The following Fedora 16 Security updates need testing: Age URL 7 https://admin.fedoraproject.org/updates/FEDORA-2012-17376/seamonkey-2.13.2-1.fc16 47 https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-17388/kdelibs-4.8.5-2.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-17408/xen-4.1.3-3.fc16 20 https://admin.fedoraproject.org/updates/FEDORA-2012-16415/389-ds-base-1.2.10.16-1.fc16 5 https://admin.fedoraproject.org/updates/FEDORA-2012-17482/plib-1.8.5-8.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-17588/catdoc-0.94.2-10.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-17553/libproxy-0.4.10-1.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-17561/cumin-0.1.5522-3.fc16 125 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 45 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 26 https://admin.fedoraproject.org/updates/FEDORA-2012-16032/cobbler-2.4.0-beta2.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17746/libsocialweb-0.25.21-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17745/icedtea-web-1.3.1-1.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-17291/thunderbird-16.0.2-1.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17746/libsocialweb-0.25.21-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17755/NetworkManager-0.9.6.4-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17751/kernel-3.6.6-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17766/coreutils-8.12-8.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-17660/gnutls-2.12.14-4.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-17572/libfm-1.1.0-1.fc16,pcmanfm-1.1.0-1.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-17553/libproxy-0.4.10-1.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-17403/fuse-2.8.7-2.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-17388/kdelibs-4.8.5-2.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-17291/thunderbird-16.0.2-1.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-17316/xdg-utils-1.1.0-0.14.20120809git.fc16 8 https://admin.fedoraproject.org/updates/FEDORA-2012-17192/qt-4.8.3-7.fc16 11 https://admin.fedoraproject.org/updates/FEDORA-2012-17029/mdadm-3.2.6-1.fc16 The following builds have been pushed to Fedora 16 updates-testing NetworkManager-0.9.6.4-1.fc16 coreutils-8.12-8.fc16 drupal6-mobile_tools-2.7-1.fc16 gnuplot-4.4.3-4.fc16 icedtea-web-1.3.1-1.fc16 icewm-1.3.7-7.fc16 kernel-3.6.6-1.fc16 libsocialweb-0.25.21-1.fc16 perl-Class-Inspector-1.28-1.fc16 perl-File-Find-Rule-Perl-1.13-1.fc16 python-py9p-1.0.5-1.fc16 rpmlint-1.4-11.fc16 Details about builds: ================================================================================ NetworkManager-0.9.6.4-1.fc16 (FEDORA-2012-17755) Network connection manager and user applications -------------------------------------------------------------------------------- Update Information: Update to upstream 0.9.6.4 stable release. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 30 2012 Jiří Klimeš <jklimes@xxxxxxxxxx> - 0.9.6.4-1 - Updated to stable upstream release 0.9.6.4 -------------------------------------------------------------------------------- ================================================================================ coreutils-8.12-8.fc16 (FEDORA-2012-17766) A set of basic GNU tools commonly used in shell scripts -------------------------------------------------------------------------------- Update Information: - fix support for ecryptfs mount of "Private" in su (#722323) - cp: avoid data-corrupting free-memory-read (upstream fix) - multibyte fixes in cut and expand (by M.Briza, #821260) - fix the tcsh colorls.csh behaviour in non-interactive mode (#804604) - add virtual provides for bundled(gnulib) copylib (#821748) -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 5 2012 Ondrej Vasik <ovasik@xxxxxxxxxx> - 8.12-8 - fix support for ecryptfs mount of "Private" in su (#722323) - cp: avoid data-corrupting free-memory-read (upstream fix) - multibyte fixes in cut and expand (by M.Briza, #821260) - fix the tcsh colorls.csh behaviour in non-interactive mode (#804604) - add virtual provides for bundled(gnulib) copylib (#821748) -------------------------------------------------------------------------------- References: [ 1 ] Bug #722323 - /etc/pam.d/su does not support ecryptfs mount of "Private" https://bugzilla.redhat.com/show_bug.cgi?id=722323 -------------------------------------------------------------------------------- ================================================================================ drupal6-mobile_tools-2.7-1.fc16 (FEDORA-2012-17759) The Mobile Tools provides some tools to assist in making a site mobile -------------------------------------------------------------------------------- Update Information: New upstream version, http://drupal.org/node/1832698. New upstream version, http://drupal.org/node/1819836. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 6 2012 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.7-1 - New upstream version * Fri Nov 2 2012 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.6-1 - New upstream version * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #873561 - drupal6-mobile_tools-2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=873561 [ 2 ] Bug #831519 - drupal6-mobile_tools-2.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=831519 -------------------------------------------------------------------------------- ================================================================================ gnuplot-4.4.3-4.fc16 (FEDORA-2012-17757) A program for plotting mathematical expressions and data -------------------------------------------------------------------------------- Update Information: This update fixes two segmentation faults. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 6 2011 Peter Schiffer <pschiffe@xxxxxxxxxx> 4.4.3-4 - resolves: #759964 fixed sigsegv in exec_cmd() function - resolves: #812225 fixed sigsegv in process_event() function -------------------------------------------------------------------------------- References: [ 1 ] Bug #759964 - [abrt] gnuplot-common-4.4.3-3.fc16: exec_cmd: Process /usr/libexec/gnuplot/4.4/gnuplot_x11 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=759964 [ 2 ] Bug #812225 - [abrt] gnuplot-common-4.4.3-3.fc16: process_event: Process /usr/libexec/gnuplot/4.4/gnuplot_x11 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=812225 -------------------------------------------------------------------------------- ================================================================================ icedtea-web-1.3.1-1.fc16 (FEDORA-2012-17745) Java browser plug-in and Web Start implementation -------------------------------------------------------------------------------- Update Information: This updates a recently found heap buffer overflow issue in IcedTea web. It