The following Fedora EPEL 6 Security updates need testing:
Age URL
571
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
86
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6
47
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11703/chicken-4.8.0.4-4.el6
28
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11865/quassel-0.9.1-1.el6
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12025/seamonkey-2.22-1.el6
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12064/drupal7-context-3.1-1.el6
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12040/python-djblets-0.7.23-1.el6,ReviewBoard-1.7.18-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12102/moodle-2.4.7-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ReviewBoard-1.7.18-1.el6
amiri-fonts-0.106-9.el6
engauge-digitizer-5.2-3.el6
fedmsg-0.7.2-1.el6
lcmaps-1.6.1-6.el6
lz4-r108-1.el6
moodle-2.4.7-1.el6
open-vm-tools-9.4.0-1.el6
php-bartlett-PHP-CompatInfo-2.25.0-1.el6
python-djblets-0.7.23-1.el6
simarrange-0.0-1.20131019gitd52382f.el6
skeinforge-12.03.14-16.el6
tcpcopy-0.9.6-1.el6
youtube-dl-2013.11.13-1.el6
Details about builds:
================================================================================
ReviewBoard-1.7.18-1.el6 (FEDORA-EPEL-2013-12040)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
- Fix JavaScript errors
- New upstream security release 1.7.17
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/
- Resolves: CVE-2013-4519
- Security Fixes:
* Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions.
* Added a 'X-Frame-Options' header to prevent clickjacking.
- New Features:
* Remove the need for SSH keys for GitHub repositories.
* Improved validation for GitHub repositories.
* Added support for permissions on Local Sites.
- Performance Improvements:
* Reduced query counts on all pages.
* Reduced query counts in the web API when returning empty lists.
- Extensibility:
* Extensions using the ``configure_extension`` view an now pass in a custom
``template_name`` pointing to a template for the configuration page, if it
needs additional customization.
* Enabling, disabling or reconfiguring extensions will now invalidate the
caches for pages, ensuring that hooks will take affect.
* Extension configuration now works properly on subdirectory installs.
- Bug Fixes:
* Fixed showing private review requests on a submitter page.
* The description for submitted or discarded review requests is now shown on
the diff viewer.
* Discarding, reopening and then closing a review request no longer makes the
review request private.
* Fixed a naming conflict with older PyCrypto packages, such as the default
package on CentOS 6.4.
* Users with the 'can_change_status' permission no longer need the
'can_edit_reviewrequest' permission in order to close or reopen review requests.
* Switching a repository from using a hosting service to Custom no longer
reverts back to the hosting service.
* Fixed editing a repository if its associated hosting service can't be
loaded (such as if an extension providing that hosting service is disabled).
* Many diff validation errors weren't being shown on the New Review Request
page, generating 500 errors instead.
* Fixed caching issues with the Blocks field on review requests.
* Editing JSON text fields in the administration UI now works, validates, and
won't result in warnings in the log.
* Fixed breakages with looking up URLs internally with Local Sites.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 13 2013 Stephen Gallagher <[email protected]> - 1.7.18-1
- New upstream bugfix release 1.7.18
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.18/
- Convert to using UglifyJS2 for javascript minification
* Wed Nov 6 2013 Stephen Gallagher <[email protected]> - 1.7.17-1.1
- Drop upstreamed patch for pytz requirement
* Tue Nov 5 2013 Stephen Gallagher <[email protected]> - 1.7.17-1
- New upstream security release 1.7.17
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/
- Resolves: CVE-2013-4519
- Security Fixes:
* Fixed XSS vulnerabilities for the 'Branch' field and uploaded file
captions.
* Added a 'X-Frame-Options' header to prevent clickjacking.
- New Features:
* Remove the need for SSH keys for GitHub repositories.
* Improved validation for GitHub repositories.
* Added support for permissions on Local Sites.
- Performance Improvements:
* Reduced query counts on all pages.
* Reduced query counts in the web API when returning empty lists.
- Extensibility:
* Extensions using the ``configure_extension`` view an now pass in a custom
``template_name`` pointing to a template for the configuration page, if it
needs additional customization.
* Enabling, disabling or reconfiguring extensions will now invalidate the
caches for pages, ensuring that hooks will take affect.
* Extension configuration now works properly on subdirectory installs.
- Bug Fixes:
* Fixed showing private review requests on a submitter page.
* The description for submitted or discarded review requests is now shown on
the diff viewer.
* Discarding, reopening and then closing a review request no longer makes the
review request private.
* Fixed a naming conflict with older PyCrypto packages, such as the default
package on CentOS 6.4.
* Users with the 'can_change_status' permission no longer need the
'can_edit_reviewrequest' permission in order to close or reopen review
requests.
* Switching a repository from using a hosting service to Custom no longer
reverts back to the hosting service.
* Fixed editing a repository if its associated hosting service can't be
loaded (such as if an extension providing that hosting service is
disabled).
* Many diff validation errors weren't being shown on the New Review Request
page, generating 500 errors instead.
* Fixed caching issues with the Blocks field on review requests.
* Editing JSON text fields in the administration UI now works, validates, and
won't result in warnings in the log.
* Fixed breakages with looking up URLs internally with Local Sites.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1027010 - CVE-2013-4519 ReviewBoard: two XSS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1027010
--------------------------------------------------------------------------------
================================================================================
amiri-fonts-0.106-9.el6 (FEDORA-EPEL-2013-12103)
A classical Arabic font in Naskh style
--------------------------------------------------------------------------------
Update Information:
A classical Arabic font in Naskh style
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1015701 - Review Request: amiri-fonts - A classical Arabic font in
Naskh style
https://bugzilla.redhat.com/show_bug.cgi?id=1015701
--------------------------------------------------------------------------------
================================================================================
engauge-digitizer-5.2-3.el6 (FEDORA-EPEL-2013-12110)
Convert graphs or map files into numbers
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1028741 - Review Request: engauge-digitizer - Convert graphs or
map files into numbers
https://bugzilla.redhat.com/show_bug.cgi?id=1028741
--------------------------------------------------------------------------------
================================================================================
fedmsg-0.7.2-1.el6 (FEDORA-EPEL-2013-12101)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
Cap timestamp at second level precision to smooth over signature validation on
different installations.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 13 2013 Ralph Bean <[email protected]> - 0.7.2-1
- Latest upstream.
- Cap message timestamp at the second-level precision.
- Automatically listify endpoints.
- Code cleaning.
--------------------------------------------------------------------------------
================================================================================
lcmaps-1.6.1-6.el6 (FEDORA-EPEL-2013-12098)
Grid (X.509) and VOMS credentials to local account mapping service
--------------------------------------------------------------------------------
Update Information:
Grid (X.509) and VOMS credentials to local account mapping service
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #736717 - Review Request: lcmaps - Grid (X.509) and VOMS
credentials to local account mapping
https://bugzilla.redhat.com/show_bug.cgi?id=736717
--------------------------------------------------------------------------------
================================================================================
lz4-r108-1.el6 (FEDORA-EPEL-2013-12104)
Extremely fast compression algorithm
--------------------------------------------------------------------------------
Update Information:
lz4-r108 release.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 10 2013 pjp <[email protected]> - r108-1
- new release r108
--------------------------------------------------------------------------------
================================================================================
moodle-2.4.7-1.el6 (FEDORA-EPEL-2013-12102)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Latest upstreams, multiple security fixes.
Name: CVE-2013-6780
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6780
Assigned: 20131112
Reference: https://yuilibrary.com/support/20131111-vulnerability/
Cross-site scripting (XSS) vulnerability in uploader.swf in the
Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote
attackers to inject arbitrary web script or HTML via the allowedDomain
parameter.
Name: CVE-2013-3630
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630
[Open">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630";>Open URL]
Assigned: 20130521
Reference:
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
[Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one";>Open
URL]
Reference:
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
[Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats";>Open
URL]
Moodle through 2.5.2 allows remote authenticated administrators to execute
arbitrary programs by configuring the aspell pathname and then triggering a
spell-check operation within the TinyMCE editor.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 14 2013 Jon Ciesla <[email protected]> - 2.4.7-1
- 2.4.7, BZ 1025655,6, 1030084,5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1025655 - CVE-2013-3630 moodle: authenticated remote command
execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1025655
[ 2 ] Bug #1025656 - CVE-2013-3630 moodle: authenticated remote command
execution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1025656
[ 3 ] Bug #1030084 - CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0
through 2.9.0 [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=1030084
[ 4 ] Bug #1030085 - CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0
through 2.9.0 [fedora-18]
https://bugzilla.redhat.com/show_bug.cgi?id=1030085
--------------------------------------------------------------------------------
================================================================================
open-vm-tools-9.4.0-1.el6 (FEDORA-EPEL-2013-12097)
Open VMware Tools for virtual machines hosted on VMware
--------------------------------------------------------------------------------
Update Information:
New stable version 9.4.0 from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 13 2013 Ravindra Kumar <[email protected]> - 9.4.0-1
- Package new upstream version open-vm-tools-9.4.0-1280544.
- Added CUSTOM_PROCPS_NAME=procps and -Wno-deprecated-declarations
for version 9.4.0.
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-CompatInfo-2.25.0-1.el6 (FEDORA-EPEL-2013-12109)
Find out version and the extensions required for a piece of code to run
--------------------------------------------------------------------------------
Update Information:
Version 2.25.0 (2013-11-14)
Additions and changes:
* add both support to PHP 5.4.22 and 5.5.6
* update mongo reference to 1.4.5
* update varnish reference to 1.1.1
* add new jsmin reference (0.1.1)
* fixed the test skeleton template now unit test suites used shared fixtures
Bug fixes:
* GH-105: detect PHP-5.4 feature : Short array syntax declaration
* GH-106: detect PHP-5.4 feature : Short array syntax on function call
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 14 2013 Remi Collet <[email protected]> - 2.25.0-1
- Update to 2.25.0
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.7.23-1.el6 (FEDORA-EPEL-2013-12040)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
- Fix JavaScript errors
- New upstream security release 1.7.17
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/
- Resolves: CVE-2013-4519
- Security Fixes:
* Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions.
