The following Fedora 15 Security updates need testing: https://admin.fedoraproject.org/updates/FEDORA-2012-6371/nginx-1.0.15-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-5631/phpMyAdmin-3.5.0-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6395/openssl-1.0.0i-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6414/rubygems-1.7.2-5.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6349/samba4-4.0.0-26.alpha11.fc15.6 https://admin.fedoraproject.org/updates/FEDORA-2012-6396/bugzilla-3.6.9-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6511/wordpress-3.3.2-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6630/dokuwiki-0-0.10.20110525.a.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6610/xulrunner-12.0-1.fc15,firefox-12.0-1.fc15,gnome-python2-extras-2.25.3-35.fc15.7,perl-Gtk2-MozEmbed-0.09-1.fc15.11 https://admin.fedoraproject.org/updates/FEDORA-2012-5916/python3-3.2.3-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6730/openconnect-3.18-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6717/thunderbird-12.0-1.fc15,thunderbird-lightning-1.4-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6724/asterisk-1.8.11.1-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6759/bind-dyndb-ldap-1.1.0-0.11.rc1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6398/cifs-utils-5.4-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6911/php-5.3.11-1.fc15,php-eaccelerator-0.9.6.1-9.fc15.3,maniadrive-1.2-32.fc15.3 https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6913/mozilla-https-everywhere-2.0.3-1.fc15 The following Fedora 15 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/FEDORA-2012-6919/mysql-5.5.23-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6717/thunderbird-12.0-1.fc15,thunderbird-lightning-1.4-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6552/PackageKit-0.6.17-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6517/pcre-8.12-8.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6395/openssl-1.0.0i-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6373/fuse-2.8.7-1.fc15.1 https://admin.fedoraproject.org/updates/dracut-009-15.fc15 The following builds have been pushed to Fedora 15 updates-testing ibus-1.4.1-2.fc15 maniadrive-1.2-32.fc15.3 mosh-1.2-2.fc15 mozilla-https-everywhere-2.0.3-1.fc15 munin-1.4.7-3.fc15 mysql-5.5.23-1.fc15 perl-Net-Twitter-3.18002-1.fc15 php-5.3.11-1.fc15 php-eaccelerator-0.9.6.1-9.fc15.3 Details about builds: ================================================================================ ibus-1.4.1-2.fc15 (FEDORA-2012-6902) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: This is a bug fixes update. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.4.1-2 - Updated ibus-HEAD.patch from upstream Fixed Bug 813125 - Do not send preedit-changed signal without preedit. Fixed the coordinate in languagebar when dual monitors are used. - Updated ibus-xx-bridge-hotkey.patch Fixed Bug 813971 - no Ctrl+Space -------------------------------------------------------------------------------- References: [ 1 ] Bug #813125 - ibus should not generate empty preedit strings on focus switch https://bugzilla.redhat.com/show_bug.cgi?id=813125 [ 2 ] Bug #813971 - Ctrl+Space activates ibus regardless of setting in ibus-setup https://bugzilla.redhat.com/show_bug.cgi?id=813971 -------------------------------------------------------------------------------- ================================================================================ maniadrive-1.2-32.fc15.3 (FEDORA-2012-6911) 3D stunt driving game -------------------------------------------------------------------------------- Update Information: Upstream Security Enhancements: * Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). * Add open_basedir checks to readline_write_history and readline_read_history. * Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1 RPM changes: * php-fpm: add comment about security.limit_extensions in provided conf * php-fpm: add /etc/sysconfig/php-fpm environment file -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.2-32.3 - rebuild against PHP 5.3.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s https://bugzilla.redhat.com/show_bug.cgi?id=799187 [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown https://bugzilla.redhat.com/show_bug.cgi?id=789468 -------------------------------------------------------------------------------- ================================================================================ mosh-1.2-2.fc15 (FEDORA-2012-6903) Mobile shell that supports roaming and intelligent local echo -------------------------------------------------------------------------------- Update Information: Fix debuginfo Update to mosh 1.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Alexander Chernyakhovsky <achernya@xxxxxxx> - 1.2 - Update to mosh 1.2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #817237 - mosh-debuginfo 1.2 contains no sources https://bugzilla.redhat.com/show_bug.cgi?id=817237 -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-2.0.3-1.fc15 (FEDORA-2012-6913) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: Fix upstream bug 5676, which fixes an SSL downgrade attack. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 28 2012 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 2.0.3-1 - Fix a downgrade attack that might allow attackers to deny HTTPS Everywhere protection for cookies on some domains. https://trac.torproject.org/projects/tor/ticket/5676 - Minor redirection mechanism fixes - Fixes: WordPress, Yandex, OpenDNS, Via.me/AWS - Improvements: Mozilla - Disable broken: ReadWriteWeb -------------------------------------------------------------------------------- ================================================================================ munin-1.4.7-3.fc15 (FEDORA-2012-6912) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information: Better fix for older version messing up enabled plugins, fixed issue with java plugin, fixed duplicate ownership of directory. Workaround for issue with all plugins being disabled on upgrade. If you updated to 1.4.7-1, you will need to re-enable plugins you wish to be running. '/usr/sbin/munin-node-configure --shell | sh' -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 24 2012 Kevin Fenzi <kevin@xxxxxxxxx> - 1.4.7-3 - A better for for 811867 with triggers. - Fix directory conflict. Fixes bug #816340 - Fix path in java plugin. Fixes bug #816570 * Sun Apr 15 2012 Kevin Fenzi <kevin@xxxxxxxxx> - 1.4.7-2 - Fix node postun from messing up plugins on upgrade. Works around bug #811867 -------------------------------------------------------------------------------- References: [ 1 ] Bug #816340 - munin and munin-common have a file conflict https://bugzilla.redhat.com/show_bug.cgi?id=816340 [ 2 ] Bug #816570 - Wrong path to munin jar in jmx plugin https://bugzilla.redhat.com/show_bug.cgi?id=816570 [ 3 ] Bug #811867 - Latest munin-node update clears all plugin settings https://bugzilla.redhat.com/show_bug.cgi?id=811867 -------------------------------------------------------------------------------- ================================================================================ mysql-5.5.23-1.fc15 (FEDORA-2012-6919) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: Update to MySQL 5.5.23, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 28 2012 Tom Lane <tgl@xxxxxxxxxx> 5.5.23-1 - Update to MySQL 5.5.23, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html -------------------------------------------------------------------------------- ================================================================================ perl-Net-Twitter-3.18002-1.fc15 (FEDORA-2012-6910) Perl interface to the Twitter API -------------------------------------------------------------------------------- Update Information: Update to 3.18002: Added API method subscriptions; list_subscriptions is now all_subscriptions with alias list_subscriptions. Deprecated TwitterVision API support. Added API method members_destroy_all with alias remove_list_members. Aadded deprecation warning for 'trends'; calls trends_location(1), instead. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #816138 - perl-Net-Twitter-3.18002 is available https://bugzilla.redhat.com/show_bug.cgi?id=816138 -------------------------------------------------------------------------------- ================================================================================ php-5.3.11-1.fc15 (FEDORA-2012-6911) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: Upstream Security Enhancements: * Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). * Add open_basedir checks to readline_write_history and readline_read_history. * Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1 RPM changes: * php-fpm: add comment about security.limit_extensions in provided conf * php-fpm: add /etc/sysconfig/php-fpm environment file -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.3.11-1 - update to 5.3.11 http://www.php.net/ChangeLog-5.php#5.3.11 - add /etc/sysconfig/php-fpm environment file (#784770) - php-fpm: add security.limit_extensions in provided conf -------------------------------------------------------------------------------- References: [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s https://bugzilla.redhat.com/show_bug.cgi?id=799187 [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown https://bugzilla.redhat.com/show_bug.cgi?id=789468 -------------------------------------------------------------------------------- ================================================================================ php-eaccelerator-0.9.6.1-9.fc15.3 (FEDORA-2012-6911) PHP accelerator, optimizer, encoder and dynamic content cacher -------------------------------------------------------------------------------- Update Information: Upstream Security Enhancements: * Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). * Add open_basedir checks to readline_write_history and readline_read_history. * Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1 RPM changes: * php-fpm: add comment about security.limit_extensions in provided conf * php-fpm: add /etc/sysconfig/php-fpm environment file -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 27 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1:0.9.6.1-9.3 - rebuild against PHP 5.3.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s https://bugzilla.redhat.com/show_bug.cgi?id=799187 [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown https://bugzilla.redhat.com/show_bug.cgi?id=789468 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test