Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Fri Feb 24 23:41:29 UTC 2012


The following Fedora EPEL 5 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0431/fail2ban-0.8.4-29.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0425/glpi-0.78.5-4.svn17464.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0352/bugzilla-3.2.10-4.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0586/python-paste-script-1.7.5-1.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0376/drupal7-field_permissions-1.0-0.2.beta2.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0578/puppet-2.6.14-1.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3762/couchdb-1.0.2-8.el5,erlang-ibrowse-2.2.0-3.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0102/libarchive-2.8.4-4.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    drupal7-views-3.3-1.el5
    globus-simple-ca-3.0-2.el5
    puppet-2.6.14-1.el5
    python-httplib2-0.7.2-1.el5
    python-paste-script-1.7.5-1.el5
    snappy-1.0.5-1.el5

Details about builds:


================================================================================
 drupal7-views-3.3-1.el5 (FEDORA-EPEL-2012-0576)
 Provides a method for site designers to control content presentation
--------------------------------------------------------------------------------
Update Information:

Update to upstream 3.3 release
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 23 2012 Jared Smith <jsmith at fedoraproject.org> - 3.3-1
- Update to upstream 3.3 release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #795712 - drupal7-views-3.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=795712
--------------------------------------------------------------------------------


================================================================================
 globus-simple-ca-3.0-2.el5 (FEDORA-EPEL-2012-0587)
 Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:

The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for their cause.

The globus-simple-ca package contains: Simple CA Utility

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #772994 - Review Request: globus-simple-ca - Globus Toolkit - Simple CA Utility
        https://bugzilla.redhat.com/show_bug.cgi?id=772994
--------------------------------------------------------------------------------


================================================================================
 puppet-2.6.14-1.el5 (FEDORA-EPEL-2012-0578)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:

Please refer to the upstream release notes for details:

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 22 2012 Todd Zullinger <tmz at pobox.com> - 2.6.14-1
- Update to 2.6.14, fixes CVE-2012-1053 and CVE-2012-1054
* Mon Feb 13 2012 Todd Zullinger <tmz at pobox.com> - 2.6.13-3
- Move rpmlint fixes to %prep, add a few additional fixes
- Bump minimum ruby version to 1.8.5 now that EL-4 is all but dead
- Update install locations for Fedora-17 / Ruby-1.9
- Use ruby($lib) for augeas and shadow requirements
- Only try to run 0.25.x -> 2.6.x pid file updates on EL
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #791001 - CVE-2012-1053 Puppet 2.6.13 group ID handling issues
        https://bugzilla.redhat.com/show_bug.cgi?id=791001
  [ 2 ] Bug #791002 - CVE-2012-1054 Puppet 2.6.13 Klogin File Handling Issue
        https://bugzilla.redhat.com/show_bug.cgi?id=791002
--------------------------------------------------------------------------------


================================================================================
 python-httplib2-0.7.2-1.el5 (FEDORA-EPEL-2012-0584)
 A comprehensive HTTP client library
--------------------------------------------------------------------------------
Update Information:

Upstream update to 0.7.2
Note this version uses fedora's cert file bundle instead of httplib2
default.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 24 2012 Ding-Yi Chen <dchen at redhat.com> - 0.7.2-1
- Upstream update to 0.7.2
  Which may fixed http://code.google.com/p/httplib2/issues/detail?id=62
  Note this version uses fedora's cert file bundle instead of httplib2
  default.
* Fri Jul 29 2011 Ding-Yi Chen <dchen at redhat.com>  - 0.4.0-5
- Apply that address python-httplib2 (GoogleCode Hosted) issue 39
  http://code.google.com/p/httplib2/issues/detail?id=39
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Aug 25 2010 Thomas Spura <tomspur at fedoraproject.org> - 0.6.0-4
- rebuild with python3.2
  http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html
* Thu Jul 22 2010 David Malcolm <dmalcolm at redhat.com> - 0.6.0-3
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Tue Apr 20 2010 Tom "spot" Callaway <tcallawa at redhat.com>
- minor spec cleanups
- enable python3 support
* Fri Apr  2 2010 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 0.6.0-1
- version upgrade (#566721)
--------------------------------------------------------------------------------


================================================================================
 python-paste-script-1.7.5-1.el5 (FEDORA-EPEL-2012-0586)
 A pluggable command-line frontend
--------------------------------------------------------------------------------
Update Information:

This update fixes a security flaw with Paster that prevents it from properly dropping privileges when run as root.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 23 2012 Luke Macken <lmacken at redhat.com> - 1.7.5-1
- Update to 1.7.5
- Apply a patch from upstream to fix a security issue when running Paster as
  root (#796790)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #796790 - CVE-2012-0878 python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root
        https://bugzilla.redhat.com/show_bug.cgi?id=796790
--------------------------------------------------------------------------------


================================================================================
 snappy-1.0.5-1.el5 (FEDORA-EPEL-2012-0574)
 Fast compression and decompression library
--------------------------------------------------------------------------------
Update Information:

This is a maintenance release that provides faster decompression. For a complete list of changes see:
http://snappy.googlecode.com/svn-history/r61/trunk/NEWS
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 24 2012 Martin Gieseking <martin.gieseking at uos.de> 1.0.5-1
- updated to release 1.0.5
- made dependency of devel package on base package arch dependant
--------------------------------------------------------------------------------





More information about the epel-devel-list mailing list