The following Fedora EPEL 5 Security updates need testing:
Age URL
665
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
155
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11560/fail2ban-0...
119
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
94
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12091/bip-0.8.9-...
85
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12169/gc-7.1-6.el5
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0433/puppet-2.7....
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0471/lighttpd-1....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0531/libyaml-0.1...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0560/zabbix20-2....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0542/drupal6-cto...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0541/drupal7-cto...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0533/drupal6-fil...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0572/drupal6-ima...
The following builds have been pushed to Fedora EPEL 5 updates-testing
augeas-1.2.0-1.el5
drupal6-ctools-1.11-1.el5
drupal6-devel-1.28-1.el5
drupal6-filefield-3.12-1.el5
drupal6-image_resize_filter-1.14-1.el5
drupal7-context-3.2-1.el5
drupal7-ctools-1.4-1.el5
drupal7-diff-3.2-1.el5
drupal7-fivestar-2.0-0.7.alpha3.el5
drupal7-libraries-2.2-1.el5
drupal7-login_destination-1.1-1.el5
drupal7-metatag-1.0-0.4.beta9.el5
drupal7-taxonomy_access_fix-2.0-1.el5
perl-Class-MethodMaker-2.20-2.el5
python26-boto-2.25.0-2.el5
root-5.34.15-1.el5
stompclt-1.1-1.el5
zabbix20-2.0.11-1.el5
Details about builds:
================================================================================
augeas-1.2.0-1.el5 (FEDORA-EPEL-2014-0581)
A library for changing configuration files
--------------------------------------------------------------------------------
Update Information:
Update to Augeas 1.2.0:
* resolves CVE-2013-6412
* changelog:
https://github.com/hercules-team/augeas/blob/master/NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 12 2014 Dominic Cleal <dcleal(a)redhat.com> - 1.2.0-1
- Update to 1.2.0
- Add check section and patch to fix old libxml2 failure
- Update source URL to
download.augeas.net (RHBZ#996032)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1034261 - CVE-2013-6412 augeas: incorrect permissions set on newly created
files
https://bugzilla.redhat.com/show_bug.cgi?id=1034261
--------------------------------------------------------------------------------
================================================================================
drupal6-ctools-1.11-1.el5 (FEDORA-EPEL-2014-0542)
This suite is primarily a set of APIs and tools
--------------------------------------------------------------------------------
Update Information:
Updated to 1.11
* Release notes:
https://drupal.org/node/2194547
* SA-CONTRIB-2014-013
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 13 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 1.11-1
- Updated to 1.11 (BZ #1064730; release notes
https://drupal.org/node/2194547)
- Security BZ #1064864, #1064865, #1064867
- SA-CONTRIB-2014-013
- Spec cleanup
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.10-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1064864 - drupal6-ctools: access bypass issues
https://bugzilla.redhat.com/show_bug.cgi?id=1064864
--------------------------------------------------------------------------------
================================================================================
drupal6-devel-1.28-1.el5 (FEDORA-EPEL-2014-0564)
Various blocks, pages, and functions for developers
--------------------------------------------------------------------------------
Update Information:
Updated to 1.28
Release notes:
https://drupal.org/node/2189765
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062179 - drupal6-devel-1.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1062179
--------------------------------------------------------------------------------
================================================================================
drupal6-filefield-3.12-1.el5 (FEDORA-EPEL-2014-0533)
Defines a file field type
--------------------------------------------------------------------------------
Update Information:
Updated to 3.12
* Release notes:
https://drupal.org/node/2194103
* SA-CONTRIB-2014-015
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 14 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 1:3.12-1
- Updated to 3.12 (BZ #1064729; release notes
https://drupal.org/node/2194103)
- Security BZ #1064841, #1064842, 1064843
- SA-CONTRIB-2014-015
- Spec cleanup
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1:3.11-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1064841 - drupal6-filefield: access bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1064841
--------------------------------------------------------------------------------
================================================================================
drupal6-image_resize_filter-1.14-1.el5 (FEDORA-EPEL-2014-0572)
Filter to automatically scale images to their height and width dimensions
--------------------------------------------------------------------------------
Update Information:
Updated to 1.14
* Release notes:
https://drupal.org/node/2194065
* SA-CONTRIB-2014-017:
https://drupal.org/node/2194655
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1064856 - drupal6-image_resize_filter: denial of service via large number of
images to resize
https://bugzilla.redhat.com/show_bug.cgi?id=1064856
--------------------------------------------------------------------------------
================================================================================
drupal7-context-3.2-1.el5 (FEDORA-EPEL-2014-0573)
Allows contextual conditions and reactions management
--------------------------------------------------------------------------------
Update Information:
Updated to 3.2
* Release notes:
https://drupal.org/node/2183729
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 3.2-1
- Updated to 3.2 (BZ #1059560; release notes
https://drupal.org/node/2183729)
- Spec cleanup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1059560 - drupal7-context-3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1059560
--------------------------------------------------------------------------------
================================================================================
drupal7-ctools-1.4-1.el5 (FEDORA-EPEL-2014-0541)
This suite is primarily a set of APIs and tools for other Drupal modules
--------------------------------------------------------------------------------
Update Information:
- Update to upstream 1.4 release for bug and security fixes
- Upstream changelog for this release is available at
https://drupal.org/node/2194551
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 14 2014 Peter Borsa <peter.borsa(a)gmail.com> - 1.4-1
- Update to upstream 1.4 release for bug and security fixes
- Upstream changelog for this release is available at
https://drupal.org/node/2194551
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1064864 - drupal6-ctools: access bypass issues
https://bugzilla.redhat.com/show_bug.cgi?id=1064864
--------------------------------------------------------------------------------
================================================================================
drupal7-diff-3.2-1.el5 (FEDORA-EPEL-2014-0569)
Show differences between content revisions
--------------------------------------------------------------------------------
Update Information:
Updated to 3.2
* Release notes:
https://drupal.org/node/1839054
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1059998 - drupal7-diff-3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1059998
--------------------------------------------------------------------------------
================================================================================
drupal7-fivestar-2.0-0.7.alpha3.el5 (FEDORA-EPEL-2014-0532)
Enables fivestar ratings on content, users, etc
--------------------------------------------------------------------------------
Update Information:
Updated to 2.0-alpha3
* Release notes:
https://drupal.org/node/2186899
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.0-0.7.alpha3
- Add build require drupal7-rpmbuild
* Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.0-0.6.alpha3
- Updated to 2.0-alpha3 (BZ #1060464; release notes
https://drupal.org/node/2186899)
- Spec cleanup
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0-0.5.alpha2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0-0.4.alpha2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0-0.3.alpha2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1060464 - drupal7-fivestar-2.0-alpha3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1060464
--------------------------------------------------------------------------------
================================================================================
drupal7-libraries-2.2-1.el5 (FEDORA-EPEL-2014-0570)
Allows version-dependent and shared usage of external libraries
--------------------------------------------------------------------------------
Update Information:
Updated to 2.2
* Release notes:
https://drupal.org/node/2192173
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.2-1
- Updated to 2.2 (BZ #1063727; release notes
https://drupal.org/node/2192173)
- Spec cleanup
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1063727 - drupal7-libraries-2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1063727
--------------------------------------------------------------------------------
================================================================================
drupal7-login_destination-1.1-1.el5 (FEDORA-EPEL-2014-0559)
Customize the destination that the user is redirected to after login
--------------------------------------------------------------------------------
Update Information:
Updated to 1.1
* Release notes:
https://drupal.org/node/1869598
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1059997 - drupal7-login_destination-1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1059997
--------------------------------------------------------------------------------
================================================================================
drupal7-metatag-1.0-0.4.beta9.el5 (FEDORA-EPEL-2014-0556)
Adds support and an API to implement meta tags
--------------------------------------------------------------------------------
Update Information:
Updated to 1.0-beta9
* Release notes:
https://drupal.org/node/2176579
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1059999 - drupal7-metatag-1.0-beta9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1059999
--------------------------------------------------------------------------------
================================================================================
drupal7-taxonomy_access_fix-2.0-1.el5 (FEDORA-EPEL-2014-0575)
Fixes the crooked access checks for Taxonomy pages
--------------------------------------------------------------------------------
Update Information:
Updated to 2.0
* Release notes:
https://drupal.org/node/2152445
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1060000 - drupal7-taxonomy_access_fix-2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1060000
--------------------------------------------------------------------------------
================================================================================
perl-Class-MethodMaker-2.20-2.el5 (FEDORA-EPEL-2014-0578)
Perl module for creating generic object-oriented methods
--------------------------------------------------------------------------------
Update Information:
This update, to the current upstream release, removes some test files that had a non-free
license (see
https://github.com/renormalist/class-methodmaker/issues/2).
There are also an assortment of minor bug fixes but nothing that should affect
compatibility.
--------------------------------------------------------------------------------
================================================================================
python26-boto-2.25.0-2.el5 (FEDORA-EPEL-2014-0504)
A simple lightweight interface to Amazon Web Services
--------------------------------------------------------------------------------
Update Information:
This update contains a fix that makes S3Connection.get_bucket use HEAD requests instead of
GET requests, which reduces the price of those requests by 90%. Code that parses error
messages may require updating. See the upstream release notes for version 2.25.0
additional details.
Another noteworthy change since version 2.5 is validating SSL certificates by default.
This change happened over a year ago; most applications are likely to support it now. See
the upstream release notes for version 2.6.0 for details on updating applications to work
with this change.
This update also contains numerous bugfixes and support for new capabilities that AWS has
added over the past several months.
The full release notes are available from upstream:
http://docs.pythonboto.org/en/latest/#release-notes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 12 2014 Garrett Holmstorm <gholms(a)fedoraproject.org> - 2.25.0-2
- Fixed roboto parameter type conversion (boto #2094, RH #1064550)
* Mon Feb 10 2014 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.25.0-1
- Updated to 2.25.0
- This update makes s3.get_bucket use HEAD instead of GET
* Mon Jan 20 2014 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.23.0-1
- Updated to 2.23.0
- Fixed auth for anonymous S3 requests (boto #1988)
* Thu Sep 26 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.13.3-1
- Updated to 2.13.3
- Note that this version changes register_image's virtualization_type parameter
- Fixed auto-scaling PropagateAtLaunch parsing (#1011682)
* Mon Jul 29 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.9.9-2
- Re-fixed autoscaling policy parsing (boto #1538)
* Thu Jul 25 2013 Orion Poplawski <orion(a)cora.nwra.com> - 2.9.9-1
- Update to 2.9.9
* Fri Jun 21 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.9.6-2
- Rebuilt after merge
* Fri Jun 21 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.9.6-1
- Updated to 2.9.6
- Fixed autoscaling policy parsing (boto #1538)
* Thu May 9 2013 Orion Poplawski <orion(a)cora.nwra.com> - 2.9.2-1
- Update to 2.9.2 (bug #948714)
- Spec cleanup
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.6.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Jan 8 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.5.2-3
- Fixed parsing of current/previous instance state data (boto #881)
* Wed Nov 21 2012 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.6.0-2
- Updated to 2.6.0 (#876517)
- Note that this version enables SSL cert verification by default.
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.5.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1064550 - update of python-boto breaks euca2ools
https://bugzilla.redhat.com/show_bug.cgi?id=1064550
--------------------------------------------------------------------------------
================================================================================
root-5.34.15-1.el5 (FEDORA-EPEL-2014-0537)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
ROOT 5.34.05
http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 14 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 5.34.15-1
- Update to 5.34.15
- Drop patch root-davix.patch
* Thu Jan 9 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 5.34.14-3
- Rebuild for cfitsio 3.360
--------------------------------------------------------------------------------
================================================================================
stompclt-1.1-1.el5 (FEDORA-EPEL-2014-0550)
Versatile STOMP client
--------------------------------------------------------------------------------
Update Information:
Update to upstream version, rhbz #1061604.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 12 2014 Massimo Paladin <massimo.paladin(a)gmail.com> 1.1-1
- Update to upstream, rhbz #1061604.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1061604 - Upgrade to new upstream version
https://bugzilla.redhat.com/show_bug.cgi?id=1061604
--------------------------------------------------------------------------------
================================================================================
zabbix20-2.0.11-1.el5 (FEDORA-EPEL-2014-0560)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
http://www.zabbix.com/rn2.0.11.php
Also solves 3 security issues:
- [ZBX-7703] fixed being able to switch users without proper credentials
when using HTTP authentication; reference CVE-2014-1682
- [ZBX-6721] fixed LDAP authentication; reference CVE-2013-5572
- [ZBX-7693] fixed admin user being able to update media for other users;
reference CVE-2014-1685
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 12 2014 Volker Fröhlich <volker27(a)gmx.at> - 2.0.11-1
- New upstream release
- Truncate changelog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1013963 - CVE-2013-5572 zabbix: password leakage
https://bugzilla.redhat.com/show_bug.cgi?id=1013963
[ 2 ] Bug #1061563 - CVE-2014-1682 zabbix: API issue allows users to impersonate other
users
https://bugzilla.redhat.com/show_bug.cgi?id=1061563
--------------------------------------------------------------------------------