The following Fedora 15 Security updates need testing: https://admin.fedoraproject.org/updates/FEDORA-2012-5256/wireshark-1.4.12-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5631/phpMyAdmin-3.5.0-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5805/samba-3.5.14-73.fc15.1 https://admin.fedoraproject.org/updates/FEDORA-2012-5822/gallery3-3.0.3-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5814/gallery2-2.3.2-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5436/quagga-0.99.20.1-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5915/python-2.7.3-1.fc15,python-docs-2.7.3-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5916/python3-3.2.3-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5923/wicd-1.7.0-12.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5420/rpm-4.9.1.3-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5422/freetype-2.4.4-8.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5406/libtiff-3.9.5-3.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5515/libpng-1.2.49-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15 The following Fedora 15 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/FEDORA-2012-5915/python-2.7.3-1.fc15,python-docs-2.7.3-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5905/kernel-2.6.43.2-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5805/samba-3.5.14-73.fc15.1 https://admin.fedoraproject.org/updates/FEDORA-2012-5745/nss-util-3.13.4-2.fc15,nss-3.13.4-2.fc15,nss-softokn-3.13.4-1.fc15,nspr-4.9-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5515/libpng-1.2.49-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5406/libtiff-3.9.5-3.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5422/freetype-2.4.4-8.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5420/rpm-4.9.1.3-1.fc15 https://admin.fedoraproject.org/updates/dracut-009-15.fc15 https://admin.fedoraproject.org/updates/lm_sensors-3.3.2-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2011-13190/phonon-backend-gstreamer-4.5.90-2.fc15,phonon-4.5.57-1.20110914.fc15 The following builds have been pushed to Fedora 15 updates-testing drupal6-views-2.16-2.fc15 kernel-2.6.43.2-2.fc15 oxygen-gtk3-1.0.3-1.fc15 perl-Net-GitHub-0.44-1.fc15 python-2.7.3-1.fc15 python-docs-2.7.3-1.fc15 python3-3.2.3-1.fc15 sugar-maze-17-1.fc15 wicd-1.7.0-12.fc15 Details about builds: ================================================================================ drupal6-views-2.16-2.fc15 (FEDORA-2012-5908) Provides a method for site designers to control content presentation -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.16-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Nov 15 2011 Jon Ciesla <limb@xxxxxxxxxxxx> - 2.16-1 - Update to 2.16, BZ 754076. * Fri Nov 4 2011 Jon Ciesla <limb@xxxxxxxxxxxx> - 2.14-1 - Update to 2.14, BZ 751044. -------------------------------------------------------------------------------- ================================================================================ kernel-2.6.43.2-2.fc15 (FEDORA-2012-5905) The Linux kernel -------------------------------------------------------------------------------- Update Information: Linux 3.3.2 There was a regression at the DVB core, affecting applications that require the DVB status before having a lock. In order to allow a broader test (including my environment). All new patches from the upstream media tree up to Apr, 10 got backported plus the fix patches, in order to have, among other things, the az6007 and af9035 drivers backported. Various bugfixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 13 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Reapply rebased drivers-media-update.patch * Fri Apr 13 2012 Dave Jones <davej@xxxxxxxxxx> 2.6.43.2-1 - Linux 3.3.2 * Thu Apr 12 2012 Dennis Gilmore <dennis@xxxxxxxx> - KALLSYMS_EXTRA_PASS=1 has to be passed in on the command line so do so only for arm * Tue Apr 10 2012 Mauro Carvalho Chehab <mchehab@xxxxxxxxxx> - Backport dvb-core and a few driver fixes from media tree (rhbz808871) * Tue Apr 10 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Apply upstream patch to add USB device 13d3:3375 (rhbz 811087) - Backport fixes for correct register constraints in cmpxchg.h (rhbz 809014) * Thu Apr 5 2012 Dave Jones <davej@xxxxxxxxxx> - Better watermark the number of pages used by hibernation I/O (Bojan Smojver) (rhbz 785384) * Wed Apr 4 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Disable runtime PM for hotpluggable ATA ports (rhbz 806676 807632) - Fix NULL pointer dereference in i2400m (rhbz 808603) * Tue Apr 3 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Fix crash in uvc_video_clock_update from Laurent Pinchart (rhbz 806433) - iwl{wifi,legacy}: Fix warnings on remove interface from Stanislaw Gruszka (rhbz 770467) * Tue Apr 3 2012 Dave Jones <davej@xxxxxxxxxx> 2.6.43.1-2 - Disable CONFIG_DEBUG_PAGEALLOC in -debug builds again. * Mon Apr 2 2012 Dave Jones <davej@xxxxxxxxxx> - Linux 3.3.1 * Mon Apr 2 2012 Dave Jones <davej@xxxxxxxxxx> - Linux 3.3 * Fri Mar 30 2012 Dave Jones <davej@xxxxxxxxxx> - Silence the timekeeping "Adjusting tsc more then 11%" spew. (rhbz 798600) * Fri Mar 30 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - CVE-2012-1601: kvm: NULL dereference from irqchip_in_kernel and vcpu->arch.apic inconsistency (rhbz 808207) - Add patch to fix incorrect buffer length in __nfs4_get_acl_uncached * Thu Mar 29 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Drop __cpuinitdata on disable_nx for x86_32 (rhbz 808075) * Mon Mar 26 2012 Dave Jones <davej@xxxxxxxxxx> - Linux 3.2.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #808871 - DVB-S is broken since kernel 3.3 https://bugzilla.redhat.com/show_bug.cgi?id=808871 [ 2 ] Bug #811087 - atheros ar3012 bluetooth in asus ux31e/ux21e not recognized (reopening) https://bugzilla.redhat.com/show_bug.cgi?id=811087 [ 3 ] Bug #770476 - [abrt] kernel: WARNING: at /builddir/build/BUILD/kernel-3.1.fc16/compat-wireless-3.2-rc6-3/drivers/net/wireless/iwlwifi/iwl-core.c:1330 iwlagn_mac_remove_interface+0x98/0x120 [iwlwifi]() https://bugzilla.redhat.com/show_bug.cgi?id=770476 [ 4 ] Bug #809014 - strange build error with ndiswrapper on i686 https://bugzilla.redhat.com/show_bug.cgi?id=809014 [ 5 ] Bug #806433 - [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000180 https://bugzilla.redhat.com/show_bug.cgi?id=806433 [ 6 ] Bug #808603 - i2400m null pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=808603 [ 7 ] Bug #807656 - V4L-utils should be upgraded to add dvb-fe-tool https://bugzilla.redhat.com/show_bug.cgi?id=807656 [ 8 ] Bug #806676 - Regression: SATA hot swap broken - one CPU goes 100% - unable to synchronize and stop disk https://bugzilla.redhat.com/show_bug.cgi?id=806676 [ 9 ] Bug #783561 - pti_exit() BUG: unable to handle kernel NULL pointer dereference at (null) https://bugzilla.redhat.com/show_bug.cgi?id=783561 [ 10 ] Bug #807632 - Hot-swapping e-sata disks fails in kernel 3.3 https://bugzilla.redhat.com/show_bug.cgi?id=807632 [ 11 ] Bug #807396 - kernel-2.6.42.12-1.fc15.x86_64 prevents various system types from booting https://bugzilla.redhat.com/show_bug.cgi?id=807396 -------------------------------------------------------------------------------- ================================================================================ oxygen-gtk3-1.0.3-1.fc15 (FEDORA-2012-5920) Oxygen GTK+3 theme -------------------------------------------------------------------------------- Update Information: oxygen-gtk3-1.0.3 See https://projects.kde.org/news/134 -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 14 2012 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1:1.0.3-1 - oxygen-gtk3-1.0.3 -------------------------------------------------------------------------------- ================================================================================ perl-Net-GitHub-0.44-1.fc15 (FEDORA-2012-5913) Perl interface for github.com -------------------------------------------------------------------------------- Update Information: Github is phasing out old v1 and v2 APIs by May 2012. Switch to v3 by default. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 13 2012 Petr Šabata <contyk@xxxxxxxxxx> - 0.44-1 - 0.44 bump - Github is removing support of v1 and v2 API on May 1, 2012 This version makes v3 the default * Fri Mar 23 2012 Petr Šabata <contyk@xxxxxxxxxx> - 0.42-1 - 0.42 bump - Remove trailing newlines * Thu Mar 22 2012 Petr Šabata <contyk@xxxxxxxxxx> - 0.41-1 - 0.41 bump, switching to v3 API - Remove command macros - Upstream no longer ships examples * Tue Jan 17 2012 Petr Šabata <contyk@xxxxxxxxxx> - 0.30-1 - 0.30 bump - Spec cleanup * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.28-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Thu Jul 21 2011 Petr Sabata <contyk@xxxxxxxxxx> - 0.28-3 - Perl mass rebuild * Wed Jul 20 2011 Petr Sabata <contyk@xxxxxxxxxx> - 0.28-2 - Perl mass rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #812304 - perl-Net-GitHub-0.44 is available https://bugzilla.redhat.com/show_bug.cgi?id=812304 -------------------------------------------------------------------------------- ================================================================================ python-2.7.3-1.fc15 (FEDORA-2012-5915) An interpreted, interactive, object-oriented programming language -------------------------------------------------------------------------------- Update Information: Rebase of Python 2 ("python" and "python-docs") from 2.7 to 2.7.3 bringing in security fixes, along with other bugfixes. See http://python.org/download/releases/2.7.3/ -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 13 2012 David Malcolm <dmalcolm@xxxxxxxxxx> - 2.7.3-1 - 2.7.3; refresh patches 102 (lib64) and 112 (debug build); revise patch 127 (test_structmember); drop upstream patches 11 (tolower) 116 (pydoc robustness) 122 (parallel make) 124 (SELinux) 130 (ppc macro in debug build) 131 (decimal in Turkish locale); add python2.pc to python-devel; regenerate the autotool intermediates patch (patch 300) * Thu Sep 8 2011 David Malcolm <dmalcolm@xxxxxxxxxx> - 2.7.1-10 - don't run test_openpty and test_pty during %check (workaround for rhbz#714627) * Tue Jun 7 2011 Dennis Gilmore <dennis@xxxxxxxx> - 2.7.1-9 - fix sparc building by excluding failing tests RHBZ#711584 * Mon May 23 2011 Peter Robinson <pbrobinson@xxxxxxxxx> - 2.7.1-8 - fix compile on ARM by exlcuding failing tests on arm - RHBZ #706253 -------------------------------------------------------------------------------- References: [ 1 ] Bug #750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003) https://bugzilla.redhat.com/show_bug.cgi?id=750555 [ 2 ] Bug #789790 - CVE-2012-0845 python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request https://bugzilla.redhat.com/show_bug.cgi?id=789790 [ 3 ] Bug #812068 - python: SSL CBC IV vulnerability (CVE-2011-3389, BEAST) https://bugzilla.redhat.com/show_bug.cgi?id=812068 -------------------------------------------------------------------------------- ================================================================================ python-docs-2.7.3-1.fc15 (FEDORA-2012-5915) Documentation for the Python programming language -------------------------------------------------------------------------------- Update Information: Rebase of Python 2 ("python" and "python-docs") from 2.7 to 2.7.3 bringing in security fixes, along with other bugfixes. See http://python.org/download/releases/2.7.3/ -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 13 2012 David Malcolm <dmalcolm@xxxxxxxxxx> - 2.7.3-1 - 2.7.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003) https://bugzilla.redhat.com/show_bug.cgi?id=750555 [ 2 ] Bug #789790 - CVE-2012-0845 python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request https://bugzilla.redhat.com/show_bug.cgi?id=789790 [ 3 ] Bug #812068 - python: SSL CBC IV vulnerability (CVE-2011-3389, BEAST) https://bugzilla.redhat.com/show_bug.cgi?id=812068 -------------------------------------------------------------------------------- ================================================================================ python3-3.2.3-1.fc15 (FEDORA-2012-5916) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Rebase of Python 3 ("python3") from 3.2 to 3.2.3 bringing in security fixes, along with other bugfixes. See http://python.org/download/releases/3.2.3/ -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 12 2012 David Malcolm <dmalcolm@xxxxxxxxxx> - 3.2.3-1 - 3.2.3; refresh patch 6 (no static lib), patch 102 (lib64) and patch 129 (test_subprocess); fix test_gdb (patches 152 and 153); regenerate the autotool intermediates patch (patch 300); run unit tests verbosely; add support for skipping unit tests in rpmbuild (patch 132), use it to skip a specific urllib test (patch 154) * Sun Oct 9 2011 Daniel Drake <dsd@xxxxxxxxxx> - 3.2-3 - don't run test_openpty and test_pty in %check - exclude failing tests on ARM * Tue Apr 19 2011 David Malcolm <dmalcolm@xxxxxxxxxx> - 3.2-2 - fix the libpython.stp systemtap tapset (rhbz#697730) -------------------------------------------------------------------------------- References: [ 1 ] Bug #750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003) https://bugzilla.redhat.com/show_bug.cgi?id=750555 [ 2 ] Bug #789790 - CVE-2012-0845 python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request https://bugzilla.redhat.com/show_bug.cgi?id=789790 [ 3 ] Bug #812068 - python: SSL CBC IV vulnerability (CVE-2011-3389, BEAST) https://bugzilla.redhat.com/show_bug.cgi?id=812068 -------------------------------------------------------------------------------- ================================================================================ sugar-maze-17-1.fc15 (FEDORA-2012-5922) Maze for Sugar -------------------------------------------------------------------------------- Update Information: New Release V 17 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 13 2012 Kalpa Welivitigoda <callkalpa@xxxxxxxxx> - 17-1 - Release 17 -------------------------------------------------------------------------------- ================================================================================ wicd-1.7.0-12.fc15 (FEDORA-2012-5923) Wireless and wired network connection manager -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2012-2095. The wicd daemon suffered from a local privilege escalation flaw due to incomplete input sanitization. A local attacker sould use this to inject arbitrary code through the D-Bus interface. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 13 2012 David Cantrell <dcantrell@xxxxxxxxxx> - 1.7.0-12 - Fix CVE-2012-2095 (#811763) -------------------------------------------------------------------------------- References: [ 1 ] Bug #811762 - CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=811762 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test