fixes: CVE-2012-4540 icedtea-web: IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 7 2012 Deepak Bhole <dbhole@xxxxxxxxxx> 1.3.1-1 - Resolves: RH869040/CVE-2012-4540 -------------------------------------------------------------------------------- ================================================================================ icewm-1.3.7-7.fc16 (FEDORA-2012-17750) Light and configurable window manager -------------------------------------------------------------------------------- Update Information: * Tue Nov 6 2012 Gilboa Davara <gilboad[AT]gmail.com> - 1.3.7-7 - Updated clearlooks package (#811331). - (Blunder alert) Finally pushes gnome-icon-theme change to stable (#811335). - (Blunder alert / 2) Should also fix missing F18 dependencies (#858712). -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 6 2012 Gilboa Davara <gilboad[AT]gmail.com> - 1.3.7-7 - Updated clearlooks package (#811331). - (Blunder alert) Finally pushes gnome-icon-theme change to stable. * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.7-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sun Jun 10 2012 Gilboa Davara <gilboad[AT]gmail.com> - 1.3.7-5 - Bluecurve is still used for menu generation. - "Rebuild program menu" menu entry added. * Sun Jun 10 2012 Gilboa Davara <gilboad[AT]gmail.com> - 1.3.7-4 - Emacs replaced fixes (BZ #805939, Ported Debian fix). - Use gnome-icon-theme instead of bluecurve (BZ #811335). - Gcc 4.7 compile fix. - spec cleanup. -------------------------------------------------------------------------------- References: [ 1 ] Bug #811331 - Update to the icewm-clearlooks theme https://bugzilla.redhat.com/show_bug.cgi?id=811331 [ 2 ] Bug #811335 - update the icon theme from bluecurve to gnome https://bugzilla.redhat.com/show_bug.cgi?id=811335 [ 3 ] Bug #858712 - icewm-xdgmenu missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=858712 -------------------------------------------------------------------------------- ================================================================================ kernel-3.6.6-1.fc16 (FEDORA-2012-17751) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.6.6 stable update includes a number of important fixes, including the fix for the ext4 corruption bug that most users wouldn't see anyway. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 5 2012 Justin M. Forbes <jforbes@xxxxxxxxxx> 3.6.6-1 - Linux 3.6.6 * Thu Nov 1 2012 Justin M. Forbes <jforbes@xxxxxxxxxx> 3.6.5-3 - Drop unhandled irq patch. (rhbz 845211) -------------------------------------------------------------------------------- References: [ 1 ] Bug #845211 - (ASM108x) "IRQ might be stuck. Polling" causes dropouts on PCI DVB card https://bugzilla.redhat.com/show_bug.cgi?id=845211 [ 2 ] Bug #848149 - i82975x_edac dereferencing garbage in i82975x_init_csrows https://bugzilla.redhat.com/show_bug.cgi?id=848149 -------------------------------------------------------------------------------- ================================================================================ libsocialweb-0.25.21-1.fc16 (FEDORA-2012-17746) A social network data aggregator -------------------------------------------------------------------------------- Update Information: CVE-2012-4511: libsocialweb untrusted connection to flickr The libsocialweb library is prone to a security vulnerability that allows attackers to perform man-in-the-middle attacks. Remote attackers can exploit this issue to gain access to sensitive information or modify the integrity of user accounts. Other attacks are also possible. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 16 2012 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.25.21-1 - update to 0.25.21. Fixes CVE-2012-4511, RHBZ 865126 * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.25.20-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed Mar 7 2012 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 0.25.20-3 - fix gnome-keyring deps * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.25.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #863206 - CVE-2012-4511 libsocialweb: connects with flickr server without user permission https://bugzilla.redhat.com/show_bug.cgi?id=863206 -------------------------------------------------------------------------------- ================================================================================ perl-Class-Inspector-1.28-1.fc16 (FEDORA-2012-17765) Get information about a class and its structure -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 6 2012 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.28-1 - Upstream update. - Spec file modernization. - Fix perl_bootstrap handling. -------------------------------------------------------------------------------- References: [ 1 ] Bug #873715 - FTBS perl-Class-Inspector is missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=873715 -------------------------------------------------------------------------------- ================================================================================ perl-File-Find-Rule-Perl-1.13-1.fc16 (FEDORA-2012-17754) Common rules for searching for Perl things -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 7 2012 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.13-1 - Revert parts of previous changes. - Upstream update. * Tue Oct 23 2012 Petr Šabata <contyk@xxxxxxxxxx> - 1.12-6 - Specify all dependencies - Modernize specfile - Drop command macros - Fix mixed whitespace -------------------------------------------------------------------------------- ================================================================================ python-py9p-1.0.5-1.fc16 (FEDORA-2012-17747) Pure Python implementation of 9P protocol (Plan9) -------------------------------------------------------------------------------- Update Information: Package version update -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 7 2012 Peter V. Saveliev <peet@xxxxxxxxxx> 1.0.5-1 - fuse9p subpackage added (beta) - pki authentication fixed -------------------------------------------------------------------------------- ================================================================================ rpmlint-1.4-11.fc16 (FEDORA-2012-17780) Tool for checking common errors in RPM packages -------------------------------------------------------------------------------- Update Information: Add missing Requires: %{_bindir}/groff to ensure man-page checks work properly. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 6 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.4-11 - add Requires: /usr/bin/groff for man page checks (bz 873448) -------------------------------------------------------------------------------- References: [ 1 ] Bug #873448 - Missing groff-base dependency https://bugzilla.redhat.com/show_bug.cgi?id=873448 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test