Fedora 14 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-2011-13795
    https://admin.fedoraproject.org/updates/FEDORA-2011-14180
    https://admin.fedoraproject.org/updates/FEDORA-2011-14000
    https://admin.fedoraproject.org/updates/FEDORA-2011-13499
    https://admin.fedoraproject.org/updates/FEDORA-2011-14202
    https://admin.fedoraproject.org/updates/FEDORA-2011-14183
    https://admin.fedoraproject.org/updates/FEDORA-2011-13457
    https://admin.fedoraproject.org/updates/FEDORA-2011-13633
    https://admin.fedoraproject.org/updates/FEDORA-2011-13869
    https://admin.fedoraproject.org/updates/FEDORA-2011-13864
    https://admin.fedoraproject.org/updates/FEDORA-2011-13874
    https://admin.fedoraproject.org/updates/FEDORA-2011-13915
    https://admin.fedoraproject.org/updates/FEDORA-2011-14025
    https://admin.fedoraproject.org/updates/FEDORA-2011-14049
    https://admin.fedoraproject.org/updates/FEDORA-2011-14176
    https://admin.fedoraproject.org/updates/FEDORA-2011-14214


The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/FEDORA-2011-14189
    https://admin.fedoraproject.org/updates/FEDORA-2011-13933
    https://admin.fedoraproject.org/updates/FEDORA-2011-13874
    https://admin.fedoraproject.org/updates/FEDORA-2011-13515
    https://admin.fedoraproject.org/updates/FEDORA-2011-12717
    https://admin.fedoraproject.org/updates/FEDORA-2011-9266
    https://admin.fedoraproject.org/updates/FEDORA-2011-8835
    https://admin.fedoraproject.org/updates/FEDORA-2011-8401
    https://admin.fedoraproject.org/updates/FEDORA-2011-8116
    https://admin.fedoraproject.org/updates/FEDORA-2011-5174
    https://admin.fedoraproject.org/updates/FEDORA-2011-3923


The following builds have been pushed to Fedora 14 updates-testing

    WebCalendar-1.2.3-5.fc14
    atop-1.26-1.fc14.1
    cflow-1.4-1.fc14
    cherokee-1.2.100-1.fc14
    dcraw-9.11-1.fc14
    gambas3-2.99.5-1.fc14
    kdelibs-4.6.5-6.fc14
    perl-DateTime-TimeZone-1.40-1.fc14
    pydot-1.0.25-2.fc14
    sane-backends-1.0.22-5.fc14
    solfege-3.20.3-1.fc14
    tzdata-2011l-1.fc14
    xmlrpc3-3.0-6.fc14

Details about builds:


================================================================================
 WebCalendar-1.2.3-5.fc14 (FEDORA-2011-14176)
 Single/multi-user web-based calendar application
--------------------------------------------------------------------------------
Update Information:

* Tue Oct 11 2011 Patrick Monnerat <pm@xxxxxxxxxxxxx> 1.2.3-5
- Patch "cve2011_3814" to fix CVE-2011-3814 vulnerability.
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3814
  https://sourceforge.net/tracker/?func=detail&aid=3414999&group_id=3870&atid=303870
- Patch "canadd" to fix event addition control.
  https://sourceforge.net/tracker/?func=detail&aid=3304491&group_id=3870&atid=303870
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 11 2011 Patrick Monnerat <pm@xxxxxxxxxxxxx> 1.2.3-5
- Patch "cve2011_3814" to fix CVE-2011-3814 vulnerability.
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3814
- Patch "canadd" to fix event addition control.
  https://sourceforge.net/tracker/?func=detail&aid=3304491&group_id=3870&atid=303870
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #741288 - CVE-2011-3814 WebCalendar: Installation path disclosure via a direct request to a ws/user_mod.php file
        https://bugzilla.redhat.com/show_bug.cgi?id=741288
--------------------------------------------------------------------------------


================================================================================
 atop-1.26-1.fc14.1 (FEDORA-2011-14180)
 An advanced interactive monitor to view the load on system and process level
--------------------------------------------------------------------------------
Update Information:

Tempfile flaw correction.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 12 2011 Jon Ciesla <limb@xxxxxxxxxxxx> - 1.26-1.1
- Moved back to SysV for f14, EL<=5.
* Tue Jun 21 2011 Jon Ciesla <limb@xxxxxxxxxxxx> - 1.26-1
- New upstream, BZ 657207.
- Migrated from sysv to systemd, BZ 659629.
- Modified to respect sysconfig settings, BZ 609124.
- Dropped explicit Requires for ncurses.
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.23-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #745480 - CVE-2011-3618 atop: Insecure temporary file use flaw by management of runtime data [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=745480
--------------------------------------------------------------------------------


================================================================================
 cflow-1.4-1.fc14 (FEDORA-2011-14191)
 Analyzes C files charting control flow within the program
--------------------------------------------------------------------------------
Update Information:

Update to upstream latest release which fix a crash in cflow.


--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 12 2011 Terje Rosten <terje.rosten@xxxxxxx> - 1.4-1
- 1.4
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #650716 - Cflow generate coredump
        https://bugzilla.redhat.com/show_bug.cgi?id=650716
  [ 2 ] Bug #745416 - cflow-1.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=745416
--------------------------------------------------------------------------------


================================================================================
 cherokee-1.2.100-1.fc14 (FEDORA-2011-14183)
 Flexible and Fast Webserver
--------------------------------------------------------------------------------
Update Information:

Latest 1.2.x upstream release
.spec corrections for optional build for systemd
Resolves bz 710474
Resolves bz 713307
Resolves bz 680691
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 10 2011 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 1.2.100-1
- Latest 1.2.x upstream release
- .spec corrections for optional build for systemd
- Resolves bz 710474
- Resolves bz 713307
- Resolves bz 680691
* Wed Sep 14 2011 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 1.2.99-2
- .spec corrections for EL4 build
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #710474 - cherokee: A weakness in Cherokee’s administrative interface random administrator password generation [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=710474
  [ 2 ] Bug #713307 - CVE-2011-2190 CVE-2011-2191 cherokee: multiple vulnerabilities [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=713307
  [ 3 ] Bug #680691 - cherokee uses libssl from openssl >1.0, when opensssl <1.0 is current in repository
        https://bugzilla.redhat.com/show_bug.cgi?id=680691
--------------------------------------------------------------------------------


================================================================================
 dcraw-9.11-1.fc14 (FEDORA-2011-14196)
 Tool for decoding raw image data from digital cameras
--------------------------------------------------------------------------------
Update Information:

Update color matrices, add new models.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 12 2011 Nils Philippsen <nils@xxxxxxxxxx> - 9.11-1
- version 9.11
--------------------------------------------------------------------------------


================================================================================
 gambas3-2.99.5-1.fc14 (FEDORA-2011-14187)
 IDE based on a basic interpreter with object extensions
--------------------------------------------------------------------------------
Update Information:

Update to gambas3 2.99.5 (3.0 rc5).
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 11 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.99.5-1
- update to 2.99.5
* Fri Sep 30 2011 Marek Kasik <mkasik@xxxxxxxxxx> - 2.99.4-2
- Rebuild (poppler-0.18.0)
--------------------------------------------------------------------------------


================================================================================
 kdelibs-4.6.5-6.fc14 (FEDORA-2011-14214)
 KDE Libraries
--------------------------------------------------------------------------------
Update Information:

this build addresses an input validation failure in kdelibs' kio and kssl.

See also:
http://www.kde.org/info/security/advisory-20111003-1.txt
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 11 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.6.5-6
- CVE-2011-3365 kdelibs: input validation failure in KSSL (#743056)
* Sat Oct  8 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.6.5-5
- Provides: kate-part
* Tue Aug 30 2011 Than Ngo <than@xxxxxxxxxx> - 4.6.5-4
- clean fedora conditional
* Fri Aug 26 2011 Than Ngo <than@xxxxxxxxxx> - 4.6.5-3
- drop kdelibs-4.3.1-drkonq.patch which is merged in upstream
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #743054 - CVE-2011-3365 kdelibs: input validation failure in KSSL
        https://bugzilla.redhat.com/show_bug.cgi?id=743054
--------------------------------------------------------------------------------


================================================================================
 perl-DateTime-TimeZone-1.40-1.fc14 (FEDORA-2011-14195)
 Time zone object base class and factory
--------------------------------------------------------------------------------
Update Information:

This release is based on version 2011l of the Olson database. This release includes contemporary changes for Palestine, Fiji, Russia, Belarus, Ukraine, and several other post-Soviet states.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 11 2011 Iain Arnell <iarnell@xxxxxxxxx> 1.40-1
- update to latest upstream - Olson 2011l
--------------------------------------------------------------------------------


================================================================================
 pydot-1.0.25-2.fc14 (FEDORA-2011-14198)
 Python interface to Graphviz's Dot language
--------------------------------------------------------------------------------
Update Information:

Add AttributeError exception handling to fix python-pebl behavior. Thanks to Thomas Spura.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 11 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.25-2
- apply fix for pebl relating to catching AttributeError, thanks to Thomas Spura
* Thu Apr 21 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.25-1
- update to 1.0.25
* Thu Mar  3 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.23-1
- update to 1.0.23
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Jan  4 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.4-1
- update to 1.0.4
* Wed Nov  3 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1.0.3-1
- update to 1.0.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #744588 - Multiple AttributeError: 'NoneType' object has no attribute 'obj_dict' when running python-pebl
        https://bugzilla.redhat.com/show_bug.cgi?id=744588
--------------------------------------------------------------------------------


================================================================================
 sane-backends-1.0.22-5.fc14 (FEDORA-2011-14212)
 Scanner access software
--------------------------------------------------------------------------------
Update Information:

This update adds dependencies to the sane-backends-devel package, so that sane-backends-drivers-* are shipped in both 32bit and 64bit versions on 64bit systems. It also lets sane-backends-drivers-scanners obsolete old sane-backends-libs versions directly to improve multilib updates.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 10 2011 Nils Philippsen <nils@xxxxxxxxxx> - 1.0.22-5
- multilib: let -devel depend on -drivers-* on F-16 and earlier (#740992)
- multilib: make -drivers-scanners obsolete old -libs as well
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #740992 - sane-backends-drivers-*.i686 is missing from x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=740992
--------------------------------------------------------------------------------


================================================================================
 solfege-3.20.3-1.fc14 (FEDORA-2011-14182)
 Music education software
--------------------------------------------------------------------------------
Update Information:

* New upstream bugfix release
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 11 2011 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 3.20.3-1
- Update to new upstream release (BZ 741233)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #741233 - solfege-3.20.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=741233
--------------------------------------------------------------------------------


================================================================================
 tzdata-2011l-1.fc14 (FEDORA-2011-14189)
 Timezone data
--------------------------------------------------------------------------------
Update Information:

- Fiji will introduce DST
- A couple of fixes for past stamps
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 11 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011l-1
- Upstream 2011l:
  - Fix ancient stamps for America/Sitka
  - Asia/Hebron transitioned to standard time already on Sep 30, not Oct 3
  - Fiji will introduce DST on Oct 22
--------------------------------------------------------------------------------


================================================================================
 xmlrpc3-3.0-6.fc14 (FEDORA-2011-14202)
 Java XML-RPC implementation
--------------------------------------------------------------------------------
Update Information:

- Backport security fix from 3.1.3
- Resolves RH744364, CVE-2011-3600 - XML-RPC SAX parser information disclosure

--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 11 2011 Jeff Johnston <jjohnstn@xxxxxxxxxx> - 3.0-6
- Backport security fix from 3.1.3
- Resolves RH744364, CVE-2011-3600 - XML-RPC SAX parser information disclosure
* Wed Jul 21 2010 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 3.0-5
- Install maven depmaps and pom.xml files
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #744364 - CVE-2011-3600 xmlrpc3: XML-RPC SAX parser information disclosure [fedora-14]
        https://bugzilla.redhat.com/show_bug.cgi?id=744364
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux