The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/bugzilla-3.2.10-1.el5
https://admin.fedoraproject.org/updates/rt3-3.6.11-2.el5
https://admin.fedoraproject.org/updates/puppet-2.6.6-3.el5
https://admin.fedoraproject.org/updates/couchdb-1.0.2-8.el5,erlang-ibrowse-2.2.0-3.el5
https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-1.el5
https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el5
https://admin.fedoraproject.org/updates/phpMyAdmin3-3.4.5-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal6-pathauto-2.0-0.4.rc2.el5
facter-1.6.1-1.el5
gromacs-4.5.5-1.el5
netatalk-2.0.5-3.el5
puppet-2.6.6-3.el5
python-asciitable-0.7.1-1.el5
Details about builds:
================================================================================
drupal6-pathauto-2.0-0.4.rc2.el5 (FEDORA-EPEL-2011-4563)
Automatically generates path aliases
--------------------------------------------------------------------------------
Update Information:
Updated to 2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Peter Borsa <asrob@claire> - 2.0-0.4.rc2
- Updated to 2.0 version.
* Tue Feb 8 2011 Fedora Release Engineering <[email protected]>
- 1.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
facter-1.6.1-1.el5 (FEDORA-EPEL-2011-4572)
Ruby module for collecting simple facts about a host operating system
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release. Refer to the release announcement for full details:
http://groups.google.com/group/puppet-users/browse_thread/thread/d2061ec6263c5d88
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Todd Zullinger <[email protected]> - 1.6.1-1
- Update to 1.6.1
- Minor spec file reformatting
--------------------------------------------------------------------------------
================================================================================
gromacs-4.5.5-1.el5 (FEDORA-EPEL-2011-4562)
Fast, Free and Flexible Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:
Bugfix update to 4.5.5, see
http://lists.gromacs.org/pipermail/gmx-users/2011-September/064683.html for
release info.
First build in EL6.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Jussi Lehtola <[email protected]> - 4.5.5-1
- Update to 4.5.5.
* Wed Jun 8 2011 Jussi Lehtola <[email protected]> - 4.5.4-1
- Update to 4.5.4.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #739875 - gromacs-4.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=739875
[ 2 ] Bug #739212 - EL-6 branch is missing
https://bugzilla.redhat.com/show_bug.cgi?id=739212
--------------------------------------------------------------------------------
================================================================================
netatalk-2.0.5-3.el5 (FEDORA-EPEL-2011-4567)
AppleTalk networking programs
--------------------------------------------------------------------------------
Update Information:
rebuild with libcrypt
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Jiri Skala <[email protected]> - 4:2.0.5-3
- rebuild for bodhi
* Fri Jul 22 2011 Jiri Skala <[email protected]> - 4:2.0.5-2
- add option --with-libcrypt
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #731217 - DHX2 UAMS support in Netatalk
https://bugzilla.redhat.com/show_bug.cgi?id=731217
--------------------------------------------------------------------------------
================================================================================
puppet-2.6.6-3.el5 (FEDORA-EPEL-2011-4573)
A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
The following vulnerabilities have been discovered and fixed:
* CVE-2011-3870, a symlink attack via a user's SSH authorized_keys file
* CVE-2011-3869, a symlink attack via a user's .k5login file
* CVE-2011-3871, a privilege escalation attack via the temp file used by the
puppet resource application
* A low-risk file indirector injection attack
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
A vulnerability was discovered in puppet that would allow an attacker to
install a valid X509 Certificate Signing Request at any location on disk, with
the privileges of the Puppet Master application. For Fedora and EPEL, this is
the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is
vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to
install a valid X509 Certificate Signing Request at any location on disk, with
the privileges of the Puppet Master application. For Fedora and EPEL, this is
the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is
vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to
install a valid X509 Certificate Signing Request at any location on disk, with
the privileges of the Puppet Master application. For Fedora and EPEL, this is
the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is
vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to
install a valid X509 Certificate Signing Request at any location on disk, with
the privileges of the Puppet Master application. For Fedora and EPEL, this is
the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is
vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to
install a valid X509 Certificate Signing Request at any location on disk, with
the privileges of the Puppet Master application. For Fedora and EPEL, this is
the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is
vulnerable to this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Todd Zullinger <[email protected]> - 2.6.6-3
- Apply upstream patches for CVE-2011-3869, CVE-2011-3870, CVE-2011-3871, and
upstream #9793
* Tue Sep 27 2011 Todd Zullinger <[email protected]> - 2.6.6-2
- Apply upstream patch for CVE-2011-3848
--------------------------------------------------------------------------------
================================================================================
python-asciitable-0.7.1-1.el5 (FEDORA-EPEL-2011-4566)
Extensible ASCII table reader and writer
--------------------------------------------------------------------------------
Update Information:
This is a minor feature and bug-fix release
* Add a method inconsistent_handler() to the BaseReader class as a hook to
handle rows with an inconsistent number of data columns (contributed by Erik
Tollerud).
* Output a more informative error message when guessing fails.
* Fix issues in column type handling, mostly related to the MemoryReader
class which is used for writing tables.
* Fix a problem in guessing where user-supplied args were not filtering the
guess possibilities correctly.
* Fix problem reading a single column, string-only table with MemoryReader on
MacOS.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Sergio Pascual <[email protected]> - 0.7.1-1
- New upstream version, with bugfixes
--------------------------------------------------------------------------------
_______________________________________________
epel-devel-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/epel-devel-list
