EPEL Fedora 6 updates-testing report

updates Fri, 11 Oct 2013 11:04:33 -0700

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 537  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
  51  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6
  12  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11703/chicken-4.8.0.4-4.el6
  12  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11706/fedmsg-0.7.1-2.el6
  10  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11733/php-pecl-xhprof-0.9.4-1.el6
   2  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11771/mod_fcgid-2.3.9-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11803/dropbear-2013.59-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11785/phpMyAdmin-3.5.8.2-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11817/ReviewBoard-1.7.15-1.el6,python-djblets-0.7.20-1.el6



The following builds have been pushed to Fedora EPEL 6 updates-testing

    ReviewBoard-1.7.15-1.el6
    nodejs-node-static-0.7.1-2.el6
    nx-libs-3.5.0.21-4.el6
    perl-Term-ShellUI-0.92-2.el6
    python-djblets-0.7.20-1.el6
    python-py-1.4.17-1.el6
    satyr-0.10-1.el6
    transifex-client-0.9-4.el6

Details about builds:


================================================================================
 ReviewBoard-1.7.15-1.el6 (FEDORA-EPEL-2013-11817)
 Web-based code review tool
--------------------------------------------------------------------------------
Update Information:

    Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users 
could access certain data they should not have been able to access, if using 
the Local Sites feature, invite-only groups, or private repositories. It also 
fixes cases with invite-only groups where the group name and list of private 
review requests would show up on some pages (though the review requests 
themselves were not accessible).

    These issues do not affect most of the installations out there, but we 
strongly recommend upgrading anyway. There are no known cases of anyone 
exploiting these bugs, and in fact we discovered these internally while 
building new tools to test for security vulnerabilities in our codebase.

    There are also some other bug fixes, and important changes needed for 
extensions that provide their own REST APIs.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2013 Stephen Gallagher <[email protected]> - 1.7.15-1
- New upstream security release 1.7.15
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15/
- Resolves: CVE-2013-4410
- Fixes access-control problems with REST API
- Resolves: CVE-2013-4411
- Fixes URL processing allowing unauthorized users to view review lists
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with 
REST API
        https://bugzilla.redhat.com/show_bug.cgi?id=1016596
  [ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows 
unauthorized users to view review lists
        https://bugzilla.redhat.com/show_bug.cgi?id=1016599
  [ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() 
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=1016601
--------------------------------------------------------------------------------


================================================================================
 nodejs-node-static-0.7.1-2.el6 (FEDORA-EPEL-2013-11816)
 Simple, compliant file streaming module for node
--------------------------------------------------------------------------------
Update Information:

Newpackage
--------------------------------------------------------------------------------


================================================================================
 nx-libs-3.5.0.21-4.el6 (FEDORA-EPEL-2013-11818)
 NX X11 protocol compression libraries
--------------------------------------------------------------------------------
Update Information:

NX is a software suite which implements very efficient compression of
the X11 protocol. This increases performance when using X
applications over a network, especially a slow one.

This package provides the core nx-X11 libraries customized for
nxagent/x2goagent.

--------------------------------------------------------------------------------


================================================================================
 perl-Term-ShellUI-0.92-2.el6 (FEDORA-EPEL-2013-11814)
 Perl module to implement a full-featured shell-like command line environment
--------------------------------------------------------------------------------
Update Information:

Initial push
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1002319 - Review Request:  perl-Term-ShellUI - Fully-featured 
shell-like command line environment
        https://bugzilla.redhat.com/show_bug.cgi?id=1002319
--------------------------------------------------------------------------------


================================================================================
 python-djblets-0.7.20-1.el6 (FEDORA-EPEL-2013-11817)
 A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:

    Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users 
could access certain data they should not have been able to access, if using 
the Local Sites feature, invite-only groups, or private repositories. It also 
fixes cases with invite-only groups where the group name and list of private 
review requests would show up on some pages (though the review requests 
themselves were not accessible).

    These issues do not affect most of the installations out there, but we 
strongly recommend upgrading anyway. There are no known cases of anyone 
exploiting these bugs, and in fact we discovered these internally while 
building new tools to test for security vulnerabilities in our codebase.

    There are also some other bug fixes, and important changes needed for 
extensions that provide their own REST APIs.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2013 Stephen Gallagher <[email protected]> - 0.7.20-1
- New upstream bugfix release 0.7.20
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.20.NEWS
- Fixed regression with pagination on the datagrid
* Thu Oct 10 2013 Stephen Gallagher <[email protected]> - 0.7.19-1
- New upstream security release 0.7.19
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.19.NEWS
- Resolves: CVE-2013-4409
- Resolves unsanitized eval() vulnerability
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with 
REST API
        https://bugzilla.redhat.com/show_bug.cgi?id=1016596
  [ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows 
unauthorized users to view review lists
        https://bugzilla.redhat.com/show_bug.cgi?id=1016599
  [ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() 
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=1016601
--------------------------------------------------------------------------------


================================================================================
 python-py-1.4.17-1.el6 (FEDORA-EPEL-2013-11815)
 Library with cross-python path, ini-parsing, io, code, log facilities
--------------------------------------------------------------------------------
Update Information:

Update pylib to the latest stable version.

Changes between 1.4.16 and 1.4.17:

- make py.io.TerminalWriter() prefer colorama if it is available and avoid 
empty lines when separator-lines are printed by being defensive and reducing 
the working terminalwidth by 1

- introduce optional "expanduser" argument to py.path.local so that local("~", 
expanduser=True) gives the home directory of "user".

--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  4 2013 Thomas Moschny <[email protected]> - 1.4.17-1
- Update to 1.4.17.
* Thu Oct  3 2013 Thomas Moschny <[email protected]> - 1.4.16-1
- Update to 1.4.16.
* Sun Aug  4 2013 Fedora Release Engineering <[email protected]> 
- 1.4.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 satyr-0.10-1.el6 (FEDORA-EPEL-2013-11820)
 Tools to create anonymous, machine-friendly problem reports
--------------------------------------------------------------------------------
Update Information:

- Fix a segmentation fault in sr_rpm_package_uniq()
- Respect kernel flavor when parsing package name
- Parse backtrace without Thread header
- Fix koops json output if there are no modules
- Add support for multiple koops stacks

* Enrich koops uReport data with koops text and kernel version.
* Improve koops modules handling.
* Added support for json de/serialization of reports and stacktraces.
* Library version number increased, as the interface changed since the last 
release
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct  3 2013 Jakub Filak <[email protected]> 0.10-1
- New upstream version
  - Fix a segmentation fault in sr_rpm_package_uniq()
  - Respect kernel flavor when parsing package name
  - Parse backtrace without Thread header
  - Fix koops json output if there are no modules
  - Add support for multiple koops stacks
* Wed Sep 11 2013 Jakub Filak <[email protected]> 0.9-1
- New upstream version
  - Enrich koops uReport data with koops text and kernel version.
  - Improve koops modules handling.
* Wed Aug 28 2013 Richard Marko<[email protected]> 0.8-1
- New upstream version
  - Added support for json de/serialization of reports and stacktraces.
  - Library version number increased, as the interface changed since the last 
release
* Mon Aug 26 2013 Martin Milata <[email protected]> 0.7-1
- New upstream version
  - Fix couple of crashes (#997076, #994747)
* Mon Jul 29 2013 Martin Milata <[email protected]> 0.6-1
- New upstream version
  - Do not export internal function symbols.
--------------------------------------------------------------------------------


================================================================================
 transifex-client-0.9-4.el6 (FEDORA-EPEL-2013-11819)
 Command line tool for Transifex translation management
--------------------------------------------------------------------------------
Update Information:

Command line tool for Transifex translation management

--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2013 Luis Bazan <[email protected]> - 0.9-4
- Fix BZ #1002546
* Mon Aug 26 2013 Luis Bazan <[email protected]> - 0.9-3
- remove dependency
* Thu Aug 15 2013 Luis Bazan <[email protected]> - 0.9-2
- add new requirement
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1002546 - Missing Dependency: python-setuptools.noarch
        https://bugzilla.redhat.com/show_bug.cgi?id=1002546
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

EPEL Fedora 6 updates-testing report

Reply via email to