Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Oct 27 19:12:55 UTC 2011


The following Fedora EPEL 5 Security updates need testing:

    https://admin.fedoraproject.org/updates/bugzilla-3.2.10-1.el5
    https://admin.fedoraproject.org/updates/atop-1.26-1.el5.1
    https://admin.fedoraproject.org/updates/couchdb-1.0.2-8.el5,erlang-ibrowse-2.2.0-3.el5
    https://admin.fedoraproject.org/updates/ocsinventory-1.3.3-5.el5
    https://admin.fedoraproject.org/updates/phpldapadmin-1.0.2-1.el5
    https://admin.fedoraproject.org/updates/awstats-6.95-3.el5
    https://admin.fedoraproject.org/updates/clamav-0.97.3-1.el5
    https://admin.fedoraproject.org/updates/cacti-0.8.7h-1.el5
    https://admin.fedoraproject.org/updates/puppet-2.6.12-1.el5
    https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    bodhi-0.8.3-1.el5
    cacti-0.8.7h-1.el5
    collectl-3.6.0-1.el5
    crudminer-0.3.2-3.el5
    freetds-0.91-1.el5
    iec16022-0.2.4-7.el5
    libguestfs-1.2.14-7.el5
    nordugrid-arc-1.1.0-2.el5
    nordugrid-arc-doc-1.1.0-1.el5
    ocsinventory-1.3.3-5.el5
    perl-Devel-PatchPerl-0.58-1.el5
    phpldapadmin-1.0.2-1.el5
    puppet-2.6.12-1.el5
    samtools-0.1.18-2.el5
    ssldump-0.9-0.4.b3.el5
    unbound-1.4.13-2.el5

Details about builds:


================================================================================
 bodhi-0.8.3-1.el5 (FEDORA-EPEL-2011-4764)
 A modular framework that facilitates publishing software updates
--------------------------------------------------------------------------------
Update Information:

Latest bodhi release containing a variety of bugfixes, mostly server-side.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 24 2011 Luke Macken <lmacken at redhat.com> - 0.8.3-1
- Update to 0.8.3
* Fri Aug 12 2011 Luke Macken <lmacken at redhat.com> - 0.8.1-1
- Update our build requirements to make the test suite happy.
- Pull in the new python-fedora-turbogears subpackage
* Thu Jun  9 2011 Luke Macken <lmacken at redhat.com> - 0.8.0-1
- Update to 0.8.0
* Thu Mar 24 2011 Luke Macken <lmacken at redhat.com> - 0.7.15-1
- Update to 0.7.15
* Fri Mar 11 2011 Luke Macken <lmacken at redhat.com> - 0.7.14-1
- Update to 0.7.14
* Fri Mar  4 2011 Luke Macken <lmacken at redhat.com> - 0.7.13-1
- Update to 0.7.13
* Mon Feb 28 2011 Luke Macken <lmacken at redhat.com> - 0.7.12-1
- Update to 0.7.12
* Thu Feb 24 2011 Luke Macken <lmacken at redhat.com> - 0.7.11-1
- Update to 0.7.11
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.7.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 10 2011 Luke Macken <lmacken at redhat.com> - 0.7.10-1
- 0.7.10 release
* Mon Sep 20 2010 Luke Macken <lmacken at redhat.com> - 0.7.9-1
- 0.7.9 release
* Thu Aug 12 2010 Luke Macken <lmacken at redhat.com> - 0.7.8-1
- 0.7.8 release
- Require python-kitchen
* Wed Aug  4 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 0.7.7-2
- Reenable the TurboGears bits
* Tue Aug  3 2010 Luke Macken <lmacken at redhat.com> - 0.7.7-1
- 0.7.7 release
* Sat Jul 31 2010 Toshio Kuratomi <toshio at fedoraproject.org> - 0.7.5-4
- A little strange, the tarball changed on us....
* Tue Jul 27 2010 Toshio Kuratomi <toshio at fedoraproject.org> - 0.7.5-3
- Disable Requirements that are necessary for operation of hte server.  This is
  a temporary change to get the package building on python-2.7.  Need to revert
  this once the TG stack is rebuilt
* Wed Jul 21 2010 David Malcolm <dmalcolm at redhat.com> - 0.7.5-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #746780 - [abrt] bodhi-client-0.8.0-1.fc16: bodhi:374:<lambda>:IndexError: list index out of range
        https://bugzilla.redhat.com/show_bug.cgi?id=746780
--------------------------------------------------------------------------------


