[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora EPEL 5 updates-testing report



The following Fedora EPEL 5 Security updates need testing:
 Age  URL
  53  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-12767/pcp-3.6.6-1.el5
 183  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13195/drupal7-7.16-1.el5
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13203/389-ds-base-1.2.10.14-2.el5
  13  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13114/phpMyAdmin3-3.5.3-1.el5
  78  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13244/dokuwiki-0-0.14.20121013.el5
  11  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13130/drupal7-feeds-2.0-0.5.alpha6.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13249/viewvc-1.1.15-3.el5
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13152/cobbler-2.4.0-beta2.el5
   7  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13182/ssmtp-2.61-19.el5
   6  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13192/icecast-2.3.3-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    joda-time-1.5.2-9.tzdata2008e.el5
    mozilla-https-everywhere-3.0.2-1.el5
    nagios-plugins-lcgdm-0.9.4-1.el5
    pdns-2.9.22-5.el5
    php-pecl-lzf-1.6.2-1.el5
    viewvc-1.1.15-3.el5

Details about builds:


================================================================================
 joda-time-1.5.2-9.tzdata2008e.el5 (FEDORA-EPEL-2012-13265)
 Java date and time API
--------------------------------------------------------------------------------
Update Information:

try to resolved broken dependencies.
--------------------------------------------------------------------------------


================================================================================
 mozilla-https-everywhere-3.0.2-1.el5 (FEDORA-EPEL-2012-13261)
 HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:

