The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3762/couchdb-1.0.2-... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4907/bugzilla-3.2.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4674/awstats-6.95-3... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5165/phpMyAdmin3-3....
The following builds have been pushed to Fedora EPEL 5 updates-testing
archimedes-2.0.0-1.el5 dspam-3.10.1-2.el5 phpMyAdmin3-3.4.8-1.el5 torque-2.5.7-7.el5
Details about builds:
================================================================================ archimedes-2.0.0-1.el5 (FEDORA-EPEL-2011-5163) 2D Quantum Monte Carlo simulator for semiconductor devices -------------------------------------------------------------------------------- Update Information:
Since last FEL release, archimedes entails the following changes:
- The material parameters have been checked and modified - Benchmark tests were carried out to check the validity of the framework - Scattering phonons can be set to ON or OFF - Support for Full band approach was implemented - Parabolic, Kane and Full bank verified - Full band parameters supports for all materials - Initial implementation of FEM for Poisson - Quantum Effective Potential modified - Bohm Potential Model was implemented - Calibrated Bohm Potential Model was implemented - Density Gradient corrected and tested - Full effective potential model was implemented
-------------------------------------------------------------------------------- ChangeLog:
* Sun Dec 4 2011 Chitlesh Goorah <chitlesh [AT] fedoraproject DOT org> - 2.0.0-1 - Bug 731298 - archimedes-2.0.0 is available - new upstream release * Mon Feb 7 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #731298 - archimedes-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=731298 --------------------------------------------------------------------------------
================================================================================ dspam-3.10.1-2.el5 (FEDORA-EPEL-2011-5158) A library and Mail Delivery Agent for Bayesian SPAM filtering -------------------------------------------------------------------------------- Update Information:
Enable Clamav Integration -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 3 2011 Nathanael Noblet nathanael@gnat.ca - 3.10.1-2 - enable clamav - logrotate log ownership --------------------------------------------------------------------------------
================================================================================ phpMyAdmin3-3.4.8-1.el5 (FEDORA-EPEL-2011-5165) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
Changes for 3.4.8.0 (2011-12-01):
- [interface] enum data split at space char (more space to edit) - [interface] ENUM/SET editor can't handle commas in values - [interface] no links to browse/empty views and tables - [interface] Deleted search results remain visible - [import] ODS import ignores memory limits - [interface] Visual column separation - [parser] TRUE not recognized by parser - [config] Make location of php-gettext configurable - [import] Handle conflicts in some open_basedir situations - [display] Dropdown results - setting NULL does not work - [edit] Inline edit on multi-server configuration - [core] Notice: Array to string conversion in PHP 5.4 - [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the view name in main panel db Structure page - [core] Fail to synchronize column with name of keyword - [interface] Add column after drop - [interface] Avoid showing the password in phpinfo()'s output - [GUI] 'newer version of phpMyAdmin' message not shown in IE8 - [interface] Entering the key through a lookup window does not reset NULL - [security] Self-XSS on database names (synchronize, operations/rename), see PMASA-2011-18 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php) - [security] Self-XSS on column type (create index, table Search), see PMASA-2011-18 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php) - [security] Self-XSS on invalid query (table overview), see PMASA-2011-18 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php) -------------------------------------------------------------------------------- ChangeLog:
* Sun Dec 4 2011 Robert Scheck robert@fedoraproject.org 3.4.8-1 - Upgrade to 3.4.8 (#759441) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #759441 - phpMyAdmin-3.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=759441 --------------------------------------------------------------------------------
================================================================================ torque-2.5.7-7.el5 (FEDORA-EPEL-2011-5161) Tera-scale Open-source Resource and QUEue manager -------------------------------------------------------------------------------- Update Information:
Fixes a potential segfault in pbs_server.
This torque update corrects a security vulnerability whereby a user connecting to the torque pbs_server could impersonate another user present within the torque batch system.
In addition a memory leak is fixed, previously memory used for sending and receiving data was not being released.
This torque update corrects a security vulnerability whereby a user connecting to the torque pbs_server could impersonate another user present within the torque batch system.
In addition a memory leak is fixed, previously memory used for sending and receiving data was not being released.
This torque update corrects a security vulnerability whereby a user connecting to the torque pbs_server could impersonate another user present within the torque batch system.
In addition a memory leak is fixed, previously memory used for sending and receiving data was not being released.
-------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 3 2011 Steve Traylen steve.traylen@cern.ch - 2.5.7-7 - Add torque-2.5.7-rhbz#759141-r5167-pbs_server-crash.patch - torque clients require munge, e.g qsub. * Mon Nov 21 2011 Steve Traylen steve.traylen@cern.ch - 2.5.7-6 - Add torque-rhbz#758740-r5258-dis-close.patch and torque-rhbz#758740-r5270-dis-array.patch * Mon Nov 21 2011 Steve Traylen steve.traylen@cern.ch - 2.5.7-5 - Add torque-fix-munge-rhbz#752079-PTII.patch * Thu Nov 17 2011 Steve Traylen steve.traylen@cern.ch - 2.5.7-4 - Empty release for release mistake. * Thu Nov 17 2011 Steve Traylen steve.traylen@cern.ch - 2.5.7-3 - Add torque-fix-munge-rhbz#752079.patch -------------------------------------------------------------------------------- References:
[ 1 ] Bug #759141 - pbs_server crash on 'pbsnodes' from client without munge https://bugzilla.redhat.com/show_bug.cgi?id=759141 [ 2 ] Bug #752079 - Torque and Munge impersonation vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=752079 [ 3 ] Bug #758740 - torque 2.5.7 memory leak. https://bugzilla.redhat.com/show_bug.cgi?id=758740 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org
-
updates@fedoraproject.org