[EPEL-devel] Fedora EPEL 5 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Oct 17 17:42:15 UTC 2014
The following Fedora EPEL 5 Security updates need testing:
Age URL
908 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
362 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
127 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5
23 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1.2.4p5-1.el5
22 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki119-1.19.18-1.el5
12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3114/mksh-50c-1.el5
7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3206/phpMyAdmin4-4.0.10.4-1.el5
3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3333/catdoc-0.94.2-10.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3455/drupal7-7.32-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal7-7.32-1.el5
gccxml-0.9.0-0.25.20140718.gitab651a2.el5
mozilla-https-everywhere-4.0.2-1.el5
perl-Spreadsheet-XLSX-0.13-8.el5
php53-mapi-7.1.11-1.el5
salt-2014.1.13-1.el5
zarafa-7.1.11-1.el5
Details about builds:
================================================================================
drupal7-7.32-1.el5 (FEDORA-EPEL-2014-3455)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3407
Update to upstream 7.31 release for SA-CORE-2014-004
This is a bugfix release. For complete details refer to: https://www.drupal.org/drupal-7.30-release-notes
Fixes SA-CORE-2014-003. For details refer to: https://www.drupal.org/drupal-7.29-release-notes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2014 Jared Smith <jsmith at fedoraproject.org> - 7.32-1
- Update to upstream 7.32 security release for SA-CORE-2014-005
* Thu Aug 7 2014 Jared Smith <jsmith at fedoraproject.org> - 7.31-1
- Update to upstream 7.31 release for SA-CORE-2014-004
* Mon Jul 28 2014 Paul W. Frields <stickster at gmail.com> - 7.30-1
- 7.30
* Wed Jul 16 2014 Paul W. Frields <stickster at gmail.com> - 7.29-1
- 7.29, SA-CORE-2014-003
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.28-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1120641 - CVE-2014-5019 CVE-2014-5020 CVE-2014-5021 CVE-2014-5022 drupal7: multiple vulnerabilities (SA-CORE-2014-003)
https://bugzilla.redhat.com/show_bug.cgi?id=1120641
[ 2 ] Bug #1127538 - CVE-2014-5265 CVE-2014-5266 CVE-2014-5267 drupal: denial of service issue (SA-CORE-2014-004)
https://bugzilla.redhat.com/show_bug.cgi?id=1127538
[ 3 ] Bug #1153402 - CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005)
https://bugzilla.redhat.com/show_bug.cgi?id=1153402
--------------------------------------------------------------------------------
================================================================================
gccxml-0.9.0-0.25.20140718.gitab651a2.el5 (FEDORA-EPEL-2014-3435)
XML output extension to GCC
--------------------------------------------------------------------------------
Update Information:
Synch with upstream - improved gcc 4.9 support files.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 0.9.0-0.25.20140718.gitab651a2
- Updated git snapshot with updated gcc 4.9 support files
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.0-0.24.20140610.gita012b8fe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-4.0.2-1.el5 (FEDORA-EPEL-2014-3446)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
- Disable SSL 3 to Prevent POODLE attack:
-- https://github.com/EFForg/https-everywhere/pull/674
- NEW: HTTP Nowhere mode. Block all plaintext http
- Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn,
Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix,
net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung,
Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook,
F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie,
localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub,
Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal
Institute of GB, Wall Street Journal
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2014 Russell Golden <niveusluna at niveusluna.org> - 4.0.2-1
- Disable SSL 3 to Prevent POODLE attack:
-- https://github.com/EFForg/https-everywhere/pull/674
- NEW: HTTP Nowhere mode. Block all plaintext http
- Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn,
Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix,
net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung,
Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook,
F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie,
localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub,
Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal
Institute of GB, Wall Street Journal
--------------------------------------------------------------------------------
================================================================================
perl-Spreadsheet-XLSX-0.13-8.el5 (FEDORA-EPEL-2014-3407)
Perl extension for reading Microsoft Excel 2007 files
--------------------------------------------------------------------------------
Update Information:
Value "0" parsed as empty string when value is part of shared string table
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 14 2014 Robert Scheck <robert at fedoraproject.org> 0.13-8
- Modified existing patch to parse value "0" correct (#1152739)
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.13-7
- Perl 5.20 rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.13-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.13-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 31 2013 Petr Pisar <ppisar at redhat.com> - 0.13-4
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1152739 - value "0" parsed as empty string when value is part of shared string table
https://bugzilla.redhat.com/show_bug.cgi?id=1152739
--------------------------------------------------------------------------------
================================================================================
php53-mapi-7.1.11-1.el5 (FEDORA-EPEL-2014-3431)
The PHP MAPI extension by Zarafa
--------------------------------------------------------------------------------
Update Information:
Zarafa Collaboration Platform 7.1.11 final R1 [46050]
=====================================================
General
-------
This R1 release of the 7.1.11 final release addresses the WebAccess install problem on RPM-based systems and resolves the dependencies problems under Ubuntu 14.04.
Backend
-------
* ZCP-12472: zarafa-search crashes on ubuntu 14.0.4 LTS
* ZCP-12405: zarafa-search do not start on Ubuntu 14.04
* ZCP-12581: config files are being saved as config.cfg.dpkg-new on ubuntu 14.04
* ZCP-12570: install.sh for Ubuntu 14.04
* ZCP-12582: installing webaccess on rhel based systems result in scriptlet failed, exit status 1
Zarafa Collaboration Platform 7.1.11 final [45875]
==================================================
General
-------
This release brings a few new features while maintaining stability. With this release we address a few segfaults in zarafa-search to match this final release.
Backend
-------
* ZCP-11809: zarafa-gateway is unable to create RTF text stream
* ZCP-11862: zarafa-backup zarafa-restore breaks textfiles
* ZCP-11934: Enhance MariaDB support by modifying sql_mode
* ZCP-12012: zarafa-server segfaults when running zarafa-stats --system
* ZCP-12097: Disposition-Notification-To double colons in middle of line. dagent crashes
* ZCP-12110: Segfault zarafa-server 7.1.8 R1
* ZCP-12127: Support for Apache 2.4
* ZCP-12134: Randomly lost e-mail attachments in e-mails
* ZCP-12266: [BIG5] Customer requires an option to set the default character encoding of incoming mail when no encoding is set.
* ZCP-12269: public folder shows MAPI_E_STORE_FULL when creating new element
* ZCP-12272: WebAccess: .htaccess is not marked as a configuration file in rpm
* ZCP-12436: jpegPhoto included twice in ldap.propmap.cfg
* ZCP-12500: Zarafa stores rfc enforced linebreaks as actual line breaks
* ZCP-12511: zarafa-gateway is unable to create RTF text stream
* ZCP-12537: ical issue when password contains a colon
* ZCP-12547: As a hoster I need a way to reduce the performance impact on LDAP caused by zarafa-licensed.
* ZCP-12563: Create configuration setting to indicate if folder owners automatically get full access rights or not
* ZCP-12548: zarafa-search segfault
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2014 Robert Scheck <robert at fedoraproject.org> 7.1.11-1
- Upgrade to 7.1.11 (#1139442)
- Removed bundled PHP PEAR files/libraries
- Added patch to allow mitigation of SSLv3/POODLE vulnerability
- Added patch to implement ECDHE support (depending on OpenSSL)
- Added patch to allow plaintext authentication from 127.0.0.1
* Tue Aug 26 2014 David Tardon <dtardon at redhat.com> - 7.1.10-5
- rebuild for ICU 53.1
--------------------------------------------------------------------------------
================================================================================
salt-2014.1.13-1.el5 (FEDORA-EPEL-2014-3417)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 2014.1.13
Update to bugfix release 2014.1.11
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2014 Erik Johnson <erik at saltstack.com> - 2014.1.13-1
- Update to bugfix release 2014.1.13
* Mon Sep 29 2014 Erik Johnson <erik at saltstack.com> - 2014.1.11-1
- Update to bugfix release 2014.1.11
--------------------------------------------------------------------------------
================================================================================
zarafa-7.1.11-1.el5 (FEDORA-EPEL-2014-3431)
Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:
Zarafa Collaboration Platform 7.1.11 final R1 [46050]
=====================================================
General
-------
This R1 release of the 7.1.11 final release addresses the WebAccess install problem on RPM-based systems and resolves the dependencies problems under Ubuntu 14.04.
Backend
-------
* ZCP-12472: zarafa-search crashes on ubuntu 14.0.4 LTS
* ZCP-12405: zarafa-search do not start on Ubuntu 14.04
* ZCP-12581: config files are being saved as config.cfg.dpkg-new on ubuntu 14.04
* ZCP-12570: install.sh for Ubuntu 14.04
* ZCP-12582: installing webaccess on rhel based systems result in scriptlet failed, exit status 1
Zarafa Collaboration Platform 7.1.11 final [45875]
==================================================
General
-------
This release brings a few new features while maintaining stability. With this release we address a few segfaults in zarafa-search to match this final release.
Backend
-------
* ZCP-11809: zarafa-gateway is unable to create RTF text stream
* ZCP-11862: zarafa-backup zarafa-restore breaks textfiles
* ZCP-11934: Enhance MariaDB support by modifying sql_mode
* ZCP-12012: zarafa-server segfaults when running zarafa-stats --system
* ZCP-12097: Disposition-Notification-To double colons in middle of line. dagent crashes
* ZCP-12110: Segfault zarafa-server 7.1.8 R1
* ZCP-12127: Support for Apache 2.4
* ZCP-12134: Randomly lost e-mail attachments in e-mails
* ZCP-12266: [BIG5] Customer requires an option to set the default character encoding of incoming mail when no encoding is set.
* ZCP-12269: public folder shows MAPI_E_STORE_FULL when creating new element
* ZCP-12272: WebAccess: .htaccess is not marked as a configuration file in rpm
* ZCP-12436: jpegPhoto included twice in ldap.propmap.cfg
* ZCP-12500: Zarafa stores rfc enforced linebreaks as actual line breaks
* ZCP-12511: zarafa-gateway is unable to create RTF text stream
* ZCP-12537: ical issue when password contains a colon
* ZCP-12547: As a hoster I need a way to reduce the performance impact on LDAP caused by zarafa-licensed.
* ZCP-12563: Create configuration setting to indicate if folder owners automatically get full access rights or not
* ZCP-12548: zarafa-search segfault
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2014 Robert Scheck <robert at fedoraproject.org> 7.1.11-1
- Upgrade to 7.1.11 (#1139442)
- Removed bundled PHP PEAR files/libraries
- Added patch to allow mitigation of SSLv3/POODLE vulnerability
- Added patch to implement ECDHE support (depending on OpenSSL)
- Added patch to allow plaintext authentication from 127.0.0.1
* Tue Aug 26 2014 David Tardon <dtardon at redhat.com> - 7.1.10-5
- rebuild for ICU 53.1
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list