The following Fedora EPEL 5 Security updates need testing: Age URL 919 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5 373 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5 138 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5 34 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1.2.4p5-1.el5 33 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki119-1.19.18-1.el5 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3455/drupal7-7.32-1.el5 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3549/rubygem-actionpack-2.3.18-1.el5,rubygem-activerecord-2.3.18-1.el5,rubygem-activesupport-2.3.18-1.el5 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3554/rubygem-rails-2.3.18-1.el5,rubygem-actionmailer-2.3.18-1.el5,rubygem-activeresource-2.3.18-1.el5 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3570/tor-0.2.4.25-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3651/phpMyAdmin4-4.0.10.5-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3675/Pound-2.6-2.el5.2
The following builds have been pushed to Fedora EPEL 5 updates-testing Pound-2.6-2.el5.2 jupp-28-1.el5 munin-2.0.24-1.el5 phpMyAdmin4-4.0.10.5-1.el5 ssdeep-2.12-1.el5 zabbix22-2.2.7-1.el5 Details about builds: ================================================================================ Pound-2.6-2.el5.2 (FEDORA-EPEL-2014-3675) Reverse proxy and load balancer -------------------------------------------------------------------------------- Update Information: This is a rebase to 2.6 with a couple of fixes applied to address security fixes. Note they usually are extra options that need to be enabled manually so that we won't break functionality: - CVE-2011-3389: Make it possible to deny use of "BEAST" vulnerable ciphers - CVE-2012-4929: Disable compression to be safe from "CRIME" - CVE-2005-2090: Chunked encofing response splitting (no awkward name here) - CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from "POODLE" - A redirect XSS fix Backporting the fixes to 2.4 looked like a difficult task. Please test thoroughly and downkarma the update if it is unacceptable for you. -------------------------------------------------------------------------------- ================================================================================ jupp-28-1.el5 (FEDORA-EPEL-2014-3573) Compact and feature-rich WordStar-compatible editor -------------------------------------------------------------------------------- Update Information: Changes for jupp 28 =================== * Mention in comments that when enabling the -backpath option, its argument must not be quoted, nor followed by a comment; issue found by R. Hubbell * Some mostly harmless code cleanup; fix speeds[] array access/sizing; reported by dcb (LP#1348559, LP#1348614) * Fix size_t mixup * Introduce ^KF (jupprc): compile and download NXC program to NXT brick, for Freedroidz, a project of Teckids e.V. sponsored by tarent solutions GmbH * Better const-cleanliness of code * Quell New File message for scratch buffers * Fix URI in ChangeLog file * Actually build with LFS on GNU/Linux -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Robert Scheck <rob...@fedoraproject.org> 28-1 - Upgrade to 28 * Sat Aug 16 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ munin-2.0.24-1.el5 (FEDORA-EPEL-2014-3657) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information: Upstream released 2.0.24 Upstream released 2.0.23 -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 26 2014 "D. Johnson" <fenri...@fedoraproject.org> - 2.0.24-1 - Upstream released 2.0.24 * Sat Oct 18 2014 "D. Johnson" <fenri...@fedoraproject.org> - 2.0.23-1 - Upstream released 2.0.23 * Fri Oct 17 2014 "D. Johnson" <fenri...@fedoraproject.org> - 2.0.22-1 - Upstream released 2.0.22 * Tue Oct 7 2014 "D. Johnson" <fenri...@fedoraproject.org> - 2.0.21-8 - BZ# 1149948 - munin-async pid file in /var/run rather than /var/run/munin * Mon Sep 15 2014 Petr Pisar <ppi...@redhat.com> - 2.0.21-6 - Build against perl 5.20 * Sun Sep 14 2014 "D. Johnson" <fenri...@fedoraproject.org> - 2.0.21-6 - Add amavis plugin config defaults * Sun Sep 7 2014 "D. Johnson" <fenri...@fedoraproject.org> - 2.0.21-5 - BZ# 1114857 - munin-2.0.21-2.fc21 FTBFS: No Package found for java-1.7.0-devel - re-merge earlier commit for epel7 * Fri Aug 29 2014 Jitka Plesnikova <jples...@redhat.com> - 2.0.21-4 - Perl 5.20 rebuild * Fri Aug 1 2014 "D. Johnson" <fenri...@fedoraproject.org> - 2.0.21-3 - Default to a localhost name to prevent munin-node from complaining * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 2.0.21-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon Apr 28 2014 Lubomir Rintel <lkund...@v3.sk> - 2.0.21-1.1 - mx4j is not a build time dependency - RHEL 7 Actually uses systemd too - No Net::CIDR in el7 - No Cache::Memcached in el7 - Carp::Always is not actually required -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114857 - munin-2.0.21-2.fc21 FTBFS: No Package found for java-1.7.0-devel https://bugzilla.redhat.com/show_bug.cgi?id=1114857 [ 2 ] Bug #1149948 - munin-async pid file in /var/run rather than /var/run/munin https://bugzilla.redhat.com/show_bug.cgi?id=1149948 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin4-4.0.10.5-1.el5 (FEDORA-EPEL-2014-3651) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.0.10.5 (2014-10-21) ================================ - [security] XSS in debug SQL output - [security] XSS in monitor query analyzer -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Robert Scheck <rob...@fedoraproject.org> 4.0.10.5-1 - Upgrade to 4.0.10.5 (#1155362) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155362 - CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) https://bugzilla.redhat.com/show_bug.cgi?id=1155362 -------------------------------------------------------------------------------- ================================================================================ ssdeep-2.12-1.el5 (FEDORA-EPEL-2014-3611) Compute context triggered piecewise hashes -------------------------------------------------------------------------------- Update Information: * Fixed issue when comparing identical hashes but with different block sizes. -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 26 2014 Remi Collet <r...@fedoraproject.org> - 2.12-1 - update to 2.12 - fix license handling -------------------------------------------------------------------------------- ================================================================================ zabbix22-2.2.7-1.el5 (FEDORA-EPEL-2014-3599) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: http://www.zabbix.com/rn2.2.7.php -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 25 2014 Volker Fröhlich <volke...@gmx.at> - 2.2.7-1 - New upstream release * Wed Aug 27 2014 Volker Fröhlich <volke...@gmx.at> - 2.2.6-1 - New upstream release - Use the upstream tarball, now that non-free json was replaced with android-json -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel