The following Fedora EPEL 5 Security updates need testing:
Age URL
460
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
355
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1....
50
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6089/ssmtp-2.61-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10985/perl-Proc-...
The following builds have been pushed to Fedora EPEL 5 updates-testing
kobo-0.4.0-1.el5
libssh-0.5.4-5.el5
libssh-0.5.5-1.el5
perl-Proc-ProcessTable-0.48-1.el5
Details about builds:
================================================================================
kobo-0.4.0-1.el5 (FEDORA-EPEL-2013-10976)
Python modules for tools development
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 25 2013 Daniel Mach <dmach(a)redhat.com> - 0.4.0-1
- Drop django and hub subpackages on rhel <= 5
- Set filename to be real name of a downloaded file. (Tomas Tomecek)
- Fix logwatcher to scroll to latest logs. (Tomas Tomecek)
- Remove obsolete function kobo.django.views.generic._object_list(). (Tomas Kopecek)
- Updated README for 0.4.0 release (Tomas Kopecek)
- Revamp setup.py and related files. (Daniel Mach)
- LongnameUser table has auth_user db table name for easier upgrade. (Tomas Kopecek)
- Add checksum_type to SimpleRpmWrapper. (Tomas Kopecek)
- Add kobo.threads.run_in_threads() helper. (Tomas Kopecek)
- Django 1.5 rebase. (Tomas Kopecek)
- Remove unnecessary slots from pkgset.FileCache. (Daniel Mach)
--------------------------------------------------------------------------------
================================================================================
libssh-0.5.4-5.el5 (FEDORA-EPEL-2013-10979)
A library implementing the SSH2 protocol (0xbadc0de version)
--------------------------------------------------------------------------------
Update Information:
Add EPEL 5 support and enable Doxygen documentation.
--------------------------------------------------------------------------------
================================================================================
libssh-0.5.5-1.el5 (FEDORA-EPEL-2013-10983)
A library implementing the SSH2 protocol (0xbadc0de version)
--------------------------------------------------------------------------------
Update Information:
Update to libssh 0.5.5 Add EPEL 5 support and enable Doxygen documentation.
--------------------------------------------------------------------------------
================================================================================
perl-Proc-ProcessTable-0.48-1.el5 (FEDORA-EPEL-2013-10985)
Perl extension to access the Unix process table
--------------------------------------------------------------------------------
Update Information:
This update, to the current upstream maintenance release, fixes numerous bugs (as
mentioned in the package changelog), including unsafe usage of /tmp when caching is
enabled (CVE-2011-4363), which could allow an attacker to overwrite arbitrary files due to
a race condition.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #758866 - CVE-2011-4363 perl-Proc-ProcessTable: unsafe temporary file usage
https://bugzilla.redhat.com/show_bug.cgi?id=758866
--------------------------------------------------------------------------------