The following Fedora EPEL 5 Security updates need testing:
Age URL
277
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
171
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1....
53
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13612/drupal6-ct...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0171/moodle-1.9....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0173/couchdb-1.0...
19
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0011/drupal7-con...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0116/drupal6-6.2...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0102/ettercap-0....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0139/proftpd-1.3...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0148/drupal7-7.1...
The following builds have been pushed to Fedora EPEL 5 updates-testing
couchdb-1.0.4-2.el5.1
moodle-1.9.19-5.el5
mozilla-https-everywhere-3.1.3-1.el5
nordugrid-arc-2.0.1-2.el5
packagedb-cli-1.3.0-1.el5
ucarp-1.5.2-7.el5
weechat-0.4.0-2.el5
whatsup-1.14-1.el5
zabbix20-2.0.4-4.el5
Details about builds:
================================================================================
couchdb-1.0.4-2.el5.1 (FEDORA-EPEL-2013-0173)
A document database server, accessible via a RESTful JSON API
--------------------------------------------------------------------------------
Update Information:
* Ver. 1.0.4 (security release)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 23 2013 Peter Lemenkov <lemenkov(a)gmail.com> - 1.0.4-2
- Fix for EPEL 5 (Erlang R12B)
* Wed Jan 23 2013 Peter Lemenkov <lemenkov(a)gmail.com> - 1.0.4-1
- Ver. 1.0.4
- Fixes CVE-2012-5649, CVE-2012-5650
* Mon Aug 15 2011 Kalev Lember <kalevlember(a)gmail.com> - 1.0.3-2
- Rebuilt for rpm bug #728707
* Thu Jul 21 2011 Peter Lemenkov <lemenkov(a)gmail.com> - 1.0.3-1
- Ver. 1.0.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #784792 - Request: update CouchDB to 1.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=784792
[ 2 ] Bug #895599 - CVE-2012-5649 CVE-2012-5650 couchdb various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=895599
--------------------------------------------------------------------------------
================================================================================
moodle-1.9.19-5.el5 (FEDORA-EPEL-2013-0171)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2012-6098 and CVE-2012-6100.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #903264 - CVE-2012-6100 CVE-2012-6098 moodle various flaws [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=903264
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-3.1.3-1.el5 (FEDORA-EPEL-2013-0187)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s
and product images), Libav, Google Maps, UserEcho
https://trac.torproject.org/projects/tor/ticket/7931
https://trac.torproject.org/projects/tor/ticket/7888
https://trac.torproject.org/projects/tor/ticket/7594
https://trac.torproject.org/projects/tor/ticket/7539
https://trac.torproject.org/projects/tor/ticket/7698
Disable broken: Coursera, EBay, Etsy, OpenOffice,
Ping.fm, Pinterest :(
https://trac.torproject.org/projects/tor/ticket/7336
https://trac.torproject.org/projects/tor/ticket/7825
https://trac.torproject.org/projects/tor/ticket/7774
https://trac.torproject.org/projects/tor/ticket/7695
https://trac.torproject.org/projects/tor/ticket/7777
https://trac.torproject.org/projects/tor/ticket/7865
Update cert whitelist
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 21 2013 Russell Golden <niveusluna(a)niveusluna.org> - 3.1.3-1
- Internet Freedom Day stable bugfix release
- Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav,
Google Maps, UserEcho
https://trac.torproject.org/projects/tor/ticket/7931
https://trac.torproject.org/projects/tor/ticket/7888
https://trac.torproject.org/projects/tor/ticket/7594
https://trac.torproject.org/projects/tor/ticket/7539
https://trac.torproject.org/projects/tor/ticket/7698
- Disable broken: Coursera, EBay, Etsy, OpenOffice, Ping.fm, Pinterest :(
https://trac.torproject.org/projects/tor/ticket/7336
https://trac.torproject.org/projects/tor/ticket/7825
https://trac.torproject.org/projects/tor/ticket/7774
https://trac.torproject.org/projects/tor/ticket/7695
https://trac.torproject.org/projects/tor/ticket/7777
https://trac.torproject.org/projects/tor/ticket/7865
- Update cert whitelist
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-2.0.1-2.el5 (FEDORA-EPEL-2013-0183)
Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:
SE Linux fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 23 2013 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 2.0.1-2
- Additional selinux contexts
- Fix for python wrappers using swig 2.0.9
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-1.3.0-1.el5 (FEDORA-EPEL-2013-0179)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.0 which provides some bugs fix including one for the use of the
'all' keyword for the branch.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #887950 - packagedb-cli: silently fails to change ACLs
https://bugzilla.redhat.com/show_bug.cgi?id=887950
--------------------------------------------------------------------------------
================================================================================
ucarp-1.5.2-7.el5 (FEDORA-EPEL-2013-0196)
Common Address Redundancy Protocol (CARP) for Unix
--------------------------------------------------------------------------------
Update Information:
Remove MASTER from init script.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 23 2013 Jon Ciesla <limburgher(a)gmail.com> - 1.5.2-7
- Dropped MASTER from init, BZ 896576.
* Tue Dec 11 2012 Jon Ciesla <limburgher(a)gmail.com> - 1.5.2-6
- init fix from Alexander Bostrom, BZ 809421.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896576 - New init.d ucarp script wrong setting advskew=1 to all nodes if no
MASTER variable set.
https://bugzilla.redhat.com/show_bug.cgi?id=896576
--------------------------------------------------------------------------------
================================================================================
weechat-0.4.0-2.el5 (FEDORA-EPEL-2013-0191)
Portable, fast, light and extensible IRC client
--------------------------------------------------------------------------------
Update Information:
Reimplement enchant patch, with new support for spelling suggestions
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.4.0-2
- reimplement enchant support as a separate patch
- implement additional enchant support for displaying spelling suggestions
in weechat_aspell_get_suggestions(), which is a new function introduced by
upstream in 0.4.0
* Mon Jan 21 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.4.0-1
- update to upstream release 0.4.0
- add CMAKE options (DPREFIX and DLIBDIR) which negate the need to patch
- remove enchant patches to keep close to upstream
--------------------------------------------------------------------------------
================================================================================
whatsup-1.14-1.el5 (FEDORA-EPEL-2013-0184)
Node up/down detection utility
--------------------------------------------------------------------------------
Update Information:
New upstream version and fixes opensm linking problem.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 21 2013 David Brown <david.brown(a)pnnl.gov> - 1.14-1
- New upstream version of whatsup
- added libtool-ltdl-devel build deps
- added genders build deps and sub packages
* Mon Sep 10 2012 David Brown <david.brown(a)pnnl.gov> - 1.13-6
- get the damn macro right for postun
* Mon Sep 10 2012 David Brown <david.brown(a)pnnl.gov> - 1.13-5
- add systemd macros to post postun preun
--------------------------------------------------------------------------------
================================================================================
zabbix20-2.0.4-4.el5 (FEDORA-EPEL-2013-0195)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
zabbix20 packages the 2.0 series of Zabbix. EPEL policy only allows for bugfix releases,
avoiding breaking things. Hence this package came into existence.
Notice, there's no SSH support, due to the version of libssh2.
While updating an agent is straight forward, you'll have to run multiple database
schema upgrades when upgrading a server.
There are a number of changes compared to earlier packages, documented in
zabbix-fedora.README. If you're upgrading, you're strongly advised to go through
this document. Please don't hesitate to contact volker27(a)gmx.at if something is wrong,
hard to understand or missing there. You can file a bug as well, of course!
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #867159 - Review Request: zabbix20 - Open-source monitoring solution for your
IT infrastructure
https://bugzilla.redhat.com/show_bug.cgi?id=867159
--------------------------------------------------------------------------------