The following Fedora EPEL 5 Security updates need testing: Age URL 372 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 267 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2... 72 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0366/openconnect-4.... 30 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0819/libarchive-2.8... 18 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5410/php-geshi-1.0.... 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5449/pdns-recursor-... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5517/git-1.8.2.1-1.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5620/phpMyAdmin3-3....
The following builds have been pushed to Fedora EPEL 5 updates-testing
munin-2.0.13-1.el5 phpMyAdmin3-3.5.8.1-1.el5
Details about builds:
================================================================================ munin-2.0.13-1.el5 (FEDORA-EPEL-2013-5623) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information:
Upstream released 2.0.13, nginx subpackage, apache fcgi cleanup -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2013 D. Johnson fenris02@fedoraproject.org - 2.0.13-1 - Upstream released 2.0.13 * Thu Apr 4 2013 Viljo Viitanen viljo.viitanen@iki.fi - 2.0.12-4 - BZ #905421 add nginx cgi package, removed unnecessary services from apache cgi package * Mon Apr 1 2013 D. Johnson fenris02@fedoraproject.org - 2.0.12-3 - Add fw_ default config -------------------------------------------------------------------------------- References:
[ 1 ] Bug #905421 - nfs.export-volumes tunable does not show up as "Options Reconfigured" for volume created after the tunable has been changed https://bugzilla.redhat.com/show_bug.cgi?id=905421 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin3-3.5.8.1-1.el5 (FEDORA-EPEL-2013-5620) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
phpMyAdmin 3.5.8.1 (2013-04-24) ===============================
- [security] Remote code execution (preg_replace), reported by Janek Vind (see PMASA-2013-2) - [security] Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind (see PMASA-2013-3) -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 25 2013 Robert Scheck robert@fedoraproject.org 3.5.8.1-1 - Upgrade to 3.5.8.1 (#956398, #956401) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #956398 - CVE-2013-3238 phpMyAdmin: remote code execution via preg_replace() (PMASA-2013-2) https://bugzilla.redhat.com/show_bug.cgi?id=956398 [ 2 ] Bug #956401 - CVE-2013-3239 phpMyAdmin: remote code execution via locally saved SQL dump file multiple extensions (PMASA-2013-3) https://bugzilla.redhat.com/show_bug.cgi?id=956401 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org