[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora EPEL 6 updates-testing report



The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 207  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
  14  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13367/seamonkey-2.13.2-1.el6
   5  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13432/weechat-0.3.8-3.el6
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13477/cgit-0.9.1-1.el6
  33  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13155/cobbler-2.4.0-beta2.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13222/xlockmore-5.40-4.el6
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13442/roundup-1.4.20-1.el6
  31  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13172/ssmtp-2.61-19.el6
   1  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13088/python-django-horizon-2012.2-4.el6,openstack-utils-2012.2-6.el6,python-websockify-0.2.0-1.el6,novnc-0.4-2.el6,openstack-nova-2012.2-2.el6,openstack-cinder-2012.2-3.el6,python-django-openstack-auth-1.0.2-3.el6,python-cinderclient-0.2.26-1.el6,python-novaclient-2.9.0-1.el6,openstack-quantum-2012.2-2.el6,python-quantumclient-2.1.1-0.el6,python-prettytable-0.6.1-1.el6,openstack-glance-2012.2-3.el6,python-glanceclient-0.5.1-1.el6,openstack-keystone-2012.2-4.el6,python-keystoneclient-0.1.3.27-1.el6
  31  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13176/icecast-2.3.3-1.el6
 130  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.el6
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13478/mod_security-2.7.1-3.el6,mod_security_crs-2.2.6-3.el6
 395  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    cgit-0.9.1-1.el6
    mod_security-2.7.1-3.el6
    mod_security_crs-2.2.6-3.el6
    qemu-1.2.0-19.el6.1

Details about builds:


================================================================================
 cgit-0.9.1-1.el6 (FEDORA-EPEL-2012-13477)
 A fast web interface for git
--------------------------------------------------------------------------------
Update Information:

Update to new upsteam version with 2 security fixes, enhancements and misc other bug fixes. See http://git.zx2c4.com/cgit/commit/?id=a6a932e198e8b6b564d7a4bb43e78078d8296026 for details.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 15 2012 Kevin Fenzi <kevin scrye com> 0.9.1-1
- Update to 0.9.1
- Fixes bug #870714 - CVE-2012-4548
- Fixes bug #820733 - CVE-2012-4465
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng lists fedoraproject org> - 0.9.0.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng lists fedoraproject org> - 0.9.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #870714 - CVE-2012-4548 cgit: syntax-highlighting.sh command injection [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=870714
  [ 2 ] Bug #820733 - avoid stack-smash when processing unusual commit [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=820733
--------------------------------------------------------------------------------


================================================================================
 mod_security-2.7.1-3.el6 (FEDORA-EPEL-2012-13478)
 Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:

- Update to 2.7.1
- Update Core rules set to 2.2.6
- Fix build against libxml2 >= 2.9 (upstreamed)
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 15 2012 Athmane Madjoudj <athmane fedoraproject org> 2.7.1-3
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
  (RHBZ #867424, #867773, #867774)
* Thu Nov 15 2012 Athmane Madjoudj <athmane fedoraproject org> 2.7.1-2
- Fix mod_security.conf
* Thu Nov 15 2012 Athmane Madjoudj <athmane fedoraproject org> 2.7.1-1
- Update to 2.7.1
- Remove libxml2 build patch (upstreamed)
- Update spec since upstream moved to github
* Thu Oct 18 2012 Athmane Madjoudj <athmane fedoraproject org> 2.7.0-2
- Add a patch to fix failed build against libxml2 >= 2.9.0
* Wed Oct 17 2012 Athmane Madjoudj <athmane fedoraproject org> 2.7.0-1
- Update to 2.7.0
* Fri Sep 28 2012 Athmane Madjoudj <athmane fedoraproject org> 2.6.8-1
- Update to 2.6.8
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #867424 - CVE-2012-4528 mod_security: multipart/invalid part ruleset bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=867424
--------------------------------------------------------------------------------


================================================================================
 mod_security_crs-2.2.6-3.el6 (FEDORA-EPEL-2012-13478)
 ModSecurity Rules
--------------------------------------------------------------------------------
Update Information:

- Update to 2.7.1
- Update Core rules set to 2.2.6
- Fix build against libxml2 >= 2.9 (upstreamed)
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 17 2012 Athmane Madjoudj <athmane fedoraproject org> 2.2.6-3
- Remove the patch since we're requiring mod_security >= 2.7.0
- Require mod_security >= 2.7.0
* Mon Oct  1 2012 Athmane Madjoudj <athmane fedoraproject org> 2.2.6-2
- Add a patch to fix incompatible rules.
- Update to new git release
* Sat Sep 15 2012 Athmane Madjoudj <athmane fedoraproject org> 2.2.6-1
- Update to 2.2.6
- Update spec file since upstream moved to Github.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #867424 - CVE-2012-4528 mod_security: multipart/invalid part ruleset bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=867424
--------------------------------------------------------------------------------


================================================================================
 qemu-1.2.0-19.el6.1 (FEDORA-EPEL-2012-13479)
 QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:

This update brings QEMU, the machine emulator, to EPEL for Enterprise Linux 6.

Parts of QEMU (KVM for x86 with basic hardware emulation support, imaging utilities, guest agent in particular) and are shipped with Enterprise Linux for x86_64 architecture. EPEL packages can't conflict with or replace packages shipped with Enterprise Linux, and thus on x86_64 architecture this package supplements what's already shipped with the distribution.
--------------------------------------------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]