I think it would be handy to have new package notification for Fedora EPEL,
e.g. for mediawiki123. I created:
https://release-monitoring.org/project/8480/
I think the next step would be for something to listen to those messages and
file bugs under the Fedora EPEL product. Does that sound right?
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301 http://www.nwra.com
The following Fedora EPEL 5 Security updates need testing:
Age URL
794 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893 libguestfs-1.20.12-1.el5
558 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5
408 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5
51 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5
50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-10d919912b git-1.8.2.1-2.el5
23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-481f9cfb21 shellinabox-2.19-1.el5
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2 libsndfile-1.0.17-8.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-11c5c57d59 openssl101e-1.0.1e-5.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
arprec-2.2.18-1.el5
openssl101e-1.0.1e-5.el5
qd-2.3.15-3.el5
sagator-1.3.1-1.el5
tcl-mysqltcl-3.052-1.el5
Details about builds:
================================================================================
arprec-2.2.18-1.el5 (FEDORA-EPEL-2015-ceb0d0c1cc)
Software package for performing arbitrary precision arithmetic
--------------------------------------------------------------------------------
Update Information:
update qd and arprec to recent version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1290979 - arprec-2.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1290979
--------------------------------------------------------------------------------
================================================================================
openssl101e-1.0.1e-5.el5 (FEDORA-EPEL-2015-11c5c57d59)
A general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures
using the RSA PSS algorithm. A remote attacked could possibly use this flaw to
crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it
enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was
found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use
this flaw to cause an application that parses PKCS#7 or CMS data from untrusted
sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)
A race condition flaw, leading to a double free, was found in the way OpenSSL
handled pre-shared key (PSK) identify hints. A remote attacker could use this
flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)
---- The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared libraries
which provide various cryptographic algorithms and protocols.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint
https://bugzilla.redhat.com/show_bug.cgi?id=1288326
[ 2 ] Bug #1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak
https://bugzilla.redhat.com/show_bug.cgi?id=1288322
[ 3 ] Bug #1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter
https://bugzilla.redhat.com/show_bug.cgi?id=1288320
--------------------------------------------------------------------------------
================================================================================
qd-2.3.15-3.el5 (FEDORA-EPEL-2015-ceb0d0c1cc)
Double-Double and Quad-Double Arithmetic
--------------------------------------------------------------------------------
Update Information:
update qd and arprec to recent version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1290979 - arprec-2.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1290979
--------------------------------------------------------------------------------
================================================================================
sagator-1.3.1-1.el5 (FEDORA-EPEL-2015-9aa897f045)
Antivirus/anti-spam gateway for smtp server
--------------------------------------------------------------------------------
Update Information:
Update to upstream with clamav-0.99 support.
--------------------------------------------------------------------------------
================================================================================
tcl-mysqltcl-3.052-1.el5 (FEDORA-EPEL-2015-92439702b4)
MySQL interface for Tcl
--------------------------------------------------------------------------------
Update Information:
Update to release 3.052 to bugfix an issue related to multi-statement selects
--------------------------------------------------------------------------------