[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora EPEL 6 updates-testing report



The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 285  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
   8  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0174/tinymce-spellchecker-2.0.5-6.el6
   8  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0193/couchdb-1.0.4-2.el6
   8  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0194/seamonkey-2.15.1-1.el6
  62  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13610/drupal6-ctools-1.10-1.el6
 207  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.el6
 473  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0123/python-tw2-jquery-2.0.3-5.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0128/php-symfony2-Yaml-2.1.7-1.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0157/proftpd-1.3.3g-2.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0144/zabbix-1.8.16-1.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0170/asterisk-1.8.20.0-1.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0155/zabbix20-2.0.4-3.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0141/drupal7-7.19-1.el6
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0233/wordpress-3.5.1-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    drupal7-date_ical-2.3-1.el6
    gdb-heap-0.5-9.1.el6
    guacd-0.7.0-3.el6
    jglobus-2.0.5-0.1.rc2.el6
    librcc-0.2.10-2.el6
    ovirt-engine-sdk-3.2.0.8-1.el6
    php-horde-Horde-Cli-2.0.3-1.el6
    php-horde-Horde-Date-2.0.3-1.el6
    php-horde-Horde-Support-2.0.3-1.el6
    php-horde-Horde-Url-2.1.0-1.el6
    vtk-5.8.0-6.el6.1
    wordpress-3.5.1-1.el6

Details about builds:


================================================================================
 drupal7-date_ical-2.3-1.el6 (FEDORA-EPEL-2013-0228)
 Allows creation of an iCal feed in Views
--------------------------------------------------------------------------------
Update Information:

Update to upstream 2.3 release
Update to upstream 2.2 release
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #904736 - drupal7-date_ical-2.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=904736
  [ 2 ] Bug #903583 - drupal7-date_ical-2.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=903583
--------------------------------------------------------------------------------


================================================================================
 gdb-heap-0.5-9.1.el6 (FEDORA-EPEL-2012-6797)
 Extensions to gdb for debugging dynamic memory allocation
--------------------------------------------------------------------------------
Update Information:

gdb-heap built for EPEL 6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #828169 - [RFE:EPEL] Request to add gdb-heap to EPEL
        https://bugzilla.redhat.com/show_bug.cgi?id=828169
--------------------------------------------------------------------------------


================================================================================
 guacd-0.7.0-3.el6 (FEDORA-EPEL-2013-0235)
 Proxy daemon for Guacamole
--------------------------------------------------------------------------------
Update Information:

Enable guacd user/group for daemon
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Simone Caronni <negativo17 gmail com> - 0.7.0-3
- User creations is for all supported distributions.
* Wed Jan 30 2013 Simone Caronni <negativo17 gmail com> - 0.7.0-2
- Updated init script according to Fedora template.
  https://fedoraproject.org/wiki/Packaging:SysVInitScript?rd=Packaging/SysVInitScript
- Run daemon as guacd user/group.
- Make sure $HOME is set before starting the daemon or the child crashes.
--------------------------------------------------------------------------------


================================================================================
 jglobus-2.0.5-0.1.rc2.el6 (FEDORA-EPEL-2013-0231)
 Globus Java client libraries
--------------------------------------------------------------------------------
Update Information:

JGlobus version 2.0.5 release candidate 2.

New packages jglobus-myproxy and jglobus-axisg

--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 29 2013 Mattias Ellert <mattias ellert fysast uu se> - 2.0.5-0.1.rc2
- 2.0.5 release candidate 2
- New jglobus-myproxy package
- New jglobus-axisg package
--------------------------------------------------------------------------------


================================================================================
 librcc-0.2.10-2.el6 (FEDORA-EPEL-2013-0234)
 RusXMMS Charset Conversion Library
--------------------------------------------------------------------------------
Update Information:

new version upstream
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Ivan Romanov <drizt land ru> - 0.2.10-2
- el6 hasn't gtk3
* Wed Jan 30 2013 Ivan Romanov <drizt land ru> - 0.2.10-1
- updated to 0.2.10
- dropped patches (applied by upstream)
- new -gkt+ and -gtk3 subpackage
--------------------------------------------------------------------------------


================================================================================
 ovirt-engine-sdk-3.2.0.8-1.el6 (FEDORA-EPEL-2013-0230)
 oVirt Engine Software Development Kit
--------------------------------------------------------------------------------
Update Information:

Update to upstream 3.2.0.8
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Juan Hernandez <juan hernandez redhat com> - 3.2.0.8-1
- Update to upstream 3.2.0.8
- Fix for #905359
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Cli-2.0.3-1.el6 (FEDORA-EPEL-2013-0238)
 Horde Command Line Interface API
--------------------------------------------------------------------------------
Update Information:

Horde_CLI 2.0.3:
* [jan] Update French translation (Paul De Vlieger).

Horde_Date 2.0.3: 
* [jan] Update French translation (Paul De Vlieger).
* [jan] Fix error: DateTime::__construct(): Failed to parse time string (-001-11-01).
* [jan] Catch DateTime exception in Horde_Date_Utils:daysInMonth() (Bug #11916).

Horde_Support 2.0.3:
* [mms] Fix detection of sys_getloadavg() on Windows (Bug #11972).

Horde_Url 2.1.0:
* [mms] Add Horde_Url_Data class.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Remi Collet <remi fedoraproject org> - 2.0.3-1
- Update to 2.0.3
- fix files listed twice
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Date-2.0.3-1.el6 (FEDORA-EPEL-2013-0238)
 Horde Date package
--------------------------------------------------------------------------------
Update Information:

Horde_CLI 2.0.3:
* [jan] Update French translation (Paul De Vlieger).

Horde_Date 2.0.3: 
* [jan] Update French translation (Paul De Vlieger).
* [jan] Fix error: DateTime::__construct(): Failed to parse time string (-001-11-01).
* [jan] Catch DateTime exception in Horde_Date_Utils:daysInMonth() (Bug #11916).

Horde_Support 2.0.3:
* [mms] Fix detection of sys_getloadavg() on Windows (Bug #11972).

Horde_Url 2.1.0:
* [mms] Add Horde_Url_Data class.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Remi Collet <remi fedoraproject org> - 2.0.3-1
- Update to 2.0.3
- add option to run tests
- install only locales from upstream list
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Support-2.0.3-1.el6 (FEDORA-EPEL-2013-0238)
 Horde support package
--------------------------------------------------------------------------------
Update Information:

Horde_CLI 2.0.3:
* [jan] Update French translation (Paul De Vlieger).

Horde_Date 2.0.3: 
* [jan] Update French translation (Paul De Vlieger).
* [jan] Fix error: DateTime::__construct(): Failed to parse time string (-001-11-01).
* [jan] Catch DateTime exception in Horde_Date_Utils:daysInMonth() (Bug #11916).

Horde_Support 2.0.3:
* [mms] Fix detection of sys_getloadavg() on Windows (Bug #11972).

Horde_Url 2.1.0:
* [mms] Add Horde_Url_Data class.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Remi Collet <remi fedoraproject org> - 2.0.3-1
- Update to 2.0.3
- add option to run tests
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Url-2.1.0-1.el6 (FEDORA-EPEL-2013-0238)
 Horde Url class
--------------------------------------------------------------------------------
Update Information:

Horde_CLI 2.0.3:
* [jan] Update French translation (Paul De Vlieger).

Horde_Date 2.0.3: 
* [jan] Update French translation (Paul De Vlieger).
* [jan] Fix error: DateTime::__construct(): Failed to parse time string (-001-11-01).
* [jan] Catch DateTime exception in Horde_Date_Utils:daysInMonth() (Bug #11916).

Horde_Support 2.0.3:
* [mms] Fix detection of sys_getloadavg() on Windows (Bug #11972).

Horde_Url 2.1.0:
* [mms] Add Horde_Url_Data class.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Remi Collet <remi fedoraproject org> - 2.1.0-1
- Update to 2.1.0
- add option to run tests
--------------------------------------------------------------------------------


================================================================================
 vtk-5.8.0-6.el6.1 (FEDORA-EPEL-2013-0232)
 The Visualization Toolkit - A high level 3D visualization library
--------------------------------------------------------------------------------
Update Information:

Make vtk not require vtk-devel
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 29 2013 Orion Poplawski <orion cora nwra com> - 5.8.0-6.1
- Add patch to add soname to libvtkNetCDF_cxx
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #905399 - vtk pulls in vtk-devel as a dependency
        https://bugzilla.redhat.com/show_bug.cgi?id=905399
--------------------------------------------------------------------------------


================================================================================
 wordpress-3.5.1-1.el6 (FEDORA-EPEL-2013-0233)
 Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include:

* Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or user APIs.

WordPress 3.5.1 also addresses the following security issues:

* A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
* Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
* A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Remi Collet <rcollet redhat com> - 3.5.1-1
- version 3.5.1, various bug and security fixes:
  CVE-2013-0235, CVE-2013-0236 and CVE-2013-0237
- drop -f option from rm to break build if
  upstream archive content change
- protect akismet content (from upstream .htaccess)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #904120 - CVE-2013-0235 wordpress: Server-side request forgery and remote port scanning using pingbacks
        https://bugzilla.redhat.com/show_bug.cgi?id=904120
  [ 2 ] Bug #904121 - wordpress: XSS flaws via shortcodes and HTTP POST content
        https://bugzilla.redhat.com/show_bug.cgi?id=904121
  [ 3 ] Bug #904122 - wordpress: XSS in the external Plupload library
        https://bugzilla.redhat.com/show_bug.cgi?id=904122
--------------------------------------------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]