The following Fedora EPEL 5 Security updates need testing:
Age URL
790
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
244
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
125
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2....
16
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1575/chkrootkit-...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1651/python-jinj...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1646/python26-ji...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1697/zabbix20-2....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1696/perl-Email-...
The following builds have been pushed to Fedora EPEL 5 updates-testing
perl-Email-Address-1.905-1.el5
zabbix20-2.0.12-2.el5
Details about builds:
================================================================================
perl-Email-Address-1.905-1.el5 (FEDORA-EPEL-2014-1696)
RFC 2822 Address Parsing and Creation
--------------------------------------------------------------------------------
Update Information:
Update to 1.905 to fix CVE-2014-0477.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110723 - CVE-2014-0477 perl-Email-Address: Denial-of-Service in
Email::Address::parse
https://bugzilla.redhat.com/show_bug.cgi?id=1110723
--------------------------------------------------------------------------------
================================================================================
zabbix20-2.0.12-2.el5 (FEDORA-EPEL-2014-1697)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2014-3005 (local file inclusion via XXE attack)
https://support.zabbix.com/browse/ZBX-8151
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 20 2014 Volker Fröhlich <volker27(a)gmx.at> - 2.0.12-2
- Patch for ZBX-8151 (Local file inclusion via XXE attack) -- CVE-2014-3005
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110496 - CVE-2014-3005 zabbix: local file inclusion via XXE attack
https://bugzilla.redhat.com/show_bug.cgi?id=1110496
--------------------------------------------------------------------------------