The following Fedora EPEL 5 Security updates need testing: Age URL 1067 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 522 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 286 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-... 140 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2.17-... 136 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3... 45 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0695/drupal7-path_b... 25 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1001/drupal7-entity... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1326/drupal7-ctools... 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1344/drupal6-6.35-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1374/tor-0.2.4.26-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1419/cabextract-1.5... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1379/PyYAML-3.09-11...

The following builds have been pushed to Fedora EPEL 5 updates-testing

PyYAML-3.09-11.el5 cabextract-1.5-1.el5 opendkim-2.10.1-4.el5 potrace-1.12-1.el5 python-psycopg2-2.0.14-3.el5 tor-0.2.4.26-1.el5

Details about builds:

================================================================================ PyYAML-3.09-11.el5 (FEDORA-EPEL-2015-1379) YAML parser and emitter for Python -------------------------------------------------------------------------------- Update Information:

Security fix for CVE-2014-9130 -------------------------------------------------------------------------------- ChangeLog:

* Mon Mar 23 2015 John Eckersberg eck@redhat.com - 3.09-11 - Add patch for CVE-2014-9130 (bug 1204829) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1204829 - PyYAML: assert failure when processing wrapped strings https://bugzilla.redhat.com/show_bug.cgi?id=1204829 --------------------------------------------------------------------------------

================================================================================ cabextract-1.5-1.el5 (FEDORA-EPEL-2015-1419) Utility for extracting cabinet (.cab) archives -------------------------------------------------------------------------------- Update Information:

Security fix for directory traversal with UTF-8 symbols in filenames. Fixed in upstream version 1.5. -------------------------------------------------------------------------------- ChangeLog:

* Tue Feb 24 2015 Juan Orti Alcaine jorti@fedoraproject.org - 1.5-1 - Updated to 1.5 * Fri Aug 15 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Jul 18 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jan 12 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon May 16 2011 Dan Horák <dan[at]danny.cz> - 1.4-1 - updated to 1.4 * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Sep 29 2010 jkeating - 1.3-2 - Rebuilt for gcc bug 634757 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1193952 - CVE-2015-2060 cabextract: directory traversal with UTF-8 symbols in filenames https://bugzilla.redhat.com/show_bug.cgi?id=1193952 --------------------------------------------------------------------------------

================================================================================ opendkim-2.10.1-4.el5 (FEDORA-EPEL-2015-1391) A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail -------------------------------------------------------------------------------- Update Information:

- Fixed typo in Group Name - Added updated libtool definition - Additional comments in spec file - Patch SysV initscript to stop default key generation on startup -------------------------------------------------------------------------------- ChangeLog:

* Tue Mar 24 2015 Steve Jenkins steve@stevejenkins.com - 2.10.1-4 - Fixed typo in Group name - Added updated libtool definition - Additional comments in spec file - Patch SysV initscript to stop default key generation on startup * Thu Mar 5 2015 Adam Jackson ajax@redhat.com 2.10.1-3 - Drop sysvinit subpackage from F23+ --------------------------------------------------------------------------------

================================================================================ potrace-1.12-1.el5 (FEDORA-EPEL-2015-1369) Transform bitmaps into vector graphics -------------------------------------------------------------------------------- Update Information:

Update to 1.12, fixing memory overflow bug with very large bitmaps. -------------------------------------------------------------------------------- ChangeLog:

* Tue Mar 24 2015 Susi Lehtola jussilehtola@fedoraproject.org - 1.12-1 - Update to 1.12. * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.11-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.11-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed May 15 2013 Susi Lehtola jussilehtola@fedoraproject.org - 1.11-2 - Support for 64 bit ARM architecture (BZ #926364). --------------------------------------------------------------------------------

================================================================================ python-psycopg2-2.0.14-3.el5 (FEDORA-EPEL-2015-1382) A PostgreSQL database adapter for Python -------------------------------------------------------------------------------- Update Information:

disabling python-psycopg2-zope; broken dependencies -------------------------------------------------------------------------------- ChangeLog:

* Wed Mar 18 2015 Jozef Mlich jmlich@redhat.com - 2.0.14-3 - disabling python-psycopg2-zope and rebuild due broken dependencies in the epel-5 tree zope package retired --------------------------------------------------------------------------------

================================================================================ tor-0.2.4.26-1.el5 (FEDORA-EPEL-2015-1374) Anonymizing overlay network for TCP (The onion router) -------------------------------------------------------------------------------- Update Information:

Update to upstream release 0.2.4.26. -------------------------------------------------------------------------------- ChangeLog:

* Mon Mar 23 2015 Jamie Nguyen jamielinux@fedoraproject.org - 0.2.4.26-1 - update to upstream release 0.2.4.26 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1204773 - tor: security fixes in 0.2.4.26 and 0.2.5.11 https://bugzilla.redhat.com/show_bug.cgi?id=1204773 --------------------------------------------------------------------------------