Fedora EPEL 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jul 26 07:59:53 UTC 2011
The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/xml-security-c-1.6.0-2.el6
https://admin.fedoraproject.org/updates/bugzilla-3.4.11-1.el6
https://admin.fedoraproject.org/updates/rt3-3.8.10-2.el6.1
https://admin.fedoraproject.org/updates/cgit-0.9.0.2-2.el6
https://admin.fedoraproject.org/updates/glpi-0.78.5-2.svn14966.el6
https://admin.fedoraproject.org/updates/squirrelmail-1.4.22-2.el6
https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.3.2-1.el6
https://admin.fedoraproject.org/updates/ejabberd-2.1.8-2.el6
https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
asterisk-1.8.5.0-1.el6.2
bluefish-2.0.3-4.el6
django-authopenid-1.0.1-1.el6
django-kombu-0.9.2-1.el6
glpi-0.78.5-2.svn14966.el6
grace-5.1.22-7.el6
nordugrid-arc-1.0.1-1.el6.1
nordugrid-arc-doc-1.0.2-1.el6
phpMyAdmin-3.4.3.2-1.el6
spectrum-1.4.8-2.el6
zeroinstall-injector-1.2-1.el6
Details about builds:
================================================================================
asterisk-1.8.5.0-1.el6.2 (FEDORA-EPEL-2011-3906)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team announces the release of Asterisk 1.8.5.0. This
release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix Deadlock with attended transfer of SIP call
(Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
cmaj)
* Fixes thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
rossbeer, kowalma, Freddi_Fonet)
* Be more tolerant of what URI we accept for call completion PUBLISH requests.
(Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
* Fix a nasty chanspy bug which was causing a channel leak every time a spied on
channel made a call.
(Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
* This patch fixes a bug with MeetMe behavior where the 'P' option for always
prompting for a pin is ignored for the first caller.
(Closes issue #18070. Reported by mav3rick. Patched by bbryant)
* Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
the call that the dialplan started an AGI script for is hungup while the AGI
script is in the middle of a command then the AGI script is not notified of
the hangup.
(Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)
* Resolve issue where leaving a voicemail, the MWI message is never sent. The
same thing happens when checking a voicemail and marking it as read.
(Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
Mudgett)
* Resolve issue where wait for leader with Music On Hold allows crosstalk
between participants. Parenthesis in the wrong position. Regression from issue
#14365 when expanding conference flags to use 64 bits.
(Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 21 2011 Petr Sabata <contyk at redhat.com> - 1.8.5.0-1.2
- Perl mass rebuild
* Wed Jul 20 2011 Petr Sabata <contyk at redhat.com> - 1.8.5.0-1.1
- Perl mass rebuild
* Mon Jul 11 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.5.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.5.0. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix Deadlock with attended transfer of SIP call
- (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
- cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
- (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
- rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requests.
- (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a spied on
- channel made a call.
- (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option for always
- prompting for a pin is ignored for the first caller.
- (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
- the call that the dialplan started an AGI script for is hungup while the AGI
- script is in the middle of a command then the AGI script is not notified of
- the hangup.
- (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent. The
- same thing happens when checking a voicemail and marking it as read.
- (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
- Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
- between participants. Parenthesis in the wrong position. Regression from issue
- #14365 when expanding conference flags to use 64 bits.
- (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0
* Thu Jul 7 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.5-0.2
- Rebuild for net-snmp 5.7
--------------------------------------------------------------------------------
================================================================================
bluefish-2.0.3-4.el6 (FEDORA-EPEL-2011-3918)
GTK2 web development application for experienced users
--------------------------------------------------------------------------------
Update Information:
This update includes an upstream fix for a crash originally caused by opening lots of files and then closing them quickly with
Ctrl-W.
https://bugzilla.gnome.org/show_bug.cgi?id=654838
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2011 Paul Howarth <paul at city-fan.org> - 2.0.3-4
- Fix crash in _gtk_text_btree_get_chars_changed_stamp
(Gnome bug 654838, #720990)
- Nobody else likes macros for commands
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #720990 - [abrt] bluefish-2.0.3-3.fc14: Process /usr/bin/bluefish was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=720990
--------------------------------------------------------------------------------
================================================================================
django-authopenid-1.0.1-1.el6 (FEDORA-EPEL-2011-3909)
Django application to integrate Django authentication system with OpenID
--------------------------------------------------------------------------------
Update Information:
A new package for EL6 of django-authopenid
--------------------------------------------------------------------------------
================================================================================
django-kombu-0.9.2-1.el6 (FEDORA-EPEL-2011-3915)
Kombu transport using the Django database as a message store
--------------------------------------------------------------------------------
Update Information:
Kombu transport using the Django database as a message store
--------------------------------------------------------------------------------
================================================================================
glpi-0.78.5-2.svn14966.el6 (FEDORA-EPEL-2011-3920)
Free IT asset management software
--------------------------------------------------------------------------------
Update Information:
This update fixes a database information disclosure vulnerability in GLPI (Advisory not yet published).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2011 Remi Collet <Fedora at FamilleCollet.com> - 0.78.5-2.svn14966
- bug and security fix from SVN.
--------------------------------------------------------------------------------
================================================================================
grace-5.1.22-7.el6 (FEDORA-EPEL-2011-3905)
Numerical Data Processing and Visualization Tool
--------------------------------------------------------------------------------
Update Information:
First build for EPEL 6.
