The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/bugzilla-3.2.10-1.el5
https://admin.fedoraproject.org/updates/atop-1.26-1.el5.1
https://admin.fedoraproject.org/updates/couchdb-1.0.2-8.el5,erlang-ibrows...
https://admin.fedoraproject.org/updates/ocsinventory-1.3.3-5.el5
https://admin.fedoraproject.org/updates/phpldapadmin-1.0.2-1.el5
https://admin.fedoraproject.org/updates/awstats-6.95-3.el5
https://admin.fedoraproject.org/updates/clamav-0.97.3-1.el5
https://admin.fedoraproject.org/updates/cacti-0.8.7h-1.el5
https://admin.fedoraproject.org/updates/puppet-2.6.12-1.el5
https://admin.fedoraproject.org/updates/net6-1.3.14-1.el5
https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.el5
https://admin.fedoraproject.org/updates/drupal6-views-2.13-1.el5
https://admin.fedoraproject.org/updates/phpMyAdmin3-3.4.7-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
389-ds-base-1.2.10-0.5.a5.el5
drupal7-entity-1.0-0.2.beta11.el5
drupal7-field_permissions-1.0-0.1.alpha1.el5
drupal7-fivestar-2.0-0.1.alpha1.el5
php53-php-gettext-1.0.11-3.el5
phpMyAdmin3-3.4.7-1.el5
Details about builds:
================================================================================
389-ds-base-1.2.10-0.5.a5.el5 (FEDORA-EPEL-2011-4893)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
Bug fixes for setup -u, coverity, modrdn 100% cpu, entryusn, referint txn
fix config del/add mods - memberof is transaction aware
resource limits for simple paged results
slapi_rwlock - transactions - account usability - bug fixes
Fix for managed entry
Fixed source tarball
fix transaction support in ldbm_delete
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 4 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10-0.5.a5
- Bug 751495 - 'setup-ds.pl -u' fails with undefined routine
'updateSystemD'
- Bug 750625 750624 750622 744946 Coverity issues
- Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication
- Bug 748575 - rhds81 modrn operation and 100% cpu use in replication
- Bug 745259 - Incorrect entryUSN index under high load in replicated environment
- f639711 Reduce the number of DN normalization
- c06a8fa Keep unhashed password psuedo-attribute in the adding entry
- Bug 744945 - nsslapd-counters attribute value cannot be set to "off"
- 8d3b921 Use new PLUGIN_CONFIG_ENTRY feature to allow switching between txn and regular
- d316a67 Change referential integrity to be a betxnpostoperation plugin
* Fri Oct 7 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10-0.4.a4
- Bug 741744 - part3 - MOD operations with chained delete/add get back error 53
- 1d2f5a0 make memberof transaction aware and able to be a betxnpostoperation plug in
- b6d3ba7 pass the plugin config entry to the plugin init function
- 28f7bfb set the ENTRY_POST_OP for modrdn betxnpostoperation plugins
- Bug 743966 - Compiler warnings in account usability plugin
* Wed Oct 5 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10.a3-0.3
- 498c42b fix transaction support in ldbm_delete
* Wed Oct 5 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10.a2-0.2
- Bug 740942 - allow resource limits to be set for paged searches independently of limits
for other searches/operations
- Bug 741744 - MOD operations with chained delete/add get back error 53 on backend config
- Bug 742324 - allow nsslapd-idlistscanlimit to be set dynamically and per-user
* Tue Sep 27 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10.a1-0.1
- Bug 739172 - Allow separate fractional attrs for incremental and total protocols
- 6120b3d Make all backend operations transaction aware
- 056cc35 Add support for pre/post db transaction plugins
- Bug 736712 - Modifying ruv entry deadlocks server
- Bug 590826 - Reloading database from ldif causes changelog to emit "data no longer
matches" errors
- Bug 730387 - Add slapi_rwlock API and use POSIX rwlocks
- Bug 611438 - Add Account Usability Control support
* Tue Sep 13 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.10-3
- added back fedora-ds-base stuff so as not to break dependencies
* Wed Sep 7 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.10-2
- corrected source
* Wed Sep 7 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.10-1
- Bug 735114 - renaming a managed entry does not update mepmanagedby
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #751495 - 'setup-ds.pl -u' fails with undefined routine
'updateSystemD'
https://bugzilla.redhat.com/show_bug.cgi?id=751495
[ 2 ] Bug #750625 - Fix Coverity minor defects
https://bugzilla.redhat.com/show_bug.cgi?id=750625
[ 3 ] Bug #750624 - Fix Coverity (11053) Explicit null dereferenced:
slapi_dn_normalize_ext (slapd/dn.c)
https://bugzilla.redhat.com/show_bug.cgi?id=750624
[ 4 ] Bug #750622 - Fix Coverity (11104) Resource leak: ids_sasl_user_to_entry
(slapd/saslbind.c)
https://bugzilla.redhat.com/show_bug.cgi?id=750622
[ 5 ] Bug #744946 - (cov#11046) NULL dereference in IDL code
https://bugzilla.redhat.com/show_bug.cgi?id=744946
--------------------------------------------------------------------------------
================================================================================
drupal7-entity-1.0-0.2.beta11.el5 (FEDORA-EPEL-2011-4902)
Extends the entity API to provide a unified way to deal with entities
--------------------------------------------------------------------------------
Update Information:
This module extends the entity API of Drupal core in order
to provide a unified way to deal with entities and their properties. Additionally, it
provides an entity CRUD controller, which helps simplifying the creation of new entity
types.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #745305 - Review Request: drupal7-entity - Extends the entity API to provide a
unified way to deal with entities
https://bugzilla.redhat.com/show_bug.cgi?id=745305
--------------------------------------------------------------------------------
================================================================================
drupal7-field_permissions-1.0-0.1.alpha1.el5 (FEDORA-EPEL-2011-4895)
A replacement for the Content Permissions module shipped with CCK
--------------------------------------------------------------------------------
Update Information:
The Field Permissions module is a drop-in replacement for
the Content Permissions module shipped with CCK.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #745308 - Review Request: drupal7-field_permissions - A replacement for the
Content Permissions module shipped with CCK
https://bugzilla.redhat.com/show_bug.cgi?id=745308
--------------------------------------------------------------------------------
================================================================================
drupal7-fivestar-2.0-0.1.alpha1.el5 (FEDORA-EPEL-2011-4894)
The Fivestar voting module adds a clean attractive voting widget
--------------------------------------------------------------------------------
Update Information:
The Fivestar voting module adds a clean, attractive voting
widget to nodes in Drupal 5, 6 and7. Developed by Lullabot and an officially supported
module in Acquia Drupal.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #745311 - Review Request: drupal7-fivestar - The Fivestar voting module adds a
clean attractive voting widget
https://bugzilla.redhat.com/show_bug.cgi?id=745311
--------------------------------------------------------------------------------
================================================================================
php53-php-gettext-1.0.11-3.el5 (FEDORA-EPEL-2011-4905)
Gettext emulation in PHP
--------------------------------------------------------------------------------
Update Information:
This library provides PHP functions to read MO files even when gettext is not compiled in
or when appropriate locale is not present on the system.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #727000 - Package php-common provides php-gettext, but there is a real
php-gettext package
https://bugzilla.redhat.com/show_bug.cgi?id=727000
[ 2 ] Bug #739417 - Review Request: php53-php-gettext - Gettext emulation in PHP
https://bugzilla.redhat.com/show_bug.cgi?id=739417
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin3-3.4.7-1.el5 (FEDORA-EPEL-2011-4906)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
Changes for 3.4.7.0 (2011-10-23);
- [interface] Links in navigation when $cfg['MainPageIconic'] = false
- [interface] Inline edit shows dropdowns even after closing
- [view] View renaming did not work
- [navi] Wrong icon for view (MySQL 5.5)
- [doc] Missing documentation section
- [pdf] Broken PDF file when exporting database to PDF
- [core] Allow to set language in URL
- [doc] Fix links to PHP documentation
- [export] Export to bzip2 is not working
Changes for 3.4.6.0 (2011-10-16):
- [patch] InnoDB comment display with tooltips/aliases
- [navi] Edit SQL statement after error
- [interface] Collation not displayed for long enum fields
- [export] Config for export compression not used
- [privileges] DB-specific privileges won't submit
- [config] Configuration storage incorrect suggested table name
- [interface] Cannot execute saved query
- [display] Full text button unchecks results display options
- [display] Broken binary column when 'Show binary contents' is not set
- [core] Call to undefined function PMA_isSuperuser()
- [interface] Display options link missing after search
- [core] CSP policy causing designer JS buttons to fail
- [relation] Relations/constraints are dropped/created on every change
- [display] Delete records from last page breaks search
- [schema] PMA_User_Schema::processUserChoice() is broken
- [core] External link fails in 3.4.5
- [display] CharTextareaRows is not respected
- [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
(
http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php)
- [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16
(
http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 5 2011 Robert Scheck <robert(a)fedoraproject.org> 3.4.7-1
- Upgrade to 3.4.7 (#746630, #746880)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #746880 - CVE-2011-3646 CVE-2011-4064 phpMyAdmin: multiple flaws corrected in
3.4.6 (PMASA-2011-15, PMASA-2011-16)
https://bugzilla.redhat.com/show_bug.cgi?id=746880
--------------------------------------------------------------------------------