The following Fedora 15 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2011-15560/nss-3.12.10-7.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-15006/kdeutils-4.6.5-3.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16859/perl-PAR-1.002-4.fc15,perl-PAR-Packer-1.008-4.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-14756/arora-0.11.0-3.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16282/ejabberd-2.1.9-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16234/dovecot-2.0.16-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16786/phpMyAdmin-3.4.8-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16284/krb5-1.9.2-4.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16893/freeipa-2.1.4-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16903/moodle-1.9.15-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16955/jasper-1.900.1-18.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16976/dhcp-4.2.1-14.P1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16980/asterisk-1.8.7.2-1.fc15
The following Fedora 15 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2011-16959/flac-1.2.1-8.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16967/xfce-utils-4.8.3-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16976/dhcp-4.2.1-14.P1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16955/jasper-1.900.1-18.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16923/mesa-7.11.2-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16858/phonon-4.5.1-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16872/xdg-utils-1.1.0-0.10.20111207.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16890/procmail-3.22-27.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16593/perl-Glib-1.241-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16540/python-slip-0.2.20-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16286/pcre-8.12-5.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16284/krb5-1.9.2-4.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-14053/glibc-2.14.1-1
https://admin.fedoraproject.org/updates/FEDORA-2011-13190/phonon-backend-gstreamer-4.5.90-2.fc15,phonon-4.5.57-1.20110914.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-11955/evolution-mapi-3.0.3-2.fc15,evolution-exchange-3.0.3-1.fc15,evolution-3.0.3-1.fc15,evolution-data-server-3.0.3-1.fc15,gtkhtml3-4.0.2-1.fc15
The following builds have been pushed to Fedora 15 updates-testing
asterisk-1.8.7.2-1.fc15
avr-libc-1.7.1-2.fc15
chmsee-1.99-0.7.6.git67a1b5f.fc15
chromaprint-0.5-4.fc15
cppcheck-1.52-1.fc15
dhcp-4.2.1-14.P1.fc15
fbzx-2.7.0-1.fc15
flac-1.2.1-8.fc15
jasper-1.900.1-18.fc15
lcgdm-1.8.2-1.fc15
mysql-workbench-5.2.36-1.fc15
qgis-1.7.3-1.fc15
snap-0.5-7.fc15
sugar-speak-35-1.fc15
tecnoballz-0.92-11.fc15
xfce-utils-4.8.3-2.fc15
youtube-dl-2011.12.08-1.fc15
Details about builds:
================================================================================
asterisk-1.8.7.2-1.fc15 (FEDORA-2011-16980)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced security releases for Asterisk 1.4,
1.6.2 and 1.8. The available security releases are released as versions 1.4.43,
1.6.2.21 and 1.8.7.2.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue
with possible remote enumeration of SIP endpoints with differing NAT settings.
The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash
possibility with SIP when the "automon" feature is enabled.
The issues and resolutions are described in the AST-2011-013 and AST-2011-014
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-013 and AST-2011-014, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.43
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.21
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.2
Security advisory AST-2011-013 is available at:
* http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
Security advisory AST-2011-014 is available at:
* http://downloads.asterisk.org/pub/security/AST-2011-014.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 9 2011 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 1.8.7.2-1
- The Asterisk Development Team has announced security releases for Asterisk 1.4,
- 1.6.2 and 1.8. The available security releases are released as versions 1.4.43,
- 1.6.2.21 and 1.8.7.2.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue
- with possible remote enumeration of SIP endpoints with differing NAT settings.
-
- The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash
- possibility with SIP when the "automon" feature is enabled.
-
- The issues and resolutions are described in the AST-2011-013 and AST-2011-014
- security advisories.
-
- For more information about the details of these vulnerabilities, please read the
- security advisories AST-2011-013 and AST-2011-014, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.43
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.21
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.2
-
- Security advisory AST-2011-013 is available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
-
- Security advisory AST-2011-014 is available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2011-014.pdf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #765773 - CVE-2011-4597 asterisk: Possible to enumerate SIP usernames when general and user/peer NAT settings differed (AST-2011-013)
https://bugzilla.redhat.com/show_bug.cgi?id=765773
[ 2 ] Bug #765776 - CVE-2011-4598 asterisk: NULL pointer dereference (crash) when processing INFO automon message with no channel (AST-2011-014)
https://bugzilla.redhat.com/show_bug.cgi?id=765776
--------------------------------------------------------------------------------
================================================================================
avr-libc-1.7.1-2.fc15 (FEDORA-2011-16954)
C library for use with GCC on Atmel AVR microcontrollers
--------------------------------------------------------------------------------
Update Information:
- Re-add PDF and HTML docs in the -doc package
- Manpages will be re-added soon
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 7 2011 Thibault North <tnorth@xxxxxxxxxxxxxxxxx> 1.7.1-2
- Add html and pdf docs
--------------------------------------------------------------------------------
================================================================================
chmsee-1.99-0.7.6.git67a1b5f.fc15 (FEDORA-2011-16978)
HTML Help viewer for Unix/Linux
--------------------------------------------------------------------------------
Update Information:
rebuild to match xulrunner version
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 10 2011 bbbush <bbbush.yuan@xxxxxxxxx> - 1.99-0.7.6.git67a1b5f
- update to a snapshot
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #761404 - Incompatible version of Firefox...
https://bugzilla.redhat.com/show_bug.cgi?id=761404
--------------------------------------------------------------------------------
================================================================================
chromaprint-0.5-4.fc15 (FEDORA-2011-16961)
Library implementing the AcoustID fingerprinting
--------------------------------------------------------------------------------
Update Information:
newpackage
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #755066 - Review Request: chromaprint - Library implementing the AcoustID fingerprinting
https://bugzilla.redhat.com/show_bug.cgi?id=755066
--------------------------------------------------------------------------------
================================================================================
cppcheck-1.52-1.fc15 (FEDORA-2011-16986)
Tool for static C/C++ code analysis
--------------------------------------------------------------------------------
Update Information:
Update to newest stable release, see details at http://sourceforge.net/apps/trac/cppcheck/milestone/1.52.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 11 2011 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.52-1
- Update to 1.52.
* Wed Oct 26 2011 Ville Skyttä <ville.skytta@xxxxxx> - 1.51-2
- Include man page and more other docs.
- Build with $RPM_LD_FLAGS.
- Improve summary and description.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #766259 - cppcheck-1.52 is available
https://bugzilla.redhat.com/show_bug.cgi?id=766259
--------------------------------------------------------------------------------
================================================================================
dhcp-4.2.1-14.P1.fc15 (FEDORA-2011-16976)
Dynamic host configuration protocol software
--------------------------------------------------------------------------------
Update Information:
CVE-2011-4539 dhcpd: DoS due to processing certain regular expressions
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 9 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 12:4.2.1-14.P1
- DoS due to processing certain regular expressions (CVE-2011-4539, #765681)
* Fri Sep 30 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 12:4.2.1-13.P1
- 56dhclient: ifcfg file was not sourced (#742482)
* Thu Sep 29 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 12:4.2.1-12.P1
- dhclient-script: address alias handling fixes from Scott Shambarger (#741786)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #761265 - CVE-2011-4539 dhcp: DoS due to processing certain regular expressions
https://bugzilla.redhat.com/show_bug.cgi?id=761265
--------------------------------------------------------------------------------
================================================================================
fbzx-2.7.0-1.fc15 (FEDORA-2011-16964)
A ZX Spectrum emulator for FrameBuffer
--------------------------------------------------------------------------------
Update Information:
* Added 320x240 mode for tiny devices
* Now remembers again the last mode (48K, 128K...)
* ULAPlus support
* Allows to go to submenus from the HELP menu
* Fixed a little bug when loading ROMs
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 9 2011 Andrea Musuruane <musuruan@xxxxxxxxx> 2.7.0-1
- Updated to new upstream release
--------------------------------------------------------------------------------
================================================================================
flac-1.2.1-8.fc15 (FEDORA-2011-16959)
An encoder/decoder for the Free Lossless Audio Codec
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 9 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 1.2.1-8
- Rebuild to fix FTBFS
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
jasper-1.900.1-18.fc15 (FEDORA-2011-16955)
Implementation of the JPEG-2000 standard, Part 1
--------------------------------------------------------------------------------
Update Information:
CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 9 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.900.1-18
- CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws
lead to arbitrary code execution (CERT VU#887409) (#765660)
- Fixed problems found by static analysis of code (#761440)
- spec file modernized
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #747726 - CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
https://bugzilla.redhat.com/show_bug.cgi?id=747726
--------------------------------------------------------------------------------
================================================================================
lcgdm-1.8.2-1.fc15 (FEDORA-2011-16972)
LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:
New upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 6 2011 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1.8.2-1
- Update to version 1.8.2
--------------------------------------------------------------------------------
================================================================================
mysql-workbench-5.2.36-1.fc15 (FEDORA-2011-16997)
A MySQL visual database modeling, administration and querying tool
--------------------------------------------------------------------------------
Update Information:
Changes in MySQL Workbench 5.2.36:
http://dev.mysql.com/doc/workbench/en/wb-news-5-2-36.html
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 10 2011 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.2.36-1
- update to 5.2.36 Community (OSS) Edition (GPL)
http://dev.mysql.com/doc/workbench/en/wb-news-5-2-36.html
- mysql-utilities 1.0.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #760074 - mysql-workbench-5.2.36 is available
https://bugzilla.redhat.com/show_bug.cgi?id=760074
--------------------------------------------------------------------------------
================================================================================
qgis-1.7.3-1.fc15 (FEDORA-2011-16979)
A user friendly Open Source Geographic Information System
--------------------------------------------------------------------------------
Update Information:
New upstream release
Please see CHANGELOG for a list of improvements!