================================================================================
 cacti-0.8.7h-1.el5 (FEDORA-EPEL-2011-4760)
 An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release. Fixes SQL injection and XSS. Upstream release notes are at http://www.cacti.net/release_notes_0_8_7h.php
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 24 2011 Ken Dreyer <ktdreyer at ktdreyer.com> - 0.8.7h-1
- Upstream released new version (#748451)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #748451 - update cacti to latest upstream (0.8.7h)
        https://bugzilla.redhat.com/show_bug.cgi?id=748451
--------------------------------------------------------------------------------


================================================================================
 collectl-3.6.0-1.el5 (FEDORA-EPEL-2011-4757)
 A utility to collect various Linux performance data
--------------------------------------------------------------------------------
Update Information:

update to upstream version 3.6.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 20 2011 Dan Horák <dan[at]danny.cz> 3.6.0-1
- upgrade to upstream version 3.6.0
--------------------------------------------------------------------------------


================================================================================
 crudminer-0.3.2-3.el5 (FEDORA-EPEL-2011-4769)
 Find and report insecure web software in a web root
--------------------------------------------------------------------------------
Update Information:

New package.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #748446 - Review Request: crudminer - Find known-vulnerable software in a web root
        https://bugzilla.redhat.com/show_bug.cgi?id=748446
--------------------------------------------------------------------------------


================================================================================
 freetds-0.91-1.el5 (FEDORA-EPEL-2011-4771)
 Implementation of the TDS (Tabular DataStream) protocol
--------------------------------------------------------------------------------
Update Information:

Update to 0.91

Note, that instead of tds version numbers 8.0 and 9.0, you should use now 7.1 and 7.2 respectively (8.0 is still allowed for compatibility).
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 26 2011 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.91-1
- Upgrade to 0.91
- Drop shared-libtds support
* Wed Mar  9 2011 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.82.1-0.3.20110306dev
- update to the latest stable snapshot 0.82.1.dev.20110306
- make build with shared-libtds conditional
- disable shared-libtds patch by default (seems noone uses it for now)
* Mon Feb 14 2011 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.82.1-0.2.20100810dev
- fix again shared-libtds patch to provide increased library version
* Thu Feb 10 2011 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.82.1-0.1.20100810dev
- update to the latest stable snapshot 0.82.1.dev.20100810
- fix shared-libtds patch to provide properly library names
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.82-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.82-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Mar 26 2009 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.82-5
- add upstream patch cspublic.BLK_VERSION_150.patch (#492393)
* Tue Feb 24 2009 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.82-4
- fix autoconf data for libtool2 (patch by Tom Lane <tgl at redhat.com>)
* Fri Jan 30 2009 Karsten Hopp <karsten at redhat.com> 0.82-3
- add s390x to 64 bit archs
* Sun Jan 11 2009 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.82-3
- Use gnutls for SSL (#479148)
* Tue Jun 17 2008 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.82-2
- Continue to provide an internal libtds library as public
  (patch from Hans de Goede, #451021). This shared library is needed
  for some existing applications (libgda etc.), which still use it directly.
* Mon Jun  9 2008 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.82-1
- Upgrade to 0.82
* Tue Feb 26 2008 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.64-11
- fix "64 or 32 bit" test (#434975)
* Mon Feb 18 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 0.64-10
- Autorebuild for GCC 4.3
* Mon Jan 28 2008 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.64-9
- drop "Obsoletes:" from -doc subpackage to avoid extra complexity.
* Fri Jan 25 2008 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.64-8
- resolve multiarch conflicts (#341181):
  - split references to separate freetds-doc subpackage
  - add arch-specific suffixes for arch-specific filenames in -devel
  - add wrapper for tds_sysdep_public.h
- add readline support (#430196)
* Tue Aug 28 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 0.64-7
- Rebuild for selinux ppc32 issue.
* Thu Aug 16 2007 Dmitry Butskoy <Dmitry at Butskoy.name>
- Change License tag to "LGPLv2+ and GPLv2+"
--------------------------------------------------------------------------------


