The following Fedora EPEL 4 Security updates need testing:

https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5177/jasper-1.900.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5208/cacti-0.8.7i-1...

The following builds have been pushed to Fedora EPEL 4 updates-testing

bitlbee-3.0.4-1.el4 cacti-0.8.7i-1.el4 cppcheck-1.52-1.el4 mksh-40d-1.el4

Details about builds:

================================================================================ bitlbee-3.0.4-1.el4 (FEDORA-EPEL-2011-5224) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information:

Bitlbee version 3.0.4 (released 2011-12-04):

- Merged Skype support. This used to be a separate plugin, and it still is, but by including it with BitlBee by default it will be easier to keep it in sync with changes to BitlBee - Fixed a file descriptor leak bug that may have caused strange behaviour in BitlBee sessions running for a long time - Now fetches Twitter mentions as well if the "fetch_mentions" account setting is enabled - With t.co now all over Twitter, show the original (but truncated) URL between <brackets> - Fixed MSN Messenger login issues ("timeout" while fetching buddy list) - Another (related) GnuTLS compatibility fix (now 2.13+?) -------------------------------------------------------------------------------- ChangeLog:

* Tue Dec 6 2011 Adam Williamson awilliam@redhat.com - 3.0.4-1 - new upstream release 3.0.4 - drop 823_822.diff (merged upstream obviously) --------------------------------------------------------------------------------

================================================================================ cacti-0.8.7i-1.el4 (FEDORA-EPEL-2011-5208) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information:

Update to 0.8.7i. Upstream release notes are at http://www.cacti.net/release_notes_0_8_7i.php. Notably "Multiple security vulnerabilities". Also, merge some changes that were in Fedora: add mod_security overrides, and block HTTP access to log and rra directories. -------------------------------------------------------------------------------- ChangeLog:

* Sun Dec 11 2011 Ken Dreyer ktdreyer@ktdreyer.com - 0.8.7i-1 - New upstream release (BZ #766573). * Fri Nov 11 2011 Ken Dreyer ktdreyer@ktdreyer.com - 0.8.7h-2 - block HTTP access to log and rra directories (#609856) - overrides for mod_security - set logrotate to su to cacti apache when rotating (#753079) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #766573 - cacti-0.8.7i is available https://bugzilla.redhat.com/show_bug.cgi?id=766573 [ 2 ] Bug #609856 - cacti: no httpd restrictions for log and rra directories https://bugzilla.redhat.com/show_bug.cgi?id=609856 --------------------------------------------------------------------------------

================================================================================ cppcheck-1.52-1.el4 (FEDORA-EPEL-2011-5209) Tool for static C/C++ code analysis -------------------------------------------------------------------------------- Update Information:

Update to newest stable release, see details at http://sourceforge.net/apps/trac/cppcheck/milestone/1.52. -------------------------------------------------------------------------------- ChangeLog:

* Sun Dec 11 2011 Jussi Lehtola jussilehtola@fedoraproject.org - 1.52-1 - Update to 1.52. * Wed Oct 26 2011 Ville Skyttä ville.skytta@iki.fi - 1.51-2 - Include man page and more other docs. - Build with $RPM_LD_FLAGS. - Improve summary and description. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #766259 - cppcheck-1.52 is available https://bugzilla.redhat.com/show_bug.cgi?id=766259 --------------------------------------------------------------------------------

================================================================================ mksh-40d-1.el4 (FEDORA-EPEL-2011-5223) MirBSD enhanced version of the Korn Shell -------------------------------------------------------------------------------- Update Information:

mksh R40d is a must-have bugfix update:

* New test.sh ‘-f’ option (same as ‘-C fastbox’) * Drop using set -o noglob inside pushd/popd/dirs * Use += more in dot.mkshrc and keep strings shorter * Correct interworking between local and set -A * Fix out-of-bounds memory access on strings of 32 KiB length * MKSH_DISABLE_DEPRECATED (for integrators) * test(1) built-in behaves exactly as POSIX says * Move compile-time assertions to Build.sh from misc.c#ifdef DEBUG * Invocation documentation is at the bottom of Build.sh * test.sh: verbosely look for perl(1) interpreter to use * New tests for integers (base 1‥36, base unspecified, base OOB) * Correct error paths for typeset -n global state * Deprecate interpreting "010" as octal number, will go * Improvements re. integer handling; more explicit manpage text * Do not use caddr_t on Linux, so dietlibc stops bitching * Catch division/modulo overflow 0x80000000/-1 * Emacs mode ^O regression fix when the fetched lines are edited -------------------------------------------------------------------------------- ChangeLog:

* Sun Dec 11 2011 Robert Scheck robert@fedoraproject.org 40d-1 - Upgrade to 40d --------------------------------------------------------------------------------