EPEL Fedora 5 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue May 28 19:38:48 UTC 2013
The following Fedora EPEL 5 Security updates need testing:
Age URL
401 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
296 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
102 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0366/openconnect-4.08-1.el5
35 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5517/git-1.8.2.1-1.el5
14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5799/python-virtualenv-1.9.1-1.el5
3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5968/transifex-client-0.9-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5990/mod_security-2.6.8-4.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5991/cgit-0.9.2-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5996/socat-1.7.2.2-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
cgit-0.9.2-1.el5
mod_security-2.6.8-4.el5
socat-1.7.2.2-1.el5
Details about builds:
================================================================================
cgit-0.9.2-1.el5 (FEDORA-EPEL-2013-5991)
A fast web interface for git
--------------------------------------------------------------------------------
Update Information:
A directory traversal vulnerability was discovered in cgit. By default, cgit is not affected. However, if cgit is configured to use a readme file from a filesystem path instead of from the git repo itself then files outside of the repository can be read.
Refer to the discussion on oss-security for further details:
http://www.openwall.com/lists/oss-security/2013/05/25/3
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 27 2013 Todd Zullinger <tmz at pobox.com> - 0.9.2-1
- Update to 0.9.2, fixes CVE-2013-2117
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Nov 21 2012 Kevin Fenzi <kevin at scrye.com> 0.9.1-3
- Fixed ldflags. Fixes bug 878611
* Sat Nov 17 2012 Kevin Fenzi <kevin at scrye.com> 0.9.1-2
- Add patch to use correct version of highlight for all branches except epel5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967346 - CVE-2013-2117 cgit: directory traversal
https://bugzilla.redhat.com/show_bug.cgi?id=967346
--------------------------------------------------------------------------------
================================================================================
mod_security-2.6.8-4.el5 (FEDORA-EPEL-2013-5990)
Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765).
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 28 2013 Athmane Madjoudj <athmane at fedoraproject.org> 2.6.8-4
- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967615 - mod_security: NULL pointer dereference (DoS, crash) when forceRequestBodyVariable action triggered and unknown Content-Type was used
https://bugzilla.redhat.com/show_bug.cgi?id=967615
--------------------------------------------------------------------------------
================================================================================
socat-1.7.2.2-1.el5 (FEDORA-EPEL-2013-5996)
Bidirectional data relay between two data channels ('netcat++')
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2013-3571: Denial of service due to file descriptor leak
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 27 2013 Paul Wouters <pwouters at redhat.com> - 1.7.2.2-1
- Updated to 1.7.2.2 for CVE-2013-3571, rhbz#967540
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967345 - CVE-2013-3571 socat: Denial of service due to file descriptor leak
https://bugzilla.redhat.com/show_bug.cgi?id=967345
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list