The following Fedora EPEL 5 Security updates need testing:
Age URL
401
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
296
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1....
102
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0366/openconnect...
35
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5517/git-1.8.2.1...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5799/python-virt...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5968/transifex-c...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5990/mod_securit...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5991/cgit-0.9.2-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5996/socat-1.7.2...
The following builds have been pushed to Fedora EPEL 5 updates-testing
cgit-0.9.2-1.el5
mod_security-2.6.8-4.el5
socat-1.7.2.2-1.el5
Details about builds:
================================================================================
cgit-0.9.2-1.el5 (FEDORA-EPEL-2013-5991)
A fast web interface for git
--------------------------------------------------------------------------------
Update Information:
A directory traversal vulnerability was discovered in cgit. By default, cgit is not
affected. However, if cgit is configured to use a readme file from a filesystem path
instead of from the git repo itself then files outside of the repository can be read.
Refer to the discussion on oss-security for further details:
http://www.openwall.com/lists/oss-security/2013/05/25/3
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 27 2013 Todd Zullinger <tmz(a)pobox.com> - 0.9.2-1
- Update to 0.9.2, fixes CVE-2013-2117
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.9.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Nov 21 2012 Kevin Fenzi <kevin(a)scrye.com> 0.9.1-3
- Fixed ldflags. Fixes bug 878611
* Sat Nov 17 2012 Kevin Fenzi <kevin(a)scrye.com> 0.9.1-2
- Add patch to use correct version of highlight for all branches except epel5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967346 - CVE-2013-2117 cgit: directory traversal
https://bugzilla.redhat.com/show_bug.cgi?id=967346
--------------------------------------------------------------------------------
================================================================================
mod_security-2.6.8-4.el5 (FEDORA-EPEL-2013-5990)
Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765).
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 28 2013 Athmane Madjoudj <athmane(a)fedoraproject.org> 2.6.8-4
- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967615 - mod_security: NULL pointer dereference (DoS, crash) when
forceRequestBodyVariable action triggered and unknown Content-Type was used
https://bugzilla.redhat.com/show_bug.cgi?id=967615
--------------------------------------------------------------------------------
================================================================================
socat-1.7.2.2-1.el5 (FEDORA-EPEL-2013-5996)
Bidirectional data relay between two data channels ('netcat++')
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2013-3571: Denial of service due to file descriptor leak
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 27 2013 Paul Wouters <pwouters(a)redhat.com> - 1.7.2.2-1
- Updated to 1.7.2.2 for CVE-2013-3571, rhbz#967540
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967345 - CVE-2013-3571 socat: Denial of service due to file descriptor leak
https://bugzilla.redhat.com/show_bug.cgi?id=967345
--------------------------------------------------------------------------------