Fedora EPEL 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Jan 27 18:24:56 UTC 2011


The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/asterisk-1.8.2.3-1.el6,libsrtp-1.4.4-2.20101004cvs.el6
    https://admin.fedoraproject.org/updates/myproxy-5.3-1.el6
    https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.113-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    asterisk-1.8.2.3-1.el6
    drupal6-rules-1.4-3.el6
    erlang-ibrowse-2.1.3-1.el6
    libsrtp-1.4.4-2.20101004cvs.el6
    perl-CPAN-Meta-YAML-0.003-3.el6
    perl-Perl-OSType-1.002-3.el6
    pyvnc2swf-0.9.5-9.el6
    t1utils-1.36-1.el6

Details about builds:


================================================================================
 asterisk-1.8.2.3-1.el6 (FEDORA-EPEL-2011-0191)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

Update to 1.8.2.3 to fix CVE-2011-0495
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 26 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.2.3-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.2.3.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.2.3 resolves the following issue:
-
-  * Reimplemented fax session reservation to reverse the ABI breakage introduced
-   in r297486.
-   (Reported by Jeremy Kister on the asterisk-users mailing list. Patched by
-   mnicholson)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2.3
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.2.2-2
- Build with SRTP support
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.2.2-1
-
- The Asterisk Development Team has announced a release for the security issue
- described in AST-2011-001.
-
- Due to a failed merge, Asterisk 1.8.2.1 which should have included the security
- fix did not. Asterisk 1.8.2.2 contains the the changes which should have been
- included in Asterisk 1.8.2.1.
-
- This releases is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
- 1.8.1.2, and 1.8.2.2 resolve an issue when forming an outgoing SIP request while
- in pedantic mode, which can cause a stack buffer to be made to overflow if
- supplied with carefully crafted caller ID information. The issue and resolution
- are described in the AST-2011-001 security advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-001, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.2
-
- Security advisory AST-2011-001 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.2.1-1
-
- The Asterisk Development Team has announced security releases for the following
- versions of Asterisk:
-
- * 1.4.38.1
- * 1.4.39.1
- * 1.6.1.21
- * 1.6.2.15.1
- * 1.6.2.16.1
- * 1.8.1.2
- * 1.8.2.1
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
- 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while
- in pedantic mode, which can cause a stack buffer to be made to overflow if
- supplied with carefully crafted caller ID information. The issue and resolution
- are described in the AST-2011-001 security advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-001, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.38.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.39.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.21
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.15.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.1.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.1
-
- Security advisory AST-2011-001 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.2-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.2. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.2 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * 'sip notify clear-mwi' needs terminating CRLF.
-  (Closes issue #18275. Reported, patched by klaus3000)
-
- * Patch for deadlock from ordering issue between channel/queue locks in
-  app_queue (set_queue_variables).
-  (Closes issue #18031. Reported by rain. Patched by bbryant)
-
- * Fix cache of device state changes for multiple servers.
-  (Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
-  by russellb)
-
- * Resolve issue where channel redirect function (CLI or AMI) hangs up the call
-  instead of redirecting the call.
-  (Closes issue #18171. Reported by: SantaFox)
-  (Closes issue #18185. Reported by: kwemheuer)
-  (Closes issue #18211. Reported by: zahir_koradia)
-  (Closes issue #18230. Reported by: vmarrone)
-  (Closes issue #18299. Reported by: mbrevda)
-  (Closes issue #18322. Reported by: nerbos)
-
- * Fix reloading of peer when a user is requested. Prevent peer reloading from
-  causing multiple MWI subscriptions to be created when using realtime.
-  (Closes issue #18342. Reported, patched by nivek.)
-
- * Fix XMPP PubSub-based distributed device state. Initialize pubsubflags to 0
-  so res_jabber doesn't think there is already an XMPP connection sending
-  device state. Also clean up CLI commands a bit.
-  (Closes issue #18272. Reported by klaus3000. Patched by Marquis42)
-
- * Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
-  setting peer->cdr = NULL, set it to not post.
-  (Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
-
- * Fixes issue with outbound google voice calls not working. Thanks to az1234
-  and nevermind_quack for their input in helping debug the issue.
-  (Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.1.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.1.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.1.1 resolves two issues reported by the community
- since the release of Asterisk 1.8.1.
-
-  * Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
-   setting peer->cdr = NULL, set it to not post.
-   (Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
-
-  * Fixes issue with outbound google voice calls not working. Thanks to az1234
-   and nevermind_quack for their input in helping debug the issue.
-   (Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
-
- For a full list of changes in this release candidate, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1.1
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.1. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix issue when using directmedia. Asterisk needs to limit the codecs offered
-   to just the ones that both sides recognize, otherwise they may end up sending
-   audio that the other side doesn't understand.
-   (Closes issue #17403. Reported, patched by one47. Tested by one47, falves11)
-
- * Resolve issue where Party A in an analog 3-way call would continue to hear
-   ringback after party C answers.
-   (Patched by rmudgett)
-
- * Fix playback failure when using IAX with the timerfd module.
-   (Closes issue #18110. Reported, tested by tpanton. Patched by jpeeler)
-
- * Fix problem with qualify option packets for realtime peers never stopping.
-   The option packets not only never stopped, but if a realtime peer was not in
-   the peer list multiple options dialogs could accumulate over time.
-   (Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
-   jpeeler)
-
- * Fix issue where it is possible to crash Asterisk by feeding the curl engine
-   invalid data.
-   (Closes issue #18161. Reported by wdoekes. Patched by tilghman)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #670777 - CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
        https://bugzilla.redhat.com/show_bug.cgi?id=670777
--------------------------------------------------------------------------------


================================================================================
 drupal6-rules-1.4-3.el6 (FEDORA-EPEL-2011-0199)
 It allows site administrators to define conditionally executed actions
--------------------------------------------------------------------------------
Update Information:

It allows site administrators to define conditionally executed actions.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #669509 - Review Request: drupal6-rules - It allows site administrators to define conditionally executed actions
        https://bugzilla.redhat.com/show_bug.cgi?id=669509
--------------------------------------------------------------------------------


================================================================================
 erlang-ibrowse-2.1.3-1.el6 (FEDORA-EPEL-2011-0205)
 Erlang HTTP client
--------------------------------------------------------------------------------
Update Information:

* Ver. 2.1.3 (required by CouchDB 1.0.2)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 27 2011 Peter Lemenkov <lemenkov at gmail.com> - 2.1.3-1
- Ver. 2.1.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #668725 - Upgrade to 2.1.2
        https://bugzilla.redhat.com/show_bug.cgi?id=668725
--------------------------------------------------------------------------------


================================================================================
 libsrtp-1.4.4-2.20101004cvs.el6 (FEDORA-EPEL-2011-0191)
 An implementation of the Secure Real-time Transport Protocol (SRTP)
--------------------------------------------------------------------------------
Update Information:

Update to 1.8.2.3 to fix CVE-2011-0495
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #670777 - CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
        https://bugzilla.redhat.com/show_bug.cgi?id=670777
--------------------------------------------------------------------------------


================================================================================
 perl-CPAN-Meta-YAML-0.003-3.el6 (FEDORA-EPEL-2011-0196)
 Read and write a subset of YAML for CPAN Meta files
--------------------------------------------------------------------------------
Update Information:

This module implements a subset of the YAML specification for use in reading and writing CPAN metadata files like META.yml and MYMETA.yml. It should not be used for any other general YAML parsing or generation task.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #672807 - Review Request: perl-CPAN-Meta-YAML - Read and write a subset of YAML for CPAN Meta files
        https://bugzilla.redhat.com/show_bug.cgi?id=672807
--------------------------------------------------------------------------------


================================================================================
 perl-Perl-OSType-1.002-3.el6 (FEDORA-EPEL-2011-0204)
 Map Perl operating system names to generic types
--------------------------------------------------------------------------------
Update Information:

Modules that provide OS-specific behaviors often need to know if the current operating system matches a more generic type of operating systems. For example, 'linux' is a type of 'Unix' operating system and so is 'freebsd'.

This module provides a mapping between an operating system name as given by $^O and a more generic type. The initial version is based on the OS type mappings provided in Module::Build and ExtUtils::CBuilder (thus, Microsoft operating systems are given the type 'Windows' rather than 'Win32').
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #672801 - Review Request: perl-Perl-OSType - Map Perl operating system names to generic types
        https://bugzilla.redhat.com/show_bug.cgi?id=672801
--------------------------------------------------------------------------------


================================================================================
 pyvnc2swf-0.9.5-9.el6 (FEDORA-EPEL-2011-0208)
 VNC screen recorder
--------------------------------------------------------------------------------
Update Information:

At the time of EPEL-6 release, pyvnc2swf could not be built due to x11vnc being unavailable. x11vnc had a java dependent package, which is not currently build-able on ppc64 architecture.

Now that x11vnc does not attempt to build it's java subpackage on ppc64 it's builds succeed, and hence we can make pyvnc2swf available for EL6.
--------------------------------------------------------------------------------


================================================================================
 t1utils-1.36-1.el6 (FEDORA-EPEL-2011-0198)
 Collection of Type 1 and 2 font manipulation utilities
--------------------------------------------------------------------------------
Update Information:

t1utils is a collection of programs for manipulating PostScript type 1 and type 2 fonts containing programs to convert between PFA (ASCII) format, PFB (binary) format, a human-readable and editable ASCII format, and Macintosh resource forks.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 26 2011 Robert Scheck <robert at fedoraproject.org> 1.36-1
- Update to 1.36
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #616522 - EPEL 6 request for t1utils
        https://bugzilla.redhat.com/show_bug.cgi?id=616522
  [ 2 ] Bug #616531 - Package Change Request - t1utils
        https://bugzilla.redhat.com/show_bug.cgi?id=616531
--------------------------------------------------------------------------------





More information about the epel-devel-list mailing list