The following Fedora EPEL 5 Security updates need testing:
Age URL
1099
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
553
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
318
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
167
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5758/tor-0.2.4.2...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5694/zarafa-7.1....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5821/cherokee-1....
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5894/mksh-50f-1.el5
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5952/pdns-recurs...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5975/jasper-1.90...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5953/wordpress-4...
The following builds have been pushed to Fedora EPEL 5 updates-testing
jasper-1.900.1-15.el5
libxc-2.1.2-3.el5
mimedefang-2.78-1.el5
root-5.34.30-1.el5
wordpress-4.1.3-1.el5
Details about builds:
================================================================================
jasper-1.900.1-15.el5 (FEDORA-EPEL-2015-5975)
Implementation of the JPEG-2000 standard, Part 1
--------------------------------------------------------------------------------
Update Information:
Fix various (mostly security related) flaws.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2015 Rex Dieter <rdieter(a)fedoraproject.org>
- 1.900.1-15
- CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot()
(#1184752,#1179282)
- CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1184752,#1179298)
- CVE-2014-8137 - double-free in jas_iccattrval_destroy() (oCERT-2014-012)
(#1175763,#1173157)
- CVE-2014-8138 - heap overflow in jp2_decode() (oCERT-2014-012) (#1175763,#1173162)
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment
decoders (#1167537,#1170654)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode()
(oCERT-2014-012)
https://bugzilla.redhat.com/show_bug.cgi?id=1173162
[ 2 ] Bug #1179282 - CVE-2014-8157 jasper: dec->numtiles off-by-one check in
jpc_dec_process_sot() (oCERT-2015-001)
https://bugzilla.redhat.com/show_bug.cgi?id=1179282
[ 3 ] Bug #1167537 - CVE-2014-9029 jasper: incorrect component number check in COC, RGN
and QCC marker segment decoders (oCERT-2014-009)
https://bugzilla.redhat.com/show_bug.cgi?id=1167537
[ 4 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy()
(oCERT-2014-012)
https://bugzilla.redhat.com/show_bug.cgi?id=1173157
[ 5 ] Bug #1179298 - CVE-2014-8158 jasper: unrestricted stack memory use in jpc_qmfb.c
(oCERT-2015-001)
https://bugzilla.redhat.com/show_bug.cgi?id=1179298
--------------------------------------------------------------------------------
================================================================================
libxc-2.1.2-3.el5 (FEDORA-EPEL-2015-5962)
Library of exchange and correlation functionals to be used in DFT codes
--------------------------------------------------------------------------------
Update Information:
Update to 2.1.2, with further backported patches to hybrid functionals.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2015 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.2-3
- Patch some hybrids.
* Fri Apr 24 2015 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.2-2
- Patch broken makefiles.
* Thu Feb 19 2015 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.2-1
- Update to 2.1.2.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.1.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.1.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mimedefang-2.78-1.el5 (FEDORA-EPEL-2015-5978)
E-Mail filtering framework using Sendmail's Milter interface
--------------------------------------------------------------------------------
Update Information:
MIMEDefang 2.78
===============
* Fix bug in logic that coalesces multiparts to single-parts if possible; the bug broke
DKIM signing. Fix is courtesy of Peter Nagel.
MIMEDefang 2.77
===============
* Change old author's name to "Dianne Skoll" in many places.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2015 Robert Scheck <robert(a)fedoraproject.org> 2.78-1
- Upgrade to 2.78 (#1213639)
* Wed Apr 22 2015 Robert Scheck <robert(a)fedoraproject.org> 2.77-1
- Upgrade to 2.77 (#1213639)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1213639 - mimedefang-2.77 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1213639
--------------------------------------------------------------------------------
================================================================================
root-5.34.30-1.el5 (FEDORA-EPEL-2015-5959)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
root 5.34.30
https://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-n...
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 5.34.30-1
- Update to 5.34.30
- New sub-package: root-python3
- Disable hadoop/hdfs support for F23+ (not installable)
- Drop previously backported gcc 5 patches
--------------------------------------------------------------------------------
================================================================================
wordpress-4.1.3-1.el5 (FEDORA-EPEL-2015-5953)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
This is a critical security release for all previous versions and we strongly encourage
you to update your sites immediately.
https://wordpress.org/news/2015/04/wordpress-4-1-2/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2015 Remi Collet <remi(a)fedoraproject.org> - 4.1.3-1
- WordPress 4.1.3 Maintenance Release
* Thu Apr 23 2015 Remi Collet <remi(a)fedoraproject.org> - 4.1.2-1
- WordPress 4.1.2 Security Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214650 - wordpress: several vulnerabilities fixed in Wordpress 4.1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1214650
--------------------------------------------------------------------------------