Fedora EPEL 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Fri Dec 21 00:35:04 UTC 2012


The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 243  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
  28  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13537/claws-mail-3.9.0-1.el6,claws-mail-plugins-3.9.0-2.el6
   9  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13733/v8-3.13.7.5-1.el6
   9  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13740/pcp-3.6.10-2.el6
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13787/Django14-1.4.2-3.el6
  66  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13172/ssmtp-2.61-19.el6
  66  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13176/icecast-2.3.3-1.el6
  19  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13610/drupal6-ctools-1.10-1.el6
 165  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.el6
 431  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13786/fail2ban-0.8.8-1.el6
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13784/openstack-nova-2012.2.2-1.el6
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13828/drupal6-6.27-1.el6,drupal7-7.18-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    asterisk-1.8.19.0-1.el6
    drupal6-6.27-1.el6
    drupal7-7.18-1.el6
    globus-common-14.9-1.el6
    globus-core-8.9-2.el6
    globus-gram-job-manager-13.51-1.el6
    globus-gram-job-manager-condor-1.4-1.el6
    globus-gram-job-manager-pbs-1.6-1.el6
    globus-gram-job-manager-sge-1.5-2.el6
    globus-gridftp-server-6.16-1.el6
    globus-gsi-callback-4.4-1.el6
    globus-scheduler-event-generator-4.7-1.el6
    globus-simple-ca-3.2-1.el6
    grid-packaging-tools-3.6.3-1.el6
    lcm-0.9.2-1.el6
    ldns-1.6.16-1.el6
    libnetfilter_acct-1.0.0-2.el6
    php-horde-Horde-Constraint-2.0.1-2.el6
    php-horde-Horde-Log-2.0.1-2.el6
    php-horde-Horde-Role-1.0.1-1.el6
    php-horde-Horde-Scribe-2.0.1-1.el6
    php-horde-Horde-Thrift-2.0.1-2.el6
    python-webtest1.3-1.3.4-4.el6
    rubygem-mixlib-shellout-1.1.0-4.el6
    salt-0.11.1-1.el6
    zanata-python-client-1.3.13-1.el6

Details about builds:


================================================================================
 asterisk-1.8.19.0-1.el6 (FEDORA-EPEL-2012-13821)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

The Asterisk Development Team has announced the release of Asterisk 1.8.19.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 1.8.19.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Prevent resetting of NATted realtime peer address on reload.
  (Closes issue ASTERISK-18203. Reported by daren ferreira)

* --- Do not use a FILE handle when doing SIP TCP reads.
  (Closes issue ASTERISK-20212. Reported by Phil Ciccone)

* --- Fix execution of 'i' extension due to uninitialized variable.
  (Closes issue ASTERISK-20455. Reported by Richard Miller)

* --- Ensure that the Queue application tracks busy members in off
      nominal situations
  (Closes issue ASTERISK-20623. Reported by Bryan Walters)

* --- Properly extract the Body information of an EWS calendar item
  (Closes issue ASTERISK-19738. Reported by Dmitry Burilov)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.19.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 19 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.19.0-1:
- The Asterisk Development Team has announced the release of Asterisk 1.8.19.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.19.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Prevent resetting of NATted realtime peer address on reload.
-   (Closes issue ASTERISK-18203. Reported by daren ferreira)
-
- * --- Do not use a FILE handle when doing SIP TCP reads.
-   (Closes issue ASTERISK-20212. Reported by Phil Ciccone)
-
- * --- Fix execution of 'i' extension due to uninitialized variable.
-   (Closes issue ASTERISK-20455. Reported by Richard Miller)
-
- * --- Ensure that the Queue application tracks busy members in off
-       nominal situations
-   (Closes issue ASTERISK-20623. Reported by Bryan Walters)
-
- * --- Properly extract the Body information of an EWS calendar item
-   (Closes issue ASTERISK-19738. Reported by Dmitry Burilov)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.19.0
* Fri Dec  7 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.18.1-1:
- The Asterisk Development Team has announced the release of Asterisk 1.8.18.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.18.1 resolves an issue reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is the issue resolved in this release:
-
- * --- chan_local: Fix local_pvt ref leak in local_devicestate().
-   (Closes issue ASTERISK-20769. Reported by rmudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.18.1
--------------------------------------------------------------------------------


================================================================================
 drupal6-6.27-1.el6 (FEDORA-EPEL-2012-13828)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:

Upstream Drupal has reported SA-CORE-2012-004 [1] which corrects multiple vulnerabilities:

1) Access bypass (User module search - Drupal 6 and 7)
2) Access bypass (Upload module - Drupal 6)
3) Arbitrary PHP code execution (File upload modules - Drupal 6 and 7)

CVEs have been requested and are not yet assigned.

