Fedora 16 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 16 Security updates need testing:
 Age  URL
   2  https://admin.fedoraproject.org/updates/FEDORA-2012-13665/blender-2.59-7.fc16
   2  https://admin.fedoraproject.org/updates/FEDORA-2012-13656/mcrypt-2.6.8-9.fc16
   2  https://admin.fedoraproject.org/updates/FEDORA-2012-13649/munin-2.0.6-2.fc16
  12  https://admin.fedoraproject.org/updates/FEDORA-2012-12984/pcp-3.6.6-1.fc16
  65  https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16
  20  https://admin.fedoraproject.org/updates/FEDORA-2012-12514/tor-0.2.2.38-1600.fc16
  37  https://admin.fedoraproject.org/updates/FEDORA-2012-11526/dokuwiki-0-0.11.20120125.b.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-13839/ghostscript-9.05-2.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-13824/libxml2-2.7.8-8.fc16
  10  https://admin.fedoraproject.org/updates/FEDORA-2012-13127/java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16
   8  https://admin.fedoraproject.org/updates/FEDORA-2012-13266/ypserv-2.29-1.fc16
   4  https://admin.fedoraproject.org/updates/FEDORA-2012-13437/asterisk-1.8.15.1-1.fc16
  68  https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16
   4  https://admin.fedoraproject.org/updates/FEDORA-2012-13400/moin-1.9.4-3.fc16
   4  https://admin.fedoraproject.org/updates/FEDORA-2012-13488/wordpress-3.4.2-2.fc16
   4  https://admin.fedoraproject.org/updates/FEDORA-2012-13443/xen-4.1.3-2.fc16


The following Fedora 16 Critical Path updates have yet to be approved:
 Age URL
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-13845/perl-5.14.2-200.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-13824/libxml2-2.7.8-8.fc16
   1  https://admin.fedoraproject.org/updates/FEDORA-2012-13755/sane-backends-1.0.23-4.fc16
   2  https://admin.fedoraproject.org/updates/FEDORA-2012-13681/python-alsa-1.0.26-1.fc16,alsa-plugins-1.0.26-1.fc16,alsa-tools-1.0.26.1-1.fc16,alsa-utils-1.0.26-1.fc16,alsa-lib-1.0.26-1.fc16
   2  https://admin.fedoraproject.org/updates/FEDORA-2012-13616/fontconfig-2.8.0-8.fc16
   4  https://admin.fedoraproject.org/updates/FEDORA-2012-13481/livecd-tools-16.16-1.fc16
   4  https://admin.fedoraproject.org/updates/FEDORA-2012-13477/plymouth-0.8.4-0.20110822.6.fc16
   4  https://admin.fedoraproject.org/updates/FEDORA-2012-13440/fedora-logos-16.0.2-2.fc16
   7  https://admin.fedoraproject.org/updates/FEDORA-2012-13326/xorg-x11-drv-intel-2.20.6-1.fc16
   8  https://admin.fedoraproject.org/updates/FEDORA-2012-13237/liboauth-0.9.7-1.fc16
The following builds have been pushed to Fedora 16 updates-testing

    ejabberd-2.1.11-5.fc16
    erlang-R15B-02.1.fc16
    ghostscript-9.05-2.fc16
    libxml2-2.7.8-8.fc16
    lm_sensors-3.3.2-4.fc16
    mc-4.8.5-1.fc16
    nut-2.6.5-3.fc16
    perl-5.14.2-200.fc16
    pki-core-9.0.23-1.fc16
    python-qpid-0.18-1.fc16

Details about builds:


================================================================================
 ejabberd-2.1.11-5.fc16 (FEDORA-2012-13837)
 A distributed, fault-tolerant Jabber/XMPP server
--------------------------------------------------------------------------------
Update Information:

- Cherry-picked three new patches from upstream trunk
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 10 2012 Peter Lemenkov <lemenkov@xxxxxxxxx> - 2.1.11-5
- Cherry-picked three new patches from upstream trunk
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.11-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 erlang-R15B-02.1.fc16 (FEDORA-2012-13844)
 General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:

* Ver. R15B02 (bugfix release)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 10 2012 Peter Lemenkov <lemenkov@xxxxxxxxx> - R15B-02.1
- Ver. R15B02
* Wed Aug 15 2012 Karsten Hopp <karsten@xxxxxxxxxx> R15B-01.4.2
- set BASE_OPTIONS to -Xmx1536m on ppc*
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - R15B-01.4.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #855055 - erlang-15B02 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=855055
--------------------------------------------------------------------------------


================================================================================
 ghostscript-9.05-2.fc16 (FEDORA-2012-13839)
 A PostScript interpreter and renderer
--------------------------------------------------------------------------------
Update Information:

This update removes some bundled libraries, notably icclib. This avoids security issue CVE-2012-4405.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 11 2012 Tim Waugh <twaugh@xxxxxxxxxx> 9.05-2
- Removed more bundled packages (bug #816747). In particular, icclib
  is no longer bundled (bug #856060, CVE-2012-4405).
* Thu Feb  9 2012 Tim Waugh <twaugh@xxxxxxxxxx>
- Avoid mixed tabs and spaces in spec file.
* Thu Feb  9 2012 Tim Waugh <twaugh@xxxxxxxxxx> 9.05-1
- 9.05.
* Fri Jan  6 2012 Tim Waugh <twaugh@xxxxxxxxxx> 9.04-9
- Use %_cups_serverbin macro.
* Fri Jan  6 2012 Tim Waugh <twaugh@xxxxxxxxxx> 9.04-8
- Rebuilt for GCC 4.7.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #854227 - CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write
        https://bugzilla.redhat.com/show_bug.cgi?id=854227
--------------------------------------------------------------------------------


================================================================================
 libxml2-2.7.8-8.fc16 (FEDORA-2012-13824)
 Library providing XML and HTML support
--------------------------------------------------------------------------------
Update Information:

lot of security bug fixes
Lots of security patches
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 11 2012 Daniel Veillard <veillard@xxxxxxxxxx> - 2.7.8-8
- previous build broken due to failure to use the versioning script
  rebuilding with automake and autoconf
* Mon Sep 10 2012 Daniel Veillard <veillard@xxxxxxxxxx> - 2.7.8-7
- Fixes for CVE-2011-3919 CVE-2011-3905 CVE-2011-2834 (rhbz#772122)
- Fixes for CVE-2012-2807 (843743)
- Fixes for CVE-2012-0841 (795698)
- Fix for CVE-2011-1944 (709750)
- Fix for CVE-2011-0216 (755813)
- Fix for CVE-2011-2821 (735715)
- Fix for CVE-2011-3102 (822171)
- Fix some potential problems on reallocation failures
- Hardening of XPath evaluation
- Fix an off by one error in encoding
- Fix missing error status in XPath evaluation
- Make sure the parser returns when getting a Stop order
- Fix an allocation error when copying entities
- Add hash randomization to hash and dict structures
- Force randomization of dict and hash
- Fix a failure to report xmlreader parsing failures
- Fix parser local buffers size problems
- Fix entities local buffers size problems
- Fix an error in previous commit
- Do not fetch external parsed entities
- Impose a reasonable limit on attribute size
- Impose a reasonable limit on comment size
- Impose a reasonable limit on PI size
- Cleanups and new limit APIs for dictionaries
- Introduce some default parser limits
- Implement some default limits in the XPath module
- Fixup limits parser
- Enforce XML_PARSER_EOF state handling through the parser
- Avoid quadratic behaviour in some push parsing cases
- More avoid quadratic behaviour
- Strengthen behaviour of the push parser in problematic situations
- More fixups on the push parser behaviour
- Fix a segfault on XSD validation on pattern error
- Fix an unimplemented part in RNG value validation
- Fix an off by one pointer access
- Change the XPath code to percolate allocation errors
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #772122 - CVE-2011-3919 CVE-2011-3905 CVE-2011-2834 libxml2 various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=772122
  [ 2 ] Bug #843743 - CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=843743
  [ 3 ] Bug #709750 - CVE-2011-1944 libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=709750
  [ 4 ] Bug #735715 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=735715
  [ 5 ] Bug #822171 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=822171
  [ 6 ] Bug #755813 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=755813
  [ 7 ] Bug #795698 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=795698
--------------------------------------------------------------------------------


