The following Fedora 16 Security updates need testing:
https://admin.fedoraproject.org/updates/moodle-2.0.5-1.fc16
https://admin.fedoraproject.org/updates/hardlink-1.0-12.fc16
https://admin.fedoraproject.org/updates/openswan-2.6.37-1.fc16
https://admin.fedoraproject.org/updates/phpldapadmin-1.2.1.1-2.20111006=
git.fc16
https://admin.fedoraproject.org/updates/kdeutils-4.7.2-2.fc16
https://admin.fedoraproject.org/updates/yubikey-val-2.10-1.fc16,pam_yub=
ico-2.8-1.fc16,ykclient-2.6-1.fc16
https://admin.fedoraproject.org/updates/wireshark-1.6.3-1.fc16
https://admin.fedoraproject.org/updates/net6-1.3.14-1.fc16
https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.fc16
https://admin.fedoraproject.org/updates/puppet-2.6.12-1.fc16
https://admin.fedoraproject.org/updates/arora-0.11.0-3.fc16
https://admin.fedoraproject.org/updates/drupal6-views-2.13-1.fc16
https://admin.fedoraproject.org/updates/tomcat6-6.0.32-19.fc16
https://admin.fedoraproject.org/updates/proftpd-1.3.4-1.fc16
https://admin.fedoraproject.org/updates/rest-0.7.12-1.fc16,libsocialweb=
-0.25.20-1.fc16
https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.7.1-1.fc16
The following Fedora 16 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/rest-0.7.12-1.fc16,libsocialweb=
-0.25.20-1.fc16
https://admin.fedoraproject.org/updates/kernel-3.1.1-1.fc16
https://admin.fedoraproject.org/updates/libass-0.10.0-1.fc16
https://admin.fedoraproject.org/updates/libdrm-2.4.27-2.fc16
https://admin.fedoraproject.org/updates/folks-0.6.5-1.fc16
https://admin.fedoraproject.org/updates/control-center-3.2.2-1.fc16,gno=
me-settings-daemon-3.2.2-1.fc16
https://admin.fedoraproject.org/updates/newt-0.52.14-1.fc16
https://admin.fedoraproject.org/updates/glibc-2.14.90-15.2
https://admin.fedoraproject.org/updates/libfprint-0.4.0-1.fc16,fprintd-=
0.4.1-1.fc16
https://admin.fedoraproject.org/updates/mdadm-3.2.2-14.fc16
https://admin.fedoraproject.org/updates/gdb-7.3.50.20110722-10.fc16
https://admin.fedoraproject.org/updates/evolution-data-server-3.2.1-2.f=
c16
https://admin.fedoraproject.org/updates/authconfig-6.1.16-2.fc16
https://admin.fedoraproject.org/updates/PackageKit-0.6.20-1.fc16
https://admin.fedoraproject.org/updates/libreport-2.0.7-1.fc16
https://admin.fedoraproject.org/updates/soprano-2.7.3-1.fc16
https://admin.fedoraproject.org/updates/virtuoso-opensource-6.1.4-2.fc16
https://admin.fedoraproject.org/updates/libffado-2.1.0-0.4.20111030.svn=
2000.fc16
https://admin.fedoraproject.org/updates/colord-0.1.14-1.fc16
https://admin.fedoraproject.org/updates/cups-pk-helper-0.1.3-3.fc16
https://admin.fedoraproject.org/updates/fcoe-utils-1.0.20-5.fc16
https://admin.fedoraproject.org/updates/dosfstools-3.0.12-1.fc16
https://admin.fedoraproject.org/updates/rest-0.7.11-1.fc16
https://admin.fedoraproject.org/updates/dnsmasq-2.59-2.fc16
https://admin.fedoraproject.org/updates/xorg-x11-drv-savage-2.3.3-1.fc16
https://admin.fedoraproject.org/updates/phonon-backend-gstreamer-4.5.90=
-3.fc16,phonon-4.5.57-3.20111031.fc16,libqzeitgeist-0.8.0-3.fc16
