The following Fedora 16 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2012-8647/FlightGear-2.4.0-2.fc16,SimGear-2.4.0-4.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8592/qemu-0.15.1-5.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8596/groff-1.21-4.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8646/hostapd-0.7.3-7.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-5833/python3-3.2.3-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-6614/gdb-7.3.50.20110722-16.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8363/rt3-3.8.12-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8328/socat-1.7.2.1-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8362/drupal7-7.14-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8465/apache-commons-compress-1.4.1-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8325/moodle-2.0.9-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8461/globus-gridftp-server-6.10-2.fc16,globus-gridftp-server-control-2.5-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8014/openssl-1.0.0j-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-7593/tomcat6-6.0.35-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8470/python-crypto-2.3-6.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8067/libgssglue-0.4-0.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8021/sudo-1.8.3p1-3.fc16
The following Fedora 16 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2012-8617/gnutls-2.12.14-3.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8601/libvpx-1.0.0-3.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8605/xorg-x11-drv-intel-2.19.0-3.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8587/ppp-2.4.5-21.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8483/qt-4.8.2-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8385/control-center-3.2.3-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8389/pm-utils-1.4.1-13.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8381/colord-0.1.21-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8203/mdadm-3.2.5-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8212/libreport-2.0.10-3.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8210/perl-URI-1.60-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8014/openssl-1.0.0j-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-8052/policycoreutils-2.1.4-17.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-6994/upower-0.9.16-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2012-3319/GConf2-3.2.3-4.fc16
The following builds have been pushed to Fedora 16 updates-testing
BitchX-1.2-11.fc16
FlightGear-2.4.0-2.fc16
SimGear-2.4.0-4.fc16
fcitx-configtool-0.4.3-2.fc16
gfalFS-1.0.0-0.3.20120503010snap.fc16
gnutls-2.12.14-3.fc16
hostapd-0.7.3-7.fc16
mod_auth_token-1.0.5-2.fc16
newlisp-10.4.3-2.fc16
perl-CPAN-Perl-Releases-0.58-1.fc16
qt-4.8.2-2.fc16
xmonad-0.10-3.6.fc16
Details about builds:
================================================================================
BitchX-1.2-11.fc16 (FEDORA-2012-8613)
IrcII chat client
--------------------------------------------------------------------------------
Update Information:
updated source/bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Dan Mashal <vicodan@xxxxxxxxxxxxxxxxx> 1.2-11
-Updated to latest source code (svn rev 199)
--------------------------------------------------------------------------------
================================================================================
FlightGear-2.4.0-2.fc16 (FEDORA-2012-8647)
The FlightGear Flight Simulator
--------------------------------------------------------------------------------
Update Information:
Fixes for CVE-2012-2090 CVE-2012-2091
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 2.4.0-2
- check that printf format strings are never %n (CVE-2012-2090)
- use snprintf with a max size of 256 to prevent rotor name overflow (CVE-2012-2091)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #811617 - CVE-2012-2090 SimGear, FlightGear: Multiple format string flaws
https://bugzilla.redhat.com/show_bug.cgi?id=811617
[ 2 ] Bug #811630 - CVE-2012-2091 FlightGear: Stack-buffer overflow by retrieving crafted rotor name
https://bugzilla.redhat.com/show_bug.cgi?id=811630
--------------------------------------------------------------------------------
================================================================================
SimGear-2.4.0-4.fc16 (FEDORA-2012-8647)
Simulation library components
--------------------------------------------------------------------------------
Update Information:
Fixes for CVE-2012-2090 CVE-2012-2091
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 2.4.0-4
- check to be sure that %n is not being set as format type (CVE-2012-2090)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #811617 - CVE-2012-2090 SimGear, FlightGear: Multiple format string flaws
https://bugzilla.redhat.com/show_bug.cgi?id=811617
[ 2 ] Bug #811630 - CVE-2012-2091 FlightGear: Stack-buffer overflow by retrieving crafted rotor name
https://bugzilla.redhat.com/show_bug.cgi?id=811630
--------------------------------------------------------------------------------
================================================================================
fcitx-configtool-0.4.3-2.fc16 (FEDORA-2012-8620)
Gtk configuretool for Fcitx
--------------------------------------------------------------------------------
Update Information:
Fix Segenttation Fault on GTK3
Initial Release for fcitx-configtool
Initial Release for fcitx-configtool
Initial Release for fcitx-configtool
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #821165 - Review Request: fcitx-configtool - Gtk configuretool for Fcitx
https://bugzilla.redhat.com/show_bug.cgi?id=821165
--------------------------------------------------------------------------------
================================================================================
gfalFS-1.0.0-0.3.20120503010snap.fc16 (FEDORA-2012-8625)
Filesystem client based on GFAL 2.0
--------------------------------------------------------------------------------
Update Information:
initial import of gfalFS
--------------------------------------------------------------------------------
================================================================================
gnutls-2.12.14-3.fc16 (FEDORA-2012-8617)
A TLS protocol implementation
--------------------------------------------------------------------------------
Update Information:
Minor bugfix for use with non-blocking sockets.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 Tomas Mraz <tmraz@xxxxxxxxxx> 2.12.14-3
- fix use with non-blocking sockets (#826293)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #826293 - Client using gnutls hangs forever because gnutls_record_get_direction() lies.
