The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4585
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3873
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3238
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3762
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4623
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4674
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4573
The following builds have been pushed to Fedora EPEL 5 updates-testing
awstats-6.95-3.el5
g2clib-1.2.2-2.el5
kobo-0.3.5-1.el5
mozilla-https-everywhere-1.0.3-2.el5
Details about builds:
================================================================================
awstats-6.95-3.el5 (FEDORA-EPEL-2011-4674)
Advanced Web Statistics
--------------------------------------------------------------------------------
Update Information:
This update fixes several cross-site scripting, SQL injection and
related flaws in awredir.pl.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 9 2011 Tim Jackson <rpm(a)timj.co.uk> 6.95-3
- fix CRLF Injection, multiple XSS and SQL injection flaws (#740926)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #740926 - awstats: multiple flaws in awredir.pl
https://bugzilla.redhat.com/show_bug.cgi?id=740926
--------------------------------------------------------------------------------
================================================================================
g2clib-1.2.2-2.el5 (FEDORA-EPEL-2011-4679)
GRIB2 encoder/decoder and search/indexing routines in C
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.2: Corrected PDT 4.42,4.43 for Atmospheric Chemical Constituents
- Add -fPIC for 64-bit builds
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2011 Orion Poplawski <orion(a)cora.nwra.com> - 1.2.2-2
- Add -fPIC to 64-bit builds
* Wed Mar 16 2011 Orion Poplawski <orion(a)cora.nwra.com> - 1.2.2-1
- Update to 1.2.2
--------------------------------------------------------------------------------
================================================================================
kobo-0.3.5-1.el5 (FEDORA-EPEL-2011-4675)
Python modules for tools development
--------------------------------------------------------------------------------
Update Information:
Bump to a new upstream version.
Bugfixes mostly.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2011 Daniel Mach <dmach(a)redhat.com> - 0.3.5-1
- Bump version to 0.3.5. (Daniel Mach)
- Return tracebacks in the XML-RPC dispatcher as unicode. (Daniel Mach)
- Refactor MainMenu to be Django 1.3 compliant. (Martin Magr)
- Make StateEnumField Django 1.2 compliant. (Martin Magr)
- Add proxy support to XML-RPC transports. (Daniel Mach)
- Cache stat values in FileWrapper objects, add size and mtime properties. (Tomas Mlcoch)
- Fix unittest kobo.http for Python 2.4. (Tomas Mlcoch)
- Add unit test for kobo.pkgset. (Tomas Mlcoch)
- Rename pkgset.FileCache.__get__ to __getitem__. (Tomas Mlcoch)
- Add unit test for kobo.http. (Tomas Mlcoch)
- Add unit test for kobo.decorators. (Tomas Mlcoch)
- Add docstrings to kobo.http. (Tomas Mlcoch)
- Add UndoHardlink class to __all__. (Tomas Mlcoch)
- Add unit test for kobo.hardlink. (Tomas Mlcoch)
- Fix params for os.utime() call in UndoHardlink class. (Tomas Mlcoch)
- Fix tback.Traceback to work properly in interpreter. (Tomas Mlcoch)
- Use getattr to read Krb5Error.err_code to prevent possible AttributeError in HubProxy.
(Daniel Mach)
- Add a new task state - CREATED. (Daniel Mach)
- Fix templates to work properly in debug mode. (Daniel Mach)
- Revamp log downloads - download as a stream, better support for other than .log files,
enforce using UPLOAD_DIR in settings. (Daniel Mach)
- Delete empty directories on FileUpload.delete(). (Daniel Mach)
- Catch an exception when deleting an FileUpload object and target file is missing.
(Daniel Mach)
- Make sure that xmlrpc.decode_xmlrpc_chunk() won't fail on existing directory.
(Daniel Mach)
- Run task cleanup and notification for foreground tasks. (Daniel Mach)
- Enhance shortcuts.iter_chunks() to work with files. (Daniel Mach)
- Upload files in chunks in order to prevent client-side memory issues. (Daniel Mach)
- Exclude file uploads from CSRF protection. (Daniel Mach)
- Add assertRegexpMatches and assertIsInstance to tback tests to make them work on python
< 2.7. (Daniel Mach)
- Fix processing unitialized variables in tback. (Martin Bukatovic)
- Fix a traceback in kobo-admin start-hub when a project name contained dashes. (Daniel
Mach)
- Add -tt python interpreter argument to project templates. (Daniel Mach)
- Add kobo.rpmlib.parse_evr() to parse E:VR. (Daniel Mach)
- Fix parse_nvra() - arch must not contain '-'. (Daniel Mach)
- Add missing {{ project_name }} prefix to kobo admin templates. (Daniel Mach)
- Start daemons in "/" rather than in working dir. (Daniel Mach)
- Add TransactionMiddleware to the hub template's settings. (Daniel Mach)
- Add skip_broken argument to PluginContainer.register_module() class method. (Daniel
Mach)
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-1.0.3-2.el5 (FEDORA-EPEL-2011-4678)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
New package.
HTTPS Everywhere is a Firefox extension produced as a collaboration between The
Tor Project and the Electronic Frontier Foundation. It encrypts your
communications with a number of major websites.
Many sites on the web offer some limited support for encryption over HTTPS, but
make it difficult to use. For instance, they may default to unencrypted HTTP,
or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by rewriting all requests
to these sites to HTTPS.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #739323 - Review Request: mozilla-https-everywhere - HTTPS/HSTS enforcement
extension for Mozilla browsers
https://bugzilla.redhat.com/show_bug.cgi?id=739323
--------------------------------------------------------------------------------