  * Some fixes that should have shipped in 3.0.1, but actually didn't:
    European Southern Observatory, Indeed, LibriVox
  * New fixes:
    Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer
    (fix / reenable), Optical Society, IMDB, Facebook, EzineArticles,
    Broadband Reports, Apache, Akamai (exclude Zynga content to prevent
    breakage of some Zynga games), Costco
  * Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory,
    IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo,
    Shannon Health, O'Reilly Media
    https://trac.torproject.org/projects/tor/ticket/7080
    https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html
  * Disable broken:  Springer
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html
  * Updated translations: Basque, Hungarian, Traditional Chinese
  - Since version 2.x:
    - 1,455 new active rulesets
    - UI improvements:
      -- right-click to view ruleset source in the config window
      -- translate some untranslated menus
      -- better icons in a few places (breaking/redirecting rules,
        context button)
    - Numerous improvements to the SSL Observatory internals, including cached
      submissions on hostile networks, better Tor and Convergence integration,
      and a new setting to control self-signed cert submission
    - New translations: Basque, Czech, Danish, French, Greek, Hungarian,
                        Italian, Korean, Malaysian, Polish, Slovak, Turkish,
                        Traditional Chinese
  - Relative to 3.0development.8:
    - Only promote the Decentralized SSL Observatory to 5% of non-Tor users
    - Update the SSL Observatory whitelist of common cert chains
    - Fixes, mostly in the CDN/media playback department:
             Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
             AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
             Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
             Nokia, Widgetbox.com, Squarespace
             https://trac.torproject.org/projects/tor/ticket/4199
             https://trac.torproject.org/projects/tor/ticket/6871
             https://trac.torproject.org/projects/tor/ticket/6992
             https://trac.torproject.org/projects/tor/ticket/7000
             https://trac.torproject.org/projects/tor/ticket/7020
             https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
    - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
    - Remove a lot of off-by-default rulesets from the code, since they have
      some costs in terms of startup speed and RAM usage
  - Since version 2.x:
    - 1,455 new active rulesets
    - UI improvements:
      -- right-click to view ruleset source in the config window
      -- translate some untranslated menus
      -- better icons in a few places (breaking/redirecting rules,
        context button)
    - Numerous improvements to the SSL Observatory internals, including cached
      submissions on hostile networks, better Tor and Convergence integration,
      and a new setting to control self-signed cert submission
    - New translations: Basque, Czech, Danish, French, Greek, Hungarian,
                        Italian, Korean, Malaysian, Polish, Slovak, Turkish,
                        Traditional Chinese
  - Relative to 3.0development.8:
    - Only promote the Decentralized SSL Observatory to 5% of non-Tor users
    - Update the SSL Observatory whitelist of common cert chains
    - Fixes, mostly in the CDN/media playback department:
             Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
             AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
             Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
             Nokia, Widgetbox.com, Squarespace
             https://trac.torproject.org/projects/tor/ticket/4199
             https://trac.torproject.org/projects/tor/ticket/6871
             https://trac.torproject.org/projects/tor/ticket/6992
             https://trac.torproject.org/projects/tor/ticket/7000
             https://trac.torproject.org/projects/tor/ticket/7020
             https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
    - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
    - Remove a lot of off-by-default rulesets from the code, since they have
      some costs in terms of startup speed and RAM usage
  - Since version 2.x:
    - 1,455 new active rulesets
    - UI improvements:
      -- right-click to view ruleset source in the config window
      -- translate some untranslated menus
      -- better icons in a few places (breaking/redirecting rules,
        context button)
    - Numerous improvements to the SSL Observatory internals, including cached
      submissions on hostile networks, better Tor and Convergence integration,
      and a new setting to control self-signed cert submission
    - New translations: Basque, Czech, Danish, French, Greek, Hungarian,
                        Italian, Korean, Malaysian, Polish, Slovak, Turkish,
                        Traditional Chinese
  - Relative to 3.0development.8:
    - Only promote the Decentralized SSL Observatory to 5% of non-Tor users
    - Update the SSL Observatory whitelist of common cert chains
    - Fixes, mostly in the CDN/media playback department:
             Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
             AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
             Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
             Nokia, Widgetbox.com, Squarespace
             https://trac.torproject.org/projects/tor/ticket/4199
             https://trac.torproject.org/projects/tor/ticket/6871
             https://trac.torproject.org/projects/tor/ticket/6992
             https://trac.torproject.org/projects/tor/ticket/7000
             https://trac.torproject.org/projects/tor/ticket/7020
             https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
    - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
    - Remove a lot of off-by-default rulesets from the code, since they have
      some costs in terms of startup speed and RAM usage
  * Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory,
    IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo,
    Shannon Health, O'Reilly Media
    https://trac.torproject.org/projects/tor/ticket/7080
    https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html
  * Disable broken:  Springer
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html
  * Updated translations: Basque, Hungarian, Traditional Chinese
  - Since version 2.x:
    - 1,455 new active rulesets
    - UI improvements:
      -- right-click to view ruleset source in the config window
      -- translate some untranslated menus
      -- better icons in a few places (breaking/redirecting rules,
        context button)
    - Numerous improvements to the SSL Observatory internals, including cached
      submissions on hostile networks, better Tor and Convergence integration,
      and a new setting to control self-signed cert submission
    - New translations: Basque, Czech, Danish, French, Greek, Hungarian,
                        Italian, Korean, Malaysian, Polish, Slovak, Turkish,
                        Traditional Chinese
  - Relative to 3.0development.8:
    - Only promote the Decentralized SSL Observatory to 5% of non-Tor users
    - Update the SSL Observatory whitelist of common cert chains
    - Fixes, mostly in the CDN/media playback department:
             Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
             AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
             Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
             Nokia, Widgetbox.com, Squarespace
             https://trac.torproject.org/projects/tor/ticket/4199
             https://trac.torproject.org/projects/tor/ticket/6871
             https://trac.torproject.org/projects/tor/ticket/6992
             https://trac.torproject.org/projects/tor/ticket/7000
             https://trac.torproject.org/projects/tor/ticket/7020
             https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
    - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
    - Remove a lot of off-by-default rulesets from the code, since they have
      some costs in terms of startup speed and RAM usage
  - Since version 2.x:
    - 1,455 new active rulesets
    - UI improvements:
      -- right-click to view ruleset source in the config window
      -- translate some untranslated menus
      -- better icons in a few places (breaking/redirecting rules,
        context button)
    - Numerous improvements to the SSL Observatory internals, including cached
      submissions on hostile networks, better Tor and Convergence integration,
      and a new setting to control self-signed cert submission
    - New translations: Basque, Czech, Danish, French, Greek, Hungarian,
                        Italian, Korean, Malaysian, Polish, Slovak, Turkish,
                        Traditional Chinese
  - Relative to 3.0development.8:
    - Only promote the Decentralized SSL Observatory to 5% of non-Tor users
    - Update the SSL Observatory whitelist of common cert chains
    - Fixes, mostly in the CDN/media playback department:
             Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
             AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
             Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
             Nokia, Widgetbox.com, Squarespace
             https://trac.torproject.org/projects/tor/ticket/4199
             https://trac.torproject.org/projects/tor/ticket/6871
             https://trac.torproject.org/projects/tor/ticket/6992
             https://trac.torproject.org/projects/tor/ticket/7000
             https://trac.torproject.org/projects/tor/ticket/7020
             https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
    - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
    - Remove a lot of off-by-default rulesets from the code, since they have
      some costs in terms of startup speed and RAM usage
  - Since version 2.x:
    - 1,455 new active rulesets
    - UI improvements:
      -- right-click to view ruleset source in the config window
      -- translate some untranslated menus
      -- better icons in a few places (breaking/redirecting rules,
        context button)
    - Numerous improvements to the SSL Observatory internals, including cached
      submissions on hostile networks, better Tor and Convergence integration,
      and a new setting to control self-signed cert submission
    - New translations: Basque, Czech, Danish, French, Greek, Hungarian,
                        Italian, Korean, Malaysian, Polish, Slovak, Turkish,
                        Traditional Chinese
  - Relative to 3.0development.8:
    - Only promote the Decentralized SSL Observatory to 5% of non-Tor users
    - Update the SSL Observatory whitelist of common cert chains
    - Fixes, mostly in the CDN/media playback department:
             Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
             AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
             Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
             Nokia, Widgetbox.com, Squarespace
             https://trac.torproject.org/projects/tor/ticket/4199
             https://trac.torproject.org/projects/tor/ticket/6871
             https://trac.torproject.org/projects/tor/ticket/6992
             https://trac.torproject.org/projects/tor/ticket/7000
             https://trac.torproject.org/projects/tor/ticket/7020
             https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
    - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
    - Remove a lot of off-by-default rulesets from the code, since they have
      some costs in terms of startup speed and RAM usage
Update to upstream 3.0.1. remove a lot of off-by-default rulesets due to overhead. Add hundreds of new rulesets. Fix some broken ones. New translations.
Update to upstream 3.0.1. remove a lot of off-by-default rulesets due to overhead. Add hundreds of new rulesets. Fix some broken ones. New translations.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Oct 21 2012 Russell Golden <niveusluna niveusluna org - 3.0.2-1
- Some fixes that should have shipped in 3.0.1, but actually didn't:
    European Southern Observatory, Indeed, LibriVox
  - New fixes:
    Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer
    (fix / reenable), Optical Society, IMDB, Facebook, EzineArticles,
    Broadband Reports, Apache, Akamai (exclude Zynga content to prevent
    breakage of some Zynga games), Costco
* Mon Oct 15 2012 Russell Golden <niveusluna niveusluna org> - 3.0.1-1
- Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory,
    IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo,
    Shannon Health, O'Reilly Media
    https://trac.torproject.org/projects/tor/ticket/7080
    https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html
  - Disable broken:  Springer
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html
  - Updated translations: Basque, Hungarian, Traditional Chinese
* Fri Oct 12 2012 Russell Golden <niveusluna niveusluna org> - 3.0.0-2
- Replace "firefox" in EPEL builds with "firefox >= 3.5" for EL
    users who think updates are for sissies and/or voiding support
    contracts with proprietary vendors. They can't use this if their
    Firefox install is older than 3.5 anyway, so what's the harm?
* Tue Oct  9 2012 Russell Golden <niveusluna niveusluna org> - 3.0.0-1
- Since version 2.x:
    - 1,455 new active rulesets
    - UI improvements: 
      -- right-click to view ruleset source in the config window
      -- translate some untranslated menus
      -- better icons in a few places (breaking/redirecting rules,
        context button)
    - Numerous improvements to the SSL Observatory internals, including cached
      submissions on hostile networks, better Tor and Convergence integration,
      and a new setting to control self-signed cert submission
    - New translations: Basque, Czech, Danish, French, Greek, Hungarian,
                        Italian, Korean, Malaysian, Polish, Slovak, Turkish,
                        Traditional Chinese
  - Relative to 3.0development.8:
    - Only promote the Decentralized SSL Observatory to 5% of non-Tor users
    - Update the SSL Observatory whitelist of common cert chains
    - Fixes, mostly in the CDN/media playback department: 
             Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
             AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
             Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
             Nokia, Widgetbox.com, Squarespace
             https://trac.torproject.org/projects/tor/ticket/4199
             https://trac.torproject.org/projects/tor/ticket/6871
             https://trac.torproject.org/projects/tor/ticket/6992
             https://trac.torproject.org/projects/tor/ticket/7000
             https://trac.torproject.org/projects/tor/ticket/7020
             https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
    - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
    - Remove a lot of off-by-default rulesets from the code, since they have
      some costs in terms of startup speed and RAM usage
--------------------------------------------------------------------------------


