The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/mantis-1.1.8-4.el5
https://admin.fedoraproject.org/updates/cgit-0.8.2.1-4.el5
https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-1.el5
https://admin.fedoraproject.org/updates/python26-2.6.5-5.el5
https://admin.fedoraproject.org/updates/php-pear-CAS-1.1.3-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
bash-completion-1.2-4.el5
erlang-gen_leader-0-0.2.el5
erlang-protobuffs-0-0.2.20100930git58ff962.el5
libucil-0.9.10-1.el5
libunicap-0.9.12-1.el5
php-pear-CAS-1.1.3-1.el5
python26-sqlalchemy-0.6.4-1.el5
rabbitmq-server-2.1.0-1.el5
Details about builds:
================================================================================
bash-completion-1.2-4.el5 (FEDORA-EPEL-2010-3465)
Programmable completion for Bash
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.2 plus selected post-1.2 bug fixes.
http://bash-completion.alioth.debian.org/files/CHANGES-1.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 5 2010 Ville Skyttä <ville.skytta(a)iki.fi> - 1:1.2-4
- More IPv6 address completion fixes, #630658.
* Tue Sep 28 2010 Ville Skyttä <ville.skytta(a)iki.fi> - 1:1.2-3
- Apply upstream ~username completion fix for #628130.
- Apply upstream rpm completion improvements for #630328.
- Apply upstream IPv6 address completion fix for #630658.
- Drop some completions that are included in respective upstream packages.
- Fix qdbus/dcop uninstall trigger.
* Mon Jun 28 2010 Ville Skyttä <ville.skytta(a)iki.fi> - 1:1.2-2
- Apply upstream post 1.2 /etc/init.d/* completion improvements to fix #608351.
* Wed Jun 16 2010 Ville Skyttä <ville.skytta(a)iki.fi> - 1:1.2-1
- Update to 1.2, all patches applied upstream.
- Fixes #444469, #538433, #541423, and #601813, works around #585384.
* Fri Mar 12 2010 Ville Skyttä <ville.skytta(a)iki.fi> - 1:1.1-7
- Autoinstall dpkg and dselect completions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #444469 - chown tab completion doens't handle user:group syntax
coirrectly
https://bugzilla.redhat.com/show_bug.cgi?id=444469
[ 2 ] Bug #538433 - /etc/bash_completion assumes pidof is in path; needs to be
hard-coded
https://bugzilla.redhat.com/show_bug.cgi?id=538433
[ 3 ] Bug #541423 - tab completion of hosts in known_hosts files produce errors
https://bugzilla.redhat.com/show_bug.cgi?id=541423
[ 4 ] Bug #585384 - Multiple triggers with identical conditions don't run
https://bugzilla.redhat.com/show_bug.cgi?id=585384
[ 5 ] Bug #630658 - Completion about IPv6 address does not work properly
https://bugzilla.redhat.com/show_bug.cgi?id=630658
[ 6 ] Bug #630328 - Completion for RPM disables filename completion.
https://bugzilla.redhat.com/show_bug.cgi?id=630328
[ 7 ] Bug #633417 - bash-completion with rsync, scp emits invalid commandline argument
error
https://bugzilla.redhat.com/show_bug.cgi?id=633417
--------------------------------------------------------------------------------
================================================================================
erlang-gen_leader-0-0.2.el5 (FEDORA-EPEL-2010-3472)
A leader election behavior modeled after gen_server
--------------------------------------------------------------------------------
Update Information:
initial commit
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #638906 - Review Request: erlang-gen_leader - A leader election behavior
modeled after gen_server
https://bugzilla.redhat.com/show_bug.cgi?id=638906
--------------------------------------------------------------------------------
================================================================================
erlang-protobuffs-0-0.2.20100930git58ff962.el5 (FEDORA-EPEL-2010-3466)
A set of Protocol Buffers tools and modules for Erlang applications
--------------------------------------------------------------------------------
Update Information:
Initial commit (review request in rhbz #638974)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #638974 - Review Request: erlang-protobuffs - A set of Protocol Buffers tools
and modules for Erlang applications
https://bugzilla.redhat.com/show_bug.cgi?id=638974
--------------------------------------------------------------------------------
================================================================================
libucil-0.9.10-1.el5 (FEDORA-EPEL-2010-3474)
Library to render text and graphic overlays onto video images
--------------------------------------------------------------------------------
Update Information:
* src/ucil_theora.c (fill_frames): replaced ucutil_queue with GQueue
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 4 2020 Robert Scheck <robert(a)fedoraproject.org> 0.9.10-1
- Upgrade to 0.9.10
* Wed Sep 29 2010 Jesse Keating <jkeating(a)redhat.com> 0.9.8-6
- Rebuilt for gcc bug 634757
* Wed Sep 15 2010 Kamil Dudka <kdudka(a)redhat.com> 0.9.8-5
- upstream patch for #632439
- check return value of theora_encode_init() (#627890)
* Wed Aug 25 2010 Kamil Dudka <kdudka(a)redhat.com> 0.9.8-4
- fix SIGSEGV in ucil_theora_encode_thread (#627161)
* Wed Jun 2 2010 Kamil Dudka <kdudka(a)redhat.com> 0.9.8-3
- fix SIGSEGV in ucil_alsa_fill_audio_buffer (#572966)
- fix SIGSEGV in ucil_theora_encode_thread (#595863)
* Fri Mar 12 2010 Kamil Dudka <kdudka(a)redhat.com> 0.9.8-2
- build the package in %build
--------------------------------------------------------------------------------
================================================================================
libunicap-0.9.12-1.el5 (FEDORA-EPEL-2010-3467)
Library to access different kinds of (video) capture devices
--------------------------------------------------------------------------------
Update Information:
* src/unicap.c (unicap_open): fix: returned uninitialized status
* (unicap_data_buffer_new): fix: buffer_structure was initialized before allocated
* configure.ac: euvccam is now enabled by default
* include/unicap.h (enum): add flags for interlaced buffers
* cpi/vid21394/vid21394_base.c (_vid21394_new_iso_handler): Mark buffers as interlaced
and odd field first
* configure.ac: Added euvccam plugin
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 4 2010 Robert Scheck <robert(a)fedoraproject.org> 0.9.12-1
- Upgrade to 0.9.12 (#635377)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #635377 - libunicap-0.9.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=635377
--------------------------------------------------------------------------------
================================================================================
php-pear-CAS-1.1.3-1.el5 (FEDORA-EPEL-2010-3469)
Central Authentication Service client library in php
--------------------------------------------------------------------------------
Update Information:
This release contains 3 security fixes for vulnerabilities in the proxy callback
mechanism. These vulnerabilities only affect phpCAS clients that are running in proxy()
mode.
The release is fully compatible with all versions 1.1.x versions.
The changes are:
Security Issue
* CVE-2010-3690 phpCAS: XSS during a proxy callback [PHPCAS-80] (Joachim Fritschi)
* CVE-2010-3691 phpCAS: prevent symlink attacks during a proxy callback [PHPCAS-80]
(Joachim Fritschi)
* CVE-2010-3692 phpCAS: directory traversal during a proxy callback [PHPCAS-80] (Joachim
Fritschi)
Bug Fixes
* fix broken redirection with safari [PHPCAS-79] (Alex Barker)
* fix missing exit() call during ticket validation [PHPCAS-76] (Igor Blanco,Joachim
Fritschi)
* fix a notice because REQUEST_URL is not defined on IIS [PHPCAS-81] (Iñaki Arenaza)
* fix a typo in pgt-db.php [PHPCAS-75] (Julien Cochennec)
* removal of the non functional pgt-db backend [PHPCAS-81] (Joachim Fritschi)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 4 2010 Remi Collet <Fedora(a)FamilleCollet.com> - 1.1.3-1
- update to 1.1.3
- fix CVE-2010-3690, CVE-2010-3691, CVE-2010-3692
- set timezone during build
--------------------------------------------------------------------------------
================================================================================
python26-sqlalchemy-0.6.4-1.el5 (FEDORA-EPEL-2010-3470)
Modular and flexible ORM library for python26
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #606557 - Review Request: python26-sqlalchemy - Modular and flexible ORM
library for python26
https://bugzilla.redhat.com/show_bug.cgi?id=606557
--------------------------------------------------------------------------------
================================================================================
rabbitmq-server-2.1.0-1.el5 (FEDORA-EPEL-2010-3468)
The RabbitMQ server
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 5 2010 Hubert Plociniczak <hubert.plociniczak(a)gmail.com> 2.1.0-1
- New Upstream Release
--------------------------------------------------------------------------------