[EPEL-devel] Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Tue Oct 28 11:07:00 UTC 2014 

The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 919  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
 373  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
 138  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5
  34  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1.2.4p5-1.el5
  33  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki119-1.19.18-1.el5
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3455/drupal7-7.32-1.el5
   5  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3549/rubygem-actionpack-2.3.18-1.el5,rubygem-activerecord-2.3.18-1.el5,rubygem-activesupport-2.3.18-1.el5
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3554/rubygem-rails-2.3.18-1.el5,rubygem-actionmailer-2.3.18-1.el5,rubygem-activeresource-2.3.18-1.el5
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3570/tor-0.2.4.25-1.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3651/phpMyAdmin4-4.0.10.5-1.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3675/Pound-2.6-2.el5.2


The following builds have been pushed to Fedora EPEL 5 updates-testing

    Pound-2.6-2.el5.2
    jupp-28-1.el5
    munin-2.0.24-1.el5
    phpMyAdmin4-4.0.10.5-1.el5
    ssdeep-2.12-1.el5
    zabbix22-2.2.7-1.el5

Details about builds:


================================================================================
 Pound-2.6-2.el5.2 (FEDORA-EPEL-2014-3675)
 Reverse proxy and load balancer
--------------------------------------------------------------------------------
Update Information:

This is a rebase to 2.6 with a couple of fixes applied to address security fixes.
Note they usually are extra options that need
to be enabled manually so that we won't break functionality:
- CVE-2011-3389: Make it possible to deny use of "BEAST" vulnerable ciphers
- CVE-2012-4929: Disable compression to be safe from "CRIME"
- CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
- CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from "POODLE"
- A redirect XSS fix
Backporting the fixes to 2.4 looked like a difficult task.
Please test thoroughly and downkarma the update if it is unacceptable for you.
--------------------------------------------------------------------------------


================================================================================
 jupp-28-1.el5 (FEDORA-EPEL-2014-3573)
 Compact and feature-rich WordStar-compatible editor
--------------------------------------------------------------------------------
Update Information:

Changes for jupp 28
===================

  * Mention in comments that when enabling the -backpath option, its argument must not be quoted, nor followed by a comment; issue found by R. Hubbell
  * Some mostly harmless code cleanup; fix speeds[] array access/sizing; reported by dcb (LP#1348559, LP#1348614)
  * Fix size_t mixup
  * Introduce ^KF (jupprc): compile and download NXC program to NXT brick, for Freedroidz, a project of Teckids e.V. sponsored by tarent solutions GmbH
  * Better const-cleanliness of code
  * Quell New File message for scratch buffers
  * Fix URI in ChangeLog file
  * Actually build with LFS on GNU/Linux
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2014 Robert Scheck <robert at fedoraproject.org> 28-1
- Upgrade to 28
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 27-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 munin-2.0.24-1.el5 (FEDORA-EPEL-2014-3657)
 Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:

Upstream released 2.0.24
Upstream released 2.0.23
--------------------------------------------------------------------------------
ChangeLog:

* Sun Oct 26 2014 "D. Johnson" <fenris02 at fedoraproject.org> - 2.0.24-1
- Upstream released 2.0.24
* Sat Oct 18 2014 "D. Johnson" <fenris02 at fedoraproject.org> - 2.0.23-1
- Upstream released 2.0.23
* Fri Oct 17 2014 "D. Johnson" <fenris02 at fedoraproject.org> - 2.0.22-1
- Upstream released 2.0.22
* Tue Oct  7 2014 "D. Johnson" <fenris02 at fedoraproject.org> - 2.0.21-8
- BZ# 1149948 - munin-async pid file in /var/run rather than /var/run/munin
* Mon Sep 15 2014 Petr Pisar <ppisar at redhat.com> - 2.0.21-6
- Build against perl 5.20
* Sun Sep 14 2014 "D. Johnson" <fenris02 at fedoraproject.org> - 2.0.21-6
- Add amavis plugin config defaults
* Sun Sep  7 2014 "D. Johnson" <fenris02 at fedoraproject.org> - 2.0.21-5
- BZ# 1114857 - munin-2.0.21-2.fc21 FTBFS: No Package found for java-1.7.0-devel
- re-merge earlier commit for epel7
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik at redhat.com> - 2.0.21-4
- Perl 5.20 rebuild
* Fri Aug  1 2014 "D. Johnson" <fenris02 at fedoraproject.org> - 2.0.21-3
- Default to a localhost name to prevent munin-node from complaining
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Apr 28 2014 Lubomir Rintel <lkundrak at v3.sk> - 2.0.21-1.1
- mx4j is not a build time dependency
- RHEL 7 Actually uses systemd too
- No Net::CIDR in el7
- No Cache::Memcached in el7
- Carp::Always is not actually required
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1114857 - munin-2.0.21-2.fc21 FTBFS: No Package found for java-1.7.0-devel
        https://bugzilla.redhat.com/show_bug.cgi?id=1114857
  [ 2 ] Bug #1149948 - munin-async pid file in /var/run rather than /var/run/munin
        https://bugzilla.redhat.com/show_bug.cgi?id=1149948
--------------------------------------------------------------------------------


================================================================================
 phpMyAdmin4-4.0.10.5-1.el5 (FEDORA-EPEL-2014-3651)
 Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:

phpMyAdmin 4.0.10.5 (2014-10-21)
================================

  - [security] XSS in debug SQL output
  - [security] XSS in monitor query analyzer
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2014 Robert Scheck <robert at fedoraproject.org> 4.0.10.5-1
- Upgrade to 4.0.10.5 (#1155362)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1155362 - CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12)
        https://bugzilla.redhat.com/show_bug.cgi?id=1155362
--------------------------------------------------------------------------------


================================================================================
 ssdeep-2.12-1.el5 (FEDORA-EPEL-2014-3611)
 Compute context triggered piecewise hashes
--------------------------------------------------------------------------------
Update Information:

* Fixed issue when comparing identical hashes but with different block sizes.

--------------------------------------------------------------------------------
ChangeLog:

* Sun Oct 26 2014 Remi Collet <remi at fedoraproject.org> - 2.12-1
- update to 2.12
- fix license handling
--------------------------------------------------------------------------------


================================================================================
 zabbix22-2.2.7-1.el5 (FEDORA-EPEL-2014-3599)
 Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:

http://www.zabbix.com/rn2.2.7.php
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 25 2014 Volker Fröhlich <volker27 at gmx.at> - 2.2.7-1
- New upstream release
* Wed Aug 27 2014 Volker Fröhlich <volker27 at gmx.at> - 2.2.6-1
- New upstream release
- Use the upstream tarball, now that non-free json was replaced with android-json
--------------------------------------------------------------------------------

More information about the epel-devel mailing list