The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4907/bugzilla-3.2.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5165/phpMyAdmin3-3.... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3762/couchdb-1.0.2-... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5197/jasper-1.900.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5213/cacti-0.8.7i-1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5210/clearsilver-0....
The following builds have been pushed to Fedora EPEL 5 updates-testing
autojump-19-2.el5 bitlbee-3.0.4-1.el5 cacti-0.8.7i-1.el5 clearsilver-0.10.5-15.el5 cppcheck-1.52-1.el5 mksh-40d-1.el5 nagios-plugins-bdii-1.0.14-1.el5 opensc-0.12.2-2.el5
Details about builds:
================================================================================ autojump-19-2.el5 (FEDORA-EPEL-2011-5222) A fast way to navigate your filesystem from the command line -------------------------------------------------------------------------------- Update Information:
- Update to version 19 -------------------------------------------------------------------------------- ChangeLog:
* Sun Dec 11 2011 Thibault North tnorth@fedoraproject.org - 19-2 - Add symlink for jumpapplet * Sun Dec 11 2011 Thibault North tnorth@fedoraproject.org - 19-1 - Update to version 19 * Sun Apr 10 2011 Thibault North tnorth@fedoraproject.org - 15-1 - New upstream release * Mon Feb 7 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 14-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ bitlbee-3.0.4-1.el5 (FEDORA-EPEL-2011-5212) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information:
Bitlbee version 3.0.4 (released 2011-12-04):
- Merged Skype support. This used to be a separate plugin, and it still is, but by including it with BitlBee by default it will be easier to keep it in sync with changes to BitlBee - Fixed a file descriptor leak bug that may have caused strange behaviour in BitlBee sessions running for a long time - Now fetches Twitter mentions as well if the "fetch_mentions" account setting is enabled - With t.co now all over Twitter, show the original (but truncated) URL between <brackets> - Fixed MSN Messenger login issues ("timeout" while fetching buddy list) - Another (related) GnuTLS compatibility fix (now 2.13+?) -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 6 2011 Adam Williamson awilliam@redhat.com - 3.0.4-1 - new upstream release 3.0.4 - drop 823_822.diff (merged upstream obviously) --------------------------------------------------------------------------------
================================================================================ cacti-0.8.7i-1.el5 (FEDORA-EPEL-2011-5213) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information:
Update to 0.8.7i. Upstream release notes are at http://www.cacti.net/release_notes_0_8_7i.php. Notably "Multiple security vulnerabilities". Also, merge some changes that were in Fedora: add mod_security overrides, and block HTTP access to log and rra directories. -------------------------------------------------------------------------------- ChangeLog:
* Sun Dec 11 2011 Ken Dreyer ktdreyer@ktdreyer.com - 0.8.7i-1 - New upstream release (BZ #766573). * Fri Nov 11 2011 Ken Dreyer ktdreyer@ktdreyer.com - 0.8.7h-2 - block HTTP access to log and rra directories (#609856) - overrides for mod_security - set logrotate to su to cacti apache when rotating (#753079) * Thu Oct 27 2011 Ken Dreyer ktdreyer@ktdreyer.com - 0.8.7h-1 - New upstream release. - Remove upstream'd mysql patch. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #766573 - cacti-0.8.7i is available https://bugzilla.redhat.com/show_bug.cgi?id=766573 [ 2 ] Bug #609856 - cacti: no httpd restrictions for log and rra directories https://bugzilla.redhat.com/show_bug.cgi?id=609856 --------------------------------------------------------------------------------
================================================================================ clearsilver-0.10.5-15.el5 (FEDORA-EPEL-2011-5210) Fast and powerful HTML templating system -------------------------------------------------------------------------------- Update Information:
CVE-2011-4357 -------------------------------------------------------------------------------- ChangeLog:
* Mon Dec 12 2011 Jon Ciesla limburgher@gmail.com - 0.10.5-15 - Patch for CVE-2011-4357, BZ 757543. * Fri Jun 17 2011 Marcela Mašláňová mmaslano@redhat.com - 0.10.5-14 - Perl mass rebuild * Fri Jun 10 2011 Marcela Mašláňová mmaslano@redhat.com - 0.10.5-13 - Perl 5.14 mass rebuild * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.10.5-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Oct 4 2010 Jon Ciesla limb@jcomserv.net - 0.10.5-11 - Added virtual provides for -static, BZ 609601. * Wed Jul 21 2010 David Malcolm dmalcolm@redhat.com - 0.10.5-10 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild * Thu Apr 29 2010 Marcela Maslanova mmaslano@redhat.com - 0.10.5-9 - Mass rebuild with perl-5.12.0 * Fri Dec 4 2009 Stepan Kasal skasal@redhat.com - 0.10.5-8 - rebuild against perl 5.10.1 * Fri Jul 24 2009 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.10.