The following Fedora 16 Security updates need testing: Age URL 8 https://admin.fedoraproject.org/updates/FEDORA-2012-12984/pcp-3.6.6-1.fc16 60 https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16 15 https://admin.fedoraproject.org/updates/FEDORA-2012-12514/tor-0.2.2.38-1600.fc16 32 https://admin.fedoraproject.org/updates/FEDORA-2012-11526/dokuwiki-0-0.11.20120125.b.fc16 5 https://admin.fedoraproject.org/updates/FEDORA-2012-13127/java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16 5 https://admin.fedoraproject.org/updates/FEDORA-2012-13143/munin-2.0.6-1.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-13171/bugzilla-4.0.8-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-13263/rpmdevtools-8.3-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-13266/ypserv-2.29-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-13437/asterisk-1.8.15.1-1.fc16 63 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-13400/moin-1.9.4-3.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-13488/wordpress-3.4.2-2.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-13443/xen-4.1.3-2.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2012-13481/livecd-tools-16.16-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-13477/plymouth-0.8.4-0.20110822.6.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-13440/fedora-logos-16.0.2-2.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-13421/perl-5.14.2-199.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2012-13323/sane-backends-1.0.23-2.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2012-13326/xorg-x11-drv-intel-2.20.6-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-13237/liboauth-0.9.7-1.fc16 11 https://admin.fedoraproject.org/updates/FEDORA-2012-12205/kdepim-4.8.5-4.fc16 The following builds have been pushed to Fedora 16 updates-testing asterisk-1.8.15.1-1.fc16 bfa-firmware-3.0.3.1-1.fc16 dogtag-pki-9.0.0-12.fc16 dogtag-pki-theme-9.0.12-1.fc16 erlang-meck-0.7.2-1.fc16 fedora-logos-16.0.2-2.fc16 libgadu-1.11.2-1.fc16 libnetfilter_cttimeout-1.0.0-1.fc16 libvdpau-0.5-1.fc16 livecd-tools-16.16-1.fc16 mediawiki-intersection-37906-1.fc16 moin-1.9.4-3.fc16 nut-2.6.5-2.fc16 paps-0.6.8-20.fc16 perl-5.14.2-199.fc16 pki-core-9.0.22-1.fc16 pki-kra-9.0.12-1.fc16 pki-ra-9.0.5-2.fc16 pki-tps-9.0.8-1.fc16 plymouth-0.8.4-0.20110822.6.fc16 presence-0.4.8-1.fc16 python-moksha-common-1.0.0-4.fc16 qpid-cpp-0.18-1.1.fc16 rubygem-boxgrinder-build-0.10.4-1.fc16 rubygem-boxgrinder-core-0.3.14-1.fc16 rubygem-pdf-reader-1.1.1-6.fc16 smokeping-2.4.2-17.fc16 tcl-signal-1.4-4.fc16 tryton-2.0.5-1.fc16 trytond-account-2.0.5-1.fc16 trytond-account-statement-2.0.1-1.fc16 trytond-calendar-2.0.2-1.fc16 trytond-calendar-scheduling-2.0.3-1.fc16 trytond-calendar-todo-2.0.1-1.fc16 trytond-party-vcarddav-2.0.2-1.fc16 trytond-product-2.0.2-1.fc16 trytond-stock-2.0.4-1.fc16 trytond-stock-supply-2.0.3-1.fc16 trytond-timesheet-2.0.1-1.fc16 vlgothic-fonts-20120905-1.fc16 wordpress-3.4.2-2.fc16 xen-4.1.3-2.fc16 Details about builds: ================================================================================ asterisk-1.8.15.1-1.fc16 (FEDORA-2012-13437) The Open Source PBX -------------------------------------------------------------------------------- Update Information: The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones resolve the following two issues: * A permission escalation vulnerability in Asterisk Manager Interface. This would potentially allow remote authenticated users the ability to execute commands on the system shell with the privileges of the user running the Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt file delivered with Asterisk has been updated due to this and other related vulnerabilities fixed in previous versions of Asterisk. * When an IAX2 call is made using the credentials of a peer defined in a dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are not applied to the call attempt. This allows for a remote attacker who is aware of a peer's credentials to bypass the ACL rules set for that peer. These issues and their resolutions are described in the security advisories. For more information about the details of these vulnerabilities, please read security advisories AST-2012-012 and AST-2012-013, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert7 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.15.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1-digiumphones The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2012-012.pdf * http://downloads.asterisk.org/pub/security/AST-2012-013.pdf -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 4 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.8.15.1-1 - The Asterisk Development Team has announced security releases for Certified - Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are - released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones - resolve the following two issues: - - * A permission escalation vulnerability in Asterisk Manager Interface. This - would potentially allow remote authenticated users the ability to execute - commands on the system shell with the privileges of the user running the - Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt - file delivered with Asterisk has been updated due to this and other related - vulnerabilities fixed in previous versions of Asterisk. - - * When an IAX2 call is made using the credentials of a peer defined in a - dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that - peer are not applied to the call attempt. This allows for a remote attacker - who is aware of a peer's credentials to bypass the ACL rules set for that - peer. - - These issues and their resolutions are described in the security advisories. - - For more information about the details of these vulnerabilities, please read - security advisories AST-2012-012 and AST-2012-013, which were released at the - same time as this announcement. - - For a full list of changes in the current releases, please see the ChangeLogs: - - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert7 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.15.