The following Fedora EPEL 5 Security updates need testing:
Age URL
944
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
398
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
163
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
59
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1....
58
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki11...
17
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2....
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3972/nginx-0.8.5...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3983/polarssl-1....
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4147/lsyncd-2.1....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4166/clamav-0.98...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4221/wordpress-4...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4228/drupal6-6.3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4231/perltidy-20...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4205/drupal7-7.3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4219/phpMyAdmin4...
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal6-6.34-1.el5
drupal7-7.34-1.el5
edg-mkgridmap-4.0.0-8.el5
perltidy-20070801-2.el5
phpMyAdmin4-4.0.10.6-1.el5
wordpress-4.0.1-1.el5
Details about builds:
================================================================================
drupal6-6.34-1.el5 (FEDORA-EPEL-2014-4228)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/SA-CORE-2014-006
* Update to Drupal 6.
* Drupal 6.33 release notes can be found here,
https://www.drupal.org/drupal-6.33-release-notes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher(a)gmail.com> - 6.34-1
- 6.34, DRUPAL-SA-CORE-2014-006
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default
content in Tooltip widget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166100
[ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004)
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1127539
[ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability
(SA-CORE-2014-006) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166246
[ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability
(SA-CORE-2014-006) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166247
--------------------------------------------------------------------------------
================================================================================
drupal7-7.34-1.el5 (FEDORA-EPEL-2014-4205)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/SA-CORE-2014-006
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher(a)gmail.com> - 7.34-1
- 7.34, DRUPAL-SA-CORE-2014-006.
* Tue Nov 11 2014 Peter Borsa <peter.borsa(a)gmail.com> - 7.33-1
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default
content in Tooltip widget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166101
[ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability
(SA-CORE-2014-006) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166249
[ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability
(SA-CORE-2014-006) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166250
--------------------------------------------------------------------------------
================================================================================
edg-mkgridmap-4.0.0-8.el5 (FEDORA-EPEL-2014-4226)
A tool to build the grid map-file from VO servers
--------------------------------------------------------------------------------
Update Information:
Added missing dependency on "perl(LWP::Protocol::https)"
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Alejandro Alvarez Ayllon <aalvarez(a)cern.ch> - 4.0.0-8
- Added Requires perl(LWP::Protocol::https)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.0.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.0.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar(a)redhat.com> - 4.0.0-5
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165991 - edg-mkgridmap missing dependency
https://bugzilla.redhat.com/show_bug.cgi?id=1165991
--------------------------------------------------------------------------------
================================================================================
perltidy-20070801-2.el5 (FEDORA-EPEL-2014-4231)
Tool for indenting and reformatting Perl scripts
--------------------------------------------------------------------------------
Update Information:
Jakub Wilk discovered that perltidy's make_temporary_filename() function insecurely
created temporary files via the use of the tmpnam() function. A local attacker could use
this flaw to perform a symbolic link attack. This update replaces the use of
make_temporary_filename() with the more secure tempname() from the File::Temp module.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074720 - CVE-2014-2277 perltidy: insecure temporary file creation
https://bugzilla.redhat.com/show_bug.cgi?id=1074720
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin4-4.0.10.6-1.el5 (FEDORA-EPEL-2014-4219)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.6 (2014-11-20)
================================
- [security] XSS vulnerability in table print view
- [security] XSS vulnerability in zoom search page
- [security] Path traversal in file inclusion of GIS factory
- [security] XSS in multi submit
- [security] XSS through pma_fontsize cookie
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Robert Scheck <robert(a)fedoraproject.org> 4.0.10.6-1
- Upgrade to 4.0.10.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities
(PMASA-2014-13)
https://bugzilla.redhat.com/show_bug.cgi?id=1166619
[ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability
(PMASA-2014-14)
https://bugzilla.redhat.com/show_bug.cgi?id=1166626
--------------------------------------------------------------------------------
================================================================================
wordpress-4.0.1-1.el5 (FEDORA-EPEL-2014-4221)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
WordPress 4.0.1 Security Release
See:
https://wordpress.org/news/2014/11/wordpress-4-0-1/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Remi Collet <remi(a)fedoraproject.org> - 4.0.1-1
- WordPress 4.0.1 Security Release
- use system php-getid3 when available #1145574
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release
https://bugzilla.redhat.com/show_bug.cgi?id=1166468
--------------------------------------------------------------------------------