EPEL Fedora 5 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat Jun 8 18:40:39 UTC 2013
The following Fedora EPEL 5 Security updates need testing:
Age URL
412 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
307 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
113 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0366/openconnect-4.08-1.el5
46 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5517/git-1.8.2.1-1.el5
14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5968/transifex-client-0.9-1.el5
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5990/mod_security-2.6.8-4.el5
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5991/cgit-0.9.2-1.el5
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5996/socat-1.7.2.2-1.el5
6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6047/nrpe-2.14-3.el5
3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6086/libguestfs-1.20.8-1.el5
2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6089/ssmtp-2.61-20.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10388/perl-Module-Signature-0.73-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10389/rrdtool-1.2.27-4.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
perl-Module-Signature-0.73-1.el5
python-virtualenv-1.7.2-2.el5
rrdtool-1.2.27-4.el5
Details about builds:
================================================================================
perl-Module-Signature-0.73-1.el5 (FEDORA-EPEL-2013-10388)
CPAN signature management utilities and modules
--------------------------------------------------------------------------------
Update Information:
This update ensures that digest modules are only loaded from absolute paths in @INC, avoiding a potential arbitrary code execution problem (CVE-2013-2145).
There are also a variety of internal package clean-ups.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Paul Howarth <paul at city-fan.org> - 0.73-1
- Update to 0.73
- Support for gpg under these alternate names: gpg gpg2 gnupg gnupg2
- Don't check gpg version if gpg does not exist
- Constrain the user-specified digest name to /^\w+\d+$/
- Only allow loading Digest::* from absolute paths in @INC (CVE-2013-2145)
- This release by AUDREYT -> update source URL
- Include Andreas Koenig's GPG key in the SRPM and import it in %prep so
that we don't need to get it from a keyserver in %check
- Make building non-interactive
- Specify all dependencies
- Don't need to remove empty directories from the buildroot
- Drop %defattr, redundant since rpm 4.4
- Use %{_fixperms} macro rather than our own chmod incantation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #971096 - CVE-2013-2145 perl-Module-Signature: arbitrary code execution when verifying SIGNATURE
https://bugzilla.redhat.com/show_bug.cgi?id=971096
--------------------------------------------------------------------------------
================================================================================
python-virtualenv-1.7.2-2.el5 (FEDORA-EPEL-2013-10396)
Tool to create isolated Python environments
--------------------------------------------------------------------------------
Update Information:
* Switch to an older version of virtualenv because the 1.9.x branch doesn't work with python-2.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #969395 - virtualenv does not work anymore because Python 2.4 support was dropped in virtualenv 1.9
https://bugzilla.redhat.com/show_bug.cgi?id=969395
--------------------------------------------------------------------------------
================================================================================
rrdtool-1.2.27-4.el5 (FEDORA-EPEL-2013-10389)
Round Robin Database Tool to store and display time-series data
--------------------------------------------------------------------------------
Update Information:
This is an update that adds explicit check to the imginfo format. It may prevent crash/exploit of user space applications which pass user supplied format to the library call without checking.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #969311 - CVE-2013-2131 rrdtool: crashes on format string exploit [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=969311
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list