[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora EPEL 6 updates-testing report



The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/xml-security-c-1.6.0-2.el6
    https://admin.fedoraproject.org/updates/bugzilla-3.4.11-1.el6
    https://admin.fedoraproject.org/updates/rt3-3.8.10-2.el6.1
    https://admin.fedoraproject.org/updates/cgit-0.9.0.2-2.el6
    https://admin.fedoraproject.org/updates/glpi-0.78.5-2.svn14966.el6
    https://admin.fedoraproject.org/updates/squirrelmail-1.4.22-2.el6
    https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.3.2-1.el6
    https://admin.fedoraproject.org/updates/ejabberd-2.1.8-2.el6
    https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    asterisk-1.8.5.0-1.el6.2
    bluefish-2.0.3-4.el6
    django-authopenid-1.0.1-1.el6
    django-kombu-0.9.2-1.el6
    glpi-0.78.5-2.svn14966.el6
    grace-5.1.22-7.el6
    nordugrid-arc-1.0.1-1.el6.1
    nordugrid-arc-doc-1.0.2-1.el6
    phpMyAdmin-3.4.3.2-1.el6
    spectrum-1.4.8-2.el6
    zeroinstall-injector-1.2-1.el6

Details about builds:


================================================================================
 asterisk-1.8.5.0-1.el6.2 (FEDORA-EPEL-2011-3906)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

The Asterisk Development Team announces the release of Asterisk 1.8.5.0. This
release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 1.8.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* Fix Deadlock with attended transfer of SIP call
 (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
 cmaj)

* Fixes thread blocking issue in the sip TCP/TLS implementation.
 (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
 rossbeer, kowalma, Freddi_Fonet)

* Be more tolerant of what URI we accept for call completion PUBLISH requests.
 (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)

* Fix a nasty chanspy bug which was causing a channel leak every time a spied on
 channel made a call.
 (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)

* This patch fixes a bug with MeetMe behavior where the 'P' option for always
 prompting for a pin is ignored for the first caller.
 (Closes issue #18070. Reported by mav3rick. Patched by bbryant)

* Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
 the call that the dialplan started an AGI script for is hungup while the AGI
 script is in the middle of a command then the AGI script is not notified of
 the hangup.
 (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)

* Resolve issue where leaving a voicemail, the MWI message is never sent. The
 same thing happens when checking a voicemail and marking it as read.
 (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
 Mudgett)

* Resolve issue where wait for leader with Music On Hold allows crosstalk
 between participants. Parenthesis in the wrong position. Regression from issue
 #14365 when expanding conference flags to use 64 bits.
 (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0

--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 21 2011 Petr Sabata <contyk redhat com> - 1.8.5.0-1.2
- Perl mass rebuild
* Wed Jul 20 2011 Petr Sabata <contyk redhat com> - 1.8.5.0-1.1
- Perl mass rebuild
* Mon Jul 11 2011 Jeffrey C. Ollie <jeff ocjtech us> - 1.8.5.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.5.0. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix Deadlock with attended transfer of SIP call
-  (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
-  cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
-  (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
-  rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requests.
-  (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a spied on
-  channel made a call.
-  (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option for always
-  prompting for a pin is ignored for the first caller.
-  (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
-  the call that the dialplan started an AGI script for is hungup while the AGI
-  script is in the middle of a command then the AGI script is not notified of
-  the hangup.
-  (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent. The
-  same thing happens when checking a voicemail and marking it as read.
-  (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
-  Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
-  between participants. Parenthesis in the wrong position. Regression from issue
-  #14365 when expanding conference flags to use 64 bits.
-  (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0
* Thu Jul  7 2011 Jeffrey C. Ollie <jeff ocjtech us> - 1.8.5-0.2
- Rebuild for net-snmp 5.7
--------------------------------------------------------------------------------


================================================================================
 bluefish-2.0.3-4.el6 (FEDORA-EPEL-2011-3918)
 GTK2 web development application for experienced users
--------------------------------------------------------------------------------
Update Information:

This update includes an upstream fix for a crash originally caused by opening lots of files and then closing them quickly with
Ctrl-W.

https://bugzilla.gnome.org/show_bug.cgi?id=654838
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 22 2011 Paul Howarth <paul city-fan org> - 2.0.3-4
- Fix crash in _gtk_text_btree_get_chars_changed_stamp
  (Gnome bug 654838, #720990)
- Nobody else likes macros for commands
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #720990 - [abrt] bluefish-2.0.3-3.fc14: Process /usr/bin/bluefish was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=720990
--------------------------------------------------------------------------------


================================================================================
 django-authopenid-1.0.1-1.el6 (FEDORA-EPEL-2011-3909)
 Django application to integrate Django authentication system with OpenID
--------------------------------------------------------------------------------
Update Information:

A new package for EL6 of django-authopenid
--------------------------------------------------------------------------------


================================================================================
 django-kombu-0.9.2-1.el6 (FEDORA-EPEL-2011-3915)
 Kombu transport using the Django database as a message store
--------------------------------------------------------------------------------
Update Information:

Kombu transport using the Django database as a message store
--------------------------------------------------------------------------------


================================================================================
 glpi-0.78.5-2.svn14966.el6 (FEDORA-EPEL-2011-3920)
 Free IT asset management software
--------------------------------------------------------------------------------
Update Information:

This update fixes a database information disclosure vulnerability in GLPI (Advisory not yet published).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 22 2011 Remi Collet <Fedora FamilleCollet com> - 0.78.5-2.svn14966
- bug and security fix from SVN.
--------------------------------------------------------------------------------


================================================================================
 grace-5.1.22-7.el6 (FEDORA-EPEL-2011-3905)
 Numerical Data Processing and Visualization Tool
--------------------------------------------------------------------------------
Update Information:

First build for EPEL 6.
--------------------------------------------------------------------------------


================================================================================
 nordugrid-arc-1.0.1-1.el6.1 (FEDORA-EPEL-2011-3919)
 Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:

The Advanced Resource Connector (ARC) Grid Middleware developed by the NorduGrid collaboration.