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1-digiumphones - - The security advisories are available at: - - * http://downloads.asterisk.org/pub/security/AST-2012-012.pdf - * http://downloads.asterisk.org/pub/security/AST-2012-013.pdf * Tue Sep 4 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.8.15.0-1 - The Asterisk Development Team has announced the release of Asterisk 1.8.15.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 1.8.15.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release: - - * --- Fix deadlock potential with ast_set_hangupsource() calls. - (Closes issue ASTERISK-19801. Reported by Alec Davis) - - * --- Fix request routing issue when outboundproxy is used. - (Closes issue ASTERISK-20008. Reported by Marcus Hunger) - - * --- Make the address family filter specific to the transport. - (Closes issue ASTERISK-16618. Reported by Leif Madsen) - - * --- Fix NULL pointer segfault in ast_sockaddr_parse() - (Closes issue ASTERISK-20006. Reported by Michael L. Young) - - * --- Do not perform install on existing directories - (Closes issue ASTERISK-19492. Reported by Karl Fife) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.15.0 * Tue Sep 4 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.8.14.1-1 - The Asterisk Development Team has announced the release of Asterisk 1.8.14.1. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 1.8.14.1 resolves an issue reported by the - community and would have not been possible without your participation. - Thank you! - - The following is the issue resolved in this release: - - * --- Remove a superfluous and dangerous freeing of an SSL_CTX. - (Closes issue ASTERISK-20074. Reported by Trevor Helmsley) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.1 * Tue Sep 4 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.8.14.0-1 - The Asterisk Development Team has announced the release of Asterisk 1.8.14.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 1.8.14.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release: - - * --- format_mp3: Fix a possible crash in mp3_read(). - (Closes issue ASTERISK-19761. Reported by Chris Maciejewsk) - - * --- Fix local channel chains optimizing themselves out of a call. - (Closes issue ASTERISK-16711. Reported by Alec Davis) - - * --- Update a peer's LastMsgsSent when the peer is notified of - waiting messages - (Closes issue ASTERISK-17866. Reported by Steve Davies) - - * --- Prevent sip_pvt refleak when an ast_channel outlasts its - corresponding sip_pvt. - (Closes issue ASTERISK-19425. Reported by David Cunningham) - - * --- Send more accurate identification information in dialog-info SIP - NOTIFYs. - (Closes issue ASTERISK-16735. Reported by Maciej Krajewski) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.0 * Tue Sep 4 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.8.13.1-1 - The Asterisk Development Team has announced security releases for Certified - Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are - released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones - resolve the following two issues: - - * If Asterisk sends a re-invite and an endpoint responds to the re-invite with - a provisional response but never sends a final response, then the SIP dialog - structure is never freed and the RTP ports for the call are never released. If - an attacker has the ability to place a call, they could create a denial of - service by using all available RTP ports. - - * If a single voicemail account is manipulated by two parties simultaneously, - a condition can occur where memory is freed twice causing a crash. - - These issues and their resolution are described in the security advisories. - - For more information about the details of these vulnerabilities, please read - security advisories AST-2012-010 and AST-2012-011, which were released at the - same time as this announcement. - - For a full list of changes in the current releases, please see the ChangeLogs: - - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert4 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.13.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2-digiumphones - - The security advisories are available at: - - * http://downloads.asterisk.org/pub/security/AST-2012-010.pdf - * http://downloads.asterisk.org/pub/security/AST-2012-011.pdf * Tue Sep 4 2012 Jeffrey Ollie <jeff@xxxxxxxxxx> - 1.8.13.0-1 - The Asterisk Development Team has announced the release of Asterisk 1.8.13.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 1.8.13.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release: - - * --- Turn off warning message when bind address is set to any. - (Closes issue ASTERISK-19456. Reported by Michael L. Young) - - * --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit - machines - (Closes issue ASTERISK-19727. Reported by Ben Klang) - - * --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply - before disconnecting the call. - (Closes issue ASTERISK-19708. Reported by mehdi Shirazi) - - * --- Fix recalled party B feature flags for a failed DTMF atxfer. - (Closes issue ASTERISK-19383. Reported by lgfsantos) - - * --- Fix DTMF atxfer running h exten after the wrong bridge ends. - (Closes issue ASTERISK-19717. Reported by Mario) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.13.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #853541 - CVE-2012-2186 Asterisk: Asterisk Manager User Unauthorized Shell Access https://bugzilla.redhat.com/show_bug.cgi?id=853541 -------------------------------------------------------------------------------- ================================================================================ bfa-firmware-3.0.3.1-1.fc16 (FEDORA-2012-13410) Brocade Fibre Channel HBA Firmware -------------------------------------------------------------------------------- Update Information: Update bfa-firmware to 3.0.3.1. In the absence of any real release notes or any information on what this package updates, I provide some lyrics: There is a flower within my heart, Daisy, Daisy, Planted one day by a glancing dart, Planted by Daisy Bell. Whether she loves me or loves me not Sometimes it's hard to tell, And yet I am longing to share the lot Of beautiful Daisy Bell. Daisy, Daisy, give me your answer, do, I'm half crazy all for the love of you. It won't be a stylish marriage -- I can't afford a carriage, But you'd look sweet upon the seat Of a bicycle built for two. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 3.0.3.1-1 - update to 3.0.3.1 * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jan 12 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ dogtag-pki-9.0.0-12.fc16 (FEDORA-2012-13446) Dogtag Public Key Infrastructure (PKI) Suite -------------------------------------------------------------------------------- Update Information: Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 4 2012 Matthew Harmsen <mharmsen@xxxxxxxxxx> 9.0.0-12 - Updated PKI versions on Fedora 16/Fedora 17 to coincide with latest packages * Tue Apr 10 2012 Christina Fu <cfu@xxxxxxxxxx> 9.0.0-11 - Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived -------------------------------------------------------------------------------- ================================================================================ dogtag-pki-theme-9.0.12-1.fc16 (FEDORA-2012-13442) Certificate System - Dogtag PKI Theme Components -------------------------------------------------------------------------------- Update Information: Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 10 2012 Christina Fu <cfu@xxxxxxxxxx> 9.0.12-1 - Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived -------------------------------------------------------------------------------- ================================================================================ erlang-meck-0.7.2-1.fc16 (FEDORA-2012-13444) A mocking library for Erlang -------------------------------------------------------------------------------- Update Information: * Update to 0.7.2 (see rhbz #854546) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Peter Lemenkov <lemenkov@xxxxxxxxx> - 0.7.2-1 - Ver. 0.7.2 * Wed Aug 15 2012 Peter Lemenkov <lemenkov@xxxxxxxxx> - 0.7.1-4 - Fix for EL5 * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu May 17 2012 Peter Lemenkov <lemenkov@xxxxxxxxx> - 0.7.1-2 - Pick up all missing requires -------------------------------------------------------------------------------- References: [ 1 ] Bug #854546 - Upgrade erlang-meck to the version 0.7.2 https://bugzilla.redhat.com/show_bug.cgi?id=854546 -------------------------------------------------------------------------------- ================================================================================ fedora-logos-16.0.2-2.fc16 (FEDORA-2012-13440) Fedora-related icons and pictures -------------------------------------------------------------------------------- Update Information: Kill off old and unused grub1 splash art. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 4 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 16.0.2-2 - drop grub1 art (nothing uses it anymore) -------------------------------------------------------------------------------- References: [ 1 ] Bug #751340 - fedora-logos contains /boot/grub/splash.xpm.gz, which is obsolete https://bugzilla.redhat.com/show_bug.cgi?id=751340 -------------------------------------------------------------------------------- ================================================================================ libgadu-1.11.2-1.fc16 (FEDORA-2012-13445) A Gadu-gadu protocol compatible communications library -------------------------------------------------------------------------------- Update Information: * Fixed SSL support via GnuTLS * Fixed library specification for pkg-config * Fixed name resolution for systems without gethostbyname_r (e.g. BSD family) * Fixed invalid UTF-8 sequences conversion * Fixed name resolution in single-threaded applications -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 4 2012 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 1.11.2-1 - updated to 1.11.2 (bug 782047) - dropped obsolete patch - fix build (Dan Winship, bug 851676) * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.11.0-2.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.11.0-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #782047 - libgadu-1.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=782047 [ 2 ] Bug #851676 - libgadu ftbfs https://bugzilla.redhat.com/show_bug.cgi?id=851676 -------------------------------------------------------------------------------- ================================================================================ libnetfilter_cttimeout-1.0.0-1.fc16 (FEDORA-2012-13454) Timeout policy tuning for Netfilter/conntrack -------------------------------------------------------------------------------- Update Information: A library required for new versions of conntrack-tools. -------------------------------------------------------------------------------- ================================================================================ libvdpau-0.5-1.fc16 (FEDORA-2012-13465) Wrapper library for the Video Decode and Presentation API -------------------------------------------------------------------------------- Update Information: This version of libvdpau includes workarounds for two bugs in the Adobe® Flash® Player: * Flash swaps the Cb and Cr arguments when it calls VdpVideoSurfacePutBitsYCbCr. This generally makes videos that use this method of uploading images have a slightly bluish tinge, especially on skin tones. The workaround simply swaps the Cb and Cr arguments to this function. This workaround is applied if "libflashplayer" is found in /proc/self/cmdline and the string "enable_flash_uv_swap=1" is found in /etc/vdpau_wrapper.cfg. * Even though it does not depend on a specific color key color, Flash sets the color to pure black or pure white, which causes video to bleed through into other windows when those colors are used. The workaround simply ignores requests to change the color key value. This workaround is applied if "libflashplayer" is found in /proc/self/cmdline and the string "disable_flash_pq_bg_color=1" is found in /etc/vdpau_wrapper.cfg. This release also contains a fix for a memory leak that occurs hen libvdpau is unloaded. Add a workaround for adobe flash-plugin -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Nicolas Chauvet <kwizart@xxxxxxxxx> - 0.5-1 - Update to 0.5 * Sun Aug 19 2012 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.4.1-9 - Added flash workarounds * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed Apr 25 2012 Nicolas Chauvet <kwizart@xxxxxxxxx> - 0.4.1-7 - Fetch current backport * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ livecd-tools-16.16-1.fc16 (FEDORA-2012-13481) Tools for building live CDs -------------------------------------------------------------------------------- Update Information: Add support for F18 images to livecd-iso-to-disk -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Brian C. Lane <bcl@xxxxxxxxxx> 16.16-1 - Version 16.16 (bcl) - use cp -r instead of -a (bcl) - New location for GRUB2 config on UEFI (#851220) (bcl) -------------------------------------------------------------------------------- References: [ 1 ] Bug #851220 - EFI syslinux contains wrong path to kernel pair https://bugzilla.redhat.com/show_bug.cgi?id=851220 -------------------------------------------------------------------------------- ================================================================================ mediawiki-intersection-37906-1.fc16 (FEDORA-2012-13452) Create a list of pages that are listed in a set of categories -------------------------------------------------------------------------------- Update Information: Outputs a bulleted list of most recent items residing in a category, or an intersection of several categories. DynamicPageList is another name for this extension. -------------------------------------------------------------------------------- References: [ 1 ] Bug #851747 - Review Request: mediawiki-intersection - Create a list of pages that are listed in a set of categories https://bugzilla.redhat.com/show_bug.cgi?id=851747 -------------------------------------------------------------------------------- ================================================================================ moin-1.9.4-3.fc16 (FEDORA-2012-13400) MoinMoin is a WikiEngine to collaborate on easily editable web pages -------------------------------------------------------------------------------- Update Information: Fix CVE-2012-4404 -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Ville-Pekka Vainio <vpvainio AT iki.fi> - 1.9.4-3 - Fix CVE-2012-4404 * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.9.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #854730 - CVE-2012-4404 moin: Improper ACL rules enforcement due to a bug in the way virtual groups were handled previously during ACL evaluation https://bugzilla.redhat.com/show_bug.cgi?id=854730 -------------------------------------------------------------------------------- ================================================================================ nut-2.6.5-2.fc16 (FEDORA-2012-13455) Network UPS Tools -------------------------------------------------------------------------------- Update Information: - fixed pthread issue - no longer requires devel files to run -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.6.5-2 - do not depend on devel files (#838139) -------------------------------------------------------------------------------- References: [ 1 ] Bug #838139 - nut relies on presence of /lib64/libusb.so for communication with USB-connected UPS https://bugzilla.redhat.com/show_bug.cgi?id=838139 -------------------------------------------------------------------------------- ================================================================================ paps-0.6.8-20.fc16 (FEDORA-2012-13469) Plain Text to PostScript converter -------------------------------------------------------------------------------- Update Information: Add a missing description of --encoding in manpage. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Akira TAGOH <tagoh@xxxxxxxxxx> - 0.6.8-20 - Add a missing description of --encoding in manpage. (#854897) * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6.8-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed Jan 11 2012 Akira TAGOH <tagoh@xxxxxxxxxx> - 0.6.8-18 - Use %{_cups_serverbin} instead of the hardcoded path. (#772240) -------------------------------------------------------------------------------- References: [ 1 ] Bug #854897 - paps - Inconsistency between man page and help https://bugzilla.redhat.com/show_bug.cgi?id=854897 -------------------------------------------------------------------------------- ================================================================================ perl-5.14.2-199.fc16 (FEDORA-2012-13421) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information: Remove useless perl-devel dependency from perl-Test-Harness. Move App::Cpan from perl-Test-Harness to perl-CPAN. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 4:5.14.2-199 - Remove perl-devel dependency from perl-Test-Harness and perl-Test-Simple - Move App::Cpan from perl-Test-Harness to perl-CPAN (bug #854577) -------------------------------------------------------------------------------- References: [ 1 ] Bug #854577 - APP::Cpan bundled with perl-Test-Harness https://bugzilla.redhat.com/show_bug.cgi?id=854577 -------------------------------------------------------------------------------- ================================================================================ pki-core-9.0.22-1.fc16 (FEDORA-2012-13441) Certificate System - PKI Core Components -------------------------------------------------------------------------------- Update Information: Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 22 2012 Ade Lee <alee@xxxxxxxxxx> 9.0.22-1 - Reverted selinux changes that broke f16 selinux policy. - Reapplied those changes as a modified patch to f17 build. * Fri Jul 20 2012 Ade Lee <alee@xxxxxxxxxx> 9.0.21-1 - Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag -------------------------------------------------------------------------------- ================================================================================ pki-kra-9.0.12-1.fc16 (FEDORA-2012-13418) Certificate System - Data Recovery Manager -------------------------------------------------------------------------------- Update Information: Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 10 2012 Christina Fu <cfu@xxxxxxxxxx> 9.0.12-1 - Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived -------------------------------------------------------------------------------- ================================================================================ pki-ra-9.0.5-2.fc16 (FEDORA-2012-13473) Certificate System - Registration Authority -------------------------------------------------------------------------------- Update Information: Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Matthew Harmsen <mharmsen@xxxxxxxxxx> 9.0.5-2 - Added 'systemd-units' buildtime requirement on Fedora 16 (required by Koji) * Wed Aug 22 2012 Ade Lee <alee@xxxxxxxxxx> 9.0.5-1 - Added systemd scripts -------------------------------------------------------------------------------- ================================================================================ pki-tps-9.0.8-1.fc16 (FEDORA-2012-13401) Certificate System - Token Processing System -------------------------------------------------------------------------------- Update Information: Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 22 2012 Ade Lee <alee@xxxxxxxxxx> 9.0.8-1 - Added systemd scripts * Tue Aug 7 2012 Nathan Kinder <nkinder@xxxxxxxxxx> 9.0.7-4 - The API changed between httpd 2.2 and 2.4. We now need to pass the module index to ap_log_error() when calling it. The remote_ip member of the connection struct also was renamed to client_ip. (Patch for Fedora 18 only) * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 9.0.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 9.0.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ plymouth-0.8.4-0.20110822.6.fc16 (FEDORA-2012-13477) Graphical Boot Animation and Logger -------------------------------------------------------------------------------- Update Information: This update may fix a stall at boot up. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Ray Strode <rstrode@xxxxxxxxxx> 0.8.4-0.20110822.6 - May fix stall at boot splash exit for some users Resolves: #787512 -------------------------------------------------------------------------------- References: [ 1 ] Bug #787512 - plymouthd hangs while eating 100% (!loop->should_exit) https://bugzilla.redhat.com/show_bug.cgi?id=787512 -------------------------------------------------------------------------------- ================================================================================ presence-0.4.8-1.fc16 (FEDORA-2012-13487) Bi-directional audio/video connections -------------------------------------------------------------------------------- Update Information: UI improvements for easier streaming. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 4 2012 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.4.8-1 - New upstream release with bugfix * Mon Sep 3 2012 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.4.7-1 - New upstream release - Drop unneeded patch * Mon Sep 3 2012 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.4.6-3 - Rebuilt against new cogl * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-moksha-common-1.0.0-4.fc16 (FEDORA-2012-13490) Common components for Moksha -------------------------------------------------------------------------------- Update Information: Initial import (#854605). -------------------------------------------------------------------------------- ================================================================================ qpid-cpp-0.18-1.1.fc16 (FEDORA-2012-13472) Libraries for Qpid C++ client applications -------------------------------------------------------------------------------- Update Information: Rebased on Qpid 0.18. Merged qpid-cpp-server-daemon back into qpid-cpp-server. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.18-1.1 - Merged the qpid-cpp-server-daemon package back into qpid-cpp-server - Resolves: BZ#854263 * Wed Sep 5 2012 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.18-1 - Rebased on Qpid release 0.18. - Added the new HA subpackage: qpid-cpp-server-ha -------------------------------------------------------------------------------- References: [ 1 ] Bug #854263 - New subpackage qpid-cpp-server-daemon broked upgrades https://bugzilla.redhat.com/show_bug.cgi?id=854263 -------------------------------------------------------------------------------- ================================================================================ rubygem-boxgrinder-build-0.10.4-1.fc16 (FEDORA-2012-13404) A tool for creating appliances from simple plain text files -------------------------------------------------------------------------------- Update Information: Remove hashery dependency to enable >F17 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 4 2012 Marc Savy <msavy@xxxxxxxxxx> - 0.10.4-1 - Upstream release: 0.10.4 - [BGBUILD-373] Remove hashery dependency -------------------------------------------------------------------------------- ================================================================================ rubygem-boxgrinder-core-0.3.14-1.fc16 (FEDORA-2012-13462) Core library for BoxGrinder -------------------------------------------------------------------------------- Update Information: Remove hashery dependency to enable >F17 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 4 2012 Marc Savy <msavy@xxxxxxxxxx> - 0.3.14-1 - Upstream release: 0.3.14 - [BGBUILD-373] Remove hashery dependency -------------------------------------------------------------------------------- ================================================================================ rubygem-pdf-reader-1.1.1-6.fc16 (FEDORA-2012-13478) Ruby library to parse PDF files -------------------------------------------------------------------------------- Update Information: new package -------------------------------------------------------------------------------- ================================================================================ smokeping-2.4.2-17.fc16 (FEDORA-2012-13411) Latency Logging and Graphing System -------------------------------------------------------------------------------- Update Information: * Fix an issue with updated fping * Apache httpd is the only webserver working with this smokeping package out of the box -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Terje Rosten <terje.rosten@xxxxxxx> - 2.4.2-17 - Fix fping issue (bz #854572) - Explicit dep on httpd (not just webserver) (bz #854804) -------------------------------------------------------------------------------- References: [ 1 ] Bug #854572 - fping-3.3-2.fc16.x86_64 breaks smokeping https://bugzilla.redhat.com/show_bug.cgi?id=854572 [ 2 ] Bug #854804 - incorrect permissions on /var/lib/smokeping/images if smokeping installed before httpd https://bugzilla.redhat.com/show_bug.cgi?id=854804 -------------------------------------------------------------------------------- ================================================================================ tcl-signal-1.4-4.fc16 (FEDORA-2012-13447) This extension adds dynamically loadable signal handling to Tcl/Tk scripts -------------------------------------------------------------------------------- Update Information: This extension adds dynamically loadable signal handling to cl/Tk scripts. Note that the library has been renamed to libtclsignal-1.4.so for ease in linking and to prevent conflicts. -------------------------------------------------------------------------------- ================================================================================ tryton-2.0.5-1.fc16 (FEDORA-2012-13483) Client for the Tryton application framework -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.5-1 - new upstream version 2.0.5 -------------------------------------------------------------------------------- ================================================================================ trytond-account-2.0.5-1.fc16 (FEDORA-2012-13483) account module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.5-1 - new upstream version 2.0.5 -------------------------------------------------------------------------------- ================================================================================ trytond-account-statement-2.0.1-1.fc16 (FEDORA-2012-13483) account-statement module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.1-1 - new upstream version 2.0.1 -------------------------------------------------------------------------------- ================================================================================ trytond-calendar-2.0.2-1.fc16 (FEDORA-2012-13483) calendar module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.2-1 - new upstream version 2.0.2 -------------------------------------------------------------------------------- ================================================================================ trytond-calendar-scheduling-2.0.3-1.fc16 (FEDORA-2012-13483) calendar-scheduling module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.3-1 - new upstream version 2.0.3 -------------------------------------------------------------------------------- ================================================================================ trytond-calendar-todo-2.0.1-1.fc16 (FEDORA-2012-13483) calendar-todo module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.1-1 - new upstream version 2.0.1 -------------------------------------------------------------------------------- ================================================================================ trytond-party-vcarddav-2.0.2-1.fc16 (FEDORA-2012-13483) party-vcarddav module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.2-1 - new upstream version 2.0.2 -------------------------------------------------------------------------------- ================================================================================ trytond-product-2.0.2-1.fc16 (FEDORA-2012-13483) product module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.2-1 - new upstream version 2.0.2 -------------------------------------------------------------------------------- ================================================================================ trytond-stock-2.0.4-1.fc16 (FEDORA-2012-13483) stock module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.4-1 - new upstream version 2.0.4 -------------------------------------------------------------------------------- ================================================================================ trytond-stock-supply-2.0.3-1.fc16 (FEDORA-2012-13483) stock-supply module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.3-1 - new upstream version 2.0.3 -------------------------------------------------------------------------------- ================================================================================ trytond-timesheet-2.0.1-1.fc16 (FEDORA-2012-13483) timesheet module for Tryton -------------------------------------------------------------------------------- Update Information: update to latest upstream bugfix releases -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 5 2012 Dan Horák <dan@xxxxxxxx> - 2.0.1-1 - new upstream version 2.0.1 -------------------------------------------------------------------------------- ================================================================================ vlgothic-fonts-20120905-1.fc16 (FEDORA-2012-12969) Japanese TrueType font -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Akira TAGOH <tagoh@xxxxxxxxxx> - 20120905-1 - New upstream release. (#854525) * Wed Aug 29 2012 Akira TAGOH <tagoh@xxxxxxxxxx> - 20120829-1 - New upstream release. (#852673) * Mon Aug 27 2012 Akira TAGOH <tagoh@xxxxxxxxxx> - 20120827-1 - New upstream release. (#851879) * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 20120629-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #851879 - vlgothic-fonts-20120827 is available https://bugzilla.redhat.com/show_bug.cgi?id=851879 [ 2 ] Bug #852673 - vlgothic-fonts-20120829 is available https://bugzilla.redhat.com/show_bug.cgi?id=852673 [ 3 ] Bug #854525 - vlgothic-fonts-20120905 is available https://bugzilla.redhat.com/show_bug.cgi?id=854525 -------------------------------------------------------------------------------- ================================================================================ wordpress-3.4.2-2.fc16 (FEDORA-2012-13488) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: Upstream security update -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Matej Cepl <mcepl@xxxxxxxxxx> - 3.4.2-2 - Upstream security update. * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xen-4.1.3-2.fc16 (FEDORA-2012-13443) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141) -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 6 2012 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.1.3-2 - 6 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141) -------------------------------------------------------------------------------- References: [ 1 ] Bug #851139 - CVE-2012-3494 kernel: xen: hypercall set_debugreg vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=851139 [ 2 ] Bug #851165 - CVE-2012-3495 kernel: xen: hypercall physdev_get_free_pirq vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=851165 [ 3 ] Bug #851172 - CVE-2012-3496 kernel: xen: XENMEM_populate_physmap DoS vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=851172 [ 4 ] Bug #851193 - CVE-2012-3498 kernel: xen: PHYSDEVOP_map_pirq index vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=851193 [ 5 ] Bug #851252 - CVE-2012-3515 qemu: VT100 emulation vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=851252 [ 6 ] Bug #855140 - CVE-2012-4411 xen: qemu: guest administrator can access qemu monitor console https://bugzilla.redhat.com/show_bug.cgi?id=855140 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test