EPEL Fedora 5 updates-testing report

updates Thu, 10 Oct 2013 11:36:46 -0700

The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 536  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
  51  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11276/ssmtp-2.61-21.el5
  27  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11560/fail2ban-0.8.10-4.el5
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11811/mod_fcgid-2.2-12.el5
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11813/libtar-1.2.11-14.el5



The following builds have been pushed to Fedora EPEL 5 updates-testing

    libtar-1.2.11-14.el5
    mod_fcgid-2.2-12.el5
    mozilla-https-everywhere-3.4.2-1.el5
    python-sphinxcontrib-httpdomain-1.1.8-3.el5
    rpmlint-0.94-3.el5
    zabbix20-2.0.9-1.el5

Details about builds:


================================================================================
 libtar-1.2.11-14.el5 (FEDORA-EPEL-2013-11813)
 Tar file manipulation API
--------------------------------------------------------------------------------
Update Information:

fix CVE-2013-4397: buffer overflows by expanding a specially-crafted archive
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2013 Kamil Dudka <[email protected]> - 1.2.11-14
- fix CVE-2013-4397: buffer overflows by expanding a specially-crafted archive
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1014492 - CVE-2013-4397 libtar: Heap-based buffer overflows by 
expanding a specially-crafted archive
        https://bugzilla.redhat.com/show_bug.cgi?id=1014492
--------------------------------------------------------------------------------


================================================================================
 mod_fcgid-2.2-12.el5 (FEDORA-EPEL-2013-11811)
 Apache2 module for high-performance server-side scripting
--------------------------------------------------------------------------------
Update Information:

This update includes a security fix for a possible heap buffer overwrite issue 
(CVE-2013-4365), back-ported from mod_fcgid 2.3.9.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct  8 2013 Paul Howarth <[email protected]> 2.2-12
- Fix possible heap buffer overwrite (CVE-2013-4365)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1017039 - CVE-2013-4365 mod_fcgid: heap overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1017039
--------------------------------------------------------------------------------


================================================================================
 mozilla-https-everywhere-3.4.2-1.el5 (FEDORA-EPEL-2013-11798)
 HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:

- HTTPS Everywhere builds are now deterministic!
- Global memory leak bug fixes
- Updated rules: Craigslist, Apple.com, Microsoft, CloudFront, UKLocalGov,
 -- Bing, Cengage
- New rules from dev: IPTorrents.com, TvTorrents
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  9 2013 Russell Golden <[email protected]> - 3.4.2-1
- HTTPS Everywhere builds are now deterministic!
- Global memory leak bug fixes
- Updated rules: Craigslist, Apple.com, Microsoft, CloudFront, UKLocalGov,
 -- Bing, Cengage
- New rules from dev: IPTorrents.com, TvTorrents
--------------------------------------------------------------------------------


================================================================================
 python-sphinxcontrib-httpdomain-1.1.8-3.el5 (FEDORA-EPEL-2013-11812)
 Sphinx domain for documenting HTTP APIs
--------------------------------------------------------------------------------
Update Information:

The HTTP domain requires Sphinx 1.0, it does not work with Sphinx 0.6.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  9 2013 Dan Callaghan <[email protected]> - 1.1.8-3
- require python-sphinx10 on EPEL
* Sun Aug  4 2013 Fedora Release Engineering <[email protected]> 
- 1.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1016434 - Extension sphinxcontrib.httpdomain could not be imported
        https://bugzilla.redhat.com/show_bug.cgi?id=1016434
--------------------------------------------------------------------------------


================================================================================
 rpmlint-0.94-3.el5 (FEDORA-EPEL-2013-11806)
 Tool for checking common errors in RPM packages
--------------------------------------------------------------------------------
Update Information:

Update license list, add AGPLv3+.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  9 2013 Tom Callaway <[email protected]> - 0.94-3
- update license list
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #894187 - AGPLv3+ not recognized as valid license
        https://bugzilla.redhat.com/show_bug.cgi?id=894187
--------------------------------------------------------------------------------


================================================================================
 zabbix20-2.0.9-1.el5 (FEDORA-EPEL-2013-11795)
 Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:

http://www.zabbix.com/rn2.0.9.php

The following issues were already sorted out in 2.0.8-3:

- ZBX-6804
- ZBX-6922
- ZBX-6992
- ZBX-7091
An SQL injection vulnerability inside frontend and API was discovered and 
mended:

https://support.zabbix.com/browse/ZBX-7091

CVE-2013-5743

Additional improvements:

- Patch for failing XML host import (ZBX-6922)
- SQL speed-up patch for graphs (ZBX-6804)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  9 2013 Volker Fröhlich <[email protected]> - 2.0.9-1
- New upstream release
- Drop obsolete patches ZBX-6804, ZBX-7091, ZBX-6922, ZBX-6992
* Mon Sep 23 2013 Volker Fröhlich <[email protected]> - 2.0.8-3
- Add SQL speed-up patch (ZBX-6804)
- Add SQL injection vulnerability patch (ZBX-7091, CVE-2013-5743)
- Add patch for failing XML host import (ZBX-6922)
* Fri Sep 13 2013 Volker Fröhlich <[email protected]> - 2.0.8-2
- Add php-ldap as a requirement for the frontend
- Add patch for ZBX-6992
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

EPEL Fedora 5 updates-testing report

Reply via email to