Fedora EPEL 5 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat Oct 10 20:26:50 UTC 2009
The following builds have been pushed to Fedora EPEL 5 updates-testing
Django-1.1.1-1.el5
incron-0.5.5-2.el5
python-decorator3-3.1.2-2.el5.1
python-guppy-0.1.9-1.el5
sec-2.5.2-3.el5
tcl-mysqltcl-3.05-6.el5
Details about builds:
================================================================================
Django-1.1.1-1.el5 (FEDORA-EPEL-2009-0621)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
http://www.djangoproject.com/weblog/2009/oct/09/security/ Description of
vulnerability ============================ Django's forms library included
field types which perform regular-expression-based validation of email addresses
and URLs. Certain addresses/URLs could trigger a pathological performance case
in this regular expression, resulting in the server process/thread becoming
unresponsive, and consuming excessive CPU over an extended period of time. If
deliberately triggered, this could result in an effective denial-of-service
attack.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 9 2009 Steve 'Ashcrow' Milner <stevem at gnulinux.net> - 1.1.1-1
- Update to fix http://www.djangoproject.com/weblog/2009/oct/09/security/
- Django-ignore-pyo-bz-495046.patch no longer needed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #528246 - Django's forms DOS in 1.1/1.0
https://bugzilla.redhat.com/show_bug.cgi?id=528246
--------------------------------------------------------------------------------
================================================================================
incron-0.5.5-2.el5 (FEDORA-EPEL-2009-0598)
Inotify cron system
--------------------------------------------------------------------------------
Update Information:
This update addresses CVE-2009-3589 with a patch to initialize the supplementary
groups of processes that are run from user incrontabs. Without it, these
processes run with the supplementary groups from the incrond process. These
groups might include the group disk, e.g. when the incrond process was started
using "service incrond start". Then the users allowed to create a incrontab
table could access raw disk contents. There might also be other ways to exploit
this vulnerability.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 1 2009 Till Maas <opensource at till.name> - 0.5.5-2
- Initialize initgroups when running user incrontabs
--------------------------------------------------------------------------------
================================================================================
python-decorator3-3.1.2-2.el5.1 (FEDORA-EPEL-2009-0619)
Module to simplify usage of decorators
--------------------------------------------------------------------------------
Update Information:
New python-decorator package that provides the decorator version 3.x API.
--------------------------------------------------------------------------------
================================================================================
python-guppy-0.1.9-1.el5 (FEDORA-EPEL-2009-0620)
A Python Programming Environment
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #526238 - Review Request: python-guppy - A Python Programming Environment
https://bugzilla.redhat.com/show_bug.cgi?id=526238
--------------------------------------------------------------------------------
================================================================================
sec-2.5.2-3.el5 (FEDORA-EPEL-2009-0622)
Simple Event Correlator script to filter log file entries
--------------------------------------------------------------------------------
Update Information:
New upstream release and license fix.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 9 2009 Stefan Schulze Frielinghaus <stefan at seekline.net> - 2.5.2-3
- Merge fix
* Fri Oct 9 2009 Stefan Schulze Frielinghaus <stefan at seekline.net> - 2.5.2-2
- SPEC file cleanup
* Tue Sep 29 2009 Stefan Schulze Frielinghaus <stefan at seekline.net> - 2.5.2-1
- New upstream release
- SPEC file cleanup
- Init script cleanup
- Removed some examples because of licensing issues. Upstream has clarified
and changed most of the license tags to GPLv2. Additionally, upstream
will include the examples in the next release.
- Removed a provide statement since a period was in the name and no other
package required that special name.
--------------------------------------------------------------------------------
================================================================================
tcl-mysqltcl-3.05-6.el5 (FEDORA-EPEL-2009-0623)
MySQL interface for Tcl
--------------------------------------------------------------------------------
Update Information:
New package: tcl-mysqltcl - MySQL interface for Tcl This package is an
extension to the Tool Command Language (Tcl) that provides high-level access to
a MySQL database server.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #466047 - Review Request: tcl-mysqltcl - MySQL interface for Tcl
https://bugzilla.redhat.com/show_bug.cgi?id=466047
--------------------------------------------------------------------------------
More information about the epel-devel-list
mailing list