[EPEL-devel] Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Apr 30 17:13:55 UTC 2015 

The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 1103  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
 557  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
 322  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5
 172  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3.8-2.el5
  12  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5821/cherokee-1.2.103-6.el5
   9  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5894/mksh-50f-1.el5
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5975/jasper-1.900.1-15.el5
   1  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5953/wordpress-4.2.1-1.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6090/drupal7-views-3.11-1.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6081/clamav-0.98.7-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    clamav-0.98.7-1.el5
    drupal7-views-3.11-1.el5
    opendmarc-1.3.1-13.el5

Details about builds:


================================================================================
 clamav-0.98.7-1.el5 (FEDORA-EPEL-2015-6081)
 Anti-virus software
--------------------------------------------------------------------------------
Update Information:

ClamAV 0.98.7
=============

This release contains new scanning features and bug fixes.

  - Improvements to PDF processing: decryption, escape sequence handling, and file property collection.
  - Scanning/analysis of additional Microsoft Office 2003 XML format.
  - Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
  - Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
  - Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong.
  - Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior.
  - Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior.
  - Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668.
  - Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes.
  - Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305.
  - Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
  - Fix segfault scanning certain HTML files. Reported with sample by Kai Risku.
  - Improve detections within xar/pkg files.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2015 Robert Scheck <robert at fedoraproject.org> - 0.98.7-1
- Upgrade to 0.98.7 and updated daily.cvd (#1217014)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1217206 - CVE-2015-2221: clamav Infinite loop condition on crafted y0da cryptor file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217206
  [ 2 ] Bug #1217207 - CVE-2015-2222 clamav: crash on crafted petite packed file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217207
  [ 3 ] Bug #1217208 - CVE-2015-2668 clamav: Infinite loop condition on a crafted "xz" archive file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217208
  [ 4 ] Bug #1217209 - CVE-2015-2170: clamav: Crash in upx decoder with crafted file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217209
--------------------------------------------------------------------------------


================================================================================
 drupal7-views-3.11-1.el5 (FEDORA-EPEL-2015-6090)
 Provides a method for site designers to control content presentation
--------------------------------------------------------------------------------
Update Information:

- Release 3.11 is a security fix release
- Upstream changelog is at https://www.drupal.org/node/2480259
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 30 2015 Peter Borsa <peter.borsa at gmail.com> - 3.11-1
- Release 3.11 is a security fix release
- Upstream changelog is at https://www.drupal.org/node/2480259
* Sat Feb 14 2015 Peter Borsa <peter.borsa at gmail.com> - 3.10-1
- Release 3.10 is a security fix release
- Upstream changelog is at https://drupal.org/node/2424103
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 21 2014 Peter Borsa <peter.borsa at gmail.com> - 3.8-1
- Release 3.8 is a security fix release
- Upstream changelog is at https://drupal.org/node/2271305
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1217279 - drupal7-views-3.11 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1217279
--------------------------------------------------------------------------------


================================================================================
 opendmarc-1.3.1-13.el5 (FEDORA-EPEL-2015-6082)
 A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
--------------------------------------------------------------------------------
Update Information:

- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
- Added libspf2-devel to BuildRequires
- libspf2 support now provided for all branches
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
        https://bugzilla.redhat.com/show_bug.cgi?id=905304
--------------------------------------------------------------------------------

More information about the epel-devel mailing list