https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.12-2.fc=
16
https://admin.fedoraproject.org/updates/perl-threads-1.83-4.fc16
The following builds have been pushed to Fedora 16 updates-testing
R2spec-4.0.0-1.fc16
clthreads-2.4.0-7.fc16
clxclient-3.6.1-5.fc16
condor-7.7.3-0.2.fc16
cvs2cl-2.73-1.fc16
dvb-apps-1.1.2-0.d4e8bf5658ce.fc16
guitarix-0.20.2-3.fc16
jconvolver-0.9.2-1.fc16
kernel-3.1.1-1.fc16
libass-0.10.0-1.fc16
libsocialweb-0.25.20-1.fc16
libverto-0.2.2-1.fc16
php-bartlett-PHP-Reflect-1.1.0-1.fc16
phpMyAdmin-3.4.7.1-1.fc16
rest-0.7.12-1.fc16
rpmdevtools-8.2-1.fc16
sound-theme-acoustic-1.0-1.fc16
timidity++-2.13.2-25.fc16.1
zita-convolver-3.0.3-2.fc16
zita-rev1-0.2.1-4.fc16
Details about builds:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
R2spec-4.0.0-1.fc16 (FEDORA-2011-15838)
Python script to generate R spec file
---------------------------------------------------------------------------=
-----
Update Information:
Rewrite R2spec in version 4.0.0 \=C3=B3/
---------------------------------------------------------------------------=
-----
ChangeLog:
* Sat Nov 12 2011 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 4.0.0-1
- Update to 4.0.0 which is an almost complete rewrite
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
clthreads-2.4.0-7.fc16 (FEDORA-2011-15848)
POSIX threads C++ access library
---------------------------------------------------------------------------=
-----
Update Information:
Correct undefined-non-weak-symbol warning.
---------------------------------------------------------------------------=
-----
ChangeLog:
* Tue Oct 11 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 2.4.0-7
- correct URL and download link
* Tue Oct 4 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 2.4.0-6
- Corrected rpmlint 'undefined-non-weak-symbol /usr/lib64/libclthreads.so.2=
.4.0
clock_gettime' and unused-direct-shlib-dependency for libm - BZ#751466
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #751466 - clthreads: undefined non-weak symbol "clock_gettime"
https://bugzilla.redhat.com/show_bug.cgi?id=3D751466
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
clxclient-3.6.1-5.fc16 (FEDORA-2011-15857)
C++ X Windows Library
---------------------------------------------------------------------------=
-----
Update Information:
clxclient is a C++ X windows library used in some audio applications. Porte=
d from the CCRMA repostory.
zita-rev1 is a reworked version of the reverb originally developed for Aeol=
us. Its character is more 'hall' than 'plate', but it can be used on a wide=
variety of instruments or voices. It is not a spatialiser - the early refl=
ections are different for the L and R inputs, but do not correspond to any =
real room. They have been tuned to match left and right sources to some ext=
ent.
In Stereo mode a dry/wet mix control is provided, so it can be used either =
as an insert or in send/return mode. For mono just connect one of the two c=
hannels.
In Ambisonic mode (selected by the -B command line option) the only option =
is the send/return mode.