https://bugzilla.redhat.com/show_bug.cgi?id=826293
--------------------------------------------------------------------------------
================================================================================
hostapd-0.7.3-7.fc16 (FEDORA-2012-8646)
IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
--------------------------------------------------------------------------------
Update Information:
Fixup typo in configuration file path in hostapd.service
Tighten-up default permissions for hostapd.conf (CVE-2012-2389)
Add BuildRequires for systemd-units
Fixup typo in configuration file path in hostapd.service
Tighten-up default permissions for hostapd.conf (CVE-2012-2389)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 John W. Linville <linville@xxxxxxxxxx> - 0.7.3-7
- Add BuildRequires for systemd-units
* Fri May 25 2012 John W. Linville <linville@xxxxxxxxxx> - 0.7.3-6
- Fixup typo in configuration file path in hostapd.service
- Tighten-up default permissions for hostapd.conf
* Tue Feb 28 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 0.7.3-5
- Migrate to systemd, BZ 770310.
* Wed Jan 18 2012 John W. Linville <linville@xxxxxxxxxx> - 0.7.3-4
- Add reference to sample hostapd.conf in the default installed version
- Include README-WPS from the hostapd distribution as part of the docs
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #824661 - CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=824661
--------------------------------------------------------------------------------
================================================================================
mod_auth_token-1.0.5-2.fc16 (FEDORA-2012-8628)
Token based URI access module for Apache
--------------------------------------------------------------------------------
Update Information:
mod_auth_token allow you to generate URIS for a determined time window,
you can also limit them by IP. This is very useful to handle file
downloads, generated URIS can't be hot-linked (after it expires), also
it allows you to protect very large files that can't be piped trough a
script languages due to memory limitation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #633240 - Review Request: mod_auth_token - token based URI access for apache
https://bugzilla.redhat.com/show_bug.cgi?id=633240
--------------------------------------------------------------------------------
================================================================================
newlisp-10.4.3-2.fc16 (FEDORA-2012-8626)
Lisp-like general purpose scripting
--------------------------------------------------------------------------------
Update Information:
"Adds support for more ARCHs"
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Dan Horák <dan[at]danny.cz> 10.4.3-2
- allow build on all arches
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-0.58-1.fc16 (FEDORA-2012-8642)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
This update includes v5.16.0 and v5.17.0.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Iain Arnell <iarnell@xxxxxxxxx> 0.58-1
- update to latest upstream version
* Fri May 18 2012 Iain Arnell <iarnell@xxxxxxxxx> 0.52-1
- update to latest upstream version
--------------------------------------------------------------------------------
================================================================================
qt-4.8.2-2.fc16 (FEDORA-2012-8483)
Qt toolkit
--------------------------------------------------------------------------------
Update Information:
Update to 4.8.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Than Ngo <than@xxxxxxxxxx> - 4.8.2-2
- fix bz#820767, lrelease-qt4 tries to run qmake not qmake-qt4
* Tue May 22 2012 Than Ngo <than@xxxxxxxxxx> - 4.8.2-1
- 4.8.2
* Fri May 18 2012 Than Ngo <than@xxxxxxxxxx> - 4.8.1-15
- add rhel/fedora condition
* Thu May 17 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.8.1-14
- Can't build 32bit Qt release application on 64bit (#822710)
* Wed May 16 2012 Than Ngo <than@xxxxxxxxxx> - 4.8.1-13
- add upstream patch to fix crash on big endian machine
* Fri May 11 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.8.1-12
- enable debuginfo in libQt3Support
* Fri May 11 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.8.1-11
- lrelease-qt4 tries to run qmake not qmake-qt4 (#820767)
* Thu May 10 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.8.1-10
- Requires: qt-settings (f17+)
* Tue May 8 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.8.1-9
- rebuild (libtiff)
* Thu May 3 2012 Than Ngo <than@xxxxxxxxxx> - 4.8.1-8
- add rhel/fedora condition
* Wed Apr 18 2012 Than Ngo <than@xxxxxxxxxx> - 4.8.1-7
- add rhel condition
* Tue Apr 17 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.8.1-6
- omit qdbusconnection warnings in release/no-debug mode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #820767 - lrelease-qt4 tries to run qmake not qmake-qt4
https://bugzilla.redhat.com/show_bug.cgi?id=820767
--------------------------------------------------------------------------------
================================================================================
xmonad-0.10-3.6.fc16 (FEDORA-2012-8484)
A tiling window manager
--------------------------------------------------------------------------------
Update Information:
recompile user binary at startup if it has broken shared libraries
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 Jens Petersen <petersen@xxxxxxxxxx> - 0.10-3.6
- fix user binary ldd check on i686/i386 using "uname -i" not "arch",
and then recompile directly instead of just touching xmonad.hs first
* Fri May 25 2012 Jens Petersen <petersen@xxxxxxxxxx> - 0.10-3.5
- xmonad-start: if user binary has missing shared lib dependencies
touch xmonad.hs so it gets recompiled (#806624 reported by Erik Streb)
- try delaying manpage terminal startup 5s to avoid window resize
- add license to ghc_files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #806624 - config dynlinked against older xmonad version breaks when version is updated
https://bugzilla.redhat.com/show_bug.cgi?id=806624
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
