The following Fedora EPEL 5 Security updates need testing:
Age URL
53
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-12767/pcp-3.6.6-1.el5
183
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13195/drupal7-7.16-1.el5
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13203/389-ds-base-1.2.10.14-2.el5
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13114/phpMyAdmin3-3.5.3-1.el5
78
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13244/dokuwiki-0-0.14.20121013.el5
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13130/drupal7-feeds-2.0-0.5.alpha6.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13249/viewvc-1.1.15-3.el5
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13152/cobbler-2.4.0-beta2.el5
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13182/ssmtp-2.61-19.el5
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13192/icecast-2.3.3-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
joda-time-1.5.2-9.tzdata2008e.el5
mozilla-https-everywhere-3.0.2-1.el5
nagios-plugins-lcgdm-0.9.4-1.el5
pdns-2.9.22-5.el5
php-pecl-lzf-1.6.2-1.el5
viewvc-1.1.15-3.el5
Details about builds:
================================================================================
joda-time-1.5.2-9.tzdata2008e.el5 (FEDORA-EPEL-2012-13265)
Java date and time API
--------------------------------------------------------------------------------
Update Information:
try to resolved broken dependencies.
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-3.0.2-1.el5 (FEDORA-EPEL-2012-13261)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
* Some fixes that should have shipped in 3.0.1, but actually didn't:
European Southern Observatory, Indeed, LibriVox
* New fixes:
Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer
(fix / reenable), Optical Society, IMDB, Facebook, EzineArticles,
Broadband Reports, Apache, Akamai (exclude Zynga content to prevent
breakage of some Zynga games), Costco
* Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern
Observatory,
IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo,
Shannon Health, O'Reilly Media
https://trac.torproject.org/projects/tor/ticket/7080
https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html
* Disable broken: Springer
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html
* Updated translations: Basque, Hungarian, Traditional Chinese
- Since version 2.x:
- 1,455 new active rulesets
- UI improvements:
-- right-click to view ruleset source in the config window
-- translate some untranslated menus
-- better icons in a few places (breaking/redirecting rules,
context button)
- Numerous improvements to the SSL Observatory internals, including cached
submissions on hostile networks, better Tor and Convergence integration,
and a new setting to control self-signed cert submission
- New translations: Basque, Czech, Danish, French, Greek, Hungarian,
Italian, Korean, Malaysian, Polish, Slovak, Turkish,
Traditional Chinese
- Relative to 3.0development.8:
- Only promote the Decentralized SSL Observatory to 5% of non-Tor users
- Update the SSL Observatory whitelist of common cert chains
- Fixes, mostly in the CDN/media playback department:
Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
Nokia, Widgetbox.com, Squarespace
https://trac.torproject.org/projects/tor/ticket/4199
https://trac.torproject.org/projects/tor/ticket/6871
https://trac.torproject.org/projects/tor/ticket/6992
https://trac.torproject.org/projects/tor/ticket/7000
https://trac.torproject.org/projects/tor/ticket/7020
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
- Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
- Remove a lot of off-by-default rulesets from the code, since they have
some costs in terms of startup speed and RAM usage
- Since version 2.x:
- 1,455 new active rulesets
- UI improvements:
-- right-click to view ruleset source in the config window
-- translate some untranslated menus
-- better icons in a few places (breaking/redirecting rules,
context button)
- Numerous improvements to the SSL Observatory internals, including cached
submissions on hostile networks, better Tor and Convergence integration,
and a new setting to control self-signed cert submission
- New translations: Basque, Czech, Danish, French, Greek, Hungarian,
