Fedora EPEL 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Mar 15 18:25:50 UTC 2011
The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/clamav-0.97-9.el6
https://admin.fedoraproject.org/updates/cgit-0.9-1.el6
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6
https://admin.fedoraproject.org/updates/pywebdav-0.9.4.1-1.el6
https://admin.fedoraproject.org/updates/asterisk-1.8.3-1.el6
https://admin.fedoraproject.org/updates/perl-Mail-Box-2.097-1.el6
https://admin.fedoraproject.org/updates/pure-ftpd-1.0.30-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
clamav-0.97-9.el6
flies-python-client-0.8.1-1.el6
grib_api-1.9.8-2.el6
nsd-3.2.7-5.el6
perl-VOMS-Lite-0.11-1.el6
pure-ftpd-1.0.30-1.el6
znc-0.098-0.3.rc1.el6
Details about builds:
================================================================================
clamav-0.97-9.el6 (FEDORA-EPEL-2011-2805)
Anti-virus software
--------------------------------------------------------------------------------
Update Information:
https://www.redhat.com/archives/epel-devel-list/2011-March/msg00075.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 15 2011 Jan-Frode Myklebust <janfrode at tanso.net> - 0.97-7
- rpm-provide all old package names that are now obsoleted
* Mon Mar 14 2011 Jan-Frode Myklebust <janfrode at tanso.net> - 0.97-6
- clam-db obsoletes old clamav-data-empty.
* Sun Mar 13 2011 Jan-Frode Myklebust <janfrode at tanso.net> - 0.97-4
- Add back clamd-wrapper to stay compatible with users
of old packaging (amavisd-new).
* Wed Feb 23 2011 Nick Bebout <nb at fedoraproject.org> - 0.097-3
- Move db to /var/lib/clamav
- Ship empty directory /etc/clamd.d for amavisd-new
* Thu Feb 17 2011 Kevin Fenzi <kevin at tummy.com> - 0.97-2
- Disable llvm.
* Tue Feb 8 2011 Kevin Fenzi <kevin at tummy.com> - 0.97-1
- Update to 0.97
- Fix up for current guidelines.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #579370 - Update to newest version 0.96
https://bugzilla.redhat.com/show_bug.cgi?id=579370
[ 2 ] Bug #679793 - CVE-2011-1003 clamav: Double free error by reading VBA project strings [epel-4]
https://bugzilla.redhat.com/show_bug.cgi?id=679793
[ 3 ] Bug #538425 - Wrong milter.conf file template in clamav-milter
https://bugzilla.redhat.com/show_bug.cgi?id=538425
[ 4 ] Bug #580676 - CVE-2010-0098 CVE-2010-1311 Multiple clamav vulnerabilities [Fedora all]
https://bugzilla.redhat.com/show_bug.cgi?id=580676
[ 5 ] Bug #667203 - CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=667203
[ 6 ] Bug #655636 - clamav-scanner, clamav-scanner-sysvinit in EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=655636
[ 7 ] Bug #495502 - 0.95.1 is busted
https://bugzilla.redhat.com/show_bug.cgi?id=495502
[ 8 ] Bug #679794 - CVE-2011-1003 clamav: Double free error by reading VBA project strings [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=679794
--------------------------------------------------------------------------------
================================================================================
flies-python-client-0.8.1-1.el6 (FEDORA-EPEL-2011-2799)
Python Client for Flies Server
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 10 2011 James Ni <jni at redhat.com> - 0.8.1
- Fix bugs(issue 272, issue 274) of retrieve the translation
* Mon Mar 7 2011 James Ni <jni at redhat.com> - 0.8.0
- Stable release
* Wed Feb 23 2011 James Ni <jni at redhat.com> - 0.7.6-1
- Rename the command line option, add a Logger class for better output, set copytrans default value to true, make the
extensions to a list of gettext and comment.
* Tue Feb 22 2011 James Ni <jni at redhat.com> - 0.7.4-1
- Fix issue 245:stop processing when type 'n', Add version service, rename the command line option and help info, add
InternalServerError
* Mon Feb 21 2011 James Ni <jni at redhat.com> - 0.7.3-1
- Fix issue 244, issue 245, issue 247 and issue 30, add command list for 'flies publican', rewrite the README
* Fri Feb 18 2011 James Ni <jni at redhat.com> - 0.7.2-1
- Rename the gettextutil to publicanutil, Remove the translator from textFlowTarget, Add more help info
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 24 2011 James Ni <jni at redhat.com> - 0.7.1-1
- Fix typo and make help more user-friendly
* Mon Jan 24 2011 James Ni <jni at redhat.com> - 0.7.0-1
- Add copyTrans option to client
* Tue Jan 4 2011 James Ni <jni at redhat.com> - 0.6.1-1
- Add exception handler for empty extensions
--------------------------------------------------------------------------------
================================================================================
grib_api-1.9.8-2.el6 (FEDORA-EPEL-2011-2796)
WMO FM-92 GRIB (v1,v2) interface accessible from C and FORTRAN programs
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
================================================================================
nsd-3.2.7-5.el6 (FEDORA-EPEL-2011-2797)
Fast and lean authoritative DNS Name Server
--------------------------------------------------------------------------------
Update Information:
Upgraded to 3.2.7. fix use of NSD_AUTOREBUILD for cron. Add %ghost for /var/run/nsd, fix initscript to properly display ok/failed.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 9 2011 Paul Wouters <paul at xelerance.com> - 3.2.7-5
- Updated to 3.2.7
- Fix for nsd.init to report OK/FAILED properly (bz#525107)
- Use ghost directive for /var/run/nsd (bz#656642)
- Removed obsolete --enable-nsid
- Remove bogus chowns for /var/*/nsdhm
- Fix misnamed variable NSD_AUTORELOAD which should be NSD_AUTOREBUILD
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #656642 - Please Update Spec File to use %ghost on files in /var/run and /var/lock
https://bugzilla.redhat.com/show_bug.cgi?id=656642
[ 2 ] Bug #535107 - need to use the new auto-group icon
https://bugzilla.redhat.com/show_bug.cgi?id=535107
--------------------------------------------------------------------------------
================================================================================
perl-VOMS-Lite-0.11-1.el6 (FEDORA-EPEL-2011-2803)
Perl extension for VOMS Attribute certificate creation
--------------------------------------------------------------------------------
Update Information:
VOMS (virtual organisation membership service) is a system for managing grid level authorization data within multi-institutional collaborations via membership and roles within that membership.
VOMS::Lite provides a perl library and client tools for interacting with an existing voms service including the well known C impementation of voms.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #565949 - Review Request: perl-VOMS-Lite - Perl extension for VOMS Attribute certificate creation
https://bugzilla.redhat.com/show_bug.cgi?id=565949
--------------------------------------------------------------------------------
================================================================================
pure-ftpd-1.0.30-1.el6 (FEDORA-EPEL-2011-2804)
Lightweight, fast and secure FTP server
--------------------------------------------------------------------------------
Update Information:
Wietse Venema and Victor Duchovni discovered and reported an issue that could lead to a potential information disclosure.
An unencrypted FTP command immediately following STARTTLS request would get buffered and processed prior to SSL/TLS handshake, resulting in potential authentication bypass in case a client certificate authentication was configured to provide user identity.
A report of similar issue that was originally discovered in Postfix MTA contains further technical details and discusses possible impact: http://www.postfix.org/CVE-2011-0411.html
Users of pure-ftpd are advised to install this updated package which contains a fix for the issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 14 2011 Michal Ingeli <mi at v3.sk> - 1.0.30-1
- version 1.0.30
- security bug fix #683221 by upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #683221 - pure-ftpd: command injection during plaintext to TLS session switch
https://bugzilla.redhat.com/show_bug.cgi?id=683221
--------------------------------------------------------------------------------
================================================================================
znc-0.098-0.3.rc1.el6 (FEDORA-EPEL-2011-2808)
An advanced IRC bouncer
--------------------------------------------------------------------------------
Update Information:
Upgrade to 0.098-rc1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 12 2011 Nick Bebout <nb at fedoraproject.org> - 0.098-0.3.rc1
- Update to znc-0.098-rc1
* Wed Mar 2 2011 Nick Bebout <nb at fedoraproject.org> - 0.098-0.2.beta
- Update to znc-0.098-beta
--------------------------------------------------------------------------------
More information about the epel-devel-list
mailing list