The following Fedora EPEL 6 Security updates need testing: Age URL 902 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6 234 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2.0.2-4.el6 121 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2750/libsrtp-1.4.4-10.20101004cvs.el6 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2719/nodejs-0.10.32-1.el6,v8-3.14.5.10-14.el6 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2742/TeXmacs-1.0.7.2-3.el6 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2713/putty-0.63-3.el6 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2811/nodejs-qs-0.6.6-3.el6 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2821/nodejs-send-0.3.0-4.el6 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2981/check-mk-1.2.4p5-2.el6 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3024/rssh-2.3.4-1.el6 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3064/mediawiki119-1.19.20-1.el6 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3082/golang-1.3.3-1.el6 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3202/python-oauth2-1.5.211-8.el6 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2850/nginx-1.0.15-8.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3264/getmail-4.46.0-2.el6 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3279/php-ZendFramework-1.12.9-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
php-ZendFramework-1.12.9-1.el6
Details about builds:
================================================================================
php-ZendFramework-1.12.9-1.el6 (FEDORA-EPEL-2014-3279)
Leading open-source PHP framework
--------------------------------------------------------------------------------
Update Information:
Contains fixes for two security relevant bugs:
* "ZF2014-05: Anonymous authentication in ldap_bind() function of PHP, using
null byte" (http://framework.zend.com/security/advisory/ZF2014-05)
* "ZF2014-06: SQL injection vector when manually quoting values for sqlsrv
extension, using null byte"
(http://framework.zend.com/security/advisory/ZF2014-06)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 10 2014 Felix Kaechele <[email protected]> - 1.12.9-1
- update to 1.12.9
- fixes http://framework.zend.com/security/advisory/ZF2014-05
- fixes http://framework.zend.com/security/advisory/ZF2014-06
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue,
connect to LDAP without knowing the password (ZF2014-05)
https://bugzilla.redhat.com/show_bug.cgi?id=1151276
[ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue
when using the sqlsrv PHP extension (ZF2014-06)
https://bugzilla.redhat.com/show_bug.cgi?id=1151277
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
