The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5177/jasper-1.90...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5208/cacti-0.8.7...
The following builds have been pushed to Fedora EPEL 4 updates-testing
cacti-0.8.7i-2.el4.1
duplicity-0.6.14-2.el4
Details about builds:
================================================================================
cacti-0.8.7i-2.el4.1 (FEDORA-EPEL-2011-5208)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.7i. Upstream release notes are at
http://www.cacti.net/release_notes_0_8_7i.php. Notably "Multiple security
vulnerabilities".
Also, merge some changes that were in Fedora: add mod_security overrides, and block HTTP
access to log and rra directories.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 13 2011 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.7i-2.el4.1
- el4's rpm does not support complex conditionals
* Tue Dec 13 2011 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.7i-2
- Only set "su" logrotate parameter for F16 and above.
- Tweak mod_security rules.
* Mon Dec 12 2011 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.7i-1
- New upstream release (BZ #766573).
* Fri Nov 11 2011 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.7h-2
- block HTTP access to log and rra directories (#609856)
- overrides for mod_security
- set logrotate to su to cacti apache when rotating (#753079)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #766573 - cacti-0.8.7i is available
https://bugzilla.redhat.com/show_bug.cgi?id=766573
[ 2 ] Bug #609856 - cacti: no httpd restrictions for log and rra directories
https://bugzilla.redhat.com/show_bug.cgi?id=609856
--------------------------------------------------------------------------------
================================================================================
duplicity-0.6.14-2.el4 (FEDORA-EPEL-2011-5225)
Encrypted bandwidth-efficient backup using rsync algorithm
--------------------------------------------------------------------------------
Update Information:
fix python-2.3 incompatibility
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 25 2011 Jérôme Benoit <jerome.benoit(a)steria.com> 0.6.14-2
- Use python-kitchen for subprocess on RHEL 4 (#745535)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #745535 - duplicity fail because of subprocess
https://bugzilla.redhat.com/show_bug.cgi?id=745535
--------------------------------------------------------------------------------