Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Jan 20 06:31:30 UTC 2011 

The following Fedora EPEL 5 Security updates need testing:

    https://admin.fedoraproject.org/updates/wordpress-2.8.6-4.el5
    https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-3.el5
    https://admin.fedoraproject.org/updates/irssi-0.8.15-1.el5
    https://admin.fedoraproject.org/updates/myproxy-5.3-1.el5
    https://admin.fedoraproject.org/updates/proftpd-1.3.3d-1.el5
    https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.112-2.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    dfu-programmer-0.5.4-1.el5
    perl-CDB_File-0.96-2.el5
    proftpd-1.3.3d-1.el5

Details about builds:


================================================================================
 dfu-programmer-0.5.4-1.el5 (FEDORA-EPEL-2011-0105)
 A Device Firmware Update based USB programmer for Atmel chips
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan 16 2011 Weston Schmidt <weston_schmidt at alumni.purdue.edu> - 0.5.4-1
- added atmega8u2 support
* Sun Jan 16 2011 Weston Schmidt <weston_schmidt at alumni.purdue.edu> - 0.5.3-1
- added at32uc3c* support
- fixed a number of defects
* Sat Aug 22 2009 Weston Schmidt <weston_schmidt at alumni.purdue.edu> - 0.5.2-1
- added ability to read from STDIN
- added ability to configure AVR32 fuses
- Applied a number of bug fixes
- Fixed AVR device support
* Wed Dec 10 2008 Weston Schmidt <weston_schmidt at alumni.purdue.edu> - 0.5.1-1
- add new flag to surpress bootloader memory checking
* Wed Dec  3 2008 Weston Schmidt <weston_schmidt at alumni.purdue.edu> - 0.5.0-1
- update the description
- fix the broken hal rules
* Fri Aug 29 2008 Weston Schmidt <weston_schmidt at alumni.purdue.edu> - 0.4.6-1
- change udev rules and permissions to be hal based
* Wed Aug 20 2008 Weston Schmidt <weston_schmidt at alumni.purdue.edu> - 0.4.5-1
- added 4K bootloader support
- added eeprom-dump and eeprom-flash support
- fixed the Source0 url
* Mon Nov 19 2007 Weston Schmidt <weston_schmidt at alumni.purdue.edu> - 0.4.4-1
- added reset command
- added udev rules and permissions
--------------------------------------------------------------------------------


================================================================================
 perl-CDB_File-0.96-2.el5 (FEDORA-EPEL-2011-0094)
 Perl extension for access to cdb databases
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #656084 - Review Request: perl-CDB_File - Perl extension for access to cdb databases
        https://bugzilla.redhat.com/show_bug.cgi?id=656084
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.3d-1.el5 (FEDORA-EPEL-2011-0102)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This is an update to the current upstream maintenance release, which addresses a security issue that could affect users of the mod_sql module (not enabled by default).

* A heap-based buffer overflow flaw was found in the way ProFTPD FTP server prepared SQL queries for certain usernames, when the mod_sql module was enabled. A remote, unauthenticated attacker could use this flaw to cause the proftpd daemon to crash or, potentially, to execute arbitrary code with the privileges of the user running 'proftpd' via a specially-crafted username, provided in the authentication dialog.

The update also fixes a CPU spike when handling .ftpaccess files, and handling of SFTP uploads when compression is used.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 19 2011 Paul Howarth <paul at city-fan.org> 1.3.3d-1
- Updated to 1.3.3d
  - Fixed sql_prepare_where() buffer overflow (bug 3536, CVE-2010-4652)
  - Fixed CPU spike when handling .ftpaccess files
  - Fixed handling of SFTP uploads when compression is used
- Add Default-Stop LSB keyword in initscript (for runlevels 0, 1, and 6)
- Fix typos in config file and initscript
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #670170 - CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing certain usernames, when mod_sql module enabled
        https://bugzilla.redhat.com/show_bug.cgi?id=670170
--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list