Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sat Apr 14 18:00:36 UTC 2012 

The following Fedora EPEL 5 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5554/phpMyAdmin3-3.5.0-1.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0931/drupal7-ctools-1.0-1.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0352/bugzilla-3.2.10-4.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5561/python26-2.6.8-1.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5563/gallery2-2.3.2-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    cobbler-2.2.2-1.el5
    drupal6-views-2.16-2.el5
    gallery2-2.3.2-1.el5
    nagios-plugins-openmanage-3.7.5-1.el5
    python26-2.6.8-1.el5
    tito-0.4.8-1.el5

Details about builds:


================================================================================
 cobbler-2.2.2-1.el5 (FEDORA-EPEL-2012-5555)
 Boot server configurator
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 11 2012 James Cammarata <jimi at sngx.net> - 2.2.2-1
- New upstream 2.2.2 release (jimi at sngx.net)
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 drupal6-views-2.16-2.el5 (FEDORA-EPEL-2012-5560)
 Provides a method for site designers to control content presentation
--------------------------------------------------------------------------------
Update Information:

Latest upstream.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Nov 15 2011 Jon Ciesla <limb at jcomserv.net> - 2.16-1
- Update to 2.16, BZ 754076.
* Fri Nov  4 2011 Jon Ciesla <limb at jcomserv.net> - 2.14-1
- Update to 2.14, BZ 751044.
--------------------------------------------------------------------------------


================================================================================
 gallery2-2.3.2-1.el5 (FEDORA-EPEL-2012-5563)
 Customizable photo gallery web site
--------------------------------------------------------------------------------
Update Information:

Fixes for CVE-2012-1113, minor XSS vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 12 2012 Jon Ciesla <limburgher at gmail.com> - 2.3.2-1
- Latest upstream, minor security fixes,
- BZ 812048, 812049, 812050.
* Fri Feb  3 2012 Jon Ciesla <limburgher at gmail.com> - 2.3.1-6
- Unbundle php-pear-Mail-Mime, BZ 501867.
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Dec  7 2011 Jon Ciesla <limburgher at gmail.com> - 2.3.1-4
- Patch for jpegtran output, BZ 712558.
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Jul  2 2010 Adam Tkac <atkac redhat com> - 2.3.1-2
- jpegtran subpkg: require /usr/bin/jpegtran instead of libjpeg to be compatible
  with both libjpeg and libjpeg-turbo
* Thu Dec 17 2009 Jon Ciesla <limb at jcomserv.net> - 2.3.1-1
- 2.3.1, fix for upgrader in PHP 5.3.x.
- smtp patch upstreamed.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #812048 - CVE-2012-1113 gallery: XSS flaws in administration area [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=812048
  [ 2 ] Bug #812049 - CVE-2012-1113 gallery: XSS flaws in administration area [fedora-rawhide]
        https://bugzilla.redhat.com/show_bug.cgi?id=812049
  [ 3 ] Bug #812050 - CVE-2012-1113 gallery: XSS flaws in administration area [epel-5]
        https://bugzilla.redhat.com/show_bug.cgi?id=812050
--------------------------------------------------------------------------------


================================================================================
 nagios-plugins-openmanage-3.7.5-1.el5 (FEDORA-EPEL-2012-5564)
 Nagios plugin to monitor hardware health on Dell servers
--------------------------------------------------------------------------------
Update Information:

Update to upstream version 3.7.5
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 13 2012 Trond Hasle Amundsen <t.h.amundsen at usit.uio.no> - 3.7.5-1
- Upstream version 3.7.5
--------------------------------------------------------------------------------


================================================================================
 python26-2.6.8-1.el5 (FEDORA-EPEL-2012-5561)
 An interpreted, interactive, object-oriented programming language
--------------------------------------------------------------------------------
Update Information:

Rebase of python26 from 2.6.5 to 2.6.8 bringing in security fixes, along with other bugfixes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 12 2012 David Malcolm <dmalcolm at redhat.com> - 2.6.8-1
- 2.6.8: refresh patch 102 (lib64), patch 52 (valgrind) and patch 110
(ctypes/SELinux); drop upstream patch 11 (tolower), patch 116 (CVE-2010-1634),
patch 117 (CVE-2010-2089), patch 118 (CVE-2008-5983); add patch 200 (Py_DEBUG
and _Py_HashSecret_Initialized); regenerate the autotool intermediates patch
(patch 300)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003)
        https://bugzilla.redhat.com/show_bug.cgi?id=750555
  [ 2 ] Bug #789790 - CVE-2012-0845 python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request
        https://bugzilla.redhat.com/show_bug.cgi?id=789790
  [ 3 ] Bug #812068 - python: SSL CBC IV vulnerability (CVE-2011-3389, BEAST)
        https://bugzilla.redhat.com/show_bug.cgi?id=812068
--------------------------------------------------------------------------------


================================================================================
 tito-0.4.8-1.el5 (FEDORA-EPEL-2012-5569)
 A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:

Fix mock builds of packages that do not use the standard builder, changelog email issues with interpreting 0 as false, and a broken constructor in the distributionbuilder.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr  2 2012 Devan Goodwin <dgoodwin at rm-rf.ca> 0.4.8-1
- Fix MockBuilder for packages that use non-standard builders normally.
  (dgoodwin at redhat.com)
- interpret '0' as False for changelog_with_email setting. (msuchy at redhat.com)
* Thu Mar 15 2012 Devan Goodwin <dgoodwin at rm-rf.ca> 0.4.7-1
- Fix issues with DistributionBuilder constructor (dgoodwin at redhat.com)
--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list