EPEL Fedora 5 updates-testing report

Mon, 24 Jun 2013 14:07:03 -0700 

The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 429  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
 323  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
  18  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6089/ssmtp-2.61-20.el5
   3  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10575/glpi-0.83.9-1.el5
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10618/python-bugzilla-0.9.0-2.el5
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10619/wordpress-3.5.2-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    python-bugzilla-0.9.0-2.el5
    wordpress-3.5.2-1.el5

Details about builds:


================================================================================
 python-bugzilla-0.9.0-2.el5 (FEDORA-EPEL-2013-10618)
 A python library for interacting with Bugzilla
--------------------------------------------------------------------------------
Update Information:

* Don't depend on python-magic on el5
* Rebased to version 0.9.0
* bugzilla: modify: add --dependson (Don Zickus)
* bugzilla: new: add --groups option (Paul Frields)
* bugzilla: modify: Allow setting nearly every bug parameter
* NovellBugzilla implementation removed, can't get it to work
* Gracefully handle private bugs (bz #963979)
* Raise error if python-magic is needed (bz #951572)
* CVE-2013-2191: Add SSL host and cert validation (bz #975962, bz #951594)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 24 2013 Cole Robinson <[email protected]> - 0.9.0-2
- Don't depend on python-magic on el5
* Wed Jun 19 2013 Cole Robinson <[email protected]> - 0.9.0-1
- Rebased to version 0.9.0
- bugzilla: modify: add --dependson (Don Zickus)
- bugzilla: new: add --groups option (Paul Frields)
- bugzilla: modify: Allow setting nearly every bug parameter
- NovellBugzilla implementation removed, can't get it to work
- Gracefully handle private bugs (bz #963979)
- Raise error if python-magic is needed (bz #951572)
- CVE-2013-2191: Add SSL host and cert validation (bz #975962, bz #951594)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #951594 - CVE-2013-2191 python-bugzilla: Does not verify Bugzilla 
server certificate
        https://bugzilla.redhat.com/show_bug.cgi?id=951594
--------------------------------------------------------------------------------


================================================================================
 wordpress-3.5.2-1.el5 (FEDORA-EPEL-2013-10619)
 Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:

WordPress 3.5.2 is now available. This is the second maintenance release of 
3.5, fixing 12 bugs. This is a security release for all previous versions and 
we strongly encourage you to update your sites immediately. The WordPress 
security team resolved seven security issues, and this release also contains 
some additional security hardening.

The security fixes included:
- Blocking server-side request forgery attacks, which could potentially enable 
an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts, reported by 
Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke 
Bryan.
- An update to the SWFUpload external library to fix cross-site scripting 
vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on 
SWFUpload here.)
- Prevention of a denial of service attack, affecting sites using 
password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting 
vulnerability. Reported by Wan Ikram.
- Multiple fixes for cross-site scripting. Reported by Andrea Santese and 
Rodrigo.
- Avoid disclosing a full file path when a upload fails. Reported by Jakub 
Galczyk.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 24 2013 Remi Collet <[email protected]> - 3.5.2-1
- version 3.5.2, various bug and security fixes:
  CVE-2013-2173 CVE-2013-2199 CVE-2013-2200 CVE-2013-2201
  CVE-2013-2202 CVE-2013-2203 CVE-2013-2204
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #976784 - CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 
CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to 
be corrected within upstream 3.5.2 version
        https://bugzilla.redhat.com/show_bug.cgi?id=976784
  [ 2 ] Bug #973254 - CVE-2013-2173 wordpress: DoS when computing user-input 
hash for certain password protected blogs
        https://bugzilla.redhat.com/show_bug.cgi?id=973254
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

Reply via email to