The following Fedora 14 Security updates need testing: https://admin.fedoraproject.org/updates/ecryptfs-utils-90-1.fc14 https://admin.fedoraproject.org/updates/foomatic-4.0.7-2.fc14 https://admin.fedoraproject.org/updates/gimp-2.6.11-21.fc14 https://admin.fedoraproject.org/updates/samba-3.5.11-79.fc14 https://admin.fedoraproject.org/updates/freetype-2.4.2-5.fc14 https://admin.fedoraproject.org/updates/nip2-7.24.2-1.fc14,vips-7.24.7-2.fc14 https://admin.fedoraproject.org/updates/clamav-0.97.2-1400.fc14 https://admin.fedoraproject.org/updates/cgit-0.9.0.2-2.fc14 https://admin.fedoraproject.org/updates/bugzilla-3.6.6-1.fc14 https://admin.fedoraproject.org/updates/system-config-firewall-1.2.27-2.fc14 https://admin.fedoraproject.org/updates/libsndfile-1.0.25-1.fc14 https://admin.fedoraproject.org/updates/libmodplug-0.8.8.4-1.fc14 https://admin.fedoraproject.org/updates/libcap-2.22-1.fc14 https://admin.fedoraproject.org/updates/libvpx-0.9.7-1.fc14 https://admin.fedoraproject.org/updates/zabbix-1.8.6-1.fc14 https://admin.fedoraproject.org/updates/dhcp-4.2.0-23.P2.fc14 https://admin.fedoraproject.org/updates/libsoup-2.32.2-2.fc14 https://admin.fedoraproject.org/updates/tomcat6-6.0.26-21.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14 https://admin.fedoraproject.org/updates/gdk-pixbuf2-2.22.0-2.fc14 The following Fedora 14 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/tzdata-2011h-2.fc14 https://admin.fedoraproject.org/updates/PackageKit-0.6.12-4.fc14 https://admin.fedoraproject.org/updates/libsoup-2.32.2-2.fc14 https://admin.fedoraproject.org/updates/libcap-2.22-1.fc14 https://admin.fedoraproject.org/updates/libsndfile-1.0.25-1.fc14 https://admin.fedoraproject.org/updates/ModemManager-0.4.998-1.git20110706.fc14 https://admin.fedoraproject.org/updates/unique-1.1.6-3.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-savage-2.3.2-3.fc14 https://admin.fedoraproject.org/updates/mash-0.5.22-1.fc14 https://admin.fedoraproject.org/updates/perl-5.12.4-146.fc14 https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-30.2.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-8.fc14.2 https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14 https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14 The following builds have been pushed to Fedora 14 updates-testing drupal6-filefield-3.10-1.fc14 drupal6-image-1.1-1.fc14 drupal6-yubikey-2.0-0.1.beta2.fc14 esniper-2.26.0-2.fc14 flashrom-0.9.4-1.svn1412.fc14 gimp-2.6.11-21.fc14 ksh-20110630-1.fc14 llvm-2.8-12.fc14 nip2-7.24.2-1.fc14 nut-2.6.1-2.fc14 openslide-3.2.4-1.fc14 oz-0.5.0-4.fc14 perl-Module-Extract-VERSION-1.01-3.fc14 perl-Test-CPAN-Meta-JSON-0.10-2.fc14 qbittorrent-2.8.4-1.fc14 tidyp-1.02-5.fc14 ufraw-0.18-3.fc14 vips-7.24.7-2.fc14 Details about builds: ================================================================================ drupal6-filefield-3.10-1.fc14 (FEDORA-2011-10792) Defines a file field type -------------------------------------------------------------------------------- Update Information: This package fixes an RPM package version flaw and a dependency problem. It also includes the 3.10 release. From the upstream notes: The 3.10 release of FileField is a minor maintenance release to fix a few issues around files that have gone missing (by manually moving or crufty data) or when using FileField Meta. It also includes a few minor features. New features: #1027184: Expose file download URL as a token #600798: Obtain icon on views fields related to a filefield #1123732: Add parameter to filefield_edit_access() to allow per-node field access Bug fixes: #791118: warning: array_merge(): Argument #2 is not an array (and it's similar cousin...) #857938: Argument #2 is not an array in /sites/all/modules/filefield/filefield_widget.inc on line 255 #1018850: Views file data description shows encoded characters #1001574: filefield_file appears twice in hook_theme() #1007076: Views formatter for Duration works only with Default format, not with "seconds" or "minutes" #1021356: Notice: undefined $item['fid'] in filefield_widget.inc #1080620: Incorrect string value error when uploading mp3 file; Ignore music_cd_identifier id3 tag #1126198: Allow users without "access content" permission to upload files #1132764: Filefield upgrade enters infinite loop while updating nodes with more than 50 attachments -------------------------------------------------------------------------------- ================================================================================ drupal6-image-1.1-1.fc14 (FEDORA-2011-10773) Allows uploading, resizing and viewing of images -------------------------------------------------------------------------------- Update Information: This package fixes an RPM package version flaw and a dependency problem. -------------------------------------------------------------------------------- ================================================================================ drupal6-yubikey-2.0-0.1.beta2.fc14 (FEDORA-2011-10795) Provides YubiKey based strong two-factor user authentication capabilities -------------------------------------------------------------------------------- Update Information: Fixes settings migration issue. Also fixes package version flaw. -------------------------------------------------------------------------------- ================================================================================ esniper-2.26.0-2.fc14 (FEDORA-2011-10793) A lightweight console application for sniping eBay auctions -------------------------------------------------------------------------------- Update Information: Esniper 2.26 is a major update to fix the most important problem that prevent it from bidding (bug reports with messages "cannot find bid key, uiid or password" and "Bid key not found"). There are unresolved problems though. This version will still create bug reports on unsuccessful bids because of other changes on the bid result pages. The developers would like to analyze all possible bid result pages to find a way to fix this remaining problem. Please report these expected bugs. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 9 2011 Volker Fröhlich <volker27@xxxxxx> - 2.26.0-2 - Don't include curl's types.h * Tue Aug 9 2011 Volker Fröhlich <volker27@xxxxxx> - 2.26.0-1 - Update for 2.26.0 - Drop defattr -------------------------------------------------------------------------------- ================================================================================ flashrom-0.9.4-1.svn1412.fc14 (FEDORA-2011-10783) Simple program for reading/writing BIOS chips content -------------------------------------------------------------------------------- Update Information: - Updated to latest svn ver. 1412 (post-release snapshot for 0.9.4) - Experimental support for Apple PowerPC Macs reflashing - Added support for the Dangerous Prototypes Bus Blaster - Board enable for ASUS P5GD2 Premium - (Untested) board enable for Asus P5LD2 - Board enable for ASUS A8M2N-LA (HP OEM "NodusM3-GL8E") - Add J-7BXAN to the list of supported boards - Add ASUS P4S533-X to the list of supported boards - Add ASUS M4A785TD-V EVO to the list of supported board - Add GA-945PL-S3P (rev. 6.6) to the list of supported boards - Add MS-7142 (K8MM-V) to the list of supported boards - Add MS-7369 (K9N Neo V2) to the list of supported boards - Add X7DBT-INF to the list of supported boards - Add support for the GIGABYTE GA-8SIMLH board - Support for EN25Q(H) series SPI flash chips - Add satamv programmer -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Peter Lemenkov <lemenkov@xxxxxxxxx> - 0.9.4-1.svn1412 - Updated to latest svn ver. 1412 (post-release snapshot for 0.9.4) - Experimental support for Apple PowerPC Macs reflashing - Added support for the Dangerous Prototypes Bus Blaster - Board enable for ASUS P5GD2 Premium - (Untested) board enable for Asus P5LD2 - Board enable for ASUS A8M2N-LA (HP OEM "NodusM3-GL8E") - Add J-7BXAN to the list of supported boards - Add ASUS P4S533-X to the list of supported boards - Add ASUS M4A785TD-V EVO to the list of supported board - Add GA-945PL-S3P (rev. 6.6) to the list of supported boards - Add MS-7142 (K8MM-V) to the list of supported boards - Add MS-7369 (K9N Neo V2) to the list of supported boards - Add X7DBT-INF to the list of supported boards - Add support for the GIGABYTE GA-8SIMLH board - Support for EN25Q(H) series SPI flash chips - Add satamv programmer -------------------------------------------------------------------------------- ================================================================================ gimp-2.6.11-21.fc14 (FEDORA-2011-10782) GNU Image Manipulation Program -------------------------------------------------------------------------------- Update Information: This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.6.11-21 - actually apply startup-warning patch - fix heap corruption and buffer overflow in file-gif-load plugin (CVE-2011-2896) * Thu Aug 4 2011 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.6.11-20 - fix goption warning on startup, patch by Mikael Magnusson * Wed Aug 3 2011 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.6.11-19 - remove obsolete gtkhtml2-devel build requirement * Fri Jul 15 2011 Marek Kasik <mkasik@xxxxxxxxxx> - 2:2.6.11-18 - Rebuild (poppler-0.17.0) * Fri Jun 24 2011 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.6.11-17 - rebuild against new cfitsio -------------------------------------------------------------------------------- References: [ 1 ] Bug #727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=727800 -------------------------------------------------------------------------------- ================================================================================ ksh-20110630-1.fc14 (FEDORA-2011-10798) The Original ATT Korn Shell -------------------------------------------------------------------------------- Update