The following Fedora EPEL 5 Security updates need testing: Age URL 935 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 389 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 153 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-... 49 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1.2.4... 48 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki119-1... 21 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3549/rubygem-action... 20 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3554/rubygem-rails-... 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3675/Pound-2.6-2.el... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2.17-... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3972/nginx-0.8.55-6... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3983/polarssl-1.3.2...

The following builds have been pushed to Fedora EPEL 5 updates-testing

nginx-0.8.55-6.el5 polarssl-1.3.2-3.el5

Details about builds:

================================================================================ nginx-0.8.55-6.el5 (FEDORA-EPEL-2014-3972) Robust, small and high performance HTTP and reverse proxy server -------------------------------------------------------------------------------- Update Information:

fix CVE-2013-4547 security bypass due to whitespace parsing -------------------------------------------------------------------------------- ChangeLog:

* Tue Nov 11 2014 Jamie Nguyen jamielinux@fedoraproject.org - 0.8.55-6 - fix CVE-2013-4547 security bypass due to whitespace parsing (#1032266, #1032269) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1032266 - CVE-2013-4547 nginx: security restriction bypass flaw due to whitespace parsing https://bugzilla.redhat.com/show_bug.cgi?id=1032266 --------------------------------------------------------------------------------

================================================================================ polarssl-1.3.2-3.el5 (FEDORA-EPEL-2014-3983) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information:

- Fix for CVE-2014-8628 (#1159845) -------------------------------------------------------------------------------- ChangeLog:

* Wed Nov 12 2014 Morten Stevens mstevens@imt-systems.com - 1.3.2-3 - CVE-2014-8628 (#1159845) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1159845 - CVE-2014-8627 CVE-2014-8628 polarssl: various issues fixed in 1.3.9 https://bugzilla.redhat.com/show_bug.cgi?id=1159845 --------------------------------------------------------------------------------