The following Fedora 15 Security updates need testing: https://admin.fedoraproject.org/updates/FEDORA-2012-8114/libreoffice-3.3.4.1-5.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8615/FlightGear-2.0.0-6.fc15,SimGear-2.0.0-6.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6630/dokuwiki-0-0.10.20110525.a.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-7246/libsoup-2.34.3-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8702/arpwatch-2.1a15-16.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8669/pidgin-2.10.4-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8685/asterisk-1.8.12.2-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8747/nut-2.6.3-4.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8805/krb5-1.9.3-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8912/rubygem-actionpack-3.0.5-8.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8915/postgresql-9.0.8-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8911/php-symfony-symfony-1.4.18-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8960/mumble-1.2.3-4.fc15.1 https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8972/rubygem-activerecord-3.0.5-3.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-7131/seamonkey-2.9.1-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8010/sudo-1.7.4p5-5.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8931/kernel-2.6.43.8-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8962/bind-9.8.3-2.P1.fc15 The following Fedora 15 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/perl-Gtk2-MozEmbed-0.09-1.fc15.12,gnome-python2-extras-2.25.3-35.fc15.8,firefox-13.0-1.fc15,xulrunner-13.0-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8931/kernel-2.6.43.8-1.fc15 https://admin.fedoraproject.org/updates/iproute-2.6.38.1-7.fc15 https://admin.fedoraproject.org/updates/dracut-009-15.fc15 The following builds have been pushed to Fedora 15 updates-testing abi-compliance-checker-1.97.7-1.fc15 bind-9.8.3-2.P1.fc15 bmake-20111111-1.fc15 chirp-0.2.2-1.fc15 chmsee-1.99-0.15.9.git36b4702.fc15 ecryptfs-utils-96-3.fc15 kernel-2.6.43.8-1.fc15 mumble-1.2.3-4.fc15.1 php-symfony-symfony-1.4.18-1.fc15 postgresql-9.0.8-1.fc15 python-proteus-1.8.3-2.fc15 rcssserver-15.1.0-1.fc15 rubygem-actionpack-3.0.5-8.fc15 rubygem-activerecord-3.0.5-3.fc15 tryton-1.8.5-1.fc15 trytond-1.8.7-1.fc15 trytond-account-1.8.5-1.fc15 trytond-account-invoice-1.8.1-1.fc15 trytond-ldap-authentication-1.8.1-1.fc15 trytond-party-siret-1.8.1-1.fc15 trytond-purchase-1.8.5-1.fc15 trytond-sale-1.8.4-1.fc15 trytond-stock-1.8.3-1.fc15 trytond-stock-supply-1.8.3-1.fc15 Details about builds: ================================================================================ abi-compliance-checker-1.97.7-1.fc15 (FEDORA-2012-8970) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 4 2012 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.97.7-1 - Update to latest upstream release. -------------------------------------------------------------------------------- ================================================================================ bind-9.8.3-2.P1.fc15 (FEDORA-2012-8962) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: Update to the latest upstream release which fixes CVE-2012-1667. More information is available on http://www.isc.org/software/bind/advisories/cve-2012-1667 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 4 2012 Adam Tkac <atkac redhat com> 32:9.8.3-2.P1 - update to 9.8.3-P1 (CVE-2012-1667) -------------------------------------------------------------------------------- References: [ 1 ] Bug #828078 - CVE-2012-1667 bind: handling of zero length rdata can cause named to terminate unexpectedly https://bugzilla.redhat.com/show_bug.cgi?id=828078 -------------------------------------------------------------------------------- ================================================================================ bmake-20111111-1.fc15 (FEDORA-2012-8935) The NetBSD make(1) tool -------------------------------------------------------------------------------- Update Information: The NetBSD make(1) tool -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 5 2012 Luis Bazan <bazanluis20@xxxxxxxxx> 20111111-1 - New Version for f15 * Mon Feb 6 2012 Julio Merino <jmmv@xxxxxxxxxx> 20111111-1 - New upstream version. * Thu Jan 12 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 20090222-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ chirp-0.2.2-1.fc15 (FEDORA-2012-8952) A tool for programming two-way radio equipment -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 4 2012 Richard Shaw <hobbes1069@xxxxxxxxx> - 0.2.2-1 - Update to latest upstream release. -------------------------------------------------------------------------------- ================================================================================ chmsee-1.99-0.15.9.git36b4702.fc15 (FEDORA-2012-8978) HTML Help viewer for Unix/Linux -------------------------------------------------------------------------------- Update Information: Rebuild for xulrunner 13 -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 5 2012 bbbush <bbbush.yuan@xxxxxxxxx> - 1.99-0.15.9.git36b4702 - rebuild for xulrunner 13 -------------------------------------------------------------------------------- ================================================================================ ecryptfs-utils-96-3.fc15 (FEDORA-2012-8888) The eCryptfs mount helper and support libraries -------------------------------------------------------------------------------- Update Information: - always load ecryptfs module in advance - this should fix situations, where ecryptfs mounts and decrypts data, but file names are still encrypted -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 4 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 96-3 - for file name encryption support check, module must be loaded already * Mon Apr 16 