The following Fedora 15 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2012-8604/qemu-0.14.0-9.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8114/libreoffice-3.3.4.1-5.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8611/hostapd-0.7.3-2.1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8590/groff-1.21-4.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8615/FlightGear-2.0.0-6.fc15,SimGear-2.0.0-6.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-6630/dokuwiki-0-0.10.20110525.a.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-7246/libsoup-2.34.3-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8702/arpwatch-2.1a15-16.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8669/pidgin-2.10.4-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8685/asterisk-1.8.12.2-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8747/nut-2.6.3-4.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8372/kernel-2.6.43.7-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8490/python-crypto-2.3-6.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8488/globus-gridftp-server-6.10-2.fc15,globus-gridftp-server-control-2.5-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8024/openssl-1.0.0j-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-7131/seamonkey-2.9.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8010/sudo-1.7.4p5-5.fc15
The following Fedora 15 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2012-8372/kernel-2.6.43.7-1.fc15
https://admin.fedoraproject.org/updates/iproute-2.6.38.1-7.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8206/mdadm-3.2.5-1.fc15
https://admin.fedoraproject.org/updates/dracut-009-15.fc15
The following builds have been pushed to Fedora 15 updates-testing
Django-south-0.7.5-1.fc15
arpwatch-2.1a15-16.fc15
asterisk-1.8.12.2-1.fc15
dwarves-1.10-1.fc15
gridengine-6.2u5-10.fc15.5
hfsplus-tools-332.14-15.fc15
man-pages-it-2.80-11.fc15
nut-2.6.3-4.fc15
pidgin-2.10.4-1.fc15
recoll-1.17.3-1.fc15
rubygem-rake-compiler-0.8.1-1.fc15
smb4k-1.0.2-1.fc15
synfigstudio-0.63.05-3.1.fc15
Details about builds:
================================================================================
Django-south-0.7.5-1.fc15 (FEDORA-2012-8714)
Intelligent schema migrations for Django apps
--------------------------------------------------------------------------------
Update Information:
Update to new upstream
version.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2012 Domingo Becker <domingobecker@xxxxxxxxx> - 0.7.5-1
- New upstream version.
- Remove docs dir in files section.
- Fixed unpacked directory name.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #826802 - New Upstream Version fixes Django 1.4 issues
https://bugzilla.redhat.com/show_bug.cgi?id=826802
--------------------------------------------------------------------------------
================================================================================
arpwatch-2.1a15-16.fc15 (FEDORA-2012-8702)
Network monitoring tools for tracking IP addresses on a network
--------------------------------------------------------------------------------
Update Information:
with "-u" fix supplementary group list (#825328) (CVE-2012-2653)
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2012 Ale<C5><A1> Ledvinka <aledvink@xxxxxxxxxx> 14:2.1a15-18
- fix supplementary group list (#825328) (CVE-2012-2653)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #825328 - CVE-2012-2653 arpwatch: fails to drop supplementary groups
https://bugzilla.redhat.com/show_bug.cgi?id=825328
--------------------------------------------------------------------------------
================================================================================
asterisk-1.8.12.2-1.fc15 (FEDORA-2012-8685)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced the release of Asterisk 1.8.12.2.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.12.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the following
two issues:
* A remotely exploitable crash vulnerability exists in the IAX2 channel
driver if an established call is placed on hold without a suggested music
class. Asterisk will attempt to use an invalid pointer to the music
on hold class name, potentially causing a crash.
* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
Channel driver. When an SCCP client closes its connection to the server,
a pointer in a structure is set to NULL. If the client was not in the
on-hook state at the time the connection was closed, this pointer is later
dereferenced. This allows remote authenticated connections the ability to
cause a crash in the server, denying services to legitimate users.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-007 and AST-2012-008, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.8.12.2-1
- The Asterisk Development Team has announced the release of Asterisk 1.8.12.2.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.12.2 resolves an issue reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is the issue resolved in this release:
-
- * --- Resolve crash in subscribing for MWI notifications
- (Closes issue ASTERISK-19827. Reported by B. R)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2
* Wed May 30 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.8.12.1-1:
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
- released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the following
- two issues:
-
- * A remotely exploitable crash vulnerability exists in the IAX2 channel
- driver if an established call is placed on hold without a suggested music
- class. Asterisk will attempt to use an invalid pointer to the music
- on hold class name, potentially causing a crash.
-
- * A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
- Channel driver. When an SCCP client closes its connection to the server,
- a pointer in a structure is set to NULL. If the client was not in the
- on-hook state at the time the connection was closed, this pointer is later
- dereferenced. This allows remote authenticated connections the ability to
- cause a crash in the server, denying services to legitimate users.
-
- These issues and their resolution are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-007 and AST-2012-008, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
* Thu May 3 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.8.12.0-1:
- The Asterisk Development Team has announced the release of Asterisk 1.8.12.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.12.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following are the issues resolved in this release:
-
- * --- Prevent chanspy from binding to zombie channels
- (Closes issue ASTERISK-19493. Reported by lvl)
-
- * --- Fix Dial m and r options and forked calls generating warnings
- for voice frames.
- (Closes issue ASTERISK-16901. Reported by Chris Gentle)
-
- * --- Remove ISDN hold restriction for non-bridged calls.
- (Closes issue ASTERISK-19388. Reported by Birger Harzenetter)
-
- * --- Fix copying of CDR(accountcode) to local channels.
- (Closes issue ASTERISK-19384. Reported by jamicque)
-
- * --- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
- (Closes issue ASTERISK-19303. Reported by Jon Tsiros)
-
- * --- Eliminate double close of file descriptor in manager.c
- (Closes issue ASTERISK-18453. Reported by Jaco Kroon)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #826474 - CVE-2012-2947 asterisk: Remote crash in IAX2 channel driver (AST-2012-007)
https://bugzilla.redhat.com/show_bug.cgi?id=826474
--------------------------------------------------------------------------------
================================================================================
dwarves-1.10-1.fc15 (FEDORA-2012-8683)
Debugging Information Manipulation Tools
--------------------------------------------------------------------------------
Update Information:
Adds support for some new GNU tags and DWARF4, which makes it work again on newer distros.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 Arnaldo Carvalho de Melo <acme@xxxxxxxxxx> - 1.10-1
- New release
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Feb 28 2011 * Arnaldo Carvalho de Melo <acme@xxxxxxxxxx> - 1.9-1
- New release
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #742257 - pahole dies with error
https://bugzilla.redhat.com/show_bug.cgi?id=742257
[ 2 ] Bug #772358 - pdwtags 1.9 cannot read files produced by gcc 4.7
https://bugzilla.redhat.com/show_bug.cgi?id=772358
[ 3 ] Bug #811738 - pahole isn't working right
https://bugzilla.redhat.com/show_bug.cgi?id=811738
--------------------------------------------------------------------------------
================================================================================
gridengine-6.2u5-10.fc15.5 (FEDORA-2012-8688)
Grid Engine - Distributed Computing Management software
--------------------------------------------------------------------------------
Update Information:
Avoid %preun failures.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2012 Orion Poplawski <orion@xxxxxxxxxxxxx> 6.2u5-10.5
- Avoid %preun failures (Bug 826668)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #826668 - gridengine uninstall script(s) failed, causing preupgrade to abort, cannot upgrade to f17 cleanly
https://bugzilla.redhat.com/show_bug.cgi?id=826668
--------------------------------------------------------------------------------
================================================================================
hfsplus-tools-332.14-15.fc15 (FEDORA-2012-8741)
Tools to create/check Apple HFS+ filesystems
--------------------------------------------------------------------------------
Update Information:
Add -a alias for -p to fsck.hfsplus
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 Adam Jackson <ajax@xxxxxxxxxx> 332.14-15
- hfsplus-tools-332.14-dash-a.patch: Add -a alias for -p to fsck.hfsplus
(#591362, patch from Chris Bagwell)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 332.14-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Sat Nov 19 2011 Matthew Garrett <mjg@redhat,com> 332.14-13
- hfsplus-tools-332.14-fix-uuid.patch: Fix UUID generation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #591362 - Invalid option -a passed to fsck.hfsplus during boot
https://bugzilla.redhat.com/show_bug.cgi?id=591362
--------------------------------------------------------------------------------
================================================================================
man-pages-it-2.80-11.fc15 (FEDORA-2012-8751)
Italian man (manual) pages from the Linux Documentation Project
--------------------------------------------------------------------------------
Update Information:
Remove hman to avoid collide with man2html
Remove man2html.1
Remove man2html.1
Remove man2html.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2012 Ding-Yi Chen <dchen@xxxxxxxxxx> - 2.80-11
- Remove hman.1 as well.
