The following Fedora 16 Security updates need testing: Age URL 10 https://admin.fedoraproject.org/updates/FEDORA-2013-0723/thunderbird-17.0.2-1.fc16 42 https://admin.fedoraproject.org/updates/FEDORA-2012-20157/libproxy-0.4.11-1.fc16 123 https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2013-0915/moodle-2.1.10-1.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2013-0896/rubygem-rack-1.3.0-3.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2013-1130/php-symfony2-Yaml-2.0.22-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1233/rhncfg-5.10.36-1.fc16 41 https://admin.fedoraproject.org/updates/FEDORA-2012-20236/rssh-2.3.4-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1257/libexif-0.6.21-2.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1274/xen-4.1.4-3.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1289/jakarta-commons-httpclient-3.1-12.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2013-0934/qemu-0.15.1-9.fc16 201 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 121 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 10 https://admin.fedoraproject.org/updates/FEDORA-2013-0633/perl-5.14.3-205.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2013-0835/seamonkey-2.15-1.fc16 13 https://admin.fedoraproject.org/updates/FEDORA-2012-19347/cups-1.5.4-12.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1301/ndjbdns-1.05.6-1.fc16 13 https://admin.fedoraproject.org/updates/FEDORA-2013-0270/qt-4.8.4-6.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2013-0894/ettercap-0.7.5-3.fc16.1.20120906gitc796e5 4 https://admin.fedoraproject.org/updates/FEDORA-2013-0935/samba4-4.0.0-39.alpha16.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2013-0468/proftpd-1.3.4b-5.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2013-0992/asterisk-1.8.20.0-1.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2013-1122/drupal6-6.28-1.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2013-1092/drupal7-7.19-1.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1257/libexif-0.6.21-2.fc16 10 https://admin.fedoraproject.org/updates/FEDORA-2013-0723/thunderbird-17.0.2-1.fc16 10 https://admin.fedoraproject.org/updates/FEDORA-2013-0632/perl-5.14.3-204.fc16 13 https://admin.fedoraproject.org/updates/FEDORA-2013-0270/qt-4.8.4-6.fc16 267 https://admin.fedoraproject.org/updates/FEDORA-2012-6994/upower-0.9.16-1.fc16 The following builds have been pushed to Fedora 16 updates-testing jakarta-commons-httpclient-3.1-12.fc16 kwebkitpart-1.3.1-1.fc16 libexif-0.6.21-2.fc16 libmateweather-1.5.1-1.fc16 mate-notification-daemon-1.5.1-1.fc16 mate-panel-1.5.4-1.fc16 mate-terminal-1.5.0-1.fc16 mozilla-https-everywhere-3.1.3-1.fc16 ndjbdns-1.05.6-1.fc16 nec2c-0.9-1.fc16 rhncfg-5.10.36-1.fc16 safekeep-1.4.1-1.fc16 wine-1.5.22-1.fc16 xen-4.1.4-3.fc16 xnec2c-2.1-1.beta.fc16 Details about builds: ================================================================================ jakarta-commons-httpclient-3.1-12.fc16 (FEDORA-2013-1289) Jakarta Commons HTTPClient implements the client side of HTTP standards -------------------------------------------------------------------------------- Update Information: This update fixes a security vulnerability that caused jakarta-commons-httpclient not to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via andaarbitrary valid certificate (CVE-2012-5783). -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 21 2013 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 1:3.1-12 - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5783 * Thu Nov 1 2012 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 1:3.1-11 - Add maven POM * Thu Sep 20 2012 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 1:3.1-10 - Fix license tag * Thu Sep 20 2012 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 1:3.1-9 - Install LICENSE and NOTICE files - Add missing R: java, jpackage-utils * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:3.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sun Jan 22 2012 Andy Grimm <agrimm@xxxxxxxxx> - 1:3.1-7 - Fix character encoding * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:3.