The following Fedora EPEL 5 Security updates need testing: Age URL 944 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5 398 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5 163 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5 59 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1.2.4p5-1.el5 58 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki119-1.19.18-1.el5 17 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2.17-3.el5 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3.8-2.el5 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3972/nginx-0.8.55-6.el5 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3983/polarssl-1.3.2-3.el5 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4147/lsyncd-2.1.4-4.el5.1.1 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4166/clamav-0.98.5-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4221/wordpress-4.0.1-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4228/drupal6-6.34-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4231/perltidy-20070801-2.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4205/drupal7-7.34-1.el5 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4219/phpMyAdmin4-4.0.10.6-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing drupal6-6.34-1.el5 drupal7-7.34-1.el5 edg-mkgridmap-4.0.0-8.el5 perltidy-20070801-2.el5 phpMyAdmin4-4.0.10.6-1.el5 wordpress-4.0.1-1.el5 Details about builds: ================================================================================ drupal6-6.34-1.el5 (FEDORA-EPEL-2014-4228) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: https://www.drupal.org/SA-CORE-2014-006 * Update to Drupal 6. * Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Jon Ciesla <limburg...@gmail.com> - 6.34-1 - 6.34, DRUPAL-SA-CORE-2014-006 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166100 [ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1127539 [ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166246 [ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166247 -------------------------------------------------------------------------------- ================================================================================ drupal7-7.34-1.el5 (FEDORA-EPEL-2014-4205) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: https://www.drupal.org/SA-CORE-2014-006 - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Jon Ciesla <limburg...@gmail.com> - 7.34-1 - 7.34, DRUPAL-SA-CORE-2014-006. * Tue Nov 11 2014 Peter Borsa <peter.bo...@gmail.com> - 7.33-1 - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166101 [ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166249 [ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166250 -------------------------------------------------------------------------------- ================================================================================ edg-mkgridmap-4.0.0-8.el5 (FEDORA-EPEL-2014-4226) A tool to build the grid map-file from VO servers -------------------------------------------------------------------------------- Update Information: Added missing dependency on "perl(LWP::Protocol::https)" -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Alejandro Alvarez Ayllon <aalva...@cern.ch> - 4.0.0-8 - Added Requires perl(LWP::Protocol::https) * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 4.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 4.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <ppi...@redhat.com> - 4.0.0-5 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165991 - edg-mkgridmap missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1165991 -------------------------------------------------------------------------------- ================================================================================ perltidy-20070801-2.el5 (FEDORA-EPEL-2014-4231) Tool for indenting and reformatting Perl scripts -------------------------------------------------------------------------------- Update Information: Jakub Wilk discovered that perltidy's make_temporary_filename() function insecurely created temporary files via the use of the tmpnam() function. A local attacker could use this flaw to perform a symbolic link attack. This update replaces the use of make_temporary_filename() with the more secure tempname() from the File::Temp module. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1074720 - CVE-2014-2277 perltidy: insecure temporary file creation https://bugzilla.redhat.com/show_bug.cgi?id=1074720 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin4-4.0.10.6-1.el5 (FEDORA-EPEL-2014-4219) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.0.10.6 (2014-11-20) ================================ - [security] XSS vulnerability in table print view - [security] XSS vulnerability in zoom search page - [security] Path traversal in file inclusion of GIS factory - [security] XSS in multi submit - [security] XSS through pma_fontsize cookie -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Robert Scheck <rob...@fedoraproject.org> 4.0.10.6-1 - Upgrade to 4.0.10.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13) https://bugzilla.redhat.com/show_bug.cgi?id=1166619 [ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) https://bugzilla.redhat.com/show_bug.cgi?id=1166626 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.0.1-1.el5 (FEDORA-EPEL-2014-4221) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: WordPress 4.0.1 Security Release See: https://wordpress.org/news/2014/11/wordpress-4-0-1/ -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Remi Collet <r...@fedoraproject.org> - 4.0.1-1 - WordPress 4.0.1 Security Release - use system php-getid3 when available #1145574 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release https://bugzilla.redhat.com/show_bug.cgi?id=1166468 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel