The following Fedora 15 Security updates need testing: https://admin.fedoraproject.org/updates/FEDORA-2011-15560/nss-3.12.10-7.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-15006/kdeutils-4.6.5-3.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16859/perl-PAR-1.002-4.fc15,perl-PAR-Packer-1.008-4.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-14756/arora-0.11.0-3.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16282/ejabberd-2.1.9-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16234/dovecot-2.0.16-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16786/phpMyAdmin-3.4.8-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16284/krb5-1.9.2-4.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16893/freeipa-2.1.4-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16903/moodle-1.9.15-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16955/jasper-1.900.1-18.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16976/dhcp-4.2.1-14.P1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16980/asterisk-1.8.7.2-1.fc15 The following Fedora 15 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/FEDORA-2011-16959/flac-1.2.1-8.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16967/xfce-utils-4.8.3-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16976/dhcp-4.2.1-14.P1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16955/jasper-1.900.1-18.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16923/mesa-7.11.2-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16858/phonon-4.5.1-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16872/xdg-utils-1.1.0-0.10.20111207.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16890/procmail-3.22-27.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16593/perl-Glib-1.241-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16540/python-slip-0.2.20-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16286/pcre-8.12-5.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16284/krb5-1.9.2-4.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-14053/glibc-2.14.1-1 https://admin.fedoraproject.org/updates/FEDORA-2011-13190/phonon-backend-gstreamer-4.5.90-2.fc15,phonon-4.5.57-1.20110914.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-11955/evolution-mapi-3.0.3-2.fc15,evolution-exchange-3.0.3-1.fc15,evolution-3.0.3-1.fc15,evolution-data-server-3.0.3-1.fc15,gtkhtml3-4.0.2-1.fc15 The following builds have been pushed to Fedora 15 updates-testing asterisk-1.8.7.2-1.fc15 avr-libc-1.7.1-2.fc15 chmsee-1.99-0.7.6.git67a1b5f.fc15 chromaprint-0.5-4.fc15 cppcheck-1.52-1.fc15 dhcp-4.2.1-14.P1.fc15 fbzx-2.7.0-1.fc15 flac-1.2.1-8.fc15 jasper-1.900.1-18.fc15 lcgdm-1.8.2-1.fc15 mysql-workbench-5.2.36-1.fc15 qgis-1.7.3-1.fc15 snap-0.5-7.fc15 sugar-speak-35-1.fc15 tecnoballz-0.92-11.fc15 xfce-utils-4.8.3-2.fc15 youtube-dl-2011.12.08-1.fc15 Details about builds: ================================================================================ asterisk-1.8.7.2-1.fc15 (FEDORA-2011-16980) The Open Source PBX -------------------------------------------------------------------------------- Update Information: The Asterisk Development Team has announced security releases for Asterisk 1.4, 1.6.2 and 1.8. The available security releases are released as versions 1.4.43, 1.6.2.21 and 1.8.7.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue with possible remote enumeration of SIP endpoints with differing NAT settings. The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash possibility with SIP when the "automon" feature is enabled. The issues and resolutions are described in the AST-2011-013 and AST-2011-014 security advisories. For more information about the details of these vulnerabilities, please read the security advisories AST-2011-013 and AST-2011-014, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.43 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.21 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.2 Security advisory AST-2011-013 is available at: * http://downloads.asterisk.org/pub/security/AST-2011-013.pdf Security advisory AST-2011-014 is available at: * http://downloads.asterisk.org/pub/security/AST-2011-014.pdf -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 9 2011 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 1.8.7.2-1 - The Asterisk Development Team has announced security releases for Asterisk 1.4, - 1.6.2 and 1.8. The available security releases are released as versions 1.4.43, - 1.6.2.21 and 1.8.7.2. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue - with possible remote enumeration of SIP endpoints with differing NAT settings. - - The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash - possibility with SIP when the "automon" feature is enabled. - - The issues and resolutions are described in the AST-2011-013 and AST-2011-014 - security advisories. - - For more information about the details of these vulnerabilities, please read the - security advisories AST-2011-013 and AST-2011-014, which were released at the - same time as this announcement. - - For a full list of changes in the current releases, please see the ChangeLogs: - - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.43 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.21 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.2 - - Security advisory AST-2011-013 is available at: - - * http://downloads.asterisk.org/pub/security/AST-2011-013.pdf - - Security advisory AST-2011-014 is available at: - - * http://downloads.asterisk.org/pub/security/AST-2011-014.pdf -------------------------------------------------------------------------------- References: [ 1 ] Bug #765773 - CVE-2011-4597 asterisk: Possible to enumerate SIP usernames when general and user/peer NAT settings differed (AST-2011-013) https://bugzilla.redhat.com/show_bug.cgi?id=765773 [ 2 ] Bug #765776 - CVE-2011-4598 asterisk: NULL pointer dereference (crash) when processing INFO automon message with no channel (AST-2011-014) https://bugzilla.redhat.com/show_bug.cgi?id=765776 -------------------------------------------------------------------------------- ================================================================================ avr-libc-1.7.1-2.fc15 (FEDORA-2011-16954) C library for use with GCC on Atmel AVR microcontrollers -------------------------------------------------------------------------------- Update Information: - Re-add PDF and HTML docs in the -doc package - Manpages will be re-added soon -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 7 2011 Thibault North <tnorth@xxxxxxxxxxxxxxxxx> 1.7.1-2 - Add html and pdf docs -------------------------------------------------------------------------------- ================================================================================ chmsee-1.99-0.7.6.git67a1b5f.fc15 (FEDORA-2011-16978) HTML Help viewer for Unix/Linux -------------------------------------------------------------------------------- Update Information: rebuild to match xulrunner version -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 10 2011 bbbush <bbbush.yuan@xxxxxxxxx> - 1.99-0.7.6.git67a1b5f - update to a snapshot -------------------------------------------------------------------------------- References: [ 1 ] Bug #761404 - Incompatible version of Firefox... https://bugzilla.redhat.com/show_bug.cgi?id=761404 -------------------------------------------------------------------------------- ================================================================================ chromaprint-0.5-4.fc15 (FEDORA-2011-16961) Library implementing the AcoustID fingerprinting -------------------------------------------------------------------------------- Update Information: newpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #755066 - Review Request: chromaprint - Library implementing the AcoustID fingerprinting https://bugzilla.redhat.com/show_bug.cgi?id=755066 -------------------------------------------------------------------------------- ================================================================================ cppcheck-1.52-1.fc15 (FEDORA-2011-16986) Tool for static C/C++ code analysis -------------------------------------------------------------------------------- Update Information: Update to newest stable release, see details at http://sourceforge.net/apps/trac/cppcheck/milestone/1.52. -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 11 2011 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.52-1 - Update to 1.52. * Wed Oct 26 2011 Ville Skyttä <ville.skytta@xxxxxx> - 1.51-2 - Include man page and more other docs. - Build with $RPM_LD_FLAGS. - Improve summary and description. -------------------------------------------------------------------------------- References: [ 1 ] Bug #766259 - cppcheck-1.52 is available https://bugzilla.redhat.com/show_bug.cgi?id=766259 -------------------------------------------------------------------------------- ================================================================================ dhcp-4.2.1-14.P1.fc15 (FEDORA-2011-16976) Dynamic host configuration protocol software -------------------------------------------------------------------------------- Update Information: CVE-2011-4539 dhcpd: DoS due to processing certain regular expressions -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 9 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 12:4.2.1-14.P1 - DoS due to processing certain regular expressions (CVE-2011-4539, #765681) * Fri Sep 30 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 12:4.2.1-13.P1 - 56dhclient: ifcfg file was not sourced (#742482) * Thu Sep 29 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 12:4.2.1-12.P1 - dhclient-script: address alias handling fixes from Scott Shambarger (#741786) -------------------------------------------------------------------------------- References: [ 1 ] Bug #761265 - CVE-2011-4539 dhcp: DoS due to processing certain regular expressions https://bugzilla.redhat.com/show_bug.cgi?id=761265 -------------------------------------------------------------------------------- ================================================================================ fbzx-2.7.0-1.fc15 (FEDORA-2011-16964) A ZX Spectrum emulator for FrameBuffer -------------------------------------------------------------------------------- Update Information: * Added 320x240 mode for tiny devices * Now remembers again the last mode (48K, 128K...) * ULAPlus support * Allows to go to submenus from the HELP menu * Fixed a little bug when loading ROMs -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 9 2011 Andrea Musuruane <musuruan@xxxxxxxxx> 2.7.0-1 - Updated to new upstream release -------------------------------------------------------------------------------- ================================================================================ flac-1.2.1-8.fc15 (FEDORA-2011-16959) An encoder/decoder for the Free Lossless Audio Codec -------------------------------------------------------------------------------- Update Information: Fix FTBFS -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 9 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 1.2.1-8 - Rebuild to fix FTBFS * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ jasper-1.900.1-18.fc15 (FEDORA-2011-16955) Implementation of the JPEG-2000 standard, Part 1 -------------------------------------------------------------------------------- Update Information: CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 9 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.900.1-18 - CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) (#765660) - Fixed problems found by static analysis of code (#761440) - spec file modernized -------------------------------------------------------------------------------- References: [ 1 ] Bug #747726 - CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) https://bugzilla.redhat.com/show_bug.cgi?id=747726 -------------------------------------------------------------------------------- ================================================================================ lcgdm-1.8.2-1.fc15 (FEDORA-2011-16972) LHC Computing Grid Data Management -------------------------------------------------------------------------------- Update Information: New upstream version. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 6 2011 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1.8.2-1 - Update to version 1.8.2 -------------------------------------------------------------------------------- ================================================================================ mysql-workbench-5.2.36-1.fc15 (FEDORA-2011-16997) A MySQL visual database modeling, administration and querying tool -------------------------------------------------------------------------------- Update Information: Changes in MySQL Workbench 5.2.36: http://dev.mysql.com/doc/workbench/en/wb-news-5-2-36.html -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 10 2011 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.2.36-1 - update to 5.2.36 Community (OSS) Edition (GPL) http://dev.mysql.com/doc/workbench/en/wb-news-5-2-36.html - mysql-utilities 1.0.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #760074 - mysql-workbench-5.2.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=760074 -------------------------------------------------------------------------------- ================================================================================ qgis-1.7.3-1.fc15 (FEDORA-2011-16979) A user friendly Open Source Geographic Information System -------------------------------------------------------------------------------- Update Information: New upstream release Please see CHANGELOG for a list of improvements! This build also solves the SIP problem in F15, causing Python support to fail with 1.7.1 and 1.7.2. Over 30 bugfixes and improvements, see CHANGELOG file Over 30 bugfixes and improvements, see CHANGELOG file -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 10 2011 Volker Fröhlich <volker27@xxxxxx> - 1.7.3-1 - Update for new release - Is also the rebuild for BZ#761147 - Arch-specifically require the base package * Tue Nov 15 2011 Volker Fröhlich <volker27@xxxxxx> - 1.7.2-1 - Updated for new release - No more themes directory - Remove dispensable geo-referencing patch * Sun Oct 16 2011 Volker Fröhlich <volker27@xxxxxx> - 1.7.1-2 - Findlang doesn't