The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2011-13795
https://admin.fedoraproject.org/updates/FEDORA-2011-14180
https://admin.fedoraproject.org/updates/FEDORA-2011-14447
https://admin.fedoraproject.org/updates/FEDORA-2011-14000
https://admin.fedoraproject.org/updates/FEDORA-2011-14202
https://admin.fedoraproject.org/updates/FEDORA-2011-13874
https://admin.fedoraproject.org/updates/FEDORA-2011-14413
https://admin.fedoraproject.org/updates/FEDORA-2011-14214
https://admin.fedoraproject.org/updates/FEDORA-2011-14318
https://admin.fedoraproject.org/updates/FEDORA-2011-14660
https://admin.fedoraproject.org/updates/FEDORA-2011-14650
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2011-14666
https://admin.fedoraproject.org/updates/FEDORA-2011-14649
https://admin.fedoraproject.org/updates/FEDORA-2011-14410
https://admin.fedoraproject.org/updates/FEDORA-2011-14404
https://admin.fedoraproject.org/updates/FEDORA-2011-13933
https://admin.fedoraproject.org/updates/FEDORA-2011-13874
https://admin.fedoraproject.org/updates/FEDORA-2011-13515
https://admin.fedoraproject.org/updates/FEDORA-2011-12717
https://admin.fedoraproject.org/updates/FEDORA-2011-9266
https://admin.fedoraproject.org/updates/FEDORA-2011-8835
https://admin.fedoraproject.org/updates/FEDORA-2011-8401
https://admin.fedoraproject.org/updates/FEDORA-2011-8116
https://admin.fedoraproject.org/updates/FEDORA-2011-5174
https://admin.fedoraproject.org/updates/FEDORA-2011-3923
The following builds have been pushed to Fedora 14 updates-testing
cherokee-1.2.101-1.fc14
dcmtk-3.6.0-6.fc14
diffuse-0.4.5-1.fc14
e16-1.0.10-1.fc14
e16-themes-1.0.1-1.fc14
facter-1.6.2-1.fc14
krb5-1.8.4-3.fc14
mathomatic-15.6.5-1.fc14
olpc-powerd-37-1.fc14
python-slip-0.2.18-1.fc14
ql2400-firmware-5.06.02-1.fc14
ql2500-firmware-5.06.02-1.fc14
recutils-1.3-4.fc14
rubygem-rhc-0.79.5-1.fc14
sssd-1.5.14-1.fc14
tcplay-0.9-0.4.20111007git97ed5f9.fc14
tzdata-2011l-3.fc14
xscreensaver-5.15-3.fc14
znc-infobot-0.202-1.fc14
Details about builds:
================================================================================
cherokee-1.2.101-1.fc14 (FEDORA-2011-14660)
Flexible and Fast Webserver
--------------------------------------------------------------------------------
Update Information:
Latest 1.2.x upstream release
Resolves bz 746532 - put some deps back: GeoIP-devel openldap-devel
Latest 1.2.x upstream release
.spec corrections for optional build for systemd
Resolves bz 710474
Resolves bz 713307
Resolves bz 680691
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 19 2011 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 1.2.101-1
- Latest 1.2.x upstream release
* Tue Oct 18 2011 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 1.2.100-2
- Resolves bz 746532 - put some deps back: GeoIP-devel openldap-devel
* Mon Oct 10 2011 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 1.2.100-1
- Latest 1.2.x upstream release
- .spec corrections for optional build for systemd
- Resolves bz 710474
- Resolves bz 713307
- Resolves bz 680691
* Wed Sep 14 2011 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 1.2.99-2
- .spec corrections for EL4 build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #746532 - Cherokee 1.2.100 RPMs built without LDAP, GeoIP support
https://bugzilla.redhat.com/show_bug.cgi?id=746532
[ 2 ] Bug #710474 - cherokee: A weakness in Cherokee’s administrative interface random administrator password generation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=710474
[ 3 ] Bug #713307 - CVE-2011-2190 CVE-2011-2191 cherokee: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=713307
[ 4 ] Bug #680691 - cherokee uses libssl from openssl >1.0, when opensssl <1.0 is current in repository
https://bugzilla.redhat.com/show_bug.cgi?id=680691
--------------------------------------------------------------------------------
================================================================================
dcmtk-3.6.0-6.fc14 (FEDORA-2011-14651)
Offis DICOM Toolkit (DCMTK)
--------------------------------------------------------------------------------
Update Information:
Added explicit require for CharLS-devel.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 19 2011 Mario Ceresa <mrceresa@xxxxxxxxxxxxxxxxx> 3.6.0-6
- Added explicit require for CharLS-devel as requested in #745277
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #745277 - dcmtk-devel should require CharLS-devel
https://bugzilla.redhat.com/show_bug.cgi?id=745277
--------------------------------------------------------------------------------
================================================================================
diffuse-0.4.5-1.fc14 (FEDORA-2011-14667)
Graphical tool for comparing and merging text files
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 19 2011 Jon Levell <fedora@xxxxxxxxxxxxx> - 0.4.5-1
- Update to 0.4.5 upstream release
--------------------------------------------------------------------------------
================================================================================
e16-1.0.10-1.fc14 (FEDORA-2011-14670)
The Enlightenment window manager, DR16
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release e16 1.0.10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 19 2011 Terje Rosten <terje.rosten@xxxxxxx> - 1.0.10-1
- 1.0.10
--------------------------------------------------------------------------------
================================================================================
e16-themes-1.0.1-1.fc14 (FEDORA-2011-14652)
Themes for Enlightenment, DR16
--------------------------------------------------------------------------------
Update Information:
Update to upstream latest release e16-themes 1.0.1.
Also remove some unwanted fonts from the package and source package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2011 Terje Rosten <terje.rosten@xxxxxxx> - 1.0.1-1
- 1.0.1
- Remove fonts (bz #477378)
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #477378 - [e16-themes] Please convert to new font packaging guidelines
https://bugzilla.redhat.com/show_bug.cgi?id=477378
[ 2 ] Bug #615723 - Package includes non-free fonts
https://bugzilla.redhat.com/show_bug.cgi?id=615723
--------------------------------------------------------------------------------
================================================================================
facter-1.6.2-1.fc14 (FEDORA-2011-14641)
Ruby module for collecting simple facts about a host operating system
--------------------------------------------------------------------------------
Update Information:
This is an upstream bugfix release. One new addition that is of interest is the osfamily fact. For details on the fixes refer to the upstream release announcement:
http://groups.google.com/group/puppet-users/msg/9856678279f498a5
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 15 2011 Todd Zullinger <tmz@xxxxxxxxx> - 1.6.2-1
- Update to 1.6.2
- Update source URL
--------------------------------------------------------------------------------
================================================================================
krb5-1.8.4-3.fc14 (FEDORA-2011-14650)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
This update applies the upstream patch to fix a null pointer dereference with the LDAP kdb backend (CVE-2011-1527), an assertion failure with multiple kdb backends (CVE-2011-1528), and a null pointer dereference with multiple kdb backends (CVE-2011-1529). (#737711)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2011 Nalin Dahyabhai <nalin@xxxxxxxxxx> 1.8.4-3
- apply upstream patch to fix a null pointer dereference with the LDAP kdb
backend (CVE-2011-1527, #744125), an assertion failure with multiple kdb
backends (CVE-2011-1528), and a null pointer dereference with multiple kdb
backends (CVE-2011-1529) (#737711)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #737711 - CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)
https://bugzilla.redhat.com/show_bug.cgi?id=737711
--------------------------------------------------------------------------------
================================================================================
mathomatic-15.6.5-1.fc14 (FEDORA-2011-14671)
Small, portable symbolic math program
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release mathomatic 15.6.5.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2011 Terje Rosten <terje.rosten@xxxxxxx> - 15.6.5-1
- 15.6.5
--------------------------------------------------------------------------------
================================================================================
olpc-powerd-37-1.fc14 (FEDORA-2011-14640)
OLPC XO power management
--------------------------------------------------------------------------------
Update Information:
Reduce window where system could suspend while connecting to a network. Fix closing of input devices.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 19 2011 Daniel Drake <dsd@xxxxxxxxxx> - 37-1
- Reduce window for suspend during network connection
- Close unused input devices in switchd
--------------------------------------------------------------------------------
================================================================================
python-slip-0.2.18-1.fc14 (FEDORA-2011-14666)
Miscellaneous convenience, extension and workaround code for Python
--------------------------------------------------------------------------------
Update Information:
This update contains fixes for dbus backends that are meant to be persistent.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 19 2011 Nils Philippsen <nils@xxxxxxxxxx> - 0.2.18-1
- actually use persistent value in Object constructor
--------------------------------------------------------------------------------
================================================================================
ql2400-firmware-5.06.02-1.fc14 (FEDORA-2011-14675)
Firmware for qlogic 2400 devices
--------------------------------------------------------------------------------
Update Information:
It is a truth universally acknowledged, that a single man in possession of a good fortune, must be in want of a wife.
However little known the feelings or views of such a man may be on his first entering a neighbourhood, this truth is so well fixed in the minds of the surrounding families, that he is considered the rightful property of some one or other of their daughters.
"My dear Mr. ql2400-firmware," said his lady to him one day, "have you heard that Beefy Miracle is chosen at last?"
Mr. ql2400-firmware replied that he had not.
"But it is," returned she; "for Mrs. Bergeron has just been here, and she told me all about it."
Mr. ql2400-firmware made no answer.
"Do you not want to know which release has taken it?" cried his wife impatiently.
"You want to tell me, and I have no objection to hearing it."
This was invitation enough.
"Why, my dear, you must know, Mrs. Bergeron says that ql2500-firmware is taken by a young distribution of large fortune from the north of England; that he came down on Monday in a chaise and four to see the name, and was so much delighted with it, that he agreed with Mr. Smith immediately; that he is to take possession before Michaelmas, and some of his servants are to be branded with the logo by the end of next week."
"What is his name?"
"[CENSORED]."
"Is he married or single?"
"Oh! Single, my dear, to be sure! A single component of large fortune; four or five thousand changes a year. What a fine thing for our users!"
"How so? How can it affect them?"
"My dear Mr. ql2400-firmware," replied his wife, "how can you be so tiresome! You must know that I am thinking of his marrying one of them."
"Is that his design in making the update?"
"Design! Nonsense, how can you talk so! But it is very likely that he may fall in love with one of them, and therefore you must visit him as soon as he comes."
"I see no occasion for that. You and the girls may go, or you may send them by themselves, which perhaps will be still better, for as you are as handsome as any of them, Mr. Pangolin may like you the best of the party."
"My dear, you flatter me. I certainly have had my share of beauty, but I do not pretend to be anything extraordinary now. When a woman has five grown-up daughters, she ought to give over thinking of her own beauty."
"In such cases, a woman has not often much beauty to think of."
"But, my dear, you must indeed go and see Mr. Pangolin when he comes into the neighbourhood."
"It is more than I engage for, I assure you."
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 5.06.02-1
- update to 5.06.02
--------------------------------------------------------------------------------
================================================================================
ql2500-firmware-5.06.02-1.fc14 (FEDORA-2011-14675)
Firmware for qlogic 2500 devices
--------------------------------------------------------------------------------
Update Information:
It is a truth universally acknowledged, that a single man in possession of a good fortune, must be in want of a wife.
However little known the feelings or views of such a man may be on his first entering a neighbourhood, this truth is so well fixed in the minds of the surrounding families, that he is considered the rightful property of some one or other of their daughters.
"My dear Mr. ql2400-firmware," said his lady to him one day, "have you heard that Beefy Miracle is chosen at last?"
Mr. ql2400-firmware replied that he had not.
"But it is," returned she; "for Mrs. Bergeron has just been here, and she told me all about it."
Mr. ql2400-firmware made no answer.
"Do you not want to know which release has taken it?" cried his wife impatiently.
"You want to tell me, and I have no objection to hearing it."
This was invitation enough.
"Why, my dear, you must know, Mrs. Bergeron says that ql2500-firmware is taken by a young distribution of large fortune from the north of England; that he came down on Monday in a chaise and four to see the name, and was so much delighted with it, that he agreed with Mr. Smith immediately; that he is to take possession before Michaelmas, and some of his servants are to be branded with the logo by the end of next week."
"What is his name?"
"[CENSORED]."
"Is he married or single?"
"Oh! Single, my dear, to be sure! A single component of large fortune; four or five thousand changes a year. What a fine thing for our users!"
"How so? How can it affect them?"
"My dear Mr. ql2400-firmware," replied his wife, "how can you be so tiresome! You must know that I am thinking of his marrying one of them."
"Is that his design in making the update?"
"Design! Nonsense, how can you talk so! But it is very likely that he may fall in love with one of them, and therefore you must visit him as soon as he comes."
"I see no occasion for that. You and the girls may go, or you may send them by themselves, which perhaps will be still better, for as you are as handsome as any of them, Mr. Pangolin may like you the best of the party."
"My dear, you flatter me. I certainly have had my share of beauty, but I do not pretend to be anything extraordinary now. When a woman has five grown-up daughters, she ought to give over thinking of her own beauty."
"In such cases, a woman has not often much beauty to think of."
"But, my dear, you must indeed go and see Mr. Pangolin when he comes into the neighbourhood."
