The following Fedora 15 Security updates need testing: https://admin.fedoraproject.org/updates/FEDORA-2011-15560/nss-3.12.10-7.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16284/krb5-1.9.2-4.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17492/krb5-appl-1.0.1-8.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17559/zabbix-1.8.10-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17546/pidgin-2.10.1-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16893/freeipa-2.1.4-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17551/ruby-1.8.7.357-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17384/kernel-2.6.41.6-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16955/jasper-1.900.1-18.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16976/dhcp-4.2.1-14.P1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16980/asterisk-1.8.7.2-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17341/python-virtualenv-1.7-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17337/unbound-1.4.14-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17370/phpMyAdmin-3.4.9-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17388/libguestfs-1.10.12-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17399/nspr-4.8.9-2.fc15,nss-softokn-3.13.1-14.fc15,nss-util-3.13.1-3.fc15,nss-3.13.1-9.fc15,thunderbird-lightning-1.1-0.1.rc1.fc15,thunderbird-9.0-4.fc15,gnome-python2-extras-2.25.3-35.fc15.4,perl-Gtk2-MozEmbed-0.09-1.fc15.8,firefox-9.0.1-1.fc15,xulrunner-9.0.1-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17071/ipmitool-1.8.11-7.fc15 The following Fedora 15 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/FEDORA-2011-17565/qt-4.7.4-8.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17427/libxfce4ui-4.8.1-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17415/xfconf-4.8.1-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17384/kernel-2.6.41.6-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17325/gdb-7.3.1-47.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17399/nspr-4.8.9-2.fc15,nss-softokn-3.13.1-14.fc15,nss-util-3.13.1-3.fc15,nss-3.13.1-9.fc15,thunderbird-lightning-1.1-0.1.rc1.fc15,thunderbird-9.0-4.fc15,gnome-python2-extras-2.25.3-35.fc15.4,perl-Gtk2-MozEmbed-0.09-1.fc15.8,firefox-9.0.1-1.fc15,xulrunner-9.0.1-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17275/xfwm4-4.8.3-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17214/libical-0.48-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17171/mcpp-2.7.2-6.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17145/xorg-x11-server-1.10.4-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17007/polkit-qt-0.103.0-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-13190/phonon-backend-gstreamer-4.5.90-2.fc15,phonon-4.5.57-1.20110914.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-11955/evolution-mapi-3.0.3-2.fc15,evolution-exchange-3.0.3-1.fc15,evolution-3.0.3-1.fc15,evolution-data-server-3.0.3-1.fc15,gtkhtml3-4.0.2-1.fc15 The following builds have been pushed to Fedora 15 updates-testing abi-compliance-checker-1.96.1-1.fc15 audex-0.74-0.1.beta1.fc15 drupal7-advanced_help-1.0-1.fc15 drupal7-features-1.0-0.2.beta5.fc15 ejabberd-2.1.10-1.fc15 ferm-2.1-1.fc15 ghc-chalmers-lava2000-1.1.2-1.fc15 libcddb-1.3.2-7.fc15 pidgin-2.10.1-1.fc15 pvm-3.4.6-1.fc15 qt-4.7.4-8.fc15 ruby-1.8.7.357-1.fc15 rxvt-unicode-9.14-1.fc15 vim-latex-1.8.23-5.20110214.1049.git089726a.fc15 zabbix-1.8.10-1.fc15 Details about builds: ================================================================================ abi-compliance-checker-1.96.1-1.fc15 (FEDORA-2011-17554) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: Update to 1.96.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 20 2011 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.96.1-1 - Update to 1.96.1. - Fixes false positive: http://forge.ispras.ru/issues/2097 * Wed Dec 7 2011 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.95.13-1 - Updated to 1.95.13. -------------------------------------------------------------------------------- ================================================================================ audex-0.74-0.1.beta1.fc15 (FEDORA-2011-17549) Audio ripper -------------------------------------------------------------------------------- Update Information: Newest beta version, fixes various smaller bugs of the last beta release. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 29 2011 Roland Wolters <wolters.liste@xxxxxxx> 0.74-0.1.beta1 - Rebuilt for 0.74-0.1.beta1 -------------------------------------------------------------------------------- ================================================================================ drupal7-advanced_help-1.0-1.fc15 (FEDORA-2011-17533) Allows module developers to store their help outside the module system in html -------------------------------------------------------------------------------- Update Information: Updated to 1.0. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ drupal7-features-1.0-0.2.beta5.fc15 (FEDORA-2011-17550) Provides feature management for Drupal -------------------------------------------------------------------------------- Update Information: New upstream version. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ ejabberd-2.1.10-1.fc15 (FEDORA-2011-17534) A distributed, fault-tolerant Jabber/XMPP server -------------------------------------------------------------------------------- Update Information: - Ver. 2.1.10 - Works with systemd -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 28 2011 Peter Lemenkov <lemenkov@xxxxxxxxx> - 2.1.10-1 - Ver. 2.1.10 - Works with systemd (closes rhbz #767793) * Sun Dec 18 2011 Dan Horák <dan[at]danny.cz> - 2.1.9-2 - pdf docs require hevea, they are not prebuilt -------------------------------------------------------------------------------- References: [ 1 ] Bug #767793 - Provide native systemd service https://bugzilla.redhat.com/show_bug.cgi?id=767793 -------------------------------------------------------------------------------- ================================================================================ ferm-2.1-1.fc15 (FEDORA-2011-17544) For Easy Rule Making -------------------------------------------------------------------------------- Update Information: Update to new 2.1 version. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 28 2011 Pavel Alexeev <Pahan@xxxxxxxxxxxxx> - 2.1-1 - New version (update request: bz#769050) -------------------------------------------------------------------------------- References: [ 1 ] Bug #769050 - Ferm 2.1 has been released 17 Jul 2011 https://bugzilla.redhat.com/show_bug.cgi?id=769050 -------------------------------------------------------------------------------- ================================================================================ ghc-chalmers-lava2000-1.1.2-1.fc15 (FEDORA-2011-17543) Haskell chalmers-lava2000 library -------------------------------------------------------------------------------- Update Information: Updated to 1.1.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 29 2011 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 1.1.2-1 - Updated to use cabal2spec-0.24.1. - Updated to 1.1.2. * Thu Oct 20 2011 Marcela Mašláňová <mmaslano@xxxxxxxxxx> - 1.1.1-12.2 - rebuild with new gmp without compat lib * Tue Oct 11 2011 Peter Schiffer <pschiffe@xxxxxxxxxx> - 1.1.1-12.1 - rebuild with new gmp * Fri Jun 24 2011 Jens Petersen <petersen@xxxxxxxxxx> - 1.1.1-12 - BR ghc-Cabal-devel instead of ghc-prof and use ghc_arches (cabal2spec-0.23.2) -------------------------------------------------------------------------------- ================================================================================ libcddb-1.3.2-7.fc15 (FEDORA-2011-17535) Library (C API) for accessing CDDB servers -------------------------------------------------------------------------------- Update Information: Fix DNS timeout handler causing an abort due to longjmp from a signal handler and FORTIFY_SOURCE not liking each other. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 29 2011 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.3.2-7 - Fix DNS timeout handler causing an abort due to longjmp and FORTIFY_SOURCE from a signal handler not liking each other (rhbz#770611) * Sun Nov 20 2011 Adrian Reber <adrian@xxxxxxxx> 1.3.2-6 - Rebuilt for new libcdio -------------------------------------------------------------------------------- References: [ 1 ] Bug #770611 - [abrt] audacious-2.5.4-1.fc15: cdaudio-ng: longjmp causes uninitialized stack frame https://bugzilla.redhat.com/show_bug.cgi?id=770611 -------------------------------------------------------------------------------- ================================================================================ pidgin-2.10.1-1.fc15 (FEDORA-2011-17546) A Gtk+ based multiprotocol instant messaging client -------------------------------------------------------------------------------- Update Information: New release 2.10.1 Full Upstream ChangeLog: http://developer.pidgin.im/wiki/ChangeLog -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 29 2011 Stu Tomlinson <stu@xxxxxxxxxxxxx> 2.10.1-1 - 2.10.1, includes security fixes for CVE-2011-3594, CVE-2011-4601, CVE-2011-4602, CVE-2011-4603 * Mon Nov 28 2011 Milan Crha <mcrha@xxxxxxxxxx> 2.10.0-5 - Rebuild against newer evolution-data-server * Sun Oct 30 2011 Bruno Wolff III <bruno@xxxxxxxx> 2.10.0-4 - Rebuild against newer evolution-data-server * Tue Aug 30 2011 Milan Crha <mcrha@xxxxxxxxxx> 2.10.0-3 - Sync version with f16 branch * Mon Aug 29 2011 Milan Crha <mcrha@xxxxxxxxxx> 2.10.0-2 - Rebuild against newer evolution-data-server -------------------------------------------------------------------------------- References: [ 1 ] Bug #761517 - CVE-2011-4601 pidgin (libpurple): Invalid UTF-8 string handling in OSCAR messages https://bugzilla.redhat.com/show_bug.cgi?id=761517 [ 2 ] Bug #761510 - CVE-2011-4602 pidgin: Multiple NULL pointer deference flaws by processing certain Jingle stanzas in the XMPP protocol plug-in https://bugzilla.redhat.com/show_bug.cgi?id=761510 [ 3 ] Bug #766446 - CVE-2011-4603 pidgin: SILC remote