The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/libsndfile-1.0.17-4.el5
https://admin.fedoraproject.org/updates/wordpress-2.8.6-4.el5
https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-3.el5
https://admin.fedoraproject.org/updates/perl-Convert-UUlib-1.34-1.el5
https://admin.fedoraproject.org/updates/Django-1.1.3-1.el5
https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.112-2.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
openscada-0.7.0.1-5.el5
perl-Geo-METAR-1.15-7.el5
supybot-koji-0.2-1.el5
wordpress-2.8.6-4.el5
wordpress-mu-2.9.2-3.el5
Details about builds:
================================================================================
openscada-0.7.0.1-5.el5 (FEDORA-EPEL-2011-0058)
Open SCADA system project
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 11 2011 Aleksey Popkov <aleksey(a)oscada.org> - 0.7.0.1-5
- Moved files of messages from main package to the self package
- Fixed macros errors
- Fixed of error in oscada.init.patch file
- Fixed somes of spelling-error.
* Tue Jan 4 2011 Aleksey Popkov <aleksey(a)oscada.org> - 0.7.0.1-4
- My mistake fixing. Sorry!
* Tue Dec 21 2010 Aleksey Popkov <aleksey(a)oscada.org> - 0.7.0.1-3
- Fixed:UI.VCAEngine: A session deadlock is fixed for dynamic-active projects, for
attributes access.
* Mon Dec 20 2010 Aleksey Popkov <aleksey(a)oscada.org> - 0.7.0.1-2
- Fixed BuildRequires.
* Mon Dec 20 2010 Aleksey Popkov <aleksey(a)oscada.org> - 0.7.0.1-1
- Fixed Source0 patch
- Build 0.7.0.1 update to production release.
--------------------------------------------------------------------------------
================================================================================
perl-Geo-METAR-1.15-7.el5 (FEDORA-EPEL-2011-0057)
Perl module for accessing aviation weather information
--------------------------------------------------------------------------------
================================================================================
supybot-koji-0.2-1.el5 (FEDORA-EPEL-2011-0056)
Plugin for Supybot to interact with Koji instances
--------------------------------------------------------------------------------
Update Information:
This update fixes a bug where Fedora infrastructure was unable to use the plugin. It also
allows the configuration of non-Fedora Koji servers, if this were ever to be used with a
private koji instance, for example.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 12 2011 Jon Stanley <jonstanley(a)gmail.com> - 0.2-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
wordpress-2.8.6-4.el5 (FEDORA-EPEL-2010-3857)
WordPress blogging software
--------------------------------------------------------------------------------
Update Information:
Security fix:
http://core.trac.wordpress.org/changeset/16625
Fix for HTML sanitation issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2011 Jon Ciesla <limb(a)jcomserv.net> - 2.8.6-4
- Patch for security vulnerability, BZ 666782.
* Thu Dec 23 2010 Jon Ciesla <limb(a)jcomserv.net> - 2.8.6-3
- Change Requires from httpd to webserver, BZ 523480.
- Patch for Hello Dolly lyrics, BZ 663966.
- Patch for security vulnerability, BZ 659319.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #659265 - CVE-2010-4257 Wordpress: SQL injection flaw by processing
trackbacks
https://bugzilla.redhat.com/show_bug.cgi?id=659265
--------------------------------------------------------------------------------
================================================================================
wordpress-mu-2.9.2-3.el5 (FEDORA-EPEL-2011-0002)
WordPress-MU multi-user blogging software
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 2.9.2, fixing one security issue:
* CVE-2010-0682
https://core.trac.wordpress.org/changeset/13117
plus a backported security fix:
* CVE-2010-4257
https://core.trac.wordpress.org/changeset/16625
Plus additional security fixes for BZ 668192.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 11 2011 Jon Ciesla <limb(a)jcomserv.net> - 2.9.2-3
- Patches for security flaws, BZ 668192.
* Thu Dec 23 2010 Jon Ciesla <limb(a)jcomserv.net> - 2.9.2-2
- Change Requires from httpd to webserver, BZ 523480.
- Patch for security vulnerability, BZ 659319.
* Mon May 10 2010 Bret McMillan <bretm(a)redhat.com> - 2.9.2-1
- updating to 2.9.2
* Fri Jan 29 2010 Bret McMillan <bretm(a)redhat.com> - 2.9.1.1-1
- collected bug fixes and enhancements from wordpress 2.9.x merged into wpmu 2.9.1
- Plugins options fix:
http://trac.mu.wordpress.org/ticket/1193
- wp_getUserBlogs fix:
http://trac.mu.wordpress.org/ticket/1195
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #659265 - CVE-2010-4257 Wordpress: SQL injection flaw by processing
trackbacks
https://bugzilla.redhat.com/show_bug.cgi?id=659265
--------------------------------------------------------------------------------