EPEL Fedora 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Wed Apr 9 05:27:47 UTC 2014 

The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 717  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
 171  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
  51  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1.el5
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0984/munin-2.0.20-1.el5
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0988/libyaml-0.1.2-7.el5
   6  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1041/mod_security-2.6.8-5.el5
   5  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1047/check-mk-1.2.4p1-1.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1074/cacti-0.8.8b-5.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    cacti-0.8.8b-5.el5
    srm-ifce-1.19.0-1.el5

Details about builds:


================================================================================
 cacti-0.8.8b-5.el5 (FEDORA-EPEL-2014-1074)
 An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:

Patches for four CVEs. This update fixes SQL injection, shell escaping issues, a stored XSS attack, and use of exec-like function calls without safety checks allowing arbitrary command execution.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr  7 2014 Ken Dreyer <ktdreyer at ktdreyer.com> - 0.8.8b-5
- Patch for CVE-2014-2708 SQL injection issues in graph_xport.php
  (RHBZ #1084258)
- Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
  (RHBZ #1084258)
- Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122)
- Patch for CVE-2014-2328 use of exec-like function calls without safety
  checks allow arbitrary command execution (RHBZ #1082122)
* Fri Feb  7 2014 Ken Dreyer <ktdreyer at ktdreyer.com> - 0.8.8b-4
- Move cron to a separate file and require crontabs (RHBZ #947047). Thanks
  Jóhann B. Guðmundsson.
- Update for systemd (RHBZ #947047). Thanks Jóhann B. Guðmundsson.
- Fix rpmlint warning about spaces-to-tabs
* Wed Sep  4 2013 Ken Dreyer <ktdreyer at ktdreyer.com> - 0.8.8b-3
- Fix comments in thumbnails (BZ #1004550)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1084258 - CVE-2014-2708 CVE-2014-2709 cacti: command injection issues fixed in bug#0002405
        https://bugzilla.redhat.com/show_bug.cgi?id=1084258
  [ 2 ] Bug #1082122 - CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 cacti: multiple flaws reported by Deutsche Telekom
        https://bugzilla.redhat.com/show_bug.cgi?id=1082122
--------------------------------------------------------------------------------


================================================================================
 srm-ifce-1.19.0-1.el5 (FEDORA-EPEL-2014-1092)
 SRM client side library
--------------------------------------------------------------------------------
Update Information:

Update for upstream release 1.19.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr  7 2014 Alejandro Alvarez <aalvarez at cern.ch> - 1.19.0-1
- Release srm-ifce 1.19.0
* Thu Oct 17 2013 Adrien Devresse <adevress at cern.ch> - 1.18.0-2
- Rebuilt for gsoap++
--------------------------------------------------------------------------------

More information about the epel-devel mailing list