[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora EPEL 5 updates-testing report



The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 275  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
 169  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
  52  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13612/drupal6-ctools-1.10-1.el5
  17  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0011/drupal7-context-3.0-0.3.beta6.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0116/drupal6-6.28-1.el5
   5  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0102/ettercap-0.7.3-21.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0139/proftpd-1.3.3g-2.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0148/drupal7-7.19-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    drupal6-6.28-1.el5
    drupal7-7.19-1.el5
    fwsnort-1.6.3-1.el5
    imapsync-1.518-2.el5
    ivykis-0.36.1-1.el5
    libxc-2.0.1-1.el5
    ndjbdns-1.05.6-1.el5
    php-pear-Image-Text-0.6.1-1.el5
    php-pear-Text-Figlet-1.0.2-1.el5
    php-pear-Text-Password-1.1.1-1.el5
    proftpd-1.3.3g-2.el5
    python-simplevisor-0.6-1.el5
    safekeep-1.4.1-1.el5
    salt-0.12.0-1.el5

Details about builds:


================================================================================
 drupal6-6.28-1.el5 (FEDORA-EPEL-2013-0116)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:

SA-CORE-2013-001
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 17 2013 Jon Ciesla <limburgher gmail com> - 6.28-1
- 6.28, SA-CORE-2013-001.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #896454 - drupal6-6.28 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=896454
  [ 2 ] Bug #896468 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=896468
  [ 3 ] Bug #896469 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=896469
  [ 4 ] Bug #896470 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=896470
  [ 5 ] Bug #896471 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=896471
--------------------------------------------------------------------------------


================================================================================
 drupal7-7.19-1.el5 (FEDORA-EPEL-2013-0148)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:

SA-CORE-2013-001
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 17 2013 Jon Ciesla <limburgher gmail com> - 7.19-1
- 7.19, SA-CORE-2013-001.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #896455 - drupal7-7.19 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=896455
  [ 2 ] Bug #896468 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=896468
  [ 3 ] Bug #896469 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=896469
  [ 4 ] Bug #896470 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=896470
  [ 5 ] Bug #896471 - drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001) [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=896471
--------------------------------------------------------------------------------


================================================================================
 fwsnort-1.6.3-1.el5 (FEDORA-EPEL-2013-0160)
 Translates Snort rules into equivalent iptables rules
--------------------------------------------------------------------------------
Update Information:

Updated version.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 10 2013 Guillermo Gómez <gomix fedoraproject org> - 1.6.3-1
- Updated version.
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng lists fedoraproject org> - 1.6.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun  8 2012 Petr Pisar <ppisar redhat com> - 1.6.2-2
- Perl 5.16 rebuild
--------------------------------------------------------------------------------


================================================================================
 imapsync-1.518-2.el5 (FEDORA-EPEL-2013-0154)
 Tool to migrate email between IMAP servers
--------------------------------------------------------------------------------
Update Information:

Fix outdated license references in README and imapsync script to conform with new NLPL license instead of WTFPL

Update to 1.518
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 17 2013 Nick Bebout <nb fedoraproject org> - 1.518-2
- Fix spec to install COPYING file now
* Thu Jan 17 2013 Nick Bebout <nb fedoraproject org> - 1.518-1
- Upgrade to 1.518
--------------------------------------------------------------------------------


================================================================================
 ivykis-0.36.1-1.el5 (FEDORA-EPEL-2013-0125)
 Library for asynchronous I/O readiness notification
--------------------------------------------------------------------------------
Update Information:

Update to 0.36.1.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 17 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 0.36.1-1
- Update to 0.36.1.
--------------------------------------------------------------------------------


================================================================================
 libxc-2.0.1-1.el5 (FEDORA-EPEL-2013-0132)
 Library of exchange and correlation functionals to be used in DFT codes
--------------------------------------------------------------------------------
Update Information:

Bugfixes to MGGA functionals, all B97-like GGA functionals and GGA C_WL functional.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 21 2013 Susi Lehtola <jussilehtola fedoraproject org> - 2.0.1-1
- Update to 2.0.1.
--------------------------------------------------------------------------------


