The following Fedora 15 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2011-13785
https://admin.fedoraproject.org/updates/FEDORA-2011-13456
https://admin.fedoraproject.org/updates/FEDORA-2011-13504
https://admin.fedoraproject.org/updates/FEDORA-2011-13214
https://admin.fedoraproject.org/updates/FEDORA-2011-13446
https://admin.fedoraproject.org/updates/FEDORA-2011-12981
https://admin.fedoraproject.org/updates/FEDORA-2011-13801
https://admin.fedoraproject.org/updates/FEDORA-2011-13636
https://admin.fedoraproject.org/updates/FEDORA-2011-13861
https://admin.fedoraproject.org/updates/FEDORA-2011-13862
https://admin.fedoraproject.org/updates/FEDORA-2011-13860
The following Fedora 15 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2011-13861
https://admin.fedoraproject.org/updates/FEDORA-2011-13859
https://admin.fedoraproject.org/updates/FEDORA-2011-13785
https://admin.fedoraproject.org/updates/FEDORA-2011-13512
https://admin.fedoraproject.org/updates/FEDORA-2011-13454
https://admin.fedoraproject.org/updates/FEDORA-2011-13399
https://admin.fedoraproject.org/updates/FEDORA-2011-13246
https://admin.fedoraproject.org/updates/FEDORA-2011-13227
https://admin.fedoraproject.org/updates/FEDORA-2011-13073
https://admin.fedoraproject.org/updates/FEDORA-2011-12797
https://admin.fedoraproject.org/updates/FEDORA-2011-12720
https://admin.fedoraproject.org/updates/FEDORA-2011-12576
https://admin.fedoraproject.org/updates/FEDORA-2011-12372
https://admin.fedoraproject.org/updates/FEDORA-2011-11955
https://admin.fedoraproject.org/updates/FEDORA-2011-9651
https://admin.fedoraproject.org/updates/FEDORA-2011-9592
https://admin.fedoraproject.org/updates/FEDORA-2011-8822
https://admin.fedoraproject.org/updates/FEDORA-2011-6791
https://admin.fedoraproject.org/updates/FEDORA-2011-5583
The following builds have been pushed to Fedora 15 updates-testing
clusterPy-0.9.9-3.fc15
cyrus-imapd-2.4.12-1.fc15
hwloc-1.2.2-0.fc15
mozilla-adblockplus-1.3.10-1.fc15
nagios-plugins-check-updates-1.5.0-1.fc15
openswan-2.6.36-1.fc15
pem-0.7.9-1.fc15
perl-5.12.4-162.fc15
perl-MooseX-Types-Structured-0.28-1.fc15
perl-Sys-CPU-0.51-7.fc15
postgis-1.5.3-1.fc15
strigi-0.7.6-1.fc15
sugar-clock-7-1.fc15
sugar-moon-13-1.fc15
xnoise-0.1.29-1.fc15
xorg-x11-drv-ati-6.14.2-1.20110921gitd78860ba5.fc15
zabbix-1.8.8-1.fc15
Details about builds:
================================================================================
clusterPy-0.9.9-3.fc15 (FEDORA-2011-13873)
Library of spatially constrained clustering algorithms
--------------------------------------------------------------------------------
Update Information:
ClusterPy is a library of spatial clustering algorithms.
It works on raster and vector data.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #710648 - Review Request: clusterPy - Custom analytical geographic regionalization
https://bugzilla.redhat.com/show_bug.cgi?id=710648
--------------------------------------------------------------------------------
================================================================================
cyrus-imapd-2.4.12-1.fc15 (FEDORA-2011-13860)
A high-performance mail server with IMAP, POP3, NNTP and SIEVE support
--------------------------------------------------------------------------------
Update Information:
- security fix:
* fixes incomplete authentication checks in nntpd (Secunia SA46093)
- other fixed bugs:
* delayed delete can fail because of invalid names
* cyradm cannot wildcard delete ACLs from a mailbox
* Wrong ENABLE result (doubled names)
* mbpath output changed from 2.3 to 2.4 for remote mailboxes
* xfer fails on unlimited quota (-1)
CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in split_wildmats()
Bugs Fixed:
3495 P1 enhancement 2.4.10 Cyrus IMAP Improved duplicate suppression
3498 P1 bug 2.4.10 Cyrus IMAP quota command deletes users quota files
2772 P2 bug 2.4.x (next) Cyrus IMAP cmd_thread cores with bogus ids in references header
3300 P3 bug 2.4.2 Cyrus IMAP SOL_TCP is not defined on NetBSD
3439 P3 bug 2.3.16 Cyrus IMAP formatting issue on logging (or memory corruption ?)
3454 P3 bug 2.4.8 Cyrus IMAP ID with unquoted id_param_list keys not accepted
3463 P3 bug 2.4.x (next) Cyrus IMAP Certain mails will crash imapd if using server side threading
3489 P3 bug 2.4.10 Cyrus IMAP 2.4.10 and quota problem
3491 P3 enhancement 2.4.10 Cyrus IMAP UNAUTHENTICATE and NOOP in timsieved
3492 P3 bug 2.4.10 Cyrus IMAP Add response codes to timsieved
3497 P3 bug 2.4.10 Cyrus IMAP In master/master.c:add_service the variable "cmd" is set to NULL before syslogging
3503 P3 bug 2.4.10 Cyrus IMAP DragonFly BSD also require PIC objects for perl
3505 P3 bug 2.4.x (next) Cyrus IMAP sync_reset is broken
3506 P3 bug 2.4.x (next) Cyrus IMAP dlist.c uses synchronizing IMAP LITERALS without backchannel.
3507 P3 bug 2.4.x (next) Cyrus IMAP Replication reconciliation fails in default/immediate expunge mode
3526 P3 bug 2.4.10 Cyrus IMAP AFS ptloader reinitialization uses local cell instead of afspts_mycell config option
3532 P3 enhancement 2.5.x (next) Cyrus IMAP Fix file descriptor cleanup
3279 P5 bug 2.4.2 Cyrus IMAP sync_client crashes with empty mech_list before TLS starts
3451 P5 enhancement 2.4.8 Cyrus IMAP config2header assume CC has no spaces
- rebuild to match db library update
- do not conflict with db4-utils
- rebuild to match db library update
CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in split_wildmats()
Bugs Fixed:
3495 P1 enhancement 2.4.10 Cyrus IMAP Improved duplicate suppression
3498 P1 bug 2.4.10 Cyrus IMAP quota command deletes users quota files
2772 P2 bug 2.4.x (next) Cyrus IMAP cmd_thread cores with bogus ids in references header
3300 P3 bug 2.4.2 Cyrus IMAP SOL_TCP is not defined on NetBSD
3439 P3 bug 2.3.16 Cyrus IMAP formatting issue on logging (or memory corruption ?)
3454 P3 bug 2.4.8 Cyrus IMAP ID with unquoted id_param_list keys not accepted
3463 P3 bug 2.4.x (next) Cyrus IMAP Certain mails will crash imapd if using server side threading
3489 P3 bug 2.4.10 Cyrus IMAP 2.4.10 and quota problem
3491 P3 enhancement 2.4.10 Cyrus IMAP UNAUTHENTICATE and NOOP in timsieved
3492 P3 bug 2.4.10 Cyrus IMAP Add response codes to timsieved
3497 P3 bug 2.4.10 Cyrus IMAP In master/master.c:add_service the variable "cmd" is set to NULL before syslogging
3503 P3 bug 2.4.10 Cyrus IMAP DragonFly BSD also require PIC objects for perl
3505 P3 bug 2.4.x (next) Cyrus IMAP sync_reset is broken
3506 P3 bug 2.4.x (next) Cyrus IMAP dlist.c uses synchronizing IMAP LITERALS without backchannel.
3507 P3 bug 2.4.x (next) Cyrus IMAP Replication reconciliation fails in default/immediate expunge mode
3526 P3 bug 2.4.10 Cyrus IMAP AFS ptloader reinitialization uses local cell instead of afspts_mycell config option
3532 P3 enhancement 2.5.x (next) Cyrus IMAP Fix file descriptor cleanup
3279 P5 bug 2.4.2 Cyrus IMAP sync_client crashes with empty mech_list before TLS starts
3451 P5 enhancement 2.4.8 Cyrus IMAP config2header assume CC has no spaces
- rebuild to match db library update
- do not conflict with db4-utils
- rebuild to match db library update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.4.12-1
- cyrus-imapd updated to 2.4.12
- fixes incomplete authentication checks in nntpd (Secunia SA46093)
* Fri Sep 9 2011 Jeroen van Meeuwen <vanmeeuwen@xxxxxxxxxxxx> - 2.4.11-1
- Updated to 2.4.11
- Fix CVE-2011-3208 (#734926, #736838)
* Thu Aug 25 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.4.10-3
- do not conflict with db4-utils
* Mon Aug 15 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.4.10-2
- rebuild with db5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #736838 - CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in split_wildmats() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=736838
[ 2 ] Bug #729767 - imaps[9563]: unable to open Berkeley db /etc/sasldb2: Invalid argument after fixing sendmail from bug 712943
https://bugzilla.redhat.com/show_bug.cgi?id=729767
--------------------------------------------------------------------------------
================================================================================
hwloc-1.2.2-0.fc15 (FEDORA-2011-13875)
Portable Hardware Locality - portable abstraction of hierarchical architectures
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Jirka Hladky <hladky.jiri@xxxxxxxxx> - 1.2.2
- 1.2.2 release
- Fix for BZ https://bugzilla.redhat.com/show_bug.cgi?id=724937 for 32-bit PPC
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #724937 - hwloc-1.2-0.fc16 fails xmlbuffer self check on PPC, but passes on PPC64
https://bugzilla.redhat.com/show_bug.cgi?id=724937
--------------------------------------------------------------------------------
================================================================================
mozilla-adblockplus-1.3.10-1.fc15 (FEDORA-2011-13872)
Adblocking extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
This update adds compatibility for Firefox 7.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Christoph Wickert <cwickert@xxxxxxxxxxxxxxxxx> - 1.3.10-1
- Update to 1.3.9 for FF7
* Thu Aug 18 2011 Christoph Wickert <cwickert@xxxxxxxxxxxxxxxxx> - 1.3.9-1
- Update to 1.3.9 for FF6
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-check-updates-1.5.0-1.fc15 (FEDORA-2011-13870)
A Nagios plugin to check if Red Hat or Fedora system is up-to-date
--------------------------------------------------------------------------------
Update Information:
Update to 1.5.0.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 4 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.5.0-1
- Update to 1.5.0.
* Wed May 25 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.4.14-1
- Update to 1.4.14.
* Tue May 24 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.4.13-1
- Update to 1.4.13.
- Fixes a build problem in EPEL5 (test script failure).
* Tue May 24 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.4.12-1
- Update to 1.4.12.
- Upstream added a test suite.
--------------------------------------------------------------------------------
================================================================================
openswan-2.6.36-1.fc15 (FEDORA-2011-13862)
IPSEC implementation with IKEv1 and IKEv2 keying protocols
--------------------------------------------------------------------------------
Update Information:
Fixes for cve-2011-3380
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 2.6.36-1
- new upstream release
- fixes for cve-2011-3380
--------------------------------------------------------------------------------
================================================================================
pem-0.7.9-1.fc15 (FEDORA-2011-13863)
Personal Expenses Manager
--------------------------------------------------------------------------------
Update Information:
Built a new update - 0.7.9.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 17 2011 P J P <pj.pandit@xxxxxxxxxxx> - 0.7.9-1
- New option -b --bare to generate a daily report formatted for small(40x15)
screen of NanoNote - http://en.qi-hardware.com/wiki/Ben_NanoNote.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #730944 - pem-0.7.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=730944
--------------------------------------------------------------------------------
================================================================================
perl-5.12.4-162.fc15 (FEDORA-2011-13861)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
This update fixes security bug in Digest object constructor (CVE-2011-3597) and in decoding Unicode string by interpreter (CVE-2011-2939).
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Petr Pisar <ppisar@xxxxxxxxxx> - 4:5.12.4-161
- Fix CVE-2011-3597 (code injection in Digest) (bug #743010)
- Fix CVE-2011-2939 (heap overflow while decoding Unicode string) (bug #731246)
* Sun Aug 14 2011 Iain Arnell <iarnell@xxxxxxxxx> 4:5.12.4-161
- perl needs to own vendorarch/auto directory
- fix version number in last two changelog entries
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #743010 - CVE-2011-3597 perl: code injection vulnerability in Digest->new()
https://bugzilla.redhat.com/show_bug.cgi?id=743010
[ 2 ] Bug #731246 - CVE-2011-2939 Perl 5.{10,12,14} heap overflow while decoding Unicode string
https://bugzilla.redhat.com/show_bug.cgi?id=731246
--------------------------------------------------------------------------------
================================================================================
perl-MooseX-Types-Structured-0.28-1.fc15 (FEDORA-2011-13857)
Structured Type Constraints for Moose
--------------------------------------------------------------------------------
Update Information:
This update fixes a regression where mixed type constraints (MX:Types style and 'classic' Stringy style) used in a single structured type doesn't work.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.28-1
- update to latest upstream version
* Wed Jul 20 2011 Petr Sabata <contyk@xxxxxxxxxx> - 0.27-2
- Perl mass rebuild
* Wed May 4 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.27-1
- update to latest upstream version
--------------------------------------------------------------------------------
================================================================================
perl-Sys-CPU-0.51-7.fc15 (FEDORA-2011-13871)
Getting CPU information
--------------------------------------------------------------------------------
Update Information:
Updated .spec file to use %{perl_vendorarch}/auto
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Shakthi Kannan <shakthimaan@xxxxxxxxxxxxxxxxx> - 0.51-7
- Used perl_vendorarch/auto, perl_vendorarch/Sys in files section.
* Fri Jun 17 2011 Marcela Mašláňová <mmaslano@xxxxxxxxxx> - 0.51-6
- Perl mass rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #743015 - perl-Sys-CPU should not own /usr/lib*/perl5/auto
https://bugzilla.redhat.com/show_bug.cgi?id=743015
--------------------------------------------------------------------------------
================================================================================
postgis-1.5.3-1.fc15 (FEDORA-2011-13866)
Geographic Information Systems Extensions to PostgreSQL
--------------------------------------------------------------------------------
Update Information:
Update to 1.5.3, per changes described at:
http://postgis.org/news/20110625/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 4 2011 Devrim GÜNDÜZ <devrim@xxxxxxxxxx> - 1.5.3-1
- Update to 1.5.3
* Tue Apr 19 2011 Devrim GÜNDÜZ <devrim@xxxxxxxxxx> - 1.5.2-1
- Update to 1.5.2
--------------------------------------------------------------------------------
================================================================================
strigi-0.7.6-1.fc15 (FEDORA-2011-13868)
A desktop search program
--------------------------------------------------------------------------------
Update Information:
Bugfix release, recommended per http://trueg.wordpress.com/2011/09/22/about-strigi-soprano-virtuoso-clucene-and-libstreamanalyzer/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 4 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.7.6-1
- 0.7.6
- BR: boost-devel
- pkgconfig-style deps
* Tue Aug 16 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.7.5-5
- libstreams rpm analyzer fixed upstream
--------------------------------------------------------------------------------
================================================================================
sugar-clock-7-1.fc15 (FEDORA-2011-13858)
Clock activity for Sugar
--------------------------------------------------------------------------------
Update Information:
Activity updates
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 7-1
- Release 7
--------------------------------------------------------------------------------
================================================================================
sugar-moon-13-1.fc15 (FEDORA-2011-13858)
Moon phases activity for sugar
--------------------------------------------------------------------------------
Update Information:
Activity updates
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 12-1
- Release 12
--------------------------------------------------------------------------------
================================================================================
xnoise-0.1.29-1.fc15 (FEDORA-2011-13865)
Tracklist-centric Media Player
--------------------------------------------------------------------------------
Update Information:
* redo import and use of streams
* add mpris v1 plugin
* update translations for german, hebrew, italian, polish,
portugese, russian
* use a recent vala version
* bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 0.1.29-1
- Update to 0.1.29
* Wed Sep 21 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 0.1.28-1
- Update to 0.1.28
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #739374 - xnoise-0.1.29 is available
https://bugzilla.redhat.com/show_bug.cgi?id=739374
--------------------------------------------------------------------------------
================================================================================
xorg-x11-drv-ati-6.14.2-1.20110921gitd78860ba5.fc15 (FEDORA-2011-13859)
Xorg X11 ati video driver
--------------------------------------------------------------------------------
Update Information:
Adds support for newer chipsets.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 21 2011 Dave Airlie <airlied@xxxxxxxxxx> 6.14.2-1.20110921gitd78860ba5
- Latest upstream sources for llano/ni support
--------------------------------------------------------------------------------
================================================================================
zabbix-1.8.8-1.fc15 (FEDORA-2011-13876)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
- update to 1.8.8
- upstream changelog at http://www.zabbix.com/rn1.8.8.php
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Dan Horák <dan[at]danny.cz> - 1.8.8-1
- Update for 1.8.8
- Drop the ZBX-4099 patch, that's now obsolete
- Remove two further htaccess files and put the configuration in
the main configuration file
- thanks to Volker Fröhlich for the changes above
- move zabbix_get to the server and proxy subpackages (#734512)
- remove prebuilt Windows binaries (#737341)
- remove flash clock applet (#737337)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #734512 - Package zabbix_get with servers and proxies instead of with agents
https://bugzilla.redhat.com/show_bug.cgi?id=734512
[ 2 ] Bug #737341 - Delete pre-built binaries
https://bugzilla.redhat.com/show_bug.cgi?id=737341
[ 3 ] Bug #737337 - Flash clock
https://bugzilla.redhat.com/show_bug.cgi?id=737337
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
