The following Fedora EPEL 5 Security updates need testing:
Age URL
963
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
417
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
182
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
36
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2....
31
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4408/libyaml-0.1...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4402/antiword-0....
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4403/pkcs11-help...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4430/phpMyAdmin4...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4441/icecast-2.4...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4475/pwgen-2.07-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4527/xrdp-0.6.1-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4520/firebird-2....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4620/pywebdav-0....
The following builds have been pushed to Fedora EPEL 5 updates-testing
cmake-fedora-2.3.4-1.el5
davix-0.4.0-1.el5
firebird-2.1.5.18496.0-5.el5
gfal2-2.7.8-2.el5
perl-Getopt-GUI-Long-0.91-8.el5
perl-QWizard-3.15-10.el5
perl-Text-Unidecode-1.23-1.el5
pywebdav-0.9.4.1-1.el5
srcpd-2.1.2-6.el5
xrdp-0.6.1-1.el5
Details about builds:
================================================================================
cmake-fedora-2.3.4-1.el5 (FEDORA-EPEL-2014-4567)
CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:
- Fixed RHBZ 1144906 - cmake-fedora failed to build target pot_files if the .pot file not
exists.
- ManageDependency: Now able to assign multiple PKG_CONFIG files.
- ManageGConf: Added "Variables to cache".
- cmake-fedora.conf: el7 and fc21 is now available in bodhi.
- ManageRPMScript: Fixed the mo file handling.
- ManageZanata: Use /usr/share/locale as SYSTEM_LOCALE source instead.
- Fixed RHBZ 1144906 - cmake-fedora failed to build target pot_files if the .pot file not
exists.
- ManageDependency: var_CFLAGS and var_LIBS are also cached.
- ManageDependency: var_INCLUDEDIR also includes directories from var_CFLAGS.
- ManageGConf: Added "Variables to cache".
- cmake-fedora.conf: el7 and fc21 is now available in bodhi.
- Fixed RHBZ 1144906 - cmake-fedora failed to build target pot_files if the .pot file not
exists.
- ManageDependency: var_CFLAGS and var_LIBS are also cached.
- ManageDependency: var_INCLUDEDIR also includes directories from var_CFLAGS.
- ManageGConf: Added "Variables to cache".
- cmake-fedora.conf: el7 and fc21 is now available in bodhi.
- Fixed RHBZ 1144906 - cmake-fedora failed to build target pot_files if the .pot file not
exists.
- ManageDependency: var_CFLAGS and var_LIBS are also cached.
- ManageDependency: var_INCLUDEDIR also includes directories from var_CFLAGS.
- ManageGConf: Added "Variables to cache".
- cmake-fedora.conf: el7 and fc21 is now available in bodhi.
- Fixed RHBZ 1144906 - cmake-fedora failed to build target pot_files if the .pot file not
exists.
- ManageDependency: var_CFLAGS and var_LIBS are also cached.
- ManageDependency: var_INCLUDEDIR also includes directories from var_CFLAGS.
- ManageGConf: Added "Variables to cache".
- cmake-fedora.conf: el7 and fc21 is now available in bodhi.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2014 Ding-Yi Chen <dchen at redhat.com> - 2.3.4-1
- Fixed RHBZ 1144906 - cmake-fedora failed to build target pot_files if the .pot file not
exists.
- ManageDependency: Now able to assign multiple PKG_CONFIG files.
- ManageGConf: Added "Variables to cache".
- cmake-fedora.conf: el7 and fc21 is now available in bodhi.
- ManageRPMScript: Fixed the mo file handling.
- ManageZanata: Use /usr/share/locale as SYSTEM_LOCALE source instead.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1144906 - cmake-fedora failed to build target pot_files if the .pot file not
exists
https://bugzilla.redhat.com/show_bug.cgi?id=1144906
--------------------------------------------------------------------------------
================================================================================
davix-0.4.0-1.el5 (FEDORA-EPEL-2014-4614)
Toolkit for Http-based file management
--------------------------------------------------------------------------------
Update Information:
davix 0.4.0 release, see RELEASE-NOTES for changes
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2014 Adrien Devresse <adevress at cern.ch> - 0.4.0-1
- davix 0.4.0 release, see RELEASE-NOTES for changes
--------------------------------------------------------------------------------
================================================================================
firebird-2.1.5.18496.0-5.el5 (FEDORA-EPEL-2014-4520)
SQL relational database management system
--------------------------------------------------------------------------------
Update Information:
These updates fix the recently discovered security vulnerability (CORE-4630) that may be
used for a remote DoS attack performed by unauthorized users
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 7 2014 Philippe Makowski <makowski(a)fedoraproject.org> 2.1.5.18496.0-5
- security fix firebird CORE-4630
--------------------------------------------------------------------------------
================================================================================
gfal2-2.7.8-2.el5 (FEDORA-EPEL-2014-4628)
Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
Patching a bug in a call to gfal2_set_error that causes a segfault.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 2.7.8-2
- Patched a bug in a call to gfal2_set_error
--------------------------------------------------------------------------------
================================================================================
perl-Getopt-GUI-Long-0.91-8.el5 (FEDORA-EPEL-2014-4580)
A wrapper around Getopt::Long to provide a GUI to applications
--------------------------------------------------------------------------------
Update Information:
updated to remove Gtk2 from the requirements
rebuild
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 8 2014 Wes Hardaker <wjhns174(a)hardakers.net> - 0.91-8
- rebuild
* Fri Jan 3 2014 Wes Hardaker <wjhns174(a)hardakers.net> - 0.91-7
- rebuild
* Mon Nov 7 2011 Wes Hardaker <wjhns174(a)hardakers.net> - 0.91-6
- change requirement from DNE gtk2 to tk
--------------------------------------------------------------------------------
================================================================================
perl-QWizard-3.15-10.el5 (FEDORA-EPEL-2014-4572)
A very portable graphical question and answer wizard system
--------------------------------------------------------------------------------
Update Information:
removed gtk2 dependency
rebuild
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 8 2014 Wes Hardaker <wjhns174(a)hardakers.net> - 3.15-10
- rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Text-Unidecode-1.23-1.el5 (FEDORA-EPEL-2014-4568)
US-ASCII transliterations of Unicode text
--------------------------------------------------------------------------------
Update Information:
This update fixes UTF-16 decoding issues.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1172632 - perl-Text-Unidecode-1.23 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1172632
--------------------------------------------------------------------------------
================================================================================
pywebdav-0.9.4.1-1.el5 (FEDORA-EPEL-2014-4620)
WebDAV library
--------------------------------------------------------------------------------
Update Information:
updated to 0.9.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Dan Horák <dan[at]danny.cz> 0.9.4.1-1
- update to 0.9.4.1
* Mon Nov 29 2010 Dan Horák <dan[at]danny.cz> 0.9.4-1
- update to 0.9.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #679339 - CVE-2011-0432 pywebdav: SQL injection due improper escaping of user
credentials [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=679339
--------------------------------------------------------------------------------
================================================================================
srcpd-2.1.2-6.el5 (FEDORA-EPEL-2014-4513)
Simple Railroad Command Protocol (SRCP) server
--------------------------------------------------------------------------------
Update Information:
srcpd: conditional build for ddls88 plugin
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 6 2014 Denis Fateyev <denis(a)fateyev.com> - 2.1.2-6
- Conditional build for ddls88 plugin
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.1.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1124952 - srcpd must be ported or blacklisted for AArch64.
https://bugzilla.redhat.com/show_bug.cgi?id=1124952
--------------------------------------------------------------------------------
================================================================================
xrdp-0.6.1-1.el5 (FEDORA-EPEL-2014-4527)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
Close a security vulnerability in 0.5.0 and update to a known working release, 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2014 Bojan Smojver <bojan(a)rexursive.com> - 0.6.1-1
- try a bump to official 0.6.1
- provide format for syslog() call
- fix memset() call
- fix implicit declarations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #782621 - xrdp: predictable temporary files may lead to arbitrary file
overwrite [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=782621
--------------------------------------------------------------------------------