The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/mod_fcgid-2.2-11.el5
https://admin.fedoraproject.org/updates/xpdf-3.02-16.el5
https://admin.fedoraproject.org/updates/gromacs-4.5.2-1.el5
https://admin.fedoraproject.org/updates/pootle-2.1.2-1.el5
https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-1.el5
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
CVector-1.0.3.1-1.el5
fetch-crl3-3.0.4-1.el5
xpdf-3.02-16.el5
Details about builds:
================================================================================
CVector-1.0.3.1-1.el5 (FEDORA-EPEL-2010-3670)
ANSI C API for Dynamic Arrays
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.3.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 26 2010 Takanori MATSUURA <t.matsuu at gmail.com> - 1.0.3.1-1
- update to 1.0.3.1
- use "make all" instead of "make"
- add %check
--------------------------------------------------------------------------------
================================================================================
fetch-crl3-3.0.4-1.el5 (FEDORA-EPEL-2010-3598)
Downloads Certificate Revocation Lists
--------------------------------------------------------------------------------
Update Information:
A parallel installable fetch-crl version 3 to existing fetch-crl version 2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #643014 - Review Request: fetch-crl3 - Downloads Certificate Revocation Lists
https://bugzilla.redhat.com/show_bug.cgi?id=643014
--------------------------------------------------------------------------------
================================================================================
xpdf-3.02-16.el5 (FEDORA-EPEL-2010-3669)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
Resolves CVE-2010-3702 and CVE-2010-3704.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 10 2010 Tom "spot" Callaway <tcallawa(a)redhat.com> - 1:3.02-16
- apply xpdf-3.02pl5 security patch to fix:
CVE-2010-3702, CVS-2010-3704
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=595245
[ 2 ] Bug #638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
https://bugzilla.redhat.com/show_bug.cgi?id=638960
--------------------------------------------------------------------------------