The following Fedora EPEL 5 Security updates need testing:
Age URL
275
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
169
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
52
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13612/drupal6-ctools-1.10-1.el5
17
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0011/drupal7-context-3.0-0.3.beta6.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0116/drupal6-6.28-1.el5
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0102/ettercap-0.7.3-21.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0139/proftpd-1.3.3g-2.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0148/drupal7-7.19-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal6-6.28-1.el5
drupal7-7.19-1.el5
fwsnort-1.6.3-1.el5
imapsync-1.518-2.el5
ivykis-0.36.1-1.el5
libxc-2.0.1-1.el5
ndjbdns-1.05.6-1.el5
php-pear-Image-Text-0.6.1-1.el5
php-pear-Text-Figlet-1.0.2-1.el5
php-pear-Text-Password-1.1.1-1.el5
proftpd-1.3.3g-2.el5
python-simplevisor-0.6-1.el5
safekeep-1.4.1-1.el5
salt-0.12.0-1.el5
Details about builds:
================================================================================
drupal6-6.28-1.el5 (FEDORA-EPEL-2013-0116)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
SA-CORE-2013-001
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 17 2013 Jon Ciesla <[email protected]> - 6.28-1
- 6.28, SA-CORE-2013-001.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896454 - drupal6-6.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=896454
[ 2 ] Bug #896468 - drupal6, drupal7: Multiple security flaws fixed in
upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896468
[ 3 ] Bug #896469 - drupal6, drupal7: Multiple security flaws fixed in
upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896469
[ 4 ] Bug #896470 - drupal6, drupal7: Multiple security flaws fixed in
upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896470
[ 5 ] Bug #896471 - drupal6, drupal7: Multiple security flaws fixed in
upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896471
--------------------------------------------------------------------------------
================================================================================
drupal7-7.19-1.el5 (FEDORA-EPEL-2013-0148)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
SA-CORE-2013-001
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 17 2013 Jon Ciesla <[email protected]> - 7.19-1
- 7.19, SA-CORE-2013-001.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896455 - drupal7-7.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=896455
[ 2 ] Bug #896468 - drupal6, drupal7: Multiple security flaws fixed in
upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896468
[ 3 ] Bug #896469 - drupal6, drupal7: Multiple security flaws fixed in
upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896469
[ 4 ] Bug #896470 - drupal6, drupal7: Multiple security flaws fixed in
upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896470
[ 5 ] Bug #896471 - drupal6, drupal7: Multiple security flaws fixed in
upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896471
--------------------------------------------------------------------------------
================================================================================
fwsnort-1.6.3-1.el5 (FEDORA-EPEL-2013-0160)
Translates Snort rules into equivalent iptables rules
--------------------------------------------------------------------------------
Update Information:
Updated version.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 10 2013 Guillermo Gómez <[email protected]> - 1.6.3-1
- Updated version.
* Thu Jul 19 2012 Fedora Release Engineering <[email protected]>
- 1.6.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun 8 2012 Petr Pisar <[email protected]> - 1.6.2-2
- Perl 5.16 rebuild
--------------------------------------------------------------------------------
================================================================================
imapsync-1.518-2.el5 (FEDORA-EPEL-2013-0154)
Tool to migrate email between IMAP servers
--------------------------------------------------------------------------------
Update Information:
Fix outdated license references in README and imapsync script to conform with
new NLPL license instead of WTFPL
Update to 1.518
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 17 2013 Nick Bebout <[email protected]> - 1.518-2
- Fix spec to install COPYING file now
* Thu Jan 17 2013 Nick Bebout <[email protected]> - 1.518-1
- Upgrade to 1.518
--------------------------------------------------------------------------------
================================================================================
ivykis-0.36.1-1.el5 (FEDORA-EPEL-2013-0125)
Library for asynchronous I/O readiness notification
--------------------------------------------------------------------------------
Update Information:
Update to 0.36.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 17 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 0.36.1-1
- Update to 0.36.1.
--------------------------------------------------------------------------------
================================================================================
libxc-2.0.1-1.el5 (FEDORA-EPEL-2013-0132)
Library of exchange and correlation functionals to be used in DFT codes
--------------------------------------------------------------------------------
Update Information:
Bugfixes to MGGA functionals, all B97-like GGA functionals and GGA C_WL
functional.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 21 2013 Susi Lehtola <[email protected]> - 2.0.1-1
- Update to 2.0.1.
--------------------------------------------------------------------------------
================================================================================
ndjbdns-1.05.6-1.el5 (FEDORA-EPEL-2013-0118)
New djbdns: usable djbdns
--------------------------------------------------------------------------------
Update Information:
New djbdns: usable djbdns
--------------------------------------------------------------------------------
================================================================================
php-pear-Image-Text-0.6.1-1.el5 (FEDORA-EPEL-2013-0136)
Advanced text manipulations in images
--------------------------------------------------------------------------------
Update Information:
Image_Text provides a comfortable interface to text manipulations in GD images.
Beside common Freetype2 functionality it offers to handle texts in a graphic-
or office-tool like way. For example it allows alignment of texts inside a text
box, rotation (around the top left corner of a text box or it's center point)
and the automatic measurement of the optimal font size for a given text box.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896014 - Review Request: php-pear-Image-Text - Advanced text
manipulations in images
https://bugzilla.redhat.com/show_bug.cgi?id=896014
--------------------------------------------------------------------------------
================================================================================
php-pear-Text-Figlet-1.0.2-1.el5 (FEDORA-EPEL-2013-0147)
Render text using FIGlet fonts
--------------------------------------------------------------------------------
Update Information:
Engine for use FIGlet fonts to rendering text.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #895992 - Review Request: php-pear-Text-Figlet - Render text using
FIGlet fonts
https://bugzilla.redhat.com/show_bug.cgi?id=895992
--------------------------------------------------------------------------------
================================================================================
php-pear-Text-Password-1.1.1-1.el5 (FEDORA-EPEL-2013-0120)
Creating passwords with PHP
--------------------------------------------------------------------------------
Update Information:
Text_Password allows one to create pronounceable and unpronounceable passwords.
The full functional range is explained in the manual at
http://pear.php.net/manual/.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #895984 - Review Request: php-pear-Text-Password - Creating
passwords with PHP
https://bugzilla.redhat.com/show_bug.cgi?id=895984
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3g-2.el5 (FEDORA-EPEL-2013-0139)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
Jann Horn reported that there is a possible race condition in the handling of
the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the
attacker is on the same physical machine as a running proftpd. This race
applies to mod_sftp and the handling of the MKDIR SFTP request as well.
Note that using the DefaultRoot directive to restrict sessions mitigates this
attack, since the symlinks created by the local attacker will point outside of
the chroot(2) area within the FTP session, and thus the ownership change will
fail. The default configuration in EPEL applies the DefaultRoot directive to
all users except "adm".
The upstream reference for this issue is:
http://bugs.proftpd.org/show_bug.cgi?id=3841
This update includes a backport to 1.3.3g of upstream's backport to proftpd
1.3.4 of the fix for this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 18 2013 Paul Howarth <[email protected]> 1.3.3g-2
- Fix possible symlink race when applying UserOwner to newly created directory
(CVE-2012-6095, #892715, http://bugs.proftpd.org/show_bug.cgi?id=3841)
- Add -fno-strict-aliasing, needed for mod_radius
- Drop %defattr, redundant since rpm 4.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #892715 - CVE-2012-6095 proftpd: Symlink race condition when
applying UserOwner to a newly (ProFTPD) created directory
https://bugzilla.redhat.com/show_bug.cgi?id=892715
--------------------------------------------------------------------------------
================================================================================
python-simplevisor-0.6-1.el5 (FEDORA-EPEL-2013-0153)
Python simple daemons supervisor
--------------------------------------------------------------------------------
Update Information:
First build, rhbz #857484.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #857484 - Review Request: python-simplevisor - Python simple
daemons supervisor
https://bugzilla.redhat.com/show_bug.cgi?id=857484
--------------------------------------------------------------------------------
================================================================================
safekeep-1.4.1-1.el5 (FEDORA-EPEL-2013-0164)
The SafeKeep backup system
--------------------------------------------------------------------------------
Update Information:
Upgrade to new upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 19 2013 Frank Crawford <[email protected]> 1.4.1-1
- Latest upstream release
* Sat Jul 21 2012 Fedora Release Engineering <[email protected]>
- 1.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
salt-0.12.0-1.el5 (FEDORA-EPEL-2013-0151)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
update to upstream release 0.12.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 16 2013 Clint Savage <[email protected]> - 0.12.0-1
- Upstream release 0.12.0
--------------------------------------------------------------------------------
_______________________________________________
epel-devel-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/epel-devel-list
