[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora EPEL 6 updates-testing report



The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.el6
    https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6
    https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6
    https://admin.fedoraproject.org/updates/libmodplug-0.8.8.2-1.el6
    https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el6
    https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.el6
    https://admin.fedoraproject.org/updates/tmux-1.4-3.el6
    https://admin.fedoraproject.org/updates/asterisk-1.8.3.3-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    ack-1.94-1.el6
    asterisk-1.8.3.3-1.el6
    lua-wsapi-1.3.4-4.el6
    perl-JavaScript-Minifier-1.05-6.el6
    python-demjson-1.6-1.el6

Details about builds:


================================================================================
 ack-1.94-1.el6 (FEDORA-EPEL-2011-3137)
 Grep-like text finder
--------------------------------------------------------------------------------
Update Information:

Update to 1.94
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 21 2011 <ianburrell gmail com> - 1.94-1
- Update to 1.94
--------------------------------------------------------------------------------


================================================================================
 asterisk-1.8.3.3-1.el6 (FEDORA-EPEL-2011-3141)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:

* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)

The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3

Security advisory AST-2011-005 and AST-2011-006 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 21 2011 Jeffrey C. Ollie <jeff ocjtech us> - 1.8.3.3-1
- The Asterisk Development Team has announced security releases for Asterisk
- branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
- released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
- issues:
-
- * File Descriptor Resource Exhaustion (AST-2011-005)
- * Asterisk Manager User Shell Access (AST-2011-006)
-
- The issues and resolutions are described in the AST-2011-005 and AST-2011-006
- security advisories.
-
- For more information about the details of these vulnerabilities, please read the
- security advisories AST-2011-005 and AST-2011-006, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
-
- Security advisory AST-2011-005 and AST-2011-006 are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
* Wed Mar 23 2011 Jeffrey C. Ollie <jeff ocjtech us> - 1.8.3.2-2
- Bump release and rebuild for mysql 5.5.10 soname change.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #698916 - CVE-2011-1507 Asterisk: file descriptor resource exhaustion (AST-2011-005)
        https://bugzilla.redhat.com/show_bug.cgi?id=698916
  [ 2 ] Bug #698917 - CVE-2011-1599 Asterisk: Shell command execution via manager Originate action (AST-2011-006)
        https://bugzilla.redhat.com/show_bug.cgi?id=698917
--------------------------------------------------------------------------------


================================================================================
 lua-wsapi-1.3.4-4.el6 (FEDORA-EPEL-2011-3138)
 Lua Web Server API
--------------------------------------------------------------------------------
Update Information:

Require lua-coxpcall, fixes #666090
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 22 2011 Tim Niemueller <tim niemueller de> - 1.3.4-4
- Require lua-coxpcall, fixes #666090
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng lists fedoraproject org> - 1.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #666090 - broken lua-wsapi package
        https://bugzilla.redhat.com/show_bug.cgi?id=666090
--------------------------------------------------------------------------------


================================================================================
 perl-JavaScript-Minifier-1.05-6.el6 (FEDORA-EPEL-2011-3139)
 Perl extension for minifying JavaScript code
--------------------------------------------------------------------------------
Update Information:

First EPEL build.
--------------------------------------------------------------------------------


================================================================================
 python-demjson-1.6-1.el6 (FEDORA-EPEL-2011-3136)
 Python JSON module and lint checker
--------------------------------------------------------------------------------
Update Information:

Update to version 1.6, with these improvements and changes:

* Bug fix: The jsonlint tool failed to accept a JSON document from standard input (stdin). Also added a --version and --copyright option support to jsonlint.
--------------------------------------------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]