The following Fedora EPEL 6 Security updates need testing: Age URL 600 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribbl... 412 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 113 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0376/openconnect-4.... 70 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0823/openstack-keys... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5992/cgit-0.9.2-1.e... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5994/mod_security-2... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5995/socat-1.7.2.2-... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6024/rubygem-passen... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6034/heat-jeos-9-1.... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6044/nrpe-2.14-3.el... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6079/gallery3-3.0.8... 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6090/ssmtp-2.61-20.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10387/owncloud-4.5.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10392/perl-Module-S...
The following builds have been pushed to Fedora EPEL 6 updates-testing
datagrepper-0.1.4-3.el6 dfu-util-0.7-1.el6 hg-git-0.4.0-1.el6 libguac-client-rdp-0.7.4-1.el6 libguac-client-vnc-0.7.2-1.el6 log4cplus-1.1.1-1.el6 nodejs-estraverse-1.1.1-1.el6 nodejs-pubcontrol-0.3.2-1.el6 nodejs-stack-trace-0.0.6-3.el6 owncloud-4.5.12-1.el6 perl-Module-Signature-0.73-1.el6 php-Assetic-1.1.1-1.el6 php-Raven-0.6.0-1.el6 php-bartlett-PHP-CompatInfo-2.17.0-2.el6 php-guzzle-Guzzle-3.6.0-1.el6 php-scssphp-0.0.7-1.el6 php-twig-Twig-1.13.1-1.el6 phrel-1.0.2-1.el6 python-fedmsg-meta-fedora-infrastructure-0.1.6-2.el6 python-tahrir-api-0.1.8-1.el6
Details about builds:
================================================================================ datagrepper-0.1.4-3.el6 (FEDORA-EPEL-2013-6106) A webapp to query fedmsg history -------------------------------------------------------------------------------- Update Information:
Backport patch from commit 2f8c98b in upstream repo that fixes querying datagrepper with ?start=FOO&end=BAR More flexible API. Fix some early bugs found in staging. Fix python2.6 bug. Initial packaged release of datagrepper Patch a typo. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 6 2013 Pierre-Yves Chibon pingou@pingoured.fr - 0.1.4-3 - Backport patch from commit 2f8c98b in upstream repo --------------------------------------------------------------------------------
================================================================================ dfu-util-0.7-1.el6 (FEDORA-EPEL-2013-10390) USB Device Firmware Upgrade tool -------------------------------------------------------------------------------- Update Information:
The dfu-util package allows firmware downloads, and in some cases, uploads and other operations, for USB devices supporting the DFU class. --------------------------------------------------------------------------------
================================================================================ hg-git-0.4.0-1.el6 (FEDORA-EPEL-2013-10383) Mercurial Plugin for Communicating with Git Servers -------------------------------------------------------------------------------- Update Information:
New RPM. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #969812 - Review Request: hg-git - Mercurial Plugin for Communicating with Git Servers https://bugzilla.redhat.com/show_bug.cgi?id=969812 --------------------------------------------------------------------------------
================================================================================ libguac-client-rdp-0.7.4-1.el6 (FEDORA-EPEL-2013-10395) RDP support for guacd -------------------------------------------------------------------------------- Update Information:
Upstream bugfixes to Guacamole RDP and VNC plugins. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Simone Caronni negativo17@gmail.com - 0.7.4-1 - Update to 0.7.4. --------------------------------------------------------------------------------
================================================================================ libguac-client-vnc-0.7.2-1.el6 (FEDORA-EPEL-2013-10395) VNC support for guacd -------------------------------------------------------------------------------- Update Information:
Upstream bugfixes to Guacamole RDP and VNC plugins. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Simone Caronni negativo17@gmail.com - 0.7.2-1 - Update to 0.7.2. --------------------------------------------------------------------------------
================================================================================ log4cplus-1.1.1-1.el6 (FEDORA-EPEL-2013-10384) Logging Framework for C++ -------------------------------------------------------------------------------- Update Information:
- update to log4cplus-1.1.1 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 23 2013 Tomas Hozza thozza@redhat.com 1.1.1-1 - update to 1.1.1 --------------------------------------------------------------------------------
================================================================================ nodejs-estraverse-1.1.1-1.el6 (FEDORA-EPEL-2013-10382) ECMAScript JS AST traversal functions -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #968600 - Review Request: nodejs-estraverse - ECMAScript JS AST traversal functions https://bugzilla.redhat.com/show_bug.cgi?id=968600 --------------------------------------------------------------------------------
================================================================================ nodejs-pubcontrol-0.3.2-1.el6 (FEDORA-EPEL-2013-10393) HTTP Extensible Pubsub Control Protocol (EPCP) library for Node.js -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #969827 - Review Request: nodejs-pubcontrol - HTTP Extensible Pubsub Control Protocol (EPCP) library for Node.js https://bugzilla.redhat.com/show_bug.cgi?id=969827 --------------------------------------------------------------------------------
================================================================================ nodejs-stack-trace-0.0.6-3.el6 (FEDORA-EPEL-2013-10397) Node.js module to get v8 stack traces as an array of CallSite objects -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #911069 - Review Request: nodejs-stack-trace - Node.js module to get v8 stack traces as an array of CallSite objects https://bugzilla.redhat.com/show_bug.cgi?id=911069 --------------------------------------------------------------------------------
================================================================================ owncloud-4.5.12-1.el6 (FEDORA-EPEL-2013-10387) Private file sync and share server -------------------------------------------------------------------------------- Update Information:
4.5.12 4.5.11 -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 8 2013 Gregor Tätzner brummbq@fedoraproject.org - 4.5.12-1 - 4.5.12 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #971859 - CVE-2013-2149 owncloud: Cross-site scripting in owncloud jQuery dialogs due improper escaping of filenames in filepicker module (oC-SA-2013-028) https://bugzilla.redhat.com/show_bug.cgi?id=971859 [ 2 ] Bug #962997 - CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 https://bugzilla.redhat.com/show_bug.cgi?id=962997 --------------------------------------------------------------------------------
================================================================================ perl-Module-Signature-0.73-1.el6 (FEDORA-EPEL-2013-10392) CPAN signature management utilities and modules -------------------------------------------------------------------------------- Update Information:
This update ensures that digest modules are only loaded from absolute paths in @INC, avoiding a potential arbitrary code execution problem (CVE-2013-2145).
There are also a variety of internal package clean-ups. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Paul Howarth paul@city-fan.org - 0.73-1 - Update to 0.73 - Support for gpg under these alternate names: gpg gpg2 gnupg gnupg2 - Don't check gpg version if gpg does not exist - Constrain the user-specified digest name to /^\w+\d+$/ - Only allow loading Digest::* from absolute paths in @INC (CVE-2013-2145) - This release by AUDREYT -> update source URL - Include Andreas Koenig's GPG key in the SRPM and import it in %prep so that we don't need to get it from a keyserver in %check - Make building non-interactive - Specify all dependencies - Don't need to remove empty directories from the buildroot - Drop %defattr, redundant since rpm 4.4 - Use %{_fixperms} macro rather than our own chmod incantation -------------------------------------------------------------------------------- References:
[ 1 ] Bug #971096 - CVE-2013-2145 perl-Module-Signature: arbitrary code execution when verifying SIGNATURE https://bugzilla.redhat.com/show_bug.cgi?id=971096 --------------------------------------------------------------------------------
================================================================================ php-Assetic-1.1.1-1.el6 (FEDORA-EPEL-2013-10380) Asset Management for PHP -------------------------------------------------------------------------------- Update Information:
Updated to 1.1.1
1.1.1 (June 1, 2013) * Fixed cloning of asset collections * Fixed environment var inheritance * Replaced AssetWriter::getCombinations() for BC, even though we don't use it * Added support for @import-once to Less filters
1.1.0 (May 15, 2013) * Added LazyAssetManager::getLastModified() for determining "deep" mtime * Added DartFilter * Added EmberPrecompile * Added GssFilter * Added PhpCssEmbedFilter * Added RooleFilter * Added TypeScriptFilter * Added the possibility to configure additional load paths for less and lessphp * Added the UglifyCssFilter * Fixed the handling of directories in the GlobAsset. #256 * Added Handlebars support * Added Scssphp-compass support * Added the CacheBustingWorker * Added the UglifyJs2Filter
Full change log: https://github.com/kriswallsmith/assetic/blob/v1.1.1/CHANGELOG-1.1.md -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski shawn.iwinski@gmail.com 1.1.1-1 - Updated to 1.1.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #970102 - php-Assetic-1.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=970102 --------------------------------------------------------------------------------
================================================================================ php-Raven-0.6.0-1.el6 (FEDORA-EPEL-2013-10391) A PHP client for Sentry -------------------------------------------------------------------------------- Update Information:
Updated to 0.6.0
0.5.1 to 0.6.0: https://github.com/getsentry/raven-php/compare/0.5.1...0.6.0 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski shawn.iwinski@gmail.com 0.6.0-1 - Updated to 0.6.0 - Removed tests sub-package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #971729 - php-Raven-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=971729 --------------------------------------------------------------------------------
================================================================================ php-bartlett-PHP-CompatInfo-2.17.0-2.el6 (FEDORA-EPEL-2013-6104) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information:
Additions and changes: * add both support to PHP 5.4.16 and 5.3.26 * update xdebug reference to 2.2.3 * update xhprof reference to 0.9.3 * update libevent reference to 0.1.0 * update amqp reference to 1.2.0 * update gender reference to 1.0.0 * update intl reference to 3.0.0 * update mongo reference to 1.4.1 * update zendopcache reference to 7.0.2 * phar version of CLI tools * CLI tools phpci is renamed to phpcompatinfo to avoid name conflict with http://www.phptesting.org/
Bug fixes: * extension Zend OPcache is not displayed in list-references
For now, the RPM provides both "phpci" and "phpcompatinfo" commands. Deprecated "phpci" command will be dropped in a future version.
