The following Fedora EPEL 5 Security updates need testing: Age URL 814 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893 libguestfs-1.20.12-1.el5 579 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5 428 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5 71 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5 43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5 24 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2 libsndfile-1.0.17-8.el5 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-01879cfdd3 lighttpd-1.4.39-1.el5 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7750a31388 openvpn-2.3.10-1.el5 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-512e1f2343 wordpress-4.4.1-1.el5 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7191918aa5 openssl101e-1.0.1e-6.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d4bdacdc4a prosody-0.9.9-2.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-43d6b4225b mbedtls-2.2.1-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing dcap-2.47.10-1.el5 mbedtls-2.2.1-1.el5 nordugrid-arc-5.0.5-1.el5 nordugrid-arc-doc-2.0.6-1.el5 perl-Date-Holidays-DE-1.7-1.el5 prosody-0.9.9-2.el5 Details about builds: ================================================================================ dcap-2.47.10-1.el5 (FEDORA-EPEL-2016-69268e7887) Client Tools for dCache -------------------------------------------------------------------------------- Update Information: New release with IPv6 fixes. -------------------------------------------------------------------------------- ================================================================================ mbedtls-2.2.1-1.el5 (FEDORA-EPEL-2016-43d6b4225b) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information: - Update to 2.2.1 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released ---- - Rebase mbedTLS to 2.2.0 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl.1.2.18-released -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297437 - mbedtls, polarssl: potential double free during certificate generation https://bugzilla.redhat.com/show_bug.cgi?id=1297437 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-5.0.5-1.el5 (FEDORA-EPEL-2016-df1edba121) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: NorduGrid ARC 15.03 update 6 http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-doc-2.0.6-1.el5 (FEDORA-EPEL-2016-df1edba121) Advanced Resource Connector Documentation -------------------------------------------------------------------------------- Update Information: NorduGrid ARC 15.03 update 6 http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html -------------------------------------------------------------------------------- ================================================================================ perl-Date-Holidays-DE-1.7-1.el5 (FEDORA-EPEL-2016-e7d3395c58) Perl module to determine German holidays -------------------------------------------------------------------------------- Update Information: Date::Holidays::DE v1.7 ======================= - Added reformation day as one-time common federal holiday in 2017 - Thanks to Christoph Biedl -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297365 - Upgrade perl-Date-Holidays-DE to 1.7 https://bugzilla.redhat.com/show_bug.cgi?id=1297365 -------------------------------------------------------------------------------- ================================================================================ prosody-0.9.9-2.el5 (FEDORA-EPEL-2016-d4bdacdc4a) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC: restrict_room_creation could prevent users from joining rooms (issue #458) * MUC: fix occasional dropping of iq stanzas sent privately between occupants * Fix a potential memory leak in mod_pep Additions --------- * Add http:list() command to telnet to view active HTTP services * Simplify IPv4/v6 address selection code for outgoing s2s * Add support for importing SCRAM hashes from ejabberd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use of weak PRNG in generation of dialback secrets https://bugzilla.redhat.com/show_bug.cgi?id=1296984 [ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files https://bugzilla.redhat.com/show_bug.cgi?id=1296983 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/epel-devel@lists.fedoraproject.org