The following Fedora EPEL 5 Security updates need testing:
Age URL
935
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
389
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
153
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
49
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1....
48
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki11...
21
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3549/rubygem-act...
20
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3554/rubygem-rai...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3675/Pound-2.6-2...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2....
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3972/nginx-0.8.5...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3983/polarssl-1....
The following builds have been pushed to Fedora EPEL 5 updates-testing
nginx-0.8.55-6.el5
polarssl-1.3.2-3.el5
Details about builds:
================================================================================
nginx-0.8.55-6.el5 (FEDORA-EPEL-2014-3972)
Robust, small and high performance HTTP and reverse proxy server
--------------------------------------------------------------------------------
Update Information:
fix CVE-2013-4547 security bypass due to whitespace parsing
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 11 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.8.55-6
- fix CVE-2013-4547 security bypass due to whitespace parsing
(#1032266, #1032269)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1032266 - CVE-2013-4547 nginx: security restriction bypass flaw due to
whitespace parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1032266
--------------------------------------------------------------------------------
================================================================================
polarssl-1.3.2-3.el5 (FEDORA-EPEL-2014-3983)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Fix for CVE-2014-8628 (#1159845)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 12 2014 Morten Stevens <mstevens(a)imt-systems.com> - 1.3.2-3
- CVE-2014-8628 (#1159845)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1159845 - CVE-2014-8627 CVE-2014-8628 polarssl: various issues fixed in
1.3.9
https://bugzilla.redhat.com/show_bug.cgi?id=1159845
--------------------------------------------------------------------------------