The following Fedora EPEL 5 Security updates need testing: Age URL 665 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5 155 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11560/fail2ban-0.8.10-4.el5 119 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5 94 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12091/bip-0.8.9-1.el5 85 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12169/gc-7.1-6.el5 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0433/puppet-2.7.25-1.el5 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0471/lighttpd-1.4.34-1.el5.1 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0531/libyaml-0.1.2-6.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0560/zabbix20-2.0.11-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0542/drupal6-ctools-1.11-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0541/drupal7-ctools-1.4-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0533/drupal6-filefield-3.12-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0572/drupal6-image_resize_filter-1.14-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing augeas-1.2.0-1.el5 drupal6-ctools-1.11-1.el5 drupal6-devel-1.28-1.el5 drupal6-filefield-3.12-1.el5 drupal6-image_resize_filter-1.14-1.el5 drupal7-context-3.2-1.el5 drupal7-ctools-1.4-1.el5 drupal7-diff-3.2-1.el5 drupal7-fivestar-2.0-0.7.alpha3.el5 drupal7-libraries-2.2-1.el5 drupal7-login_destination-1.1-1.el5 drupal7-metatag-1.0-0.4.beta9.el5 drupal7-taxonomy_access_fix-2.0-1.el5 perl-Class-MethodMaker-2.20-2.el5 python26-boto-2.25.0-2.el5 root-5.34.15-1.el5 stompclt-1.1-1.el5 zabbix20-2.0.11-1.el5 Details about builds: ================================================================================ augeas-1.2.0-1.el5 (FEDORA-EPEL-2014-0581) A library for changing configuration files -------------------------------------------------------------------------------- Update Information: Update to Augeas 1.2.0: * resolves CVE-2013-6412 * changelog: https://github.com/hercules-team/augeas/blob/master/NEWS -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 12 2014 Dominic Cleal <dcl...@redhat.com> - 1.2.0-1 - Update to 1.2.0 - Add check section and patch to fix old libxml2 failure - Update source URL to download.augeas.net (RHBZ#996032) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1034261 - CVE-2013-6412 augeas: incorrect permissions set on newly created files https://bugzilla.redhat.com/show_bug.cgi?id=1034261 -------------------------------------------------------------------------------- ================================================================================ drupal6-ctools-1.11-1.el5 (FEDORA-EPEL-2014-0542) This suite is primarily a set of APIs and tools -------------------------------------------------------------------------------- Update Information: Updated to 1.11 * Release notes: https://drupal.org/node/2194547 * SA-CONTRIB-2014-013 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 13 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 1.11-1 - Updated to 1.11 (BZ #1064730; release notes https://drupal.org/node/2194547) - Security BZ #1064864, #1064865, #1064867 - SA-CONTRIB-2014-013 - Spec cleanup * Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064864 - drupal6-ctools: access bypass issues https://bugzilla.redhat.com/show_bug.cgi?id=1064864 -------------------------------------------------------------------------------- ================================================================================ drupal6-devel-1.28-1.el5 (FEDORA-EPEL-2014-0564) Various blocks, pages, and functions for developers -------------------------------------------------------------------------------- Update Information: Updated to 1.28 Release notes: https://drupal.org/node/2189765 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062179 - drupal6-devel-1.28 is available https://bugzilla.redhat.com/show_bug.cgi?id=1062179 -------------------------------------------------------------------------------- ================================================================================ drupal6-filefield-3.12-1.el5 (FEDORA-EPEL-2014-0533) Defines a file field type -------------------------------------------------------------------------------- Update Information: Updated to 3.12 * Release notes: https://drupal.org/node/2194103 * SA-CONTRIB-2014-015 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 14 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 1:3.12-1 - Updated to 3.12 (BZ #1064729; release notes https://drupal.org/node/2194103) - Security BZ #1064841, #1064842, 1064843 - SA-CONTRIB-2014-015 - Spec cleanup * Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1:3.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064841 - drupal6-filefield: access bypass https://bugzilla.redhat.com/show_bug.cgi?id=1064841 -------------------------------------------------------------------------------- ================================================================================ drupal6-image_resize_filter-1.14-1.el5 (FEDORA-EPEL-2014-0572) Filter to automatically scale images to their height and width dimensions -------------------------------------------------------------------------------- Update Information: Updated to 1.14 * Release notes: https://drupal.org/node/2194065 * SA-CONTRIB-2014-017: https://drupal.org/node/2194655 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064856 - drupal6-image_resize_filter: denial of service via large number of images to resize https://bugzilla.redhat.com/show_bug.cgi?id=1064856 -------------------------------------------------------------------------------- ================================================================================ drupal7-context-3.2-1.el5 (FEDORA-EPEL-2014-0573) Allows contextual conditions and reactions management -------------------------------------------------------------------------------- Update Information: Updated to 3.2 * Release notes: https://drupal.org/node/2183729 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 3.2-1 - Updated to 3.2 (BZ #1059560; release notes https://drupal.org/node/2183729) - Spec cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1059560 - drupal7-context-3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059560 -------------------------------------------------------------------------------- ================================================================================ drupal7-ctools-1.4-1.el5 (FEDORA-EPEL-2014-0541) This suite is primarily a set of APIs and tools for other Drupal modules -------------------------------------------------------------------------------- Update Information: - Update to upstream 1.4 release for bug and security fixes - Upstream changelog for this release is available at https://drupal.org/node/2194551 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 14 2014 Peter Borsa <peter.bo...@gmail.com> - 1.4-1 - Update to upstream 1.4 release for bug and security fixes - Upstream changelog for this release is available at https://drupal.org/node/2194551 * Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064864 - drupal6-ctools: access bypass issues https://bugzilla.redhat.com/show_bug.cgi?id=1064864 -------------------------------------------------------------------------------- ================================================================================ drupal7-diff-3.2-1.el5 (FEDORA-EPEL-2014-0569) Show differences between content revisions -------------------------------------------------------------------------------- Update Information: Updated to 3.2 * Release notes: https://drupal.org/node/1839054 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1059998 - drupal7-diff-3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059998 -------------------------------------------------------------------------------- ================================================================================ drupal7-fivestar-2.0-0.7.alpha3.el5 (FEDORA-EPEL-2014-0532) Enables fivestar ratings on content, users, etc -------------------------------------------------------------------------------- Update Information: Updated to 2.0-alpha3 * Release notes: https://drupal.org/node/2186899 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 2.0-0.7.alpha3 - Add build require drupal7-rpmbuild * Sat Feb 15 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 2.0-0.6.alpha3 - Updated to 2.0-alpha3 (BZ #1060464; release notes https://drupal.org/node/2186899) - Spec cleanup * Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.0-0.5.alpha2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.0-0.4.alpha2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Jul 18 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.0-0.3.alpha2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060464 - drupal7-fivestar-2.0-alpha3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1060464 -------------------------------------------------------------------------------- ================================================================================ drupal7-libraries-2.2-1.el5 (FEDORA-EPEL-2014-0570) Allows version-dependent and shared usage of external libraries -------------------------------------------------------------------------------- Update Information: Updated to 2.2 * Release notes: https://drupal.org/node/2192173 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 2.2-1 - Updated to 2.2 (BZ #1063727; release notes https://drupal.org/node/2192173) - Spec cleanup * Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063727 - drupal7-libraries-2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063727 -------------------------------------------------------------------------------- ================================================================================ drupal7-login_destination-1.1-1.el5 (FEDORA-EPEL-2014-0559) Customize the destination that the user is redirected to after login -------------------------------------------------------------------------------- Update Information: Updated to 1.1 * Release notes: https://drupal.org/node/1869598 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1059997 - drupal7-login_destination-1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059997 -------------------------------------------------------------------------------- ================================================================================ drupal7-metatag-1.0-0.4.beta9.el5 (FEDORA-EPEL-2014-0556) Adds support and an API to implement meta tags -------------------------------------------------------------------------------- Update Information: Updated to 1.0-beta9 * Release notes: https://drupal.org/node/2176579 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1059999 - drupal7-metatag-1.0-beta9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059999 -------------------------------------------------------------------------------- ================================================================================ drupal7-taxonomy_access_fix-2.0-1.el5 (FEDORA-EPEL-2014-0575) Fixes the crooked access checks for Taxonomy pages -------------------------------------------------------------------------------- Update Information: Updated to 2.0 * Release notes: https://drupal.org/node/2152445 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060000 - drupal7-taxonomy_access_fix-2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1060000 -------------------------------------------------------------------------------- ================================================================================ perl-Class-MethodMaker-2.20-2.el5 (FEDORA-EPEL-2014-0578) Perl module for creating generic object-oriented methods -------------------------------------------------------------------------------- Update Information: This update, to the current upstream release, removes some test files that had a non-free license (see https://github.com/renormalist/class-methodmaker/issues/2). There are also an assortment of minor bug fixes but nothing that should affect compatibility. -------------------------------------------------------------------------------- ================================================================================ python26-boto-2.25.0-2.el5 (FEDORA-EPEL-2014-0504) A simple lightweight interface to Amazon Web Services -------------------------------------------------------------------------------- Update Information: This update contains a fix that makes S3Connection.get_bucket use HEAD requests instead of GET requests, which reduces the price of those requests by 90%. Code that parses error messages may require updating. See the upstream release notes for version 2.25.0 additional details. Another noteworthy change since version 2.5 is validating SSL certificates by default. This change happened over a year ago; most applications are likely to support it now. See the upstream release notes for version 2.6.0 for details on updating applications to work with this change. This update also contains numerous bugfixes and support for new capabilities that AWS has added over the past several months. The full release notes are available from upstream: http://docs.pythonboto.org/en/latest/#release-notes -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 12 2014 Garrett Holmstorm <gho...@fedoraproject.org> - 2.25.0-2 - Fixed roboto parameter type conversion (boto #2094, RH #1064550) * Mon Feb 10 2014 Garrett Holmstrom <gho...@fedoraproject.org> - 2.25.0-1 - Updated to 2.25.0 - This update makes s3.get_bucket use HEAD instead of GET * Mon Jan 20 2014 Garrett Holmstrom <gho...@fedoraproject.org> - 2.23.0-1 - Updated to 2.23.0 - Fixed auth for anonymous S3 requests (boto #1988) * Thu Sep 26 2013 Garrett Holmstrom <gho...@fedoraproject.org> - 2.13.3-1 - Updated to 2.13.3 - Note that this version changes register_image's virtualization_type parameter - Fixed auto-scaling PropagateAtLaunch parsing (#1011682) * Mon Jul 29 2013 Garrett Holmstrom <gho...@fedoraproject.org> - 2.9.9-2 - Re-fixed autoscaling policy parsing (boto #1538) * Thu Jul 25 2013 Orion Poplawski <or...@cora.nwra.com> - 2.9.9-1 - Update to 2.9.9 * Fri Jun 21 2013 Garrett Holmstrom <gho...@fedoraproject.org> - 2.9.6-2 - Rebuilt after merge * Fri Jun 21 2013 Garrett Holmstrom <gho...@fedoraproject.org> - 2.9.6-1 - Updated to 2.9.6 - Fixed autoscaling policy parsing (boto #1538) * Thu May 9 2013 Orion Poplawski <or...@cora.nwra.com> - 2.9.2-1 - Update to 2.9.2 (bug #948714) - Spec cleanup * Thu Feb 14 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.6.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Jan 8 2013 Garrett Holmstrom <gho...@fedoraproject.org> - 2.5.2-3 - Fixed parsing of current/previous instance state data (boto #881) * Wed Nov 21 2012 Garrett Holmstrom <gho...@fedoraproject.org> - 2.6.0-2 - Updated to 2.6.0 (#876517) - Note that this version enables SSL cert verification by default. * Sat Jul 21 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.5.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064550 - update of python-boto breaks euca2ools https://bugzilla.redhat.com/show_bug.cgi?id=1064550 -------------------------------------------------------------------------------- ================================================================================ root-5.34.15-1.el5 (FEDORA-EPEL-2014-0537) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: ROOT 5.34.05 http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 14 2014 Mattias Ellert <mattias.ell...@fysast.uu.se> - 5.34.15-1 - Update to 5.34.15 - Drop patch root-davix.patch * Thu Jan 9 2014 Mattias Ellert <mattias.ell...@fysast.uu.se> - 5.34.14-3 - Rebuild for cfitsio 3.360 -------------------------------------------------------------------------------- ================================================================================ stompclt-1.1-1.el5 (FEDORA-EPEL-2014-0550) Versatile STOMP client -------------------------------------------------------------------------------- Update Information: Update to upstream version, rhbz #1061604. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 12 2014 Massimo Paladin <massimo.pala...@gmail.com> 1.1-1 - Update to upstream, rhbz #1061604. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1061604 - Upgrade to new upstream version https://bugzilla.redhat.com/show_bug.cgi?id=1061604 -------------------------------------------------------------------------------- ================================================================================ zabbix20-2.0.11-1.el5 (FEDORA-EPEL-2014-0560) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: http://www.zabbix.com/rn2.0.11.php Also solves 3 security issues: - [ZBX-7703] fixed being able to switch users without proper credentials when using HTTP authentication; reference CVE-2014-1682 - [ZBX-6721] fixed LDAP authentication; reference CVE-2013-5572 - [ZBX-7693] fixed admin user being able to update media for other users; reference CVE-2014-1685 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 12 2014 Volker Fröhlich <volke...@gmx.at> - 2.0.11-1 - New upstream release - Truncate changelog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1013963 - CVE-2013-5572 zabbix: password leakage https://bugzilla.redhat.com/show_bug.cgi?id=1013963 [ 2 ] Bug #1061563 - CVE-2014-1682 zabbix: API issue allows users to impersonate other users https://bugzilla.redhat.com/show_bug.cgi?id=1061563 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel