The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3762/couchdb-1.0.2-... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5289/python-virtual... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4907/bugzilla-3.2.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5293/unbound-1.4.14... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5197/jasper-1.900.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5332/phpMyAdmin3-3.... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5210/clearsilver-0.... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5213/cacti-0.8.7i-2...
The following builds have been pushed to Fedora EPEL 5 updates-testing
phpMyAdmin3-3.4.9-1.el5
Details about builds:
================================================================================ phpMyAdmin3-3.4.9-1.el5 (FEDORA-EPEL-2011-5332) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
Changes 3.4.9.0 (2011-12-21):
- [edit] Inline editing enum fields with null shows no dropdown - [interface] DB suggestion not correct for user with underscore - [core] Magic quotes removed in PHP 5.4 - [session] No feedback when result is empty (signon auth_type) - [display] Problems regarding ShowTooltipAliasTB - [edit] Can't rename a database that contains views - [edit] Unable to move tables with triggers - [navi] Fast filter broken with table tree - [GUI] Firefox favicon frameset regression - [core] Better compatibility with mysql extension - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php) - [security] Self-XSS in setup (host parameter), see PMASA-2011-19 (http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php) -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 22 2011 Robert Scheck robert@fedoraproject.org 3.4.9-1 - Upgrade to 3.4.9 (#769818) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #769982 - CVE-2011-4782 phpMyAdmin Crafted values entered in the setup interface can produce XSS PMASA-2011-19 https://bugzilla.redhat.com/show_bug.cgi?id=769982 [ 2 ] Bug #769981 - CVE-2011-4780 phpMyAdmin XSS on the export panels in the server, database and table sections PMASA-2011-20 https://bugzilla.redhat.com/show_bug.cgi?id=769981 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org