crash on channel messages https://bugzilla.redhat.com/show_bug.cgi?id=766446 [ 4 ] Bug #743481 - CVE-2011-3594 libpurple: invalid UTF-8 string handling in SILC messages https://bugzilla.redhat.com/show_bug.cgi?id=743481 [ 5 ] Bug #742450 - pidgin: Heap-based buffer overflow by processing certain SILC private messages https://bugzilla.redhat.com/show_bug.cgi?id=742450 -------------------------------------------------------------------------------- ================================================================================ pvm-3.4.6-1.fc15 (FEDORA-2011-17539) Libraries for distributed computing. -------------------------------------------------------------------------------- Update Information: Update to 3.4.6. -------------------------------------------------------------------------------- ================================================================================ qt-4.7.4-8.fc15 (FEDORA-2011-17565) Qt toolkit -------------------------------------------------------------------------------- Update Information: This build includes an upstream patch to address "closed windows stay in the taskbar sometimes, taskbar doesn't react on clicks", http://bugs.kde.org/275469 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 27 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.7.4-8 - filter event patch, an attempt to avoid "ghost entries in kde taskbar" problem -------------------------------------------------------------------------------- ================================================================================ ruby-1.8.7.357-1.fc15 (FEDORA-2011-17551) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information: A security flaw was found on the previous ruby that with some series of strings which was specially crafted to intentionally collide their hash values with each other, rails applications may fall into denial of services when such strings are used in HTTP requests (CVE-2011-4815). This new ruby will fix this issue. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 29 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.357-1 - Update to 1.8.7p357 - Randomize hash on process startup (CVE-2011-4815, bug 750564) * Fri Dec 23 2011 Dennis Gilmore <dennis@xxxxxxxx> - 1.8.7.352-2 - dont normalise arm cpus to arm - there is something weird about how ruby choses where to put bits * Wed Nov 16 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.352-3 - F-17: kill gdbm support for now due to licensing compatibility issue * Sat Oct 1 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.352-2 - F-17: rebuild against new gdbm -------------------------------------------------------------------------------- References: [ 1 ] Bug #750564 - CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003) https://bugzilla.redhat.com/show_bug.cgi?id=750564 -------------------------------------------------------------------------------- ================================================================================ rxvt-unicode-9.14-1.fc15 (FEDORA-2011-17545) Unicode version of rxvt -------------------------------------------------------------------------------- Update Information: * bg image operations overhaul * urxvtd default socket path is now $HOME/.urxvt/urxvtd-<nodename> * dropped libAfterImage support (deprecated) * various bugfixes -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 28 2011 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 9.14-1 - version ugprade - drop screen patch (upstream) - disable libAfterImage as it is deprecated -------------------------------------------------------------------------------- ================================================================================ vim-latex-1.8.23-5.20110214.1049.git089726a.fc15 (FEDORA-2011-17552) Tools to view, edit and compile LaTeX documents in Vim -------------------------------------------------------------------------------- Update Information: fix mismatch in spec file -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 29 2011 Mario Santagiuliana <mario@xxxxxxxxxxxxx> - 1.8.23-5.20110214.1049-git089726a - Review spec file - Fix changelog error -------------------------------------------------------------------------------- References: [ 1 ] Bug #451108 - Two "eth10" entries under HARDWARE tab https://bugzilla.redhat.com/show_bug.cgi?id=451108 -------------------------------------------------------------------------------- ================================================================================ zabbix-1.8.10-1.fc15 (FEDORA-2011-17559) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: - update to 1.8.10 - upstream changelog at http://www.zabbix.com/rn1.8.10.php -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 28 2011 Dan Horák <dan[at]danny.cz> - 1.8.10-1 - update to 1.8.10 (fixes CVE-2011-4615) -------------------------------------------------------------------------------- References: [ 1 ] Bug #768525 - CVE-2011-4615 zabbix: persistent XSS flaws in 1.8.x https://bugzilla.redhat.com/show_bug.cgi?id=768525 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test