[EPEL-devel] Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sat Apr 25 23:52:46 UTC 2015 

The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 1099  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
 553  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
 318  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5
 167  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3.8-2.el5
  13  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5758/tor-0.2.4.27-1.el5
  13  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5694/zarafa-7.1.12-1.el5,php53-mapi-7.1.12-1.el5
   8  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5821/cherokee-1.2.103-6.el5
   5  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5894/mksh-50f-1.el5
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5952/pdns-recursor-3.6.3-1.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5975/jasper-1.900.1-15.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5953/wordpress-4.1.3-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    jasper-1.900.1-15.el5
    libxc-2.1.2-3.el5
    mimedefang-2.78-1.el5
    root-5.34.30-1.el5
    wordpress-4.1.3-1.el5

Details about builds:


================================================================================
 jasper-1.900.1-15.el5 (FEDORA-EPEL-2015-5975)
 Implementation of the JPEG-2000 standard, Part 1
--------------------------------------------------------------------------------
Update Information:

Fix various (mostly security related) flaws.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 24 2015 Rex Dieter <rdieter at fedoraproject.org> 
- 1.900.1-15
- CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() (#1184752,#1179282)
- CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1184752,#1179298)
- CVE-2014-8137 - double-free in jas_iccattrval_destroy() (oCERT-2014-012) (#1175763,#1173157)
- CVE-2014-8138 - heap overflow in jp2_decode() (oCERT-2014-012) (#1175763,#1173162)
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1167537,#1170654)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173162
  [ 2 ] Bug #1179282 - CVE-2014-8157 jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
        https://bugzilla.redhat.com/show_bug.cgi?id=1179282
  [ 3 ] Bug #1167537 - CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
        https://bugzilla.redhat.com/show_bug.cgi?id=1167537
  [ 4 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173157
  [ 5 ] Bug #1179298 - CVE-2014-8158 jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)
        https://bugzilla.redhat.com/show_bug.cgi?id=1179298
--------------------------------------------------------------------------------


================================================================================
 libxc-2.1.2-3.el5 (FEDORA-EPEL-2015-5962)
 Library of exchange and correlation functionals to be used in DFT codes
--------------------------------------------------------------------------------
Update Information:

Update to 2.1.2, with further backported patches to hybrid functionals.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 24 2015 Susi Lehtola <jussilehtola at fedoraproject.org> - 2.1.2-3
- Patch some hybrids.
* Fri Apr 24 2015 Susi Lehtola <jussilehtola at fedoraproject.org> - 2.1.2-2
- Patch broken makefiles.
* Thu Feb 19 2015 Susi Lehtola <jussilehtola at fedoraproject.org> - 2.1.2-1
- Update to 2.1.2.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 mimedefang-2.78-1.el5 (FEDORA-EPEL-2015-5978)
 E-Mail filtering framework using Sendmail's Milter interface
--------------------------------------------------------------------------------
Update Information:

MIMEDefang 2.78
===============

  * Fix bug in logic that coalesces multiparts to single-parts if possible; the bug broke DKIM signing.  Fix is courtesy of Peter Nagel.


MIMEDefang 2.77
===============

  * Change old author's name to "Dianne Skoll" in many places.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 23 2015 Robert Scheck <robert at fedoraproject.org> 2.78-1
- Upgrade to 2.78 (#1213639)
* Wed Apr 22 2015 Robert Scheck <robert at fedoraproject.org> 2.77-1
- Upgrade to 2.77 (#1213639)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1213639 - mimedefang-2.77 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1213639
--------------------------------------------------------------------------------


================================================================================
 root-5.34.30-1.el5 (FEDORA-EPEL-2015-5959)
 Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:

root 5.34.30

https://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes

--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 24 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.34.30-1
- Update to 5.34.30
- New sub-package: root-python3
- Disable hadoop/hdfs support for F23+ (not installable)
- Drop previously backported gcc 5 patches
--------------------------------------------------------------------------------


================================================================================
 wordpress-4.1.3-1.el5 (FEDORA-EPEL-2015-5953)
 Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:

This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

https://wordpress.org/news/2015/04/wordpress-4-1-2/
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 24 2015 Remi Collet <remi at fedoraproject.org> - 4.1.3-1
- WordPress 4.1.3 Maintenance Release
* Thu Apr 23 2015 Remi Collet <remi at fedoraproject.org> - 4.1.2-1
- WordPress 4.1.2 Security Release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1214650 - wordpress: several vulnerabilities fixed in Wordpress 4.1.2
        https://bugzilla.redhat.com/show_bug.cgi?id=1214650
--------------------------------------------------------------------------------

More information about the epel-devel mailing list