Information: - do not crash when killing last bg job when there is not any -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20110630-1 - do not crash when killing last bg job when there is not any - ksh updated to 2011-06-30 * Wed Aug 3 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20110505-3 - fix: IFS manipulation in a function can cause crash -------------------------------------------------------------------------------- References: [ 1 ] Bug #728644 - [abrt] ksh-20110505-2.fc14: job_kill: Process /bin/ksh was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=728644 -------------------------------------------------------------------------------- ================================================================================ llvm-2.8-12.fc14 (FEDORA-2011-10806) The Low Level Virtual Machine -------------------------------------------------------------------------------- Update Information: - Depend on libffi to allow the LLVM interpreter to call external functions - Build with RTTI enabled, needed by e.g. Rubinius (# 722714) - Fix multilib installation (# 699416) - Fix incorrect platform-specific include path on i686 -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 2 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 2.8-12 - Depend on libffi to allow the LLVM interpreter to call external functions - Build with RTTI enabled, needed by e.g. Rubinius (# 722714) - Fix multilib installation (# 699416) - Fix incorrect platform-specific include path on i686 * Tue Apr 26 2011 Adam Jackson <ajax@xxxxxxxxxx> 2.8-11 - llvm-2.8-disable-avx.patch: Disable AVX code generation. (#699896) -------------------------------------------------------------------------------- References: [ 1 ] Bug #699416 - llvm-devel not parallel installable - packaging issue https://bugzilla.redhat.com/show_bug.cgi?id=699416 [ 2 ] Bug #722714 - LLVM built with -fno-rtti https://bugzilla.redhat.com/show_bug.cgi?id=722714 -------------------------------------------------------------------------------- ================================================================================ nip2-7.24.2-1.fc14 (FEDORA-2011-10781) Interactive tool for working with large images -------------------------------------------------------------------------------- Update Information: 7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Adam Goode <adam@xxxxxxxxxxxxx> - 7.24.2-1 - New upstream release + Workspace as Graph mode + Better nibs in paintbox * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 7.22.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #645471 - CVE-2010-3364 vips: insecure library loading vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=645471 -------------------------------------------------------------------------------- ================================================================================ nut-2.6.1-2.fc14 (FEDORA-2011-10784) Network UPS Tools -------------------------------------------------------------------------------- Update Information: - add missing pre-installation require on udev -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.6.1-2 - standard dependency adds udev, but we need it for %pre script -------------------------------------------------------------------------------- References: [ 1 ] Bug #730064 - nut-client can't be installed in initial installation because of missing requires https://bugzilla.redhat.com/show_bug.cgi?id=730064 -------------------------------------------------------------------------------- ================================================================================ openslide-3.2.4-1.fc14 (FEDORA-2011-10796) C library for reading virtual slides -------------------------------------------------------------------------------- Update Information: Support for MIRAX files without non-hierarchical sections, workarounds for some GKeyFile bugs. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Adam Goode <adam@xxxxxxxxxxxxx> - 3.2.4-1 - New upstream release, see http://github.com/openslide/openslide/blob/master/CHANGELOG.txt * Fri Aug 12 2011 Adam Goode <adam@xxxxxxxxxxxxx> - 3.2.3-5 - Clean up the spec file a little * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Jan 12 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 3.2.3-3 - rebuild (openjpeg) -------------------------------------------------------------------------------- ================================================================================ oz-0.5.0-4.fc14 (FEDORA-2011-10774) Library and utilities for automated guest OS installs -------------------------------------------------------------------------------- Update Information: Fix the openssh-clients requires in oz. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Chris Lalancette <clalance@xxxxxxxxxx> - 0.5.0-4 - Make oz require openssh-clients to get the ssh binary * Wed Jul 27 2011 Chris Lalancette <clalance@xxxxxxxxxx> - 0.5.0-3 - Minor cleanups to the spec file -------------------------------------------------------------------------------- ================================================================================ perl-Module-Extract-VERSION-1.01-3.fc14 (FEDORA-2011-10777) Extract a module version without running code -------------------------------------------------------------------------------- Update Information: This is the first Fedora/EPEL release of perl-Module-Extract-VERSION. -------------------------------------------------------------------------------- References: [ 1 ] Bug #728286 - Review Request: perl-Module-Extract-VERSION - Extract a module version without running code https://bugzilla.redhat.com/show_bug.cgi?id=728286 -------------------------------------------------------------------------------- ================================================================================ perl-Test-CPAN-Meta-JSON-0.10-2.fc14 (FEDORA-2011-10785) Validate a META.json file within a CPAN distribution -------------------------------------------------------------------------------- Update Information: This is the first Fedora/EPEL release of perl-Test-CPAN-Meta-JSON. -------------------------------------------------------------------------------- References: [ 1 ] Bug #729813 - Review Request: perl-Test-CPAN-Meta-JSON - Validate a META.json file within a CPAN distribution https://bugzilla.redhat.com/show_bug.cgi?id=729813 -------------------------------------------------------------------------------- ================================================================================ qbittorrent-2.8.4-1.fc14 (FEDORA-2011-10805) A Bittorrent Client -------------------------------------------------------------------------------- Update Information: * Tue Aug 09 2011 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.8.4 - BUGFIX: Added back ability to reorder trackers - BUGFIX: Do not announce to all trackers in the same tier to comply with the multi-tracker specification - BUGFIX: Fix torrent addition dialog geometry saving -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.8.4-1 - update to 2.8.4 -------------------------------------------------------------------------------- ================================================================================ tidyp-1.02-5.fc14 (FEDORA-2011-10775) Clean up and pretty-print HTML/XHTML/XML -------------------------------------------------------------------------------- Update Information: This update fixes mangling of non-ASCII output filenames: $ touch 中文.html $ tidyp -f 中文.html.stderr -output 中文.html.stdout 中文.html $ ls Actual results: 中??!.html.stdout 中文.html 中文.html.stderr Expected results: 中文.html.stdout 中文.html 中文.html.stderr The update fixes this problem. -------------------------------------------------------------------------------- References: [ 1 ] Bug #725651 - HTML tidyp can't handle Chinese file name in zh_CN.utf8 locale https://bugzilla.redhat.com/show_bug.cgi?id=725651 -------------------------------------------------------------------------------- ================================================================================ ufraw-0.18-3.fc14 (FEDORA-2011-10771) Raw image data retrieval tool for digital cameras -------------------------------------------------------------------------------- Update Information: This update fixes an issue where, if working on multiple images, the crop area wasn't reset if a new image was loaded. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Nils Philippsen <nils@xxxxxxxxxx> - 0.18-3 - fix crop area ratios if working on multiple images (#634235, patch by Udi Fuchs) -------------------------------------------------------------------------------- References: [ 1 ] Bug #634235 - Ufraw wants to crop newly loaded image into aspect ratio of previous image https://bugzilla.redhat.com/show_bug.cgi?id=634235 -------------------------------------------------------------------------------- ================================================================================ vips-7.24.7-2.fc14 (FEDORA-2011-10781) C/C++ library for processing large images -------------------------------------------------------------------------------- Update Information: 7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Adam Goode <adam@xxxxxxxxxxxxx> - 7.24.7-2 - Clean up Requires and BuildRequires * Wed Aug 10 2011 Adam Goode <adam@xxxxxxxxxxxxx> - 7.24.7-1 - New upstream release * Mon Feb 14 2011 Adam Goode <adam@xxxxxxxxxxxxx> - 7.24.2-1 - New upstream release * Run-time code generation, for 4x speedup in some operations * Open via disc mode, saving memory * FITS supported * Improved TIFF and JPEG load * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 7.22.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #645471 - CVE-2010-3364 vips: insecure library loading vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=645471 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test