Fedora 15 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 15 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-2012-8604/qemu-0.14.0-9.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8114/libreoffice-3.3.4.1-5.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8611/hostapd-0.7.3-2.1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8590/groff-1.21-4.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6630/dokuwiki-0-0.10.20110525.a.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-7246/libsoup-2.34.3-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8339/rt3-3.8.12-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8360/drupal7-7.14-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8365/moodle-1.9.18-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8372/kernel-2.6.43.7-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8490/python-crypto-2.3-6.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8488/globus-gridftp-server-6.10-2.fc15,globus-gridftp-server-control-2.5-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8024/openssl-1.0.0j-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-7131/seamonkey-2.9.1-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8010/sudo-1.7.4p5-5.fc15


The following Fedora 15 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/FEDORA-2012-8372/kernel-2.6.43.7-1.fc15
    https://admin.fedoraproject.org/updates/iproute-2.6.38.1-7.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8206/mdadm-3.2.5-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8027/libogg-1.3.0-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8010/sudo-1.7.4p5-5.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8024/openssl-1.0.0j-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-7909/perl-5.12.4-166.fc15
    https://admin.fedoraproject.org/updates/dracut-009-15.fc15


The following builds have been pushed to Fedora 15 updates-testing

    groff-1.21-4.fc15
    hostapd-0.7.3-2.1.fc15
    irclog2html-2.10.0-4.fc15
    libAfterImage-1.20-5.fc15
    man-pages-it-2.80-10.fc15
    qemu-0.14.0-9.fc15
    shellinabox-2.14-4.fc15
    xca-0.9.3-1.fc15
    zanata-python-client-1.3.6-1.fc15

Details about builds:


================================================================================
 groff-1.21-4.fc15 (FEDORA-2012-8590)
 A document formatting system
--------------------------------------------------------------------------------
Update Information:

older security fixes:

- CVE-2009-5044: insecure temporary file handling in pdfroff
- CVE-2009-5080: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph
- CVE-2009-5081: roff2.pl and groffer.pl use easy-to-guess temporary file names
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 29 2012 Jan Vcelak <jvcelak@xxxxxxxxxx> 1.21-4
- older security fixes (#709415, #720060):
  + CVE-2009-5044: insecure temporary file handling in pdfroff
  + CVE-2009-5080: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph
  + CVE-2009-5081: roff2.pl and groffer.pl use easy-to-guess temporary file names
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #709413 - CVE-2009-5044 groff: insecure temporary file handling in pdfroff
        https://bugzilla.redhat.com/show_bug.cgi?id=709413
  [ 2 ] Bug #720058 - CVE-2009-5080 groff: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph
        https://bugzilla.redhat.com/show_bug.cgi?id=720058
  [ 3 ] Bug #720057 - CVE-2009-5081 groff: roff2.pl and groffer.pl use easy-to-guess temporary file names
        https://bugzilla.redhat.com/show_bug.cgi?id=720057
--------------------------------------------------------------------------------


================================================================================
 hostapd-0.7.3-2.1.fc15 (FEDORA-2012-8611)
 IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
--------------------------------------------------------------------------------
Update Information:

Tighten-up default permissions for hostapd.conf (CVE-2012-2389)
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 29 2012 John W. Linville <linville@xxxxxxxxxx> - 0.7.3-2.1.fc15
- Tighten-up default permissions for hostapd.conf
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #826109 - CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=826109
--------------------------------------------------------------------------------


================================================================================
 irclog2html-2.10.0-4.fc15 (FEDORA-2012-8586)
 Script to convert IRC logs to HTML and other formats
--------------------------------------------------------------------------------
Update Information:

* Mon May 28 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-4
- Missing build added (#821438)
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3 - BR updated 

* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2 - Install section fixed
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3 - BR updated 

* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2 - Install section fixed
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3 - BR updated 

* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2 - Install section fixed
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 28 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-4
- Missing build added (#821438)
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-3
- BR updated
* Mon May 14 2012 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.10.0-2
- Install section fixed
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #821438 - irclog2html 2.10.0 is completely non-functional
        https://bugzilla.redhat.com/show_bug.cgi?id=821438
--------------------------------------------------------------------------------


================================================================================
 libAfterImage-1.20-5.fc15 (FEDORA-2012-8610)
 A generic image manipulation library
--------------------------------------------------------------------------------
Update Information:

Fix some issues with newer libpng
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 28 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 1.20-5
- fix some issues with newer libpng (rhbz#817780)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.20-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec  6 2011 Adam Jackson <ajax@xxxxxxxxxx> - 1.20-3
- Rebuild for new libpng
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #817780 - libAfterImage must be rebuilt fot libpng 1.5 in Fedora 17
        https://bugzilla.redhat.com/show_bug.cgi?id=817780
--------------------------------------------------------------------------------


================================================================================
 man-pages-it-2.80-10.fc15 (FEDORA-2012-8594)
 Italian man (manual) pages from the Linux Documentation Project
--------------------------------------------------------------------------------
Update Information:

Remove man2html.1
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 29 2012 Ding-Yi Chen <dchen@xxxxxxxxxx> - 2.80-10
- Resolves: #825918 - man-pages-it : Conflicts with man2html
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.80-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #825918 - man-pages-it : Conflicts with man2html
        https://bugzilla.redhat.com/show_bug.cgi?id=825918
--------------------------------------------------------------------------------


================================================================================
 qemu-0.14.0-9.fc15 (FEDORA-2012-8604)
 QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:

* CVE-2011-1750 virtio-blk: heap buffer overflow (bz 698906, bz 698911)
* CVE-2011-2527 set groups properly for -runas (bz 720773, bz 720784)
* CVE-2012-0029 e1000 buffer overflow (bz 783984, bz 772075)
* virtio-blk: refuse SG_IO requests with scsi=off (bz 770135)
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 29 2012 Cole Robinson <crobinso@xxxxxxxxxx> - 0.14.0-9
- CVE-2011-1750 virtio-blk: heap buffer overflow (bz 698906, bz 698911)
- CVE-2011-2527 set groups properly for -runas (bz 720773, bz 720784)
- CVE-2012-0029 e1000 buffer overflow (bz 783984, bz 772075)
- virtio-blk: refuse SG_IO requests with scsi=off (bz 770135)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #698906 - CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests
        https://bugzilla.redhat.com/show_bug.cgi?id=698906
  [ 2 ] Bug #720773 - CVE-2011-2527 qemu: when started as root, extra groups are not dropped correctly
        https://bugzilla.redhat.com/show_bug.cgi?id=720773
  [ 3 ] Bug #772075 - CVE-2012-0029 qemu: e1000: process_tx_desc legacy mode packets heap overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=772075
--------------------------------------------------------------------------------


================================================================================
 shellinabox-2.14-4.fc15 (FEDORA-2012-8583)
 Web based AJAX terminal emulator
--------------------------------------------------------------------------------
Update Information:

Web based AJAX terminal emulator
--------------------------------------------------------------------------------


================================================================================
 xca-0.9.3-1.fc15 (FEDORA-2012-8600)
 Graphical X.509 certificate management tool
--------------------------------------------------------------------------------
Update Information:

* Mon May 14 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.9.3-1
- New upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 14 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.9.3-1
- New upstream release.
* Mon May  7 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.9.2-1
- New upstream release.
- Patch "french" to update french translation.
--------------------------------------------------------------------------------


================================================================================
 zanata-python-client-1.3.6-1.fc15 (FEDORA-2012-8595)
 Python Client for Zanata Server
--------------------------------------------------------------------------------
Update Information:

- Fixed rhbz#814593, "TypeError: 'unicode' object does not support item assignment" when pulling translation from server
- Fixed rhbz#820046, Python client generates empty msgctxt "" when pushing
- Fixed rhbz#795643, Python client pushes extracted comments instead of translator comments
- Add option --disable-ssl-cert to python client-
- Add help message for noskeletons option in pull, change content of Error 403
- Fixed the query param of skeletons
- Implment --push-type option, omit --push-trans when specify --push-type option
- Refactoring code and remove duplicate code
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 28 2012 James Ni <jni@xxxxxxxxxx> - 1.3.6-1
- Fixed rhbz#814593, "TypeError: 'unicode' object does not support item assignment" when pulling translation from server
- Fixed rhbz#820046, Python client generates empty msgctxt "" when pushing
- Fixed rhbz#795643, Python client pushes extracted comments instead of translator comments
- Add option --disable-ssl-cert to python client 
- Add help message for noskeletons option in pull, change content of Error 403
- Fixed the query param of skeletons
- Implment --push-type option, omit --push-trans when specify --push-type option
- Refactoring code and remove duplicate code
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #814593 - "TypeError: 'unicode' object does not support item assignment" when pulling translation from server
        https://bugzilla.redhat.com/show_bug.cgi?id=814593
  [ 2 ] Bug #820046 - Python client generates empty msgctxt "" when pushing
        https://bugzilla.redhat.com/show_bug.cgi?id=820046
  [ 3 ] Bug #795643 - Python client pushes extracted comments instead of translator comments
        https://bugzilla.redhat.com/show_bug.cgi?id=795643
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux