The following Fedora 15 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2011-15560/nss-3.12.10-7.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16284/krb5-1.9.2-4.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17492/krb5-appl-1.0.1-8.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17559/zabbix-1.8.10-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17546/pidgin-2.10.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16893/freeipa-2.1.4-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17551/ruby-1.8.7.357-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17384/kernel-2.6.41.6-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16955/jasper-1.900.1-18.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16976/dhcp-4.2.1-14.P1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-16980/asterisk-1.8.7.2-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17341/python-virtualenv-1.7-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17337/unbound-1.4.14-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17370/phpMyAdmin-3.4.9-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17388/libguestfs-1.10.12-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17399/nspr-4.8.9-2.fc15,nss-softokn-3.13.1-14.fc15,nss-util-3.13.1-3.fc15,nss-3.13.1-9.fc15,thunderbird-lightning-1.1-0.1.rc1.fc15,thunderbird-9.0-4.fc15,gnome-python2-extras-2.25.3-35.fc15.4,perl-Gtk2-MozEmbed-0.09-1.fc15.8,firefox-9.0.1-1.fc15,xulrunner-9.0.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17071/ipmitool-1.8.11-7.fc15
The following Fedora 15 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2011-17565/qt-4.7.4-8.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17427/libxfce4ui-4.8.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17415/xfconf-4.8.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17384/kernel-2.6.41.6-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17325/gdb-7.3.1-47.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17399/nspr-4.8.9-2.fc15,nss-softokn-3.13.1-14.fc15,nss-util-3.13.1-3.fc15,nss-3.13.1-9.fc15,thunderbird-lightning-1.1-0.1.rc1.fc15,thunderbird-9.0-4.fc15,gnome-python2-extras-2.25.3-35.fc15.4,perl-Gtk2-MozEmbed-0.09-1.fc15.8,firefox-9.0.1-1.fc15,xulrunner-9.0.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17275/xfwm4-4.8.3-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17214/libical-0.48-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17171/mcpp-2.7.2-6.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17145/xorg-x11-server-1.10.4-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17007/polkit-qt-0.103.0-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-13190/phonon-backend-gstreamer-4.5.90-2.fc15,phonon-4.5.57-1.20110914.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-11955/evolution-mapi-3.0.3-2.fc15,evolution-exchange-3.0.3-1.fc15,evolution-3.0.3-1.fc15,evolution-data-server-3.0.3-1.fc15,gtkhtml3-4.0.2-1.fc15
The following builds have been pushed to Fedora 15 updates-testing
abi-compliance-checker-1.96.1-1.fc15
audex-0.74-0.1.beta1.fc15
drupal7-advanced_help-1.0-1.fc15
drupal7-features-1.0-0.2.beta5.fc15
ejabberd-2.1.10-1.fc15
ferm-2.1-1.fc15
ghc-chalmers-lava2000-1.1.2-1.fc15
libcddb-1.3.2-7.fc15
pidgin-2.10.1-1.fc15
pvm-3.4.6-1.fc15
qt-4.7.4-8.fc15
ruby-1.8.7.357-1.fc15
rxvt-unicode-9.14-1.fc15
vim-latex-1.8.23-5.20110214.1049.git089726a.fc15
zabbix-1.8.10-1.fc15
Details about builds:
================================================================================
abi-compliance-checker-1.96.1-1.fc15 (FEDORA-2011-17554)
An ABI Compliance Checker
--------------------------------------------------------------------------------
Update Information:
Update to 1.96.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2011 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.96.1-1
- Update to 1.96.1.
- Fixes false positive: http://forge.ispras.ru/issues/2097
* Wed Dec 7 2011 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.95.13-1
- Updated to 1.95.13.
--------------------------------------------------------------------------------
================================================================================
audex-0.74-0.1.beta1.fc15 (FEDORA-2011-17549)
Audio ripper
--------------------------------------------------------------------------------
Update Information:
Newest beta version, fixes various smaller bugs of the last beta release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Roland Wolters <wolters.liste@xxxxxxx> 0.74-0.1.beta1
- Rebuilt for 0.74-0.1.beta1
--------------------------------------------------------------------------------
================================================================================
drupal7-advanced_help-1.0-1.fc15 (FEDORA-2011-17533)
Allows module developers to store their help outside the module system in html
--------------------------------------------------------------------------------
Update Information:
Updated to 1.0.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
drupal7-features-1.0-0.2.beta5.fc15 (FEDORA-2011-17550)
Provides feature management for Drupal
--------------------------------------------------------------------------------
Update Information:
New upstream version.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
ejabberd-2.1.10-1.fc15 (FEDORA-2011-17534)
A distributed, fault-tolerant Jabber/XMPP server
--------------------------------------------------------------------------------
Update Information:
- Ver. 2.1.10
- Works with systemd
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Peter Lemenkov <lemenkov@xxxxxxxxx> - 2.1.10-1
- Ver. 2.1.10
- Works with systemd (closes rhbz #767793)
* Sun Dec 18 2011 Dan Horák <dan[at]danny.cz> - 2.1.9-2
- pdf docs require hevea, they are not prebuilt
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #767793 - Provide native systemd service
https://bugzilla.redhat.com/show_bug.cgi?id=767793
--------------------------------------------------------------------------------
================================================================================
ferm-2.1-1.fc15 (FEDORA-2011-17544)
For Easy Rule Making
--------------------------------------------------------------------------------
Update Information:
Update to new 2.1 version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Pavel Alexeev <Pahan@xxxxxxxxxxxxx> - 2.1-1
- New version (update request: bz#769050)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #769050 - Ferm 2.1 has been released 17 Jul 2011
https://bugzilla.redhat.com/show_bug.cgi?id=769050
--------------------------------------------------------------------------------
================================================================================
ghc-chalmers-lava2000-1.1.2-1.fc15 (FEDORA-2011-17543)
Haskell chalmers-lava2000 library
--------------------------------------------------------------------------------
Update Information:
Updated to 1.1.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 1.1.2-1
- Updated to use cabal2spec-0.24.1.
- Updated to 1.1.2.
* Thu Oct 20 2011 Marcela Mašláňová <mmaslano@xxxxxxxxxx> - 1.1.1-12.2
- rebuild with new gmp without compat lib
* Tue Oct 11 2011 Peter Schiffer <pschiffe@xxxxxxxxxx> - 1.1.1-12.1
- rebuild with new gmp
* Fri Jun 24 2011 Jens Petersen <petersen@xxxxxxxxxx> - 1.1.1-12
- BR ghc-Cabal-devel instead of ghc-prof and use ghc_arches (cabal2spec-0.23.2)
--------------------------------------------------------------------------------
================================================================================
libcddb-1.3.2-7.fc15 (FEDORA-2011-17535)
Library (C API) for accessing CDDB servers
--------------------------------------------------------------------------------
Update Information:
Fix DNS timeout handler causing an abort due to longjmp from a signal handler and FORTIFY_SOURCE not liking each other.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.3.2-7
- Fix DNS timeout handler causing an abort due to longjmp and
FORTIFY_SOURCE from a signal handler not liking each other (rhbz#770611)
* Sun Nov 20 2011 Adrian Reber <adrian@xxxxxxxx> 1.3.2-6
- Rebuilt for new libcdio
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #770611 - [abrt] audacious-2.5.4-1.fc15: cdaudio-ng: longjmp causes uninitialized stack frame
https://bugzilla.redhat.com/show_bug.cgi?id=770611
--------------------------------------------------------------------------------
================================================================================
pidgin-2.10.1-1.fc15 (FEDORA-2011-17546)
A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:
New release 2.10.1
Full Upstream ChangeLog:
http://developer.pidgin.im/wiki/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Stu Tomlinson <stu@xxxxxxxxxxxxx> 2.10.1-1
- 2.10.1, includes security fixes for CVE-2011-3594, CVE-2011-4601,
CVE-2011-4602, CVE-2011-4603
* Mon Nov 28 2011 Milan Crha <mcrha@xxxxxxxxxx> 2.10.0-5
- Rebuild against newer evolution-data-server
* Sun Oct 30 2011 Bruno Wolff III <bruno@xxxxxxxx> 2.10.0-4
- Rebuild against newer evolution-data-server
* Tue Aug 30 2011 Milan Crha <mcrha@xxxxxxxxxx> 2.10.0-3
- Sync version with f16 branch
* Mon Aug 29 2011 Milan Crha <mcrha@xxxxxxxxxx> 2.10.0-2
- Rebuild against newer evolution-data-server
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #761517 - CVE-2011-4601 pidgin (libpurple): Invalid UTF-8 string handling in OSCAR messages
https://bugzilla.redhat.com/show_bug.cgi?id=761517
[ 2 ] Bug #761510 - CVE-2011-4602 pidgin: Multiple NULL pointer deference flaws by processing certain Jingle stanzas in the XMPP protocol plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=761510
[ 3 ] Bug #766446 - CVE-2011-4603 pidgin: SILC remote crash on channel messages
https://bugzilla.redhat.com/show_bug.cgi?id=766446
[ 4 ] Bug #743481 - CVE-2011-3594 libpurple: invalid UTF-8 string handling in SILC messages
https://bugzilla.redhat.com/show_bug.cgi?id=743481
[ 5 ] Bug #742450 - pidgin: Heap-based buffer overflow by processing certain SILC private messages
https://bugzilla.redhat.com/show_bug.cgi?id=742450
--------------------------------------------------------------------------------
================================================================================
pvm-3.4.6-1.fc15 (FEDORA-2011-17539)
Libraries for distributed computing.
--------------------------------------------------------------------------------
Update Information:
Update to 3.4.6.
--------------------------------------------------------------------------------
================================================================================
qt-4.7.4-8.fc15 (FEDORA-2011-17565)
Qt toolkit
--------------------------------------------------------------------------------
Update Information:
This build includes an upstream patch to address "closed windows stay in the taskbar sometimes, taskbar doesn't react on clicks", http://bugs.kde.org/275469
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 27 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.7.4-8
- filter event patch, an attempt to avoid "ghost entries in kde taskbar" problem
--------------------------------------------------------------------------------
================================================================================
ruby-1.8.7.357-1.fc15 (FEDORA-2011-17551)
An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:
A security flaw was found on the previous ruby that with some series of strings which was specially crafted to intentionally collide their hash values with each other, rails applications may fall into denial of services when such strings are used in HTTP requests (CVE-2011-4815). This new ruby will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.357-1
- Update to 1.8.7p357
- Randomize hash on process startup (CVE-2011-4815, bug 750564)
* Fri Dec 23 2011 Dennis Gilmore <dennis@xxxxxxxx> - 1.8.7.352-2
- dont normalise arm cpus to arm
- there is something weird about how ruby choses where to put bits
* Wed Nov 16 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.352-3
- F-17: kill gdbm support for now due to licensing compatibility issue
* Sat Oct 1 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.352-2
- F-17: rebuild against new gdbm
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #750564 - CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
https://bugzilla.redhat.com/show_bug.cgi?id=750564
--------------------------------------------------------------------------------
================================================================================
rxvt-unicode-9.14-1.fc15 (FEDORA-2011-17545)
Unicode version of rxvt
--------------------------------------------------------------------------------
Update Information:
* bg image operations overhaul
* urxvtd default socket path is now $HOME/.urxvt/urxvtd-<nodename>
* dropped libAfterImage support (deprecated)
* various bugfixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 9.14-1
- version ugprade
- drop screen patch (upstream)
- disable libAfterImage as it is deprecated
--------------------------------------------------------------------------------
================================================================================
vim-latex-1.8.23-5.20110214.1049.git089726a.fc15 (FEDORA-2011-17552)
Tools to view, edit and compile LaTeX documents in Vim
--------------------------------------------------------------------------------
Update Information:
fix mismatch in spec file
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Mario Santagiuliana <mario@xxxxxxxxxxxxx> - 1.8.23-5.20110214.1049-git089726a
- Review spec file
- Fix changelog error
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #451108 - Two "eth10" entries under HARDWARE tab
https://bugzilla.redhat.com/show_bug.cgi?id=451108
--------------------------------------------------------------------------------
================================================================================
zabbix-1.8.10-1.fc15 (FEDORA-2011-17559)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
- update to 1.8.10
- upstream changelog at http://www.zabbix.com/rn1.8.10.php
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Dan Horák <dan[at]danny.cz> - 1.8.10-1
- update to 1.8.10 (fixes CVE-2011-4615)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #768525 - CVE-2011-4615 zabbix: persistent XSS flaws in 1.8.x
https://bugzilla.redhat.com/show_bug.cgi?id=768525
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
