The following Fedora 16 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2012-8592/qemu-0.15.1-5.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8596/groff-1.21-4.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-5833/python3-3.2.3-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-6614/gdb-7.3.50.20110722-16.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8363/rt3-3.8.12-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8328/socat-1.7.2.1-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8362/drupal7-7.14-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8465/apache-commons-compress-1.4.1-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8325/moodle-2.0.9-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8464/hostapd-0.7.3-6.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8461/globus-gridftp-server-6.10-2.fc16,globus-gridftp-server-control-2.5-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8014/openssl-1.0.0j-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-7593/tomcat6-6.0.35-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8470/python-crypto-2.3-6.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-7141/seamonkey-2.9.1-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8067/libgssglue-0.4-0.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8021/sudo-1.8.3p1-3.fc16
The following Fedora 16 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2012-8591/python-2.7.3-3.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8601/libvpx-1.0.0-3.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8605/xorg-x11-drv-intel-2.19.0-3.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8587/ppp-2.4.5-21.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8483/qt-4.8.2-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8385/control-center-3.2.3-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8389/pm-utils-1.4.1-13.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8381/colord-0.1.21-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8203/mdadm-3.2.5-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8212/libreport-2.0.10-3.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8210/perl-URI-1.60-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8014/openssl-1.0.0j-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8052/policycoreutils-2.1.4-17.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-6994/upower-0.9.16-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-3319/GConf2-3.2.3-4.fc16
The following builds have been pushed to Fedora 16 updates-testing
groff-1.21-4.fc16
guacamole-common-0.6.0-5.fc16
guacd-0.6.0-6.fc16
hitori-0.3.2-1.fc16
hydra-7.3-10.fc16
irclog2html-2.10.0-4.fc16
ktorrent-4.2.0-3.fc16
libAfterImage-1.20-5.fc16
libguac-0.6.0-6.fc16
libguac-client-vnc-0.6.0-4.fc16
libmodbus-3.0.3-1.fc16
libvpx-1.0.0-3.fc16
man-pages-it-2.80-10.fc16
ompl-0.10.2-1.fc16
perl-Fedora-Rebuild-0.9.0-1.fc16
ppp-2.4.5-21.fc16
python-2.7.3-3.fc16
qemu-0.15.1-5.fc16
rubygem-nokogiri-1.5.2-1.fc16.1
shellinabox-2.14-4.fc16
xca-0.9.3-1.fc16
xorg-x11-drv-intel-2.19.0-3.fc16
zanata-python-client-1.3.6-1.fc16
Details about builds:
================================================================================
groff-1.21-4.fc16 (FEDORA-2012-8596)
A document formatting system
--------------------------------------------------------------------------------
Update Information:
older security fixes:
- CVE-2009-5044: insecure temporary file handling in pdfroff
- CVE-2009-5080: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph
- CVE-2009-5081: roff2.pl and groffer.pl use easy-to-guess temporary file names
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Jan Vcelak <jvcelak@xxxxxxxxxx> 1.21-4
- older security fixes (#709415, #720060):
+ CVE-2009-5044: insecure temporary file handling in pdfroff
+ CVE-2009-5080: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph
+ CVE-2009-5081: roff2.pl and groffer.pl use easy-to-guess temporary file names
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #709413 - CVE-2009-5044 groff: insecure temporary file handling in pdfroff
https://bugzilla.redhat.com/show_bug.cgi?id=709413
[ 2 ] Bug #720058 - CVE-2009-5080 groff: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph
https://bugzilla.redhat.com/show_bug.cgi?id=720058
[ 3 ] Bug #720057 - CVE-2009-5081 groff: roff2.pl and groffer.pl use easy-to-guess temporary file names
https://bugzilla.redhat.com/show_bug.cgi?id=720057
--------------------------------------------------------------------------------
================================================================================
guacamole-common-0.6.0-5.fc16 (FEDORA-2012-8588)
The core Java library used by the Guacamole web application
--------------------------------------------------------------------------------
Update Information:
Guacamole main Java library
--------------------------------------------------------------------------------
================================================================================
guacd-0.6.0-6.fc16 (FEDORA-2012-8584)
Proxy daemon for Guacamole
--------------------------------------------------------------------------------
Update Information:
Guacamole proxy daemon
--------------------------------------------------------------------------------
================================================================================
hitori-0.3.2-1.fc16 (FEDORA-2012-8585)
Logic puzzle game for GNOME
--------------------------------------------------------------------------------
Update Information:
New upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2012 Mario Blättermann <mariobl@xxxxxxxxxxxxxxxxx> - 0.3.2-1
- New upstream version
- Removed the patch because it doesn't depend on libm anymore
- Tweaked the description
* Sat Mar 3 2012 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 0.3.1-4
- Merge F-16 to master as it's a newer version
- Fix FTBFS
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 6 2011 Adam Jackson <ajax@xxxxxxxxxx> - 0.3.1-2
- Rebuild for new libpng
--------------------------------------------------------------------------------
================================================================================
hydra-7.3-10.fc16 (FEDORA-2012-8606)
Very fast network log-on cracker
--------------------------------------------------------------------------------
Update Information:
Fix binaries striping issue
First hydra package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #825860 - hydra 7.3-9 binaries stripped too early
https://bugzilla.redhat.com/show_bug.cgi?id=825860
[ 2 ] Bug #769919 - Review Request: hydra - Very fast network log-on cracker
https://bugzilla.redhat.com/show_bug.cgi?id=769919
--------------------------------------------------------------------------------
================================================================================
irclog2html-2.10.0-4.fc16 (FEDORA-2012-8603)
Script to convert IRC logs to HTML and other formats
--------------------------------------------------------------------------------
Update Information:
* Mon May 28 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-4
- Missing build added (#821438)
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3 - BR updated
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2 - Install section fixed
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3 - BR updated
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2 - Install section fixed
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3 - BR updated
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2 - Install section fixed
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-4
- Missing build added (#821438)
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3
- BR updated
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2
- Install section fixed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #821438 - irclog2html 2.10.0 is completely non-functional
https://bugzilla.redhat.com/show_bug.cgi?id=821438
--------------------------------------------------------------------------------
================================================================================
ktorrent-4.2.0-3.fc16 (FEDORA-2012-8582)
A BitTorrent program
--------------------------------------------------------------------------------
Update Information:
Support magnet links via x-scheme-handler/magnet mimetype
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 29 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.2.0-3
- omit magnet.protocol
- support/use MimeTypes=x-scheme-handler/magnet; instead
* Thu Mar 29 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.2.0-2
- drop ENABLE_KIO_MAGNET, let main app handle it
--------------------------------------------------------------------------------
================================================================================
libAfterImage-1.20-5.fc16 (FEDORA-2012-8609)
A generic image manipulation library
--------------------------------------------------------------------------------
Update Information:
Fix some issues with newer libpng
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 1.20-5
- fix some issues with newer libpng (rhbz#817780)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.20-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 6 2011 Adam Jackson <ajax@xxxxxxxxxx> - 1.20-3
- Rebuild for new libpng
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #817780 - libAfterImage must be rebuilt fot libpng 1.5 in Fedora 17
https://bugzilla.redhat.com/show_bug.cgi?id=817780
--------------------------------------------------------------------------------
================================================================================
libguac-0.6.0-6.fc16 (FEDORA-2012-8599)
The common library used by all C components of Guacamole
--------------------------------------------------------------------------------
Update Information:
Guacamole base library
--------------------------------------------------------------------------------
================================================================================
libguac-client-vnc-0.6.0-4.fc16 (FEDORA-2012-8580)
VNC support for guacd
--------------------------------------------------------------------------------
Update Information:
Guacamole VNC library
--------------------------------------------------------------------------------
================================================================================
libmodbus-3.0.3-1.fc16 (FEDORA-2012-8608)
A Modbus library
--------------------------------------------------------------------------------
Update Information:
Upstream release of libmodbus 3.0.3.
Bugfixes for Linux:
- Fix a missing free in random-test-client
- Fix OMG bug in modbus_mapping_free not freeing memory.
--------------------------------------------------------------------------------
================================================================================
libvpx-1.0.0-3.fc16 (FEDORA-2012-8601)
VP8 Video Codec SDK
--------------------------------------------------------------------------------
Update Information:
Fix pc file handling, including dropping duplicate libvpx.pc and fixing vpx.pc file.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.0-3
- fix vpx.pc file to include -lm (bz825754)
* Fri May 11 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.0-2
- use included vpx.pc file (drop local libvpx.pc)
- apply upstream fix to vpx.pc file (bz 814177)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #825754 - vpx.pc file missing -lm
https://bugzilla.redhat.com/show_bug.cgi?id=825754
--------------------------------------------------------------------------------
================================================================================
man-pages-it-2.80-10.fc16 (FEDORA-2012-8581)
Italian man (manual) pages from the Linux Documentation Project
--------------------------------------------------------------------------------
Update Information:
Remove man2html.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Ding-Yi Chen <dchen@xxxxxxxxxx> - 2.80-10
- Resolves: #825918 - man-pages-it : Conflicts with man2html
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.80-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #825918 - man-pages-it : Conflicts with man2html
https://bugzilla.redhat.com/show_bug.cgi?id=825918
--------------------------------------------------------------------------------
================================================================================
ompl-0.10.2-1.fc16 (FEDORA-2012-8602)
The Open Motion Planning Library
--------------------------------------------------------------------------------
Update Information:
Updated to the latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 15 2012 Rich Mattes <richmattes@xxxxxxxxx> - 0.10.2-1
- Update to release 0.10.2
--------------------------------------------------------------------------------
================================================================================
perl-Fedora-Rebuild-0.9.0-1.fc16 (FEDORA-2012-8593)
Rebuilds Fedora packages from scratch
--------------------------------------------------------------------------------
Update Information:
0.9.0 release brings support for building in mock, for building from private branch, and for anonymous source repository clonning.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 0.9.0-1
- 0.9.0 bump
--------------------------------------------------------------------------------
================================================================================
ppp-2.4.5-21.fc16 (FEDORA-2012-8587)
The Point-to-Point Protocol daemon
--------------------------------------------------------------------------------
Update Information:
Various bugfixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Michal Sekletar <msekleta@xxxxxxxxxx>
- Resolves: #817011 - fixed ppp-2.4.5-eaptls-mppe-0.99 patch, added variable definition
* Mon May 21 2012 Michal Sekletar <msekleta@xxxxxxxxxx>
- Resolves: #817013 - fixed support for multilink channels in pppol2tp plugin
* Thu May 17 2012 Michal Sekletar <msekleta@xxxxxxxxxx>
- Resolves: #771340 - fixed compilation of pppd without USE_EAPTLS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #771340 - fix compiling pppd without USE_EAPTLS
https://bugzilla.redhat.com/show_bug.cgi?id=771340
[ 2 ] Bug #817013 - openl2tp plugin is built incorrectly.
https://bugzilla.redhat.com/show_bug.cgi?id=817013
[ 3 ] Bug #817011 - pppd passwordfd.so plugin doesn't load
https://bugzilla.redhat.com/show_bug.cgi?id=817011
--------------------------------------------------------------------------------
================================================================================
python-2.7.3-3.fc16 (FEDORA-2012-8591)
An interpreted, interactive, object-oriented programming language
--------------------------------------------------------------------------------
Update Information:
Fix for symlink issue with python-config (bug 813836) introduced in python-2.7.3-1.fc16
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 19 2012 David Malcolm <dmalcolm@xxxxxxxxxx> - 2.7.3-3
- add explicit version requirements on expat to avoid linkage problems with
XML_SetHashSalt
* Wed Apr 18 2012 David Malcolm <dmalcolm@xxxxxxxxxx> - 2.7.3-2
- fix -config symlinks (patch 112; rhbz#813836)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #813836 - /usr/bin/python-config points to /usr/bin/python2-config instead of /usr/bin/python2.7-config
https://bugzilla.redhat.com/show_bug.cgi?id=813836
--------------------------------------------------------------------------------
================================================================================
qemu-0.15.1-5.fc16 (FEDORA-2012-8592)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
* CVE-2012-0029 e1000 buffer overflow (bz 825895, bz 772075)
* virtio-blk: refuse SG_IO requests with scsi=off (bz 826042)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Cole Robinson <crobinso@xxxxxxxxxx> - 0.15.1-5
- CVE-2012-0029 e1000 buffer overflow (bz 783984, bz 772075)
- virtio-blk: refuse SG_IO requests with scsi=off (bz 826042)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #772075 - CVE-2012-0029 qemu: e1000: process_tx_desc legacy mode packets heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=772075
--------------------------------------------------------------------------------
================================================================================
rubygem-nokogiri-1.5.2-1.fc16.1 (FEDORA-2012-8607)
An HTML, XML, SAX, and Reader parser
--------------------------------------------------------------------------------
Update Information:
Fix Obsoletes management on ruby-nokogiri
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx>
- Fix Obsoletes (bug 822931)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #822931 - For F16 rubygem-nokogiri incorrectly obsoletes ruby-nokogiri
https://bugzilla.redhat.com/show_bug.cgi?id=822931
--------------------------------------------------------------------------------
================================================================================
shellinabox-2.14-4.fc16 (FEDORA-2012-8589)
Web based AJAX terminal emulator
--------------------------------------------------------------------------------
Update Information:
Web based AJAX terminal emulator
--------------------------------------------------------------------------------
================================================================================
xca-0.9.3-1.fc16 (FEDORA-2012-8597)
Graphical X.509 certificate management tool
--------------------------------------------------------------------------------
Update Information:
* Mon May 14 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.9.3-1
- New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 14 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.9.3-1
- New upstream release.
* Mon May 7 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.9.2-1
- New upstream release.
- Patch "french" to update french translation.
--------------------------------------------------------------------------------
================================================================================
xorg-x11-drv-intel-2.19.0-3.fc16 (FEDORA-2012-8605)
Xorg X11 Intel video driver
--------------------------------------------------------------------------------
Update Information:
Upstream 2.19.0 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Adam Jackson <ajax@xxxxxxxxxx> 2.19.0-3
- Don't autoreconf the driver, fixes build on F16.
* Mon May 21 2012 Adam Jackson <ajax@xxxxxxxxxx> 2.19.0-2
- Disable UMS support in RHEL.
- Trim some Requires that haven't been needed since F15.
* Thu May 3 2012 Adam Jackson <ajax@xxxxxxxxxx> 2.19.0-1
- intel 2.19.0
* Tue Apr 24 2012 Adam Jackson <ajax@xxxxxxxxxx> 2.18.0-2
- intel-2.18-fedora-branch.patch: Backport stuff from post-2.18 git.
* Fri Feb 24 2012 Adam Jackson <ajax@xxxxxxxxxx> 2.18.0-1
- intel 2.18.0
* Sat Feb 11 2012 Peter Hutterer <peter.hutterer@xxxxxxxxxx> - 2.17.0-10
- ABI rebuild
* Fri Feb 10 2012 Peter Hutterer <peter.hutterer@xxxxxxxxxx> - 2.17.0-9
- ABI rebuild
--------------------------------------------------------------------------------
================================================================================
zanata-python-client-1.3.6-1.fc16 (FEDORA-2012-8598)
Python Client for Zanata Server
--------------------------------------------------------------------------------
Update Information:
- Fixed rhbz#814593, "TypeError: 'unicode' object does not support item assignment" when pulling translation from server
- Fixed rhbz#820046, Python client generates empty msgctxt "" when pushing
- Fixed rhbz#795643, Python client pushes extracted comments instead of translator comments
- Add option --disable-ssl-cert to python client-
- Add help message for noskeletons option in pull, change content of Error 403
- Fixed the query param of skeletons
- Implment --push-type option, omit --push-trans when specify --push-type option
- Refactoring code and remove duplicate code
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2012 James Ni <jni@xxxxxxxxxx> - 1.3.6-1
- Fixed rhbz#814593, "TypeError: 'unicode' object does not support item assignment" when pulling translation from server
- Fixed rhbz#820046, Python client generates empty msgctxt "" when pushing
- Fixed rhbz#795643, Python client pushes extracted comments instead of translator comments
- Add option --disable-ssl-cert to python client
- Add help message for noskeletons option in pull, change content of Error 403
- Fixed the query param of skeletons
- Implment --push-type option, omit --push-trans when specify --push-type option
- Refactoring code and remove duplicate code
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #814593 - "TypeError: 'unicode' object does not support item assignment" when pulling translation from server
https://bugzilla.redhat.com/show_bug.cgi?id=814593
[ 2 ] Bug #820046 - Python client generates empty msgctxt "" when pushing
https://bugzilla.redhat.com/show_bug.cgi?id=820046
[ 3 ] Bug #795643 - Python client pushes extracted comments instead of translator comments
https://bugzilla.redhat.com/show_bug.cgi?id=795643
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
