The following Fedora EPEL 5 Security updates need testing: Age URL 717 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5 171 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5 51 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1.el5 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0984/munin-2.0.20-1.el5 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0988/libyaml-0.1.2-7.el5 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1041/mod_security-2.6.8-5.el5 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1047/check-mk-1.2.4p1-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1074/cacti-0.8.8b-5.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing cacti-0.8.8b-5.el5 srm-ifce-1.19.0-1.el5 Details about builds: ================================================================================ cacti-0.8.8b-5.el5 (FEDORA-EPEL-2014-1074) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: Patches for four CVEs. This update fixes SQL injection, shell escaping issues, a stored XSS attack, and use of exec-like function calls without safety checks allowing arbitrary command execution. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 7 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 0.8.8b-5 - Patch for CVE-2014-2708 SQL injection issues in graph_xport.php (RHBZ #1084258) - Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php (RHBZ #1084258) - Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122) - Patch for CVE-2014-2328 use of exec-like function calls without safety checks allow arbitrary command execution (RHBZ #1082122) * Fri Feb 7 2014 Ken Dreyer <ktdre...@ktdreyer.com> - 0.8.8b-4 - Move cron to a separate file and require crontabs (RHBZ #947047). Thanks Jóhann B. Guðmundsson. - Update for systemd (RHBZ #947047). Thanks Jóhann B. Guðmundsson. - Fix rpmlint warning about spaces-to-tabs * Wed Sep 4 2013 Ken Dreyer <ktdre...@ktdreyer.com> - 0.8.8b-3 - Fix comments in thumbnails (BZ #1004550) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1084258 - CVE-2014-2708 CVE-2014-2709 cacti: command injection issues fixed in bug#0002405 https://bugzilla.redhat.com/show_bug.cgi?id=1084258 [ 2 ] Bug #1082122 - CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 cacti: multiple flaws reported by Deutsche Telekom https://bugzilla.redhat.com/show_bug.cgi?id=1082122 -------------------------------------------------------------------------------- ================================================================================ srm-ifce-1.19.0-1.el5 (FEDORA-EPEL-2014-1092) SRM client side library -------------------------------------------------------------------------------- Update Information: Update for upstream release 1.19.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 7 2014 Alejandro Alvarez <aalvarez at cern.ch> - 1.19.0-1 - Release srm-ifce 1.19.0 * Thu Oct 17 2013 Adrien Devresse <adevress at cern.ch> - 1.18.0-2 - Rebuilt for gsoap++ -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel