[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora EPEL 5 updates-testing report



The following builds have been pushed to Fedora EPEL 5 updates-testing

    Django-1.1.1-1.el5
    incron-0.5.5-2.el5
    python-decorator3-3.1.2-2.el5.1
    python-guppy-0.1.9-1.el5
    sec-2.5.2-3.el5
    tcl-mysqltcl-3.05-6.el5

Details about builds:


================================================================================
 Django-1.1.1-1.el5 (FEDORA-EPEL-2009-0621)
 A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:

http://www.djangoproject.com/weblog/2009/oct/09/security/      Description of
vulnerability  ============================  Django's forms library included
field types which perform regular-expression-based validation of email addresses
and URLs. Certain addresses/URLs could trigger a pathological performance case
in this regular expression, resulting in the server process/thread becoming
unresponsive, and consuming excessive CPU over an extended period of time. If
deliberately triggered, this could result in an effective denial-of-service
attack.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  9 2009 Steve 'Ashcrow' Milner <stevem gnulinux net> - 1.1.1-1
- Update to fix http://www.djangoproject.com/weblog/2009/oct/09/security/
- Django-ignore-pyo-bz-495046.patch no longer needed.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #528246 - Django's forms DOS in 1.1/1.0
        https://bugzilla.redhat.com/show_bug.cgi?id=528246
--------------------------------------------------------------------------------


================================================================================
 incron-0.5.5-2.el5 (FEDORA-EPEL-2009-0598)
 Inotify cron system
--------------------------------------------------------------------------------
Update Information:

This update addresses CVE-2009-3589 with a patch to initialize the supplementary
groups of processes that are run from user incrontabs. Without it, these
processes run with the supplementary groups from the incrond process. These
groups might include the group disk, e.g. when the incrond process was started
using "service incrond start". Then the users allowed to create a incrontab
table could access raw disk contents. There might also be other ways to exploit
this vulnerability.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct  1 2009 Till Maas <opensource till name> - 0.5.5-2
- Initialize initgroups when running user incrontabs
--------------------------------------------------------------------------------


================================================================================
 python-decorator3-3.1.2-2.el5.1 (FEDORA-EPEL-2009-0619)
 Module to simplify usage of decorators
--------------------------------------------------------------------------------
Update Information:

New python-decorator package that provides the decorator version 3.x API.
--------------------------------------------------------------------------------


================================================================================
 python-guppy-0.1.9-1.el5 (FEDORA-EPEL-2009-0620)
 A Python Programming Environment
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #526238 - Review Request: python-guppy - A Python Programming Environment
        https://bugzilla.redhat.com/show_bug.cgi?id=526238
--------------------------------------------------------------------------------


================================================================================
 sec-2.5.2-3.el5 (FEDORA-EPEL-2009-0622)
 Simple Event Correlator script to filter log file entries
--------------------------------------------------------------------------------
Update Information:

New upstream release and license fix.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  9 2009 Stefan Schulze Frielinghaus <stefan seekline net> - 2.5.2-3
- Merge fix
* Fri Oct  9 2009 Stefan Schulze Frielinghaus <stefan seekline net> - 2.5.2-2
- SPEC file cleanup
* Tue Sep 29 2009 Stefan Schulze Frielinghaus <stefan seekline net> - 2.5.2-1
- New upstream release
- SPEC file cleanup
- Init script cleanup
- Removed some examples because of licensing issues. Upstream has clarified
  and changed most of the license tags to GPLv2. Additionally, upstream
  will include the examples in the next release.
- Removed a provide statement since a period was in the name and no other
  package required that special name.
--------------------------------------------------------------------------------


================================================================================
 tcl-mysqltcl-3.05-6.el5 (FEDORA-EPEL-2009-0623)
 MySQL interface for Tcl
--------------------------------------------------------------------------------
Update Information:

New package: tcl-mysqltcl - MySQL interface for Tcl    This package is an
extension to the Tool Command Language (Tcl) that provides high-level access to
a MySQL database server.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #466047 - Review Request: tcl-mysqltcl - MySQL interface for Tcl
        https://bugzilla.redhat.com/show_bug.cgi?id=466047
--------------------------------------------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]