* Added a 'X-Frame-Options' header to prevent clickjacking.
- New Features:
* Remove the need for SSH keys for GitHub repositories.
* Improved validation for GitHub repositories.
* Added support for permissions on Local Sites.
- Performance Improvements:
* Reduced query counts on all pages.
* Reduced query counts in the web API when returning empty lists.
- Extensibility:
* Extensions using the ``configure_extension`` view an now pass in a custom
``template_name`` pointing to a template for the configuration page, if it
needs additional customization.
* Enabling, disabling or reconfiguring extensions will now invalidate the
caches for pages, ensuring that hooks will take affect.
* Extension configuration now works properly on subdirectory installs.
- Bug Fixes:
* Fixed showing private review requests on a submitter page.
* The description for submitted or discarded review requests is now shown on
the diff viewer.
* Discarding, reopening and then closing a review request no longer makes the
review request private.
* Fixed a naming conflict with older PyCrypto packages, such as the default
package on CentOS 6.4.
* Users with the 'can_change_status' permission no longer need the
'can_edit_reviewrequest' permission in order to close or reopen review requests.
* Switching a repository from using a hosting service to Custom no longer
reverts back to the hosting service.
* Fixed editing a repository if its associated hosting service can't be
loaded (such as if an extension providing that hosting service is disabled).
* Many diff validation errors weren't being shown on the New Review Request
page, generating 500 errors instead.
* Fixed caching issues with the Blocks field on review requests.
* Editing JSON text fields in the administration UI now works, validates, and
won't result in warnings in the log.
* Fixed breakages with looking up URLs internally with Local Sites.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 5 2013 Stephen Gallagher <[email protected]> - 0.7.23-1
- New upstream release 0.7.23
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS
* djblets.webapi:
* Added a has_list_access_permissions function, which is used to determine
access to a list resource.
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.22.NEWS
* djblets.extensions:
* AJAX_SERIAL is updated when extensions are enabled/disabled or their
configuration changes, allowing templates using AJAX_SERIAL as part of
their cache to invalidate.
* djblets.siteconfig:
* Reduced query counts for installs using siteconfig.
* djblets.webapi:
* Reduced query counts when returning payloads for list resources with no
entries.
* Common attribute lookups on WebAPIResource are now cached.
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.23.NEWS
* djblets.extensions:
* Fix URL errors when configuring extensions with a custom SITE_ROOT.
* djblets.util.fields:
* JSONFields can now be safely edited through the administration UI,
complete with validation.
* jquery.gravy:
* Fixed hiding the pencil icons on an inlineEditor when disabled.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1027010 - CVE-2013-4519 ReviewBoard: two XSS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1027010
--------------------------------------------------------------------------------
================================================================================
simarrange-0.0-1.20131019gitd52382f.el6 (FEDORA-EPEL-2013-12108)
STL 2D plate packer with collision simulation
--------------------------------------------------------------------------------
Update Information:
STL 2D plate packer with collision simulation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1021919 - Review Request: simarrange - STL 2D plate packer with
collision simulation
https://bugzilla.redhat.com/show_bug.cgi?id=1021919
--------------------------------------------------------------------------------
================================================================================
skeinforge-12.03.14-16.el6 (FEDORA-EPEL-2013-12100)
Converts 3D model into G-Code for RepRap
--------------------------------------------------------------------------------
Update Information:
Converts 3D model into G-Code for RepRap
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #863793 - Review Request: skeinforge - Converts 3D model into
G-Code for RepRap
https://bugzilla.redhat.com/show_bug.cgi?id=863793
--------------------------------------------------------------------------------
================================================================================
tcpcopy-0.9.6-1.el6 (FEDORA-EPEL-2013-12099)
An online request replication tool
--------------------------------------------------------------------------------
Update Information:
new version.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 14 2013 Christopher Meng <[email protected]> - 0.9.6-1
- New version.
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2013.11.13-1.el6 (FEDORA-EPEL-2013-12107)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
New version.
New version.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 14 2013 Christopher Meng <[email protected]> - 2013.11.13-1
- Update to new release.
* Fri Nov 8 2013 Christopher Meng <[email protected]> - 2013.11.07-1
- Update to new release(BZ#1027822).
* Thu Oct 31 2013 Christopher Meng <[email protected]> - 2013.11.02-1
- Update to new release(BZ#1026034).
* Thu Oct 31 2013 Christopher Meng <[email protected]> - 2013.10.30-1
- Update to new release(BZ#1024948).
* Mon Oct 28 2013 Christopher Meng <[email protected]> - 2013.10.28-1
- Update to new release(BZ#1022706).
* Wed Oct 23 2013 Christopher Meng <[email protected]> - 2013.10.23-1
- Update to new release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1027822 - youtube-dl-2013.11.07 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1027822
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
