The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2011-13795
https://admin.fedoraproject.org/updates/FEDORA-2011-14180
https://admin.fedoraproject.org/updates/FEDORA-2011-14000
https://admin.fedoraproject.org/updates/FEDORA-2011-13499
https://admin.fedoraproject.org/updates/FEDORA-2011-14202
https://admin.fedoraproject.org/updates/FEDORA-2011-14183
https://admin.fedoraproject.org/updates/FEDORA-2011-13457
https://admin.fedoraproject.org/updates/FEDORA-2011-13633
https://admin.fedoraproject.org/updates/FEDORA-2011-13869
https://admin.fedoraproject.org/updates/FEDORA-2011-13864
https://admin.fedoraproject.org/updates/FEDORA-2011-13874
https://admin.fedoraproject.org/updates/FEDORA-2011-13915
https://admin.fedoraproject.org/updates/FEDORA-2011-14025
https://admin.fedoraproject.org/updates/FEDORA-2011-14049
https://admin.fedoraproject.org/updates/FEDORA-2011-14176
https://admin.fedoraproject.org/updates/FEDORA-2011-14214
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2011-14189
https://admin.fedoraproject.org/updates/FEDORA-2011-13933
https://admin.fedoraproject.org/updates/FEDORA-2011-13874
https://admin.fedoraproject.org/updates/FEDORA-2011-13515
https://admin.fedoraproject.org/updates/FEDORA-2011-12717
https://admin.fedoraproject.org/updates/FEDORA-2011-9266
https://admin.fedoraproject.org/updates/FEDORA-2011-8835
https://admin.fedoraproject.org/updates/FEDORA-2011-8401
https://admin.fedoraproject.org/updates/FEDORA-2011-8116
https://admin.fedoraproject.org/updates/FEDORA-2011-5174
https://admin.fedoraproject.org/updates/FEDORA-2011-3923
The following builds have been pushed to Fedora 14 updates-testing
WebCalendar-1.2.3-5.fc14
atop-1.26-1.fc14.1
cflow-1.4-1.fc14
cherokee-1.2.100-1.fc14
dcraw-9.11-1.fc14
gambas3-2.99.5-1.fc14
kdelibs-4.6.5-6.fc14
perl-DateTime-TimeZone-1.40-1.fc14
pydot-1.0.25-2.fc14
sane-backends-1.0.22-5.fc14
solfege-3.20.3-1.fc14
tzdata-2011l-1.fc14
xmlrpc3-3.0-6.fc14
Details about builds:
================================================================================
WebCalendar-1.2.3-5.fc14 (FEDORA-2011-14176)
Single/multi-user web-based calendar application
--------------------------------------------------------------------------------
Update Information:
* Tue Oct 11 2011 Patrick Monnerat <pm@xxxxxxxxxxxxx> 1.2.3-5
- Patch "cve2011_3814" to fix CVE-2011-3814 vulnerability.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3814
https://sourceforge.net/tracker/?func=detail&aid=3414999&group_id=3870&atid=303870
- Patch "canadd" to fix event addition control.
https://sourceforge.net/tracker/?func=detail&aid=3304491&group_id=3870&atid=303870
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 11 2011 Patrick Monnerat <pm@xxxxxxxxxxxxx> 1.2.3-5
- Patch "cve2011_3814" to fix CVE-2011-3814 vulnerability.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3814
- Patch "canadd" to fix event addition control.
https://sourceforge.net/tracker/?func=detail&aid=3304491&group_id=3870&atid=303870
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #741288 - CVE-2011-3814 WebCalendar: Installation path disclosure via a direct request to a ws/user_mod.php file
https://bugzilla.redhat.com/show_bug.cgi?id=741288
--------------------------------------------------------------------------------
================================================================================
atop-1.26-1.fc14.1 (FEDORA-2011-14180)
An advanced interactive monitor to view the load on system and process level
--------------------------------------------------------------------------------
Update Information:
Tempfile flaw correction.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 12 2011 Jon Ciesla <limb@xxxxxxxxxxxx> - 1.26-1.1
- Moved back to SysV for f14, EL<=5.
* Tue Jun 21 2011 Jon Ciesla <limb@xxxxxxxxxxxx> - 1.26-1
- New upstream, BZ 657207.
- Migrated from sysv to systemd, BZ 659629.
- Modified to respect sysconfig settings, BZ 609124.
- Dropped explicit Requires for ncurses.
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.23-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #745480 - CVE-2011-3618 atop: Insecure temporary file use flaw by management of runtime data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=745480
--------------------------------------------------------------------------------
================================================================================
cflow-1.4-1.fc14 (FEDORA-2011-14191)
Analyzes C files charting control flow within the program
--------------------------------------------------------------------------------
Update Information:
Update to upstream latest release which fix a crash in cflow.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 12 2011 Terje Rosten <terje.rosten@xxxxxxx> - 1.4-1
- 1.4
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #650716 - Cflow generate coredump
https://bugzilla.redhat.com/show_bug.cgi?id=650716
[ 2 ] Bug #745416 - cflow-1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=745416
--------------------------------------------------------------------------------
================================================================================
cherokee-1.2.100-1.fc14 (FEDORA-2011-14183)
Flexible and Fast Webserver
--------------------------------------------------------------------------------
Update Information:
Latest 1.2.x upstream release
.spec corrections for optional build for systemd
Resolves bz 710474
Resolves bz 713307
Resolves bz 680691
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2011 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 1.2.100-1
- Latest 1.2.x upstream release
- .spec corrections for optional build for systemd
- Resolves bz 710474
- Resolves bz 713307
- Resolves bz 680691
* Wed Sep 14 2011 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 1.2.99-2
- .spec corrections for EL4 build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #710474 - cherokee: A weakness in Cherokee’s administrative interface random administrator password generation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=710474
[ 2 ] Bug #713307 - CVE-2011-2190 CVE-2011-2191 cherokee: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=713307
[ 3 ] Bug #680691 - cherokee uses libssl from openssl >1.0, when opensssl <1.0 is current in repository
https://bugzilla.redhat.com/show_bug.cgi?id=680691
--------------------------------------------------------------------------------
================================================================================
dcraw-9.11-1.fc14 (FEDORA-2011-14196)
Tool for decoding raw image data from digital cameras
--------------------------------------------------------------------------------
Update Information:
Update color matrices, add new models.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 12 2011 Nils Philippsen <nils@xxxxxxxxxx> - 9.11-1
- version 9.11
--------------------------------------------------------------------------------
================================================================================
gambas3-2.99.5-1.fc14 (FEDORA-2011-14187)
IDE based on a basic interpreter with object extensions
--------------------------------------------------------------------------------
Update Information:
Update to gambas3 2.99.5 (3.0 rc5).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 11 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.99.5-1
- update to 2.99.5
* Fri Sep 30 2011 Marek Kasik <mkasik@xxxxxxxxxx> - 2.99.4-2
- Rebuild (poppler-0.18.0)
--------------------------------------------------------------------------------
================================================================================
kdelibs-4.6.5-6.fc14 (FEDORA-2011-14214)
KDE Libraries
--------------------------------------------------------------------------------
Update Information:
this build addresses an input validation failure in kdelibs' kio and kssl.
