The following Fedora EPEL 5 Security updates need testing: Age URL 460 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 355 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2... 50 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6089/ssmtp-2.61-20.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10985/perl-Proc-Pro...
The following builds have been pushed to Fedora EPEL 5 updates-testing
kobo-0.4.0-1.el5 libssh-0.5.4-5.el5 libssh-0.5.5-1.el5 perl-Proc-ProcessTable-0.48-1.el5
Details about builds:
================================================================================ kobo-0.4.0-1.el5 (FEDORA-EPEL-2013-10976) Python modules for tools development -------------------------------------------------------------------------------- Update Information:
New upstream release -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 25 2013 Daniel Mach dmach@redhat.com - 0.4.0-1 - Drop django and hub subpackages on rhel <= 5 - Set filename to be real name of a downloaded file. (Tomas Tomecek) - Fix logwatcher to scroll to latest logs. (Tomas Tomecek) - Remove obsolete function kobo.django.views.generic._object_list(). (Tomas Kopecek) - Updated README for 0.4.0 release (Tomas Kopecek) - Revamp setup.py and related files. (Daniel Mach) - LongnameUser table has auth_user db table name for easier upgrade. (Tomas Kopecek) - Add checksum_type to SimpleRpmWrapper. (Tomas Kopecek) - Add kobo.threads.run_in_threads() helper. (Tomas Kopecek) - Django 1.5 rebase. (Tomas Kopecek) - Remove unnecessary slots from pkgset.FileCache. (Daniel Mach) --------------------------------------------------------------------------------
================================================================================ libssh-0.5.4-5.el5 (FEDORA-EPEL-2013-10979) A library implementing the SSH2 protocol (0xbadc0de version) -------------------------------------------------------------------------------- Update Information:
Add EPEL 5 support and enable Doxygen documentation. --------------------------------------------------------------------------------
================================================================================ libssh-0.5.5-1.el5 (FEDORA-EPEL-2013-10983) A library implementing the SSH2 protocol (0xbadc0de version) -------------------------------------------------------------------------------- Update Information:
Update to libssh 0.5.5 Add EPEL 5 support and enable Doxygen documentation. --------------------------------------------------------------------------------
================================================================================ perl-Proc-ProcessTable-0.48-1.el5 (FEDORA-EPEL-2013-10985) Perl extension to access the Unix process table -------------------------------------------------------------------------------- Update Information:
This update, to the current upstream maintenance release, fixes numerous bugs (as mentioned in the package changelog), including unsafe usage of /tmp when caching is enabled (CVE-2011-4363), which could allow an attacker to overwrite arbitrary files due to a race condition. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #758866 - CVE-2011-4363 perl-Proc-ProcessTable: unsafe temporary file usage https://bugzilla.redhat.com/show_bug.cgi?id=758866 --------------------------------------------------------------------------------