The following Fedora EPEL 5 Security updates need testing:
Age URL
697
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893
libguestfs-1.20.12-1.el5
462
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5
311
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849
sblim-sfcb-1.3.8-2.el5
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8101
wordpress-4.3.1-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
dar-2.4.18-1.el5
davix-0.5.0-1.el5
wordpress-4.3.1-1.el5
Details about builds:
================================================================================
dar-2.4.18-1.el5 (FEDORA-EPEL-2015-8097)
Software for making/restoring incremental CD/DVD backups
--------------------------------------------------------------------------------
Update Information:
New upstream version dar-2.4.18-1.fc23 - New upstream version
dar-2.4.18-1.el7 - new upstream version dar-2.4.18-1.el6 - new upstream
version dar-2.4.18-1.el5 - new upstream version dar-2.4.18-1.fc22 - New
upstream version dar-2.4.18-1.fc21 - new upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1258281 - dar-2.4.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1258281
--------------------------------------------------------------------------------
================================================================================
davix-0.5.0-1.el5 (FEDORA-EPEL-2015-8083)
Toolkit for Http-based file management
--------------------------------------------------------------------------------
Update Information:
Update to davix 0.5.0, see release note for details
--------------------------------------------------------------------------------
================================================================================
wordpress-4.3.1-1.el5 (FEDORA-EPEL-2015-8101)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.3.1 Security and Maintenance Release** [Upstream
announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress
4.3.1 is now available. This is a security release for all previous versions and
we strongly encourage you to update your sites immediately. This release
addresses three issues, including two cross-site scripting vulnerabilities and a
potential privilege escalation. * WordPress versions 4.3 and earlier are
vulnerable to a cross-site scripting vulnerability when processing shortcode
tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *
A separate cross-site scripting vulnerability was found in the user list table.
Reported by Ben Bidner of the WordPress security team. * Finally, in certain
cases, users without proper permissions could publish private posts and make
them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check
Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see
the [release
notes](https://codex.wordpress.org/Version_4.3.1) or consult the
[list of
changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st
op_rev=33647).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue
fixed in wordpress 4.3.1
https://bugzilla.redhat.com/show_bug.cgi?id=1263657
--------------------------------------------------------------------------------