Fedora 16 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 16 Security updates need testing:
 Age  URL
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20151/tomcat-7.0.33-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20156/389-ds-base-1.2.10.24-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20157/libproxy-0.4.11-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20159/v8-3.13.7.5-1.fc16
  81  https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16
   6  https://admin.fedoraproject.org/updates/FEDORA-2012-19822/bind-9.8.4-3.P1.fc16
   6  https://admin.fedoraproject.org/updates/FEDORA-2012-19823/mysql-5.5.28-2.fc16
   6  https://admin.fedoraproject.org/updates/FEDORA-2012-19828/xen-4.1.3-6.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20243/pki-core-9.0.25-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20236/rssh-2.3.4-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20240/kernel-3.6.10-2.fc16
   7  https://admin.fedoraproject.org/updates/FEDORA-2012-19347/cups-1.5.4-10.fc16
 159  https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16
  79  https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16
  60  https://admin.fedoraproject.org/updates/FEDORA-2012-16032/cobbler-2.4.0-beta2.fc16
  13  https://admin.fedoraproject.org/updates/FEDORA-2012-19227/squashfs-tools-4.2-5.fc16
  10  https://admin.fedoraproject.org/updates/FEDORA-2012-19449/drupal6-ctools-1.10-1.fc16
  42  https://admin.fedoraproject.org/updates/FEDORA-2012-17291/thunderbird-16.0.2-1.fc16
   7  https://admin.fedoraproject.org/updates/FEDORA-2012-19715/qt-4.8.4-1.fc16
  13  https://admin.fedoraproject.org/updates/FEDORA-2012-18330/perl-CGI-3.52-203.fc16,perl-5.14.3-203.fc16
   7  https://admin.fedoraproject.org/updates/FEDORA-2012-19740/bogofilter-1.2.3-1.fc16
   7  https://admin.fedoraproject.org/updates/FEDORA-2012-19752/dovecot-2.0.21-4.fc16
  21  https://admin.fedoraproject.org/updates/FEDORA-2012-18661/firefox-17.0-1.fc16,xulrunner-17.0-3.fc16,thunderbird-enigmail-1.4.6-2.fc16,thunderbird-lightning-1.9-1.fc16,thunderbird-17.0-1.fc16


The following Fedora 16 Critical Path updates have yet to be approved:
 Age URL
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20240/kernel-3.6.10-2.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20239/mdadm-3.2.6-7.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20238/system-config-date-1.10.5-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20244/mdadm-3.2.6-4.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20141/unzip-6.0-5.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20155/xmlrpc-c-1.27.7-1604.svn2185.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-20157/libproxy-0.4.11-1.fc16
   6  https://admin.fedoraproject.org/updates/FEDORA-2012-19823/mysql-5.5.28-2.fc16
   7  https://admin.fedoraproject.org/updates/FEDORA-2012-19715/qt-4.8.4-1.fc16
  10  https://admin.fedoraproject.org/updates/FEDORA-2012-19486/phonon-backend-gstreamer-4.6.2-2.fc16
  13  https://admin.fedoraproject.org/updates/FEDORA-2012-19265/lxpanel-0.5.10-3.fc16
  13  https://admin.fedoraproject.org/updates/FEDORA-2012-19227/squashfs-tools-4.2-5.fc16
  13  https://admin.fedoraproject.org/updates/FEDORA-2012-18330/perl-CGI-3.52-203.fc16,perl-5.14.3-203.fc16
The following builds have been pushed to Fedora 16 updates-testing

    R-qtl-1.26.14-1.fc16
    kernel-3.6.10-2.fc16
    mate-media-1.5.1-2.fc16
    mdadm-3.2.6-4.fc16
    mdadm-3.2.6-7.fc16
    opendyslexic-fonts-0.600-1.fc16
    overpass-fonts-1.01-3.fc16
    perl-Module-Install-AutoLicense-0.08-3.fc16
    perl-Module-Install-ReadmeFromPod-0.20-1.fc16
    perl-Module-Install-ReadmeMarkdownFromPod-0.03-1.fc16
    pki-console-9.0.6-2.fc16
    pki-core-9.0.25-1.fc16
    pki-kra-9.0.14-1.fc16
    pki-ocsp-9.0.11-1.fc16
    rssh-2.3.4-1.fc16
    system-config-date-1.10.5-1.fc16

Details about builds:


================================================================================
 R-qtl-1.26.14-1.fc16 (FEDORA-2012-20247)
 Tools for analyzing QTL experiments
--------------------------------------------------------------------------------
Update Information:

New upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2012 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1.26.14-1
- New upstream release
--------------------------------------------------------------------------------


================================================================================
 kernel-3.6.10-2.fc16 (FEDORA-2012-20240)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream stable release, Linux v3.6.10.  Various fixes across the tree.
Update to latest stable upstream release, Linux v3.6.9.  Various bugfixes across the tree.
Update to Linux v3.6.8 with various fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2012 Josh Boyer <jwboyer@xxxxxxxxxx>
- Fix IBSS scanning in mac80211 (rhbz 883414)
* Tue Dec 11 2012 Justin M. Forbes <jforbes@xxxxxxxxxx> 3.6.10-1
- Linux 3.6.10
* Mon Dec  3 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - 3.6.9-2
- Backport 3 upstream fixes to resolve radeon schedule IB errors (rhbz 855275)
* Mon Dec  3 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - 3.6.9-1
- Linux v3.6.9
* Tue Nov 27 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - 3.6.8-2
- Update patches for 8139cp issues from David Woodhouse (rhbz 851278)
* Mon Nov 26 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - 3.6.8-1
- Linux v3.6.8
* Mon Nov 26 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - 3.6.7-6
- Fix regression in 8139cp driver, debugged by William J. Eaton (rhbz 851278)
- Fix ACPI video after _DOD errors (rhbz 869383)
- Fix ata command timeout oops in mvsas (rhbz 869629)
- CVE-2012-4530: stack disclosure binfmt_script load_script (rhbz 868285 880147)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #868285 - CVE-2012-4530 kernel: stack disclosure in binfmt_script load_script()
        https://bugzilla.redhat.com/show_bug.cgi?id=868285
--------------------------------------------------------------------------------


================================================================================
 mate-media-1.5.1-2.fc16 (FEDORA-2012-20245)
 MATE media programs
--------------------------------------------------------------------------------
Update Information:

latest upstream release, add gstreamer mixer

--------------------------------------------------------------------------------


================================================================================
 mdadm-3.2.6-4.fc16 (FEDORA-2012-20244)
 The mdadm program controls Linux md devices (software RAID arrays)
--------------------------------------------------------------------------------
Update Information:

This is an update to the mdadm package.

This update fixes two bugs related to Intel BIOS RAID support.
- Disallow creating a second IMSM RAID array size 0
- Disallow creating IMSM RAIDs that spans multiple controllers
  to avoid data corruption

mdadm-3.2.6-4 fixes a typo in an error message printed by the
fix for 880972. No functional changes.

All users of mdadm are advised to update

--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 10 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.6-4
- Fix typo in error message in fix for 880972. No functional changes
* Fri Nov 30 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.6-3
- Disallow creating a second IMSM RAID array size 0 (bz880972)
- Disallow creating IMSM RAIDs that spans multiple controllers (bz880974)
- Resolves bz880972, bz880974
* Thu Nov 15 2012 Doug Ledford <dledford@xxxxxxxxxx> - 3.2.6-2
- Modify mdadm to set the cgroup of mdmon to systemd if it's available
- Related bz873576 (and others)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #880972 - [Intel Fedora18 BUG] Second RAID1 volume with size equal 0 can be created and system hangs
        https://bugzilla.redhat.com/show_bug.cgi?id=880972
  [ 2 ] Bug #880974 - [Intel Fedora18 BUG] Creating IMSM RAID volume on more than one controller can cause data loss and has to be forbidden
        https://bugzilla.redhat.com/show_bug.cgi?id=880974
--------------------------------------------------------------------------------


================================================================================
 mdadm-3.2.6-7.fc16 (FEDORA-2012-20239)
 The mdadm program controls Linux md devices (software RAID arrays)
--------------------------------------------------------------------------------
Update Information:

This is an update to the mdadm package.

It fixes the following issues:

- Disallow creating a second IMSM RAID array size 0
- Disallow creating IMSM RAIDs that spans multiple controllers to avoid data corruption
- Assign mdmon to the systemd cgroup, if possible.
- udev scripts where if an raid volume with one of the disks failing, the failed disk is still present in the volume and container. The raid volume stays is in normal state (should be degraded) and the rebuild cannot start.

All users of mdadm are advised to upgrade
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 10 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.6-7
- Fix issue with udev scripts where if an raid volume with one of
  the disks failing, the failed disk is still present in the volume
  and container. The raid volume stays is in normal state (should be
  degraded) and the rebuild cannot start.
- Resolves bz886123
* Mon Dec 10 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.6-5
- mdadm-sysvinit is obsolete given that we no longer support booting
  using sysvinit scripts
- Resolves bz884993
* Mon Dec 10 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.6-4
- Fix typo in error message in fix for 880972. No functional changes
* Fri Nov 30 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.6-3
- Disallow creating a second IMSM RAID array size 0 (bz880972)
- Disallow creating IMSM RAIDs that spans multiple controllers (bz880974)
- Resolves bz880972, bz880974
* Thu Nov 15 2012 Doug Ledford <dledford@xxxxxxxxxx> - 3.2.6-2
- Modify mdadm to set the cgroup of mdmon to systemd if it's available
- Related bz873576 (and others)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #886109 - [Intel F17 Bug]  Failed disk is still available in volume/container
        https://bugzilla.redhat.com/show_bug.cgi?id=886109
  [ 2 ] Bug #880972 - [Intel Fedora18 BUG] Second RAID1 volume with size equal 0 can be created and system hangs
        https://bugzilla.redhat.com/show_bug.cgi?id=880972
  [ 3 ] Bug #880974 - [Intel Fedora18 BUG] Creating IMSM RAID volume on more than one controller can cause data loss and has to be forbidden
        https://bugzilla.redhat.com/show_bug.cgi?id=880974
--------------------------------------------------------------------------------


================================================================================
 opendyslexic-fonts-0.600-1.fc16 (FEDORA-2012-20249)
 Font designed for dyslexics and high readability
--------------------------------------------------------------------------------
Update Information:

New Package: opendyslexic-fonts
Font designed for dyslexics and high readability
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #864125 - Review Request: opendyslexic-fonts - Font designed for dyslexics and high readability
        https://bugzilla.redhat.com/show_bug.cgi?id=864125
--------------------------------------------------------------------------------


================================================================================
 overpass-fonts-1.01-3.fc16 (FEDORA-2012-20237)
 Typeface based on the U.S. interstate highway road signage type system
--------------------------------------------------------------------------------
Update Information:

Update license tag.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx>
- License is now OFL or ASL 2.0
--------------------------------------------------------------------------------


================================================================================
 perl-Module-Install-AutoLicense-0.08-3.fc16 (FEDORA-2012-20246)
 Module::Install extension to automatically generate LICENSE files
--------------------------------------------------------------------------------
Update Information:

Missing builds of perl modules which were previously only available in rawhide.
--------------------------------------------------------------------------------


================================================================================
 perl-Module-Install-ReadmeFromPod-0.20-1.fc16 (FEDORA-2012-20246)
 Module::Install extension to automatically convert POD to a README
--------------------------------------------------------------------------------
Update Information:

Missing builds of perl modules which were previously only available in rawhide.
--------------------------------------------------------------------------------


================================================================================
 perl-Module-Install-ReadmeMarkdownFromPod-0.03-1.fc16 (FEDORA-2012-20246)
 Create README.mkdn from POD
--------------------------------------------------------------------------------
Update Information:

Missing builds of perl modules which were previously only available in rawhide.
--------------------------------------------------------------------------------


================================================================================
 pki-console-9.0.6-2.fc16 (FEDORA-2012-20248)
 Certificate System - PKI Console
--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #861467 - Directory authenticated user certificate enrollments fail when anonymous access disabled.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2012 Andrew Wnuk<awnuk@xxxxxxxxxx> 9.0.6-1
- Bugzilla Bug #861467 - Directory authenticated user certificate enrollments
  fail when anonymous access disabled.
* Tue Apr 10 2012 Christina Fu <cfu@xxxxxxxxxx> 9.0.5-2
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
--------------------------------------------------------------------------------


================================================================================
 pki-core-9.0.25-1.fc16 (FEDORA-2012-20243)
 Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #884829 - Multiple cross-site scripting flaws
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2012 Andrew Wnuk<awnuk@xxxxxxxxxx> 9.0.25-1
- Bugzilla Bug #861467 - Directory authenticated user certificate enrollments
  fail when anonymous access disabled.
- Bugzilla Bug #884829 - Multiple cross-site scripting flaws
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #884829 - CVE-2012-4543 Certificate System: Multiple cross-site scripting flaws by displaying CRL or processing profile [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=884829
--------------------------------------------------------------------------------


================================================================================
 pki-kra-9.0.14-1.fc16 (FEDORA-2012-20241)
 Certificate System - Data Recovery Manager
--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #861467 - Directory authenticated user certificate enrollments fail when anonymous access disabled.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2012 Andrew Wnuk<awnuk@xxxxxxxxxx> 9.0.14-1
- Bugzilla Bug #861467 - Directory authenticated user certificate enrollments
  fail when anonymous access disabled.
--------------------------------------------------------------------------------


