The following Fedora 16 Security updates need testing: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15748/hostapd-0.7.3-10.fc16 93 https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16 18 https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15746/gitolite3-3.04-4.fc16 11 https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16 65 https://admin.fedoraproject.org/updates/FEDORA-2012-11526/dokuwiki-0-0.11.20120125.b.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15725/phpMyAdmin-3.5.3-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15743/freeradius-2.2.0-0.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16 96 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 16 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 22 https://admin.fedoraproject.org/updates/FEDORA-2012-14126/dbus-1.4.10-4.fc16 14 https://admin.fedoraproject.org/updates/FEDORA-2012-14707/openjpeg-1.4-14.fc16 20 https://admin.fedoraproject.org/updates/FEDORA-2012-14322/pcp-3.6.8-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-15482/perl-HTML-Template-Pro-0.9509-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-15507/ruby-1.8.7.358-4.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-15606/qemu-0.15.1-8.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-15640/libvirt-0.9.6.3-1.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 2 https://admin.fedoraproject.org/updates/FEDORA-2012-15556/nss-util-3.13.6-1.fc16,nss-softokn-3.13.6-1.fc16,nss-3.13.6-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-15485/mdadm-3.2.5-10.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16 9 https://admin.fedoraproject.org/updates/FEDORA-2012-15131/mysql-5.5.28-1.fc16 9 https://admin.fedoraproject.org/updates/FEDORA-2012-15090/nss-3.13.5-2.fc16 11 https://admin.fedoraproject.org/updates/FEDORA-2012-14958/libfm-1.0.1-1.fc16,pcmanfm-1.0.1-1.fc16 11 https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16 The following builds have been pushed to Fedora 16 updates-testing Zim-0.57-1.fc16 eurephia-1.1.0-3.fc16 freeradius-2.2.0-0.fc16 gitolite3-3.04-4.fc16 gpodder-2.20.2-1.fc16 hostapd-0.7.3-10.fc16 josm-0-0.34.5531svn.fc16 moin-1.9.5-1.fc16 phpMyAdmin-3.5.3-1.fc16 qbittorrent-3.0.6-1.fc16 rubygem-simple_form-2.0.3-1.fc16 Details about builds: ================================================================================ Zim-0.57-1.fc16 (FEDORA-2012-15741) Desktop wiki & notekeeper -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 9 2012 Robin Lee <cheeselee@xxxxxxxxxxxxxxxxx> - 0.57-1 - Update to 0.57 (#807149, #826886) * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.56-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #807149 - [abrt] Zim-0.55-1.fc16: pageview.py:2549:paste_clipboard:AttributeError: 'NoneType' object has no attribute 'resolve_images' https://bugzilla.redhat.com/show_bug.cgi?id=807149 -------------------------------------------------------------------------------- ================================================================================ eurephia-1.1.0-3.fc16 (FEDORA-2012-15739) An advanced and flexible OpenVPN user authentication plug-in -------------------------------------------------------------------------------- Update Information: Updated against upstream v1.1.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 9 2012 David Sommerseth <dazo@xxxxxxxxxxxxxxxxxxxxx> - 1.1.0-3 - Hack to make it build on Fedora 16 * Tue Oct 9 2012 David Sommerseth <dazo@xxxxxxxxxxxxxxxxxxxxx> - 1.1.0-2 - Corrected wrong download URL for eurephia v1.1 source code * Tue Oct 9 2012 David Sommerseth <dazo@xxxxxxxxxxxxxxxxxxxxx> - 1.1.0-1 - Corrected wrong download URL for eurephia v1.1 source code * Tue Oct 9 2012 David Sommerseth <dazo@xxxxxxxxxxxxxxxxxxxxx> - 1.1.0-1 - Updated to upstream v1.1.0 * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ freeradius-2.2.0-0.fc16 (FEDORA-2012-15743) High-performance and highly configurable free RADIUS server -------------------------------------------------------------------------------- Update Information: This updates to the current upstream 2.2.0 release which is configuration compatible with the prior 2.1.12. Version 2.2.0 includes a security fix for CVE-2012-3547 Stack-based buffer overflow This update also includes a fix to prevent .rpmsave and .rpmnew files from being read from the configuration directories. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 9 2012 John Dennis <jdennis@xxxxxxxxxx> - 2.2.0-0 - Add new patch to avoid reading .rpmnew, .rpmsave and other invalid files when loading config files - Upgrade to new 2.2.0 upstream release - Upstream changelog for 2.1.12: Feature improvements * 100% configuration file compatible with 2.1.x. The only fix needed is to disallow "hashsize=0" for rlm_passwd * Update Aruba, Alcatel Lucent, APC, BT, PaloAlto, Pureware, Redback, and Mikrotik dictionaries * Switch to using SHA1 for certificate digests instead of MD5. See raddb/certs/*.cnf * Added copyright statements to the dictionaries, so that we know when people are using them. * Better documentation for radrelay and detail file writer. See raddb/modules/radrelay and raddb/radrelay.conf * Added TLS-Cert-Subject-Alt-Name-Email from patch by Luke Howard * Added -F <file> to radwho * Added query timeouts to MySQL driver. Patch from Brian De Wolf. * Add /etc/default/freeradius to debian package. Patch from Matthew Newton * Finalize DHCP and DHCP relay code. It should now work everywhere. See raddb/sites-available/dhcp, src_ipaddr and src_interface. * DHCP capabilitiies are now compiled in by default. It runs as a DHCP server ONLY when manually enabled. * Added one letter expansions: %G - request minute and %I request ID. * Added script to convert ISC DHCP lease files to SQL pools. See scripts/isc2ippool.pl * Added rlm_cache to cache arbitrary attributes. * Added max_use to rlm_ldap to force connection to be re-established after a given number of queries. * Added configtest option to Debian init scripts, and automatic config test on restart. * Added cache config item to rlm_krb5. When set to "no" ticket caching is disabled which may increase performance. Bug fixes * Fix CVE-2012-3547. All users of 2.1.10, 2.1.11, 2.1.12, and 802.1X should upgrade immediately. * Fix typo in detail file writer, to skip writing if the packet was read from this detail file. * Free cached replies when closing resumed SSL sessions. * Fix a number of issues found by Coverity. * Fix memory leak and race condition in the EAP-TLS session cache. Thanks to Phil Mayers for tracking down OpenSSL APIs. * Restrict ATTRIBUTE names to character sets that make sense. * Fix EAP-TLS session Id length so that OpenSSL doesn't get excited. * Fix SQL IPPool logic for non-timer attributes. Closes bug #181 * Change some informational messages to DEBUG rather than error. * Portability fixes for FreeBSD. Closes bug #177 * A much better fix for the _lt__PROGRAM__LTX_preloaded_symbols nonsense. * Safely handle extremely long lines in conf file variable expansion * Fix for Debian bug #606450 * Mutex lock around rlm_perl Clone routines. Patch from Eike Dehling * The passwd module no longer permits "hashsize = 0". Setting that is pointless for a host of reasons. It will also break the server. * Fix proxied inner-tunnel packets sometimes having zero authentication vector. Found by Brian Julin. * Added $(EXEEXT) to Makefiles for portability. Closes bug #188. * Fix minor build issue which would cause rlm_eap to be built twice. * When using "status_check=request" for a home server, the username and password must be specified, or the server will not start. * EAP-SIM now calculates keys from the SIM identity, not from the EAP-Identity. Changing the EAP type via NAK may result in identities changing. Bug reported by Microsoft EAP team. * Use home server src_ipaddr when sending Status-Server packets * Decrypt encrypted ERX attributes in CoA packets. * Fix registration of internal xlat's so %{mschap:...} doesn't disappear after a HUP. * Can now reference tagged attributes in expansions. e.g. %{Tunnel-Type:1} and %{Tunnel-Type:1[0]} now work. * Correct calculation of Message-Authenticator for CoA and Disconnect replies. Patch from Jouni Malinen * Install rad_counter, for managing rlm_counter files. * Add unique index constraint to all SQL flavours so that alternate queries work correctly. * The TTLS diameter decoder is now more lenient. It ignores unknown attributes, instead of rejecting the TTLS session. * Use "globfree" in detail file reader. Prevents very slow leak. Closes bug #207. * Operator =~ shouldn't copy the attribute, like :=. It should instead behave more like ==. * Build main Debian package without SQL dependencies * Use max_queue_size in threading code * Update permissions in raddb/sql/postgresql/admin.sql * Added OpenSSL_add_all_algorithms() to fix issues where OpenSSL wouldn't use methods it knew about. * Add more sanity checks in dynamic_clients code so the server won't crash if it attempts to load a badly formated client definition. * Tue Feb 7 2012 John Dennis <jdennis@xxxxxxxxxx> - 2.1.12-4 - resolves: bug#781877 (from RHEL5) rlm_dbm_parse man page misspelled - resolves: bug#760193 (from RHEL5) radtest PPPhint option is not parsed properly -------------------------------------------------------------------------------- References: [ 1 ] Bug #855909 - CVE-2012-3547 freeradius: Stack-based buffer overflow by processing certain expiration date fields of a certificate during x509 certificate validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=855909 -------------------------------------------------------------------------------- ================================================================================ gitolite3-3.04-4.fc16 (FEDORA-2012-15746) Highly flexible server for git directory version tracker -------------------------------------------------------------------------------- Update Information: Fix for path traversal vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 9 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 3.04-4 - Patch for directory traversal bug. * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.04-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jun 28 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 3.04-2 - Perl 5.16 rebuild -------------------------------------------------------------------------------- ================================================================================ gpodder-2.20.2-1.fc16 (FEDORA-2012-15742) Podcast receiver/catcher written in Python -------------------------------------------------------------------------------- Update Information: This update should fix Youtube downloads -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 9 2012 Ville-Pekka Vainio <vpvainio AT iki.fi> - 2.20.2-1 - New upstream release - Add patch from git master to fix Youtube feeds * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.20.