The following Fedora 16 Security updates need testing: https://admin.fedoraproject.org/updates/FEDORA-2012-6365/openstack-nova-2011.3.1-8.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6368/bugzilla-4.0.6-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-5624/phpMyAdmin-3.5.0-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6375/cifs-utils-5.4-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6411/nginx-1.0.15-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6409/rubygems-1.8.11-3.fc16.1 https://admin.fedoraproject.org/updates/FEDORA-2012-6529/argyllcms-1.4.0-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-5058/expat-2.1.0-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-5833/python3-3.2.3-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6628/dokuwiki-0-0.10.20110525.a.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6542/wordpress-3.3.2-2.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-5924/python-2.7.3-1.fc16,python-docs-2.7.3-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6612/asterisk-1.8.11.1-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6614/gdb-7.3.50.20110722-16.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6758/openconnect-3.18-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2011-14691/tomcat6-6.0.32-19.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6722/bind-dyndb-ldap-1.1.0-0.11.rc1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6382/samba4-4.0.0-38.alpha16.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6908/mozilla-https-everywhere-2.0.3-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6907/php-5.3.11-1.fc16,php-eaccelerator-0.9.6.1-9.fc16.3,maniadrive-1.2-32.fc16.3 The following Fedora 16 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/FEDORA-2012-6914/mysql-5.5.23-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6837/livecd-tools-16.14-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6726/livecd-tools-16.13-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6614/gdb-7.3.50.20110722-16.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6613/selinux-policy-3.10.0-86.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6516/pcre-8.12-9.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6389/taglib-1.7.2-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6416/fuse-2.8.7-1.fc16.1 https://admin.fedoraproject.org/updates/FEDORA-2012-6209/xorg-x11-drv-ati-6.14.3-5.20120201git36c190671.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6004/sane-backends-1.0.22-10.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-3319/GConf2-3.2.3-4.fc16 The following builds have been pushed to Fedora 16 updates-testing PyYAML-3.10-3.fc16 condor-7.9.0-0.1.fc16 fftw-3.3.1-2.fc16 ibus-1.4.1-2.fc16 maniadrive-1.2-32.fc16.3 mcollective-1.3.3-5.fc16 mosh-1.2-2.fc16 mozilla-https-everywhere-2.0.3-1.fc16 munin-1.4.7-3.fc16 mysql-5.5.23-1.fc16 perl-Net-Twitter-3.18002-1.fc16 php-5.3.11-1.fc16 php-eaccelerator-0.9.6.1-9.fc16.3 php-swift-Swift-4.1.7-1.fc16 sks-1.1.3-1.fc16 Details about builds: ================================================================================ PyYAML-3.10-3.fc16 (FEDORA-2012-6917) YAML parser and emitter for Python -------------------------------------------------------------------------------- Update Information: Add python-yaml Provides -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 John Eckersberg <jeckersb@xxxxxxxxxx> - 3.10-3 - Add Provides for python-yaml (BZ#740390) * Thu Jan 12 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #740390 - Add python-yaml Provides to packages https://bugzilla.redhat.com/show_bug.cgi?id=740390 -------------------------------------------------------------------------------- ================================================================================ condor-7.9.0-0.1.fc16 (FEDORA-2012-6904) Condor: High Throughput Computing -------------------------------------------------------------------------------- Update Information: Update to 7.9.0 developer series. Happy condor week -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 <tstclair@xxxxxxxxxx> - 7.9.0-0.1 - Fast forward to 7.9.0 pre-release -------------------------------------------------------------------------------- References: [ 1 ] Bug #808019 - Condors MOUNT_UNDER_SCRATCH and autofs do no combine https://bugzilla.redhat.com/show_bug.cgi?id=808019 -------------------------------------------------------------------------------- ================================================================================ fftw-3.3.1-2.fc16 (FEDORA-2012-6906) A Fast Fourier Transform library -------------------------------------------------------------------------------- Update Information: Update to 3.3.1, featuring new processor extensions. Restructuring of library packages. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 26 2012 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 3.3.1-2 - Reorganized libraries (BZ #812981). * Mon Feb 27 2012 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 3.3.1-1 - Update to 3.3.1. * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Oct 11 2011 Dan Horák <dan[at]danny.cz> - 3.3-4 - libquadmath exists only on x86/x86_64 and ia64 -------------------------------------------------------------------------------- References: [ 1 ] Bug #812981 - consider subpackaging fftw-libs more https://bugzilla.redhat.com/show_bug.cgi?id=812981 -------------------------------------------------------------------------------- ================================================================================ ibus-1.4.1-2.fc16 (FEDORA-2012-6916) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: This is a bug fixes update. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.4.1-2 - Updated ibus-HEAD.patch from upstream Fixed Bug 813125 - Do not send preedit-changed signal without preedit. Fixed the coordinate in languagebar when dual monitors are used. - Updated ibus-xx-bridge-hotkey.patch Fixed Bug 813971 - no Ctrl+Space -------------------------------------------------------------------------------- References: [ 1 ] Bug #813125 - ibus should not generate empty preedit strings on focus switch https://bugzilla.redhat.com/show_bug.cgi?id=813125 [ 2 ] Bug #813971 - Ctrl+Space activates ibus regardless of setting in ibus-setup https://bugzilla.redhat.com/show_bug.cgi?id=813971 -------------------------------------------------------------------------------- ================================================================================ maniadrive-1.2-32.fc16.3 (FEDORA-2012-6907) 3D stunt driving game -------------------------------------------------------------------------------- Update Information: Upstream Security Enhancements: * Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). * Add open_basedir checks to readline_write_history and readline_read_history. * Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1 RPM changes: * php-fpm: add comment about security.limit_extensions in provided conf * php-fpm: add /etc/sysconfig/php-fpm environment file * php-common provides zip extension, as in previous fedora version -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.2-32.3 - rebuild against PHP 5.3.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s https://bugzilla.redhat.com/show_bug.cgi?id=799187 [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown https://bugzilla.redhat.com/show_bug.cgi?id=789468 -------------------------------------------------------------------------------- ================================================================================ mcollective-1.3.3-5.fc16 (FEDORA-2012-6627) A framework to build server orchestration or parallel job execution systems -------------------------------------------------------------------------------- Update Information: * Fixes malfunctioning systemd file. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Steve Traylen <steve.traylen@xxxxxxx> - 1.3.3-5 - Finger trouble. * Fri Apr 27 2012 Steve Traylen <steve.traylen@xxxxxxx> - 1.3.3-4 - Fix patch 0001 to stop loading verdor directory. * Tue Apr 24 2012 Steve Traylen <steve.traylen@xxxxxxx> - 1.3.3-3 - Fix systemd start up file. * Wed Apr 18 2012 Steve Traylen <steve.traylen@xxxxxxx> - 1.3.3-2 - Update to Fedora's new ruby guidelines. * Tue Apr 17 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.3.3-1 - 1.3.3 - see releasenotes: http://docs.puppetlabs.com/mcollective/releasenotes.html * Fri Jan 13 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.3.2-1 - 1.3.2 - see releasenotes: http://docs.puppetlabs.com/mcollective/releasenotes.html * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mosh-1.2-2.fc16 (FEDORA-2012-6909) Mobile shell that supports roaming and intelligent local echo -------------------------------------------------------------------------------- Update Information: Fix debuginfo Update to mosh 1.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Alexander Chernyakhovsky <achernya@xxxxxxx> - 1.2 - Update to mosh 1.2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #817237 - mosh-debuginfo 1.2 contains no sources https://bugzilla.redhat.com/show_bug.cgi?id=817237 -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-2.0.3-1.fc16 (FEDORA-2012-6908) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: Fix upstream bug 5676, which fixes an SSL downgrade attack. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 28 2012 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 2.0.3-1 - Fix a downgrade attack that might allow attackers to deny HTTPS Everywhere protection for cookies on some domains. https://trac.torproject.org/projects/tor/ticket/5676 - Minor redirection mechanism fixes - Fixes: WordPress, Yandex, OpenDNS, Via.me/AWS - Improvements: Mozilla - Disable broken: ReadWriteWeb -------------------------------------------------------------------------------- ================================================================================ munin-1.4.7-3.fc16 (FEDORA-2012-6915) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information: Better fix for older version messing up enabled plugins, fixed issue with java plugin, fixed duplicate ownership of directory. Workaround for issue with all plugins being disabled on upgrade. If you updated to 1.4.7-1, you will need to re-enable plugins you wish to be running. '/usr/sbin/munin-node-configure --shell | sh' -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 24 2012 Kevin Fenzi <kevin@xxxxxxxxx> - 1.4.7-3 - A better for for 811867 with triggers. - Fix directory conflict. Fixes bug #816340 - Fix path in java plugin. Fixes bug #816570 * Sun Apr 15 2012 Kevin Fenzi <kevin@xxxxxxxxx> - 1.4.7-2 - Fix node postun from messing up plugins on upgrade. Works around bug #811867 * Wed Mar 14 2012 D. Johnson <fenris02@xxxxxxxxxxxxxxxxx> - 1.4.7-1 - updated for 1.4.7 release * Wed Feb 22 2012 Kevin Fenzi <kevin@xxxxxxxxx> 1.4.6-8 - Build against java-1.7.0 now. Fixes bug #796345 -------------------------------------------------------------------------------- References: [ 1 ] Bug #816340 - munin and munin-common have a file conflict https://bugzilla.redhat.com/show_bug.cgi?id=816340 [ 2 ] Bug #816570 - Wrong path to munin jar in jmx plugin https://bugzilla.redhat.com/show_bug.cgi?id=816570 [ 3 ] Bug #811867 - Latest munin-node update clears all plugin settings https://bugzilla.redhat.com/show_bug.cgi?id=811867 -------------------------------------------------------------------------------- ================================================================================ mysql-5.5.23-1.fc16 (FEDORA-2012-6914) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: Update to MySQL 5.5.23, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 28 2012 Tom Lane <tgl@xxxxxxxxxx> 5.5.23-1 - Update to MySQL 5.5.23, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html -------------------------------------------------------------------------------- ================================================================================ perl-Net-Twitter-3.18002-1.fc16 (FEDORA-2012-6920) Perl interface to the Twitter API -------------------------------------------------------------------------------- Update Information: Update to 3.18002: Added API method subscriptions; list_subscriptions is now all_subscriptions with alias list_subscriptions. Deprecated TwitterVision API support. Added API method members_destroy_all with alias remove_list_members. Aadded deprecation warning for 'trends'; calls trends_location(1), instead. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #816138 - perl-Net-Twitter-3.18002 is available https://bugzilla.redhat.com/show_bug.cgi?id=816138 -------------------------------------------------------------------------------- ================================================================================ php-5.3.11-1.fc16 (FEDORA-2012-6907) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: Upstream Security Enhancements: * Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). * Add open_basedir checks to readline_write_history and readline_read_history. * Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1 RPM changes: * php-fpm: add comment about security.limit_extensions in provided conf * php-fpm: add /etc/sysconfig/php-fpm environment file * php-common provides zip extension, as in previous fedora version -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.3.11-1 - update to 5.3.11 http://www.php.net/ChangeLog-5.php#5.3.11 - add /etc/sysconfig/php-fpm environment file (#784770) - php-fpm: add security.limit_extensions in provided conf - zip extension is back (unbundled in f17) -------------------------------------------------------------------------------- References: [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s https://bugzilla.redhat.com/show_bug.cgi?id=799187 [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown https://bugzilla.redhat.com/show_bug.cgi?id=789468 -------------------------------------------------------------------------------- ================================================================================ php-eaccelerator-0.9.6.1-9.fc16.3 (FEDORA-2012-6907) PHP accelerator, optimizer, encoder and dynamic content cacher -------------------------------------------------------------------------------- Update Information: Upstream Security Enhancements: * Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). * Add open_basedir checks to readline_write_history and readline_read_history. * Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1 RPM changes: * php-fpm: add comment about security.limit_extensions in provided conf * php-fpm: add /etc/sysconfig/php-fpm environment file * php-common provides zip extension, as in previous fedora version -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1:0.9.6.1-9.3 - rebuild against PHP 5.3.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s https://bugzilla.redhat.com/show_bug.cgi?id=799187 [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown https://bugzilla.redhat.com/show_bug.cgi?id=789468 -------------------------------------------------------------------------------- ================================================================================ php-swift-Swift-4.1.7-1.fc16 (FEDORA-2012-6918) Free Feature-rich PHP Mailer -------------------------------------------------------------------------------- Update Information: upstream 4.1.7 -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 28 2012 Christof Damian <christof@xxxxxxxxxx> - 4.1.7-1 - upstream 4.1.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #816938 - php-swift-Swift-4.1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=816938 -------------------------------------------------------------------------------- ================================================================================ sks-1.1.3-1.fc16 (FEDORA-2012-6905) Synchronizing Key Server -------------------------------------------------------------------------------- Update Information: Upgrade to 1.1.3 -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 21 2012 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.1.3-1 - Upgrade to 1.1.3 * Tue Jan 24 2012 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.1.3-0.2.20120124hg - Try to build against libdb 5.2 * Tue Jan 24 2012 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.1.3-0.1.20120124hg - Upgrade to John Clizbe's latest sks from mercurial repo so we can use - css, etc in the webpage * Thu Jan 19 2012 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.1.2-2 - Add init.d scripts * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test