The following Fedora EPEL 5 Security updates need testing: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13670/bogofilter-1.... 228 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13530/pcp-3.6.10-1.... 122 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2... 54 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13152/cobbler-2.4.0... 51 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13182/ssmtp-2.61-19... 50 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13192/icecast-2.3.3... 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13612/drupal6-ctool...

The following builds have been pushed to Fedora EPEL 5 updates-testing

bogofilter-1.2.3-1.el5 facter-1.6.16-1.el5 opendkim-2.7.3-2.el5 perl-CDB_File-0.97-1.el5

Details about builds:

================================================================================ bogofilter-1.2.3-1.el5 (FEDORA-EPEL-2012-13670) Fast anti-spam filtering by Bayesian statistical analysis -------------------------------------------------------------------------------- Update Information:

updated to 1.2.3 (fixes #883358, CVE-2012-5468) -------------------------------------------------------------------------------- ChangeLog:

* Tue Dec 4 2012 Adrian Reber adrian@lisas.de - 1.2.3-1 - updated to 1.2.3 (fixes #883358, CVE-2012-5468) * Thu Jul 26 2012 Adrian Reber adrian@lisas.de - 1.2.2-5 - add new libdb4 include path to configure options * Wed Jul 18 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.2.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jan 12 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.2.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Feb 7 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #883358 - CVE-2012-5468 bogofilter: Heap-based buffer overflow by decoding invalid base64 code (that decodes to incomplete multibyte characters) https://bugzilla.redhat.com/show_bug.cgi?id=883358 --------------------------------------------------------------------------------

================================================================================ facter-1.6.16-1.el5 (FEDORA-EPEL-2012-13675) Command and ruby library for gathering system information -------------------------------------------------------------------------------- Update Information:

Update from upstream with fixes for edge cases around ec2 facts. Rebase to 1.6.15 and fix issue found in bz #871211

This is a rebase to the upstream of 1.6.15. This should be a backward compatible release with what is currently in Fedora/EPEL. The known issue of openstack/ec2 fact exception handling has been resolved in 1.6.15.

This commit also adds the .asc file back as it used by facter maintainers during package creation.

Moves facter to newest version. This is a fully compatible version from 1.6.6 which is in stable. It also has bug fixes and a few enhancements. Moves facter to newest version. This is a fully compatible version from 1.6.6 which is in stable. It also has bug fixes and a few enhancements. Rebase to 1.6.15 and fix issue found in bz #871211

This is a rebase to the upstream of 1.6.15. This should be a backward compatible release with what is currently in Fedora/EPEL. The known issue of openstack/ec2 fact exception handling has been resolved in 1.6.15.

This commit also adds the .asc file back as it used by facter maintainers during package creation.

Moves facter to newest version. This is a fully compatible version from 1.6.6 which is in stable. It also has bug fixes and a few enhancements. Moves facter to newest version. This is a fully compatible version from 1.6.6 which is in stable. It also has bug fixes and a few enhancements. -------------------------------------------------------------------------------- ChangeLog:

* Tue Dec 4 2012 Michael Stahnke stahnma@puppetlabs.com - 1.6.16-1 - Update to 1.6.16 * Wed Nov 28 2012 Michael Stahnke stahnma@puppetlabs.com - 1.6.15-1 - Rebase to 1.6.15 - Put asc file back as Source1 * Fri Nov 9 2012 Michael Stahnke stahnma@puppetlabs.com - 1.6.13-2 - Add patch for ec2 fix - Rebase to 1.6.14 via bz 871211 * Mon Oct 29 2012 Michael Stahnke stahnma@puppetlabs.com - 1.6.13-1 - Rebase to 1.6.13 * Thu Jul 19 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.6.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #871211 - Please update facter to the latest upstream (patch included) https://bugzilla.redhat.com/show_bug.cgi?id=871211 --------------------------------------------------------------------------------

================================================================================ opendkim-2.7.3-2.el5 (FEDORA-EPEL-2012-13677) A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail -------------------------------------------------------------------------------- Update Information:

Changed default permissions of /etc/opendkim/keys based on suggestion by Patrick at puzzled.xs4all.nl. Update to upstream release 2.7.3, which fixes the following bugs:

Log DB error string in dkimf_add_signrequest(), and fix a DSN handling error in dkimf_db_strerror(). Problem noted by Simone Caruso.

LIBOPENDKIM: Ignore entries in the oversign header field name list that are empty, and an oversign header field name list that is present but empty. Problem noted by Alec Peterson.

LIBOPENDKIM: Allow header field lists to be empty, flushing any that were previously defined. Problem noted by Alec Peterson.

BUILD: Improve tests for including <strl.h>. Based on a patch from Eray Aslan.

REPUTATION: Use lowercase for keywords in REPUTE query generation and handling.

STATS: Clean up a dead link in opendkim-genstats. Patch from Andreas Schulze. Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view Update to upstream release 2.7.3, which fixes the following bugs:

Log DB error string in dkimf_add_signrequest(), and fix a DSN handling error in dkimf_db_strerror(). Problem noted by Simone Caruso.

LIBOPENDKIM: Ignore entries in the oversign header field name list that are empty, and an oversign header field name list that is present but empty. Problem noted by Alec Peterson.

LIBOPENDKIM: Allow header field lists to be empty, flushing any that were previously defined. Problem noted by Alec Peterson.

BUILD: Improve tests for including <strl.h>. Based on a patch from Eray Aslan.

REPUTATION: Use lowercase for keywords in REPUTE query generation and handling.

STATS: Clean up a dead link in opendkim-genstats. Patch from Andreas Schulze. Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view Update to upstream release 2.7.3, which fixes the following bugs:

Log DB error string in dkimf_add_signrequest(), and fix a DSN handling error in dkimf_db_strerror(). Problem noted by Simone Caruso.

LIBOPENDKIM: Ignore entries in the oversign header field name list that are empty, and an oversign header field name list that is present but empty. Problem noted by Alec Peterson.

LIBOPENDKIM: Allow header field lists to be empty, flushing any that were previously defined. Problem noted by Alec Peterson.

BUILD: Improve tests for including <strl.h>. Based on a patch from Eray Aslan.

REPUTATION: Use lowercase for keywords in REPUTE query generation and handling.

STATS: Clean up a dead link in opendkim-genstats. Patch from Andreas Schulze. Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view Update to upstream release 2.7.3, which fixes the following bugs:

Log DB error string in dkimf_add_signrequest(), and fix a DSN handling error in dkimf_db_strerror(). Problem noted by Simone Caruso.

LIBOPENDKIM: Ignore entries in the oversign header field name list that are empty, and an oversign header field name list that is present but empty. Problem noted by Alec Peterson.

LIBOPENDKIM: Allow header field lists to be empty, flushing any that were previously defined. Problem noted by Alec Peterson.

BUILD: Improve tests for including <strl.h>. Based on a patch from Eray Aslan.

REPUTATION: Use lowercase for keywords in REPUTE query generation and handling.

STATS: Clean up a dead link in opendkim-genstats. Patch from Andreas Schulze. Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view Update to upstream release 2.7.3, which fixes the following bugs:

Log DB error string in dkimf_add_signrequest(), and fix a DSN handling error in dkimf_db_strerror(). Problem noted by Simone Caruso.

LIBOPENDKIM: Ignore entries in the oversign header field name list that are empty, and an oversign header field name list that is present but empty. Problem noted by Alec Peterson.

LIBOPENDKIM: Allow header field lists to be empty, flushing any that were previously defined. Problem noted by Alec Peterson.

BUILD: Improve tests for including <strl.h>. Based on a patch from Eray Aslan.

REPUTATION: Use lowercase for keywords in REPUTE query generation and handling.

STATS: Clean up a dead link in opendkim-genstats. Patch from Andreas Schulze. Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view Updating to newer 2.7.2 source.

Source release notes available here:

http://sourceforge.net/projects/opendkim/files/RELEASE_NOTES/view -------------------------------------------------------------------------------- ChangeLog:

* Tue Dec 4 2012 Steve Jenkins <steve stevejenkins com> 2.7.3-2 - Set /etc/opendkim/keys default permissions to 750 (Thanks patrick at puzzled.xs4al.nl) * Thu Nov 29 2012 Steve Jenkins <steve stevejenkins com> 2.7.3-1 - Updated to use newer upstream 2.7.3 source code * Mon Nov 19 2012 Steve Jenkins <steve stevejenkins com> 2.7.2-1 - Updated to use newer upstream 2.7.2 source code --------------------------------------------------------------------------------

================================================================================ perl-CDB_File-0.97-1.el5 (FEDORA-EPEL-2012-13673) Perl extension for access to cdb databases -------------------------------------------------------------------------------- Update Information:

upgrade to 0.97 -------------------------------------------------------------------------------- ChangeLog:

* Wed Dec 5 2012 Mark McKinstry mmckinst@nexcess.net - 0.97-1 - upgrade to 0.97 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #882869 - perl-CDB_File-0.97 is available https://bugzilla.redhat.com/show_bug.cgi?id=882869 --------------------------------------------------------------------------------