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Tue Feb 24 2009 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.10.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Apr 14 2008 Jeffrey C. Ollie jeff@ocjtech.us - 0.10.5-4 - Add patch from Kevin Kofler to fix build failures. * Thu Mar 6 2008 Tom "spot" Callaway tcallawa@redhat.com - 0.10.5-3 Rebuild for new perl * Tue Feb 19 2008 Fedora Release Engineering rel-eng@fedoraproject.org - 0.10.5-2 - Autorebuild for GCC 4.3 * Mon Jun 4 2007 Jeffrey C. Ollie jeff@ocjtech.us - 0.10.4-5 - Add BR perl-devel for fedora > 6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #757543 - clearsilver (neo_cgi): Format string flaw by processing CGI error messages in Python module [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=757543 --------------------------------------------------------------------------------
================================================================================ cppcheck-1.52-1.el5 (FEDORA-EPEL-2011-5217) Tool for static C/C++ code analysis -------------------------------------------------------------------------------- Update Information:
Update to newest stable release, see details at http://sourceforge.net/apps/trac/cppcheck/milestone/1.52. -------------------------------------------------------------------------------- ChangeLog:
* Sun Dec 11 2011 Jussi Lehtola jussilehtola@fedoraproject.org - 1.52-1 - Update to 1.52. * Wed Oct 26 2011 Ville Skyttä ville.skytta@iki.fi - 1.51-2 - Include man page and more other docs. - Build with $RPM_LD_FLAGS. - Improve summary and description. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #766259 - cppcheck-1.52 is available https://bugzilla.redhat.com/show_bug.cgi?id=766259 --------------------------------------------------------------------------------
================================================================================ mksh-40d-1.el5 (FEDORA-EPEL-2011-5221) MirBSD enhanced version of the Korn Shell -------------------------------------------------------------------------------- Update Information:
mksh R40d is a must-have bugfix update:
* New test.sh ‘-f’ option (same as ‘-C fastbox’) * Drop using set -o noglob inside pushd/popd/dirs * Use += more in dot.mkshrc and keep strings shorter * Correct interworking between local and set -A * Fix out-of-bounds memory access on strings of 32 KiB length * MKSH_DISABLE_DEPRECATED (for integrators) * test(1) built-in behaves exactly as POSIX says * Move compile-time assertions to Build.sh from misc.c#ifdef DEBUG * Invocation documentation is at the bottom of Build.sh * test.sh: verbosely look for perl(1) interpreter to use * New tests for integers (base 1‥36, base unspecified, base OOB) * Correct error paths for typeset -n global state * Deprecate interpreting "010" as octal number, will go * Improvements re. integer handling; more explicit manpage text * Do not use caddr_t on Linux, so dietlibc stops bitching * Catch division/modulo overflow 0x80000000/-1 * Emacs mode ^O regression fix when the fetched lines are edited -------------------------------------------------------------------------------- ChangeLog:
* Sun Dec 11 2011 Robert Scheck robert@fedoraproject.org 40d-1 - Upgrade to 40d --------------------------------------------------------------------------------
================================================================================ nagios-plugins-bdii-1.0.14-1.el5 (FEDORA-EPEL-2011-5211) Nagios Plugin - check_bdii_entries -------------------------------------------------------------------------------- Update Information:
Nagios Probe for the BDII -------------------------------------------------------------------------------- References:
[ 1 ] Bug #754137 - Review Request: nagios-plugins-bdii - Nagios Probe for the BDII https://bugzilla.redhat.com/show_bug.cgi?id=754137 --------------------------------------------------------------------------------
================================================================================ opensc-0.12.2-2.el5 (FEDORA-EPEL-2011-5201) Smart card library and applications -------------------------------------------------------------------------------- Update Information:
Bugfix update from upstream. -------------------------------------------------------------------------------- ChangeLog:
* Wed Aug 17 2011 Tomas Mraz tmraz@redhat.com - 0.12.2-2 - Rebuilt to fix trailing slashes in filelist from rpmbuild bug * Tue Jul 19 2011 Kalev Lember kalevlember@gmail.com - 0.12.2-1 - Update to 0.12.2 (#722659) * Wed May 18 2011 Kalev Lember kalev@smartlink.ee - 0.12.1-1 - Update to 0.12.1 (#705743) - Removed BR libtool-ltdl-devel to build with glibc's libdl instead * Tue Apr 12 2011 Tomas Mraz tmraz@redhat.com - 0.12.0-4 - drop multilib conflicting and duplicated doc file (#695368) * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.12.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #765732 - opensc v0.12.0 is somewhat broken and needs a update atleast to v0.12.1 https://bugzilla.redhat.com/show_bug.cgi?id=765732 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org