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 96-2 - when ecryptfs-mount-fails, check if user is member of ecryptfs group -------------------------------------------------------------------------------- ================================================================================ kernel-2.6.43.8-1.fc15 (FEDORA-2012-8931) The Linux kernel -------------------------------------------------------------------------------- Update Information: Update to Linux 2.6.43.8 (3.3.8). Disabled 32bit NX emulation. Suspected of being broken and it deviates from upstream. Unless there are further security issues, this will likely be the last F15 kernel update before End-of-Life. The 3.3.7 stable kernel contains a number of important bug fixes -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 4 2012 Josh Boyer <jwboyer@xxxxxxxxxx> 2.6.43.8-1 - Linux v3.3.8 * Mon Jun 4 2012 Dave Jones <davej@xxxxxxxxxx> - Disable 32bit NX emulation. * Wed May 30 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - CVE-2012-2390 huge pages: memory leak on mmap failure (rhbz 824352 824345) * Thu May 24 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - CVE-2012-2372 mm: 32bit PAE pmd walk vs populate SMP race (rhbz 822821 822825) * Mon May 21 2012 Justin M. Forbes <jforbes@xxxxxxxxxx> 3.3.7-1 - Linux 3.3.7 * Fri May 18 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Additional fixes for CVE-2011-4131 (rhbz 822874 822869) * Thu May 17 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Fix rtlwifi async firmware load race condition (rhbz 822120) * Wed May 16 2012 Justin M. Forbes <jforbes@xxxxxxxxxx> 2.6.43.6-3 - fix rtl8187: ->brightness_set can not sleep (rhbz 795176) * Tue May 15 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Fixup atl1c register programming (rhbz 749276) * Mon May 14 2012 Justin M. Forbes <jforbes@xxxxxxxxxx> 2.6.43.6-1 - Linux 3.3.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #822821 - CVE-2012-2373 kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition https://bugzilla.redhat.com/show_bug.cgi?id=822821 [ 2 ] Bug #824345 - CVE-2012-2390 kernel: huge pages: memory leak on mmap failure https://bugzilla.redhat.com/show_bug.cgi?id=824345 [ 3 ] Bug #822869 - CVE-2012-2375 kernel: incomplete fix for CVE-2011-4131 https://bugzilla.redhat.com/show_bug.cgi?id=822869 -------------------------------------------------------------------------------- ================================================================================ mumble-1.2.3-4.fc15.1 (FEDORA-2012-8960) Voice chat suite aimed at gamers -------------------------------------------------------------------------------- Update Information: This update fixes a number of startup problems of the mumble server murmur. Additionally it contains a fix for CVE-2012-0863 (insecure world-readable permissions on database file) of the mumble client. Rebuild for newer protobuf -------------------------------------------------------------------------------- ChangeLog: * Thu May 31 2012 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 1.2.3-4.1 - Fix startup issues of murmurd (BZ 711711, BZ 771423) - Fix directory ownership of %{_libdir}/mumble and %{_datadir}/mumble* (BZ 744886) - Add upstream patch for CVE-2012-0863 (BZ 791058) - Fix broken logrotate config file (BZ 730129) - Add dependency for qt4-sqlite (BZ 660221) - Remove /sbin/ldconfig from %post(un) since mumble does not contain any libraries in %{_libdir} - Some minor cleanup * Mon Sep 12 2011 Andreas Osowski <th0br0@xxxxxxxxxx> - 1.2.3-4 - Rebuild for updated protobuf -------------------------------------------------------------------------------- References: [ 1 ] Bug #791000 - CVE-2012-0863 mumble: insecure world-readable permissions on database file https://bugzilla.redhat.com/show_bug.cgi?id=791000 -------------------------------------------------------------------------------- ================================================================================ php-symfony-symfony-1.4.18-1.fc15 (FEDORA-2012-8911) Open-Source PHP Web Framework -------------------------------------------------------------------------------- Update Information: - upstream 1.4.18 - fixes: CVE-2012-2667 php-symfony-symfony: Session fixation flaw -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 4 2012 Christof Damian <christof@xxxxxxxxxx> - 1.4.18-1 - upstream 1.4.18 (security fix) * Thu Mar 8 2012 Christof Damian <christof@xxxxxxxxxx> - 1.4.17-2 - fix doctrine path * Thu Mar 8 2012 Christof Damian <christof@xxxxxxxxxx> - 1.4.17-1 - upstream 1.4.17 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.8-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #828079 - CVE-2012-2667 php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=828079 -------------------------------------------------------------------------------- ================================================================================ postgresql-9.0.8-1.fc15 (FEDORA-2012-8915) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: Upstream bug fix + security updates, including the fixes for CVE-2012-2143, CVE-2012-2655 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 4 2012 Tom Lane <tgl@xxxxxxxxxx> 9.0.8-1 - Update to PostgreSQL 9.0.8, for various fixes described at http://www.postgresql.org/docs/9.0/static/release-9-0-8.html including the fixes for CVE-2012-2143, CVE-2012-2655 Resolves: #826606 - Update previous version (embedded in postgresql-upgrade) to 8.4.12 because fix in whole-row variable dumping could be needed for upgrades -------------------------------------------------------------------------------- References: [ 1 ] Bug #826606 - CVE-2012-2143 CVE-2012-2655 postgresql: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=826606 -------------------------------------------------------------------------------- ================================================================================ python-proteus-1.8.3-2.fc15 (FEDORA-2012-8909) Library to access Tryton's internal objects -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.3-2 - fix BR/R * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.3-1 - new upstream version 1.8.3 -------------------------------------------------------------------------------- ================================================================================ rcssserver-15.1.0-1.fc15 (FEDORA-2012-8971) Robocup 2D Soccer Simulation Server -------------------------------------------------------------------------------- Update Information: * Fixed a bug of referee's player clearance operation after fouls. * Fixed a defect of zero division in Quantize method. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 4 2012 Hedayat Vatankhah <hedayat.fwd+rpmchlog@xxxxxxxxx> - 15.1.0-1 - Update to version 15.1.0 - Remove some no-longer-necessary lines (e.g. buildroot tag) - ax_boost_base.m4 patch no longer necessary * Fri May 27 2011 Dan Horák <dan[at]danny.cz> - 15.0.0-2 - fix build on non-x86 64-bit architectures -------------------------------------------------------------------------------- ================================================================================ rubygem-actionpack-3.0.5-8.fc15 (FEDORA-2012-8912) Web-flow and rendering framework putting the VC in MVC -------------------------------------------------------------------------------- Update Information: Fix for CVE-2012-2660. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 4 2012 Vít Ondruch <vondruch@xxxxxxxxxx> - 1:3.0.5-8 - Fix for CVE-2012-2660. -------------------------------------------------------------------------------- References: [ 1 ] Bug #827353 - CVE-2012-2660 rubygem-actionpack: Unsafe query generation https://bugzilla.redhat.com/show_bug.cgi?id=827353 -------------------------------------------------------------------------------- ================================================================================ rubygem-activerecord-3.0.5-3.fc15 (FEDORA-2012-8972) Implements the ActiveRecord pattern for ORM -------------------------------------------------------------------------------- Update Information: Fix for CVE-2012-2661. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 5 2012 Vít Ondruch <vondruch@xxxxxxxxxx> - 1:3.0.5-3 - Fix for CVE-2012-2661. * Tue Aug 23 2011 Mo Morsi <mmorsi@xxxxxxxxxx> - 1:3.0.5-2 - Fix for BZ #731438 -------------------------------------------------------------------------------- References: [ 1 ] Bug #827363 - CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested query paramaters https://bugzilla.redhat.com/show_bug.cgi?id=827363 -------------------------------------------------------------------------------- ================================================================================ tryton-1.8.5-1.fc15 (FEDORA-2012-8909) Client for the Tryton application framework -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.5-1 - new upstream version 1.8.5 -------------------------------------------------------------------------------- ================================================================================ trytond-1.8.7-1.fc15 (FEDORA-2012-8909) Server for the Tryton application framework -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.7-1 - new upstream version 1.8.7 -------------------------------------------------------------------------------- ================================================================================ trytond-account-1.8.5-1.fc15 (FEDORA-2012-8909) account module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.5-1 - new upstream version 1.8.5 -------------------------------------------------------------------------------- ================================================================================ trytond-account-invoice-1.8.1-1.fc15 (FEDORA-2012-8909) account-invoice module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.1-1 - new upstream version 1.8.1 -------------------------------------------------------------------------------- ================================================================================ trytond-ldap-authentication-1.8.1-1.fc15 (FEDORA-2012-8909) ldap-authentication module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.1-1 - new upstream version 1.8.1 -------------------------------------------------------------------------------- ================================================================================ trytond-party-siret-1.8.1-1.fc15 (FEDORA-2012-8909) party-siret module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.1-1 - new upstream version 1.8.1 -------------------------------------------------------------------------------- ================================================================================ trytond-purchase-1.8.5-1.fc15 (FEDORA-2012-8909) purchase module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.5-1 - new upstream version 1.8.5 -------------------------------------------------------------------------------- ================================================================================ trytond-sale-1.8.4-1.fc15 (FEDORA-2012-8909) sale module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.4-1 - new upstream version 1.8.4 -------------------------------------------------------------------------------- ================================================================================ trytond-stock-1.8.3-1.fc15 (FEDORA-2012-8909) stock module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.3-1 - new upstream version 1.8.3 -------------------------------------------------------------------------------- ================================================================================ trytond-stock-supply-1.8.3-1.fc15 (FEDORA-2012-8909) stock-supply module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 2 2012 Dan Horák <dan@xxxxxxxx> - 1.8.3-1 - new upstream version 1.8.3 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test