"It is more than I engage for, I assure you."
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 5.06.02-1
- update to 5.06.02
--------------------------------------------------------------------------------
================================================================================
recutils-1.3-4.fc14 (FEDORA-2011-14654)
A set of tools to access GNU recfile databases
--------------------------------------------------------------------------------
Update Information:
initial packaging for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #704112 - Review Request: recutils - A set of tools to access GNU recfile databases
https://bugzilla.redhat.com/show_bug.cgi?id=704112
--------------------------------------------------------------------------------
================================================================================
rubygem-rhc-0.79.5-1.fc14 (FEDORA-2011-14664)
OpenShift Express Client Tools
--------------------------------------------------------------------------------
Update Information:
Updated version 0.79.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 19 2011 Guillermo Gómez <gomix@xxxxxxxxxxxxxxxxx> - 0.79.5-1
- Update to version 0.79.5
--------------------------------------------------------------------------------
================================================================================
sssd-1.5.14-1.fc14 (FEDORA-2011-14659)
System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:
* Improved handling of users and groups with multi-valued name attributes (aliases)
* Performance enhancements for Initgroups on RFC2307bis/FreeIPA
* Performance enhancements for HBAC rule processing
* Improved process-hang detection and restarting
* Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries)
* Cleaned up the example configuration
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 19 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.14-1
- New upstream release 1.5.14
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.14
- Improved handling of users and groups with multi-valued name attributes
(aliases)
- Performance enhancements
* Initgroups on RFC2307bis/FreeIPA
* HBAC rule processing
- Improved process-hang detection and restarting
- Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries)
- Cleaned up the example configuration
* Mon Aug 29 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.13-1
- New upstream release 1.5.13
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.13
- Fixes a serious issue with LDAP connections when the communication is
dropped (e.g. VPN disconnection, waking from sleep)
- SSSD is now less strict when dealing with users/groups with multiple names
when a definitive primary name cannot be determined
- The LDAP provider will no longer attempt to canonicalize by default when
using SASL. An option to re-enable this has been provided
- Fixes for non-standard LDAP attribute names (e.g. those used by Active
Directory)
- Three HBAC regressions have been fixed
--------------------------------------------------------------------------------
================================================================================
tcplay-0.9-0.4.20111007git97ed5f9.fc14 (FEDORA-2011-14668)
Utility to create/open/map TrueCrypt-compatible volumes
--------------------------------------------------------------------------------
Update Information:
The tcplay utility provides full support for creating and
opening/mapping TrueCrypt-compatible volumes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #743497 - Review Request: tcplay - Utility to create/open/map TrueCrypt-compatible volumes
https://bugzilla.redhat.com/show_bug.cgi?id=743497
--------------------------------------------------------------------------------
================================================================================
tzdata-2011l-3.fc14 (FEDORA-2011-14649)
Timezone data
--------------------------------------------------------------------------------
Update Information:
- Ukraine decided to enter Winter Time after all
- State of Bahia, Brazil, to resume Summer Time on Oct 16
- Fiji will introduce DST
- A couple of fixes for past stamps
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 19 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011l-3
- Ukraine will enter Winter Time after all
* Fri Oct 14 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011l-2
- State of Bahia, Brazil, to resume Summer Time on Oct 16
- The project moved, reflect this in URL
- Resolves: #746183
* Tue Oct 11 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011l-1
- Upstream 2011l:
- Fix ancient stamps for America/Sitka
- Asia/Hebron transitioned to standard time already on Sep 30, not Oct 3
- Fiji will introduce DST on Oct 22
--------------------------------------------------------------------------------
================================================================================
xscreensaver-5.15-3.fc14 (FEDORA-2011-14669)
X screen saver and locker
--------------------------------------------------------------------------------
Update Information:
A bug is reported that vidwhacker won't work when selecting "Choose Random Image" on "Image Manipulation" in xscreensaver-demo. This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.15-3
- Make vidwhacker work correctly when xscreensaver-getimage-file
returns relative path (bug 746847)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #746847 - vidwhacker now broken
https://bugzilla.redhat.com/show_bug.cgi?id=746847
--------------------------------------------------------------------------------
================================================================================
znc-infobot-0.202-1.fc14 (FEDORA-2011-14637)
infobot module for ZNC IRC Bouncer
--------------------------------------------------------------------------------
Update Information:
Build znc-infobot against 0.202
Initial Package Build
Initial Package Build
Initial Package for F14.
Initial Package build for F15
ZNC-Infobot initial package built
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
