Fedora EPEL 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Nov 15 19:34:13 UTC 2012
The following Fedora EPEL 6 Security updates need testing:
Age URL
207 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13367/seamonkey-2.13.2-1.el6
5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13432/weechat-0.3.8-3.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13477/cgit-0.9.1-1.el6
33 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13155/cobbler-2.4.0-beta2.el6
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13222/xlockmore-5.40-4.el6
4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13442/roundup-1.4.20-1.el6
31 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13172/ssmtp-2.61-19.el6
1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13088/python-django-horizon-2012.2-4.el6,openstack-utils-2012.2-6.el6,python-websockify-0.2.0-1.el6,novnc-0.4-2.el6,openstack-nova-2012.2-2.el6,openstack-cinder-2012.2-3.el6,python-django-openstack-auth-1.0.2-3.el6,python-cinderclient-0.2.26-1.el6,python-novaclient-2.9.0-1.el6,openstack-quantum-2012.2-2.el6,python-quantumclient-2.1.1-0.el6,python-prettytable-0.6.1-1.el6,openstack-glance-2012.2-3.el6,python-glanceclient-0.5.1-1.el6,openstack-keystone-2012.2-4.el6,python-keystoneclient-0.1.3.27-1.el6
31 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13176/icecast-2.3.3-1.el6
130 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13478/mod_security-2.7.1-3.el6,mod_security_crs-2.2.6-3.el6
395 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
cgit-0.9.1-1.el6
mod_security-2.7.1-3.el6
mod_security_crs-2.2.6-3.el6
qemu-1.2.0-19.el6.1
Details about builds:
================================================================================
cgit-0.9.1-1.el6 (FEDORA-EPEL-2012-13477)
A fast web interface for git
--------------------------------------------------------------------------------
Update Information:
Update to new upsteam version with 2 security fixes, enhancements and misc other bug fixes. See http://git.zx2c4.com/cgit/commit/?id=a6a932e198e8b6b564d7a4bb43e78078d8296026 for details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 15 2012 Kevin Fenzi <kevin at scrye.com> 0.9.1-1
- Update to 0.9.1
- Fixes bug #870714 - CVE-2012-4548
- Fixes bug #820733 - CVE-2012-4465
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.0.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #870714 - CVE-2012-4548 cgit: syntax-highlighting.sh command injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=870714
[ 2 ] Bug #820733 - avoid stack-smash when processing unusual commit [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=820733
--------------------------------------------------------------------------------
================================================================================
mod_security-2.7.1-3.el6 (FEDORA-EPEL-2012-13478)
Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
- Update to 2.7.1
- Update Core rules set to 2.2.6
- Fix build against libxml2 >= 2.9 (upstreamed)
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 15 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.1-3
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
(RHBZ #867424, #867773, #867774)
* Thu Nov 15 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.1-2
- Fix mod_security.conf
* Thu Nov 15 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.1-1
- Update to 2.7.1
- Remove libxml2 build patch (upstreamed)
- Update spec since upstream moved to github
* Thu Oct 18 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.0-2
- Add a patch to fix failed build against libxml2 >= 2.9.0
* Wed Oct 17 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.0-1
- Update to 2.7.0
* Fri Sep 28 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.6.8-1
- Update to 2.6.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #867424 - CVE-2012-4528 mod_security: multipart/invalid part ruleset bypass
https://bugzilla.redhat.com/show_bug.cgi?id=867424
--------------------------------------------------------------------------------
================================================================================
mod_security_crs-2.2.6-3.el6 (FEDORA-EPEL-2012-13478)
ModSecurity Rules
--------------------------------------------------------------------------------
Update Information:
- Update to 2.7.1
- Update Core rules set to 2.2.6
- Fix build against libxml2 >= 2.9 (upstreamed)
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 17 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.2.6-3
- Remove the patch since we're requiring mod_security >= 2.7.0
- Require mod_security >= 2.7.0
* Mon Oct 1 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.2.6-2
- Add a patch to fix incompatible rules.
- Update to new git release
* Sat Sep 15 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.2.6-1
- Update to 2.2.6
- Update spec file since upstream moved to Github.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #867424 - CVE-2012-4528 mod_security: multipart/invalid part ruleset bypass
https://bugzilla.redhat.com/show_bug.cgi?id=867424
--------------------------------------------------------------------------------
================================================================================
qemu-1.2.0-19.el6.1 (FEDORA-EPEL-2012-13479)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
This update brings QEMU, the machine emulator, to EPEL for Enterprise Linux 6.
Parts of QEMU (KVM for x86 with basic hardware emulation support, imaging utilities, guest agent in particular) and are shipped with Enterprise Linux for x86_64 architecture. EPEL packages can't conflict with or replace packages shipped with Enterprise Linux, and thus on x86_64 architecture this package supplements what's already shipped with the distribution.
--------------------------------------------------------------------------------
More information about the epel-devel-list
mailing list