================================================================================
 lm_sensors-3.3.2-4.fc16 (FEDORA-2012-13825)
 Hardware monitoring tools
--------------------------------------------------------------------------------
Update Information:

#728583 - sensord doesn't start

Native systemd file has been merged to f17 and f16 branches.

everyone on arm must update
new upstream version
new upstream version
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 11 2012 Jaromir Capik <jcapik@xxxxxxxxxx> - 3.3.2-4
- Fixing missing sensord subpackage name in second postun scriptlet
* Tue Sep 11 2012 Jaromir Capik <jcapik@xxxxxxxxxx> - 3.3.2-3
- #728583 - sensord doesn't start
- merged from f18/f19 branch (commit 373ef7f2509bf59beeb5709272ed24148da54538)
* Mon Apr  2 2012 Nikola Pajkovsky <npajkovs@xxxxxxxxxx> - 3.3.2-2
- rhbz#806364 - sensors-detect fails with "/sys/bus/pci/devices: No such file or directory at /usr/sbin/sensors-detect line 2895"
  PCI bus is always required even if it might be missing on
  some platforms. So don't choke is it is missing. Patch from
  Jaromir Capik
* Thu Mar 15 2012 Nikola Pajkovsky <npajkovs@xxxxxxxxxx> - 3.3.2-1
- upstream lm-sensors-3.3.2
* Mon Feb 13 2012 Nikola Pajkovsky <npajkovs@xxxxxxxxxx> - 3.3.1-3
- 789761 - Provide native systemd service
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #728583 - sensord doesn't start
        https://bugzilla.redhat.com/show_bug.cgi?id=728583
  [ 2 ] Bug #806364 - sensors-detect fails with "/sys/bus/pci/devices: No such file or directory at /usr/sbin/sensors-detect line 2895."
        https://bugzilla.redhat.com/show_bug.cgi?id=806364
  [ 3 ] Bug #803285 - lm_sensors-3.3.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=803285
--------------------------------------------------------------------------------


================================================================================
 mc-4.8.5-1.fc16 (FEDORA-2012-13848)
 User-friendly text console file manager and visual shell
--------------------------------------------------------------------------------
Update Information:

Update to 4.8.5.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 10 2012 Jindrich Novy <jnovy@xxxxxxxxxx> 4.8.5-1
- update to 4.8.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #854876 - mc - Inconsistency between man page and help
        https://bugzilla.redhat.com/show_bug.cgi?id=854876
  [ 2 ] Bug #844392 - File > Exit menu problem in mc-4.8.4-2.fc17
        https://bugzilla.redhat.com/show_bug.cgi?id=844392
  [ 3 ] Bug #844352 - Error dialog when opening archives
        https://bugzilla.redhat.com/show_bug.cgi?id=844352
  [ 4 ] Bug #840382 - midnight commander doesn't panelize all files
        https://bugzilla.redhat.com/show_bug.cgi?id=840382
  [ 5 ] Bug #840278 - [abrt] mc-4.8.3-1.fc17: cpio_read: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=840278
  [ 6 ] Bug #838371 - [abrt] mc-4.8.3-1.fc17: __libc_message: Process /usr/bin/mc was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=838371
  [ 7 ] Bug #832963 - MC segfaults when executing 'relative symlink'
        https://bugzilla.redhat.com/show_bug.cgi?id=832963
  [ 8 ] Bug #830069 - [abrt] mc-4.8.3-1.fc17: __GI_raise: Process /usr/bin/mc was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=830069
  [ 9 ] Bug #829347 - [abrt] mc-4.8.3-1.fc17: cpio_super_same: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=829347
  [ 10 ] Bug #824837 - segfault
        https://bugzilla.redhat.com/show_bug.cgi?id=824837
  [ 11 ] Bug #820381 - FTP link do not work as expected
        https://bugzilla.redhat.com/show_bug.cgi?id=820381
  [ 12 ] Bug #809040 - [abrt] mc-4.8.1-2.fc16: strlen: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=809040
  [ 13 ] Bug #803489 - MC seems to block itself on select
        https://bugzilla.redhat.com/show_bug.cgi?id=803489
  [ 14 ] Bug #785706 - [abrt] mc-4.8.1-2.fc16: magazine_chain_pop_head: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=785706
  [ 15 ] Bug #754165 - [abrt] mc-4.8.0-2.fc16: load_prompt: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=754165
  [ 16 ] Bug #748763 - Cannot change ftp directory
        https://bugzilla.redhat.com/show_bug.cgi?id=748763
  [ 17 ] Bug #532784 - mc don't uses default programs for opening files
        https://bugzilla.redhat.com/show_bug.cgi?id=532784
--------------------------------------------------------------------------------


================================================================================
 nut-2.6.5-3.fc16 (FEDORA-2012-13849)
 Network UPS Tools
--------------------------------------------------------------------------------
Update Information:

- do not forget to restart nut-driver.service in postun
- fixed pthread issue
- no longer requires devel files to run

- fixed pthread issue
- no longer requires devel files to run

--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 11 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.6.5-3
- do not forget to restart nut-driver.service in postun
* Thu Sep  6 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.6.5-2
- do not depend on devel files (#838139)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #837472 - nut-driver.service not restarted after package upgrade
        https://bugzilla.redhat.com/show_bug.cgi?id=837472
  [ 2 ] Bug #838139 - nut relies on presence of /lib64/libusb.so for communication with USB-connected UPS
        https://bugzilla.redhat.com/show_bug.cgi?id=838139
--------------------------------------------------------------------------------


================================================================================
 perl-5.14.2-200.fc16 (FEDORA-2012-13845)
 Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:

This update fixes $@ value after "do" statement, syscall() return value on 64-bit platforms, matching starting byte in non-UTF-8 mode, and freeing hash entries on delete.
Remove useless perl-devel dependency from perl-Test-Harness. Move App::Cpan from perl-Test-Harness to perl-CPAN.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 11 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 4:5.14.2-200
- Clear $@ before `do' I/O error (bug #834226)
- Do not truncate syscall() return value to 32 bits (bug #838551)
- Match starting byte in non-UTF-8 mode (bug #801739)
- Free hash entries before values on delete (bug #771303)
* Wed Sep  5 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 4:5.14.2-199
- Remove perl-devel dependency from perl-Test-Harness and perl-Test-Simple
- Move App::Cpan from perl-Test-Harness to perl-CPAN (bug #854577)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #834226 - `do' does not clean $@ on success sometimes
        https://bugzilla.redhat.com/show_bug.cgi?id=834226
  [ 2 ] Bug #838551 - syscall() truncates return value to 32 bits
        https://bugzilla.redhat.com/show_bug.cgi?id=838551
  [ 3 ] Bug #801739 - Regression with /i, latin1 chars
        https://bugzilla.redhat.com/show_bug.cgi?id=801739
  [ 4 ] Bug #771303 - Perl crashes on double free in void context when deleting hash entry that destroys value before
        https://bugzilla.redhat.com/show_bug.cgi?id=771303
  [ 5 ] Bug #854577 - APP::Cpan bundled with perl-Test-Harness
        https://bugzilla.redhat.com/show_bug.cgi?id=854577
--------------------------------------------------------------------------------


================================================================================
 pki-core-9.0.23-1.fc16 (FEDORA-2012-13823)
 Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #852855 - rhcs81 - remove unexpected anonymous binds to internal db in cert status thread
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep  7 2012 Matthew Harmsen <mharmsen@xxxxxxxxxx> 9.0.23-1
- TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks
  in an instance (support for non-default instance names) (mharmsen)
- Bugzilla Bug #852855 - rhcs81 - remove unexpected anonymous binds to
  internal db in cert status thread. (jmagne)
* Wed Aug 22 2012 Ade Lee <alee@xxxxxxxxxx> 9.0.22-1
- Reverted selinux changes that broke f16 selinux policy.
- Reapplied those changes as a modified patch to f17 build.
* Fri Jul 20 2012 Ade Lee <alee@xxxxxxxxxx> 9.0.21-1
- Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag
--------------------------------------------------------------------------------


================================================================================
 python-qpid-0.18-1.fc16 (FEDORA-2012-13850)
 Python client library for AMQP
--------------------------------------------------------------------------------
Update Information:

Rebased on Qpid 0.18.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 11 2012 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.18-1
- Rebased on Qpid 0.18 release.
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux