The following Fedora EPEL 5 Security updates need testing:
Age URL
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0148/drupal7-7.19-1.el5
285
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
180
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
62
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13612/drupal6-ctools-1.10-1.el5
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0171/moodle-1.9.19-5.el5
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0173/couchdb-1.0.4-2.el5.1
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0116/drupal6-6.28-1.el5
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0139/proftpd-1.3.3g-2.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0237/wordpress-3.5.1-1.el5.1
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal7-date_ical-2.3-1.el5
jglobus-2.0.5-0.1.rc2.el5
wordpress-3.5.1-1.el5.1
Details about builds:
================================================================================
drupal7-date_ical-2.3-1.el5 (FEDORA-EPEL-2013-0229)
Allows creation of an iCal feed in Views
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.3 release
Update to upstream 2.2 release
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #904736 - drupal7-date_ical-2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=904736
[ 2 ] Bug #903583 - drupal7-date_ical-2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=903583
--------------------------------------------------------------------------------
================================================================================
jglobus-2.0.5-0.1.rc2.el5 (FEDORA-EPEL-2013-0236)
Globus Java client libraries
--------------------------------------------------------------------------------
Update Information:
JGlobus version 2.0.5 release candidate 2.
New packages jglobus-myproxy and jglobus-axisg
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 29 2013 Mattias Ellert <mattias.ell...@fysast.uu.se> - 2.0.5-0.1.rc2
- 2.0.5 release candidate 2
- New jglobus-myproxy package
- New jglobus-axisg package
--------------------------------------------------------------------------------
================================================================================
wordpress-3.5.1-1.el5.1 (FEDORA-EPEL-2013-0237)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance
release of 3.5, fixing 37 bugs. It is also a security release for all previous
WordPress versions. Which include:
* Editor: Prevent certain HTML elements from being unexpectedly removed or
modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new
media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video
embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in
the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or
user APIs.
WordPress 3.5.1 also addresses the following security issues:
* A server-side request forgery vulnerability and remote port scanning using
pingbacks. This vulnerability, which could potentially be used to expose
information and compromise a site, affects all previous WordPress versions.
This was fixed by the WordPress security team. We’d like to thank security
researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
* Two instances of cross-site scripting via shortcodes and post content. These
issues were discovered by Jon Cave of the WordPress security team.
* A cross-site scripting vulnerability in the external library Plupload. Thanks
to the Moxiecode team for working with us on this, and for releasing Plupload
1.5.5 to address this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Remi Collet <rcol...@redhat.com> - 3.5.1-1.1
- fix simplepie links (for all branches)
* Wed Jan 30 2013 Remi Collet <rcol...@redhat.com> - 3.5.1-1
- version 3.5.1, various bug and security fixes:
CVE-2013-0235, CVE-2013-0236 and CVE-2013-0237
- drop -f option from rm to break build if
upstream archive content change
- protect akismet content (from upstream .htaccess)
* Wed Jan 2 2013 Remi Collet <rcol...@redhat.com> - 3.5-3
- fix links to system PHPMailer library
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #904120 - CVE-2013-0235 wordpress: Server-side request forgery and
remote port scanning using pingbacks
https://bugzilla.redhat.com/show_bug.cgi?id=904120
[ 2 ] Bug #904121 - wordpress: XSS flaws via shortcodes and HTTP POST content
https://bugzilla.redhat.com/show_bug.cgi?id=904121
[ 3 ] Bug #904122 - wordpress: XSS in the external Plupload library
https://bugzilla.redhat.com/show_bug.cgi?id=904122
--------------------------------------------------------------------------------
_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