================================================================================
 iec16022-0.2.4-7.el5 (FEDORA-EPEL-2011-4762)
 Generate ISO/IEC 16022 2D barcodes
--------------------------------------------------------------------------------
Update Information:

iec16022 is a program for producing ISO/IEC 16022 2D barcodes, also known as Data Matrix. These barcodes are defined in the ISO/IEC 16022 standard.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #594844 - Review Request: iec16022 - Generate ISO/IEC 16022 2D barcodes
        https://bugzilla.redhat.com/show_bug.cgi?id=594844
--------------------------------------------------------------------------------


================================================================================
 libguestfs-1.2.14-7.el5 (FEDORA-EPEL-2011-4770)
 Access and modify virtual machine disk images
--------------------------------------------------------------------------------
Update Information:

Rebuild against RHEL 5.7.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 24 2011 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.14-7
- Bump and rebuild - zlib moved the libraries around in RHEL 5.7.
  resolves: rhbz#748370.
- Make tests unconditional, but only run 'make quickcheck'.  EPEL 5 is
  unsupported so we want to put minimum effort into testing and fixing
  this obsolete version of libguestfs.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #748370 - guestfish fails to read disk images after os upgrade
        https://bugzilla.redhat.com/show_bug.cgi?id=748370
--------------------------------------------------------------------------------


================================================================================
 nordugrid-arc-1.1.0-2.el5 (FEDORA-EPEL-2011-4761)
 Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:

Update to NorduGrid ARC 11.05 update 2

http://www.nordugrid.org/arc/releases/11.05u2/

--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 24 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.1.0-2
- Backport fixes for endian independent md5 checksum
* Mon Oct  3 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.1.0-1
- 1.1.0 Final Release
- Drop patches accepted upstream: nordugrid-arc-perl-switch.patch and
  nordugrid-arc-run-full.patch
* Mon Oct  3 2011 Rex Dieter <rdieter at fedoraproject.org> - 1.0.1-3.1
- rebuild (java), rel-eng#4932
--------------------------------------------------------------------------------


================================================================================
 nordugrid-arc-doc-1.1.0-1.el5 (FEDORA-EPEL-2011-4761)
 Advanced Resource Connector Documentation
--------------------------------------------------------------------------------
Update Information:

Update to NorduGrid ARC 11.05 update 2

http://www.nordugrid.org/arc/releases/11.05u2/

--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 19 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.1.0-1
- 1.1.0 Final Release
--------------------------------------------------------------------------------


================================================================================
 ocsinventory-1.3.3-5.el5 (FEDORA-EPEL-2011-4765)
 Open Computer and Software Inventory Next Generation
--------------------------------------------------------------------------------
Update Information:

Fix a XSS vulnerability
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 25 2011 Remi Collet <Fedora at famillecollet.com> - 1.3.3-5
- fix XSS vulnerabity (Bug #748072, CVE-2011-4024)
- Don't require php-zip for F16 and up.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #748072 - CVE-2011-4024 ocsinventory: XSS flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=748072
--------------------------------------------------------------------------------


================================================================================
 perl-Devel-PatchPerl-0.58-1.el5 (FEDORA-EPEL-2011-4775)
 Patch perl source à la Devel::PPPort's buildperl.pl
--------------------------------------------------------------------------------
Update Information:

This update adds patching of make_ext.pl for virtualisation fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 22 2011 Iain Arnell <iarnell at gmail.com> 0.58-1
- update to latest upstream version
- rebase el5-versions.patch
* Sat Sep 24 2011 Iain Arnell <iarnell at gmail.com> 0.52-1
- update to latest upstream version
--------------------------------------------------------------------------------


================================================================================
 phpldapadmin-1.0.2-1.el5 (FEDORA-EPEL-2011-4782)
 Web-based tool for managing LDAP servers
--------------------------------------------------------------------------------
Update Information:

Fix CVE-2011-4074 and CVE-2011-4075 (XSS and code injection vulnerabilities in versions <= 1.2.1.1)

Update to version 1.0.2

--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 26 2011 Dmitry Butskoy <Dmitry at Butskoy.name> - 1.0.2-1
- fix #748539 (CVE-2011-4075)
- update to 1.0.2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #748537 - CVE-2011-4074 CVE-2011-4075 phpldapadmin: XSS and code injection vulnerabilities in <= 1.2.1.1
        https://bugzilla.redhat.com/show_bug.cgi?id=748537
--------------------------------------------------------------------------------


================================================================================
 puppet-2.6.12-1.el5 (FEDORA-EPEL-2011-4772)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:

A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master.  To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates.  This setting is not set by default in the Fedora/EPEL packages.

This update closes the vulnerability in newly generated certificates, but cannot prevent existing certificates from being used to exploit the vulnerability.  Please refer to the upstream documentation for more details on mitigation and remediation of this issue, if you have generate certificates that are vulnerable to this issue:

http://puppetlabs.com/security/cve/cve-2011-3872/
--------------------------------------------------------------------------------
ChangeLog:

* Sun Oct 23 2011 Todd Zullinger <tmz at pobox.com> - 2.6.12-1
- Update to 2.6.12, fixes CVE-2011-3872
- Add upstream patch to restore Mongrel XMLRPC functionality (upstream #10244)
- Apply partial fix for upstream #9167 (tagmail report sends email when nothing
  happens)
--------------------------------------------------------------------------------


================================================================================
 samtools-0.1.18-2.el5 (FEDORA-EPEL-2011-4753)
 Tools for nucleotide sequence alignments in the SAM format
--------------------------------------------------------------------------------
Update Information:

Ensure new seqtk tool is includedc
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 26 2011 Adam Huffman <verdurin at fedoraproject.org> - 0.1.18-2
- make sure new seqtk tool included
--------------------------------------------------------------------------------


================================================================================
 ssldump-0.9-0.4.b3.el5 (FEDORA-EPEL-2011-4790)
 An SSLv3/TLS network protocol analyzer
--------------------------------------------------------------------------------
Update Information:

Fixed wrong decoder table ends to avoid many segfaults
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 24 2011 Robert Scheck <robert at fedoraproject.org> 0.9-0.4.b3
- Fixed wrong decoder table ends to avoid many segfaults (#747398)
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9-0.3.b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #747398 - ssldump segfaults within minutes after running it
        https://bugzilla.redhat.com/show_bug.cgi?id=747398
--------------------------------------------------------------------------------


================================================================================
 unbound-1.4.13-2.el5 (FEDORA-EPEL-2011-4778)
 Validating, recursive, and caching DNS(SEC) resolver
--------------------------------------------------------------------------------
Update Information:

Rebuild for python and unbound-libs <-> unbound dependancies
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 24 2011 Paul Wouters <paul at xelerance.com> - 1.4.13-2
- unbound daemon staticly links unbound-libs (added Requires:)
- Rebuilt for new python
--------------------------------------------------------------------------------





More information about the epel-devel-list mailing list