The following Fedora 15 Security updates need testing: https://admin.fedoraproject.org/updates/FEDORA-2012-1077/wicd-1.7.0-11.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0888/curl-7.21.3-13.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0939/moodle-1.9.16-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0917/znc-0.204-3.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0916/bip-0.8.8-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0987/mysql-5.5.20-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0752/jetty-6.1.26-7.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0826/BackupPC-3.2.1-7.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0849/polipo-1.0.4.1-6.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-1066/ettercap-0.7.4-3.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0353/pdns-2.9.22.5-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-16980/asterisk-1.8.7.2-1.fc15 The following Fedora 15 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/FEDORA-2012-1097/nss-3.13.1-11.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-1068/systemd-26-15.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-1070/krb5-1.9.2-6.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-1085/gnupg-1.4.12-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0987/mysql-5.5.20-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0997/rsyslog-5.8.7-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0929/rpm-4.9.1.2-3.fc15.3 https://admin.fedoraproject.org/updates/FEDORA-2012-0943/system-config-printer-1.3.8-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0762/redhat-rpm-config-9.1.0-16.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-0659/virtuoso-opensource-6.1.4-4.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-13190/phonon-backend-gstreamer-4.5.90-2.fc15,phonon-4.5.57-1.20110914.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-11955/evolution-mapi-3.0.3-2.fc15,evolution-exchange-3.0.3-1.fc15,evolution-3.0.3-1.fc15,evolution-data-server-3.0.3-1.fc15,gtkhtml3-4.0.2-1.fc15 The following builds have been pushed to Fedora 15 updates-testing bacula-5.0.3-26.fc15 cherrytree-0.25.2-1.fc15 ettercap-0.7.4-3.fc15 glade3-3.10.0-3.fc15 gnupg-1.4.12-1.fc15 gpredict-1.3-4.fc15 ibus-hangul-1.4.0-2.fc15 jd-2.8.5-0.2.svn3993_trunk.fc15 krb5-1.9.2-6.fc15 mtpaint-3.40-1.fc15 nss-3.13.1-11.fc15 python-docutils-0.8.1-2.fc15 rt3-3.8.11-6.fc15 sevmgr-0.2.0-1.fc15 systemd-26-15.fc15 tcpflow-1.1.0-1.fc15 tudu-0.8.1-1.fc15 wicd-1.7.0-11.fc15 Details about builds: ================================================================================ bacula-5.0.3-26.fc15 (FEDORA-2012-1081) Cross platform network backup for Linux, Unix, Mac and Windows -------------------------------------------------------------------------------- Update Information: Correct license to AGPLv3, split off libs in separate backends and fix ldconfig/alternatives symlinks on removal of packages. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 30 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.0.3-26 - Fix ldconfig/alternatives symlinks on removal of packages. * Mon Jan 30 2012 Lukas Nykryn <lnykryn@xxxxxxxxxx> - 5.0.3-25 - Remove dependency on WxGTK in RHEL. * Fri Jan 27 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.0.3-24 - Correct license to AGPLv3. - Split off libs in separate backends. - Trim changelog for version <5.0.0. * Thu Jan 26 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.0.3-23 - Add ldconfig after setting up symlinks for libbacsql variants. -------------------------------------------------------------------------------- References: [ 1 ] Bug #784587 - Bacula director broken, trys to connect to postgresl when database is mysql https://bugzilla.redhat.com/show_bug.cgi?id=784587 -------------------------------------------------------------------------------- ================================================================================ cherrytree-0.25.2-1.fc15 (FEDORA-2012-1084) Hierarchical note taking application -------------------------------------------------------------------------------- Update Information: Upstream bugfix release -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 25 2012 Robin Lee <cheeselee@xxxxxxxxxxxxxxxxx> - 0.25.2-1 - Update to 0.25.2 -------------------------------------------------------------------------------- ================================================================================ ettercap-0.7.4-3.fc15 (FEDORA-2012-1066) Network traffic sniffer/analyser, NCURSES interface version -------------------------------------------------------------------------------- Update Information: New upstream, and patch for insecure global settings file. Restored RPM_OPT_FLAGS to build. New upstream, and patch for insecure global settings file. New upstream, and patch for insecure global settings file. New upstream, and patch for insecure global settings file. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 30 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 0.7.4-3 - RPM_OPT_FLAGS fix, BZ 785562. * Thu Jan 26 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 0.7.4-2 - Patch for CVE-2010-3843. * Thu Jan 26 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 0.7.4-1 - New upstream. Now BRs bison, flex. * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.3-40 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Dec 6 2011 Adam Jackson <ajax@xxxxxxxxxx> - 0.7.3-39 - Rebuild for new libpng -------------------------------------------------------------------------------- References: [ 1 ] Bug #643454 - CVE-2010-3843 ettercap: insecure global settings file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=643454 [ 2 ] Bug #783675 - Segfault in curses interface https://bugzilla.redhat.com/show_bug.cgi?id=783675 [ 3 ] Bug #659903 - Segmentation Fault on ettercap https://bugzilla.redhat.com/show_bug.cgi?id=659903 [ 4 ] Bug #785562 - ettercap 0.7.4-2 not built with $RPM_OPT_FLAGS https://bugzilla.redhat.com/show_bug.cgi?id=785562 -------------------------------------------------------------------------------- ================================================================================ glade3-3.10.0-3.fc15 (FEDORA-2012-1056) User Interface Designer for GTK+ and GNOME -------------------------------------------------------------------------------- Update Information: Fix devhelp dependency -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 30 2012 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 1:3.10.0-3 - Fix dependencies RHBZ 671592 and 604356 -------------------------------------------------------------------------------- References: [ 1 ] Bug #671592 - glade3-libgladeui should not depend on devhelp https://bugzilla.redhat.com/show_bug.cgi?id=671592 [ 2 ] Bug #604356 - glade3-libgladeui-devel depends on gtk-doc unnecessarily https://bugzilla.redhat.com/show_bug.cgi?id=604356 -------------------------------------------------------------------------------- ================================================================================ gnupg-1.4.12-1.fc15 (FEDORA-2012-1085) A GNU utility for secure communication and data storage -------------------------------------------------------------------------------- Update Information: New upstream v1.4.12 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 30 2012 Brian C. Lane <bcl@xxxxxxxxxx> - 1.4.12-1 - New upstream v1.4.12 -------------------------------------------------------------------------------- ================================================================================ gpredict-1.3-4.fc15 (FEDORA-2012-1053) Real-time satellite tracking and orbit prediction program -------------------------------------------------------------------------------- Update Information: Mapped locale files. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 31 2012 Eric "Sparks" Christensen <sparks@xxxxxxxxxxxxxxxxx> - 1.3-4 - Mapped localized files * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Dec 6 2011 Adam Jackson <ajax@xxxxxxxxxx> - 1.3-2 - Rebuild for new libpng -------------------------------------------------------------------------------- References: [ 1 ] Bug #786002 - gpredict not packaged with translations https://bugzilla.redhat.com/show_bug.cgi?id=786002 -------------------------------------------------------------------------------- ================================================================================ ibus-hangul-1.4.0-2.fc15 (FEDORA-2012-1057) The Hangul engine for IBus input platform -------------------------------------------------------------------------------- Update Information: incorporate upstream patch to avoid ibus-setup-hangul crash -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 31 2012 Daiki Ueno <dueno@xxxxxxxxxx> - 1.4.0-2 - Add ibus-hangul-no-ibus-daemon.patch. - Fix bug 784377 - [abrt] ibus-hangul-1.4.0-1.fc16 -------------------------------------------------------------------------------- References: [ 1 ] Bug #784377 - [abrt] ibus-hangul-1.4.0-1.fc16: bus.py:61:__init__:TypeError: expected string or Unicode object, NoneType found https://bugzilla.redhat.com/show_bug.cgi?id=784377 -------------------------------------------------------------------------------- ================================================================================ jd-2.8.5-0.2.svn3993_trunk.fc15 (FEDORA-2012-1074) A 2ch browser -------------------------------------------------------------------------------- Update Information: Updated to the latest trunk to fix 2ch login -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 31 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - rev 3993 * Sun Jan 8 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - rev 3982 * Sat Oct 22 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - rev 3975 -------------------------------------------------------------------------------- ================================================================================ krb5-1.9.2-6.fc15 (FEDORA-2012-1070) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: This update backports fixes needed by development versions of FreeIPA from upstream's development tree, and incorporates a patch to accept entries with version number 0 as matching any desired version number when scanning keytabs for matching entries. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 30 2012 Nalin Dahyabhai <nalin@xxxxxxxxxx> 1.9.2-6 - add patch to accept keytab entries with vno==0 as matches when we're searching for an entry with a specific name/kvno (#230382/#782211,RT#3349) * Mon Jan 30 2012 Nalin Dahyabhai <nalin@xxxxxxxxxx> 1.9.2-5 - backport patch for RT#7046: tag a ccache containing credentials obtained via S4U2Proxy with the principal name of the proxying principal (part of #761317) so that the default principal name can be set to that of the client for which it is proxying, which results in the ccache looking more normal to consumers of the ccache that don't care that there's proxying going on - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached (more of #761317) - backport patch for RT#7048: allow PAC verification to only bother trying to verify the signature with keys that it's given (still more of #761317) -------------------------------------------------------------------------------- References: [ 1 ] Bug #761317 - Please backport s4u2proxy fixes from upstream trunk https://bugzilla.redhat.com/show_bug.cgi?id=761317 -------------------------------------------------------------------------------- ================================================================================ mtpaint-3.40-1.fc15 (FEDORA-2012-1065) Painting program for creating icons and pixel-based artwork -------------------------------------------------------------------------------- Update Information: Update to latest upstream release mtpaint 3.40. -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 29 2012 Terje Rosten <terje.rosten@xxxxxxx> - 3.40-1 - Update to 3.40 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.31-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Nov 7 2011 Terje Rosten <terje.rosten@xxxxxxx> - 3.31-6 - Add png patch -------------------------------------------------------------------------------- ================================================================================ nss-3.13.1-11.fc15 (FEDORA-2012-1097) Network Security Services -------------------------------------------------------------------------------- Update Information: This update fixes crashes caused by applications that called NSS without having initialized it first as it is documented. NSS now protects itself against such calls. Resolves: rhbz#784672. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 26 2012 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.13.1-12 - Resolves: Bug 784672 - nss should protect against being called before nss_Init -------------------------------------------------------------------------------- References: [ 1 ] Bug #784672 - nss should protect against being called before nss_Init https://bugzilla.redhat.com/show_bug.cgi?id=784672 -------------------------------------------------------------------------------- ================================================================================ python-docutils-0.8.1-2.fc15 (FEDORA-2012-1082) System for processing plaintext documentation -------------------------------------------------------------------------------- Update Information: Attempt a fix for throwing UnicodeError when operating in directories that have non-ascii characters. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 30 2012 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.8.1-2 - Fix a unicode traceback https://bugzilla.redhat.com/show_bug.cgi?id=785622 -------------------------------------------------------------------------------- References: [ 1 ] Bug #785622 - [abrt] python-docutils-0.8.1-1.fc16: posixpath.py:71:join:UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 41: ordinal not in range(128) https://bugzilla.redhat.com/show_bug.cgi?id=785622 -------------------------------------------------------------------------------- ================================================================================ rt3-3.8.11-6.fc15 (FEDORA-2012-1051) Request tracker 3 -------------------------------------------------------------------------------- Update Information: Major upstream update, which is supposed to fix various issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 31 2012 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 3.8.11-6 - Misc. specfile improvements. * Tue Jan 31 2012 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 3.8.11-5 - Rewrite *-tests package (Don't use tests macros). * Mon Jan 30 2012 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 3.8.11-4 - Rename rpmbuild option with_tests into with_runtests. - Add rt3-tests subpackage. - Add README.tests. - Remove removal of ${RT3_LIBDIR}/t (Fixed by upstream). - Rework R:/BR:. - Use %{__rm} instead of /bin/rm. - Misc minor spec file cleanup. * Wed Jan 18 2012 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 3.8.11-3 - Fix