The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/libvoikko-2.3.1-2.fc13
https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
https://admin.fedoraproject.org/updates/oprofile-0.9.6-21.fc13
https://admin.fedoraproject.org/updates/libxml-1.8.17-27.fc13
https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
https://admin.fedoraproject.org/updates/syslog-ng-3.1.4-4.fc13.1
https://admin.fedoraproject.org/updates/weechat-0.3.5-1.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/system-config-keyboard-1.3.1-5.fc13
https://admin.fedoraproject.org/updates/ppp-2.4.5-11.fc13
https://admin.fedoraproject.org/updates/sudo-1.7.4p5-2.fc13
https://admin.fedoraproject.org/updates/module-init-tools-3.11.1-4.fc13
https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc13
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13
https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13
https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13
https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13
The following builds have been pushed to Fedora 13 updates-testing
bucardo-4.4.5-1.fc13
libsvm-3.1-1.fc13
libxml-1.8.17-27.fc13
qbittorrent-2.8.2-1.fc13
rcssserver3d-0.6.5-4.fc13
syslog-ng-3.1.4-4.fc13.1
system-config-keyboard-1.3.1-5.fc13
Details about builds:
================================================================================
bucardo-4.4.5-1.fc13 (FEDORA-2011-8414)
Postgres replication system for both multi-master and multi-slave operations
--------------------------------------------------------------------------------
Update Information:
new release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 19 2011 Itamar Reis Peixoto <itamar@xxxxxxxxxxxxxxxx> - 4.4.5-1
- New version 4.4.5 fix truncate bug
--------------------------------------------------------------------------------
================================================================================
libsvm-3.1-1.fc13 (FEDORA-2011-8489)
A Library for Support Vector Machines
--------------------------------------------------------------------------------
Update Information:
svm tools is now installed in /usr/bin as svm-*.py
i.e. tools/easy.py is linked as svm-easy.py.
Upstream update:
+ MATLAB interface:
+ Merge matlab interface to core libsvm
+ Using mexPrintf() when calling info() in MATLAB interface.
+ Both 32- and 64-bit windows binary files are provided
+ Java:
Math.random is replaced by Random in java interface
+ Python interface:
subroutines to get SVs
relative path to load *.dll and *.so
+ svm.cpp:
null pointer check before release memory in svm_free_model_content()
svm_destroy_model() no longer supported.
+ svm-train.c and svm-predict.c
Better format check in reading data labels
+ svm-toy:
fix the svm_toy dialog path
+ tools:
Using new string formatting/encoding in tools/*.py
clearer png output, fix grid.py legen
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Ding-Yi Chen <dchen@xxxxxxxxxx> - 3.1-1
- svm tools is now installed in /usr/bin as svm-*.py
i.e. tools/easy.py is linked as svm-easy.py.
- Upstream update:
+ MATLAB interface:
+ Merge matlab interface to core libsvm
+ Using mexPrintf() when calling info() in MATLAB interface.
+ Both 32- and 64-bit windows binary files are provided
+ Java:
Math.random is replaced by Random in java interface
+ Python interface:
subroutines to get SVs
relative path to load *.dll and *.so
+ svm.cpp:
null pointer check before release memory in svm_free_model_content()
svm_destroy_model() no longer supported.
+ svm-train.c and svm-predict.c
Better format check in reading data labels
+ svm-toy:
fix the svm_toy dialog path
+ tools:
Using new string formatting/encoding in tools/*.py
clearer png output, fix grid.py legend
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libxml-1.8.17-27.fc13 (FEDORA-2011-7810)
Old XML library for Gnome-1 application compatibility
--------------------------------------------------------------------------------
Update Information:
This update addresses CVE-2011-1944 (heap-based buffer overflow by adding a new namespace node to an existing nodeset or merging nodesets). It is described in detail at http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
It also fixes the broken xpath implementation, which was crashing in the regression test suite on 32-bit architectures and failing some of the tests on all architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 3 2011 Paul Howarth <paul@xxxxxxxxxxxx> 1:1.8.17-27
- fix segfault and regressions in xpath tests
- use a patch rather than iconv to fix the ChangeLog encoding
* Thu Jun 2 2011 Paul Howarth <paul@xxxxxxxxxxxx> 1:1.8.17-26
- add patch for CVE-2011-1944 (#709751)
- add %check section and run regression tests (note that diffs appearing in
the output do not cause the build to fail)
- nobody else likes macros for commands
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:1.8.17-25
- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
https://bugzilla.redhat.com/show_bug.cgi?id=709747
--------------------------------------------------------------------------------
================================================================================
qbittorrent-2.8.2-1.fc13 (FEDORA-2011-8491)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
* Sat Jun 18 2011 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.8.2
- BUGFIX: Fix tracker exchange advanced setting
- BUGFIX: Fix Proxy authentication settings
- BUGFIX: Fix possible status filters widget height problem
- FEATURE: Show tracker tier (order) in tracker list
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2011 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.8.2-1
- update to 2.8.2
--------------------------------------------------------------------------------
================================================================================
rcssserver3d-0.6.5-4.fc13 (FEDORA-2011-8468)
Robocup 3D Soccer Simulation Server
--------------------------------------------------------------------------------
Update Information:
This is an upstream bugfix which fixes a bug in the crowding rules. This fix is going to be used in RoboCup 2011 competitions.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 20 2011 Hedayat Vatankhah <hedayat.fwd+rpmchlog@xxxxxxxxx> - 0.6.5-4
- Add an upstream patch to fix rule enforcement code
--------------------------------------------------------------------------------
================================================================================
syslog-ng-3.1.4-4.fc13.1 (FEDORA-2011-8499)
Next-generation syslog server
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.4 + patch for CVE-2011-1951
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 17 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-4.fc13.1
- Added python to the build requirements (not present in the Fedora 13 build
environment; needed by the test suite)
* Fri Jun 17 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-4
- Patch for CVE-2011-1951: syslog-ng-3.1.4-pcre-dos.patch (#709088)
- Enabled the test suite
* Mon May 9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-3
- Bumped the eventlog version to match the latest upstream version (0.2.12)
- Overrided the default _localstatedir value (configure --localstatedir)
(value hardcoded in update-patterndb)
- Manually created the patterndb.d configuration directory (update-patterndb)
(see also https://bugzilla.balabit.com/show_bug.cgi?id=119 comments >= 4)
- Minor modifications of the %post, %preun and %postun scripts
- Corrected a couple of macro references in changelog entries (rpmlint)
- Expanded tabs to spaces (also added a vim modeline)
* Mon Apr 25 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-2
- cleans the sysconfig and logrotate file mess (#651823 comments 17, 20 and 21)
- add support for vim versions 72 and 73; drop support for versions 6.2 and 6.3
- clean the spoofsource conditional logical: libnet resides in /lib{,64}
since 2009
* Wed Apr 13 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-1
- update for syslog-ng 3.1.4
- updated the source URL
- versioned some of the build requirements
- dropped the libnet patch (syslog-ng-2.1.4-libnet.patch)
- dropped support for EPEL-4 and EPEL-5 (syslog-ng 3.x requires pcre >= 7.3)
- new file: update-patterndb
* Sat Jul 24 2010 Doug Warner <silfreed@xxxxxxxxxxxxxxxxx> - 3.1.1-1
- update for syslog-ng 3.1.1
- supports the new syslog protocol standards
- log statements can be embedded into each other
- the encoding of source files can be set for proper character conversion
- can read, process, and rewrite structured messages (e.g., Apache webserver
logs) using templates and regular expressions
- support for patterndb v2 and v3 format, along with a bunch of new
parsers: ANYSTRING, IPv6, IPvANY and FLOAT.
- added a new "pdbtool" utility to manage patterndb files: convert them
from v1 or v2 format, merge mulitple patterndb files into one and look
up matching patterns given a specific message.
- support for message tags: tags can be assigned to log messages as they
enter syslog-ng: either by the source driver or via patterndb.
Later it these tags can be used for efficient filtering.
- added support for rewriting structured data
- added pcre support in the binary packages of syslog-ng
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #709093 - CVE-2011-1951 syslog-ng: DoS (excessive memory use) by processing certain pcre patterns [fedora-13]
https://bugzilla.redhat.com/show_bug.cgi?id=709093
--------------------------------------------------------------------------------
================================================================================
system-config-keyboard-1.3.1-5.fc13 (FEDORA-2011-8420)
A graphical interface for modifying the keyboard
--------------------------------------------------------------------------------
Update Information:
Fixes a pair of bugs that make system-confi-keyboard unusable
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 16 2011 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.3.1-5
- Apply patches from itamarjp, landgraf, mschwendt to fix:
- Needs pyhon-dbus: https://bugzilla.redhat.com/show_bug.cgi?id=708631
- Missing OK button: https://bugzilla.redhat.com/show_bug.cgi?id=646041
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Oct 22 2010 Bill Nottingham <notting@xxxxxxxxxx> - 1.3.1-3
- Drop firstboot requirement (#629456)
* Thu Jul 22 2010 David Malcolm <dmalcolm@xxxxxxxxxx> - 1.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #646041 - Missing "OK" button
https://bugzilla.redhat.com/show_bug.cgi?id=646041
[ 2 ] Bug #708631 - Broken depends system-config-keyboard
https://bugzilla.redhat.com/show_bug.cgi?id=708631
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
