The following Fedora EPEL 5 Security updates need testing:
Age URL
769
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
224
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
104
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1.el5
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1515/check-mk-1.2.4p2-2.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1544/python26-mod_wsgi-3.5-1.el5,mod_wsgi-3.5-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
mod_wsgi-3.5-1.el5
python26-mod_wsgi-3.5-1.el5
xpdf-3.04-1.el5
Details about builds:
================================================================================
mod_wsgi-3.5-1.el5 (FEDORA-EPEL-2014-1544)
A WSGI interface for Python web applications in Apache
--------------------------------------------------------------------------------
Update Information:
http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.html
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 29 2014 Luke Macken <[email protected]> - 3.5-1
- Update to 3.5 to fix CVE-2014-0240 (#1101863)
- Remove all of the patches, which have been applied upstream
- Update source URL for new the GitHub upstream
* Wed May 28 2014 Joe Orton <[email protected]> - 3.4-14
- rebuild for Python 3.4
* Mon Apr 28 2014 Matthias Runge <[email protected]> - 3.4.13
- do not use conflicts between mod_wsgi packages (rhbz#1087943)
* Thu Jan 23 2014 Joe Orton <[email protected]> - 3.4-12
- fix _httpd_mmn expansion in absence of httpd-devel
* Fri Jan 10 2014 Matthias Runge <[email protected]> - 3.4-11
- added python3 subpackage (thanks to Jakub Dorňák), rhbz#1035876
* Sat Aug 3 2013 Fedora Release Engineering <[email protected]>
- 3.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul 8 2013 Joe Orton <[email protected]> - 3.4-9
- modernize spec file (thanks to rcollet)
* Thu Feb 14 2013 Fedora Release Engineering <[email protected]>
- 3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Dec 11 2012 Jan Kaluza <[email protected]> - 3.4-7
- compile with -fno-strict-aliasing to workaround Python
bug http://www.python.org/dev/peps/pep-3123/
* Thu Nov 22 2012 Joe Orton <[email protected]> - 3.4-6
- use _httpd_moddir macro
* Thu Nov 22 2012 Joe Orton <[email protected]> - 3.4-5
- spec file cleanups
* Wed Oct 17 2012 Joe Orton <[email protected]> - 3.4-4
- enable PR_SET_DUMPABLE in daemon process to enable core dumps
* Wed Oct 17 2012 Joe Orton <[email protected]> - 3.4-3
- use a NULL c->sbh pointer with httpd 2.4 (possible fix for #867276)
- add logging for unexpected daemon process loss
* Wed Oct 17 2012 Matthias Runge <[email protected]> - 3.4-2
- also use RPM_LD_FLAGS for build bz. #867137
* Mon Oct 15 2012 Matthias Runge <[email protected]> - 3.4-1
- update to upstream release 3.4
* Fri Jul 20 2012 Fedora Release Engineering <[email protected]>
- 3.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jun 13 2012 Joe Orton <[email protected]> - 3.3-6
- add possible fix for daemon mode crash (#831701)
* Mon Mar 26 2012 Joe Orton <[email protected]> - 3.3-5
- move wsgi.conf to conf.modules.d
* Mon Mar 26 2012 Joe Orton <[email protected]> - 3.3-4
- rebuild for httpd 2.4
* Tue Mar 13 2012 Joe Orton <[email protected]> - 3.3-3
- prepare for httpd 2.4.x
* Fri Jan 13 2012 Fedora Release Engineering <[email protected]>
- 3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1101863 - CVE-2014-0240 mod_wsgi: possible privilege escalation in
setuid() failure scenarios
https://bugzilla.redhat.com/show_bug.cgi?id=1101863
[ 2 ] Bug #1101873 - CVE-2014-0242 mod_wsgi: information leak
https://bugzilla.redhat.com/show_bug.cgi?id=1101873
--------------------------------------------------------------------------------
================================================================================
python26-mod_wsgi-3.5-1.el5 (FEDORA-EPEL-2014-1544)
A WSGI interface for Python web applications in Apache
--------------------------------------------------------------------------------
Update Information:
http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2014 Luke Macken <[email protected]> - 3.5-1
- Update to 3.5 to fix CVE-2014-0240 (#1101863) and CVE-2014-0242 (#1101873)
- Update source URL for new the GitHub upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1101863 - CVE-2014-0240 mod_wsgi: possible privilege escalation in
setuid() failure scenarios
https://bugzilla.redhat.com/show_bug.cgi?id=1101863
[ 2 ] Bug #1101873 - CVE-2014-0242 mod_wsgi: information leak
https://bugzilla.redhat.com/show_bug.cgi?id=1101873
--------------------------------------------------------------------------------
================================================================================
xpdf-3.04-1.el5 (FEDORA-EPEL-2014-1546)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
Update xpdf to 3.04. Use motif (instead of lesstif) on Fedora.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 29 2014 Tom Callaway <[email protected]> - 1:3.04-1
- update to 3.04
- update all patches, langpacks
- use motif instead of lesstif where possible
- fix pdftopng to install (not in poppler right now)
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
