The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/bugzilla-3.2.10-1.el5 https://admin.fedoraproject.org/updates/atop-1.26-1.el5.1 https://admin.fedoraproject.org/updates/couchdb-1.0.2-8.el5,erlang-ibrowse-2... https://admin.fedoraproject.org/updates/ocsinventory-1.3.3-5.el5 https://admin.fedoraproject.org/updates/phpldapadmin-1.0.2-1.el5 https://admin.fedoraproject.org/updates/awstats-6.95-3.el5 https://admin.fedoraproject.org/updates/clamav-0.97.3-1.el5 https://admin.fedoraproject.org/updates/cacti-0.8.7h-1.el5 https://admin.fedoraproject.org/updates/puppet-2.6.12-1.el5 https://admin.fedoraproject.org/updates/net6-1.3.14-1.el5 https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.el5 https://admin.fedoraproject.org/updates/drupal6-views-2.13-1.el5 https://admin.fedoraproject.org/updates/phpMyAdmin3-3.4.7-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
389-ds-base-1.2.10-0.5.a5.el5 drupal7-entity-1.0-0.2.beta11.el5 drupal7-field_permissions-1.0-0.1.alpha1.el5 drupal7-fivestar-2.0-0.1.alpha1.el5 php53-php-gettext-1.0.11-3.el5 phpMyAdmin3-3.4.7-1.el5
Details about builds:
================================================================================ 389-ds-base-1.2.10-0.5.a5.el5 (FEDORA-EPEL-2011-4893) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information:
Bug fixes for setup -u, coverity, modrdn 100% cpu, entryusn, referint txn fix config del/add mods - memberof is transaction aware resource limits for simple paged results slapi_rwlock - transactions - account usability - bug fixes Fix for managed entry Fixed source tarball fix transaction support in ldbm_delete -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 4 2011 Rich Megginson rmeggins@redhat.com - 1.2.10-0.5.a5 - Bug 751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD' - Bug 750625 750624 750622 744946 Coverity issues - Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication - Bug 748575 - rhds81 modrn operation and 100% cpu use in replication - Bug 745259 - Incorrect entryUSN index under high load in replicated environment - f639711 Reduce the number of DN normalization - c06a8fa Keep unhashed password psuedo-attribute in the adding entry - Bug 744945 - nsslapd-counters attribute value cannot be set to "off" - 8d3b921 Use new PLUGIN_CONFIG_ENTRY feature to allow switching between txn and regular - d316a67 Change referential integrity to be a betxnpostoperation plugin * Fri Oct 7 2011 Rich Megginson rmeggins@redhat.com - 1.2.10-0.4.a4 - Bug 741744 - part3 - MOD operations with chained delete/add get back error 53 - 1d2f5a0 make memberof transaction aware and able to be a betxnpostoperation plug in - b6d3ba7 pass the plugin config entry to the plugin init function - 28f7bfb set the ENTRY_POST_OP for modrdn betxnpostoperation plugins - Bug 743966 - Compiler warnings in account usability plugin * Wed Oct 5 2011 Rich Megginson rmeggins@redhat.com - 1.2.10.a3-0.3 - 498c42b fix transaction support in ldbm_delete * Wed Oct 5 2011 Rich Megginson rmeggins@redhat.com - 1.2.10.a2-0.2 - Bug 740942 - allow resource limits to be set for paged searches independently of limits for other searches/operations - Bug 741744 - MOD operations with chained delete/add get back error 53 on backend config - Bug 742324 - allow nsslapd-idlistscanlimit to be set dynamically and per-user * Tue Sep 27 2011 Rich Megginson rmeggins@redhat.com - 1.2.10.a1-0.1 - Bug 739172 - Allow separate fractional attrs for incremental and total protocols - 6120b3d Make all backend operations transaction aware - 056cc35 Add support for pre/post db transaction plugins - Bug 736712 - Modifying ruv entry deadlocks server - Bug 590826 - Reloading database from ldif causes changelog to emit "data no longer matches" errors - Bug 730387 - Add slapi_rwlock API and use POSIX rwlocks - Bug 611438 - Add Account Usability Control support * Tue Sep 13 2011 Rich Megginson rmeggins@redhat.com - 1.2.9.10-3 - added back fedora-ds-base stuff so as not to break dependencies * Wed Sep 7 2011 Rich Megginson rmeggins@redhat.com - 1.2.9.10-2 - corrected source * Wed Sep 7 2011 Rich Megginson rmeggins@redhat.com - 1.2.9.10-1 - Bug 735114 - renaming a managed entry does not update mepmanagedby -------------------------------------------------------------------------------- References:
[ 1 ] Bug #751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD' https://bugzilla.redhat.com/show_bug.cgi?id=751495 [ 2 ] Bug #750625 - Fix Coverity minor defects https://bugzilla.redhat.com/show_bug.cgi?id=750625 [ 3 ] Bug #750624 - Fix Coverity (11053) Explicit null dereferenced: slapi_dn_normalize_ext (slapd/dn.c) https://bugzilla.redhat.com/show_bug.cgi?id=750624 [ 4 ] Bug #750622 - Fix Coverity (11104) Resource leak: ids_sasl_user_to_entry (slapd/saslbind.c) https://bugzilla.redhat.com/show_bug.cgi?id=750622 [ 5 ] Bug #744946 - (cov#11046) NULL dereference in IDL code https://bugzilla.redhat.com/show_bug.cgi?id=744946 --------------------------------------------------------------------------------
================================================================================ drupal7-entity-1.0-0.2.beta11.el5 (FEDORA-EPEL-2011-4902) Extends the entity API to provide a unified way to deal with entities -------------------------------------------------------------------------------- Update Information:
This module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. Additionally, it provides an entity CRUD controller, which helps simplifying the creation of new entity types. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #745305 - Review Request: drupal7-entity - Extends the entity API to provide a unified way to deal with entities https://bugzilla.redhat.com/show_bug.cgi?id=745305 --------------------------------------------------------------------------------
================================================================================ drupal7-field_permissions-1.0-0.1.alpha1.el5 (FEDORA-EPEL-2011-4895) A replacement for the Content Permissions module shipped with CCK -------------------------------------------------------------------------------- Update Information:
The Field Permissions module is a drop-in replacement for the Content Permissions module shipped with CCK. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #745308 - Review Request: drupal7-field_permissions - A replacement for the Content Permissions module shipped with CCK https://bugzilla.redhat.com/show_bug.cgi?id=745308 --------------------------------------------------------------------------------
================================================================================ drupal7-fivestar-2.0-0.1.alpha1.el5 (FEDORA-EPEL-2011-4894) The Fivestar voting module adds a clean attractive voting widget -------------------------------------------------------------------------------- Update Information:
The Fivestar voting module adds a clean, attractive voting widget to nodes in Drupal 5, 6 and7. Developed by Lullabot and an officially supported module in Acquia Drupal. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #745311 - Review Request: drupal7-fivestar - The Fivestar voting module adds a clean attractive voting widget https://bugzilla.redhat.com/show_bug.cgi?id=745311 --------------------------------------------------------------------------------
================================================================================ php53-php-gettext-1.0.11-3.el5 (FEDORA-EPEL-2011-4905) Gettext emulation in PHP -------------------------------------------------------------------------------- Update Information:
This library provides PHP functions to read MO files even when gettext is not compiled in or when appropriate locale is not present on the system. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #727000 - Package php-common provides php-gettext, but there is a real php-gettext package https://bugzilla.redhat.com/show_bug.cgi?id=727000 [ 2 ] Bug #739417 - Review Request: php53-php-gettext - Gettext emulation in PHP https://bugzilla.redhat.com/show_bug.cgi?id=739417 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin3-3.4.7-1.el5 (FEDORA-EPEL-2011-4906) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
Changes for 3.4.7.0 (2011-10-23);
- [interface] Links in navigation when $cfg['MainPageIconic'] = false - [interface] Inline edit shows dropdowns even after closing - [view] View renaming did not work - [navi] Wrong icon for view (MySQL 5.5) - [doc] Missing documentation section - [pdf] Broken PDF file when exporting database to PDF - [core] Allow to set language in URL - [doc] Fix links to PHP documentation - [export] Export to bzip2 is not working
Changes for 3.4.6.0 (2011-10-16):
- [patch] InnoDB comment display with tooltips/aliases - [navi] Edit SQL statement after error - [interface] Collation not displayed for long enum fields - [export] Config for export compression not used - [privileges] DB-specific privileges won't submit - [config] Configuration storage incorrect suggested table name - [interface] Cannot execute saved query - [display] Full text button unchecks results display options - [display] Broken binary column when 'Show binary contents' is not set - [core] Call to undefined function PMA_isSuperuser() - [interface] Display options link missing after search - [core] CSP policy causing designer JS buttons to fail - [relation] Relations/constraints are dropped/created on every change - [display] Delete records from last page breaks search - [schema] PMA_User_Schema::processUserChoice() is broken - [core] External link fails in 3.4.5 - [display] CharTextareaRows is not respected - [synchronize] Extraneous db choices - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php) - [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php) -------------------------------------------------------------------------------- ChangeLog:
* Sat Nov 5 2011 Robert Scheck robert@fedoraproject.org 3.4.7-1 - Upgrade to 3.4.7 (#746630, #746880) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #746880 - CVE-2011-3646 CVE-2011-4064 phpMyAdmin: multiple flaws corrected in 3.4.6 (PMASA-2011-15, PMASA-2011-16) https://bugzilla.redhat.com/show_bug.cgi?id=746880 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org