The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0431/fail2ban-0....
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0425/glpi-0.78.5...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0352/bugzilla-3....
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0586/python-past...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0376/drupal7-fie...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0578/puppet-2.6....
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3762/couchdb-1.0...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0102/libarchive-...
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal7-views-3.3-1.el5
globus-simple-ca-3.0-2.el5
puppet-2.6.14-1.el5
python-httplib2-0.7.2-1.el5
python-paste-script-1.7.5-1.el5
snappy-1.0.5-1.el5
Details about builds:
================================================================================
drupal7-views-3.3-1.el5 (FEDORA-EPEL-2012-0576)
Provides a method for site designers to control content presentation
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.3 release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 23 2012 Jared Smith <jsmith(a)fedoraproject.org> - 3.3-1
- Update to upstream 3.3 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #795712 - drupal7-views-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=795712
--------------------------------------------------------------------------------
================================================================================
globus-simple-ca-3.0-2.el5 (FEDORA-EPEL-2012-0587)
Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:
The Globus Toolkit is an open source software toolkit used for building Grid systems and
applications. It is being developed by the Globus Alliance and many others all over the
world. A growing number of projects and companies are using the Globus Toolkit to unlock
the potential of grids for their cause.
The globus-simple-ca package contains: Simple CA Utility
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #772994 - Review Request: globus-simple-ca - Globus Toolkit - Simple CA
Utility
https://bugzilla.redhat.com/show_bug.cgi?id=772994
--------------------------------------------------------------------------------
================================================================================
puppet-2.6.14-1.el5 (FEDORA-EPEL-2012-0578)
A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
Please refer to the upstream release notes for details:
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 22 2012 Todd Zullinger <tmz(a)pobox.com> - 2.6.14-1
- Update to 2.6.14, fixes CVE-2012-1053 and CVE-2012-1054
* Mon Feb 13 2012 Todd Zullinger <tmz(a)pobox.com> - 2.6.13-3
- Move rpmlint fixes to %prep, add a few additional fixes
- Bump minimum ruby version to 1.8.5 now that EL-4 is all but dead
- Update install locations for Fedora-17 / Ruby-1.9
- Use ruby($lib) for augeas and shadow requirements
- Only try to run 0.25.x -> 2.6.x pid file updates on EL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #791001 - CVE-2012-1053 Puppet 2.6.13 group ID handling issues
https://bugzilla.redhat.com/show_bug.cgi?id=791001
[ 2 ] Bug #791002 - CVE-2012-1054 Puppet 2.6.13 Klogin File Handling Issue
https://bugzilla.redhat.com/show_bug.cgi?id=791002
--------------------------------------------------------------------------------
================================================================================
python-httplib2-0.7.2-1.el5 (FEDORA-EPEL-2012-0584)
A comprehensive HTTP client library
--------------------------------------------------------------------------------
Update Information:
Upstream update to 0.7.2
Note this version uses fedora's cert file bundle instead of httplib2
default.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 24 2012 Ding-Yi Chen <dchen at redhat.com> - 0.7.2-1
- Upstream update to 0.7.2
Which may fixed
http://code.google.com/p/httplib2/issues/detail?id=62
Note this version uses fedora's cert file bundle instead of httplib2
default.
* Fri Jul 29 2011 Ding-Yi Chen <dchen at redhat.com> - 0.4.0-5
- Apply that address python-httplib2 (GoogleCode Hosted) issue 39
http://code.google.com/p/httplib2/issues/detail?id=39
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.6.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Aug 25 2010 Thomas Spura <tomspur(a)fedoraproject.org> - 0.6.0-4
- rebuild with python3.2
http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html
* Thu Jul 22 2010 David Malcolm <dmalcolm(a)redhat.com> - 0.6.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Tue Apr 20 2010 Tom "spot" Callaway <tcallawa(a)redhat.com>
- minor spec cleanups
- enable python3 support
* Fri Apr 2 2010 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 0.6.0-1
- version upgrade (#566721)
--------------------------------------------------------------------------------
================================================================================
python-paste-script-1.7.5-1.el5 (FEDORA-EPEL-2012-0586)
A pluggable command-line frontend
--------------------------------------------------------------------------------
Update Information:
This update fixes a security flaw with Paster that prevents it from properly dropping
privileges when run as root.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 23 2012 Luke Macken <lmacken(a)redhat.com> - 1.7.5-1
- Update to 1.7.5
- Apply a patch from upstream to fix a security issue when running Paster as
root (#796790)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #796790 - CVE-2012-0878 python-paste-script: Supplementary groups not dropped
when started an application with "paster serve" as root
https://bugzilla.redhat.com/show_bug.cgi?id=796790
--------------------------------------------------------------------------------
================================================================================
snappy-1.0.5-1.el5 (FEDORA-EPEL-2012-0574)
Fast compression and decompression library
--------------------------------------------------------------------------------
Update Information:
This is a maintenance release that provides faster decompression. For a complete list of
changes see:
http://snappy.googlecode.com/svn-history/r61/trunk/NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 24 2012 Martin Gieseking <martin.gieseking(a)uos.de> 1.0.5-1
- updated to release 1.0.5
- made dependency of devel package on base package arch dependant
--------------------------------------------------------------------------------