Fedora 15 updates-testing report

updates@xxxxxxxxxxxxxxxxx · Sun, 29 Apr 2012 00:25:47 +0000

The following Fedora 15 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-2012-6371/nginx-1.0.15-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-5631/phpMyAdmin-3.5.0-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6395/openssl-1.0.0i-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6414/rubygems-1.7.2-5.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6349/samba4-4.0.0-26.alpha11.fc15.6
    https://admin.fedoraproject.org/updates/FEDORA-2012-6396/bugzilla-3.6.9-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6511/wordpress-3.3.2-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6630/dokuwiki-0-0.10.20110525.a.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6610/xulrunner-12.0-1.fc15,firefox-12.0-1.fc15,gnome-python2-extras-2.25.3-35.fc15.7,perl-Gtk2-MozEmbed-0.09-1.fc15.11
    https://admin.fedoraproject.org/updates/FEDORA-2012-5916/python3-3.2.3-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6730/openconnect-3.18-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6717/thunderbird-12.0-1.fc15,thunderbird-lightning-1.4-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6724/asterisk-1.8.11.1-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6759/bind-dyndb-ldap-1.1.0-0.11.rc1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6398/cifs-utils-5.4-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6911/php-5.3.11-1.fc15,php-eaccelerator-0.9.6.1-9.fc15.3,maniadrive-1.2-32.fc15.3
    https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6913/mozilla-https-everywhere-2.0.3-1.fc15

The following Fedora 15 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/FEDORA-2012-6919/mysql-5.5.23-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6717/thunderbird-12.0-1.fc15,thunderbird-lightning-1.4-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6552/PackageKit-0.6.17-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6517/pcre-8.12-8.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6395/openssl-1.0.0i-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6373/fuse-2.8.7-1.fc15.1
    https://admin.fedoraproject.org/updates/dracut-009-15.fc15

The following builds have been pushed to Fedora 15 updates-testing

    ibus-1.4.1-2.fc15
    maniadrive-1.2-32.fc15.3
    mosh-1.2-2.fc15
    mozilla-https-everywhere-2.0.3-1.fc15
    munin-1.4.7-3.fc15
    mysql-5.5.23-1.fc15
    perl-Net-Twitter-3.18002-1.fc15
    php-5.3.11-1.fc15
    php-eaccelerator-0.9.6.1-9.fc15.3

Details about builds:

================================================================================
 ibus-1.4.1-2.fc15 (FEDORA-2012-6902)
 Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:

This is a bug fixes update.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.4.1-2
- Updated ibus-HEAD.patch from upstream
  Fixed Bug 813125 - Do not send preedit-changed signal without preedit.
  Fixed the coordinate in languagebar when dual monitors are used.
- Updated ibus-xx-bridge-hotkey.patch
  Fixed Bug 813971 - no Ctrl+Space
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #813125 - ibus should not generate empty preedit strings on focus switch
        https://bugzilla.redhat.com/show_bug.cgi?id=813125
  [ 2 ] Bug #813971 - Ctrl+Space activates ibus regardless of setting in ibus-setup
        https://bugzilla.redhat.com/show_bug.cgi?id=813971
--------------------------------------------------------------------------------

================================================================================
 maniadrive-1.2-32.fc15.3 (FEDORA-2012-6911)
 3D stunt driving game
--------------------------------------------------------------------------------
Update Information:

Upstream Security Enhancements:
* Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
* Add open_basedir checks to readline_write_history and readline_read_history.
* Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1

RPM changes:
* php-fpm: add comment about security.limit_extensions in provided conf
* php-fpm: add /etc/sysconfig/php-fpm environment file

--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.2-32.3
- rebuild against PHP 5.3.11
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s
        https://bugzilla.redhat.com/show_bug.cgi?id=799187
  [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown
        https://bugzilla.redhat.com/show_bug.cgi?id=789468
--------------------------------------------------------------------------------

================================================================================
 mosh-1.2-2.fc15 (FEDORA-2012-6903)
 Mobile shell that supports roaming and intelligent local echo
--------------------------------------------------------------------------------
Update Information:

Fix debuginfo
Update to mosh 1.2
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Alexander Chernyakhovsky <achernya@xxxxxxx> - 1.2
- Update to mosh 1.2.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #817237 - mosh-debuginfo 1.2 contains no sources
        https://bugzilla.redhat.com/show_bug.cgi?id=817237
--------------------------------------------------------------------------------

================================================================================
 mozilla-https-everywhere-2.0.3-1.fc15 (FEDORA-2012-6913)
 HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:

Fix upstream bug 5676, which fixes an SSL downgrade attack.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 28 2012 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 2.0.3-1
- Fix a downgrade attack that might allow attackers to deny HTTPS
    Everywhere protection for cookies on some domains.
    https://trac.torproject.org/projects/tor/ticket/5676
- Minor redirection mechanism fixes
- Fixes: WordPress, Yandex, OpenDNS, Via.me/AWS
- Improvements: Mozilla
- Disable broken: ReadWriteWeb
--------------------------------------------------------------------------------

================================================================================
 munin-1.4.7-3.fc15 (FEDORA-2012-6912)
 Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:

Better fix for older version messing up enabled plugins, fixed issue with java plugin, fixed duplicate ownership of directory.
Workaround for issue with all plugins being disabled on upgrade. If you updated to 1.4.7-1, you will need to re-enable plugins you wish to be running. '/usr/sbin/munin-node-configure --shell | sh'
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 24 2012 Kevin Fenzi <kevin@xxxxxxxxx> - 1.4.7-3
- A better for for 811867 with triggers. 
- Fix directory conflict. Fixes bug #816340
- Fix path in java plugin. Fixes bug #816570
* Sun Apr 15 2012 Kevin Fenzi <kevin@xxxxxxxxx> - 1.4.7-2
- Fix node postun from messing up plugins on upgrade. Works around bug #811867
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #816340 - munin and munin-common have a file conflict
        https://bugzilla.redhat.com/show_bug.cgi?id=816340
  [ 2 ] Bug #816570 - Wrong path to munin jar in jmx plugin
        https://bugzilla.redhat.com/show_bug.cgi?id=816570
  [ 3 ] Bug #811867 - Latest munin-node update clears all plugin settings
        https://bugzilla.redhat.com/show_bug.cgi?id=811867
--------------------------------------------------------------------------------

================================================================================
 mysql-5.5.23-1.fc15 (FEDORA-2012-6919)
 MySQL client programs and shared libraries
--------------------------------------------------------------------------------
Update Information:

Update to MySQL 5.5.23, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 28 2012 Tom Lane <tgl@xxxxxxxxxx> 5.5.23-1
- Update to MySQL 5.5.23, for various fixes described at
  http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html
--------------------------------------------------------------------------------

================================================================================
 perl-Net-Twitter-3.18002-1.fc15 (FEDORA-2012-6910)
 Perl interface to the Twitter API
--------------------------------------------------------------------------------
Update Information:

Update to 3.18002: Added API method subscriptions; list_subscriptions is now all_subscriptions with alias list_subscriptions. Deprecated TwitterVision API support. Added API method members_destroy_all with alias remove_list_members. Aadded deprecation warning for 'trends'; calls trends_location(1), instead.
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #816138 - perl-Net-Twitter-3.18002 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=816138
--------------------------------------------------------------------------------

================================================================================
 php-5.3.11-1.fc15 (FEDORA-2012-6911)
 PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:

Upstream Security Enhancements:
* Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
* Add open_basedir checks to readline_write_history and readline_read_history.
* Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1

RPM changes:
* php-fpm: add comment about security.limit_extensions in provided conf
* php-fpm: add /etc/sysconfig/php-fpm environment file

--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.3.11-1
- update to 5.3.11
  http://www.php.net/ChangeLog-5.php#5.3.11
- add /etc/sysconfig/php-fpm environment file (#784770)
- php-fpm: add security.limit_extensions in provided conf
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s
        https://bugzilla.redhat.com/show_bug.cgi?id=799187
  [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown
        https://bugzilla.redhat.com/show_bug.cgi?id=789468
--------------------------------------------------------------------------------

================================================================================
 php-eaccelerator-0.9.6.1-9.fc15.3 (FEDORA-2012-6911)
 PHP accelerator, optimizer, encoder and dynamic content cacher
--------------------------------------------------------------------------------
Update Information:

Upstream Security Enhancements:
* Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
* Add open_basedir checks to readline_write_history and readline_read_history.
* Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1

RPM changes:
* php-fpm: add comment about security.limit_extensions in provided conf
* php-fpm: add /etc/sysconfig/php-fpm environment file

--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1:0.9.6.1-9.3
- rebuild against PHP 5.3.11
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s
        https://bugzilla.redhat.com/show_bug.cgi?id=799187
  [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown
        https://bugzilla.redhat.com/show_bug.cgi?id=789468
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test