This build also solves the SIP problem in F15, causing Python support to fail with 1.7.1 and 1.7.2.
Over 30 bugfixes and improvements, see CHANGELOG file
Over 30 bugfixes and improvements, see CHANGELOG file
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 10 2011 Volker Fröhlich <volker27@xxxxxx> - 1.7.3-1
- Update for new release
- Is also the rebuild for BZ#761147
- Arch-specifically require the base package
* Tue Nov 15 2011 Volker Fröhlich <volker27@xxxxxx> - 1.7.2-1
- Updated for new release
- No more themes directory
- Remove dispensable geo-referencing patch
* Sun Oct 16 2011 Volker Fröhlich <volker27@xxxxxx> - 1.7.1-2
- Findlang doesn't recognize sr@latin in Fedora 14 and older
- Build with system-wide spatialindex
- Remove if structures intended for EPEL package
Due to the rapid development in QGIS and the libraries it uses,
QGIS will not go to EPEL now; ELGIS provides rebuilds with more
current versions: http://elgis.argeo.org/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #761147 - QGIS-Python plugins don't work
https://bugzilla.redhat.com/show_bug.cgi?id=761147
--------------------------------------------------------------------------------
================================================================================
snap-0.5-7.fc15 (FEDORA-2011-16991)
A modular system backup/restore utility
--------------------------------------------------------------------------------
Update Information:
initial import of snap
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #755890 - Review Request: snap A modular cross-platform system backup/restore utility
https://bugzilla.redhat.com/show_bug.cgi?id=755890
--------------------------------------------------------------------------------
================================================================================
sugar-speak-35-1.fc15 (FEDORA-2011-16999)
Speak for Sugar
--------------------------------------------------------------------------------
Update Information:
Release 35
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 10 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 35-1
- New 35 release
* Sat Oct 8 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 34-1
- New 34 release
--------------------------------------------------------------------------------
================================================================================
tecnoballz-0.92-11.fc15 (FEDORA-2011-16989)
A Brick Busting game
--------------------------------------------------------------------------------
Update Information:
Use tinyxml system library
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 26 2011 Andrea Musuruane <musuruan@xxxxxxxxx> 0.92-11
- use tinyxml system library (patch from Debian)
- fix configure.ac and Makefile.am to include missing files (patches from
Debian)
- fix dependencies in configure.ac
--------------------------------------------------------------------------------
================================================================================
xfce-utils-4.8.3-2.fc15 (FEDORA-2011-16967)
Utilities for the Xfce Desktop Environment
--------------------------------------------------------------------------------
Update Information:
Fixes an issue where gnome logins would re-run the xfce 4.6 to 4.8 migration tool, possibly overwriting users settings.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 9 2011 Kevin Fenzi <kevin@xxxxxxxxx> - 4.8.3-2
- Stop gnome from running 4.6 migration on gnome logins. Fixes bug #760621
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #760621 - xfconf-migration restores old settings
https://bugzilla.redhat.com/show_bug.cgi?id=760621
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2011.12.08-1.fc15 (FEDORA-2011-16965)
Small command-line program to download videos from YouTube
--------------------------------------------------------------------------------
Update Information:
Update to new release with several bugfixes as the bug list show.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 10 2011 Till Maas <opensource@xxxxxxxxx> - 2011.12.08-1
- Update to new release
* Thu Dec 8 2011 Till Maas <opensource@xxxxxxxxx> - 2011.11.23-1
- Update to new release (fixed Red Hat Bug #758679)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680855 - [abrt] youtube-dl-2011.01.30-1.fc14: youtube-dl:403:to_stderr:IOError: [Errno 5] Input/output error
https://bugzilla.redhat.com/show_bug.cgi?id=680855
[ 2 ] Bug #721172 - [abrt] youtube-dl-2011.01.30-2.fc15: youtube-dl:403:to_stderr:IOError: [Errno 5] Input/output error
https://bugzilla.redhat.com/show_bug.cgi?id=721172
[ 3 ] Bug #739391 - [abrt] youtube-dl-2011.08.04-1.fc15: youtube-dl:404:to_stderr:IOError: [Errno 5] Input/output error
https://bugzilla.redhat.com/show_bug.cgi?id=739391
[ 4 ] Bug #755915 - youtube-dl-2011.12.08 is available
https://bugzilla.redhat.com/show_bug.cgi?id=755915
[ 5 ] Bug #730447 - [abrt] youtube-dl-2011.08.04-1.fc14: youtube-dl:1085:<genexpr>:KeyError: 'url'
https://bugzilla.redhat.com/show_bug.cgi?id=730447
[ 6 ] Bug #758679 - [abrt] youtube-dl-2011.10.19-1.fc15: youtube-dl:727:process_info:UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1: ordinal not in range(128)
https://bugzilla.redhat.com/show_bug.cgi?id=758679
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