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #749753 - Review Request: clxclient - a C++ X windows library
https://bugzilla.redhat.com/show_bug.cgi?id=3D749753
[ 2 ] Bug #749757 - Review Request: zita-rev1 - Proaudio reverb for JACK
https://bugzilla.redhat.com/show_bug.cgi?id=3D749757
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
condor-7.7.3-0.2.fc16 (FEDORA-2011-15849)
Condor: High Throughput Computing
---------------------------------------------------------------------------=
-----
Update Information:
Update to create tmpfiles.d on install
---------------------------------------------------------------------------=
-----
ChangeLog:
* Fri Nov 11 2011 <tstclair@xxxxxxxxxx> - 7.7.3-0.2
- Update install process for tmpfiles.d
* Tue Oct 25 2011 <tstclair@xxxxxxxxxx> - 7.7.3-0.1
- Fast forward to 7.7.3 pre release
* Fri Sep 16 2011 <tstclair@xxxxxxxxxx> - 7.7.1-0.1
- Fast forward to 7.7.1 official release tag V7_7_1
- ghost var/lock and var/run in spec (BZ656562)
* Wed Aug 10 2011 <tstclair@xxxxxxxxxx> - 7.7.0-0.6
- Rebuild deltacloud dep
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
cvs2cl-2.73-1.fc16 (FEDORA-2011-15830)
Generate ChangeLogs from CVS working copies
---------------------------------------------------------------------------=
-----
Update Information:
An update of cvs2cl to the latest upstream release, adding the '--xml-style=
sheet' option.
---------------------------------------------------------------------------=
-----
ChangeLog:
* Sat Nov 12 2011 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 2.73-1
- Update to 2.73 (#753407)
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #753407 - cvs2cl-2.73 is available
https://bugzilla.redhat.com/show_bug.cgi?id=3D753407
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
dvb-apps-1.1.2-0.d4e8bf5658ce.fc16 (FEDORA-2011-15852)
Utility, demo and test applications using the Linux DVB API
---------------------------------------------------------------------------=
-----
Update Information:
Update to the latest repository snapshot to include all the latest tuning d=
ata
---------------------------------------------------------------------------=
-----
ChangeLog:
* Sat Nov 12 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 1.1.2-0.d=
4e8bf5658ce
- Move to hg snapshot d4e8bf5658ce
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #617153 - scandvb doesn't output all channels
https://bugzilla.redhat.com/show_bug.cgi?id=3D617153
[ 2 ] Bug #733952 - UK switchover: DVB-T mux details have changed signifi=
cantly
https://bugzilla.redhat.com/show_bug.cgi?id=3D733952
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
guitarix-0.20.2-3.fc16 (FEDORA-2011-15847)
Mono amplifier to JACK
---------------------------------------------------------------------------=
-----
Update Information:
Update and rebuild for new upstream zita-convolver-3.0.2, jconvolver and gu=
itarix
---------------------------------------------------------------------------=
-----
ChangeLog:
* Sat Nov 12 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 0.20.2-3
- Add boost-devel build requires
* Sat Nov 12 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 0.20.2-2
- Removed libboost library detection fix
* Sat Nov 12 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 0.20.2-1
- Update to upstream release 0.20.2
* Tue Nov 8 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 0.20.0-2
- Update to upstream release 0.20.0
* Sun Oct 30 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 0.20.0-1.0.s=
vn1278
- Grab source from latest svn, and removed FSF patch
- Rebuild for libpng 1.5
- Removed obsolete tags and clean section from spec
* Sun Oct 30 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 0.19.0-1.0.s=
vn1245
- Grab source from svn to rebuild against zita-convolver-3
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #749944 - zita-convolver: request for upgrade to 3.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=3D749944
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
jconvolver-0.9.2-1.fc16 (FEDORA-2011-15847)
Real-time Convolution Engine
---------------------------------------------------------------------------=
-----
Update Information:
Update and rebuild for new upstream zita-convolver-3.0.2, jconvolver and gu=
itarix
---------------------------------------------------------------------------=
-----
ChangeLog:
* Wed Oct 19 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 0.9.1-1
- Updated to version 0.9.2
* Wed Oct 19 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 0.9.1-1
- Updated to version 0.9.1
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #749944 - zita-convolver: request for upgrade to 3.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=3D749944
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
kernel-3.1.1-1.fc16 (FEDORA-2011-15834)
The Linux kernel
---------------------------------------------------------------------------=
-----
Update Information:
Update to upstream 3.1.1
---------------------------------------------------------------------------=
-----
ChangeLog:
* Fri Nov 11 2011 Josh Boyer <jwboyer@xxxxxxxxxx> 3.1.1-1
- Linux 3.1.1
* Fri Nov 11 2011 John W. Linville <linville@xxxxxxxxxx>
- Remove overlap between bcma/b43 and brcmsmac and reenable bcm4331
* Thu Nov 10 2011 Chuck Ebbert <cebbert@xxxxxxxxxx>
- Sync samsung-laptop driver with what's in 3.2 (rhbz 747560)
* Wed Nov 9 2011 Chuck Ebbert <cebbert@xxxxxxxxxx> 3.1.1-1.rc1
- Linux 3.1.1-rc1
- Comment out merged patches, will drop when release is final:
ums-realtek-driver-uses-stack-memory-for-DMA.patch
epoll-fix-spurious-lockdep-warnings.patch
crypto-register-cryptd-first.patch
add-macbookair41-keyboard.patch
powerpc-Fix-deadlock-in-icswx-code.patch
iwlagn-fix-ht_params-NULL-pointer-dereference.patch
mmc-Always-check-for-lower-base-frequency-quirk-for-.patch
media-DiBcom-protect-the-I2C-bufer-access.patch
media-dib0700-protect-the-dib0700-buffer-access.patch
WMI-properly-cleanup-devices-to-avoid-crashes.patch
mac80211-fix-remain_off_channel-regression.patch
mac80211-config-hw-when-going-back-on-channel.patch
* Wed Nov 9 2011 John W. Linville <linville@xxxxxxxxxx>
- Backport brcm80211 from 3.2-rc1
* Tue Nov 8 2011 Neil Horman <nhorman@xxxxxxxxxx>
- Add msi irq ennumeration per device in sysfs (rhbz 752176)
* Mon Nov 7 2011 Josh Boyer <jwboyer@xxxxxxxxxx>
- Add two patches to fix mac80211 issues (rhbz 731365)
* Thu Nov 3 2011 Josh Boyer <jwboyer@xxxxxxxxxx>
- Add commits queued for 3.2 for elantech driver (rhbz 728607)
- Fix crash when setting brightness via Fn keys on ideapads (rhbz 748210)
* Wed Nov 2 2011 Josh Boyer <jwboyer@xxxxxxxxxx>
- Add patch to fix oops when removing wmi module (rhbz 706574)
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
libass-0.10.0-1.fc16 (FEDORA-2011-15836)
Portable library for SSA/ASS subtitles rendering
---------------------------------------------------------------------------=
-----
Update Information:
Update to 0.10.0. Fixes some crashes with newer freetype, adds bidirectiona=
l text support (via fribidi) and contains some other improvements and fixes.
---------------------------------------------------------------------------=
-----
ChangeLog:
* Fri Nov 11 2011 Martin Sourada <mso@xxxxxxxxxxxxxxxxx> - 0.10.0-1
- New upstream release
- various improvements and fixes
- BuildRequires: fribidi-devel (bidirectional text suport)
- Fixes some wierd memory allocation related crash with freetype 2.4.6
- rhbz 753017, rhbz 753065
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #727104 - libass-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=3D727104
[ 2 ] Bug #753017 - libass 0.9.12 crashes with FreeType 2.4.6
https://bugzilla.redhat.com/show_bug.cgi?id=3D753017
[ 3 ] Bug #753062 - libass Missing Build Dependency fribidi-devel
https://bugzilla.redhat.com/show_bug.cgi?id=3D753062
[ 4 ] Bug #753065 - libass causes downstream packages to crash
https://bugzilla.redhat.com/show_bug.cgi?id=3D753065
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
libsocialweb-0.25.20-1.fc16 (FEDORA-2011-15833)
A social network data aggregator
---------------------------------------------------------------------------=
-----
Update Information:
CVE-2011-4129
A security flaw was found in the way the libsocialweb, a social network dat=
a aggregator, performed its initialization when this service start was init=
iated by the dbus daemon. Due to a deficiency in a way the libsocialweb ser=
vice was initialized, an untrusted (non-SSL) network connection has been op=
ened to remote Twitter service servers without explicit approval of the use=
r, running the libsocialweb service on the local host. A remote attacker co=
uld use this flaw to conduct various MITM attacks and potentially alter int=
egrity of the user account in question.
* libsocialweb: The views will try and fetch content from the web service e=
ven if they aren't configured.
* rest: enforce that the SSL certificate is valid
---------------------------------------------------------------------------=
-----
ChangeLog:
* Sat Nov 12 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.25.20-1
- update to 0.25.20. Fixes CVE-2011-4129, RHBZ 752022
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #752022 - CVE-2011-4129 libsocialweb: Untrusted connection to T=
witter without user's approval upon service start via dbus
https://bugzilla.redhat.com/show_bug.cgi?id=3D752022
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
libverto-0.2.2-1.fc16 (FEDORA-2011-15845)
Main loop abstraction library
---------------------------------------------------------------------------=
-----
Update Information:
initial package
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
php-bartlett-PHP-Reflect-1.1.0-1.fc16 (FEDORA-2011-15854)
Adds the ability to reverse-engineer PHP
---------------------------------------------------------------------------=
-----
Update Information:
Upstream Changelog:
* PHP_Reflect_Token_FUNCTION::getArguments() return values changed : see ex=
amples/scanFunctionArguments.php and User Guide Configure/Properties sectio=
n (example 2). Thanks to Stefan Neufeind for its patch/proposal.
* add test suite for issues reported
* upgrades build phing xml file : use latest asciidoc version (8.6.6)
---------------------------------------------------------------------------=
-----
ChangeLog:
* Fri Nov 11 2011 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> - 1.1.0-1
- Version 1.1.0 (stable) - API 1.1.0 (stable)
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
phpMyAdmin-3.4.7.1-1.fc16 (FEDORA-2011-15841)
Handle the administration of MySQL over the World Wide Web
---------------------------------------------------------------------------=
-----
Update Information:
Changes for 3.4.7.1 (2011-11-10):
- [security] Fixed possible local file inclusion in XML import
(CVE-2011-4107)
---------------------------------------------------------------------------=
-----
ChangeLog:
* Sat Nov 12 2011 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.4.7.1-1
- Upgrade to 3.4.7.1 (#753119)
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #753119 - phpMyAdmin-3.4.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=3D753119
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
rest-0.7.12-1.fc16 (FEDORA-2011-15833)
A library for access to RESTful web services
---------------------------------------------------------------------------=
-----
Update Information:
CVE-2011-4129
A security flaw was found in the way the libsocialweb, a social network dat=
a aggregator, performed its initialization when this service start was init=
iated by the dbus daemon. Due to a deficiency in a way the libsocialweb ser=
vice was initialized, an untrusted (non-SSL) network connection has been op=
ened to remote Twitter service servers without explicit approval of the use=
r, running the libsocialweb service on the local host. A remote attacker co=
uld use this flaw to conduct various MITM attacks and potentially alter int=
egrity of the user account in question.
* libsocialweb: The views will try and fetch content from the web service e=
ven if they aren't configured.
* rest: enforce that the SSL certificate is valid
---------------------------------------------------------------------------=
-----
ChangeLog:
* Thu Nov 10 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.7.12-1
- Release 0.7.12. Fixes CVE-2011-4129 RHBZ 752022
* Fri Oct 28 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.7.11-1
- Release 0.7.11
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #752022 - CVE-2011-4129 libsocialweb: Untrusted connection to T=
witter without user's approval upon service start via dbus
https://bugzilla.redhat.com/show_bug.cgi?id=3D752022
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
rpmdevtools-8.2-1.fc16 (FEDORA-2011-15843)
RPM Development Tools
---------------------------------------------------------------------------=
-----
Update Information:
Update to version 8.2.
http://git.fedorahosted.org/git/?p=3Drpmdevtools.git;a=3Dblob;f=3DNEWS;h=3D=
20fb707a6091092005f66ace444c7091a0efe601;hb=3DHEAD
---------------------------------------------------------------------------=
-----
ChangeLog:
* Sat Nov 12 2011 Ville Skytt=C3=A4 <ville.skytta@xxxxxx> - 8.2-1
- Update to 8.2.
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #730120 - rpmdev-extract fails for multiple relative-path rpms
https://bugzilla.redhat.com/show_bug.cgi?id=3D730120
[ 2 ] Bug #751582 - lib packages should have an arch specific require fro=
m devel to base
https://bugzilla.redhat.com/show_bug.cgi?id=3D751582
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
sound-theme-acoustic-1.0-1.fc16 (FEDORA-2011-15842)
Sound theme made on an acoustic guitar
---------------------------------------------------------------------------=
-----
Update Information:
Added a package for Fedora 16.
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
timidity++-2.13.2-25.fc16.1 (FEDORA-2011-15711)
A software wavetable MIDI synthesizer
---------------------------------------------------------------------------=
-----
Update Information:
This update fixes the following issue:
* garbled sound when start playing
* loading of sf2 files with stereo instrument samples with missing link-ids=
between the left and right samples
* segfault cause by uninitialized data
---------------------------------------------------------------------------=
-----
ChangeLog:
* Fri Nov 11 2011 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 2.13.2-25.1
- Add a patch which fixes the loading of sf2 files with stereo instrument
samples with missing link-ids between the left and right samples (#710927)
* Mon Nov 7 2011 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 2.13.2-25
- add upstream patch to fix garbled sound when start playing (#710927)
* Wed Jul 27 2011 Jindrich Novy <jnovy@xxxxxxxxxx> - 2.13.2-24
- fix segfault in detect() introduced by libao-first patch (#711224)
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #711224 - [abrt] timidity++-2.13.2-21.fc14: strlen: Process /us=
r/bin/timidity was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=3D711224
[ 2 ] Bug #710927 - Short garbled noise at the beginning when playing a m=
idi file
https://bugzilla.redhat.com/show_bug.cgi?id=3D710927
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
zita-convolver-3.0.3-2.fc16 (FEDORA-2011-15847)
Convolution engine library
---------------------------------------------------------------------------=
-----
Update Information:
Update and rebuild for new upstream zita-convolver-3.0.2, jconvolver and gu=
itarix
---------------------------------------------------------------------------=
-----
ChangeLog:
* Mon Oct 31 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 3.0.3-2
- Relicensed to GPLv3+
* Wed Oct 26 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 3.0.3-1
- updated to 3.0.3
* Wed Oct 19 2011 Brendan Jones <brendan.jones.it@xxxxxxxxx> - 3.0.2-1
- updated to 3.0.2
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #749944 - zita-convolver: request for upgrade to 3.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=3D749944
---------------------------------------------------------------------------=
-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
zita-rev1-0.2.1-4.fc16 (FEDORA-2011-15857)
Pro-audio reverb for JACK
---------------------------------------------------------------------------=
-----
Update Information:
clxclient is a C++ X windows library used in some audio applications. Porte=
d from the CCRMA repostory.
zita-rev1 is a reworked version of the reverb originally developed for Aeol=
us. Its character is more 'hall' than 'plate', but it can be used on a wide=
variety of instruments or voices. It is not a spatialiser - the early refl=
ections are different for the L and R inputs, but do not correspond to any =
real room. They have been tuned to match left and right sources to some ext=
ent.
In Stereo mode a dry/wet mix control is provided, so it can be used either =
as an insert or in send/return mode. For mono just connect one of the two c=
hannels.
In Ambisonic mode (selected by the -B command line option) the only option =
is the send/return mode.
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #749753 - Review Request: clxclient - a C++ X windows library
https://bugzilla.redhat.com/show_bug.cgi?id=3D749753
[ 2 ] Bug #749757 - Review Request: zita-rev1 - Proaudio reverb for JACK
https://bugzilla.redhat.com/show_bug.cgi?id=3D749757
---------------------------------------------------------------------------=
-----
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
