The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6530/nsd-3.2.13-1.e... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6554/perl-RT-Authen... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6514/moodle-1.9.19-... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6588/dokuwiki-0-0.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6519/bacula-2.4.4-7...
The following builds have been pushed to Fedora EPEL 5 updates-testing
Django-1.1.4-2.el5 ddrescue-1.16-1.el5 dokuwiki-0-0.12.20120125.b.el5 drupal7-features-1.0-1.el5 drupal7-rules-2.2-1.el5 gfal2-2.0.0-1.el5 gfalFS-1.0.0-1.el5 gridftp-ifce-2.2.0-0.el5 lcg-util-1.13.0-0.el5 perl-Config-IniFiles-2.72-2.el5.2 perl-List-MoreUtils-0.33-5.el5 python26-tornado-2.2.1-2.el5 salt-0.10.2-2.el5
Details about builds:
================================================================================ Django-1.1.4-2.el5 (FEDORA-EPEL-2012-6608) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information:
Added a backported patch (based off https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57... and https://github.com/django/django/commit/d0d5dc6cd76f01c8a71b677357ad2f702cb5...) which attempts to fix the following:
CVE-2012-3442 Django: 1.3.1 and 1.4.0 Cross-site scripting in authentication views
Verification is needed to ensure that the patch doesn't introduce any issues. -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 1 2011 Steve Milner stevem@gnulinux.net - 1.1.4-2 - Backport of the backport to fix CVE-2012-3442 for 1.1.x via patch. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #844520 - CVE-2012-3442 Django: 1.3.1 and 1.4.0 Cross-site scripting in authentication views [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=844520 --------------------------------------------------------------------------------
================================================================================ ddrescue-1.16-1.el5 (FEDORA-EPEL-2012-6607) Data recovery tool trying hard to rescue data in case of read errors -------------------------------------------------------------------------------- Update Information:
Update the package to current upstream version 1.16.
-------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 2 2012 Michal Ambroz <rebus AT_ seznam.cz> - 1.16-1 - Update to 1.16. * Wed Jul 18 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.13-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #591042 - ddrescue-1.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=591042 --------------------------------------------------------------------------------
================================================================================ dokuwiki-0-0.12.20120125.b.el5 (FEDORA-EPEL-2012-6588) Standards compliant simple to use wiki -------------------------------------------------------------------------------- Update Information:
Update to latest upstream -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 2 2012 Andrew Colin Kissa andrew@topdog.za.net - 0-0.12.20120125.b - Latest upstream - Fix Bugzilla bugs #844726, #840255, #795487, #741384, #840686, #835145 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #741384 - CVE-2011-3727 dokuwiki: installation path disclosure via a direct request to a .php file https://bugzilla.redhat.com/show_bug.cgi?id=741384 [ 2 ] Bug #840686 - CVE-2012-0283 dokuwiki: XSS flaw in tpl_mediaFileList() https://bugzilla.redhat.com/show_bug.cgi?id=840686 [ 3 ] Bug #835145 - CVE-2012-3354 dokuwiki: Full path disclosure with PHP error level enabled https://bugzilla.redhat.com/show_bug.cgi?id=835145 --------------------------------------------------------------------------------
================================================================================ drupal7-features-1.0-1.el5 (FEDORA-EPEL-2012-6611) Provides feature management for Drupal -------------------------------------------------------------------------------- Update Information:
New upstream version, http://drupal.org/node/1700490. -------------------------------------------------------------------------------- ChangeLog:
* Fri Aug 3 2012 Peter Borsa peter.borsa@gmail.com - 1.0-1 - New upstream version. * Wed Jul 18 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0-0.7.rc3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ drupal7-rules-2.2-1.el5 (FEDORA-EPEL-2012-6620) It allows site administrators to define conditionally executed actions -------------------------------------------------------------------------------- Update Information:
New upstream version, http://drupal.org/node/1711652. -------------------------------------------------------------------------------- ChangeLog:
* Sat Aug 4 2012 Peter Borsa peter.borsa@gmail.com - 2.2-1 - New upstream version. * Wed Jul 18 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #845729 - drupal7-rules-2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=845729 --------------------------------------------------------------------------------
================================================================================ gfal2-2.0.0-1.el5 (FEDORA-EPEL-2012-6601) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information:
gfal 2.0.0 first release candidate, Synchronisation with EMI 2 Update -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 20 2012 Adrien Devresse <adevress at cern.ch> - 2.0.0-1 - Official initial release candidate of gfal 2.0 - Transfer API is official - gridftp support for performance marker, checksum - gridftp support for gridftpv2, dcau param - SRM support for spacetoken in transfer - SRM abort auto-management - parallel operations in transfers - file protocol dedicated in a plugin - configuration file support - srm timeout support - general purpose checksum operation support - POSIX operation support for gridftp - cleaner plugin API - new documentation - I hope that you will enjoy gfal 2.0 :) --------------------------------------------------------------------------------
