Fedora EPEL 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Wed Jan 26 19:03:40 UTC 2011 

The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/asterisk-1.8.2.2-2.el6,libsrtp-1.4.4-2.20101004cvs.el6
    https://admin.fedoraproject.org/updates/myproxy-5.3-1.el6
    https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.113-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    asterisk-1.8.2.2-2.el6
    drupal6-auto_nodetitle-1.2-4.el6
    drupal6-ctools-1.8-4.el6
    drupal6-views_bulk_operations-1.10-3.el6
    libsrtp-1.4.4-2.20101004cvs.el6
    netatalk-2.1.5-1.el6
    ntfs-3g-2011.1.15-1.el6
    perl-Net-DBus-0.33.6-8.el6
    python-inotify-0.9.1-1.el6
    rear-1.9-1.el6
    x11vnc-0.9.12-17.el6
    yubikey-ksm-1.5-3.el6
    yubikey-val-2.7-2.el6

Details about builds:


================================================================================
 asterisk-1.8.2.2-2.el6 (FEDORA-EPEL-2011-0191)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

Update to 1.8.2.2 to fix CVE-2011-0495
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.2.2-2
- Build with SRTP support
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.2.2-1
-
- The Asterisk Development Team has announced a release for the security issue
- described in AST-2011-001.
-
- Due to a failed merge, Asterisk 1.8.2.1 which should have included the security
- fix did not. Asterisk 1.8.2.2 contains the the changes which should have been
- included in Asterisk 1.8.2.1.
-
- This releases is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
- 1.8.1.2, and 1.8.2.2 resolve an issue when forming an outgoing SIP request while
- in pedantic mode, which can cause a stack buffer to be made to overflow if
- supplied with carefully crafted caller ID information. The issue and resolution
- are described in the AST-2011-001 security advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-001, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.2
-
- Security advisory AST-2011-001 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.2.1-1
-
- The Asterisk Development Team has announced security releases for the following
- versions of Asterisk:
-
- * 1.4.38.1
- * 1.4.39.1
- * 1.6.1.21
- * 1.6.2.15.1
- * 1.6.2.16.1
- * 1.8.1.2
- * 1.8.2.1
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
- 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while
- in pedantic mode, which can cause a stack buffer to be made to overflow if
- supplied with carefully crafted caller ID information. The issue and resolution
- are described in the AST-2011-001 security advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-001, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.38.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.39.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.21
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.15.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.1.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.1
-
- Security advisory AST-2011-001 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.2-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.2. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.2 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * 'sip notify clear-mwi' needs terminating CRLF.
-  (Closes issue #18275. Reported, patched by klaus3000)
-
- * Patch for deadlock from ordering issue between channel/queue locks in
-  app_queue (set_queue_variables).
-  (Closes issue #18031. Reported by rain. Patched by bbryant)
-
- * Fix cache of device state changes for multiple servers.
-  (Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
-  by russellb)
-
- * Resolve issue where channel redirect function (CLI or AMI) hangs up the call
-  instead of redirecting the call.
-  (Closes issue #18171. Reported by: SantaFox)
-  (Closes issue #18185. Reported by: kwemheuer)
-  (Closes issue #18211. Reported by: zahir_koradia)
-  (Closes issue #18230. Reported by: vmarrone)
-  (Closes issue #18299. Reported by: mbrevda)
-  (Closes issue #18322. Reported by: nerbos)
-
- * Fix reloading of peer when a user is requested. Prevent peer reloading from
-  causing multiple MWI subscriptions to be created when using realtime.
-  (Closes issue #18342. Reported, patched by nivek.)
-
- * Fix XMPP PubSub-based distributed device state. Initialize pubsubflags to 0
-  so res_jabber doesn't think there is already an XMPP connection sending
-  device state. Also clean up CLI commands a bit.
-  (Closes issue #18272. Reported by klaus3000. Patched by Marquis42)
-
- * Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
-  setting peer->cdr = NULL, set it to not post.
-  (Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
-
- * Fixes issue with outbound google voice calls not working. Thanks to az1234
-  and nevermind_quack for their input in helping debug the issue.
-  (Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.1.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.1.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.1.1 resolves two issues reported by the community
- since the release of Asterisk 1.8.1.
-
-  * Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
-   setting peer->cdr = NULL, set it to not post.
-   (Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
-
-  * Fixes issue with outbound google voice calls not working. Thanks to az1234
-   and nevermind_quack for their input in helping debug the issue.
-   (Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
-
- For a full list of changes in this release candidate, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1.1
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.1. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix issue when using directmedia. Asterisk needs to limit the codecs offered
-   to just the ones that both sides recognize, otherwise they may end up sending
-   audio that the other side doesn't understand.
-   (Closes issue #17403. Reported, patched by one47. Tested by one47, falves11)
-
- * Resolve issue where Party A in an analog 3-way call would continue to hear
-   ringback after party C answers.
-   (Patched by rmudgett)
-
- * Fix playback failure when using IAX with the timerfd module.
-   (Closes issue #18110. Reported, tested by tpanton. Patched by jpeeler)
-
- * Fix problem with qualify option packets for realtime peers never stopping.
-   The option packets not only never stopped, but if a realtime peer was not in
-   the peer list multiple options dialogs could accumulate over time.
-   (Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
-   jpeeler)
-
- * Fix issue where it is possible to crash Asterisk by feeding the curl engine
-   invalid data.
-   (Closes issue #18161. Reported by wdoekes. Patched by tilghman)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #670777 - CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
        https://bugzilla.redhat.com/show_bug.cgi?id=670777
--------------------------------------------------------------------------------


================================================================================
 drupal6-auto_nodetitle-1.2-4.el6 (FEDORA-EPEL-2011-0173)
 A small and efficient module that allows hiding of the content title
--------------------------------------------------------------------------------
Update Information:

"auto_nodetitle" is a small and efficient module that allows hiding of the content title.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #664303 - Review Request: drupal6-auto_nodetitle - "auto_nodetitle" is a small and efficient module that allows hiding of the content title
        https://bugzilla.redhat.com/show_bug.cgi?id=664303
--------------------------------------------------------------------------------


================================================================================
 drupal6-ctools-1.8-4.el6 (FEDORA-EPEL-2011-0187)
 This suite is primarily a set of APIs and tools
--------------------------------------------------------------------------------
Update Information:

This suite is primarily a set of APIs and tools to improve the developer experience.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #653805 - Review Request: drupal6-ctools - This suite is primarily a set of APIs and tools to improve the developer experience.
        https://bugzilla.redhat.com/show_bug.cgi?id=653805
--------------------------------------------------------------------------------


================================================================================
 drupal6-views_bulk_operations-1.10-3.el6 (FEDORA-EPEL-2011-0179)
 This module augments Views by allowing bulk operations to be executed
--------------------------------------------------------------------------------
Update Information:

This module augments Views by allowing bulk operations to be executed.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #669327 - Review Request: drupal6-views_bulk_operations - This module augments Views by allowing bulk operations to be executed
        https://bugzilla.redhat.com/show_bug.cgi?id=669327
--------------------------------------------------------------------------------


================================================================================
 libsrtp-1.4.4-2.20101004cvs.el6 (FEDORA-EPEL-2011-0191)
 An implementation of the Secure Real-time Transport Protocol (SRTP)
--------------------------------------------------------------------------------
Update Information:

Update to 1.8.2.2 to fix CVE-2011-0495
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #670777 - CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
        https://bugzilla.redhat.com/show_bug.cgi?id=670777
--------------------------------------------------------------------------------


================================================================================
 netatalk-2.1.5-1.el6 (FEDORA-EPEL-2011-0180)
 AppleTalk networking programs
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #669196 - Please move netatalk into EPEL repo
        https://bugzilla.redhat.com/show_bug.cgi?id=669196
--------------------------------------------------------------------------------