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ hostapd-0.7.3-10.fc16 (FEDORA-2012-15748) IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -------------------------------------------------------------------------------- Update Information: EAP-TLS server: Fix TLS Message Length validation -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 8 2012 John W. Linville <linville@xxxxxxxxxx> - 0.7.3-10 - EAP-TLS: Add extra validation for TLS Message Length -------------------------------------------------------------------------------- References: [ 1 ] Bug #859918 - CVE-2012-4445 hostapd, wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages https://bugzilla.redhat.com/show_bug.cgi?id=859918 -------------------------------------------------------------------------------- ================================================================================ josm-0-0.34.5531svn.fc16 (FEDORA-2012-15721) An editor for OpenStreetMap (OSM) -------------------------------------------------------------------------------- Update Information: Update to 5531 svn revision -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 8 2012 Cédric OLIVIER <cedric.olivier@xxxxxxx> 0-0.34.5531svn - Update to 5531 svn revision -------------------------------------------------------------------------------- ================================================================================ moin-1.9.5-1.fc16 (FEDORA-2012-15750) MoinMoin is a WikiEngine to collaborate on easily editable web pages -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 8 2012 Ville-Pekka Vainio <vpvainio AT iki.fi> 1.9.5-1 - New upstream release - Drop integrated security patch -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-3.5.3-1.fc16 (FEDORA-2012-15725) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 3.5.3.0 (2012-10-08) =============================== - [interface] Browse mode "Show" button gives blank page if no results anymore - [interface] Copy Database Ajax feedback vanishes long before copying is done - [interface] GC-maxlifetime warning incorrectly displayed - [interface] Search fails with JS error when tooltips disabled - [interface] Event comments not saved - [edit] Can't enter date directly when editing inline - [interface] Inline query editor doesn't work from search results - [edit] BLOB download no longer works - [config] Error in generated configuration arrray - [GUI] Invalid HTML code in multi submits confirmation form - [interface] Designer sometimes places tables on the top menu - [core] Call to undefined function __() when config file has wrong permissions - [edit] Error searching table with many fields - [edit] Cannot copy a DB with table and views - [privileges] Incorrect updating of the list of users - [edit] cell edit date field with empty date fills in current date - [edit] current_date from function drop down fails on update - [compatibility] add support for Solaris and FreeBSD system load and memory display in server status - [import] Table import from XML file fails - [display] replace Highcharts with jqplot for Display chart - [edit] Pasting value doesn't clear null checkbox - [edit] Datepicker for date and datetime fields is broken - [security] Unspecified minor security fix by upstream, see PMASA-2012-6 (http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php) - [security] Unspecified minor security fix by upstream, see PMASA-2012-7 (http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php) -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 9 2012 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.5.3-1 - Upgrade to 3.5.3 -------------------------------------------------------------------------------- ================================================================================ qbittorrent-3.0.6-1.fc16 (FEDORA-2012-15737) A Bittorrent Client -------------------------------------------------------------------------------- Update Information: * Sun Oct 7 2012 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v3.0.6 - BUGFIX: Fix unicode support for command-line arguments on Windows (closes #139) - BUGFIX: Do not store created torrent in memory before writing it to a file (closes #133) - BUGFIX: No longer fallback to ANY interface if the user-selected interface cannot be found (closes #143) - BUGFIX: Fix timezone parsing in RSS (closes #136) - BUGFIX: Fix cookie support for RSS feeds (closes #119) -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 9 2012 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1:3.0.6-1 - update to 3.0.6 release -------------------------------------------------------------------------------- ================================================================================ rubygem-simple_form-2.0.3-1.fc16 (FEDORA-2012-15736) Flexible and powerful components to create forms -------------------------------------------------------------------------------- Update Information: SimpleForm aims to be as flexible as possible while helping you with powerful components to create your forms. The basic goal of SimpleForm is to not touch your way of defining the layout, letting you find the better design for your eyes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #859994 - Review Request: rubygem-simple_form - Flexible and powerful components to create forms https://bugzilla.redhat.com/show_bug.cgi?id=859994 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test