recognize sr@latin in Fedora 14 and older - Build with system-wide spatialindex - Remove if structures intended for EPEL package Due to the rapid development in QGIS and the libraries it uses, QGIS will not go to EPEL now; ELGIS provides rebuilds with more current versions: http://elgis.argeo.org/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #761147 - QGIS-Python plugins don't work https://bugzilla.redhat.com/show_bug.cgi?id=761147 -------------------------------------------------------------------------------- ================================================================================ snap-0.5-7.fc15 (FEDORA-2011-16991) A modular system backup/restore utility -------------------------------------------------------------------------------- Update Information: initial import of snap -------------------------------------------------------------------------------- References: [ 1 ] Bug #755890 - Review Request: snap A modular cross-platform system backup/restore utility https://bugzilla.redhat.com/show_bug.cgi?id=755890 -------------------------------------------------------------------------------- ================================================================================ sugar-speak-35-1.fc15 (FEDORA-2011-16999) Speak for Sugar -------------------------------------------------------------------------------- Update Information: Release 35 -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 10 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 35-1 - New 35 release * Sat Oct 8 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 34-1 - New 34 release -------------------------------------------------------------------------------- ================================================================================ tecnoballz-0.92-11.fc15 (FEDORA-2011-16989) A Brick Busting game -------------------------------------------------------------------------------- Update Information: Use tinyxml system library -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 26 2011 Andrea Musuruane <musuruan@xxxxxxxxx> 0.92-11 - use tinyxml system library (patch from Debian) - fix configure.ac and Makefile.am to include missing files (patches from Debian) - fix dependencies in configure.ac -------------------------------------------------------------------------------- ================================================================================ xfce-utils-4.8.3-2.fc15 (FEDORA-2011-16967) Utilities for the Xfce Desktop Environment -------------------------------------------------------------------------------- Update Information: Fixes an issue where gnome logins would re-run the xfce 4.6 to 4.8 migration tool, possibly overwriting users settings. -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 9 2011 Kevin Fenzi <kevin@xxxxxxxxx> - 4.8.3-2 - Stop gnome from running 4.6 migration on gnome logins. Fixes bug #760621 -------------------------------------------------------------------------------- References: [ 1 ] Bug #760621 - xfconf-migration restores old settings https://bugzilla.redhat.com/show_bug.cgi?id=760621 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2011.12.08-1.fc15 (FEDORA-2011-16965) Small command-line program to download videos from YouTube -------------------------------------------------------------------------------- Update Information: Update to new release with several bugfixes as the bug list show. -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 10 2011 Till Maas <opensource@xxxxxxxxx> - 2011.12.08-1 - Update to new release * Thu Dec 8 2011 Till Maas <opensource@xxxxxxxxx> - 2011.11.23-1 - Update to new release (fixed Red Hat Bug #758679) -------------------------------------------------------------------------------- References: [ 1 ] Bug #680855 - [abrt] youtube-dl-2011.01.30-1.fc14: youtube-dl:403:to_stderr:IOError: [Errno 5] Input/output error https://bugzilla.redhat.com/show_bug.cgi?id=680855 [ 2 ] Bug #721172 - [abrt] youtube-dl-2011.01.30-2.fc15: youtube-dl:403:to_stderr:IOError: [Errno 5] Input/output error https://bugzilla.redhat.com/show_bug.cgi?id=721172 [ 3 ] Bug #739391 - [abrt] youtube-dl-2011.08.04-1.fc15: youtube-dl:404:to_stderr:IOError: [Errno 5] Input/output error https://bugzilla.redhat.com/show_bug.cgi?id=739391 [ 4 ] Bug #755915 - youtube-dl-2011.12.08 is available https://bugzilla.redhat.com/show_bug.cgi?id=755915 [ 5 ] Bug #730447 - [abrt] youtube-dl-2011.08.04-1.fc14: youtube-dl:1085:<genexpr>:KeyError: 'url' https://bugzilla.redhat.com/show_bug.cgi?id=730447 [ 6 ] Bug #758679 - [abrt] youtube-dl-2011.10.19-1.fc15: youtube-dl:727:process_info:UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1: ordinal not in range(128) https://bugzilla.redhat.com/show_bug.cgi?id=758679 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test