Fedora EPEL 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu May 24 15:55:44 UTC 2012 

The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5944/python-tornado-2.2.1-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5854/perl-Config-IniFiles-2.72-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5955/socat-1.7.2.1-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5960/moodle-2.1.6-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    erlang-gen_leader-1.0-1.el6
    gitolite3-3.03-1.el6
    ldns-1.6.13-1.el6
    moodle-2.1.6-1.el6
    rubygem-aws-sdk-1.4.1-1.el6
    rubygem-aws-sdk-1.4.1-2.el6
    socat-1.7.2.1-1.el6
    zeroinstall-injector-1.8-1.el6

Details about builds:


================================================================================
 erlang-gen_leader-1.0-1.el6 (FEDORA-EPEL-2012-5957)
 A leader election behavior modeled after gen_server
--------------------------------------------------------------------------------
Update Information:

* First stable release.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 22 2012 Peter Lemenkov <lemenkov at gmail.com> - 1.0-1
- Ver. 1.0
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0-0.4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0-0.3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 gitolite3-3.03-1.el6 (FEDORA-EPEL-2012-5954)
 Highly flexible server for git directory version tracker
--------------------------------------------------------------------------------
Update Information:

3.03.
New upstream.
New package for gitolite 3.01.
New package for gitolite 3.01.
New package for gitolite 3.01.
New upstream.
New package for gitolite 3.01.
New package for gitolite 3.01.
New package for gitolite 3.01.
New upstream.
New package for gitolite 3.01.
New package for gitolite 3.01.
New package for gitolite 3.01.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #821838 - Review Request: gitolite3 - Highly flexible server for git directory version tracker
        https://bugzilla.redhat.com/show_bug.cgi?id=821838
--------------------------------------------------------------------------------


================================================================================
 ldns-1.6.13-1.el6 (FEDORA-EPEL-2012-5956)
 Lowlevel DNS(SEC) library with API
--------------------------------------------------------------------------------
Update Information:

Various minor bug fixes
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 21 2012 Paul Wouters <pwouters at redhat.com> - 1.6.13-1
- Upgraded to 1.6.13, bugfix release
- Added --disable-ecdsa as ECC is still banned
- Removed --with-sha2 - it is always enabled and option was removed
--------------------------------------------------------------------------------


================================================================================
 moodle-2.1.6-1.el6 (FEDORA-EPEL-2012-5960)
 A Course Management System
--------------------------------------------------------------------------------
Update Information:

CVE-2012-2353 MSA-12-0024: Hidden information access issue
CVE-2012-2354 MSA-12-0025: Personal communication access issue
CVE-2012-2355 MSA-12-0026: Quiz capability issue
CVE-2012-2356 MSA-12-0027: Question bank capability issues
CVE-2012-2357 MSA-12-0028: Insecure authentication issue
CVE-2012-2358 MSA-12-0029: Information editing access issue
CVE-2012-2359 MSA-12-0030: Capability manipulation issue
CVE-2012-2360 MSA-12-0031: Cross-site scripting vulnerability in Wiki
CVE-2012-2361 MSA-12-0032: Cross-site scripting vulnerability in Web services
CVE-2012-2362 MSA-12-0033: Cross-site scripting vulnerability in Blog
CVE-2012-2363 MSA-12-0034: Potential SQL injection issue
CVE-2012-2364 MSA-12-0035: Cross-site scripting vulnerability in "download all"
CVE-2012-2365 MSA-12-0036: Cross-site scripting vulnerability in category identifier
CVE-2012-2366 MSA-12-0037: Write access issue in Database activity module
CVE-2012-2367 MSA-12-0038: Calendar event write permission issue
Correct CAS unbundling.
Drop bundled language packs.
New upstreams, multiple vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 23 2012 Jon Ciesla <limburgher at gmail.com> - 2.1.6-1
- 2.1.6, security fixes, BZ 824482.
* Thu May 10 2012 Jon Ciesla <limburgher at gmail.com> - 2.1.5-3
- Fixed CAS unbundling per rcollet.
* Wed May  9 2012 Jon Ciesla <limburgher at gmail.com> - 2.1.5-2
- Dropped bundled language packs, BZ 748958.
* Mon Apr  2 2012 Jon Ciesla <limburgher at gmail.com> - 2.1.5-1
- New upstream, BZ 809227.
--------------------------------------------------------------------------------


================================================================================
 rubygem-aws-sdk-1.4.1-1.el6 (FEDORA-EPEL-2012-5952)
 AWS SDK for Ruby
--------------------------------------------------------------------------------
Update Information:

Update rubygem-aws-sdk in EPEL to latest version.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 23 2012 Brett Lentz <blentz at redhat.com> - 1.4.1-1
- Upstream release 1.4.1
* Thu Mar 15 2012 Brett Lentz <blentz at redhat.com> - 1.3.7-1
- Upstream release 1.3.7
--------------------------------------------------------------------------------


================================================================================
 rubygem-aws-sdk-1.4.1-2.el6 (FEDORA-EPEL-2012-5953)
 AWS SDK for Ruby
--------------------------------------------------------------------------------
Update Information:

Updated aws-sdk for el6
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 23 2012 Brett Lentz <blentz at redhat.com> - 1.4.1-2
- Re-add dropped patch to fix nokogiri deps.
* Wed May 23 2012 Brett Lentz <blentz at redhat.com> - 1.4.1-1
- Upstream release 1.4.1
* Thu Mar 15 2012 Brett Lentz <blentz at redhat.com> - 1.3.7-1
- Upstream release 1.3.7
--------------------------------------------------------------------------------


================================================================================
 socat-1.7.2.1-1.el6 (FEDORA-EPEL-2012-5955)
 Bidirectional data relay between two data channels ('netcat++')
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2012-0219 heap-based buffer overflow
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 23 2012 Paul Wouters <pwouters at redhat.com> - 1.7.2.1-1
- Updated to 1.7.2.1 for CVE-2012-0219, rhbz#821554, rhbz#821688
- Remove patch merged upstream
- Remove --disable-fips from configure
- Added socat-1.7.2.1-errqueue.patch
--------------------------------------------------------------------------------


================================================================================
 zeroinstall-injector-1.8-1.el6 (FEDORA-EPEL-2012-5959)
 The Zero Install Injector (0launch)
--------------------------------------------------------------------------------
Update Information:

Latest upstream release; see 
http://article.gmane.org/gmane.comp.file-systems.zero-install.devel/5866

for details.
New features:
- Warn about replaced interfaces in "0install update".
- Attempting to create an alias to a replaced interface uses the replacement.
- Allow <command> inside <package-implementation>.

Many bug fixes; see http://article.gmane.org/gmane.comp.file-systems.zero-install.devel/5493 for details

--------------------------------------------------------------------------------
ChangeLog:

* Wed May 23 2012 Michel Salim <salimma at fedoraproject.org> - 1.8-1
- Update to 1.8
* Tue Apr 24 2012 Michel Salim <salimma at fedoraproject.org> - 1.7-1
- Update to 1.7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #789695 - zeroinstall-injector-1.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=789695
--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list