typo in filter rules. - Add lexdir, manualdir, RT3_LEXDIR. * Mon Jan 16 2012 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 3.8.11-2 - Remove redundant R: config(rt3), Remove P: config(rt3). - Rewrite filter rules. * Sun Jan 15 2012 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 3.8.11-1 - Upstream update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #755721 - Request Tracker RT3 perl deprecated errors and crashes https://bugzilla.redhat.com/show_bug.cgi?id=755721 -------------------------------------------------------------------------------- ================================================================================ sevmgr-0.2.0-1.fc15 (FEDORA-2012-1060) C++ Simulation-Oriented Discrete Event Management Library -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #781775 - Review Request: sevmgr - C++ Simulation-Oriented Discrete Event Management Library https://bugzilla.redhat.com/show_bug.cgi?id=781775 -------------------------------------------------------------------------------- ================================================================================ systemd-26-15.fc15 (FEDORA-2012-1068) A System and Service Manager -------------------------------------------------------------------------------- Update Information: The update fixes a bug where quotacheck and quotaon services were not started. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 31 2012 Michal Schmidt <mschmidt@xxxxxxxxxx> - 26-15 - Fix quota (#773431). -------------------------------------------------------------------------------- References: [ 1 ] Bug #773431 - quota is not turned on https://bugzilla.redhat.com/show_bug.cgi?id=773431 -------------------------------------------------------------------------------- ================================================================================ tcpflow-1.1.0-1.fc15 (FEDORA-2012-1071) Network traffic recorder -------------------------------------------------------------------------------- Update Information: Update to latest upstream release tcpflow 1.1.0. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 30 2012 Terje Rosten <terje.rosten@xxxxxxx> - 1.1.0-1 - 1.1.0 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ tudu-0.8.1-1.fc15 (FEDORA-2012-1052) A simple, command line interface to do list application -------------------------------------------------------------------------------- Update Information: Upgraded to latest version (0.8.1) -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 20 2011 Eric "Sparks" Christensen <sparks@xxxxxxxxxxxxxxxxx> - 0.8.1-1 - Updated to version 0.8.1 - Added arrow keys on date editor - Added support for non-latin keybinding pairs - Fixed wrong plotting while change tudu task position - Fixed category problems (autofill, showonly, ...) - Fixed Makefile problems reported on debian bug #611077 - Removed freeze on moving task - Added ./configure script compatible with autotools - Added multiple category support - Added support for non-fix length categories - Added warning color to old scheduled tasks in sched - Added AvPag and RvPag to normal interface - Fixed display when the length of the title equal to the screen - Fixed problems with updating sched when the title changes -------------------------------------------------------------------------------- References: [ 1 ] Bug #678138 - New version available https://bugzilla.redhat.com/show_bug.cgi?id=678138 [ 2 ] Bug #769648 - Latest version of TuDu doesn't allow redirecting files to certain directories on install https://bugzilla.redhat.com/show_bug.cgi?id=769648 -------------------------------------------------------------------------------- ================================================================================ wicd-1.7.0-11.fc15 (FEDORA-2012-1077) Wireless and wired network connection manager -------------------------------------------------------------------------------- Update Information: CVE-2012-0813 A sensitive information disclosure flaw was found in the way wicd, wireless and wired network connection manager, performed management of sensitive information, to be stored in log files. Fields like 'password', 'identity', 'private_key', 'private_key_passwd' etc., were not excluded from being logged into /var/log/wicd log file, which could allow local attacker, with the privileges of the 'adm' group to view content of these entities in plain text, leading to information disclosure. This update fixes the problem. A reboot is not technically necessary, but if you do not reboot your system after installing this update, you should at least restart the wicd service. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 27 2012 David Cantrell <dcantrell@xxxxxxxxxx> - 1.7.0-11 - Fix CVS-2012-0813 (#785147) -------------------------------------------------------------------------------- References: [ 1 ] Bug #785147 - CVE-2012-0813 wicd: Sensitive information disclosure via log file entries https://bugzilla.redhat.com/show_bug.cgi?id=785147 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test