The following Fedora 15 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2012-8604/qemu-0.14.0-9.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8114/libreoffice-3.3.4.1-5.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8611/hostapd-0.7.3-2.1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8590/groff-1.21-4.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-6630/dokuwiki-0-0.10.20110525.a.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-7246/libsoup-2.34.3-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8339/rt3-3.8.12-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8360/drupal7-7.14-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8365/moodle-1.9.18-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8372/kernel-2.6.43.7-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8490/python-crypto-2.3-6.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8488/globus-gridftp-server-6.10-2.fc15,globus-gridftp-server-control-2.5-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8024/openssl-1.0.0j-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-7131/seamonkey-2.9.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8010/sudo-1.7.4p5-5.fc15
The following Fedora 15 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2012-8372/kernel-2.6.43.7-1.fc15
https://admin.fedoraproject.org/updates/iproute-2.6.38.1-7.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8206/mdadm-3.2.5-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8027/libogg-1.3.0-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8010/sudo-1.7.4p5-5.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8024/openssl-1.0.0j-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-7909/perl-5.12.4-166.fc15
https://admin.fedoraproject.org/updates/dracut-009-15.fc15
The following builds have been pushed to Fedora 15 updates-testing
groff-1.21-4.fc15
hostapd-0.7.3-2.1.fc15
irclog2html-2.10.0-4.fc15
libAfterImage-1.20-5.fc15
man-pages-it-2.80-10.fc15
qemu-0.14.0-9.fc15
shellinabox-2.14-4.fc15
xca-0.9.3-1.fc15
zanata-python-client-1.3.6-1.fc15
Details about builds:
================================================================================
groff-1.21-4.fc15 (FEDORA-2012-8590)
A document formatting system
--------------------------------------------------------------------------------
Update Information:
older security fixes:
- CVE-2009-5044: insecure temporary file handling in pdfroff
- CVE-2009-5080: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph
- CVE-2009-5081: roff2.pl and groffer.pl use easy-to-guess temporary file names
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Jan Vcelak <jvcelak@xxxxxxxxxx> 1.21-4
- older security fixes (#709415, #720060):
+ CVE-2009-5044: insecure temporary file handling in pdfroff
+ CVE-2009-5080: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph
+ CVE-2009-5081: roff2.pl and groffer.pl use easy-to-guess temporary file names
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #709413 - CVE-2009-5044 groff: insecure temporary file handling in pdfroff
https://bugzilla.redhat.com/show_bug.cgi?id=709413
[ 2 ] Bug #720058 - CVE-2009-5080 groff: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph
https://bugzilla.redhat.com/show_bug.cgi?id=720058
[ 3 ] Bug #720057 - CVE-2009-5081 groff: roff2.pl and groffer.pl use easy-to-guess temporary file names
https://bugzilla.redhat.com/show_bug.cgi?id=720057
--------------------------------------------------------------------------------
================================================================================
hostapd-0.7.3-2.1.fc15 (FEDORA-2012-8611)
IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
--------------------------------------------------------------------------------
Update Information:
Tighten-up default permissions for hostapd.conf (CVE-2012-2389)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 John W. Linville <linville@xxxxxxxxxx> - 0.7.3-2.1.fc15
- Tighten-up default permissions for hostapd.conf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #826109 - CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=826109
--------------------------------------------------------------------------------
================================================================================
irclog2html-2.10.0-4.fc15 (FEDORA-2012-8586)
Script to convert IRC logs to HTML and other formats
--------------------------------------------------------------------------------
Update Information:
* Mon May 28 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-4
- Missing build added (#821438)
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3 - BR updated
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2 - Install section fixed
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3 - BR updated
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2 - Install section fixed
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3 - BR updated
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2 - Install section fixed
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-4
- Missing build added (#821438)
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3
- BR updated
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2
- Install section fixed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #821438 - irclog2html 2.10.0 is completely non-functional
https://bugzilla.redhat.com/show_bug.cgi?id=821438
--------------------------------------------------------------------------------
================================================================================
libAfterImage-1.20-5.fc15 (FEDORA-2012-8610)
A generic image manipulation library
--------------------------------------------------------------------------------
Update Information:
Fix some issues with newer libpng
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 1.20-5
- fix some issues with newer libpng (rhbz#817780)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.20-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 6 2011 Adam Jackson <ajax@xxxxxxxxxx> - 1.20-3
- Rebuild for new libpng
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #817780 - libAfterImage must be rebuilt fot libpng 1.5 in Fedora 17
https://bugzilla.redhat.com/show_bug.cgi?id=817780
--------------------------------------------------------------------------------
================================================================================
man-pages-it-2.80-10.fc15 (FEDORA-2012-8594)
Italian man (manual) pages from the Linux Documentation Project
--------------------------------------------------------------------------------
Update Information:
Remove man2html.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Ding-Yi Chen <dchen@xxxxxxxxxx> - 2.80-10
- Resolves: #825918 - man-pages-it : Conflicts with man2html
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.80-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #825918 - man-pages-it : Conflicts with man2html
https://bugzilla.redhat.com/show_bug.cgi?id=825918
--------------------------------------------------------------------------------
================================================================================
qemu-0.14.0-9.fc15 (FEDORA-2012-8604)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
* CVE-2011-1750 virtio-blk: heap buffer overflow (bz 698906, bz 698911)
* CVE-2011-2527 set groups properly for -runas (bz 720773, bz 720784)
* CVE-2012-0029 e1000 buffer overflow (bz 783984, bz 772075)
* virtio-blk: refuse SG_IO requests with scsi=off (bz 770135)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Cole Robinson <crobinso@xxxxxxxxxx> - 0.14.0-9
- CVE-2011-1750 virtio-blk: heap buffer overflow (bz 698906, bz 698911)
- CVE-2011-2527 set groups properly for -runas (bz 720773, bz 720784)
- CVE-2012-0029 e1000 buffer overflow (bz 783984, bz 772075)
- virtio-blk: refuse SG_IO requests with scsi=off (bz 770135)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #698906 - CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests
https://bugzilla.redhat.com/show_bug.cgi?id=698906
[ 2 ] Bug #720773 - CVE-2011-2527 qemu: when started as root, extra groups are not dropped correctly
https://bugzilla.redhat.com/show_bug.cgi?id=720773
[ 3 ] Bug #772075 - CVE-2012-0029 qemu: e1000: process_tx_desc legacy mode packets heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=772075
--------------------------------------------------------------------------------
================================================================================
shellinabox-2.14-4.fc15 (FEDORA-2012-8583)
Web based AJAX terminal emulator
--------------------------------------------------------------------------------
Update Information:
Web based AJAX terminal emulator
--------------------------------------------------------------------------------
================================================================================
xca-0.9.3-1.fc15 (FEDORA-2012-8600)
Graphical X.509 certificate management tool
--------------------------------------------------------------------------------
Update Information:
* Mon May 14 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.9.3-1
- New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 14 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.9.3-1
- New upstream release.
* Mon May 7 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.9.2-1
- New upstream release.
- Patch "french" to update french translation.
--------------------------------------------------------------------------------
================================================================================
zanata-python-client-1.3.6-1.fc15 (FEDORA-2012-8595)
Python Client for Zanata Server
--------------------------------------------------------------------------------
Update Information:
- Fixed rhbz#814593, "TypeError: 'unicode' object does not support item assignment" when pulling translation from server
- Fixed rhbz#820046, Python client generates empty msgctxt "" when pushing
- Fixed rhbz#795643, Python client pushes extracted comments instead of translator comments
- Add option --disable-ssl-cert to python client-
- Add help message for noskeletons option in pull, change content of Error 403
- Fixed the query param of skeletons
- Implment --push-type option, omit --push-trans when specify --push-type option
- Refactoring code and remove duplicate code
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2012 James Ni <jni@xxxxxxxxxx> - 1.3.6-1
- Fixed rhbz#814593, "TypeError: 'unicode' object does not support item assignment" when pulling translation from server
- Fixed rhbz#820046, Python client generates empty msgctxt "" when pushing
- Fixed rhbz#795643, Python client pushes extracted comments instead of translator comments
- Add option --disable-ssl-cert to python client
- Add help message for noskeletons option in pull, change content of Error 403
- Fixed the query param of skeletons
- Implment --push-type option, omit --push-trans when specify --push-type option
- Refactoring code and remove duplicate code
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #814593 - "TypeError: 'unicode' object does not support item assignment" when pulling translation from server
https://bugzilla.redhat.com/show_bug.cgi?id=814593
[ 2 ] Bug #820046 - Python client generates empty msgctxt "" when pushing
https://bugzilla.redhat.com/show_bug.cgi?id=820046
[ 3 ] Bug #795643 - Python client pushes extracted comments instead of translator comments
https://bugzilla.redhat.com/show_bug.cgi?id=795643
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
