The following Fedora 16 Security updates need testing: https://admin.fedoraproject.org/updates/FEDORA-2012-9029/boost-1.47.0-7.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9037/thunderbird-lightning-1.5-2.fc16,thunderbird-13.0-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9078/lighttpd-1.4.31-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9206/hostapd-0.7.3-9.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9116/quagga-0.99.21-2.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9135/python3-3.2.3-2.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9314/gd-2.0.35-17.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6614/gdb-7.3.50.20110722-16.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8692/asterisk-1.8.12.2-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8946/bind-9.8.3-2.P1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8893/postgresql-9.1.4-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8985/php-symfony-symfony-1.4.18-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8956/mumble-1.2.3-5.fc16.1 https://admin.fedoraproject.org/updates/FEDORA-2012-9313/ImageMagick-6.7.0.10-5.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9324/mysql-5.5.24-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8675/arpwatch-2.1a15-18.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9337/roundcubemail-0.7.2-2.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8982/rubygem-activerecord-3.0.10-2.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-7593/tomcat6-6.0.35-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8021/sudo-1.8.3p1-3.fc16 The following Fedora 16 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/FEDORA-2012-9324/mysql-5.5.24-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9314/gd-2.0.35-17.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9274/gstreamer-plugins-good-0.10.30-6.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9267/lxpanel-0.5.10-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9171/qtwebkit-2.2.2-1.fc16 https://admin.fedoraproject.org/updates/analitza-4.8.4-1.fc16,ark-4.8.4-1.fc16,blinken-4.8.4-1.fc16,cantor-4.8.4-1.fc16,filelight-4.8.4-2.fc16,gwenview-4.8.4-1.fc16,jovie-4.8.4-1.fc16,kaccessible-4.8.4-1.fc16,kactivities-4.8.4-1.fc16,kalgebra-4.8.4-1.fc16,kalzium-4.8.4-1.fc16,kamera-4.8.4-1.fc16,kanagram-4.8.4-1.fc16,kate-4.8.4-1.fc16,kbruch-4.8.4-1.fc16,kcalc-4.8.4-2.fc16,kcharselect-4.8.4-2.fc16,kcolorchooser-4.8.4-1.fc16,kdeaccessibility-4.8.4-1.fc16,kdeadmin-4.8.4-1.fc16,kdeartwork-4.8.4-1.fc16,kde-baseapps-4.8.4-1.fc16,kdebindings-4.8.4-1.fc16,kdeedu-4.8.4-1.fc16,kdegames-4.8.4-1.fc16,kdegraphics-4.8.4-1.fc16,kdegraphics-mobipocket-4.8.4-1.fc16,kdegraphics-strigi-analyzer-4.8.4-1.fc16,kdegraphics-thumbnailers-4.8.4-1.fc16,kde-l10n-4.8.4-1.fc16,kdelibs-4.8.4-3.fc16,kdemultimedia-4.8.4-3.fc16,kdenetwork-4.8.4-1.fc16,kdepim-4.8.4-2.fc16,kdepimlibs-4.8.4-1.fc16,kdepim-runtime-4.8.4-1.fc16,kdeplasma-addons-4.8.4-1.fc16,kde-printer-applet-4.8.4-1.fc16,kde-runtime-4.8.4-1.fc16,kdesdk-4.8.4-1.fc16,kdetoys-4.8.4-1.fc16,kdeutils-4.8.4-1.fc16,kde-wallpapers-4.8.4-1.fc16,kde-workspace-4.8.4-2.fc16,kdf-4.8.4-2.fc16,kfloppy-4.8.4-1.fc16,kgamma-4.8.4-1.fc16,kgeography-4.8.4-1.fc16,kgpg-4.8.4-1.fc16,khangman-4.8.4-1.fc16,kig-4.8.4-1.fc16,kimono-4.8.4-1.fc16,kiten-4.8.4-1.fc16,klettres-4.8.4-1.fc16,kmag-4.8.4-1.fc16,kmousetool-4.8.4-1.fc16,kmouth-4.8.4-1.fc16,kmplot-4.8.4-1.fc16,kolourpaint-4.8.4-1.fc16,konsole-4.8.4-1.fc16,kremotecontrol-4.8.4-1.fc16,kross-interpreters-4.8.4-1.fc16,kruler-4.8.4-1.fc16,ksaneplugin-4.8.4-1.fc16,ksecrets-4.8.4-1.fc16,ksnapshot-4.8.4-1.fc16,kstars-4.8.4-1.fc16,ktimer-4.8.4-1.fc16,ktouch-4.8.4-1.fc16,kturtle-4.8.4-1.fc16,kwallet-4.8.4-1.fc16,kwordquiz-4.8.4-1.fc16,libkdcraw-4.8.4-1.fc16,libkdeedu-4.8.4-1.fc16,libkexiv2-4.8.4-1.fc16,libkipi-4.8.4-1.fc16,libksane-4.8.4-1.fc16,marble-4.8.4-1.fc16,okular-4.8.4-1.fc16,oxygen-icon-theme-4.8.4-1.fc16,parley-4.8.4-1.fc16,pykde4-4.8.4-1.fc16,qyoto-4.8.4-1.fc16,rocs-4.8.4-1.fc16,ruby-korundum-4.8.4-1.fc16,ruby-qt-4.8.4-1.fc16,smokegen-4.8.4-1.fc16,smo kekde-4.8.4-1.fc16,smokeqt-4.8.4-1.fc16,step-4.8.4-1.fc16,superkaramba-4.8.4-1.fc16,svgpart-4.8.4-1.fc16,sweeper-4.8.4-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9014/gawk-4.0.1-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8996/python-bugzilla-0.7.0-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9063/dracut-018-55.git20120606.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9037/thunderbird-lightning-1.5-2.fc16,thunderbird-13.0-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-9055/soprano-2.7.6-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8765/koji-1.7.0-2.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8744/perl-5.14.2-198.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-8617/gnutls-2.12.14-3.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-6994/upower-0.9.16-1.fc16 https://admin.fedoraproject.org/updates/FEDORA-2012-3319/GConf2-3.2.3-4.fc16 The following builds have been pushed to Fedora 16 updates-testing ImageMagick-6.7.0.10-5.fc16 abi-compliance-checker-1.97.8-1.fc16 aeolus-conductor-0.10.1-1.fc16 aeolus-configure-2.6.0-1.fc16 cross-gcc-4.7.1-0.1.20120606.fc16 gd-2.0.35-17.fc16 hekafs-0.7-31.fc16 libmnl-1.0.3-1.fc16 mysql-5.5.24-1.fc16 opencryptoki-2.4-2.fc16 php-symfony2-BrowserKit-2.0.15-2.fc16 php-symfony2-DomCrawler-2.0.15-2.fc16 php-symfony2-EventDispatcher-2.0.15-1.fc16 php-symfony2-Finder-2.0.15-1.fc16 php-symfony2-Process-2.0.15-1.fc16 php-symfony2-Serializer-2.0.15-1.fc16 php-symfony2-Templating-2.0.15-1.fc16 python-messaging-0.9-1.fc16 roundcubemail-0.7.2-2.fc16 rubygem-aeolus-cli-0.5.0-1.fc16 rubygem-aeolus-image-0.5.0-1.fc16 spice-xpi-2.7-3.fc16 Details about builds: ================================================================================ ImageMagick-6.7.0.10-5.fc16 (FEDORA-2012-9313) An X application for displaying and manipulating images -------------------------------------------------------------------------------- Update Information: Address several CVE issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 12 2012 Pavel Alexeev <Pahan@xxxxxxxxxxxxx> - 6.7.0.10-5 - Add Patch3: ImageMagick-6.7.0-10-CVE-2012-0259.patch - http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 (bz#807993) - And Patch4: ImageMagick-6.7.0-10-CVE-2012-1620.patch - http://www.imagemagick.org/discourse-server/viewtopic.php?p=82865#p82865 (bz#807993) -------------------------------------------------------------------------------- References: [ 1 ] Bug #807993 - CVE-2012-0259 ImageMagick: Out-of heap-based buffer read by processing crafted JPEG EXIF header tag value https://bugzilla.redhat.com/show_bug.cgi?id=807993 -------------------------------------------------------------------------------- ================================================================================ abi-compliance-checker-1.97.8-1.fc16 (FEDORA-2012-9309) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 11 2012 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.97.8-1 - Update to latest upstream release. * Mon Jun 4 2012 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.97.7-1 - Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #827944 - abi-compliance-checker-1.97.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=827944 -------------------------------------------------------------------------------- ================================================================================ aeolus-conductor-0.10.1-1.fc16 (FEDORA-2012-9305) The Aeolus Conductor -------------------------------------------------------------------------------- Update Information: update to upstream release v0.10.1-1 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 7 2012 Steve Linabery <slinaber@xxxxxxxxxx> - 0.10.1-1 - 81f10a6 Refactor SessionEntity model to work properly with API - 1945d37 Fixed deployment rollback - 187756e Fix the new Provider Account form error * Wed Jun 6 2012 Steve Linabery <slinaber@xxxxxxxxxx> - 0.10.0-1 - 274fb0b rm3343: credential: make attributes accessible/protected - a66fd19 RM 3246: fix smaller issues in instance model - b3dc87c RM3244: fix minor issues - 04450b5 sanitize the use of details_tab param - f1cbeea Add BuildRequires for rubygem-compass and rubygem-compass-960-plugin - b388935 rpmbuild changes: added converge-ui files, compass Require dependency, converge-ui symlinks creation and scss compilation using compass into spec file - 2836e75 Removed old favicon and added new into public/images to be compatible with converge-ui layout - 9f019b6 Removed Sass::Plugin scss compilation from development enviromnent config because Compass watcher takes care of scss compilation - 1cc41e8 Moved compass config file to proper place, removed unnecessary compass.scss file - dfdfb0d Finishing touches in converge-ui integration - 86c6978 Added symlink for fonts, removed fonts conductor stylesheet, removed conductor fonts folder content - 36a7d9d updated converge-ui to latest version - d49ce9f converge-ui meeting updates - 7500a18 Adding compass gem dependancy and symbolic link for converge-ui template. - bd736c7 Unified UI (converge-ui) changes to header, footer using the converge-ui git submodule. - 5674223 Revert "Revert "Merge branch 'gelato'"" - e3cd48d RM3311 fix for date range to be inclusive of times - 3a4be6f RM3311 added date select, ordering options, and csv export to log history - bf0595d Redmine #3345: Initial user groups implementation - 5b34b65 BZ 827562 - Upgrade from CloudForms 1.0 to CloudForms 1.0.1 requires additional data definition not provided by rails migration - 537b86f Moving the service parameter type attr off the parameter tag onto the value tag because the type only applys when we collect a value. - e8f5b1e If an assambly doesn't define any configserver params, config for this assembly is not sent to configserver. - 65c7767 Bug 807745 add 'use provider accounts' to global image admin role - c8e2f50 bug 808031: allow Global Provider user to view Provider Accounts - 18ae85c Fix files declaration for daemons subpkg - 05a2632 Fix images#show when there's no existing build - 3a146ec BZ815784 added Pool Family Quota Used column to Pool Families table - 8ebf737 Fix spec - 049958c Unifiy the way we store error messages for model attributes - 333a884 BZ808393: Fix invalid name error message - 759dbbe BZ808338: fix ajax caching for IE - dec27f2 BZ 806846 Disabled submit_tag in images#new views when no provider are enabled - 144afb2 BZ 806846 ImageController: removed duplicate code, fixed flash displaying - bdc6f3e Fix mustache template handler to work with Rails 3.1 and above - 799bd3a RM #3269: Figure out what is wrong with deps (ruby/bundler mode) - 4b03851 BZ#801971 - Scalability: Catalog Images tab, /conductor/pools/1?details_tab=images&only_tab=true, is slow - ccfd67e Styling for pool catalog images tab - bf85e5f BZ815357: api: tests for template xml in CDATA - b3c4ecd BZ815357: api: handle template xml in CDATA in images controller - 290dde4 BZ804543: template relaxng: make rootpw mandatory - fe8d4ed Corrected removed obsolette load_tab_captions_and_details_tab method from pool_families controller, replaced provider_account header with helper method - 445665b Revert "removed obsolette load_tab_captions_and_details_tab method from pool_families controller, replaced provider_account header with helper method" - 5c54d1d BZ810919 mustach-ify pretty-view pool header so that instance/deployment counts are automatically updated - f454171 removed obsolette load_tab_captions_and_details_tab method from pool_families controller, replaced provider_account header with helper method - b602b93 pool_families partials cleanup - 4cfd406 Fixed typo - renamed 'stopable' to 'stoppable' - eb0dc37 3322 - Added deployment's history tab - 1df022a Added basic events for deployment state changes - f96aa8f 3321 - Added partial launch support - 7bfb7e2 3320 - Added deployment rollback - 1a46ebb BZ806001 - aeolus-configure will always create an admin user, need to key of a uuid not name - dbdc389 Fix line limit violations in images_controller for mustache patchset - 2f3471e Fix line limit violations in some views for mustache patchset - dbb9bcf Fix line limit violations in deployables_controller for mustache patchset - e374dd1 Delete jquery-template js lib - 1c2932b Mustachifying images/show - 0138aae Mustachifying pools/_deployments - aaf99e9 Mustachifying deployables/show - 8c8be91 Redmine #3319: Set up conductor to use new Bundler extension point. - 57bdcf7 Redmine #3318: Add small extension library to bundler to load system gems - 1b77242 Add BuildRequires: systemd-units for daemons subpackage - da4472b Remove jquery-svg entries from rpm spec - 89dcc58 Delete jquery-svg - f7c7dfa application.js: Removed unused code - 42af2a1 Removed unused JS libraries - yetii, trimpath-template - 1332d3d RM 3144 specify default order for associated events - 65a472e RM 3144 don't set unscoped as default, as this messes up uptime calculations - 40100c2 Fix migration after paranoid gem changed the default scope - 0c8f597 RM 3144 added soft_delete tests - 1f1ac5b RM 3144 updated models to include acts_as_paranoid - 01be2df RM 3144 add deleted_at column for soft delete - 3486b97 RM 3144 added paranoia gem - 5905bb8 adding service dependancy support for audrey - a1fde11 Temporary Bugfix for adding providers. - 708a82d added app/views/logs - c406ca3 Revert "Merge branch 'gelato'" - da432dd Removed useless @deployment_properties variable - 65d9d8d Cleanup of deployments create action - e6fcb93 Merge branch 'gelato' - e142db5 RM 3145 touched up code to obey 80-character line limit - 570795c RM 3145 updates reflecting new state attribute for deployments - c64fe05 RM 3145 added css section for hover links - 7f6c191 RM 3145 added cucumber tests - e119c68 RM 3145 added logs section - 3b50091 RM 3145 added logs page - cc0e066 RM 3145 added logs controller - 54e749d RM 3145 added logs route - 8d778df Fix typo in UpdateStateForExistingDeployments migration - 8e7559c Redmine3153 partials cleanup and fixes part1 - e3616e8 BZ 809722 - missing template for json response - 482437a performance fixes for Redmine feature #3149 - f5010a6 Redmine #3158: Use denormalized model for permission checks - 30473d7 redmine task #3157: UI to show inherited permissions - f6b80e3 permissions denormalization: redmine #3155 and #3156 - 0cd0270 RM 3181 - delayed_job support - revised - 03b6b45 Redmine #3233: Consolidate duplicated steps - 4a49749 Redmine #3211: Switch step defs for login to use DMA - 273833b Fixed setting of deployment state for existing deployments - 73ccace bump version to 0.10.0 - 4594b35 import converge-ui stylesheet as partial to layout.scss - 1e601d3 removed converge-ui files from lib - e40e4eb changed simlinks, layout_helper is now unmodified, disabled most of the converge-ui stylesheets for now, reverted to conductor layout to prepare for incremental converge - be1ebc7 added converge-ui repo as git submodule co vendor/converge-ui - 622f629 Basic implementation of converge-ui code - 003582a Copies converge-ui into lib/ * Thu May 3 2012 Martyn Taylor <mtaylor@xxxxxxxxxx> - 0.9.0-1 - Updated compilation of new sass files -------------------------------------------------------------------------------- ================================================================================ aeolus-configure-2.6.0-1.fc16 (FEDORA-2012-9348) Aeolus Configure Puppet Recipe -------------------------------------------------------------------------------- Update Information: update to upstream release v2.6.0-1 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 6 2012 Steve Linabery <slinaber@xxxxxxxxxx> - 2.6.0-1 - 338b0ab Add man page for aeolus-services executable - 5059400 Fix broken string interpolation - 043873a Fix module structure for puppet 2.7 autoloader - aab5f1f Use postgres gem if available - 4909706 Remove test references to 'dutils' - 0782c8c Fix LOAD_PATH issues with Ruby 1.9 - 4d00f3c Use RSpec 2.x - 4f2bf64 BZ827562 - Upgrade from CloudForms 1.0 to CloudForms 1.0.1 requires additional data definition not provided by rails migration - 9bffb2c BZ 806001 aeolus-configure will always create an admin user, need to key of a uuid not name - 258d5c4 RM3172 Allow standalone imagefactory/iwhd installation - f1b6349 RM 3181 - delayed_job support - rev 2 - 92b67a1 BZ799814: added basic validations for aeolus-configure - e0e36a4 BZ811373 - Add KeepAlive on to vhost in conductor.conf - 9de4f42 BZ 803745 - Warn credentials are incorrect if authentication with RHEV fails when checking export type - 8ac8e2a BZ 803249 - Remove qpidd from configure - 0a6ef1c BZ 802847 - cleanup hardware profiles and fix provider ordering effects - 45d5fcf BZ #802871: added man pages for configure executables - 6f93654 BZ 800057 - aeolus-cleanup should purge aeolus related files in /var/tmp/ - b7e485e BZ 794505: lower cost hwp for ec2 - bfa5682 BZ 795935 - put back username and password for conf/vsphere_configure - 415e5b9 BZ 795935 - remove username from rhevm.json - cd61e61 BZ 798440 - /etc/aeolus-configure/nodes/* should be not be world readable - 7bb4220 BZ #796797: Fix Role string for sql statement - 2c1404a BZ 795935 - Remove passwords from /etc/imagefactory/.json files - 16e7891 BZ 788644 - remove confusing comments in cleanup config files - b69c475 BZ 794755 - Static assets don't set Cache-Control headers https://bugzilla.redhat.com/show_bug.cgi?id=794755 - ac99a8b BZ 788644 - multiple RHEV providers with aeolus_cleanup - 2491bed BZ 788397 - /var/lib/iwhd should not be removed to maintain consistency with mongodb - 6a3edf2 BZ #783220 - change default admin email to 'root@localhost' (rev 2) - aed1ae8 BZ 746702 - Update the error message displayed when there is a problem with a config file - c5319e5 BZ 785217 - check provider add success by inspecting the flash image alt text - 421c61a BZ #784833. -d param is positionally dependent - 2037e2e bz784978 - aeolus-configure is not properly settting the /etc/imagefactory/$provider.json file - 45d83b0 Revert "Merge branch 'tito' into 1.0-staging" - 686548f Revert "Automatic commit of package [aeolus-configure] release [2.5.0-8]." - 0c38ed2 Automatic commit of package [aeolus-configure] release [2.5.0-8]. - 693ec0e bz784915 - aeolus-configure names vsphere provider "default", change to "vsphere-default" - f4bc0a0 BZ 773347 - rename redhat.com to example.org - ce58124 BZ 773347 - add a note in rhevm_configure on how to find the data center id - 2c51676 Add releasers.conf with rhel dist-git releaser - 63bf8b0 Fix suffix on source package (.tgz -> tar.gz) - cff05ca Remove aeolus-configure.spec.in and copy current spec from dist-git - 3892c74 Initialized to use tito. - 9af3e7a BZ 783373 - Execute all provider configurations even if there are failures - f543542 shebang comments are not valid JSON, so remove them - 82c37d9 Update rhevm and vsphere to support multiple configured providers - 3c693ce Use YAML format for parameterized classes - c4934bb Pull in create_resources function from puppet 2.7 tree - 0a90405 BZ 782210 - improved RHEV NFS export validation - c8a13c3 BZ # 741947. RFE: add support for all ec2 regions - c32189f BZ# 771922: set owner,group,mode on conductor settings file - 814ae5e BZ #740089: remove interactive mode for the time being - 152dc36 BZ# 769526 - handle invalid blank cloud provider entries - 8f05269 BZ #771305 - fixes error found when using custom profiles - a996371 BZ 758644 (part 2) - decrement login counter after aeolus-configure script - 30407db BZ 758644 (part 1) - clean old cookies when doing a web request - 8507b70 BZ 746702 - improve whitepace checking in /etc/aeolus-configure/nodes configs - 8701011 BZ#773060 - do not add provider accounts for rhevm, vshpere in aeolus-configure - f3d033e BZ 773037 - update RHEVM configuration to support data centers - 3242d07 Revert "Set version in Rakefile to 2.5.0" - eea582d Set version in Rakefile to 2.5.0 - e36cfec Correct versioning in changelog entry - bcbbde2 Revert version bump - 4dbabc3 Bump version, reset release - fdce4e6 Bump release, add changelog * Fri Mar 16 2012 Mo Morsi <mmorsi@xxxxxxxxxx> - 2.5.0-3 - include man pages -------------------------------------------------------------------------------- ================================================================================ cross-gcc-4.7.1-0.1.20120606.fc16 (FEDORA-2012-9339) Cross C compiler -------------------------------------------------------------------------------- Update Information: Fix ICE in MIPS compiler Fix SH64 compiler and also move to full gcc release rather than candidate. -------------------------------------------------------------------------------- ================================================================================ gd-2.0.35-17.fc16 (FEDORA-2012-9314) A graphics library for quick creation of PNG or JPEG images -------------------------------------------------------------------------------- Update Information: This is an update, that fixes insufficient input validation in _gdGetColors(). -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 11 2012 Honza Horak <hhorak@xxxxxxxxxx> - 2.0.35-17 - fixed CVE-2009-3546 gd: insufficient input validation in _gdGetColors() Resolves: #830745 -------------------------------------------------------------------------------- References: [ 1 ] Bug #830745 - CVE-2009-3546 gd: insufficient input validation in _gdGetColors() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=830745 -------------------------------------------------------------------------------- ================================================================================ hekafs-0.7-31.fc16 (FEDORA-2012-9340) Heka File System -------------------------------------------------------------------------------- Update Information: update to glusterfs-3.2.7 and fix scripts/hfs_mount.py -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 11 2012 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.7-31 - update to glusterfs 3.2.7 - fix for scripts/hfs_mount.py -------------------------------------------------------------------------------- ================================================================================ libmnl-1.0.3-1.fc16 (FEDORA-2012-9351) A minimalistic Netlink library -------------------------------------------------------------------------------- Update Information: Update to latest 1.0.3 version. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 11 2012 Hushan Jia <hushan.jia@xxxxxxxxx> 1.0.3-1 - Update to 1.0.3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #827992 - libmnl-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=827992 -------------------------------------------------------------------------------- ================================================================================ mysql-5.5.24-1.fc16 (FEDORA-2012-9324) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: Update to MySQL 5.5.24, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html including the fix for CVE-2012-2122 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 11 2012 Tom Lane <tgl@xxxxxxxxxx> 5.5.24-1 - Update to MySQL 5.5.24, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html including the fix for CVE-2012-2122 Resolves: #830680 - Tweak logrotate script to put the right permissions on mysqld.log - Minor specfile fixes for recent packaging guidelines changes -------------------------------------------------------------------------------- References: [ 1 ] Bug #814605 - CVE-2012-2122 mysql: incorrect type cast in check_scramble() leading to authentication bypass https://bugzilla.redhat.com/show_bug.cgi?id=814605 -------------------------------------------------------------------------------- ================================================================================ opencryptoki-2.4-2.fc16 (FEDORA-2012-9303) Implementation of the PKCS#11 (Cryptoki) specification v2.11 -------------------------------------------------------------------------------- Update Information: fix unresolved symbols in TPM module -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 11 2012 Dan Horák <dan[at]danny.cz> - 2.4-2 - fix unresolved symbols in TPM module (#830129) -------------------------------------------------------------------------------- References: [ 1 ] Bug #830129 - PKCS11_TPM.so has undefined symbol https://bugzilla.redhat.com/show_bug.cgi?id=830129 -------------------------------------------------------------------------------- ================================================================================ php-symfony2-BrowserKit-2.0.15-2.fc16 (FEDORA-2012-9292) Symfony2 BrowserKit Component -------------------------------------------------------------------------------- Update Information: Symfony2 BrowserKit Component. -------------------------------------------------------------------------------- References: [ 1 ] Bug #823070 - Review Request: php-symfony2-BrowserKit - Symfony2 BrowserKit Component https://bugzilla.redhat.com/show_bug.cgi?id=823070 -------------------------------------------------------------------------------- ================================================================================ php-symfony2-DomCrawler-2.0.15-2.fc16 (FEDORA-2012-9297) Symfony2 DomCrawler Component -------------------------------------------------------------------------------- Update Information: The DomCrawler Component eases DOM navigation for HTML and XML documents. -------------------------------------------------------------------------------- References: [ 1 ] Bug #823047 - Review Request: php-symfony2-DomCrawler - Symfony2 DomCrawler Component https://bugzilla.redhat.com/show_bug.cgi?id=823047 -------------------------------------------------------------------------------- ================================================================================ php-symfony2-EventDispatcher-2.0.15-1.fc16 (FEDORA-2012-9321) Symfony2 EventDispatcher Component -------------------------------------------------------------------------------- Update Information: The Symfony2 Event Dispatcher component implements the Observer (http://en.wikipedia.org/wiki/Observer_pattern) pattern in a simple and effective way to make all these things possible and to make your projects truly extensible. Take a simple example from the Symfony2 HttpKernel component. Once a Response object has been created, it may be useful to allow other elements in the system to modify it (e.g. add some cache headers) before it's actually used. To make this possible, the Symfony2 kernel throws an event - kernel.response. Here's how it works: * A listener (PHP object) tells a central dispatcher object that it wants to listen to the kernel.response event; * At some point, the Symfony2 kernel tells the dispatcher object to dispatch the kernel.response event, passing with it an Event object that has access to the Response object; * The dispatcher notifies (i.e. calls a method on) all listeners of the kernel.response event, allowing each of them to make modifications to the Response object. -------------------------------------------------------------------------------- References: [ 1 ] Bug #823050 - Review Request: php-symfony2-EventDispatcher - Symfony2 EventDispatcher Component https://bugzilla.redhat.com/show_bug.cgi?id=823050 -------------------------------------------------------------------------------- ================================================================================ php-symfony2-Finder-2.0.15-1.fc16 (FEDORA-2012-9300) Symfony2 Finder Component -------------------------------------------------------------------------------- Update Information: The Finder Component finds files and directories via an intuitive fluent interface. -------------------------------------------------------------------------------- References: [ 1 ] Bug #823051 - Review Request: php-symfony2-Finder - Symfony2 Finder Component https://bugzilla.redhat.com/show_bug.cgi?id=823051 -------------------------------------------------------------------------------- ================================================================================ php-symfony2-Process-2.0.15-1.fc16 (FEDORA-2012-9332) Symfony2 Process Component -------------------------------------------------------------------------------- Update Information: The Process Component executes commands in sub-processes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #823058 - Review Request: php-symfony2-Process - Symfony2 Process Component https://bugzilla.redhat.com/show_bug.cgi?id=823058 -------------------------------------------------------------------------------- ================================================================================ php-symfony2-Serializer-2.0.15-1.fc16 (FEDORA-2012-9356) Symfony2 Serializer Component -------------------------------------------------------------------------------- Update Information: Symfony2 Serializer Component. -------------------------------------------------------------------------------- References: [ 1 ] Bug #823062 - Review Request: php-symfony2-Serializer - Symfony2 Serializer Component https://bugzilla.redhat.com/show_bug.cgi?id=823062 -------------------------------------------------------------------------------- ================================================================================ php-symfony2-Templating-2.0.15-1.fc16 (FEDORA-2012-9317) Symfony2 Templating Component -------------------------------------------------------------------------------- Update Information: Templating provides all the tools needed to build any kind of template system. It provides an infrastructure to load template files and optionally monitor them for changes. It also provides a concrete template engine implementation using PHP with additional tools for escaping and separating templates into blocks and layouts. -------------------------------------------------------------------------------- References: [ 1 ] Bug #823063 - Review Request: php-symfony2-Templating - Symfony2 Templating Component https://bugzilla.redhat.com/show_bug.cgi?id=823063 -------------------------------------------------------------------------------- ================================================================================ python-messaging-0.9-1.fc16 (FEDORA-2012-9325) Python abstraction of a "message" -------------------------------------------------------------------------------- Update Information: upgrade to latest 0.9 version -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 12 2012 Massimo Paladin <massimo.paladin@xxxxxxxxx> - 0.9-1 - Upgrading to latest version 0.9. -------------------------------------------------------------------------------- ================================================================================ roundcubemail-0.7.2-2.fc16 (FEDORA-2012-9337) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: Resolves: CVE-2011-1491 CVE-2011-1492 CVE-2012-1253 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #828558 - CVE-2012-1253 roundcubemail: XSS flaw fixed in 0.7 [fedora-16] https://bugzilla.redhat.com/show_bug.cgi?id=828558 [ 2 ] Bug #772351 - Upgrade to 0.7 https://bugzilla.redhat.com/show_bug.cgi?id=772351 [ 3 ] Bug #828557 - CVE-2012-1253 roundcubemail: XSS flaw fixed in 0.7 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=828557 [ 4 ] Bug #690458 - CVE-2011-1491 CVE-2011-1492 roundcubemail: v0.5.1 two security fixes [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=690458 [ 5 ] Bug #816914 - Where is the maintainer? https://bugzilla.redhat.com/show_bug.cgi?id=816914 -------------------------------------------------------------------------------- ================================================================================ rubygem-aeolus-cli-0.5.0-1.fc16 (FEDORA-2012-9355) Command-line interface for working with the Aeolus cloud suite -------------------------------------------------------------------------------- Update Information: update to upstream release v0.5.0-1 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 6 2012 Steve Linabery <slinaber@xxxxxxxxxx> - 0.5.0-1 - 4e160d9 BZ815357: spec: removed testcase for --no-validation - 535676a BZ815357: removed --no-validation option - 03981c1 BZ815357: buildcmd: surround template xml with CDATA - 396a329 BZ804543 Removed Optional Element for rootpw in tdl - 09d5380 BZ797298: man: fix minor typo in aeolus(1) man page * Tue May 8 2012 Mo Morsi <mmorsi@xxxxxxxxxx> - 0.4.0-1 - new upstream release - update to ruby 1.9 -------------------------------------------------------------------------------- ================================================================================ rubygem-aeolus-image-0.5.0-1.fc16 (FEDORA-2012-9322) Ruby Client for interacting with Image Warehouse and Image Factory -------------------------------------------------------------------------------- Update Information: update to upstream release v0.5.0-1 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 6 2012 Steve Linabery <slinaber@xxxxxxxxxx> - 0.5.0-1 - 9144549 OAuth only binds to Factory requests * Mon May 7 2012 Mo Morsi <mmorsi@xxxxxxxxxx> - 0.4.0-2 - fixed spec to use new ruby 1.9 macros * Mon May 7 2012 Mo Morsi <mmorsi@xxxxxxxxxx> - 0.4.0-1 - updated to ruby 1.9 - new upstream release -------------------------------------------------------------------------------- ================================================================================ spice-xpi-2.7-3.fc16 (FEDORA-2012-9302) SPICE extension for Mozilla -------------------------------------------------------------------------------- Update Information: Fix for grayed console buttons in User Portal (RHEVM). -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 6 2012 Peter Hatina <phatina@xxxxxxxxxx> 2.7-3 - Fix updating connected status -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test