================================================================================
 ntfs-3g-2011.1.15-1.el6 (FEDORA-EPEL-2011-0174)
 Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:

Update to 2011.1.15:

* New: implemented fsync() and fsyncdir().
* New: implemented the ’sync’ mount option.
* New: sanity check upcase table.
* New: added a big-endian extended attribute name for attrib and times.
* New: added an extended attribute name for creation time.
* New: enable renaming of system extended attributes.
* Change: improved appending data to fragmented files.
* Change: improved rebuilding a runlist.
* Change: improved comparing filenames on big-endian CPUs.
* Fixed stat(2) for system files with no data.
* Fixed alignment on cached structures.
* Fixed Posix ACLs for big-endian CPUs.
* Fixed deleting files using ignore_case option.
* Fixed allocated size when an attribute update causes unnamed data to be expelled.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 25 2011 Tom Callaway <spot at fedoraproject.org> - 2:2011.1.15-1
- update to 2011.1.15
* Mon Oct 11 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 2:2010.10.2-1
- update to 2010.10.2, all patches merged upstream
* Thu Sep  9 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 2:2010.8.8-2
- add support for context= mount option (Till Maas) (bz502946)
* Mon Aug  9 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 2:2010.8.8-1
- update to 2010.8.8
--------------------------------------------------------------------------------


================================================================================
 perl-Net-DBus-0.33.6-8.el6 (FEDORA-EPEL-2011-0178)
 Use and provide DBus services
--------------------------------------------------------------------------------
Update Information:

New package for the Perl Net::DBus module in EL6.
--------------------------------------------------------------------------------


================================================================================
 python-inotify-0.9.1-1.el6 (FEDORA-EPEL-2011-0188)
 Monitor filesystem events with Python under Linux
--------------------------------------------------------------------------------
Update Information:

This is a Python module for watching filesystems changes. pyinotify can be used for various kind of fs monitoring. pyinotify relies on a recent Linux Kernel feature (merged in kernel 2.6.13) called inotify. inotify is an event-driven notifier, its notifications are
exported from kernel space to user space.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #231830 - Review Request: python-inotify - Monitor filesystem events with Python under Linux
        https://bugzilla.redhat.com/show_bug.cgi?id=231830
--------------------------------------------------------------------------------


================================================================================
 rear-1.9-1.el6 (FEDORA-EPEL-2011-0189)
 Relax and Recover (ReaR) is a Linux Disaster Recovery framework
--------------------------------------------------------------------------------
Update Information:

rear release with cloning functionalities (P2V,...)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 24 2011 Gratien D'haese <gdha at sourceforge.net> - 1.9-1
- New development release with P2V, V2V functionality, and more
- added AUTHORS, TODO to %doc and rm from datadir
--------------------------------------------------------------------------------


================================================================================
 x11vnc-0.9.12-17.el6 (FEDORA-EPEL-2011-0192)
 VNC server for the current X11 session
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #666612 - new release of x11vnc 0.9.12 is available that might allow successful build.
        https://bugzilla.redhat.com/show_bug.cgi?id=666612
--------------------------------------------------------------------------------


================================================================================
 yubikey-ksm-1.5-3.el6 (FEDORA-EPEL-2011-0175)
 The YubiKey Key Storage Module
--------------------------------------------------------------------------------
Update Information:

adding yubikey-ksm  the yubikey key storage module
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #637212 - Review Request: yubikey-ksm - The YubiKey Key Storage Module
        https://bugzilla.redhat.com/show_bug.cgi?id=637212
--------------------------------------------------------------------------------


================================================================================
 yubikey-val-2.7-2.el6 (FEDORA-EPEL-2011-0190)
 The YubiKey Validation Server
--------------------------------------------------------------------------------
Update Information:

adding yubikey-val  the yubikey validation server
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #637213 - Review Request: yubikey-val - The YubiKey Validation Server
        https://bugzilla.redhat.com/show_bug.cgi?id=637213
--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list