[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora EPEL 6 updates-testing report



The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/clamav-0.97-9.el6
    https://admin.fedoraproject.org/updates/cgit-0.9-1.el6
    https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6
    https://admin.fedoraproject.org/updates/pywebdav-0.9.4.1-1.el6
    https://admin.fedoraproject.org/updates/asterisk-1.8.3-1.el6
    https://admin.fedoraproject.org/updates/perl-Mail-Box-2.097-1.el6
    https://admin.fedoraproject.org/updates/pure-ftpd-1.0.30-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    clamav-0.97-9.el6
    flies-python-client-0.8.1-1.el6
    grib_api-1.9.8-2.el6
    nsd-3.2.7-5.el6
    perl-VOMS-Lite-0.11-1.el6
    pure-ftpd-1.0.30-1.el6
    znc-0.098-0.3.rc1.el6

Details about builds:


================================================================================
 clamav-0.97-9.el6 (FEDORA-EPEL-2011-2805)
 Anti-virus software
--------------------------------------------------------------------------------
Update Information:

https://www.redhat.com/archives/epel-devel-list/2011-March/msg00075.html



--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 15 2011 Jan-Frode Myklebust <janfrode tanso net> - 0.97-7
- rpm-provide all old package names that are now obsoleted
* Mon Mar 14 2011 Jan-Frode Myklebust <janfrode tanso net> - 0.97-6
- clam-db obsoletes old clamav-data-empty.
* Sun Mar 13 2011 Jan-Frode Myklebust <janfrode tanso net> - 0.97-4
- Add back clamd-wrapper to stay compatible with users
  of old packaging (amavisd-new).
* Wed Feb 23 2011 Nick Bebout <nb fedoraproject org> - 0.097-3
- Move db to /var/lib/clamav
- Ship empty directory /etc/clamd.d for amavisd-new
* Thu Feb 17 2011 Kevin Fenzi <kevin tummy com> - 0.97-2
- Disable llvm.
* Tue Feb  8 2011 Kevin Fenzi <kevin tummy com> - 0.97-1
- Update to 0.97
- Fix up for current guidelines.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #579370 - Update to newest version 0.96
        https://bugzilla.redhat.com/show_bug.cgi?id=579370
  [ 2 ] Bug #679793 - CVE-2011-1003 clamav: Double free error by reading VBA project strings [epel-4]
        https://bugzilla.redhat.com/show_bug.cgi?id=679793
  [ 3 ] Bug #538425 - Wrong milter.conf file template in clamav-milter
        https://bugzilla.redhat.com/show_bug.cgi?id=538425
  [ 4 ] Bug #580676 - CVE-2010-0098 CVE-2010-1311 Multiple clamav vulnerabilities [Fedora all]
        https://bugzilla.redhat.com/show_bug.cgi?id=580676
  [ 5 ] Bug #667203 - CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s) [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=667203
  [ 6 ] Bug #655636 - clamav-scanner, clamav-scanner-sysvinit in EPEL
        https://bugzilla.redhat.com/show_bug.cgi?id=655636
  [ 7 ] Bug #495502 - 0.95.1 is busted
        https://bugzilla.redhat.com/show_bug.cgi?id=495502
  [ 8 ] Bug #679794 - CVE-2011-1003 clamav: Double free error by reading VBA project strings [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=679794
--------------------------------------------------------------------------------


================================================================================
 flies-python-client-0.8.1-1.el6 (FEDORA-EPEL-2011-2799)
 Python Client for Flies Server
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 10 2011 James Ni <jni redhat com> - 0.8.1
- Fix bugs(issue 272, issue 274) of retrieve the translation
* Mon Mar  7 2011 James Ni <jni redhat com> - 0.8.0
- Stable release
* Wed Feb 23 2011 James Ni <jni redhat com> - 0.7.6-1
- Rename the command line option, add a Logger class for better output, set copytrans default value to true, make the
  extensions to a list of gettext and comment.
* Tue Feb 22 2011 James Ni <jni redhat com> - 0.7.4-1
- Fix issue 245:stop processing when type 'n', Add version service, rename the command line option and help info, add
  InternalServerError
* Mon Feb 21 2011 James Ni <jni redhat com> - 0.7.3-1
- Fix issue 244, issue 245, issue 247 and issue 30, add command list for 'flies publican', rewrite the README
* Fri Feb 18 2011 James Ni <jni redhat com> - 0.7.2-1
- Rename the gettextutil to publicanutil, Remove the translator from textFlowTarget, Add more help info
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng lists fedoraproject org> - 0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 24 2011 James Ni <jni redhat com> - 0.7.1-1
- Fix typo and make help more user-friendly
* Mon Jan 24 2011 James Ni <jni redhat com> - 0.7.0-1
- Add copyTrans option to client
* Tue Jan  4 2011 James Ni <jni redhat com> - 0.6.1-1
- Add exception handler for empty extensions
--------------------------------------------------------------------------------


================================================================================
 grib_api-1.9.8-2.el6 (FEDORA-EPEL-2011-2796)
 WMO FM-92 GRIB (v1,v2) interface accessible from C and FORTRAN programs
--------------------------------------------------------------------------------
Update Information:



--------------------------------------------------------------------------------


================================================================================
 nsd-3.2.7-5.el6 (FEDORA-EPEL-2011-2797)
 Fast and lean authoritative DNS Name Server
--------------------------------------------------------------------------------
Update Information:

Upgraded to 3.2.7. fix use of NSD_AUTOREBUILD for cron. Add %ghost for /var/run/nsd, fix initscript to properly display ok/failed.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  9 2011 Paul Wouters <paul xelerance com> - 3.2.7-5
- Updated to 3.2.7
- Fix for nsd.init to report OK/FAILED properly (bz#525107)
- Use ghost directive for /var/run/nsd (bz#656642)
- Removed obsolete --enable-nsid
- Remove bogus chowns for /var/*/nsdhm
- Fix misnamed variable NSD_AUTORELOAD which should be NSD_AUTOREBUILD
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #656642 - Please Update Spec File to use %ghost on files in /var/run and /var/lock
        https://bugzilla.redhat.com/show_bug.cgi?id=656642
  [ 2 ] Bug #535107 - need to use the new auto-group icon
        https://bugzilla.redhat.com/show_bug.cgi?id=535107
--------------------------------------------------------------------------------


================================================================================
 perl-VOMS-Lite-0.11-1.el6 (FEDORA-EPEL-2011-2803)
 Perl extension for VOMS Attribute certificate creation
--------------------------------------------------------------------------------
Update Information:

VOMS (virtual organisation membership service) is a system for managing grid level authorization data within multi-institutional collaborations via membership and roles within that membership.

VOMS::Lite provides a perl library and client tools for interacting with an existing voms service including the well known C impementation of voms.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #565949 - Review Request: perl-VOMS-Lite - Perl extension for VOMS Attribute certificate creation
        https://bugzilla.redhat.com/show_bug.cgi?id=565949
--------------------------------------------------------------------------------


================================================================================
 pure-ftpd-1.0.30-1.el6 (FEDORA-EPEL-2011-2804)
 Lightweight, fast and secure FTP server
--------------------------------------------------------------------------------
Update Information:

Wietse Venema and Victor Duchovni discovered and reported an issue that could lead to a potential information disclosure.

An unencrypted FTP command immediately following STARTTLS request would get buffered and processed prior to SSL/TLS handshake, resulting in potential authentication bypass in case a client certificate authentication was configured to provide user identity.

A report of similar issue that was originally discovered in Postfix MTA contains further technical details and discusses possible impact: http://www.postfix.org/CVE-2011-0411.html

Users of pure-ftpd are advised to install this updated package which contains a fix for the issue.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 14 2011 Michal Ingeli <mi v3 sk> - 1.0.30-1
- version 1.0.30
- security bug fix #683221 by upstream
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #683221 - pure-ftpd: command injection during plaintext to TLS session switch
        https://bugzilla.redhat.com/show_bug.cgi?id=683221
--------------------------------------------------------------------------------


================================================================================
 znc-0.098-0.3.rc1.el6 (FEDORA-EPEL-2011-2808)
 An advanced IRC bouncer
--------------------------------------------------------------------------------
Update Information:

Upgrade to 0.098-rc1
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 12 2011 Nick Bebout <nb fedoraproject org> - 0.098-0.3.rc1
- Update to znc-0.098-rc1
* Wed Mar  2 2011 Nick Bebout <nb fedoraproject org> - 0.098-0.2.beta
- Update to znc-0.098-beta
--------------------------------------------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]