See also:
http://www.kde.org/info/security/advisory-20111003-1.txt
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 11 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.6.5-6
- CVE-2011-3365 kdelibs: input validation failure in KSSL (#743056)
* Sat Oct 8 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.6.5-5
- Provides: kate-part
* Tue Aug 30 2011 Than Ngo <than@xxxxxxxxxx> - 4.6.5-4
- clean fedora conditional
* Fri Aug 26 2011 Than Ngo <than@xxxxxxxxxx> - 4.6.5-3
- drop kdelibs-4.3.1-drkonq.patch which is merged in upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #743054 - CVE-2011-3365 kdelibs: input validation failure in KSSL
https://bugzilla.redhat.com/show_bug.cgi?id=743054
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-TimeZone-1.40-1.fc14 (FEDORA-2011-14195)
Time zone object base class and factory
--------------------------------------------------------------------------------
Update Information:
This release is based on version 2011l of the Olson database. This release includes contemporary changes for Palestine, Fiji, Russia, Belarus, Ukraine, and several other post-Soviet states.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 11 2011 Iain Arnell <iarnell@xxxxxxxxx> 1.40-1
- update to latest upstream - Olson 2011l
--------------------------------------------------------------------------------
================================================================================
pydot-1.0.25-2.fc14 (FEDORA-2011-14198)
Python interface to Graphviz's Dot language
--------------------------------------------------------------------------------
Update Information:
Add AttributeError exception handling to fix python-pebl behavior. Thanks to Thomas Spura.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 11 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.25-2
- apply fix for pebl relating to catching AttributeError, thanks to Thomas Spura
* Thu Apr 21 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.25-1
- update to 1.0.25
* Thu Mar 3 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.23-1
- update to 1.0.23
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Jan 4 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.4-1
- update to 1.0.4
* Wed Nov 3 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1.0.3-1
- update to 1.0.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #744588 - Multiple AttributeError: 'NoneType' object has no attribute 'obj_dict' when running python-pebl
https://bugzilla.redhat.com/show_bug.cgi?id=744588
--------------------------------------------------------------------------------
================================================================================
sane-backends-1.0.22-5.fc14 (FEDORA-2011-14212)
Scanner access software
--------------------------------------------------------------------------------
Update Information:
This update adds dependencies to the sane-backends-devel package, so that sane-backends-drivers-* are shipped in both 32bit and 64bit versions on 64bit systems. It also lets sane-backends-drivers-scanners obsolete old sane-backends-libs versions directly to improve multilib updates.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2011 Nils Philippsen <nils@xxxxxxxxxx> - 1.0.22-5
- multilib: let -devel depend on -drivers-* on F-16 and earlier (#740992)
- multilib: make -drivers-scanners obsolete old -libs as well
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #740992 - sane-backends-drivers-*.i686 is missing from x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=740992
--------------------------------------------------------------------------------
================================================================================
solfege-3.20.3-1.fc14 (FEDORA-2011-14182)
Music education software
--------------------------------------------------------------------------------
Update Information:
* New upstream bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 11 2011 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 3.20.3-1
- Update to new upstream release (BZ 741233)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #741233 - solfege-3.20.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=741233
--------------------------------------------------------------------------------
================================================================================
tzdata-2011l-1.fc14 (FEDORA-2011-14189)
Timezone data
--------------------------------------------------------------------------------
Update Information:
- Fiji will introduce DST
- A couple of fixes for past stamps
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 11 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011l-1
- Upstream 2011l:
- Fix ancient stamps for America/Sitka
- Asia/Hebron transitioned to standard time already on Sep 30, not Oct 3
- Fiji will introduce DST on Oct 22
--------------------------------------------------------------------------------
================================================================================
xmlrpc3-3.0-6.fc14 (FEDORA-2011-14202)
Java XML-RPC implementation
--------------------------------------------------------------------------------
Update Information:
- Backport security fix from 3.1.3
- Resolves RH744364, CVE-2011-3600 - XML-RPC SAX parser information disclosure
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 11 2011 Jeff Johnston <jjohnstn@xxxxxxxxxx> - 3.0-6
- Backport security fix from 3.1.3
- Resolves RH744364, CVE-2011-3600 - XML-RPC SAX parser information disclosure
* Wed Jul 21 2010 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 3.0-5
- Install maven depmaps and pom.xml files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #744364 - CVE-2011-3600 xmlrpc3: XML-RPC SAX parser information disclosure [fedora-14]
https://bugzilla.redhat.com/show_bug.cgi?id=744364
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