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-1.0.1-1.el6.1 (FEDORA-EPEL-2011-3919)
Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:
The Advanced Resource Connector (ARC) Grid Middleware developed by the NorduGrid collaboration.
ARC brings computing resources together across institutional boundaries. This concept is commonly referred to as a "computational grid". Historically, grids address the organization of distributed storage of data and parallel computation, but arbitrary services are thinkable.
This is the first release of ARC in Fedora and EPEL.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #530684 - Review Request: nordugrid-arc - Advanced Resource Connector Grid Middleware
https://bugzilla.redhat.com/show_bug.cgi?id=530684
[ 2 ] Bug #704835 - Review Request: nordugrid-arc-doc - Advanced Resource Connector Documentation
https://bugzilla.redhat.com/show_bug.cgi?id=704835
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-doc-1.0.2-1.el6 (FEDORA-EPEL-2011-3919)
Advanced Resource Connector Documentation
--------------------------------------------------------------------------------
Update Information:
The Advanced Resource Connector (ARC) Grid Middleware developed by the NorduGrid collaboration.
ARC brings computing resources together across institutional boundaries. This concept is commonly referred to as a "computational grid". Historically, grids address the organization of distributed storage of data and parallel computation, but arbitrary services are thinkable.
This is the first release of ARC in Fedora and EPEL.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #530684 - Review Request: nordugrid-arc - Advanced Resource Connector Grid Middleware
https://bugzilla.redhat.com/show_bug.cgi?id=530684
[ 2 ] Bug #704835 - Review Request: nordugrid-arc-doc - Advanced Resource Connector Documentation
https://bugzilla.redhat.com/show_bug.cgi?id=704835
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-3.4.3.2-1.el6 (FEDORA-EPEL-2011-3910)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
Changes for 3.4.3.2 (2011-07-23)
* [PMASA-2011-9] XSS in table Print view (http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php)
* [PMASA-2011-10] Local file inclusion via a crafted MIME-type transformation parameter (http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php)
* [PMASA-2011-11] Local file inclusion vulnerability and code execution (http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php)
* [PMASA-2011-12] Possible superglobal and local variables manipulation in swekey authentication (http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2011 Robert Scheck <robert at fedoraproject.org> 3.4.3.2-1
- Upgrade to 3.4.3.2 (#725377, #725381, #725382, #725383, #725384)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #725381 - CVE-2011-2642 phpMyAdmin: v3.3.10.3, v3.4.3.2: XSS in table Print view (PMASA-2011-9)
https://bugzilla.redhat.com/show_bug.cgi?id=725381
[ 2 ] Bug #725382 - CVE-2011-2643 phpMyAdmin: v3.3.10.3, v3.4.3.2: Local file inclusion via a crafted MIME-type transformation parameter (PMASA-2011-10)
https://bugzilla.redhat.com/show_bug.cgi?id=725382
[ 3 ] Bug #725383 - PMASA-2011-11 phpMyAdmin: v3.3.10.3, v3.4.3.2: Local file inclusion and code execution in 'relational schema' code (PMASA-2011-11)
https://bugzilla.redhat.com/show_bug.cgi?id=725383
[ 4 ] Bug #725384 - PMASA-2011-12 phpMyAdmin: v3.3.10.3, v3.4.3.2: Possible session manipulation in Swekey extention authentication (PMASA-2011-12)
https://bugzilla.redhat.com/show_bug.cgi?id=725384
--------------------------------------------------------------------------------
================================================================================
spectrum-1.4.8-2.el6 (FEDORA-EPEL-2011-3917)
XMPP transport/gateway
--------------------------------------------------------------------------------
Update Information:
Build against new libev.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 24 2011 Matěj Cepl <mcepl at redhat.com> - 1.4.8-2
- Rebuilt for new libev version.
--------------------------------------------------------------------------------
================================================================================
zeroinstall-injector-1.2-1.el6 (FEDORA-EPEL-2011-3913)
The Zero Install Injector (0launch)
--------------------------------------------------------------------------------
Update Information:
0install 1.1: http://article.gmane.org/gmane.comp.file-systems.zero-install.devel/4331
- support for optional dependencies
- '0install digest' command
- environment variable separator now configurable
0install 1.2: http://article.gmane.org/gmane.comp.file-systems.zero-install.devel/4387
- added <executable-in-path> and <executable-in-var> bindings
- In selections, store <command> elements inside <selection> elements
- Display a deprecation warning if Selections(Policy) is used.
- 0alias now generates new-style launchers, and can parse both formats
- Batch up queries to PackageKit
- Fixed GUI performance problem with large number of feeds
- Write separator attribute for <environment> tag when serializing model
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2011 Michel Salim <salimma at fedoraproject.org> - 1.2-1
- Update to 1.2
* Sat Jul 2 2011 Michel Salim <salimma at fedoraproject.org> - 1.1-2
- Further launcher script clean-up
* Wed Jun 29 2011 Michel Salim <salimma at fedoraproject.org> - 1.1-1
- Update to 1.1
- Remove --versions option, obsoleted in favor of '0alias launcher'
* Wed Jun 22 2011 Michel Salim <salimma at fedoraproject.org> - 1.0-3
- Fix --versions handling of 0alias-generated launchers
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #725155 - zeroinstall-injector-1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=725155
--------------------------------------------------------------------------------
More information about the epel-devel-list
mailing list