The following Fedora EPEL 5 Security updates need testing:

https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5554/phpMyAdmin3-3.... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0931/drupal7-ctools... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0352/bugzilla-3.2.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5561/python26-2.6.8... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5563/gallery2-2.3.2...

The following builds have been pushed to Fedora EPEL 5 updates-testing

cobbler-2.2.2-1.el5 drupal6-views-2.16-2.el5 gallery2-2.3.2-1.el5 nagios-plugins-openmanage-3.7.5-1.el5 python26-2.6.8-1.el5 tito-0.4.8-1.el5

Details about builds:

================================================================================ cobbler-2.2.2-1.el5 (FEDORA-EPEL-2012-5555) Boot server configurator -------------------------------------------------------------------------------- Update Information:

New upstream release -------------------------------------------------------------------------------- ChangeLog:

* Wed Apr 11 2012 James Cammarata jimi@sngx.net - 2.2.2-1 - New upstream 2.2.2 release (jimi@sngx.net) * Thu Jan 12 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ drupal6-views-2.16-2.el5 (FEDORA-EPEL-2012-5560) Provides a method for site designers to control content presentation -------------------------------------------------------------------------------- Update Information:

Latest upstream. -------------------------------------------------------------------------------- ChangeLog:

* Fri Jan 13 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.16-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Nov 15 2011 Jon Ciesla limb@jcomserv.net - 2.16-1 - Update to 2.16, BZ 754076. * Fri Nov 4 2011 Jon Ciesla limb@jcomserv.net - 2.14-1 - Update to 2.14, BZ 751044. --------------------------------------------------------------------------------

================================================================================ gallery2-2.3.2-1.el5 (FEDORA-EPEL-2012-5563) Customizable photo gallery web site -------------------------------------------------------------------------------- Update Information:

Fixes for CVE-2012-1113, minor XSS vulnerabilities. -------------------------------------------------------------------------------- ChangeLog:

* Thu Apr 12 2012 Jon Ciesla limburgher@gmail.com - 2.3.2-1 - Latest upstream, minor security fixes, - BZ 812048, 812049, 812050. * Fri Feb 3 2012 Jon Ciesla limburgher@gmail.com - 2.3.1-6 - Unbundle php-pear-Mail-Mime, BZ 501867. * Fri Jan 13 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.3.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Wed Dec 7 2011 Jon Ciesla limburgher@gmail.com - 2.3.1-4 - Patch for jpegtran output, BZ 712558. * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Jul 2 2010 Adam Tkac <atkac redhat com> - 2.3.1-2 - jpegtran subpkg: require /usr/bin/jpegtran instead of libjpeg to be compatible with both libjpeg and libjpeg-turbo * Thu Dec 17 2009 Jon Ciesla limb@jcomserv.net - 2.3.1-1 - 2.3.1, fix for upgrader in PHP 5.3.x. - smtp patch upstreamed. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #812048 - CVE-2012-1113 gallery: XSS flaws in administration area [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=812048 [ 2 ] Bug #812049 - CVE-2012-1113 gallery: XSS flaws in administration area [fedora-rawhide] https://bugzilla.redhat.com/show_bug.cgi?id=812049 [ 3 ] Bug #812050 - CVE-2012-1113 gallery: XSS flaws in administration area [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=812050 --------------------------------------------------------------------------------

================================================================================ nagios-plugins-openmanage-3.7.5-1.el5 (FEDORA-EPEL-2012-5564) Nagios plugin to monitor hardware health on Dell servers -------------------------------------------------------------------------------- Update Information:

Update to upstream version 3.7.5 -------------------------------------------------------------------------------- ChangeLog:

* Fri Apr 13 2012 Trond Hasle Amundsen t.h.amundsen@usit.uio.no - 3.7.5-1 - Upstream version 3.7.5 --------------------------------------------------------------------------------

================================================================================ python26-2.6.8-1.el5 (FEDORA-EPEL-2012-5561) An interpreted, interactive, object-oriented programming language -------------------------------------------------------------------------------- Update Information:

Rebase of python26 from 2.6.5 to 2.6.8 bringing in security fixes, along with other bugfixes. -------------------------------------------------------------------------------- ChangeLog:

* Thu Apr 12 2012 David Malcolm dmalcolm@redhat.com - 2.6.8-1 - 2.6.8: refresh patch 102 (lib64), patch 52 (valgrind) and patch 110 (ctypes/SELinux); drop upstream patch 11 (tolower), patch 116 (CVE-2010-1634), patch 117 (CVE-2010-2089), patch 118 (CVE-2008-5983); add patch 200 (Py_DEBUG and _Py_HashSecret_Initialized); regenerate the autotool intermediates patch (patch 300) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003) https://bugzilla.redhat.com/show_bug.cgi?id=750555 [ 2 ] Bug #789790 - CVE-2012-0845 python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request https://bugzilla.redhat.com/show_bug.cgi?id=789790 [ 3 ] Bug #812068 - python: SSL CBC IV vulnerability (CVE-2011-3389, BEAST) https://bugzilla.redhat.com/show_bug.cgi?id=812068 --------------------------------------------------------------------------------

================================================================================ tito-0.4.8-1.el5 (FEDORA-EPEL-2012-5569) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information:

Fix mock builds of packages that do not use the standard builder, changelog email issues with interpreting 0 as false, and a broken constructor in the distributionbuilder. -------------------------------------------------------------------------------- ChangeLog:

* Mon Apr 2 2012 Devan Goodwin dgoodwin@rm-rf.ca 0.4.8-1 - Fix MockBuilder for packages that use non-standard builders normally. (dgoodwin@redhat.com) - interpret '0' as False for changelog_with_email setting. (msuchy@redhat.com) * Thu Mar 15 2012 Devan Goodwin dgoodwin@rm-rf.ca 0.4.7-1 - Fix issues with DistributionBuilder constructor (dgoodwin@redhat.com) --------------------------------------------------------------------------------