-------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Remi Collet remi@fedoraproject.org - 2.17.0-2 - keep phpci command for now * Fri Jun 7 2013 Remi Collet remi@fedoraproject.org - 2.17.0-1 - Update to 2.17.0 - phpci command renamed to phpcompatinfo --------------------------------------------------------------------------------
================================================================================ php-guzzle-Guzzle-3.6.0-1.el6 (FEDORA-EPEL-2013-10398) PHP HTTP client library and framework for building RESTful web service clients -------------------------------------------------------------------------------- Update Information:
3.6.0 (2013-05-29) * ServiceDescription now implements ToArrayInterface * Added command.hidden_params to blacklist certain headers from being treated as additionalParameters * Guzzle can now correctly parse incomplete URLs * Mixed casing of headers are now forced to be a single consistent casing across all values for that header. * Messages internally use a HeaderCollection object to delegate handling case-insensitive header resolution * Removed the whole changedHeader() function system of messages because all header changes now go through addHeader(). * Specific header implementations can be created for complex headers. When a message creates a header, it uses a * HeaderFactory which can map specific headers to specific header classes. There is now a Link header and CacheControl header implementation. * Removed from interface: Guzzle\Http\ClientInterface::setUriTemplate * Removed from interface: Guzzle\Http\ClientInterface::setCurlMulti() * Removed Guzzle\Http\Message\Request::receivedRequestHeader() and implemented this functionality in Guzzle\Http\Curl\RequestMediator * Removed the optional $asString parameter from MessageInterface::getHeader(). Just cast the header to a string. * Removed the optional $tryChunkedTransfer option from Guzzle\Http\Message\EntityEnclosingRequestInterface * Removed the $asObjects argument from Guzzle\Http\Message\MessageInterface::getHeaders() * Removed Guzzle\Parser\ParserRegister::get(). Use getParser() * Removed Guzzle\Parser\ParserRegister::set(). Use registerParser(). * All response header helper functions return a string rather than mixing Header objects and strings inconsistently * Removed cURL blacklist support. This is no longer necessary now that Expect, Accept, etc are managed by Guzzle directly via interfaces * Removed the injecting of a request object onto a response object. The methods to get and set a request still exist but are a no-op until removed. * Most classes that used to require a `Guzzle\Service\Command\CommandInterface typehint now request a Guzzle\Service\Command\ArrayCommandInterface. * Added Guzzle\Http\Message\RequestInterface::startResponse() to the RequestInterface to handle injecting a response on a request while the request is still being transferred * The ability to case-insensitively search for header values * Guzzle\Http\Message\Header::hasExactHeader * Guzzle\Http\Message\Header::raw. Use getAll() * Deprecated cache control specific methods on Guzzle\Http\Message\AbstractMessage. Use the CacheControl header object instead. * Guzzle\Service\Command\CommandInterface now extends from ToArrayInterface and ArrayAccess * Added the ability to cast Model objects to a string to view debug information.
