The following Fedora EPEL 5 Security updates need testing: Age URL 944 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 398 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 163 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-... 59 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1.2.4... 58 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki119-1... 17 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2.17-... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3972/nginx-0.8.55-6... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3983/polarssl-1.3.2... 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4147/lsyncd-2.1.4-4... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4166/clamav-0.98.5-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4221/wordpress-4.0.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4228/drupal6-6.34-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4231/perltidy-20070... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4205/drupal7-7.34-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4219/phpMyAdmin4-4....
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal6-6.34-1.el5 drupal7-7.34-1.el5 edg-mkgridmap-4.0.0-8.el5 perltidy-20070801-2.el5 phpMyAdmin4-4.0.10.6-1.el5 wordpress-4.0.1-1.el5
Details about builds:
================================================================================ drupal6-6.34-1.el5 (FEDORA-EPEL-2014-4228) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:
https://www.drupal.org/SA-CORE-2014-006 * Update to Drupal 6. * Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes.
-------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 20 2014 Jon Ciesla limburgher@gmail.com - 6.34-1 - 6.34, DRUPAL-SA-CORE-2014-006 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166100 [ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1127539 [ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166246 [ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166247 --------------------------------------------------------------------------------
================================================================================ drupal7-7.34-1.el5 (FEDORA-EPEL-2014-4205) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:
https://www.drupal.org/SA-CORE-2014-006 - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 20 2014 Jon Ciesla limburgher@gmail.com - 7.34-1 - 7.34, DRUPAL-SA-CORE-2014-006. * Tue Nov 11 2014 Peter Borsa peter.borsa@gmail.com - 7.33-1 - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166101 [ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166249 [ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166250 --------------------------------------------------------------------------------
================================================================================ edg-mkgridmap-4.0.0-8.el5 (FEDORA-EPEL-2014-4226) A tool to build the grid map-file from VO servers -------------------------------------------------------------------------------- Update Information:
Added missing dependency on "perl(LWP::Protocol::https)" -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 21 2014 Alejandro Alvarez Ayllon aalvarez@cern.ch - 4.0.0-8 - Added Requires perl(LWP::Protocol::https) * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar ppisar@redhat.com - 4.0.0-5 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1165991 - edg-mkgridmap missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1165991 --------------------------------------------------------------------------------
================================================================================ perltidy-20070801-2.el5 (FEDORA-EPEL-2014-4231) Tool for indenting and reformatting Perl scripts -------------------------------------------------------------------------------- Update Information:
Jakub Wilk discovered that perltidy's make_temporary_filename() function insecurely created temporary files via the use of the tmpnam() function. A local attacker could use this flaw to perform a symbolic link attack. This update replaces the use of make_temporary_filename() with the more secure tempname() from the File::Temp module. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1074720 - CVE-2014-2277 perltidy: insecure temporary file creation https://bugzilla.redhat.com/show_bug.cgi?id=1074720 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin4-4.0.10.6-1.el5 (FEDORA-EPEL-2014-4219) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
phpMyAdmin 4.0.10.6 (2014-11-20) ================================
- [security] XSS vulnerability in table print view - [security] XSS vulnerability in zoom search page - [security] Path traversal in file inclusion of GIS factory - [security] XSS in multi submit - [security] XSS through pma_fontsize cookie -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 20 2014 Robert Scheck robert@fedoraproject.org 4.0.10.6-1 - Upgrade to 4.0.10.6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13) https://bugzilla.redhat.com/show_bug.cgi?id=1166619 [ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) https://bugzilla.redhat.com/show_bug.cgi?id=1166626 --------------------------------------------------------------------------------
================================================================================ wordpress-4.0.1-1.el5 (FEDORA-EPEL-2014-4221) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
WordPress 4.0.1 Security Release
See: https://wordpress.org/news/2014/11/wordpress-4-0-1/ -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 21 2014 Remi Collet remi@fedoraproject.org - 4.0.1-1 - WordPress 4.0.1 Security Release - use system php-getid3 when available #1145574 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release https://bugzilla.redhat.com/show_bug.cgi?id=1166468 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org
-
updates@fedoraproject.org