Italian, Korean, Malaysian, Polish, Slovak, Turkish,
Traditional Chinese
- Relative to 3.0development.8:
- Only promote the Decentralized SSL Observatory to 5% of non-Tor users
- Update the SSL Observatory whitelist of common cert chains
- Fixes, mostly in the CDN/media playback department:
Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
Nokia, Widgetbox.com, Squarespace
https://trac.torproject.org/projects/tor/ticket/4199
https://trac.torproject.org/projects/tor/ticket/6871
https://trac.torproject.org/projects/tor/ticket/6992
https://trac.torproject.org/projects/tor/ticket/7000
https://trac.torproject.org/projects/tor/ticket/7020
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
- Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
- Remove a lot of off-by-default rulesets from the code, since they have
some costs in terms of startup speed and RAM usage
- Since version 2.x:
- 1,455 new active rulesets
- UI improvements:
-- right-click to view ruleset source in the config window
-- translate some untranslated menus
-- better icons in a few places (breaking/redirecting rules,
context button)
- Numerous improvements to the SSL Observatory internals, including cached
submissions on hostile networks, better Tor and Convergence integration,
and a new setting to control self-signed cert submission
- New translations: Basque, Czech, Danish, French, Greek, Hungarian,
Italian, Korean, Malaysian, Polish, Slovak, Turkish,
Traditional Chinese
- Relative to 3.0development.8:
- Only promote the Decentralized SSL Observatory to 5% of non-Tor users
- Update the SSL Observatory whitelist of common cert chains
- Fixes, mostly in the CDN/media playback department:
Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
Nokia, Widgetbox.com, Squarespace
https://trac.torproject.org/projects/tor/ticket/4199
https://trac.torproject.org/projects/tor/ticket/6871
https://trac.torproject.org/projects/tor/ticket/6992
https://trac.torproject.org/projects/tor/ticket/7000
https://trac.torproject.org/projects/tor/ticket/7020
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
- Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
- Remove a lot of off-by-default rulesets from the code, since they have
some costs in terms of startup speed and RAM usage
* Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern
Observatory,
IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo,
Shannon Health, O'Reilly Media
https://trac.torproject.org/projects/tor/ticket/7080
https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html
* Disable broken: Springer
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html
* Updated translations: Basque, Hungarian, Traditional Chinese
- Since version 2.x:
- 1,455 new active rulesets
- UI improvements:
-- right-click to view ruleset source in the config window
-- translate some untranslated menus
-- better icons in a few places (breaking/redirecting rules,
context button)
- Numerous improvements to the SSL Observatory internals, including cached
submissions on hostile networks, better Tor and Convergence integration,
and a new setting to control self-signed cert submission
- New translations: Basque, Czech, Danish, French, Greek, Hungarian,
Italian, Korean, Malaysian, Polish, Slovak, Turkish,
Traditional Chinese
- Relative to 3.0development.8:
- Only promote the Decentralized SSL Observatory to 5% of non-Tor users
- Update the SSL Observatory whitelist of common cert chains
- Fixes, mostly in the CDN/media playback department:
Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
Nokia, Widgetbox.com, Squarespace
https://trac.torproject.org/projects/tor/ticket/4199
https://trac.torproject.org/projects/tor/ticket/6871
https://trac.torproject.org/projects/tor/ticket/6992
https://trac.torproject.org/projects/tor/ticket/7000
https://trac.torproject.org/projects/tor/ticket/7020
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
- Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
- Remove a lot of off-by-default rulesets from the code, since they have
some costs in terms of startup speed and RAM usage
- Since version 2.x:
- 1,455 new active rulesets
- UI improvements:
-- right-click to view ruleset source in the config window
-- translate some untranslated menus
-- better icons in a few places (breaking/redirecting rules,
context button)
- Numerous improvements to the SSL Observatory internals, including cached
submissions on hostile networks, better Tor and Convergence integration,
and a new setting to control self-signed cert submission
- New translations: Basque, Czech, Danish, French, Greek, Hungarian,
Italian, Korean, Malaysian, Polish, Slovak, Turkish,
Traditional Chinese
- Relative to 3.0development.8:
- Only promote the Decentralized SSL Observatory to 5% of non-Tor users
- Update the SSL Observatory whitelist of common cert chains
- Fixes, mostly in the CDN/media playback department:
Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
Nokia, Widgetbox.com, Squarespace
https://trac.torproject.org/projects/tor/ticket/4199
https://trac.torproject.org/projects/tor/ticket/6871
https://trac.torproject.org/projects/tor/ticket/6992
https://trac.torproject.org/projects/tor/ticket/7000
https://trac.torproject.org/projects/tor/ticket/7020
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
- Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
- Remove a lot of off-by-default rulesets from the code, since they have
some costs in terms of startup speed and RAM usage
- Since version 2.x:
- 1,455 new active rulesets
- UI improvements:
-- right-click to view ruleset source in the config window
-- translate some untranslated menus
-- better icons in a few places (breaking/redirecting rules,
context button)
- Numerous improvements to the SSL Observatory internals, including cached
submissions on hostile networks, better Tor and Convergence integration,
and a new setting to control self-signed cert submission
- New translations: Basque, Czech, Danish, French, Greek, Hungarian,
Italian, Korean, Malaysian, Polish, Slovak, Turkish,
Traditional Chinese
- Relative to 3.0development.8:
- Only promote the Decentralized SSL Observatory to 5% of non-Tor users
- Update the SSL Observatory whitelist of common cert chains
- Fixes, mostly in the CDN/media playback department:
Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
Nokia, Widgetbox.com, Squarespace
https://trac.torproject.org/projects/tor/ticket/4199
https://trac.torproject.org/projects/tor/ticket/6871
https://trac.torproject.org/projects/tor/ticket/6992
https://trac.torproject.org/projects/tor/ticket/7000
https://trac.torproject.org/projects/tor/ticket/7020
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
- Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
- Remove a lot of off-by-default rulesets from the code, since they have
some costs in terms of startup speed and RAM usage
Update to upstream 3.0.1. remove a lot of off-by-default rulesets due to
overhead. Add hundreds of new rulesets. Fix some broken ones. New translations.
Update to upstream 3.0.1. remove a lot of off-by-default rulesets due to
overhead. Add hundreds of new rulesets. Fix some broken ones. New translations.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 21 2012 Russell Golden <niveusl...@niveusluna.org - 3.0.2-1
- Some fixes that should have shipped in 3.0.1, but actually didn't:
European Southern Observatory, Indeed, LibriVox
- New fixes:
Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer
(fix / reenable), Optical Society, IMDB, Facebook, EzineArticles,
Broadband Reports, Apache, Akamai (exclude Zynga content to prevent
breakage of some Zynga games), Costco
* Mon Oct 15 2012 Russell Golden <niveusl...@niveusluna.org> - 3.0.1-1
- Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory,
IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo,
Shannon Health, O'Reilly Media
https://trac.torproject.org/projects/tor/ticket/7080
https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html
- Disable broken: Springer
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html
- Updated translations: Basque, Hungarian, Traditional Chinese
* Fri Oct 12 2012 Russell Golden <niveusl...@niveusluna.org> - 3.0.0-2
- Replace "firefox" in EPEL builds with "firefox >= 3.5" for EL
users who think updates are for sissies and/or voiding support
contracts with proprietary vendors. They can't use this if their
Firefox install is older than 3.5 anyway, so what's the harm?
* Tue Oct 9 2012 Russell Golden <niveusl...@niveusluna.org> - 3.0.0-1
- Since version 2.x:
- 1,455 new active rulesets
- UI improvements:
-- right-click to view ruleset source in the config window
-- translate some untranslated menus
-- better icons in a few places (breaking/redirecting rules,
context button)
- Numerous improvements to the SSL Observatory internals, including cached
submissions on hostile networks, better Tor and Convergence integration,
and a new setting to control self-signed cert submission
- New translations: Basque, Czech, Danish, French, Greek, Hungarian,
Italian, Korean, Malaysian, Polish, Slovak, Turkish,
Traditional Chinese
- Relative to 3.0development.8:
- Only promote the Decentralized SSL Observatory to 5% of non-Tor users
- Update the SSL Observatory whitelist of common cert chains
- Fixes, mostly in the CDN/media playback department:
Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
Nokia, Widgetbox.com, Squarespace
https://trac.torproject.org/projects/tor/ticket/4199
https://trac.torproject.org/projects/tor/ticket/6871
https://trac.torproject.org/projects/tor/ticket/6992
https://trac.torproject.org/projects/tor/ticket/7000
https://trac.torproject.org/projects/tor/ticket/7020
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
- Disable buggy: Web.de, AJC.com, Feross, Bestofmedia
- Remove a lot of off-by-default rulesets from the code, since they have
some costs in terms of startup speed and RAM usage
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-lcgdm-0.9.4-1.el5 (FEDORA-EPEL-2012-13257)
Nagios probes to be run remotely against DPM / LFC nodes
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 22 2012 Ricardo Rocha <ricardo.ro...@cern.ch> - 0.9.4-1
- Update for new upstream release
* Tue Oct 16 2012 Ricardo Rocha <ricardo.ro...@cern.ch> - 0.9.3-1
- Update for new upstream release
* Wed Sep 12 2012 Ricardo Rocha <ricardo.ro...@cern.ch> - 0.9.2-1
- Added runtime dep on python ldap for dpm-head package
--------------------------------------------------------------------------------
================================================================================
pdns-2.9.22-5.el5 (FEDORA-EPEL-2012-13256)
A modern, advanced and high performance authoritative-only nameserver
--------------------------------------------------------------------------------
Update Information:
- Fixed permissions of pdns.conf file (rhbz#646510)
- Set bind as default backend
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 20 2012 Morten Stevens <mstev...@imt-systems.com> - 2.9.22-5
- Fixed permissions of pdns.conf file (rhbz#646510)
- Set bind as default backend
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #646510 - PowerDNS configuration is world-readable while it can
contain passwords
https://bugzilla.redhat.com/show_bug.cgi?id=646510
--------------------------------------------------------------------------------
================================================================================
php-pecl-lzf-1.6.2-1.el5 (FEDORA-EPEL-2012-13260)
Extension to handle LZF de/compression
--------------------------------------------------------------------------------
Update Information:
new upstream
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 20 2012 Andrew Colin Kissa - 1.6.2-1
- Upgrade to latest upstream
- Fix bugzilla #838309 #680230
* Sat Jul 21 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.5.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 19 2012 Remi Collet <r...@fedoraproject.org> - 1.5.2-9
- rebuild against PHP 5.4, with upstream patch
- add filter to avoid private-shared-object-provides
- add minimal %check
* Sat Jan 14 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.5.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Jul 15 2011 Andrew Colin Kissa <and...@topdog.za.net> - 1.5.2-7
- Fix bugzilla #715791
* Wed Feb 9 2011 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.5.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Jul 26 2009 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.5.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #838309 - php-pecl-lzf-1.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=838309
[ 2 ] Bug #680230 - php-pecl-lzf contains a bundled liblzf.
https://bugzilla.redhat.com/show_bug.cgi?id=680230
--------------------------------------------------------------------------------
================================================================================
viewvc-1.1.15-3.el5 (FEDORA-EPEL-2012-13249)
Browser interface for CVS and SVN version control repositories
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2012-4533.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 22 2012 Bojan Smojver <bo...@rexursive.com> - 1.1.15-3
- patch CVE-2012-4533, bug #868606
* Sun Jul 22 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 1.1.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #868606 - CVE-2012-4533 viewvc 1.1.5 lib/viewvc.py XSS
https://bugzilla.redhat.com/show_bug.cgi?id=868606
--------------------------------------------------------------------------------
_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