================================================================================
 ndjbdns-1.05.6-1.el5 (FEDORA-EPEL-2013-0118)
 New djbdns: usable djbdns
--------------------------------------------------------------------------------
Update Information:

New djbdns: usable djbdns
--------------------------------------------------------------------------------


================================================================================
 php-pear-Image-Text-0.6.1-1.el5 (FEDORA-EPEL-2013-0136)
 Advanced text manipulations in images
--------------------------------------------------------------------------------
Update Information:

Image_Text provides a comfortable interface to text manipulations in GD images. Beside common Freetype2 functionality it offers to handle texts in a graphic- or office-tool like way. For example it allows alignment of texts inside a text box, rotation (around the top left corner of a text box or it's center point) and the automatic measurement of the optimal font size for a given text box.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #896014 - Review Request: php-pear-Image-Text - Advanced text manipulations in images
        https://bugzilla.redhat.com/show_bug.cgi?id=896014
--------------------------------------------------------------------------------


================================================================================
 php-pear-Text-Figlet-1.0.2-1.el5 (FEDORA-EPEL-2013-0147)
 Render text using FIGlet fonts
--------------------------------------------------------------------------------
Update Information:

Engine for use FIGlet fonts to rendering text.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #895992 - Review Request: php-pear-Text-Figlet - Render text using FIGlet fonts
        https://bugzilla.redhat.com/show_bug.cgi?id=895992
--------------------------------------------------------------------------------


================================================================================
 php-pear-Text-Password-1.1.1-1.el5 (FEDORA-EPEL-2013-0120)
 Creating passwords with PHP
--------------------------------------------------------------------------------
Update Information:

Text_Password allows one to create pronounceable and unpronounceable passwords. The full functional range is explained in the manual at http://pear.php.net/manual/.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #895984 - Review Request: php-pear-Text-Password - Creating passwords with PHP
        https://bugzilla.redhat.com/show_bug.cgi?id=895984
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.3g-2.el5 (FEDORA-EPEL-2013-0139)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to mod_sftp and the handling of the MKDIR SFTP request as well.

Note that using the DefaultRoot directive to restrict sessions mitigates this attack, since the symlinks created by the local attacker will point outside of the chroot(2) area within the FTP session, and thus the ownership change will fail. The default configuration in EPEL applies the DefaultRoot directive to all users except "adm".

The upstream reference for this issue is: http://bugs.proftpd.org/show_bug.cgi?id=3841

This update includes a backport to 1.3.3g of upstream's backport to proftpd 1.3.4 of the fix for this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 18 2013 Paul Howarth <paul city-fan org> 1.3.3g-2
- Fix possible symlink race when applying UserOwner to newly created directory
  (CVE-2012-6095, #892715, http://bugs.proftpd.org/show_bug.cgi?id=3841)
- Add -fno-strict-aliasing, needed for mod_radius
- Drop %defattr, redundant since rpm 4.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #892715 - CVE-2012-6095 proftpd: Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory
        https://bugzilla.redhat.com/show_bug.cgi?id=892715
--------------------------------------------------------------------------------


================================================================================
 python-simplevisor-0.6-1.el5 (FEDORA-EPEL-2013-0153)
 Python simple daemons supervisor
--------------------------------------------------------------------------------
Update Information:

First build, rhbz #857484.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #857484 - Review Request: python-simplevisor - Python simple daemons supervisor
        https://bugzilla.redhat.com/show_bug.cgi?id=857484
--------------------------------------------------------------------------------


================================================================================
 safekeep-1.4.1-1.el5 (FEDORA-EPEL-2013-0164)
 The SafeKeep backup system
--------------------------------------------------------------------------------
Update Information:

Upgrade to new upstream version.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 19 2013 Frank Crawford <frank crawford emu id au> 1.4.1-1
- Latest upstream release
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng lists fedoraproject org> - 1.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 salt-0.12.0-1.el5 (FEDORA-EPEL-2013-0151)
 A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:

update to upstream release 0.12.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 16 2013 Clint Savage <herlo1 gmail com> - 0.12.0-1
- Upstream release 0.12.0
--------------------------------------------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]