The following Fedora EPEL 6 Security updates need testing: Age URL 902 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 234 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2... 121 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-... 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2750/libsrtp-1.4.4-... 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2719/nodejs-0.10.32... 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2742/TeXmacs-1.0.7.... 16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2713/putty-0.63-3.e... 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2811/nodejs-qs-0.6.... 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2821/nodejs-send-0.... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2981/check-mk-1.2.4... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3024/rssh-2.3.4-1.e... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3064/mediawiki119-1... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3082/golang-1.3.3-1... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3202/python-oauth2-... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2850/nginx-1.0.15-8... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3264/getmail-4.46.0... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3279/php-ZendFramew...
The following builds have been pushed to Fedora EPEL 6 updates-testing
php-ZendFramework-1.12.9-1.el6
Details about builds:
================================================================================ php-ZendFramework-1.12.9-1.el6 (FEDORA-EPEL-2014-3279) Leading open-source PHP framework -------------------------------------------------------------------------------- Update Information:
Contains fixes for two security relevant bugs: * "ZF2014-05: Anonymous authentication in ldap_bind() function of PHP, using null byte" (http://framework.zend.com/security/advisory/ZF2014-05)
* "ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte" (http://framework.zend.com/security/advisory/ZF2014-06) -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 10 2014 Felix Kaechele heffer@fedoraproject.org - 1.12.9-1 - update to 1.12.9 - fixes http://framework.zend.com/security/advisory/ZF2014-05 - fixes http://framework.zend.com/security/advisory/ZF2014-06 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05) https://bugzilla.redhat.com/show_bug.cgi?id=1151276 [ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06) https://bugzilla.redhat.com/show_bug.cgi?id=1151277 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org