[EPEL-devel] Fedora EPEL 5 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat Nov 22 04:16:17 UTC 2014
The following Fedora EPEL 5 Security updates need testing:
Age URL
944 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
398 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
163 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5
59 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1.2.4p5-1.el5
58 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki119-1.19.18-1.el5
17 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2.17-3.el5
12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3.8-2.el5
9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3972/nginx-0.8.55-6.el5
9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3983/polarssl-1.3.2-3.el5
2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4147/lsyncd-2.1.4-4.el5.1.1
1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4166/clamav-0.98.5-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4221/wordpress-4.0.1-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4228/drupal6-6.34-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4231/perltidy-20070801-2.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4205/drupal7-7.34-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4219/phpMyAdmin4-4.0.10.6-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal6-6.34-1.el5
drupal7-7.34-1.el5
edg-mkgridmap-4.0.0-8.el5
perltidy-20070801-2.el5
phpMyAdmin4-4.0.10.6-1.el5
wordpress-4.0.1-1.el5
Details about builds:
================================================================================
drupal6-6.34-1.el5 (FEDORA-EPEL-2014-4228)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/SA-CORE-2014-006
* Update to Drupal 6.
* Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher at gmail.com> - 6.34-1
- 6.34, DRUPAL-SA-CORE-2014-006
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166100
[ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1127539
[ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166246
[ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166247
--------------------------------------------------------------------------------
================================================================================
drupal7-7.34-1.el5 (FEDORA-EPEL-2014-4205)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/SA-CORE-2014-006
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher at gmail.com> - 7.34-1
- 7.34, DRUPAL-SA-CORE-2014-006.
* Tue Nov 11 2014 Peter Borsa <peter.borsa at gmail.com> - 7.33-1
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166101
[ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166249
[ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166250
--------------------------------------------------------------------------------
================================================================================
edg-mkgridmap-4.0.0-8.el5 (FEDORA-EPEL-2014-4226)
A tool to build the grid map-file from VO servers
--------------------------------------------------------------------------------
Update Information:
Added missing dependency on "perl(LWP::Protocol::https)"
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 4.0.0-8
- Added Requires perl(LWP::Protocol::https)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.0.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.0.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar at redhat.com> - 4.0.0-5
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165991 - edg-mkgridmap missing dependency
https://bugzilla.redhat.com/show_bug.cgi?id=1165991
--------------------------------------------------------------------------------
================================================================================
perltidy-20070801-2.el5 (FEDORA-EPEL-2014-4231)
Tool for indenting and reformatting Perl scripts
--------------------------------------------------------------------------------
Update Information:
Jakub Wilk discovered that perltidy's make_temporary_filename() function insecurely created temporary files via the use of the tmpnam() function. A local attacker could use this flaw to perform a symbolic link attack. This update replaces the use of make_temporary_filename() with the more secure tempname() from the File::Temp module.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074720 - CVE-2014-2277 perltidy: insecure temporary file creation
https://bugzilla.redhat.com/show_bug.cgi?id=1074720
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin4-4.0.10.6-1.el5 (FEDORA-EPEL-2014-4219)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.6 (2014-11-20)
================================
- [security] XSS vulnerability in table print view
- [security] XSS vulnerability in zoom search page
- [security] Path traversal in file inclusion of GIS factory
- [security] XSS in multi submit
- [security] XSS through pma_fontsize cookie
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Robert Scheck <robert at fedoraproject.org> 4.0.10.6-1
- Upgrade to 4.0.10.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13)
https://bugzilla.redhat.com/show_bug.cgi?id=1166619
[ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14)
https://bugzilla.redhat.com/show_bug.cgi?id=1166626
--------------------------------------------------------------------------------
================================================================================
wordpress-4.0.1-1.el5 (FEDORA-EPEL-2014-4221)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
WordPress 4.0.1 Security Release
See: https://wordpress.org/news/2014/11/wordpress-4-0-1/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Remi Collet <remi at fedoraproject.org> - 4.0.1-1
- WordPress 4.0.1 Security Release
- use system php-getid3 when available #1145574
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release
https://bugzilla.redhat.com/show_bug.cgi?id=1166468
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list