Fedora EPEL 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Apr 22 17:54:18 UTC 2011
The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.el6
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6
https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6
https://admin.fedoraproject.org/updates/libmodplug-0.8.8.2-1.el6
https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el6
https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.el6
https://admin.fedoraproject.org/updates/tmux-1.4-3.el6
https://admin.fedoraproject.org/updates/asterisk-1.8.3.3-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ack-1.94-1.el6
asterisk-1.8.3.3-1.el6
lua-wsapi-1.3.4-4.el6
perl-JavaScript-Minifier-1.05-6.el6
python-demjson-1.6-1.el6
Details about builds:
================================================================================
ack-1.94-1.el6 (FEDORA-EPEL-2011-3137)
Grep-like text finder
--------------------------------------------------------------------------------
Update Information:
Update to 1.94
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 <ianburrell at gmail.com> - 1.94-1
- Update to 1.94
--------------------------------------------------------------------------------
================================================================================
asterisk-1.8.3.3-1.el6 (FEDORA-EPEL-2011-3141)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:
* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)
The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
Security advisory AST-2011-005 and AST-2011-006 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.3.3-1
- The Asterisk Development Team has announced security releases for Asterisk
- branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
- released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
- issues:
-
- * File Descriptor Resource Exhaustion (AST-2011-005)
- * Asterisk Manager User Shell Access (AST-2011-006)
-
- The issues and resolutions are described in the AST-2011-005 and AST-2011-006
- security advisories.
-
- For more information about the details of these vulnerabilities, please read the
- security advisories AST-2011-005 and AST-2011-006, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
-
- Security advisory AST-2011-005 and AST-2011-006 are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
* Wed Mar 23 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.3.2-2
- Bump release and rebuild for mysql 5.5.10 soname change.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #698916 - CVE-2011-1507 Asterisk: file descriptor resource exhaustion (AST-2011-005)
https://bugzilla.redhat.com/show_bug.cgi?id=698916
[ 2 ] Bug #698917 - CVE-2011-1599 Asterisk: Shell command execution via manager Originate action (AST-2011-006)
https://bugzilla.redhat.com/show_bug.cgi?id=698917
--------------------------------------------------------------------------------
================================================================================
lua-wsapi-1.3.4-4.el6 (FEDORA-EPEL-2011-3138)
Lua Web Server API
--------------------------------------------------------------------------------
Update Information:
Require lua-coxpcall, fixes #666090
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Tim Niemueller <tim at niemueller.de> - 1.3.4-4
- Require lua-coxpcall, fixes #666090
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #666090 - broken lua-wsapi package
https://bugzilla.redhat.com/show_bug.cgi?id=666090
--------------------------------------------------------------------------------
================================================================================
perl-JavaScript-Minifier-1.05-6.el6 (FEDORA-EPEL-2011-3139)
Perl extension for minifying JavaScript code
--------------------------------------------------------------------------------
Update Information:
First EPEL build.
--------------------------------------------------------------------------------
================================================================================
python-demjson-1.6-1.el6 (FEDORA-EPEL-2011-3136)
Python JSON module and lint checker
--------------------------------------------------------------------------------
Update Information:
Update to version 1.6, with these improvements and changes:
* Bug fix: The jsonlint tool failed to accept a JSON document from standard input (stdin). Also added a --version and --copyright option support to jsonlint.
--------------------------------------------------------------------------------
More information about the epel-devel-list
mailing list