[EPEL-devel] Fedora EPEL 5 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Aug 5 05:35:43 UTC 2015
The following Fedora EPEL 5 Security updates need testing:
Age URL
654 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
419 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5
268 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3.8-2.el5
12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7293/mantis-1.2.19-3.el5
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7340/drupal6-cck-2.10-1.el5
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7337/lighttpd-1.4.36-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7370/wordpress-4.2.4-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
globus-gass-cache-9.7-1.el5
globus-gram-job-manager-14.27-1.el5
globus-proxy-utils-6.13-1.el5
globus-simple-ca-4.22-1.el5
openvpn-2.3.8-1.el5
pcp-3.10.6-1.el5
wordpress-4.2.4-1.el5
Details about builds:
================================================================================
globus-gass-cache-9.7-1.el5 (FEDORA-EPEL-2015-7508)
Globus Toolkit - Globus Gass Cache
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 9.7-1
- GT6 update: GT-618: GASS Cache error mishandling causes crash
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 9.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-14.27-1.el5 (FEDORA-EPEL-2015-7508)
Globus Toolkit - GRAM Jobmanager
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 14.27-1
- GT6 update: GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
================================================================================
globus-proxy-utils-6.13-1.el5 (FEDORA-EPEL-2015-7508)
Globus Toolkit - Globus GSI Proxy Utility Programs
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.13-1
- GT6 update: Add explicit name comparison mode selection option
--------------------------------------------------------------------------------
================================================================================
globus-simple-ca-4.22-1.el5 (FEDORA-EPEL-2015-7508)
Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.22-1
- GT6 update: Use 4096-bit RSA key for globus-simple-ca
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.8-1.el5 (FEDORA-EPEL-2015-7510)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Jon Ciesla <limburgher at gmail.com> 2.3.8-1
- 2.3.8
--------------------------------------------------------------------------------
================================================================================
pcp-3.10.6-1.el5 (FEDORA-EPEL-2015-7514)
System-level performance monitoring and performance management
--------------------------------------------------------------------------------
Update Information:
Primarily bugfix release of Performance Co-Pilot.
Most notable change is the packaging split, but there are also a lot of other new features and bug fixes; see CHANGELOG for details.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Nathan Scott <nathans at redhat.com> - 3.10.6-1
- Fix pcp2graphite write method invocation failure (BZ 1243123)
- Reduce diagnostics in pmdaproc unknown state case (BZ 1224431)
- Derived metrics via multiple files, directory expansion (BZ 1235556)
- Update to latest PCP sources.
* Mon Jun 15 2015 Mark Goodwin <mgoodwin at redhat.com> - 3.10.5-1
- Provide and use non-exit(1)ing pmGetConfig(3) variant (BZ 1187588)
- Resolve a pmdaproc.sh pmlogger restart regression (BZ 1229458)
- Replacement of pmatop/pcp-atop(1) utility (BZ 1160811, BZ 1018575)
- Reduced installation size for minimal applications (BZ 1182184)
- Ensure pmlogger start scripts wait on pmcd startup (BZ 1185760)
- Need to run pmcd at least once before pmval -L will work (BZ 185749)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1224431 - /var/log/pcp/pmcd/proc.log grows 1MB/day
https://bugzilla.redhat.com/show_bug.cgi?id=1224431
[ 2 ] Bug #1243123 - [abrt] pcp: pcp2graphite:269:<module>:TypeError: write() takes no keyword arguments
https://bugzilla.redhat.com/show_bug.cgi?id=1243123
[ 3 ] Bug #1229458 - pmda Install should not start pmlogger
https://bugzilla.redhat.com/show_bug.cgi?id=1229458
[ 4 ] Bug #1182184 - reduced installation footprint for minimal pcp applications
https://bugzilla.redhat.com/show_bug.cgi?id=1182184
[ 5 ] Bug #185749 - Package Updater can't resolve dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=185749
[ 6 ] Bug #1235556 - RFE: Allow inclusion of derived metrics files
https://bugzilla.redhat.com/show_bug.cgi?id=1235556
[ 7 ] Bug #1187588 - PM_CONTEXT_LOCAL crashes process when /etc/pcp.conf is unreadable
https://bugzilla.redhat.com/show_bug.cgi?id=1187588
[ 8 ] Bug #1018575 - pmatop exceptions need better catching
https://bugzilla.redhat.com/show_bug.cgi?id=1018575
[ 9 ] Bug #1185760 - Default pmlogger config depends on pmcd but doesn't ensure it is running
https://bugzilla.redhat.com/show_bug.cgi?id=1185760
--------------------------------------------------------------------------------
================================================================================
wordpress-4.2.4-1.el5 (FEDORA-EPEL-2015-7370)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.2.4 Security and Maintenance Release**
WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-SandĂ of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.4 also fixes four bugs. For more information, see:
the release notes or consult the list of changes.
* the release notes: https://codex.wordpress.org/Version_4.2.4
* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396
**WordPress 4.2.3 Security and Maintenance Release**
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:
* the release notes: https://codex.wordpress.org/Version_4.2.3
* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Remi Collet <remi at fedoraproject.org> - 4.2.4-1
- WordPress 4.2.4 Security and Maintenance Release
* Fri Jul 24 2015 Remi Collet <remi at fedoraproject.org> - 4.2.3-1
- WordPress 4.2.3 Security and Maintenance Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246396 - CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in wordpress 4.2.3
https://bugzilla.redhat.com/show_bug.cgi?id=1246396
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list