The following Fedora EPEL 5 Security updates need testing: Age URL 833 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893 libguestfs-1.20.12-1.el5 598 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5 447 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5 90 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5 62 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5 43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2 libsndfile-1.0.17-8.el5 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5a2146a2dd prosody-0.9.10-1.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2a457c3d5b phpMyAdmin4-4.0.10.14-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
libburn-1.4.2-2.el5 phpMyAdmin4-4.0.10.14-1.el5
Details about builds:
================================================================================ libburn-1.4.2-2.el5 (FEDORA-EPEL-2016-ebbe8b6924) Library for reading, mastering and writing optical discs -------------------------------------------------------------------------------- Update Information:
libburn 1.4.2.pl01 ================== * Bug fix: cdrskin "failed to attach fifo" when burning from stdin. Regression of 1.4.2, rev 5522. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1294947 - k3b does not work with cdrskin https://bugzilla.redhat.com/show_bug.cgi?id=1294947 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin4-4.0.10.14-1.el5 (FEDORA-EPEL-2016-2a457c3d5b) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
phpMyAdmin 4.0.10.14 (2016-01-29) ================================= - Error with PMA 4.0.10.13 with PHP 5.2 phpMyAdmin 4.0.10.13 (2016-01-28) ================================= - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of CSRF token, see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see PMASA-2016-3 - [Security] Insecure password generation in JavaScript, see PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, see PMASA-2016-5 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5) https://bugzilla.redhat.com/show_bug.cgi?id=1302681 [ 2 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4) https://bugzilla.redhat.com/show_bug.cgi?id=1302680 [ 3 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3) https://bugzilla.redhat.com/show_bug.cgi?id=1302679 [ 4 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2) https://bugzilla.redhat.com/show_bug.cgi?id=1302677 [ 5 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1) https://bugzilla.redhat.com/show_bug.cgi?id=1302676 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org