================================================================================
 pki-ocsp-9.0.11-1.fc16 (FEDORA-2012-20242)
 Certificate System - Online Certificate Status Protocol Manager
--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #861467 - Directory authenticated user certificate enrollments fail when anonymous access disabled.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2012 Andrew Wnuk<awnuk@xxxxxxxxxx> 9.0.11-1
- Bugzilla Bug #861467 - Directory authenticated user certificate enrollments
  fail when anonymous access disabled.
* Tue Apr 10 2012 Christina Fu <cfu@xxxxxxxxxx> 9.0.10-2
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
--------------------------------------------------------------------------------


================================================================================
 rssh-2.3.4-1.fc16 (FEDORA-2012-20236)
 Restricted shell for use with OpenSSH, allowing only scp and/or sftp
--------------------------------------------------------------------------------
Update Information:

Update to 2.3.4 and fix multiple security issues.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 10 2012 Tomas Hoger <thoger@xxxxxxxxxxxxxxxxx> - 2.3.4-1
- Update to upstream version 2.3.4, which fixes CVE-2012-3478 and CVE-2012-2252
- Updated rsync-protocol.patch to fix CVE-2012-2251, and to apply on top of the
  CVE-2012-3478 and CVE-2012-2252 fixes.
- Updated makefile.patch to preserve RPM CFLAGS.
- Added command-line-error.patch (from Debian), correcting error message
  generated when insecure command line option is used (CVE-2012-3478 fix
  regression).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #880177 - CVE-2012-2252 rssh: incorrect filtering of rsync --rsh command line option
        https://bugzilla.redhat.com/show_bug.cgi?id=880177
  [ 2 ] Bug #880174 - CVE-2012-2251 rssh: bypass of rsync -e option filtering
        https://bugzilla.redhat.com/show_bug.cgi?id=880174
  [ 3 ] Bug #820414 - CVE-2012-3478 rssh: circumvention of rssh restrictions using environment variables
        https://bugzilla.redhat.com/show_bug.cgi?id=820414
--------------------------------------------------------------------------------


================================================================================
 system-config-date-1.10.5-1.fc16 (FEDORA-2012-20238)
 A graphical interface for modifying system date and time
--------------------------------------------------------------------------------
Update Information:

This update contains a number of bug fixes and improvements:

* Create /etc/localtime as a link and only use /etc/sysconfig/clock as a fallback.

* Use pkexec instead of consolehelper.

* Don't trip over missing /etc/sysconfig/network file.

* Hide SIGINT from firstboot exception handler.

* Catch exceptions if the GUI can't be initialized or child processes can't be created.

Additionally it includes updated and new translations.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2012 Nils Philippsen <nils@xxxxxxxxxx> - 1.10.5-1
- pull updated and new translations (#878319)
- catch (rare) errors from fork()
- catch unavailable display (#766936)
- pull updated time zones
* Thu Dec  6 2012 Nils Philippsen <nils@xxxxxxxxxx> - 1.10.4-1
- hide SIGINT from firstboot exception handler (#862828)
- pull updated translations
* Thu Nov  8 2012 Nils Philippsen <nils@xxxxxxxxxx> - 1.10.3-1
- tighten policy
* Thu Oct 25 2012 Nils Philippsen <nils@xxxxxxxxxx> - 1.10.2-1
- pkexec the right executable
* Tue Oct 23 2012 Nils Philippsen <nils@xxxxxxxxxx> - 1.10.1-1
- don't trip over missing /etc/sysconfig/network file (#857412)
- pull updated translations
- install and use timezone translations properly
* Mon Oct 22 2012 Nils Philippsen <nils@xxxxxxxxxx> - 1.10.0-1
- use pkexec instead of consolehelper
- read/write /etc/localtime as symbolic link and only fall back to using
  /etc/sysconfig/clock if it is present (#824033)
* Tue Sep 11 2012 Nils Philippsen <nils@xxxxxxxxxx> - 1.9.68-1
- pull updated translations
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #766936 - [abrt] system-config-date-1.9.67-1.fc16: __init__.py:52:_init:RuntimeError: could not open display
        https://bugzilla.redhat.com/show_bug.cgi?id=766936
  [ 2 ] Bug #824033 - RFE: Make /etc/localtime a symlink
        https://bugzilla.redhat.com/show_bug.cgi?id=824033
  [ 3 ] Bug #857412 - cannot set up time sync, couldn't write /etc/ntp.conf
        https://bugzilla.redhat.com/show_bug.cgi?id=857412
  [ 4 ] Bug #862828 - cancelling network time service kills firstboot
        https://bugzilla.redhat.com/show_bug.cgi?id=862828
  [ 5 ] Bug #878319 - Add Interlingua translation to system-config-date
        https://bugzilla.redhat.com/show_bug.cgi?id=878319
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux