Fedora EPEL 5 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jan 22 03:43:32 UTC 2013
The following Fedora EPEL 5 Security updates need testing:
Age URL
275 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
169 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
52 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13612/drupal6-ctools-1.10-1.el5
17 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0011/drupal7-context-3.0-0.3.beta6.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0116/drupal6-6.28-1.el5
5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0102/ettercap-0.7.3-21.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0139/proftpd-1.3.3g-2.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0148/drupal7-7.19-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal6-6.28-1.el5
drupal7-7.19-1.el5
fwsnort-1.6.3-1.el5
imapsync-1.518-2.el5
ivykis-0.36.1-1.el5
libxc-2.0.1-1.el5
ndjbdns-1.05.6-1.el5
php-pear-Image-Text-0.6.1-1.el5
php-pear-Text-Figlet-1.0.2-1.el5
php-pear-Text-Password-1.1.1-1.el5
proftpd-1.3.3g-2.el5
python-simplevisor-0.6-1.el5
safekeep-1.4.1-1.el5
salt-0.12.0-1.el5
Details about builds:
================================================================================
drupal6-6.28-1.el5 (FEDORA-EPEL-2013-0116)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
SA-CORE-2013-001
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 17 2013 Jon Ciesla <limburgher at gmail.com> - 6.28-1
- 6.28, SA-CORE-2013-001.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896454 - drupal6-6.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=896454
[ 2 ] Bug #896468 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896468
[ 3 ] Bug #896469 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896469
[ 4 ] Bug #896470 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896470
[ 5 ] Bug #896471 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896471
--------------------------------------------------------------------------------
================================================================================
drupal7-7.19-1.el5 (FEDORA-EPEL-2013-0148)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
SA-CORE-2013-001
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 17 2013 Jon Ciesla <limburgher at gmail.com> - 7.19-1
- 7.19, SA-CORE-2013-001.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896455 - drupal7-7.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=896455
[ 2 ] Bug #896468 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896468
[ 3 ] Bug #896469 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896469
[ 4 ] Bug #896470 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896470
[ 5 ] Bug #896471 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=896471
--------------------------------------------------------------------------------
================================================================================
fwsnort-1.6.3-1.el5 (FEDORA-EPEL-2013-0160)
Translates Snort rules into equivalent iptables rules
--------------------------------------------------------------------------------
Update Information:
Updated version.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 10 2013 Guillermo Gómez <gomix at fedoraproject.org> - 1.6.3-1
- Updated version.
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun 8 2012 Petr Pisar <ppisar at redhat.com> - 1.6.2-2
- Perl 5.16 rebuild
--------------------------------------------------------------------------------
================================================================================
imapsync-1.518-2.el5 (FEDORA-EPEL-2013-0154)
Tool to migrate email between IMAP servers
--------------------------------------------------------------------------------
Update Information:
Fix outdated license references in README and imapsync script to conform with new NLPL license instead of WTFPL
Update to 1.518
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 17 2013 Nick Bebout <nb at fedoraproject.org> - 1.518-2
- Fix spec to install COPYING file now
* Thu Jan 17 2013 Nick Bebout <nb at fedoraproject.org> - 1.518-1
- Upgrade to 1.518
--------------------------------------------------------------------------------
================================================================================
ivykis-0.36.1-1.el5 (FEDORA-EPEL-2013-0125)
Library for asynchronous I/O readiness notification
--------------------------------------------------------------------------------
Update Information:
Update to 0.36.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 17 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 0.36.1-1
- Update to 0.36.1.
--------------------------------------------------------------------------------
================================================================================
libxc-2.0.1-1.el5 (FEDORA-EPEL-2013-0132)
Library of exchange and correlation functionals to be used in DFT codes
--------------------------------------------------------------------------------
Update Information:
Bugfixes to MGGA functionals, all B97-like GGA functionals and GGA C_WL functional.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 21 2013 Susi Lehtola <jussilehtola at fedoraproject.org> - 2.0.1-1
- Update to 2.0.1.
--------------------------------------------------------------------------------
================================================================================
ndjbdns-1.05.6-1.el5 (FEDORA-EPEL-2013-0118)
New djbdns: usable djbdns
--------------------------------------------------------------------------------
Update Information:
New djbdns: usable djbdns
--------------------------------------------------------------------------------
================================================================================
php-pear-Image-Text-0.6.1-1.el5 (FEDORA-EPEL-2013-0136)
Advanced text manipulations in images
--------------------------------------------------------------------------------
Update Information:
Image_Text provides a comfortable interface to text manipulations in GD images. Beside common Freetype2 functionality it offers to handle texts in a graphic- or office-tool like way. For example it allows alignment of texts inside a text box, rotation (around the top left corner of a text box or it's center point) and the automatic measurement of the optimal font size for a given text box.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896014 - Review Request: php-pear-Image-Text - Advanced text manipulations in images
https://bugzilla.redhat.com/show_bug.cgi?id=896014
--------------------------------------------------------------------------------
================================================================================
php-pear-Text-Figlet-1.0.2-1.el5 (FEDORA-EPEL-2013-0147)
Render text using FIGlet fonts
--------------------------------------------------------------------------------
Update Information:
Engine for use FIGlet fonts to rendering text.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #895992 - Review Request: php-pear-Text-Figlet - Render text using FIGlet fonts
https://bugzilla.redhat.com/show_bug.cgi?id=895992
--------------------------------------------------------------------------------
================================================================================
php-pear-Text-Password-1.1.1-1.el5 (FEDORA-EPEL-2013-0120)
Creating passwords with PHP
--------------------------------------------------------------------------------
Update Information:
Text_Password allows one to create pronounceable and unpronounceable passwords. The full functional range is explained in the manual at http://pear.php.net/manual/.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #895984 - Review Request: php-pear-Text-Password - Creating passwords with PHP
https://bugzilla.redhat.com/show_bug.cgi?id=895984
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3g-2.el5 (FEDORA-EPEL-2013-0139)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to mod_sftp and the handling of the MKDIR SFTP request as well.
Note that using the DefaultRoot directive to restrict sessions mitigates this attack, since the symlinks created by the local attacker will point outside of the chroot(2) area within the FTP session, and thus the ownership change will fail. The default configuration in EPEL applies the DefaultRoot directive to all users except "adm".
The upstream reference for this issue is: http://bugs.proftpd.org/show_bug.cgi?id=3841
This update includes a backport to 1.3.3g of upstream's backport to proftpd 1.3.4 of the fix for this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 18 2013 Paul Howarth <paul at city-fan.org> 1.3.3g-2
- Fix possible symlink race when applying UserOwner to newly created directory
(CVE-2012-6095, #892715, http://bugs.proftpd.org/show_bug.cgi?id=3841)
- Add -fno-strict-aliasing, needed for mod_radius
- Drop %defattr, redundant since rpm 4.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #892715 - CVE-2012-6095 proftpd: Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory
https://bugzilla.redhat.com/show_bug.cgi?id=892715
--------------------------------------------------------------------------------
================================================================================
python-simplevisor-0.6-1.el5 (FEDORA-EPEL-2013-0153)
Python simple daemons supervisor
--------------------------------------------------------------------------------
Update Information:
First build, rhbz #857484.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #857484 - Review Request: python-simplevisor - Python simple daemons supervisor
https://bugzilla.redhat.com/show_bug.cgi?id=857484
--------------------------------------------------------------------------------
================================================================================
safekeep-1.4.1-1.el5 (FEDORA-EPEL-2013-0164)
The SafeKeep backup system
--------------------------------------------------------------------------------
Update Information:
Upgrade to new upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 19 2013 Frank Crawford <frank at crawford.emu.id.au> 1.4.1-1
- Latest upstream release
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
salt-0.12.0-1.el5 (FEDORA-EPEL-2013-0151)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
update to upstream release 0.12.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 16 2013 Clint Savage <herlo1 at gmail.com> - 0.12.0-1
- Upstream release 0.12.0
--------------------------------------------------------------------------------
More information about the epel-devel-list
mailing list