The following Fedora EPEL 5 Security updates need testing: Age URL 838 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 292 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 57 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-... 47 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1696/perl-Email-Add... 41 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1747/mediawiki119-1... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1996/fail2ban-0.8.1... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2087/drupal7-date-2... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2155/wordpress-3.9.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2165/iodine-0.7.0-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2153/drupal6-6.33-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2150/drupal7-7.31-1...
The following builds have been pushed to Fedora EPEL 5 updates-testing
amavisd-new-2.5.2-3.el5 bitlbee-3.2.2-4.el5 drupal6-6.33-1.el5 drupal7-7.31-1.el5 iodine-0.7.0-1.el5 wordpress-3.9.2-2.el5
Details about builds:
================================================================================ amavisd-new-2.5.2-3.el5 (FEDORA-EPEL-2014-2152) Email filter with virus scanner and spamassassin support -------------------------------------------------------------------------------- Update Information:
Change permissions of /var/spool/amavisd folders to 750 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #430177 - clamd.d/amavisd.conf configuration directives require boolean arguments https://bugzilla.redhat.com/show_bug.cgi?id=430177 --------------------------------------------------------------------------------
================================================================================ bitlbee-3.2.2-4.el5 (FEDORA-EPEL-2014-2154) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information:
Disable libpurple due to dbus issues also in EPEL (#1126930) -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 7 2014 Robert Scheck robert@fedoraproject.org 3.2.2-4 - Disable libpurple due to dbus issues also in EPEL (#1126930) * Tue Jul 22 2014 Robert Scheck robert@fedoraproject.org 3.2.2-3 - Really disable libpurple support for Fedora except Rawhide * Mon Jul 14 2014 Robert Scheck robert@fedoraproject.org 3.2.2-2 - Enable forkdaemon due lacking SELinux policy in Rawhide only - Disable libpurple conflicting with the daemon mode (#1117553) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1126930 - bitlbee 3.2.2 dbus problem on centos 6 https://bugzilla.redhat.com/show_bug.cgi?id=1126930 --------------------------------------------------------------------------------
================================================================================ drupal6-6.33-1.el5 (FEDORA-EPEL-2014-2153) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:
- Update to Drupal 6.33. - Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes. -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 7 2014 Peter Borsa peter.borsa@gmail.com - 6.33-1 - 6.33, SA-CORE-2014-004 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1127538 - drupal: denial of service issue (SA-CORE-2014-004) https://bugzilla.redhat.com/show_bug.cgi?id=1127538 --------------------------------------------------------------------------------
================================================================================ drupal7-7.31-1.el5 (FEDORA-EPEL-2014-2150) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:
Update to upstream 7.31 release for SA-CORE-2014-004 This is a bugfix release. For complete details refer to: https://www.drupal.org/drupal-7.30-release-notes Fixes SA-CORE-2014-003. For details refer to: https://www.drupal.org/drupal-7.29-release-notes -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 7 2014 Jared Smith jsmith@fedoraproject.org - 7.31-1 - Update to upstream 7.31 release for SA-CORE-2014-004 * Mon Jul 28 2014 Paul W. Frields stickster@gmail.com - 7.30-1 - 7.30 * Wed Jul 16 2014 Paul W. Frields stickster@gmail.com - 7.29-1 - 7.29, SA-CORE-2014-003 * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 7.28-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1120641 - CVE-2014-5019 CVE-2014-5020 CVE-2014-5021 CVE-2014-5022 drupal7: multiple vulnerabilities (SA-CORE-2014-003) https://bugzilla.redhat.com/show_bug.cgi?id=1120641 [ 2 ] Bug #1127538 - drupal: denial of service issue (SA-CORE-2014-004) https://bugzilla.redhat.com/show_bug.cgi?id=1127538 --------------------------------------------------------------------------------
================================================================================ iodine-0.7.0-1.el5 (FEDORA-EPEL-2014-2165) Solution to tunnel IPv4 data through a DNS server -------------------------------------------------------------------------------- Update Information:
Update to 0.7.0 to fix CVE-2014-4168 iodine: authentication bypass vulnerability (bz#1110339, bz#1110338 [bz#1110340, bz#1110341, bz#1110342]). -------------------------------------------------------------------------------- ChangeLog:
* Tue Jul 22 2014 Pavel Alexeev Pahan@Hubbitus.info - 0.7.0-1 - Update to 0.7.0 to fix CVE-2014-4168 iodine: authentication bypass vulnerability (bz#1110339, bz#1110338 [bz#1110340, bz#1110341, bz#1110342]). - Drop old Patch0: iodine-0.5.2-prefix.patch - Rebase iodine-0.6.0-rc1.split-man.patch -> iodine-0.7.0.split-man.patch -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1110338 - CVE-2014-4168 iodine: authentication bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1110338 --------------------------------------------------------------------------------
================================================================================ wordpress-3.9.2-2.el5 (FEDORA-EPEL-2014-2155) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
Upstream annoucement: http://wordpress.org/news/2014/08/wordpress-3-9-2/ -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 7 2014 Remi Collet remi@fedoraproject.org - 3.9.2-1 - update to 3.9.2 Security Release #1127547 - config file only readable by apache user (httpd or php-fpm) #1124582 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1127547 - wordpress: security issues fixed in version 3.9.2 https://bugzilla.redhat.com/show_bug.cgi?id=1127547 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org