These flaws have been fixed in Drupal 6.27 and 7.18.

[1] http://drupal.org/SA-CORE-2012-004
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 20 2012 Jon Ciesla <limburgher at gmail.com> - 6.27-1
- 6.27.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #888990 - CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004)
        https://bugzilla.redhat.com/show_bug.cgi?id=888990
--------------------------------------------------------------------------------


================================================================================
 drupal7-7.18-1.el6 (FEDORA-EPEL-2012-13828)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:

Upstream Drupal has reported SA-CORE-2012-004 [1] which corrects multiple vulnerabilities:

1) Access bypass (User module search - Drupal 6 and 7)
2) Access bypass (Upload module - Drupal 6)
3) Arbitrary PHP code execution (File upload modules - Drupal 6 and 7)

CVEs have been requested and are not yet assigned.

These flaws have been fixed in Drupal 6.27 and 7.18.

[1] http://drupal.org/SA-CORE-2012-004
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 20 2012 Jon Ciesla <limburgher at gmail.com> - 7.18-1
- 7.18.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #888990 - CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004)
        https://bugzilla.redhat.com/show_bug.cgi?id=888990
--------------------------------------------------------------------------------


================================================================================
 globus-common-14.9-1.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - Common Library
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 14.9-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------


================================================================================
 globus-core-8.9-2.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - Globus Core
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 8.9-2
- Fix globus-spec-creator for TexLive 2012 (Fedora 18+)
--------------------------------------------------------------------------------


================================================================================
 globus-gram-job-manager-13.51-1.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - GRAM Jobmanager
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 13.51-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------


================================================================================
 globus-gram-job-manager-condor-1.4-1.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - Condor Job Manager Support
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.4-1
- Update to Globus Toolkit 5.2.3
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun  8 2012 Petr Pisar <ppisar at redhat.com> - 1.3-2
- Perl 5.16 rebuild
--------------------------------------------------------------------------------


================================================================================
 globus-gram-job-manager-pbs-1.6-1.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - PBS Job Manager Support
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.6-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------


================================================================================
 globus-gram-job-manager-sge-1.5-2.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - Grid Engine Job Manager Support
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.5-2
- Specfile clean-up
--------------------------------------------------------------------------------


================================================================================
 globus-gridftp-server-6.16-1.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.16-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------


================================================================================
 globus-gsi-callback-4.4-1.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - Globus GSI Callback Library
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.4-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------


================================================================================
 globus-scheduler-event-generator-4.7-1.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - Scheduler Event Generator
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.7-1
- Update to Globus Toolkit 5.2.3
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 globus-simple-ca-3.2-1.el6 (FEDORA-EPEL-2012-13812)
 Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec  7 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 3.2-1
- Update to Globus Toolkit 5.2.3
--------------------------------------------------------------------------------


================================================================================
 grid-packaging-tools-3.6.3-1.el6 (FEDORA-EPEL-2012-13812)
 Grid Packaging Tools (GPT)
--------------------------------------------------------------------------------
Update Information:

Update to Globus Toolkit 5.2.3.

See the release notes for details:

http://www.globus.org/toolkit/docs/5.2/5.2.3/rn/
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  6 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 3.6.3-1
- Update to version 3.6.3
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.6.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun  8 2012 Petr Pisar <ppisar at redhat.com> - 3.6.2-2
- Perl 5.16 rebuild
--------------------------------------------------------------------------------


================================================================================
 lcm-0.9.2-1.el6 (FEDORA-EPEL-2012-13831)
 Utilities for lightweight communications and marshaling
--------------------------------------------------------------------------------
Update Information:

This update fixes several issues; There has been one major change upstream, jar versioned link is no longer created by upstream, so we start doing it on install section.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 19 2012 Nelson Marques <nmarques at fedoraproject.org> - 0.9.2-1
- Update to 0.9.2
- Upstream doesn't create the .jar versioned link, we do it on install
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 ldns-1.6.16-1.el6 (FEDORA-EPEL-2012-13823)
 Lowlevel DNS(SEC) library with API
--------------------------------------------------------------------------------
Update Information:

Addresses bug in 1.6.14 and 1.6.15 that affects opendnssec
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 19 2012 Paul Wouters <pwouters at redhat.com> - 1.6.16-1
- Upgraded to 1.6.16
- The 1.6.15 was also pulled by upstream (we never pushed it)
--------------------------------------------------------------------------------


================================================================================
 libnetfilter_acct-1.0.0-2.el6 (FEDORA-EPEL-2012-13817)
 A library providing interface to extended accounting infrastructure
--------------------------------------------------------------------------------
Update Information:

New package: A library providing interface to extended netfilter accounting infrastructure.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #848990 - Review Request: libnetfilter_acct - A library providing interface to extended accounting infrastructure
        https://bugzilla.redhat.com/show_bug.cgi?id=848990
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Constraint-2.0.1-2.el6 (FEDORA-EPEL-2012-13826)
 Horde Constraint library
--------------------------------------------------------------------------------
Update Information:

Update to latest Horde version
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Log-2.0.1-2.el6 (FEDORA-EPEL-2012-13826)
 Horde Logging library
--------------------------------------------------------------------------------
Update Information:

Update to latest Horde version
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Role-1.0.1-1.el6 (FEDORA-EPEL-2012-13830)
 PEAR installer role used to install Horde components
--------------------------------------------------------------------------------
Update Information:

This package provides a method for PEAR to install Horde components into the base Horde installation.

System default Horde installation directory is /usr/share/horde.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #873408 - Review Request: php-horde-Horde-Role -  PEAR installer role used to install Horde components
        https://bugzilla.redhat.com/show_bug.cgi?id=873408
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Scribe-2.0.1-1.el6 (FEDORA-EPEL-2012-13820)
 Scribe
--------------------------------------------------------------------------------
Update Information:

Packaged version of the PHP Scribe client.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #873396 - Review Request: php-horde-Horde-Scribe - Scribe
        https://bugzilla.redhat.com/show_bug.cgi?id=873396
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Thrift-2.0.1-2.el6 (FEDORA-EPEL-2012-13819)
 Thrift
--------------------------------------------------------------------------------
Update Information:

Packaged version of the PHP Thrift client
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #873395 - Review Request: php-horde-Horde-Thrift - Thrift
        https://bugzilla.redhat.com/show_bug.cgi?id=873395
--------------------------------------------------------------------------------


================================================================================
 python-webtest1.3-1.3.4-4.el6 (FEDORA-EPEL-2012-13827)
 Helper to test WSGI applications
--------------------------------------------------------------------------------
Update Information:

Initial packaging
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #884855 - Review Request: python-webtest1.3 - Helper to test WSGI applications
        https://bugzilla.redhat.com/show_bug.cgi?id=884855
--------------------------------------------------------------------------------


================================================================================
 rubygem-mixlib-shellout-1.1.0-4.el6 (FEDORA-EPEL-2012-13813)
 Run external commands on Unix or Windows
--------------------------------------------------------------------------------
Update Information:

New package: a Ruby mixin for running external commands
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #823337 - Review Request: rubygem-mixlib-shellout - mixin for running external commands
        https://bugzilla.redhat.com/show_bug.cgi?id=823337
--------------------------------------------------------------------------------


================================================================================
 salt-0.11.1-1.el6 (FEDORA-EPEL-2012-13825)
 A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:

updated to 0.11.1 for security vulnerability fix
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 14 2012 Clint Savage <herlo1 at gmail.com> - 0.11.1-1
- Upstream patch release 0.11.1
- Fixes security vulnerability (https://github.com/saltstack/salt/issues/2916)
* Fri Dec 14 2012 Clint Savage <herlo1 at gmail.com> - 0.11.0-1
- Moved to upstream release 0.11.0
* Wed Dec  5 2012 Mike Chesnut <mchesnut at gmail.com> - 0.10.5-2
- moved to upstream release 0.10.5
- removing references to minion.template and master.template, as those files
  have been removed from the repo
--------------------------------------------------------------------------------


================================================================================
 zanata-python-client-1.3.13-1.el6 (FEDORA-EPEL-2012-13811)
 Python Client for Zanata Server
--------------------------------------------------------------------------------
Update Information:

- Use dict instead of nested loop
- Ensure that msgstr_plural is always set for plural strings
- Rename message to poentry for consistency

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 21 2012 Sean Flanigan <sflaniga at redhat.com> - 1.3.13-1
- Use dict instead of nested loop
- Ensure that msgstr_plural is always set for plural strings
- Rename message to poentry for consistency
--------------------------------------------------------------------------------





More information about the epel-devel-list mailing list