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #873317 - CVE-2012-5783 jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name https://bugzilla.redhat.com/show_bug.cgi?id=873317 -------------------------------------------------------------------------------- ================================================================================ kwebkitpart-1.3.1-1.fc16 (FEDORA-2013-1211) A KPart based on QtWebKit -------------------------------------------------------------------------------- Update Information: New stable/bugfix release -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 3 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.1-1 - 1.3.1 -------------------------------------------------------------------------------- ================================================================================ libexif-0.6.21-2.fc16 (FEDORA-2013-1257) Library for extracting extra information from image files -------------------------------------------------------------------------------- Update Information: A security bugfix release. A security bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 21 2013 Petr Šabata <contyk@xxxxxxxxxx> - 0.6.21-2 - Old build GC'd before pushed into testing * Fri Jul 13 2012 Petr Šabata <contyk@xxxxxxxxxx> - 0.6.21-1 - 0.6.21 bump - A security bugfixing release (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841 & CVE-2012-2845) - Drop the pre-generated docs and introduce a doc subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #839182 - CVE-2012-2813 libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read https://bugzilla.redhat.com/show_bug.cgi?id=839182 [ 2 ] Bug #839183 - CVE-2012-2814 libexif: "exif_entry_format_value()" buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=839183 [ 3 ] Bug #839184 - CVE-2012-2836 libexif: "exif_data_load_data()" heap-based out-of-bounds array read https://bugzilla.redhat.com/show_bug.cgi?id=839184 [ 4 ] Bug #839185 - CVE-2012-2837 libexif: "mnote_olympus_entry_get_value()" division by zero https://bugzilla.redhat.com/show_bug.cgi?id=839185 [ 5 ] Bug #839188 - CVE-2012-2840 libexif: "exif_convert_utf16_to_utf8()" off-by-one https://bugzilla.redhat.com/show_bug.cgi?id=839188 [ 6 ] Bug #839189 - CVE-2012-2841 libexif: "exif_entry_get_value()" integer underflow https://bugzilla.redhat.com/show_bug.cgi?id=839189 [ 7 ] Bug #839203 - CVE-2012-2812 libexif: "exif_entry_get_value()" heap-based out-of-bounds array read https://bugzilla.redhat.com/show_bug.cgi?id=839203 -------------------------------------------------------------------------------- ================================================================================ libmateweather-1.5.1-1.fc16 (FEDORA-2013-1182) Libraries to allow MATE Desktop to display weather information -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 20 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> 1.5.1-1 - Update to latest release - Update configure flags -------------------------------------------------------------------------------- ================================================================================ mate-notification-daemon-1.5.1-1.fc16 (FEDORA-2013-1275) Notification daemon for MATE Desktop -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 20 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.1-1 - Update to 1.5.1 release - Update configure flags - Update icon scriptlets - Switch back to old BR style - Sort BR's in alphabetical order - Remove explicit variable for libtool in make -------------------------------------------------------------------------------- ================================================================================ mate-panel-1.5.4-1.fc16 (FEDORA-2013-1246) MATE Desktop panel applets -------------------------------------------------------------------------------- Update Information: Latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 20 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.4-1 - Update to latest upstream release - Convert back to old BR style and sort BRs -------------------------------------------------------------------------------- ================================================================================ mate-terminal-1.5.0-1.fc16 (FEDORA-2013-1225) Terminal emulator for MATE -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-3.1.3-1.fc16 (FEDORA-2013-1205) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: * Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav, Google Maps, UserEcho https://trac.torproject.org/projects/tor/ticket/7931 https://trac.torproject.org/projects/tor/ticket/7888 https://trac.torproject.org/projects/tor/ticket/7594 https://trac.torproject.org/projects/tor/ticket/7539 https://trac.torproject.org/projects/tor/ticket/7698 * Disable broken: Coursera, EBay, Etsy, OpenOffice, Ping.fm, Pinterest :( https://trac.torproject.org/projects/tor/ticket/7336 https://trac.torproject.org/projects/tor/ticket/7825 https://trac.torproject.org/projects/tor/ticket/7774 https://trac.torproject.org/projects/tor/ticket/7695 https://trac.torproject.org/projects/tor/ticket/7777 https://trac.torproject.org/projects/tor/ticket/7865 * Update cert whitelist -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 21 2013 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 3.1.3-1 - Internet Freedom Day stable bugfix release - Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav, Google Maps, UserEcho https://trac.torproject.org/projects/tor/ticket/7931 https://trac.torproject.org/projects/tor/ticket/7888 https://trac.torproject.org/projects/tor/ticket/7594 https://trac.torproject.org/projects/tor/ticket/7539 https://trac.torproject.org/projects/tor/ticket/7698 - Disable broken: Coursera, EBay, Etsy, OpenOffice, Ping.fm, Pinterest :( https://trac.torproject.org/projects/tor/ticket/7336 https://trac.torproject.org/projects/tor/ticket/7825 https://trac.torproject.org/projects/tor/ticket/7774 https://trac.torproject.org/projects/tor/ticket/7695 https://trac.torproject.org/projects/tor/ticket/7777 https://trac.torproject.org/projects/tor/ticket/7865 - Update cert whitelist -------------------------------------------------------------------------------- ================================================================================ ndjbdns-1.05.6-1.fc16 (FEDORA-2013-1301) New djbdns: usable djbdns -------------------------------------------------------------------------------- Update Information: This update fixes a security issue - https://bugzilla.redhat.com/show_bug.cgi?id=838761. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 14 2013 pjp <pj.pandit@xxxxxxxxxxx> - 1.05.6-1 - Updated SysV scripts according to the packaging guidelines. - Disabled system services by default, registerd all. patch from: Simone Caronni <negativo17@xxxxxxxxx> - Built rbldns & rbldns-data tools. - Added systemd unit and Sys-v init files for rbldns server. - Few minor changes to fix regressions, define uint32 type etc. -------------------------------------------------------------------------------- References: [ 1 ] Bug #838761 - ndjbdns vulnerable to cve-2012-1191 (ghost domain attack) https://bugzilla.redhat.com/show_bug.cgi?id=838761 -------------------------------------------------------------------------------- ================================================================================ nec2c-0.9-1.fc16 (FEDORA-2013-1192) Translation of NEC2 antenna modeling tool from FORTRAN to C -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 19 2013 Richard Shaw <hobbes1069@xxxxxxxxx> - 0.9-1 - Update to latest upstream release. - Add man page for nec2c. * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rhncfg-5.10.36-1.fc16 (FEDORA-2013-1233) Red Hat Network Configuration Client Libraries -------------------------------------------------------------------------------- Update Information: Closing CVE-2012-2679 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 30 2012 Jan Pazdziora 5.10.36-1 - Update the copyright year. - fix for bz#869626 use st_mode, st_uid of dst Signed-off-by: Paresh Mutha <pmutha@xxxxxxxxxx> * Mon Oct 22 2012 Jan Pazdziora 5.10.35-1 - Revert "Revert "Revert "get_server_capability() is defined twice in osad and rhncfg, merge and move to rhnlib and make it member of rpclib.Server""" * Tue Aug 7 2012 Tomas Kasparek <tkasparek@xxxxxxxxxx> 