22.0-1.el6 (FEDORA-EPEL-2013-11215)
Find out version and the extensions required for a piece of code to run
--------------------------------------------------------------------------------
Update Information:
Version 2.22.0 (2013-08-22)
Additions and changes:
* add both support to PHP 5.4.19 and 5.5.3
* phar --version switch now print the latest version rather than DEV
* add new function setExcludeVersions() in abstract
PHP_CompatInfo_Reference_PluginsAbstract class that allow to exclude one or more version
for an element ( related to issue GH-99 )
Bug fixes:
* GH-99: SO_BINDTODEVICE exists in php >= 5.4.18 and >= 5.5.1 (so not in 5.5.0)
Version 2.21.0 (2013-08-17)
Additions and changes:
* add both support to PHP 5.4.18 and 5.5.2
* update mongo reference to 1.4.3
* update libxml reference for PHP 5.5.2
Bug fixes:
* request #98 fixed mongo, sockets and standard references (thanks to Remi Collet)
* GH-97: False positive classMemberAccessOnInstantiation detection
Version 2.20.0 (2013-07-20)
Additions and changes:
* add support to PHP 5.5.1
* update session and intl references sync with PHP 5.5.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 23 2013 Remi Collet <remi(a)fedoraproject.org> - 2.22.0-1
- Update to 2.22.0
* Thu Jul 25 2013 Remi Collet <remi(a)fedoraproject.org> - 2.20.0-1
- Update to 2.20.0
- patch from
https://github.com/llaville/php-compat-info/pull/98
--------------------------------------------------------------------------------
================================================================================
quassel-0.9.0-1.el6 (FEDORA-EPEL-2013-11377)
A modern distributed IRC system
--------------------------------------------------------------------------------
Update Information:
New package for EPEL - quassel IRC
--------------------------------------------------------------------------------
================================================================================
savanna-image-elements-0.3-0.2.88511begit.el6 (FEDORA-EPEL-2013-11298)
Savanna diskimage-builder elements
--------------------------------------------------------------------------------
Update Information:
Diskimage-builder elements for Savanna
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #998702 - Review Request: savanna-image-elements - Savanna diskimage-builder
elements
https://bugzilla.redhat.com/show_bug.cgi?id=998702
[ 2 ] Bug #1000293 - savanna-image-elements-0.3-0.2.88511begit.el6 has unresolved
dependency diskimage-builder
https://bugzilla.redhat.com/show_bug.cgi?id=1000293
--------------------------------------------------------------------------------