EPEL Fedora 6 updates-testing report

Wed, 29 Jan 2014 13:27:29 -0800 

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 648  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
  77  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.el6
  41  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12427/seamonkey-2.21-3.esr2.el6
  15  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0166/mediawiki119-1.19.10-1.el6
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0197/drupal7-7.26-1.el6
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0202/transifex-client-0.10-1.el6
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0205/drupal6-6.30-1.el6
  11  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0233/libreswan-3.8-1.el6
   7  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0282/moodle-2.4.8-1.el6
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0378/quassel-0.9.2-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0398/socat-1.7.2.3-1.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0395/libpng10-1.0.60-6.el6
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0393/tpp-1.3.1-16.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    bluebird-0.9-1.el6
    libpng10-1.0.60-6.el6
    pcp-3.8.12-1.el6
    socat-1.7.2.3-1.el6
    tpp-1.3.1-16.el6
    zabbix22-2.2.1-5.el6

Details about builds:


================================================================================
 bluebird-0.9-1.el6 (FEDORA-EPEL-2014-0397)
 A clean minimalistic theme for Xfce, GTK+ 2 and 3
--------------------------------------------------------------------------------
Update Information:

Bluebird GTK/Metacity theme from Shimmer Project. 
http://shimmerproject.org/project/bluebird/
--------------------------------------------------------------------------------


================================================================================
 libpng10-1.0.60-6.el6 (FEDORA-EPEL-2014-0395)
 Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:

This update fixes an issue in which an image with a missing or empty palette 
could cause a crash of a libpng10-using application (CVE-2013-6954).
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 23 2014 Paul Howarth <p...@city-fan.org> 1.0.60-6
- handle zero-length PLTE chunk or NULL palette with png_error(), to avoid
  later reading from a NULL pointer (png_ptr->palette) in
  png_do_expand_palette() (CVE-2013-6954)
* Sat Jul 27 2013 Paul Howarth <p...@city-fan.org> 1.0.60-5
- install docs to %{_pkgdocdir} where available
* Sun Mar 24 2013 Paul Howarth <p...@city-fan.org> 1.0.60-4
- tweak config.guess and config.sub to add aarch64 support (#925862)
- update source URL, moved upstream
* Thu Feb 14 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
1.0.60-3
- rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
1.0.60-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 11 2012 Paul Howarth <p...@city-fan.org> 1.0.60-1
- update to 1.0.60
  - changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk 
or NULL palette
        https://bugzilla.redhat.com/show_bug.cgi?id=1045561
--------------------------------------------------------------------------------


================================================================================
 pcp-3.8.12-1.el6 (FEDORA-EPEL-2014-0396)
 System-level performance monitoring and performance management
--------------------------------------------------------------------------------
Update Information:

Resolves SNMP procfs file ICMP line parse issue (BZ 1055818)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 29 2014 Nathan Scott <nath...@redhat.com> - 3.8.12-1
- Resolves SNMP procfs file ICMP line parse issue (BZ 1055818)
- Update to latest PCP sources.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1055818 - pmcd SEGV in linux pmda
        https://bugzilla.redhat.com/show_bug.cgi?id=1055818
--------------------------------------------------------------------------------


================================================================================
 socat-1.7.2.3-1.el6 (FEDORA-EPEL-2014-0398)
 Bidirectional data relay between two data channels ('netcat++')
--------------------------------------------------------------------------------
Update Information:

Security update for CVE-2014-0019, which fixes a denial of service flaw in 
socat when using PROXY-CONNECT 
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 29 2014 Paul Wouters <pwout...@redhat.com> - 1.7.2.3-1
- Updated to 1.7.2.3 for CVE-2014-0019
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1057746 - CVE-2014-0019 socat: PROXY-CONNECT address overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1057746
--------------------------------------------------------------------------------


================================================================================
 tpp-1.3.1-16.el6 (FEDORA-EPEL-2014-0393)
 A ncurses-based presentation tool
--------------------------------------------------------------------------------
Update Information:

976686, 976687: Don't execute commands with --exec by default (a...@debian.org)
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 18 2014 jesus m. rodriguez <jmro...@gmail.com> 1.3.1-16
- 976686, 976687: add exec patch to spec file (jmro...@gmail.com)
- 976686, 976687: Don't execute commands with --exec by default 
(a...@debian.org)
* Wed Jan 15 2014 jesus m. rodriguez <jmro...@gmail.com> 1.3.1-15
- patch to make it work (jmro...@gmail.com)
* Wed Jan 15 2014 jesus m. rodriguez <jes...@redhat.com> 1.3.1-14
- 977368: remove invalid vim-filesystem dependency 
(maxamill...@fedoraproject.org)
* Sun Aug  4 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.3.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr  2 2013 Vít Ondruch <vondr...@redhat.com> - 1.3.1-12
- Rebuild for https://fedoraproject.org/wiki/Features/Ruby_2.0.0
* Fri Feb 15 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.3.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.3.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #976686 - CVE-2013-2208 tpp: Possibility of arbitrary code 
execution when processing untrusted TPP template [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=976686
  [ 2 ] Bug #976687 - CVE-2013-2208 tpp: Possibility of arbitrary code 
execution when processing untrusted TPP template [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=976687
--------------------------------------------------------------------------------


================================================================================
 zabbix22-2.2.1-5.el6 (FEDORA-EPEL-2014-0394)
 Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:

Zabbix 2.2 is a major upgrade to previous releases. It is highly suggested to 
read the below README and documentation -- even if this is a fresh 
installation! The README is also included in the zabbix22 base package.

Please refer to the following documents:

* https://www.zabbix.com/documentation/2.2/manual/appendix/compatibility

* 
http://pkgs.fedoraproject.org/cgit/zabbix22.git/plain/zabbix-fedora-epel.README?h=el6

* https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew220

* https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew221
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1048621 - Review Request: zabbix22 - Open-source monitoring 
solution for your IT infrastructure
        https://bugzilla.redhat.com/show_bug.cgi?id=1048621
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
epel-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

Reply via email to