================================================================================
 nagios-plugins-lcgdm-0.9.4-1.el5 (FEDORA-EPEL-2012-13257)
 Nagios probes to be run remotely against DPM / LFC nodes
--------------------------------------------------------------------------------
Update Information:

Update for new upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 22 2012 Ricardo Rocha <ricardo rocha cern ch> - 0.9.4-1
- Update for new upstream release
* Tue Oct 16 2012 Ricardo Rocha <ricardo rocha cern ch> - 0.9.3-1
- Update for new upstream release
* Wed Sep 12 2012 Ricardo Rocha <ricardo rocha cern ch> - 0.9.2-1
- Added runtime dep on python ldap for dpm-head package
--------------------------------------------------------------------------------


================================================================================
 pdns-2.9.22-5.el5 (FEDORA-EPEL-2012-13256)
 A modern, advanced and high performance authoritative-only nameserver
--------------------------------------------------------------------------------
Update Information:

- Fixed permissions of pdns.conf file (rhbz#646510)
- Set bind as default backend
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 20 2012 Morten Stevens <mstevens imt-systems com> - 2.9.22-5
- Fixed permissions of pdns.conf file (rhbz#646510)
- Set bind as default backend
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #646510 - PowerDNS configuration is world-readable while it can contain passwords
        https://bugzilla.redhat.com/show_bug.cgi?id=646510
--------------------------------------------------------------------------------


================================================================================
 php-pecl-lzf-1.6.2-1.el5 (FEDORA-EPEL-2012-13260)
 Extension to handle LZF de/compression
--------------------------------------------------------------------------------
Update Information:

new upstream
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 20 2012 Andrew Colin Kissa - 1.6.2-1
- Upgrade to latest upstream
- Fix bugzilla #838309 #680230
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng lists fedoraproject org> - 1.5.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 19 2012 Remi Collet <remi fedoraproject org> - 1.5.2-9
- rebuild against PHP 5.4, with upstream patch
- add filter to avoid private-shared-object-provides
- add minimal %check
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng lists fedoraproject org> - 1.5.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Jul 15 2011 Andrew Colin Kissa <andrew topdog za net> - 1.5.2-7
- Fix bugzilla #715791
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng lists fedoraproject org> - 1.5.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng lists fedoraproject org> - 1.5.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #838309 - php-pecl-lzf-1.6.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=838309
  [ 2 ] Bug #680230 - php-pecl-lzf contains a bundled liblzf.
        https://bugzilla.redhat.com/show_bug.cgi?id=680230
--------------------------------------------------------------------------------


================================================================================
 viewvc-1.1.15-3.el5 (FEDORA-EPEL-2012-13249)
 Browser interface for CVS and SVN version control repositories
--------------------------------------------------------------------------------
Update Information:

Patch CVE-2012-4533.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 22 2012 Bojan Smojver <bojan rexursive com> - 1.1.15-3
- patch CVE-2012-4533, bug #868606
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng lists fedoraproject org> - 1.1.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #868606 - CVE-2012-4533 viewvc 1.1.5 lib/viewvc.py XSS
        https://bugzilla.redhat.com/show_bug.cgi?id=868606
--------------------------------------------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]