The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/rt3-3.6.11-1.el5 https://admin.fedoraproject.org/updates/jabberd-2.2.11-3.el5 https://admin.fedoraproject.org/updates/drupal7-7.2-1.el5 https://admin.fedoraproject.org/updates/drupal6-6.22-1.el5 https://admin.fedoraproject.org/updates/unbound-1.4.4-3.el5 https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.el5 https://admin.fedoraproject.org/updates/cacti-0.8.7g-1.el5.1 https://admin.fedoraproject.org/updates/ejabberd-2.1.8-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
ejabberd-2.1.8-1.el5 imapsync-1.446-1.el5 libidn2-0.6-1.el5 lua-expat-1.2.0-1.el5 python-asciitable-0.6.0-2.el5.1
Details about builds:
================================================================================ ejabberd-2.1.8-1.el5 (FEDORA-EPEL-2011-3496) A distributed, fault-tolerant Jabber/XMPP server -------------------------------------------------------------------------------- Update Information:
- Ver. 2.1.8 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 3 2011 Peter Lemenkov lemenkov@gmail.com - 2.1.8-1 - Ver. 2.1.8 (very urgent bugfix for 2.1.7) * Wed Jun 1 2011 Peter Lemenkov lemenkov@gmail.com - 2.1.7-1 - Ver. 2.1.7 (bugfixes and security) * Wed Jun 1 2011 Paul Whalen paul.whalen@senecac.on.ca - 2.1.6-5 - Added arm to conditional to build without hevea. * Thu Feb 24 2011 Peter Lemenkov lemenkov@gmail.com - 2.1.6-4 - Updated @online@ patch * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.1.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Jan 25 2011 Martin Langhoff martin@laptop.org 2.1.6-2 - Apply rebased @online@ patch from OLPC - EJAB-1391 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #700454 - CVE-2011-1753 ejabberd: DoS via the XML "billion laughs attack" https://bugzilla.redhat.com/show_bug.cgi?id=700454 --------------------------------------------------------------------------------
================================================================================ imapsync-1.446-1.el5 (FEDORA-EPEL-2011-3510) Tool to migrate email between IMAP servers -------------------------------------------------------------------------------- Update Information:
Update to 1.446 -------------------------------------------------------------------------------- ChangeLog:
* Tue May 31 2011 Nick Bebout nb@fedoraproject.org - 1.446-1 - Bugfix. Try to handle Markus bug in foldersizes() when select_msgs() returns a list of undef. - Check if uidexpunge is supported at the beginning of execution, not when needed. - Set --uidexpunge2 if --delete2 or --expunge2 if uidexpunge not supported. - Changed all warn() calls (STDERR) to print calls (STDOUT) - good_date() "24 Aug 77" -> "24-Aug-1977" - Patched tests_good_date() and good_date() with Dax Kelson patches. - Started code to deal with epoch of messages. - Handle better folder creation, not a failure when folder "already exists" during its creation. - Replaced default setting. Now --delete2 sets --uidexpunge2 instead of --expunge2 (unless --nouidexpunge2 is set) - Added epoch() routine to prepare the safe bidirectional sync (maybe...) - Adapted the usage output multiline character to Unix or Win, \ or ^ - Bugfix. Avoid a "no number" warning when size is null. - Added "Date" in the default --useheader list. ("Message-Id", "Message-ID", "Date") - Bugfix. Bad header beginning with a blank character. * Tue May 24 2011 Nick Bebout nb@fedoraproject.org - 1.434-1 - Bugfix. Made --usecache work with --maxage or --maxsize or --min* - Improved the way imapsync deals with headers: - - Stopped getting first 2KB of message. Not a good idea. - - If $imap2->parse_headers() fails then take the whole header (instead of body). - - Default is like --useheader Message-Id --useheader Message-ID - - Use header Message-Id and header Date as sig md5 when taking the whole header. - Better output in debug mode. - Options --usecache and --maxsize --minsize can safely be used if --delete is there - Added tests of mkpath very long path > 300 char. Win32 fails on them. - Bugfix. Added special case for Inbox vs INBOX bug creation ("Couldn't create folder [Inbox] from [INBOX]: 143 NO INBOX already exists!") - Adapted regression tests for good_date() when no zone is given. - Bugfix. intarnal date needs zone data. Default to +0000. - Bugfix. Starttls() only for 2.2.9 - Fix. Removed a debug print always printed. - Bugfix. Changed the way imapsync knows whether a folder exists or not. Exchange might be happy and stop deconnecting for this reason. - Added a warning and die if --usecache and one of --maxsize--minsize --maxage --minage is used. - Bugfix. Reconnections are well done in tls mode now. - Zimbra 5.0.24_GA_3356.RHEL4 [host1] - Exchange 2010 SP1 RU2 [host2] - Added --debugsleep to have to play will kill and reconnections. --------------------------------------------------------------------------------
================================================================================ libidn2-0.6-1.el5 (FEDORA-EPEL-2011-3518) Library to support IDNA2008 internationalized domain names -------------------------------------------------------------------------------- Update Information:
Upstream fix: Use -no-install instead of -static to fix --disable-static at tests -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 4 2011 Robert Scheck robert@fedoraproject.org 0.6-1 - Upgrade to 0.6 --------------------------------------------------------------------------------
================================================================================ lua-expat-1.2.0-1.el5 (FEDORA-EPEL-2011-3514) SAX XML parser based on the Expat library -------------------------------------------------------------------------------- Update Information:
New upstream release (billion laughs DOS vulnerability) -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 3 2011 Matěj Cepl mcepl@redhat.com - 1.2-1 - New upstream release, fixing "The Billion Laughs Attack" for XMPP servers. - Fix tests so that we actually pass them. * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ python-asciitable-0.6.0-2.el5.1 (FEDORA-EPEL-2011-3513) Extensible ASCII table reader and writer -------------------------------------------------------------------------------- Update Information:
An extensible ASCII table reader for astronomy. Asciitable can read a wide range of ASCII table formats via built-in Extension Reader Classes --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org