The following Fedora EPEL 5 Security updates need testing: Age URL 790 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 244 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 125 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1... 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1575/chkrootkit-0.4... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1651/python-jinja2-... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1646/python26-jinja... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1697/zabbix20-2.0.1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1696/perl-Email-Add...

The following builds have been pushed to Fedora EPEL 5 updates-testing

perl-Email-Address-1.905-1.el5 zabbix20-2.0.12-2.el5

Details about builds:

================================================================================ perl-Email-Address-1.905-1.el5 (FEDORA-EPEL-2014-1696) RFC 2822 Address Parsing and Creation -------------------------------------------------------------------------------- Update Information:

Update to 1.905 to fix CVE-2014-0477. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1110723 - CVE-2014-0477 perl-Email-Address: Denial-of-Service in Email::Address::parse https://bugzilla.redhat.com/show_bug.cgi?id=1110723 --------------------------------------------------------------------------------

================================================================================ zabbix20-2.0.12-2.el5 (FEDORA-EPEL-2014-1697) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information:

Patch CVE-2014-3005 (local file inclusion via XXE attack)

https://support.zabbix.com/browse/ZBX-8151 -------------------------------------------------------------------------------- ChangeLog:

* Fri Jun 20 2014 Volker Fröhlich volker27@gmx.at - 2.0.12-2 - Patch for ZBX-8151 (Local file inclusion via XXE attack) -- CVE-2014-3005 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1110496 - CVE-2014-3005 zabbix: local file inclusion via XXE attack https://bugzilla.redhat.com/show_bug.cgi?id=1110496 --------------------------------------------------------------------------------