The following Fedora EPEL 5 Security updates need testing:
Age URL
646
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
410
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
260
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7241/xrdp-0.6.1-...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7269/drupal7-pat...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7293/mantis-1.2....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7340/drupal6-cck...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7337/lighttpd-1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7370/wordpress-4...
The following builds have been pushed to Fedora EPEL 5 updates-testing
check-mk-1.2.6p9-1.el5
drupal6-cck-2.10-1.el5
drupal7-ds-2.11-1.el5
drupal7-metatag-1.7-1.el5
globus-ftp-client-8.23-1.el5
globus-ftp-control-6.7-1.el5
globus-gridftp-server-8.0-1.el5
globus-gss-assist-10.15-1.el5
globus-net-manager-0.12-1.el5
globus-xio-gridftp-driver-2.11-1.el5
globus-xio-gridftp-multicast-1.6-1.el5
lighttpd-1.4.36-1.el5
nordugrid-arc-doc-2.0.3-1.el5
wordpress-4.2.3-1.el5
Details about builds:
================================================================================
check-mk-1.2.6p9-1.el5 (FEDORA-EPEL-2015-7343)
A new general purpose Nagios-plugin for retrieving data
--------------------------------------------------------------------------------
Update Information:
New upstream release: 1.2.6p9
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Andrea Veri <averi(a)fedoraproject.org> - 1.2.6p9-1
- New upstream release.
--------------------------------------------------------------------------------
================================================================================
drupal6-cck-2.10-1.el5 (FEDORA-EPEL-2015-7340)
Allows you to add custom fields to nodes using a web browser
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/project/cck
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 23 2015 Jon Ciesla <limburgher(a)gmail.com> - 2.10-1
- Update to 2.10.
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.9-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.9-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.9-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.9-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.9-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1232973 - drupal7-feeds-2.0-alpha9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1232973
--------------------------------------------------------------------------------
================================================================================
drupal7-ds-2.11-1.el5 (FEDORA-EPEL-2015-7322)
Extend the display options for every entity type
--------------------------------------------------------------------------------
Update Information:
## 7.x-2.11
* Issue #2492661 by Erik Frèrejean: Incorrect field info api documentation for 'block
fields'
* Issue #2507163 by aspilicious: Block regions cannot be deleted following upgrade to
2.10
* Issue #2497445 by aspilicious: Upgrading from DS 7.x-2.8 > DS 7.x-2.10 changes view
mode on nodes from full content to default on page
* Issue #2493145 by artis: Typo in recent commit for Token support in 7.x-2.x branch
* Issue #2490932: Undefined property: DatabaseConnection_mysql::$sid in
node_ds_search_execute() (line 488 of ds_search.module)
* Issue #2453137 by aspilicious: Unable to overwrite theme_ds_field_expert
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.11-1
- Updated to 2.11 (RHBZ #1246471)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246471 - drupal7-ds-2.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1246471
--------------------------------------------------------------------------------
================================================================================
drupal7-metatag-1.7-1.el5 (FEDORA-EPEL-2015-7358)
Adds support and an API to implement meta tags
--------------------------------------------------------------------------------
Update Information:
## 7.x-1.7
This includes a few fixes to the previous release and is a recommended update for all
sites.
The most important changes are:
* There's no longer any crazy logic to identify whether a given view is used for a
particular entity's display, instead it just handles the core entities and adds a hook
to allow custom modules to expand it further; see metatag.api.php for details of the new
hook.
* The Viewport meta tag will no longer try splitting onto separate tags because it finds a
comma; incidentally it's now only possible to have one Viewport meta tag.
* An update script is provided to convert data from the Page Title module; see the
README.txt file in the metatag_importer submodule for details.
Full changelog since v7.x-1.6:
* Issue #2537738 by deepak_zyxware: Incorrect path to fb_social settings page.
* Issue #2535178 by DamienMcKenna: 'multiple' option on Viewport causes problems
with the meta tag's intended values.
* Issue #2524460 by DamienMcKenna, adriancotter, gbirch, jrb: Remove custom wrangling for
Views-based custom entity displays, added new hook to allow other modules to customize as
needed (hook_metatag_views_post_render_get_entity).
* Issue #2199533 by Adrian Richardson, DamienMcKenna, mairi: Don't reload entities
when processing tokens, it causes problems with content workflows.
* Issue #2513892 by DamienMcKenna: Tests for user objects.
* Issue #1658970 by DamienMcKenna, stefan.r, subhojit777, HyperGlide, jenlampton: Drush
script to convert data from the Page Title module.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 1.7-1
- Updated to 1.7 (RHBZ #1246704)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246704 - drupal7-metatag-1.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1246704
--------------------------------------------------------------------------------
================================================================================
globus-ftp-client-8.23-1.el5 (FEDORA-EPEL-2015-7357)
Globus Toolkit - GridFTP Client Library
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates from upstream developers:
* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.0
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 8.23-1
- GT6 update (Fix crash in error handling)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
8.22-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-ftp-control-6.7-1.el5 (FEDORA-EPEL-2015-7357)
Globus Toolkit - GridFTP Control Library
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates from upstream developers:
* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.0
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 6.7-1
- GT6 update (Fix old-style function definitions, Fix variable scope)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
6.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gridftp-server-8.0-1.el5 (FEDORA-EPEL-2015-7357)
Globus Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates from upstream developers:
* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.0
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 8.0-1
- GT6 update
- Add update_bytes api that sets byte counters and range markers separately
--------------------------------------------------------------------------------
================================================================================
globus-gss-assist-10.15-1.el5 (FEDORA-EPEL-2015-7357)
Globus Toolkit - GSSAPI Assist library
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates from upstream developers:
* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.0
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 10.15-1
- GT6 update (Fix gridmap parsing error)
* Sun Jul 12 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 10.14-1
- GT6 update (Fix uninitialized variable)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
10.13-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-net-manager-0.12-1.el5 (FEDORA-EPEL-2015-7357)
Globus Toolkit - Network Manager
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates from upstream developers:
* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.0
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 0.12-1
- GT6 update (Fix memory leaks, NULL pointer derefs, and dead assignments)
* Sun Jul 12 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 0.10-1
- GT6 update (Fix uninitialized value, Remove unused variables)
--------------------------------------------------------------------------------
================================================================================
globus-xio-gridftp-driver-2.11-1.el5 (FEDORA-EPEL-2015-7357)
Globus Toolkit - Globus XIO GridFTP Driver
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates from upstream developers:
* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.0
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 2.11-1
- GT6 update (Fix missing va_arg in attr_cntl, Fix memory leak)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-xio-gridftp-multicast-1.6-1.el5 (FEDORA-EPEL-2015-7357)
Globus Toolkit - Globus XIO GridFTP Multicast Driver
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates from upstream developers:
* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.0
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 1.6-1
- GT6 update (Remove dead code, uninitialized variables, string parsing error)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.36-1.el5 (FEDORA-EPEL-2015-7337)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
Latest upstream security release:
http://www.lighttpd.net/2015/7/26/1.4.36/
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 27 2015 Jon Ciesla <limburgher(a)gmail.com> - 1.4.36-1
- 1.4.36 1246857, 1224910, 1224911.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1224911 - CVE-2015-3200 lighttpd: log injection via malformed base64 string
in Authentication header [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1224911
[ 2 ] Bug #1224910 - CVE-2015-3200 lighttpd: log injection via malformed base64 string
in Authentication header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1224910
[ 3 ] Bug #1246857 - lighttpd-1.4.36 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1246857
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-doc-2.0.3-1.el5 (FEDORA-EPEL-2015-7328)
Advanced Resource Connector Documentation
--------------------------------------------------------------------------------
Update Information:
Minor documentation update.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 26 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 2.0.3-1
- 2.0.3 Final Release
--------------------------------------------------------------------------------
================================================================================
wordpress-4.2.3-1.el5 (FEDORA-EPEL-2015-7370)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.2.3 Security and Maintenance Release**
WordPress 4.2.3 is now available. This is a security release for all previous versions and
we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability,
which could allow users with the Contributor or Author role to compromise a site. This was
initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security
team, and later reported by Jouko Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber permissions to
create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software
Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:
* the release notes:
https://codex.wordpress.org/Version_4.2.3
* the list of changes:
https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=3...
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 24 2015 Remi Collet <remi(a)fedoraproject.org> - 4.2.3-1
- WordPress 4.2.3 Security and Maintenance Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246396 - CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and
permission issue fixed in
https://bugzilla.redhat.com/show_bug.cgi?id=1246396
--------------------------------------------------------------------------------