================================================================================ gfalFS-1.0.0-1.el5 (FEDORA-EPEL-2012-6609) Filesystem client based on GFAL 2.0 -------------------------------------------------------------------------------- Update Information:
gfalFS first RC 1.0, Synchronisation with EMI 2 Update -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 20 2012 Adrien Devresse <adevress at cern.ch> - 1.0.0-1 - initial 1.0 release - include bug fix for srm and gsiftp url for fgettr --------------------------------------------------------------------------------
================================================================================ gridftp-ifce-2.2.0-0.el5 (FEDORA-EPEL-2012-6603) GridFTP library for FTS and lcgutil -------------------------------------------------------------------------------- Update Information:
Update 2.2.0 ( lcgutil 1.13.0 ), Synchronisation with EMI 2 Update -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 20 2012 Adrien Devresse <adevress at cern.ch> - 2.2.0-0 - gridftp version 2 support - EMI 2 Update synchronisation --------------------------------------------------------------------------------
================================================================================ lcg-util-1.13.0-0.el5 (FEDORA-EPEL-2012-6615) Command line tools for wlcg storage system -------------------------------------------------------------------------------- Update Information:
Update 1.13.0, Synchronisation with EMI 2 Update -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 20 2012 Adrien Devresse <adevress at cern.ch> - 1.13.0-0 - gfal 1.0 32 bits problem correction (gfal) - stack smash correction - srm timeout management (srm-ifce) - gridftpv2 support (gridftp-ifce) - first EPEL / EMI update synchronisation --------------------------------------------------------------------------------
================================================================================ perl-Config-IniFiles-2.72-2.el5.2 (FEDORA-EPEL-2012-6537) A module for reading .ini-style configuration files -------------------------------------------------------------------------------- Update Information:
Fix issue where previous Config::IniFiles update required (but did not explicitly Require) a newer List::MoreUtils (0.33+) to function properly. -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 2 2012 Tom Callaway spot@fedoraproject.org - 2.72-2.2 - force perl(List::MoreUtils) >= 0.33 (bz 844460) * Mon Jun 25 2012 Tom Callaway spot@fedoraproject.org - 2.72-2.1 - add explicit Requires: perl(List::MoreUtils) for el5 (bz827198) * Fri Jun 1 2012 Lubomir Rintel (GoodData) lubo.rintel@gooddata.com - 2.72-2 - Fix compatibility with el6 - Enable test suite -------------------------------------------------------------------------------- References:
[ 1 ] Bug #828251 - Method Parameters is broken in latest Config::IniFiles Perl module https://bugzilla.redhat.com/show_bug.cgi?id=828251 [ 2 ] Bug #844460 - hash copy interface broken in 2.72 https://bugzilla.redhat.com/show_bug.cgi?id=844460 --------------------------------------------------------------------------------
================================================================================ perl-List-MoreUtils-0.33-5.el5 (FEDORA-EPEL-2012-6537) Provide the stuff missing in List::Util -------------------------------------------------------------------------------- Update Information:
Fix issue where previous Config::IniFiles update required (but did not explicitly Require) a newer List::MoreUtils (0.33+) to function properly. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #828251 - Method Parameters is broken in latest Config::IniFiles Perl module https://bugzilla.redhat.com/show_bug.cgi?id=828251 [ 2 ] Bug #844460 - hash copy interface broken in 2.72 https://bugzilla.redhat.com/show_bug.cgi?id=844460 --------------------------------------------------------------------------------
================================================================================ python26-tornado-2.2.1-2.el5 (FEDORA-EPEL-2012-6593) Scalable, non-blocking web server and tools -------------------------------------------------------------------------------- Update Information:
This update introduces the tornado python module to EPEL 5's python26 stack. Note that python26-tornado requires python26-pycurl, which may still be in epel-testing. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #845136 - Review Request: python26-tornado - Scalable, non-blocking web server and tools https://bugzilla.redhat.com/show_bug.cgi?id=845136 --------------------------------------------------------------------------------
================================================================================ salt-0.10.2-2.el5 (FEDORA-EPEL-2012-6600) A parallel remote execution system -------------------------------------------------------------------------------- Update Information:
Fix upstream bug #1730 Update to 0.10.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 2 2012 Clint Savage herlo1@gmail.com - 0.10.2-2 - Fix upstream bug #1730 per RHBZ#845295 * Tue Jul 31 2012 Clint Savage herlo1@gmail.com - 0.10.2-1 - Moved to upstream release 0.10.2 - Removed PyXML as a dependency -------------------------------------------------------------------------------- References:
[ 1 ] Bug #845295 - Fix regression in disk.usage https://bugzilla.redhat.com/show_bug.cgi?id=845295 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org