ARC brings computing resources together across institutional boundaries. This concept is commonly referred to as a "computational grid". Historically, grids address the organization of distributed storage of data and parallel computation, but arbitrary services are thinkable.

This is the first release of ARC in Fedora and EPEL.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #530684 - Review Request: nordugrid-arc - Advanced Resource Connector Grid Middleware
        https://bugzilla.redhat.com/show_bug.cgi?id=530684
  [ 2 ] Bug #704835 - Review Request: nordugrid-arc-doc - Advanced Resource Connector Documentation
        https://bugzilla.redhat.com/show_bug.cgi?id=704835
--------------------------------------------------------------------------------


================================================================================
 nordugrid-arc-doc-1.0.2-1.el6 (FEDORA-EPEL-2011-3919)
 Advanced Resource Connector Documentation
--------------------------------------------------------------------------------
Update Information:

The Advanced Resource Connector (ARC) Grid Middleware developed by the NorduGrid collaboration.

ARC brings computing resources together across institutional boundaries. This concept is commonly referred to as a "computational grid". Historically, grids address the organization of distributed storage of data and parallel computation, but arbitrary services are thinkable.

This is the first release of ARC in Fedora and EPEL.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #530684 - Review Request: nordugrid-arc - Advanced Resource Connector Grid Middleware
        https://bugzilla.redhat.com/show_bug.cgi?id=530684
  [ 2 ] Bug #704835 - Review Request: nordugrid-arc-doc - Advanced Resource Connector Documentation
        https://bugzilla.redhat.com/show_bug.cgi?id=704835
--------------------------------------------------------------------------------


================================================================================
 phpMyAdmin-3.4.3.2-1.el6 (FEDORA-EPEL-2011-3910)
 Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:

Changes for 3.4.3.2 (2011-07-23)

 * [PMASA-2011-9] XSS in table Print view (http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php)
 * [PMASA-2011-10] Local file inclusion via a crafted MIME-type transformation parameter (http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php)
 * [PMASA-2011-11] Local file inclusion vulnerability and code execution (http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php)
 * [PMASA-2011-12] Possible superglobal and local variables manipulation in swekey authentication (http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 25 2011 Robert Scheck <robert fedoraproject org> 3.4.3.2-1
- Upgrade to 3.4.3.2 (#725377, #725381, #725382, #725383, #725384)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #725381 - CVE-2011-2642 phpMyAdmin: v3.3.10.3, v3.4.3.2: XSS in table Print view (PMASA-2011-9)
        https://bugzilla.redhat.com/show_bug.cgi?id=725381
  [ 2 ] Bug #725382 - CVE-2011-2643 phpMyAdmin: v3.3.10.3, v3.4.3.2: Local file inclusion via a crafted MIME-type transformation parameter (PMASA-2011-10)
        https://bugzilla.redhat.com/show_bug.cgi?id=725382
  [ 3 ] Bug #725383 - PMASA-2011-11 phpMyAdmin: v3.3.10.3, v3.4.3.2: Local file inclusion and code execution in 'relational schema' code (PMASA-2011-11)
        https://bugzilla.redhat.com/show_bug.cgi?id=725383
  [ 4 ] Bug #725384 - PMASA-2011-12 phpMyAdmin: v3.3.10.3, v3.4.3.2: Possible session manipulation in Swekey extention authentication (PMASA-2011-12)
        https://bugzilla.redhat.com/show_bug.cgi?id=725384
--------------------------------------------------------------------------------


================================================================================
 spectrum-1.4.8-2.el6 (FEDORA-EPEL-2011-3917)
 XMPP transport/gateway
--------------------------------------------------------------------------------
Update Information:

Build against new libev.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 24 2011 Matěj Cepl <mcepl redhat com> - 1.4.8-2
- Rebuilt for new libev version.
--------------------------------------------------------------------------------


================================================================================
 zeroinstall-injector-1.2-1.el6 (FEDORA-EPEL-2011-3913)
 The Zero Install Injector (0launch)
--------------------------------------------------------------------------------
Update Information:

0install 1.1: http://article.gmane.org/gmane.comp.file-systems.zero-install.devel/4331

- support for optional dependencies
- '0install digest' command
- environment variable separator now configurable

0install 1.2: http://article.gmane.org/gmane.comp.file-systems.zero-install.devel/4387

- added <executable-in-path> and <executable-in-var> bindings
- In selections, store <command> elements inside <selection> elements
- Display a deprecation warning if Selections(Policy) is used.
- 0alias now generates new-style launchers, and can parse both formats
- Batch up queries to PackageKit
- Fixed GUI performance problem with large number of feeds
- Write separator attribute for <environment> tag when serializing model

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 25 2011 Michel Salim <salimma fedoraproject org> - 1.2-1
- Update to 1.2
* Sat Jul  2 2011 Michel Salim <salimma fedoraproject org> - 1.1-2
- Further launcher script clean-up
* Wed Jun 29 2011 Michel Salim <salimma fedoraproject org> - 1.1-1
- Update to 1.1
- Remove --versions option, obsoleted in favor of '0alias launcher'
* Wed Jun 22 2011 Michel Salim <salimma fedoraproject org> - 1.0-3
- Fix --versions handling of 0alias-generated launchers
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #725155 - zeroinstall-injector-1.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=725155
--------------------------------------------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]