* Tue May 29 2012 Ding-Yi Chen <dchen@xxxxxxxxxx> - 2.80-10
- Resolves: #825918 - man-pages-it : Conflicts with man2html
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.80-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #825918 - man-pages-it : Conflicts with man2html
https://bugzilla.redhat.com/show_bug.cgi?id=825918
--------------------------------------------------------------------------------
================================================================================
nut-2.6.3-4.fc15 (FEDORA-2012-8747)
Network UPS Tools
--------------------------------------------------------------------------------
Update Information:
fix heap-based buffer overflow due improper processing of non-printable characters in random network data (CVE-2012-2944)
- no change, just updated release number to fix upgrade path
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.6.3-4
- fix heap-based buffer overflow due improper processing of non-printable
characters in random network data (CVE-2012-2944)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #826489 - CVE-2012-2944 nut: Heap-based buffer overflow due improper processing of non-printable characters in random network data
https://bugzilla.redhat.com/show_bug.cgi?id=826489
--------------------------------------------------------------------------------
================================================================================
pidgin-2.10.4-1.fc15 (FEDORA-2012-8669)
A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2012-2214 and CVE-2012-2318.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 2.10.4-1
- Update to 2.10.4, CVE-2012-2214, CVE-2012-2318, BZ 806839, 819454.
- Port to farstream patch upstreamed.
* Wed May 2 2012 Milan Crha <mcrha@xxxxxxxxxx> - 2.10.2-2
- Rebuild against newer evolution-data-server
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #806839 - pidgin-2.10.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=806839
[ 2 ] Bug #819454 - CVE-2012-2214 CVE-2012-2318 pidgin various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=819454
--------------------------------------------------------------------------------
================================================================================
recoll-1.17.3-1.fc15 (FEDORA-2012-8693)
Desktop full text search tool with Qt GUI
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release, fixing a issue in creation of index of mail data.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 Terje Rosten <terje.rosten@xxxxxxx> - 1.17.3-1
- 1.17.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #819408 - [abrt] recoll-1.17.1-1.fc16: std::istream::seekg: Process /usr/bin/recollindex was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=819408
--------------------------------------------------------------------------------
================================================================================
rubygem-rake-compiler-0.8.1-1.fc15 (FEDORA-2012-8717)
Rake-based Ruby C Extension task generator
--------------------------------------------------------------------------------
Update Information:
New version 0.8.1 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 16 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 0.8.1-1
- 0.8.1
* Tue Apr 3 2012 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 0.8.0-3
- Fix conditionals for F17 to work for RHEL 7 as well.
* Sun Jan 22 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 0.8.0-2
- Rebuild against ruby 1.9
--------------------------------------------------------------------------------
================================================================================
smb4k-1.0.2-1.fc15 (FEDORA-2012-8723)
The SMB/CIFS Share Browser for KDE
--------------------------------------------------------------------------------
Update Information:
New upstream release, one bug fix release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2012 Sérgio Basto <sergio@xxxxxxxxxx> 1.0.2
- New upstream release
* Thu May 31 2012 Sérgio Basto <sergio@xxxxxxxxxx> 1.0.1-8
- add patch to fix several bugs, from upcoming release 1.0.2.
* Mon May 7 2012 Sérgio Basto <sergio@xxxxxxxxxx> 1.0.1-7
- add requires cifs-utils, to have mount.cifs
* Thu Apr 19 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.0.1-6
- remove some assumptions about qreal = double
--------------------------------------------------------------------------------
================================================================================
synfigstudio-0.63.05-3.1.fc15 (FEDORA-2012-8689)
Vector-based 2D animation studio
--------------------------------------------------------------------------------
Update Information:
This fix addresses an issue where Shared MIME-Info database cache gets overwritten causing a break of file type recognition in many applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 29 2012 Luya Tshimbalanga <luya@xxxxxxxxxxxxxxxxx> - 0.63.05-3.1
- Really remove all but xml file (rhbz#821740)
* Mon May 21 2012 Luya Tshimbalanga <luya@xxxxxxxxxxxxxxxxx> - 0.63.05-2
- Fix mime.cache issue (rhbz#821740)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #821740 - synfigstudio-0.63.05-1.fc16: package contains wrong files
https://bugzilla.redhat.com/show_bug.cgi?id=821740
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
