The following Fedora EPEL 5 Security updates need testing: Age URL 665 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 155 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11560/fail2ban-0.8.... 119 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 94 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12091/bip-0.8.9-1.e... 85 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12169/gc-7.1-6.el5 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0433/puppet-2.7.25-... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0471/lighttpd-1.4.3... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0531/libyaml-0.1.2-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0560/zabbix20-2.0.1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0542/drupal6-ctools... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0541/drupal7-ctools... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0533/drupal6-filefi... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0572/drupal6-image_...
The following builds have been pushed to Fedora EPEL 5 updates-testing
augeas-1.2.0-1.el5 drupal6-ctools-1.11-1.el5 drupal6-devel-1.28-1.el5 drupal6-filefield-3.12-1.el5 drupal6-image_resize_filter-1.14-1.el5 drupal7-context-3.2-1.el5 drupal7-ctools-1.4-1.el5 drupal7-diff-3.2-1.el5 drupal7-fivestar-2.0-0.7.alpha3.el5 drupal7-libraries-2.2-1.el5 drupal7-login_destination-1.1-1.el5 drupal7-metatag-1.0-0.4.beta9.el5 drupal7-taxonomy_access_fix-2.0-1.el5 perl-Class-MethodMaker-2.20-2.el5 python26-boto-2.25.0-2.el5 root-5.34.15-1.el5 stompclt-1.1-1.el5 zabbix20-2.0.11-1.el5
Details about builds:
================================================================================ augeas-1.2.0-1.el5 (FEDORA-EPEL-2014-0581) A library for changing configuration files -------------------------------------------------------------------------------- Update Information:
Update to Augeas 1.2.0:
* resolves CVE-2013-6412 * changelog: https://github.com/hercules-team/augeas/blob/master/NEWS -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 12 2014 Dominic Cleal dcleal@redhat.com - 1.2.0-1 - Update to 1.2.0 - Add check section and patch to fix old libxml2 failure - Update source URL to download.augeas.net (RHBZ#996032) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1034261 - CVE-2013-6412 augeas: incorrect permissions set on newly created files https://bugzilla.redhat.com/show_bug.cgi?id=1034261 --------------------------------------------------------------------------------
================================================================================ drupal6-ctools-1.11-1.el5 (FEDORA-EPEL-2014-0542) This suite is primarily a set of APIs and tools -------------------------------------------------------------------------------- Update Information:
Updated to 1.11 * Release notes: https://drupal.org/node/2194547 * SA-CONTRIB-2014-013 -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 13 2014 Shawn Iwinski shawn.iwinski@gmail.com - 1.11-1 - Updated to 1.11 (BZ #1064730; release notes https://drupal.org/node/2194547) - Security BZ #1064864, #1064865, #1064867 - SA-CONTRIB-2014-013 - Spec cleanup * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1064864 - drupal6-ctools: access bypass issues https://bugzilla.redhat.com/show_bug.cgi?id=1064864 --------------------------------------------------------------------------------
================================================================================ drupal6-devel-1.28-1.el5 (FEDORA-EPEL-2014-0564) Various blocks, pages, and functions for developers -------------------------------------------------------------------------------- Update Information:
Updated to 1.28
Release notes: https://drupal.org/node/2189765 -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1062179 - drupal6-devel-1.28 is available https://bugzilla.redhat.com/show_bug.cgi?id=1062179 --------------------------------------------------------------------------------
================================================================================ drupal6-filefield-3.12-1.el5 (FEDORA-EPEL-2014-0533) Defines a file field type -------------------------------------------------------------------------------- Update Information:
Updated to 3.12 * Release notes: https://drupal.org/node/2194103 * SA-CONTRIB-2014-015 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2014 Shawn Iwinski shawn.iwinski@gmail.com - 1:3.12-1 - Updated to 3.12 (BZ #1064729; release notes https://drupal.org/node/2194103) - Security BZ #1064841, #1064842, 1064843 - SA-CONTRIB-2014-015 - Spec cleanup * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:3.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1064841 - drupal6-filefield: access bypass https://bugzilla.redhat.com/show_bug.cgi?id=1064841 --------------------------------------------------------------------------------
================================================================================ drupal6-image_resize_filter-1.14-1.el5 (FEDORA-EPEL-2014-0572) Filter to automatically scale images to their height and width dimensions -------------------------------------------------------------------------------- Update Information:
Updated to 1.14 * Release notes: https://drupal.org/node/2194065 * SA-CONTRIB-2014-017: https://drupal.org/node/2194655 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1064856 - drupal6-image_resize_filter: denial of service via large number of images to resize https://bugzilla.redhat.com/show_bug.cgi?id=1064856 --------------------------------------------------------------------------------
================================================================================ drupal7-context-3.2-1.el5 (FEDORA-EPEL-2014-0573) Allows contextual conditions and reactions management -------------------------------------------------------------------------------- Update Information:
Updated to 3.2 * Release notes: https://drupal.org/node/2183729 -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 15 2014 Shawn Iwinski shawn.iwinski@gmail.com - 3.2-1 - Updated to 3.2 (BZ #1059560; release notes https://drupal.org/node/2183729) - Spec cleanup -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1059560 - drupal7-context-3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059560 --------------------------------------------------------------------------------
================================================================================ drupal7-ctools-1.4-1.el5 (FEDORA-EPEL-2014-0541) This suite is primarily a set of APIs and tools for other Drupal modules -------------------------------------------------------------------------------- Update Information:
- Update to upstream 1.4 release for bug and security fixes - Upstream changelog for this release is available at https://drupal.org/node/2194551 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2014 Peter Borsa peter.borsa@gmail.com - 1.4-1 - Update to upstream 1.4 release for bug and security fixes - Upstream changelog for this release is available at https://drupal.org/node/2194551 * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1064864 - drupal6-ctools: access bypass issues https://bugzilla.redhat.com/show_bug.cgi?id=1064864 --------------------------------------------------------------------------------
================================================================================ drupal7-diff-3.2-1.el5 (FEDORA-EPEL-2014-0569) Show differences between content revisions -------------------------------------------------------------------------------- Update Information:
Updated to 3.2 * Release notes: https://drupal.org/node/1839054 -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1059998 - drupal7-diff-3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059998 --------------------------------------------------------------------------------
================================================================================ drupal7-fivestar-2.0-0.7.alpha3.el5 (FEDORA-EPEL-2014-0532) Enables fivestar ratings on content, users, etc -------------------------------------------------------------------------------- Update Information:
Updated to 2.0-alpha3 * Release notes: https://drupal.org/node/2186899 -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 15 2014 Shawn Iwinski shawn.iwinski@gmail.com - 2.0-0.7.alpha3 - Add build require drupal7-rpmbuild * Sat Feb 15 2014 Shawn Iwinski shawn.iwinski@gmail.com - 2.0-0.6.alpha3 - Updated to 2.0-alpha3 (BZ #1060464; release notes https://drupal.org/node/2186899) - Spec cleanup * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.0-0.5.alpha2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.0-0.4.alpha2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Jul 18 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.0-0.3.alpha2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1060464 - drupal7-fivestar-2.0-alpha3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1060464 --------------------------------------------------------------------------------
================================================================================ drupal7-libraries-2.2-1.el5 (FEDORA-EPEL-2014-0570) Allows version-dependent and shared usage of external libraries -------------------------------------------------------------------------------- Update Information:
Updated to 2.2 * Release notes: https://drupal.org/node/2192173 -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 15 2014 Shawn Iwinski shawn.iwinski@gmail.com - 2.2-1 - Updated to 2.2 (BZ #1063727; release notes https://drupal.org/node/2192173) - Spec cleanup * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1063727 - drupal7-libraries-2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063727 --------------------------------------------------------------------------------
================================================================================ drupal7-login_destination-1.1-1.el5 (FEDORA-EPEL-2014-0559) Customize the destination that the user is redirected to after login -------------------------------------------------------------------------------- Update Information:
Updated to 1.1 * Release notes: https://drupal.org/node/1869598 -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1059997 - drupal7-login_destination-1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059997 --------------------------------------------------------------------------------
================================================================================ drupal7-metatag-1.0-0.4.beta9.el5 (FEDORA-EPEL-2014-0556) Adds support and an API to implement meta tags -------------------------------------------------------------------------------- Update Information:
Updated to 1.0-beta9 * Release notes: https://drupal.org/node/2176579 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1059999 - drupal7-metatag-1.0-beta9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059999 --------------------------------------------------------------------------------
================================================================================ drupal7-taxonomy_access_fix-2.0-1.el5 (FEDORA-EPEL-2014-0575) Fixes the crooked access checks for Taxonomy pages -------------------------------------------------------------------------------- Update Information:
Updated to 2.0 * Release notes: https://drupal.org/node/2152445 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1060000 - drupal7-taxonomy_access_fix-2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1060000 --------------------------------------------------------------------------------
================================================================================ perl-Class-MethodMaker-2.20-2.el5 (FEDORA-EPEL-2014-0578) Perl module for creating generic object-oriented methods -------------------------------------------------------------------------------- Update Information:
This update, to the current upstream release, removes some test files that had a non-free license (see https://github.com/renormalist/class-methodmaker/issues/2).
There are also an assortment of minor bug fixes but nothing that should affect compatibility. --------------------------------------------------------------------------------
================================================================================ python26-boto-2.25.0-2.el5 (FEDORA-EPEL-2014-0504) A simple lightweight interface to Amazon Web Services -------------------------------------------------------------------------------- Update Information:
This update contains a fix that makes S3Connection.get_bucket use HEAD requests instead of GET requests, which reduces the price of those requests by 90%. Code that parses error messages may require updating. See the upstream release notes for version 2.25.0 additional details.
Another noteworthy change since version 2.5 is validating SSL certificates by default. This change happened over a year ago; most applications are likely to support it now. See the upstream release notes for version 2.6.0 for details on updating applications to work with this change.
This update also contains numerous bugfixes and support for new capabilities that AWS has added over the past several months.
The full release notes are available from upstream:
http://docs.pythonboto.org/en/latest/#release-notes -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 12 2014 Garrett Holmstorm gholms@fedoraproject.org - 2.25.0-2 - Fixed roboto parameter type conversion (boto #2094, RH #1064550) * Mon Feb 10 2014 Garrett Holmstrom gholms@fedoraproject.org - 2.25.0-1 - Updated to 2.25.0 - This update makes s3.get_bucket use HEAD instead of GET * Mon Jan 20 2014 Garrett Holmstrom gholms@fedoraproject.org - 2.23.0-1 - Updated to 2.23.0 - Fixed auth for anonymous S3 requests (boto #1988) * Thu Sep 26 2013 Garrett Holmstrom gholms@fedoraproject.org - 2.13.3-1 - Updated to 2.13.3 - Note that this version changes register_image's virtualization_type parameter - Fixed auto-scaling PropagateAtLaunch parsing (#1011682) * Mon Jul 29 2013 Garrett Holmstrom gholms@fedoraproject.org - 2.9.9-2 - Re-fixed autoscaling policy parsing (boto #1538) * Thu Jul 25 2013 Orion Poplawski orion@cora.nwra.com - 2.9.9-1 - Update to 2.9.9 * Fri Jun 21 2013 Garrett Holmstrom gholms@fedoraproject.org - 2.9.6-2 - Rebuilt after merge * Fri Jun 21 2013 Garrett Holmstrom gholms@fedoraproject.org - 2.9.6-1 - Updated to 2.9.6 - Fixed autoscaling policy parsing (boto #1538) * Thu May 9 2013 Orion Poplawski orion@cora.nwra.com - 2.9.2-1 - Update to 2.9.2 (bug #948714) - Spec cleanup * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.6.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Jan 8 2013 Garrett Holmstrom gholms@fedoraproject.org - 2.5.2-3 - Fixed parsing of current/previous instance state data (boto #881) * Wed Nov 21 2012 Garrett Holmstrom gholms@fedoraproject.org - 2.6.0-2 - Updated to 2.6.0 (#876517) - Note that this version enables SSL cert verification by default. * Sat Jul 21 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.5.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1064550 - update of python-boto breaks euca2ools https://bugzilla.redhat.com/show_bug.cgi?id=1064550 --------------------------------------------------------------------------------
================================================================================ root-5.34.15-1.el5 (FEDORA-EPEL-2014-0537) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information:
ROOT 5.34.05
http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2014 Mattias Ellert mattias.ellert@fysast.uu.se - 5.34.15-1 - Update to 5.34.15 - Drop patch root-davix.patch * Thu Jan 9 2014 Mattias Ellert mattias.ellert@fysast.uu.se - 5.34.14-3 - Rebuild for cfitsio 3.360 --------------------------------------------------------------------------------
================================================================================ stompclt-1.1-1.el5 (FEDORA-EPEL-2014-0550) Versatile STOMP client -------------------------------------------------------------------------------- Update Information:
Update to upstream version, rhbz #1061604. -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 12 2014 Massimo Paladin massimo.paladin@gmail.com 1.1-1 - Update to upstream, rhbz #1061604. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1061604 - Upgrade to new upstream version https://bugzilla.redhat.com/show_bug.cgi?id=1061604 --------------------------------------------------------------------------------
================================================================================ zabbix20-2.0.11-1.el5 (FEDORA-EPEL-2014-0560) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information:
http://www.zabbix.com/rn2.0.11.php
Also solves 3 security issues: - [ZBX-7703] fixed being able to switch users without proper credentials when using HTTP authentication; reference CVE-2014-1682 - [ZBX-6721] fixed LDAP authentication; reference CVE-2013-5572 - [ZBX-7693] fixed admin user being able to update media for other users; reference CVE-2014-1685 -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 12 2014 Volker Fröhlich volker27@gmx.at - 2.0.11-1 - New upstream release - Truncate changelog -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1013963 - CVE-2013-5572 zabbix: password leakage https://bugzilla.redhat.com/show_bug.cgi?id=1013963 [ 2 ] Bug #1061563 - CVE-2014-1682 zabbix: API issue allows users to impersonate other users https://bugzilla.redhat.com/show_bug.cgi?id=1061563 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org