Fedora 14 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/perl-FCGI-0.74-1.fc14
    https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-1.fc14
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.5.92-1.git20110927.fc14
    https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.fc14
    https://admin.fedoraproject.org/updates/tomcat6-6.0.26-27.fc14
    https://admin.fedoraproject.org/updates/kernel-2.6.35.14-97.fc14
    https://admin.fedoraproject.org/updates/cyrus-imapd-2.3.17-1.fc14
    https://admin.fedoraproject.org/updates/php-5.3.8-3.fc14
    https://admin.fedoraproject.org/updates/thunderbird-3.1.15-1.fc14
    https://admin.fedoraproject.org/updates/firefox-3.6.23-1.fc14,xulrunner-1.9.2.23-1.fc14,gnome-web-photo-0.9-24.fc14.1,perl-Gtk2-MozEmbed-0.08-6.fc14.30,gnome-python2-extras-2.25.3-34.fc14.1,galeon-2.0.7-44.fc14.1,mozvoikko-1.0-25.fc14.1


The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/livecd-tools-14.4-1.fc14
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.5.92-1.git20110927.fc14
    https://admin.fedoraproject.org/updates/kernel-2.6.35.14-97.fc14
    https://admin.fedoraproject.org/updates/lldpad-0.9.41-4.fc14
    https://admin.fedoraproject.org/updates/ModemManager-0.4.998-1.git20110706.fc14
    https://admin.fedoraproject.org/updates/mash-0.5.22-1.fc14
    https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-30.3.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-8.fc14.2
    https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
    https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14


The following builds have been pushed to Fedora 14 updates-testing

    389-ds-base-1.2.10-0.1.a1.fc14
    RBTools-0.3.4-1.fc14
    cups-1.4.8-5.fc14
    firefox-3.6.23-1.fc14
    galeon-2.0.7-44.fc14.1
    gnome-python2-extras-2.25.3-34.fc14.1
    gnome-web-photo-0.9-24.fc14.1
    gscan2pdf-1.0.0-1.fc14
    koffice-2.3.3-12.fc14
    mozvoikko-1.0-25.fc14.1
    perl-Gtk2-MozEmbed-0.08-6.fc14.30
    php-5.3.8-3.fc14
    polipo-1.0.4.1-4.fc14
    thunderbird-3.1.15-1.fc14
    tomcat6-6.0.26-27.fc14
    xulrunner-1.9.2.23-1.fc14

Details about builds:


================================================================================
 389-ds-base-1.2.10-0.1.a1.fc14 (FEDORA-2011-13440)
 389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:

slapi_rwlock - transactions - account usability - bug fixes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.10.a1-0.1
- Bug 739172 - Allow separate fractional attrs for incremental and total protocols
- 6120b3d Make all backend operations transaction aware
- 056cc35 Add support for pre/post db transaction plugins
- Bug 736712 - Modifying ruv entry deadlocks server
- Bug 590826 - Reloading database from ldif causes changelog to emit "data no longer matches" errors
- Bug 730387 - Add slapi_rwlock API and use POSIX rwlocks
- Bug 611438 - Add Account Usability Control support
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #739172 - Allow separate fractional attrs to be defined for incremental and total protocols
        https://bugzilla.redhat.com/show_bug.cgi?id=739172
  [ 2 ] Bug #736712 - Modifying ruv entry deadlocks server
        https://bugzilla.redhat.com/show_bug.cgi?id=736712
  [ 3 ] Bug #590826 - Reloading database from ldif causes changelog to emit "data no longer matches" errors
        https://bugzilla.redhat.com/show_bug.cgi?id=590826
  [ 4 ] Bug #730387 - Use POSIX RW locks instead of NSPR implementation
        https://bugzilla.redhat.com/show_bug.cgi?id=730387
  [ 5 ] Bug #611438 - [RFE] [CRM#2027194] adding Account Usable Request Control '1.3.6.1.4.1.42.2.27.9.5.8' in RHDS
        https://bugzilla.redhat.com/show_bug.cgi?id=611438
--------------------------------------------------------------------------------


================================================================================
 RBTools-0.3.4-1.fc14 (FEDORA-2011-13471)
 Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:

* Tue Sep 27 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.3.4-1
- New upstream 0.3.4 release
- http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/
- New Features:
-   post-review:
-     Added a --change-description option for setting the Change Description
      text on drafts
- Bugfixes:
-   post-review:
-     Newlines in summaries on Git are now converted to spaces, preventing
      errors when using --guess-summary
-     Fixed authentication failures when accessing a protected /api/info/
      URL. This was problematic particularly on RBCommons
-     Fixed diff upload problems on Python 2.7
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.3.4-1
- New upstream 0.3.4 release
- http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/
- New Features:
-   post-review:
-     Added a --change-description option for setting the Change Description
      text on drafts
- Bugfixes:
-   post-review:
-     Newlines in summaries on Git are now converted to spaces, preventing
      errors when using --guess-summary
-     Fixed authentication failures when accessing a protected /api/info/
      URL. This was problematic particularly on RBCommons
-     Fixed diff upload problems on Python 2.7
--------------------------------------------------------------------------------


================================================================================
 cups-1.4.8-5.fc14 (FEDORA-2011-13444)
 Common Unix Printing System
--------------------------------------------------------------------------------
Update Information:

This update fixes a crash in the CUPS dbus notifier.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 28 2011 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.8-5
- Fixed string manipulation in the dbus notifier (STR #3947, bug #741833).
* Wed Sep 14 2011 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.8-4
- Prevent libcups crash in cups-get-classes patch (bug #736698).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #741833 - [abrt] cups-1.5.0-6.fc16: __GI_raise: Process /usr/lib/cups/notifier/dbus was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=741833
--------------------------------------------------------------------------------


================================================================================
 firefox-3.6.23-1.fc14 (FEDORA-2011-13467)
 Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.23, fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23

This update also includes all packages depending on gecko-libs rebuilt against the new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Jan Horak <jhorak@xxxxxxxxxx> - 3.6.23-1
- Update to 3.6.23
--------------------------------------------------------------------------------


================================================================================
 galeon-2.0.7-44.fc14.1 (FEDORA-2011-13467)
 GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.23, fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23

This update also includes all packages depending on gecko-libs rebuilt against the new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-44.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------


================================================================================
 gnome-python2-extras-2.25.3-34.fc14.1 (FEDORA-2011-13467)
 Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.23, fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23

This update also includes all packages depending on gecko-libs rebuilt against the new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Jan Horak <jhorak@xxxxxxxxxx> - 2.25.3-34.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------


================================================================================
 gnome-web-photo-0.9-24.fc14.1 (FEDORA-2011-13467)
 HTML pages thumbnailer
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.23, fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23

This update also includes all packages depending on gecko-libs rebuilt against the new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Jan Horak <jhorak@xxxxxxxxxx> - 0.9-24.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------


================================================================================
 gscan2pdf-1.0.0-1.fc14 (FEDORA-2011-13449)
 GUI for producing a multipage PDF from a scan
--------------------------------------------------------------------------------
Update Information:

* Deal with version information from PDF::API2 
* Suppressed "End of file reached" message.
  Closes Debian bug #622844
  Thanks to Sebastian Schmidt for the patch
* Switch to OO interface for File::Temp, thus automatically clearing up
  unneeded temporary files. Closes Debian bug #563461
* Removed all blocking progress dialogs
  Closes Debian bug #577144
* + Spinbuttons to crop dialog
* + Edit/Select/No OCR
* + Edit/Clear OCR
  Closes Debian bug #602578
* Combined Import and Open dialogs
  Closes Debian bug #617886
* + Tesseract 3.01 support
* Fix embedding of UTF-8 OCR output
* Update to Catalan translation (thanks to Norbux)
* Update to Dutch translation (thanks to Tico)
* Update to Hungarian translation (thanks to Gábor Sepsi)
* Update to Italian translation (thanks to Milo Casagrande)
* Update to Polish translation (thanks to pp/bs)
* Update to Russian translation (thanks to Eugene Marshal)
* Update to Spanish translation (thanks to R120X)
* Update to Turkish translation (thanks to Utku BERBEROÄžLU)
* Update to Ukranian translation (thanks to Сергій Дубик)

--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Bernard Johnson <bjohnson@xxxxxxxxxxxx> - 1.0.0-1
- v 1.0.0 (bz #740997)
- disable tests for now due to dependencies
* Fri Jun 17 2011 Marcela Mašláňová <mmaslano@xxxxxxxxxx> - 0.9.32-2
- Perl mass rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #740997 - gscan2pdf-1.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=740997
--------------------------------------------------------------------------------


================================================================================
 koffice-2.3.3-12.fc14 (FEDORA-2011-13441)
 An integrated office suite
--------------------------------------------------------------------------------
Update Information:

Include a couple new upstream crash fixes for kexi.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 23 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 3:2.3.3-12
- upstream fix-form-color-properties-2.3.patch
- upstream fix-crash-in-kexidb-queries-2.3.patch
* Mon Sep 19 2011 Marek Kasik <mkasik@xxxxxxxxxx> - 3:2.3.3-11
- Rebuild (poppler-0.17.3)
* Thu Sep  8 2011 Jaroslav Reznik <jreznik@xxxxxxxxxx> - 3:2.3.3-10
- Qt 4.8 FTBFS (rhbz#736659)
* Fri Jul 15 2011 Marek Kasik <mkasik@xxxxxxxxxx> - 3:2.3.3-9
- Rebuild (poppler-0.17.0)
* Tue Jul 12 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 3:2.3.3-8
- BR: +pkgconfig(libkdcraw),pkgconfig(poppler-qt4)
* Tue Jul  5 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 3:2.3.3-7
- rebuild (libpqxx)
* Thu Jun 30 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 3:2.3.3-6
- rebuild (kdegraphics)
* Mon Jun 20 2011 ajax@xxxxxxxxxx - 3:2.3.3-5
- Rebuild for new glew soname
--------------------------------------------------------------------------------


================================================================================
 mozvoikko-1.0-25.fc14.1 (FEDORA-2011-13467)
 Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.23, fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23

This update also includes all packages depending on gecko-libs rebuilt against the new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-25.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------


================================================================================
 perl-Gtk2-MozEmbed-0.08-6.fc14.30 (FEDORA-2011-13467)
 Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.23, fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23

This update also includes all packages depending on gecko-libs rebuilt against the new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Jan Horak <jhorak@xxxxxxxxxx> - 0.08-6.30
- Rebuild against newer gecko
--------------------------------------------------------------------------------


================================================================================
 php-5.3.8-3.fc14 (FEDORA-2011-13458)
 PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:

Revert is_a() behavior to php <= 5.3.6 and add a new new option (allow_string) for the new behavior (accept string and raise autoload if needed)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 28 2011 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.3.8-3
- revert is_a() to php <= 5.3.6 behavior (from upstream)
  with new option (allow_string) for new behavior
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #741020 - CVE-2011-3379 php: changes to is_a() in 5.3.7 may allow arbitrary code execution with certain code
        https://bugzilla.redhat.com/show_bug.cgi?id=741020
--------------------------------------------------------------------------------


================================================================================
 polipo-1.0.4.1-4.fc14 (FEDORA-2011-13462)
 Lightweight caching web proxy
--------------------------------------------------------------------------------
Update Information:

- take file / dir creation & testing out of initscript (bz #708814)
- remove log file / dir creation in spec too
- NetworkManager integration should use restart rather than reload (bz #699677)
- add support for tmpfiles.d (bz #656669)
- add support for systemd starting in F17

--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 26 2011 Bernard Johnson <bjohnson@xxxxxxxxxxxx> - 1.0.4.1-4
- take file / dir creation & testing out of initscript (bz #708814)
- remove log file / dir creation in spec too
- NetworkManager integration should use restart rather than reload (bz #699677)
- add support for tmpfiles.d (bz #656669)
- add support for systemd starting in F17
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #708814 - polipo init script issues
        https://bugzilla.redhat.com/show_bug.cgi?id=708814
  [ 2 ] Bug #699677 - polipo networkmanager integration doesnt reload dns
        https://bugzilla.redhat.com/show_bug.cgi?id=699677
  [ 3 ] Bug #656669 - Please Update Spec File to use %ghost on files in /var/run and /var/lock
        https://bugzilla.redhat.com/show_bug.cgi?id=656669
--------------------------------------------------------------------------------


================================================================================
 thunderbird-3.1.15-1.fc14 (FEDORA-2011-13450)
 Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:

The latest version of Thunderbird has the following changes:

- Fixed several security issues
- Numerous platform fixes that improve speed, performance and stability


--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 28 2011 Jan Horak <jhorak@xxxxxxxxxx> - 3.1.15-1
- Update to 3.1.15
--------------------------------------------------------------------------------


================================================================================
 tomcat6-6.0.26-27.fc14 (FEDORA-2011-13457)
 Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API
--------------------------------------------------------------------------------
Update Information:

Fixes for:
CVE-2011-3190 - authentication bypass and information disclosure 
CVE-2011-2526 - send file validation
CVE-2011-2204 - password disclosure vulnerability
JAVA_HOME setting in tomcat6.conf

CVE-2011-0534, CVE-2011-0013, CVE-2010-3718
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-27
- Resolves CVE-2011-3190 rhbz 738502
* Mon Sep 26 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-26
- Resolves rhbz 640134 - JAVA_HOME setting
* Fri Sep 23 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-25
- Resolves CVE-2011-2526 rhbz 721087 sendfile validation and
- validation
* Wed Aug 10 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-24
- Resolves changed java R and BR so it does not specify a version
* Fri Jul  1 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-23
- Resolves rhbz 669969 - BasicDataSourceFactory in sysconfig
* Tue Jun 28 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-22
- Resolves rhbz 717016 CVE-2011-2204
* Sun May  1 2011 David Knox <dknox@xxxxxxxxxx> O:6.0.26-21
* Resolves rhbz 701037 - bad symbolic link to tomcat-juli
* Thu Apr 14 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-20
* Applied CVE-2010-3718, CVE-2011-0013, CVE-2011-0534
* Thu Feb 17 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-19
- Reversed changes in tomcat6.init so tomcat6.conf is read before
- the system configuration
* Thu Feb  3 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-18
- Resolves: rhbz 647601 - JDK Double.parseDouble DoS
* Mon Jan 17 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-17
- Resolves: rhbz# 669969 - tomcat.conf sets javax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory" as the default. 
- Resolves issues running multiple instances on a single host. Logging
- directory points to ${CATALINA_HOME}/logs/
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #738502 - CVE-2011-3190 tomcat: authentication bypass and information disclosure [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=738502
  [ 2 ] Bug #640134 - Issues with setting JAVA_HOME
        https://bugzilla.redhat.com/show_bug.cgi?id=640134
  [ 3 ] Bug #721087 - CVE-2011-2526 tomcat5, tomcat6: Certain server files exposure and JVM crash via crafted web application running under security manager [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=721087
  [ 4 ] Bug #717016 - CVE-2011-2204 tomcat: password disclosure vulnerability [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=717016
  [ 5 ] Bug #701037 - bad symbolic links created for tomcat-juli jar
        https://bugzilla.redhat.com/show_bug.cgi?id=701037
  [ 6 ] Bug #675794 - CVE-2011-0013 CVE-2010-3718 CVE-2011-0534 tomcat6 various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=675794
--------------------------------------------------------------------------------


================================================================================
 xulrunner-1.9.2.23-1.fc14 (FEDORA-2011-13467)
 XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.23, fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23

This update also includes all packages depending on gecko-libs rebuilt against the new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Jan Horak <jhorak@xxxxxxxxxx> - 1.9.2.23-1
- Update to 1.9.2.23
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux