Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sun Dec 4 20:01:20 UTC 2011 

The following Fedora EPEL 5 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3762/couchdb-1.0.2-8.el5,erlang-ibrowse-2.2.0-3.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4907/bugzilla-3.2.10-2.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4674/awstats-6.95-3.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5165/phpMyAdmin3-3.4.8-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    archimedes-2.0.0-1.el5
    dspam-3.10.1-2.el5
    phpMyAdmin3-3.4.8-1.el5
    torque-2.5.7-7.el5

Details about builds:


================================================================================
 archimedes-2.0.0-1.el5 (FEDORA-EPEL-2011-5163)
 2D Quantum Monte Carlo simulator for semiconductor devices
--------------------------------------------------------------------------------
Update Information:

Since last FEL release, archimedes entails the following changes:

-    The material parameters have been checked and modified
-    Benchmark tests were carried out to check the validity of the framework
-    Scattering phonons can be set to ON or OFF
-    Support for Full band approach was implemented
-    Parabolic, Kane and Full bank verified
-    Full band parameters supports for all materials
-    Initial implementation of FEM for Poisson
-    Quantum Effective Potential modified
-    Bohm Potential Model was implemented
-    Calibrated Bohm Potential Model was implemented
-    Density Gradient corrected and tested
-    Full effective potential model was implemented

--------------------------------------------------------------------------------
ChangeLog:

* Sun Dec  4 2011 Chitlesh Goorah <chitlesh [AT] fedoraproject DOT org> - 2.0.0-1
- Bug 731298 - archimedes-2.0.0 is available - new upstream release
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #731298 - archimedes-2.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=731298
--------------------------------------------------------------------------------


================================================================================
 dspam-3.10.1-2.el5 (FEDORA-EPEL-2011-5158)
 A library and Mail Delivery Agent for Bayesian SPAM filtering
--------------------------------------------------------------------------------
Update Information:

Enable Clamav Integration
--------------------------------------------------------------------------------
ChangeLog:

* Sat Dec  3 2011 Nathanael Noblet <nathanael at gnat.ca> - 3.10.1-2
- enable clamav
- logrotate log ownership
--------------------------------------------------------------------------------


================================================================================
 phpMyAdmin3-3.4.8-1.el5 (FEDORA-EPEL-2011-5165)
 Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:

Changes for 3.4.8.0 (2011-12-01):

  - [interface] enum data split at space char (more space to edit)
  - [interface] ENUM/SET editor can't handle commas in values
  - [interface] no links to browse/empty views and tables
  - [interface] Deleted search results remain visible
  - [import] ODS import ignores memory limits
  - [interface] Visual column separation
  - [parser] TRUE not recognized by parser
  - [config] Make location of php-gettext configurable
  - [import] Handle conflicts in some open_basedir situations
  - [display] Dropdown results - setting NULL does not work
  - [edit] Inline edit on multi-server configuration
  - [core] Notice: Array to string conversion in PHP 5.4
  - [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the view name in main panel db Structure page
  - [core] Fail to synchronize column with name of keyword
  - [interface] Add column after drop
  - [interface] Avoid showing the password in phpinfo()'s output
  - [GUI] 'newer version of phpMyAdmin' message not shown in IE8
  - [interface] Entering the key through a lookup window does not reset NULL
  - [security] Self-XSS on database names (synchronize, operations/rename), see PMASA-2011-18 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php)
  - [security] Self-XSS on column type (create index, table Search), see PMASA-2011-18 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php)
  - [security] Self-XSS on invalid query (table overview), see PMASA-2011-18 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Dec  4 2011 Robert Scheck <robert at fedoraproject.org> 3.4.8-1
- Upgrade to 3.4.8 (#759441)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #759441 - phpMyAdmin-3.4.8 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=759441
--------------------------------------------------------------------------------


================================================================================
 torque-2.5.7-7.el5 (FEDORA-EPEL-2011-5161)
 Tera-scale Open-source Resource and QUEue manager
--------------------------------------------------------------------------------
Update Information:

Fixes a potential segfault in pbs_server.

This torque update corrects a security vulnerability whereby a user connecting to the torque pbs_server could impersonate another user present within the torque batch system.

In addition a memory leak is fixed, previously memory used for sending and receiving data was not being released.

This torque update corrects a security vulnerability whereby a user connecting to the torque pbs_server could impersonate another user present within the torque batch system.

In addition a memory leak is fixed, previously memory used for sending and receiving data was not being released.

This torque update corrects a security vulnerability whereby a user connecting to the torque pbs_server could impersonate another user present within the torque batch system.

In addition a memory leak is fixed, previously memory used for sending and receiving data was not being released.

--------------------------------------------------------------------------------
ChangeLog:

* Sat Dec  3 2011 Steve Traylen <steve.traylen at cern.ch> - 2.5.7-7
- Add torque-2.5.7-rhbz#759141-r5167-pbs_server-crash.patch
- torque clients require munge, e.g qsub.
* Mon Nov 21 2011 Steve Traylen <steve.traylen at cern.ch> - 2.5.7-6
- Add torque-rhbz#758740-r5258-dis-close.patch and
  torque-rhbz#758740-r5270-dis-array.patch
* Mon Nov 21 2011 Steve Traylen <steve.traylen at cern.ch> - 2.5.7-5
- Add  torque-fix-munge-rhbz#752079-PTII.patch
* Thu Nov 17 2011 Steve Traylen <steve.traylen at cern.ch> - 2.5.7-4
- Empty release for release mistake.
* Thu Nov 17 2011 Steve Traylen <steve.traylen at cern.ch> - 2.5.7-3
- Add torque-fix-munge-rhbz#752079.patch
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #759141 - pbs_server crash on 'pbsnodes' from client without munge
        https://bugzilla.redhat.com/show_bug.cgi?id=759141
  [ 2 ] Bug #752079 - Torque and Munge impersonation vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=752079
  [ 3 ] Bug #758740 - torque 2.5.7 memory leak.
        https://bugzilla.redhat.com/show_bug.cgi?id=758740
--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list