EPEL Fedora 5 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Apr 9 05:27:47 UTC 2014
The following Fedora EPEL 5 Security updates need testing:
Age URL
717 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
171 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
51 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1.el5
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0984/munin-2.0.20-1.el5
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0988/libyaml-0.1.2-7.el5
6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1041/mod_security-2.6.8-5.el5
5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1047/check-mk-1.2.4p1-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1074/cacti-0.8.8b-5.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
cacti-0.8.8b-5.el5
srm-ifce-1.19.0-1.el5
Details about builds:
================================================================================
cacti-0.8.8b-5.el5 (FEDORA-EPEL-2014-1074)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
Patches for four CVEs. This update fixes SQL injection, shell escaping issues, a stored XSS attack, and use of exec-like function calls without safety checks allowing arbitrary command execution.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 7 2014 Ken Dreyer <ktdreyer at ktdreyer.com> - 0.8.8b-5
- Patch for CVE-2014-2708 SQL injection issues in graph_xport.php
(RHBZ #1084258)
- Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
(RHBZ #1084258)
- Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122)
- Patch for CVE-2014-2328 use of exec-like function calls without safety
checks allow arbitrary command execution (RHBZ #1082122)
* Fri Feb 7 2014 Ken Dreyer <ktdreyer at ktdreyer.com> - 0.8.8b-4
- Move cron to a separate file and require crontabs (RHBZ #947047). Thanks
Jóhann B. Guðmundsson.
- Update for systemd (RHBZ #947047). Thanks Jóhann B. Guðmundsson.
- Fix rpmlint warning about spaces-to-tabs
* Wed Sep 4 2013 Ken Dreyer <ktdreyer at ktdreyer.com> - 0.8.8b-3
- Fix comments in thumbnails (BZ #1004550)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1084258 - CVE-2014-2708 CVE-2014-2709 cacti: command injection issues fixed in bug#0002405
https://bugzilla.redhat.com/show_bug.cgi?id=1084258
[ 2 ] Bug #1082122 - CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 cacti: multiple flaws reported by Deutsche Telekom
https://bugzilla.redhat.com/show_bug.cgi?id=1082122
--------------------------------------------------------------------------------
================================================================================
srm-ifce-1.19.0-1.el5 (FEDORA-EPEL-2014-1092)
SRM client side library
--------------------------------------------------------------------------------
Update Information:
Update for upstream release 1.19.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 7 2014 Alejandro Alvarez <aalvarez at cern.ch> - 1.19.0-1
- Release srm-ifce 1.19.0
* Thu Oct 17 2013 Adrien Devresse <adevress at cern.ch> - 1.18.0-2
- Rebuilt for gsoap++
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list