The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/rt3-3.8.10-2.el6.1 https://admin.fedoraproject.org/updates/bugzilla-3.4.11-1.el6 https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-1... https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el6 https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.5-1.el6 https://admin.fedoraproject.org/updates/perl-FCGI-0.71-4.el6 https://admin.fedoraproject.org/updates/puppet-2.6.6-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
RBTools-0.3.4-1.el6 askbot-0.7.23-1.el6 django-authenticator-0.1.4-1.el6 mongodb-1.8.2-2.el6 moodle-2.1.1-2.el6 proftpd-1.3.3f-1.el6 puppet-2.6.6-2.el6 shorewall-4.4.23.3-1.el6
Details about builds:
================================================================================ RBTools-0.3.4-1.el6 (FEDORA-EPEL-2011-4555) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information:
* Tue Sep 27 2011 Stephen Gallagher sgallagh@redhat.com - 0.3.4-1 - New upstream 0.3.4 release - http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/ - New Features: - post-review: - Added a --change-description option for setting the Change Description text on drafts - Bugfixes: - post-review: - Newlines in summaries on Git are now converted to spaces, preventing errors when using --guess-summary - Fixed authentication failures when accessing a protected /api/info/ URL. This was problematic particularly on RBCommons - Fixed diff upload problems on Python 2.7 -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 27 2011 Stephen Gallagher sgallagh@redhat.com - 0.3.4-1 - New upstream 0.3.4 release - http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/ - New Features: - post-review: - Added a --change-description option for setting the Change Description text on drafts - Bugfixes: - post-review: - Newlines in summaries on Git are now converted to spaces, preventing errors when using --guess-summary - Fixed authentication failures when accessing a protected /api/info/ URL. This was problematic particularly on RBCommons - Fixed diff upload problems on Python 2.7 --------------------------------------------------------------------------------
================================================================================ askbot-0.7.23-1.el6 (FEDORA-EPEL-2011-4550) Question and Answer forum -------------------------------------------------------------------------------- Update Information:
upfiles alias for httpd configuration. several minor enhancements and bug fixes * if RHEL, then depend on python-dateutil15 instead of python-dateutil
* add README.fedora and configuration files for multi-site deployment
* update wsgi, apache httpd configuration and settings.py setup template
* thanks to Toshio Kuriotami for suggesting and reviewing the changes --------------------------------------------------------------------------------
================================================================================ django-authenticator-0.1.4-1.el6 (FEDORA-EPEL-2011-4557) Authentication client for django -------------------------------------------------------------------------------- Update Information:
django-authenticator isn a forked version of django-authopenid module. It is developed for the Askbot project.
--------------------------------------------------------------------------------
================================================================================ mongodb-1.8.2-2.el6 (FEDORA-EPEL-2011-4552) High-performance, schema-free document-oriented database -------------------------------------------------------------------------------- Update Information:
Update EPEL 6 to mongodb 1.8.2 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 13 2011 Chris Lalancette clalance@redhat.com - 1.8.2-2 - Make mongodb-devel require boost-devel (BZ 703184) * Fri Jul 1 2011 Chris Lalancette clalance@redhat.com - 1.8.2-1 - Update to upstream 1.8.2 - Add patch to ignore TERM * Fri Jul 1 2011 Chris Lalancette clalance@redhat.com - 1.8.0-3 - Bump release to build against new boost package * Sat Mar 19 2011 Nathaniel McCallum nathaniel@natemccallum.com - 1.8.0-2 - Make mongod bind only to 127.0.0.1 by default * Sat Mar 19 2011 Nathaniel McCallum nathaniel@natemccallum.com - 1.8.0-1 - Update to 1.8.0 - Remove upstreamed nonce patch * Wed Feb 16 2011 Nathaniel McCallum nathaniel@natemccallum.com - 1.7.5-5 - Add nonce patch * Sun Feb 13 2011 Nathaniel McCallum nathaniel@natemccallum.com - 1.7.5-4 - Manually define to use boost-fs v2 * Sat Feb 12 2011 Nathaniel McCallum nathaniel@natemccallum.com - 1.7.5-3 - Disable extra warnings * Fri Feb 11 2011 Nathaniel McCallum nathaniel@natemccallum.com - 1.7.5-2 - Disable compilation errors on warnings * Fri Feb 11 2011 Nathaniel McCallum nathaniel@natemccallum.com - 1.7.5-1 - Update to 1.7.5 - Remove CPPFLAGS override - Added libmongodb package * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.6.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ moodle-2.1.1-2.el6 (FEDORA-EPEL-2011-4551) A Course Management System -------------------------------------------------------------------------------- Update Information:
Minor change to cron setup. Update to 2.1.1. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 27 2011 Jon Ciesla limb@jcomserv.net - 2.1.1-2 - Switched to cli cron script, BZ 733957. * Tue Aug 16 2011 Jon Ciesla limb@jcomserv.net - 2.1.1-1 - New upstream. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #733957 - cron path change in moodle-2.1.1-1.el6.noarch https://bugzilla.redhat.com/show_bug.cgi?id=733957 --------------------------------------------------------------------------------
================================================================================ proftpd-1.3.3f-1.el6 (FEDORA-EPEL-2011-4556) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information:
This update, to the current upstream maintenance release, fixes a number of bugs as described in the changelog. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 27 2011 Paul Howarth paul@city-fan.org 1.3.3f-1 - Update to 1.3.3f, fixing a large number of bugs reported upstream: - Avoid spinning proftpd process if read(2) returns EAGAIN (bug 3639) - Segfault seen in mod_sql_mysql if "SQLAuthenticate groupsetfast" used (bug 3642) - Disable signal handling for exiting session processes (bug 3644) - TCPAccessSyslogLevel directive broken by Bug#3317 (bug 3652) - TLSVerifyOrder directive is broken (bug 3658) - Segmentation fault if there is regex <IfUser> section in a <VirtualHost> section; this is a regression caused by a bad backport of the fix for Bug#3625 to the 1.3.3 branch (bug 3659) - Filenames with embedded IAC do not get processed correctly (bug 3697) - Drop upstreamed nostrip patch - Use new --disable-strip option to retain debugging symbols - Use upstream LDAP quota table schema rather than our own copy --------------------------------------------------------------------------------
================================================================================ puppet-2.6.6-2.el6 (FEDORA-EPEL-2011-4553) A network tool for managing many disparate systems -------------------------------------------------------------------------------- Update Information:
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740fe...
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 27 2011 Todd Zullinger tmz@pobox.com - 2.6.6-2 - Apply upstream patch for CVE-2011-3848 --------------------------------------------------------------------------------
================================================================================ shorewall-4.4.23.3-1.el6 (FEDORA-EPEL-2011-4558) An iptables front end for firewall configuration -------------------------------------------------------------------------------- Update Information:
Update to 4.4.23.3 http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.23/releasenotes.tx... -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org