EPEL Fedora 5 updates-testing report

Tue, 28 May 2013 12:38:55 -0700 

The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 401  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
 296  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
 102  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0366/openconnect-4.08-1.el5
  35  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5517/git-1.8.2.1-1.el5
  14  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5799/python-virtualenv-1.9.1-1.el5
   3  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5968/transifex-client-0.9-1.el5
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5990/mod_security-2.6.8-4.el5
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5991/cgit-0.9.2-1.el5
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5996/socat-1.7.2.2-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    cgit-0.9.2-1.el5
    mod_security-2.6.8-4.el5
    socat-1.7.2.2-1.el5

Details about builds:


================================================================================
 cgit-0.9.2-1.el5 (FEDORA-EPEL-2013-5991)
 A fast web interface for git
--------------------------------------------------------------------------------
Update Information:

A directory traversal vulnerability was discovered in cgit.  By default, cgit 
is not affected.  However, if cgit is configured to use a readme file from a 
filesystem path instead of from the git repo itself then files outside of the 
repository can be read.

Refer to the discussion on oss-security for further details:

http://www.openwall.com/lists/oss-security/2013/05/25/3
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 27 2013 Todd Zullinger <[email protected]> - 0.9.2-1
- Update to 0.9.2, fixes CVE-2013-2117
* Wed Feb 13 2013 Fedora Release Engineering <[email protected]> 
- 0.9.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Nov 21 2012 Kevin Fenzi <[email protected]> 0.9.1-3
- Fixed ldflags. Fixes bug 878611
* Sat Nov 17 2012 Kevin Fenzi <[email protected]> 0.9.1-2
- Add patch to use correct version of highlight for all branches except epel5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #967346 - CVE-2013-2117 cgit: directory traversal
        https://bugzilla.redhat.com/show_bug.cgi?id=967346
--------------------------------------------------------------------------------


================================================================================
 mod_security-2.6.8-4.el5 (FEDORA-EPEL-2013-5990)
 Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:

Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765).
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 28 2013 Athmane Madjoudj <[email protected]> 2.6.8-4
- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #967615 - mod_security: NULL pointer dereference (DoS, crash) when 
forceRequestBodyVariable action triggered and unknown Content-Type was used
        https://bugzilla.redhat.com/show_bug.cgi?id=967615
--------------------------------------------------------------------------------


================================================================================
 socat-1.7.2.2-1.el5 (FEDORA-EPEL-2013-5996)
 Bidirectional data relay between two data channels ('netcat++')
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2013-3571: Denial of service due to file descriptor leak
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 27 2013 Paul Wouters <[email protected]> - 1.7.2.2-1
- Updated to 1.7.2.2 for CVE-2013-3571, rhbz#967540
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #967345 - CVE-2013-3571 socat: Denial of service due to file 
descriptor leak
        https://bugzilla.redhat.com/show_bug.cgi?id=967345
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

Reply via email to