3.5.0 (2013-05-13) * Bug: Fixed a regression so that request responses are parsed only once per oncomplete event rather than multiple times * Bug: Better cleanup of one-time events accross the board (when an event is meant to fire once, it will now remove itself from the EventDispatcher) * Bug: Guzzle\Log\MessageFormatter now properly writes "total_time" and "connect_time" values * Bug: Cloning an EntityEnclosingRequest now clones the EntityBody too * Bug: Fixed an undefined index error when parsing nested JSON responses with a sentAs parameter that reference a * non-existent key * Bug: All __call() method arguments are now required (helps with mocking frameworks) * Deprecating Response::getRequest() and now using a shallow clone of a request object to remove a circular reference to help with refcount based garbage collection of resources created by sending a request * Deprecating ZF1 cache and log adapters. These will be removed in the next major version. * Deprecating Response::getPreviousResponse() (method signature still exists, but it'sdeprecated). Use the HistoryPlugin for a history. * Added a responseBody alias for the response_body location * Refactored internals to no longer rely on Response::getRequest() * HistoryPlugin can now be cast to a string * HistoryPlugin now logs transactions rather than requests and responses to more accurately keep track of the requests and responses that are sent over the wire * Added getEffectiveUrl() and getRedirectCount() to Response objects
Full change log: https://github.com/guzzle/guzzle/blob/v3.6.0/CHANGELOG.md -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski shawn.iwinski@gmail.com 3.6.0-1 - Updated to 3.6.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #962778 - php-guzzle-Guzzle-3.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=962778 --------------------------------------------------------------------------------
================================================================================ php-scssphp-0.0.7-1.el6 (FEDORA-EPEL-2013-10381) A compiler for SCSS written in PHP -------------------------------------------------------------------------------- Update Information:
Updated to 0.0.7
0.0.5 to 0.0.7 change log: * Port various fixes from leafo/lessphp. * Improve filter precision. * Parsing large image data-urls does not work. * Add == and != ops for colors. * @if and @while directives should treat null like false. * Add pscss as bin in composer.json (Christian Lück). * Fix !default bug (James Shannon, Alberto Aldegheri). * Fix mixin content includes (James Shannon, Christian Brandt). * Fix passing of varargs to another mixin. * Fix interpolation bug in expToString() (Matti Jarvinen).
Full change log: http://leafo.net/scssphp/#changelog -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski shawn.iwinski@gmail.com 0.0.7-1 - Updated to 0.0.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #967834 - php-scssphp-0.0.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=967834 --------------------------------------------------------------------------------
================================================================================ php-twig-Twig-1.13.1-1.el6 (FEDORA-EPEL-2013-10386) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information:
Updated to 1.13.1 (see http://blog.twig.sensiolabs.org/post/52290013748/twig-1-13-1-released)
* added the possibility to ignore the filesystem constructor argument in Twig_Loader_Filesystem * fixed Twig_Loader_Chain::exists() for a loader which implements Twig_ExistsLoaderInterface * adjusted backtrace call to reduce memory usage when an error occurs * added support for object instances as the second argument of the constant test * fixed the include function when used in an assignment
Full change log: https://github.com/fabpot/Twig/blob/v1.13.1/CHANGELOG -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski shawn.iwinski@gmail.com 1.13.1-1 - Updated to 1.13.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #971730 - php-twig-Twig-1.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=971730 --------------------------------------------------------------------------------
================================================================================ phrel-1.0.2-1.el6 (FEDORA-EPEL-2013-6105) Per Host RatE Limiter -------------------------------------------------------------------------------- Update Information:
New RPM. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #967153 - Review Request: phrel - Per Host RatE Limiter https://bugzilla.redhat.com/show_bug.cgi?id=967153 --------------------------------------------------------------------------------
================================================================================ python-fedmsg-meta-fedora-infrastructure-0.1.6-2.el6 (FEDORA-EPEL-2013-10385) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information:
Give the planet processor the correct .__name__. Also, a mailman3 processor is available for the future. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 6 2013 Ralph Bean rbean@redhat.com - 0.1.6-2 - Removed an old unneeded patch. * Thu Jun 6 2013 Ralph Bean rbean@redhat.com - 0.1.6-1 - Fix the planet processor name. - Add mailman3 processor for the future. --------------------------------------------------------------------------------
================================================================================ python-tahrir-api-0.1.8-1.el6 (FEDORA-EPEL-2013-10394) An API for interacting with the Tahrir database -------------------------------------------------------------------------------- Update Information:
New features, bugfixes, and relicense to GPLv3+. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 7 2013 Ralph Bean rbean@redhat.com - 0.1.8-1 - New Invitations API. - Bugfixes to other API functions. - Relicense to GPLv3+ --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org