5.10.34-1 - 840250 - If there's symlink in file deployment path it will be created * Mon Jul 9 2012 Michael Mraka <michael.mraka@xxxxxxxxxx> 5.10.33-1 - check symlink not target file existence * Thu Jun 28 2012 Michael Mraka <michael.mraka@xxxxxxxxxx> 5.10.32-1 - 765816 - value of selinux context is important * Mon Jun 4 2012 Stephen Herr <sherr@xxxxxxxxxx> 5.10.31-1 - 824707 - make /var/log/rhncfg-actions have 600 permissions * Fri Jun 1 2012 Stephen Herr <sherr@xxxxxxxxxx> 5.10.30-1 - 824707 - rhncfg-actions should not log the diff of files that are not readable by all - %defattr is not needed since rpm 4.4 * Mon May 14 2012 Michael Mraka <michael.mraka@xxxxxxxxxx> 5.10.29-1 - 820517 - fixed command synopsis - 805449 - honor rhncfg-specific settings * Thu Mar 8 2012 Miroslav Suchý 5.10.28-1 - accept server name without protocol * Fri Mar 2 2012 Jan Pazdziora 5.10.27-1 - Update the copyright year info. * Thu Feb 23 2012 Michael Mraka <michael.mraka@xxxxxxxxxx> 5.10.26-1 - we are now just GPL * Sun Jan 15 2012 Aron Parsons <aronparsons@xxxxxxxxx> 5.10.25-1 - add a --disable-selinux option to 'rhncfg-manager upload-channel' (aronparsons@xxxxxxxxx) * Wed Dec 21 2011 Milan Zazrivec <mzazrivec@xxxxxxxxxx> 5.10.24-1 - update copyright info * Wed Dec 14 2011 Jan Pazdziora 5.10.23-1 - Fixing SyntaxError: ('invalid syntax', ... * Tue Dec 13 2011 Miroslav Suchý 5.10.22-1 - 765816 - Added the option --selinux-context to rhncfg-manager which allows to overwrite the SELinux context from a file (mmello@xxxxxxxxxx) * Wed Nov 30 2011 Miroslav Suchý 5.10.21-1 - handle fs objects without selinux context correctly * Mon Nov 21 2011 Michael Mraka <michael.mraka@xxxxxxxxxx> 5.10.20-1 - 627490 - fixed cross device symlink backup * Mon Oct 24 2011 Jan Pazdziora 5.10.19-1 - 743121 - don't report differences containing invalid UTF-8 (mzazrivec@xxxxxxxxxx) * Wed Oct 19 2011 Milan Zazrivec <mzazrivec@xxxxxxxxxx> 5.10.18-1 - 743424 - rhncfg-client diff: do not fail when not a valid symlink * Mon Oct 10 2011 Jan Pazdziora 5.10.17-1 - 743424 - rhncfg-client diff: don't traceback on missing symlink (mzazrivec@xxxxxxxxxx) * Thu Sep 29 2011 Miroslav Suchý 5.10.16-1 - add save_traceback even into this branch * Fri Sep 23 2011 Martin Minar <mminar@xxxxxxxxxx> 5.10.15-1 - Fix `rhncfg-client verify' traceback for missing symlinks (Joshua.Roys@xxxxxxxxxxxxxxx) * Thu Aug 18 2011 Michael Mraka <michael.mraka@xxxxxxxxxx> 5.10.14-1 - 731284 - is_selinux_enabled is not defined on RHEL4 * Fri Aug 12 2011 Miroslav Suchý 5.10.13-1 - add proto, server_name and server_list to local_config overrides - None has not iteritems() method * Thu Aug 11 2011 Miroslav Suchý 5.10.12-1 - True and False constants are defined since python 2.4 - do not mask original error by raise in execption * Thu Aug 4 2011 Jan Pazdziora 5.10.11-1 - 508936 - rhn-actions-control honor the allowed-actions/scripts/run for remote commands (mmello@xxxxxxxxxx) * Mon Aug 1 2011 Miroslav Suchý 5.10.10-1 - get server_name from config only if it was not set on command line - remove rhn_rpc.py * Fri Jul 15 2011 Miroslav Suchý 5.10.9-1 - optparse is here since python 2.3 - remove optik (msuchy@xxxxxxxxxx) * Thu Jun 16 2011 Jan Pazdziora 5.10.8-1 - Creating the /var/spool/rhn in %build LANG=C export LANG unset DISPLAY . * Thu Jun 16 2011 Jan Pazdziora 5.10.7-1 - temp script file customizable dedicated directory (matteo.sessa@xxxxxxxxxx) * Tue May 31 2011 Jan Pazdziora 5.10.6-1 - Fix python import (matteo.sessa@xxxxxxxxxx) * Tue May 10 2011 Jan Pazdziora 5.10.5-1 - remove unused import, fix indentation and a minor typo (iartarisi@xxxxxxx) - fix usage documentation messages for topdir and dest-file (iartarisi@xxxxxxx) * Fri May 6 2011 Jan Pazdziora 5.10.4-1 - 702524 - Fixed python traceback when deploying a file with permission set to 000 (mmello@xxxxxxxxxx) * Fri Apr 29 2011 Jan Pazdziora 5.10.3-1 - 699966 - added --ignore-missing option in rhncfg-manager to ignore missing local files when adding or uploading files (mmello@xxxxxxxxxx) * Fri Apr 15 2011 Jan Pazdziora 5.10.2-1 - add missing directories to filelist (mc@xxxxxxx) - build rhncfg build on SUSE (mc@xxxxxxx) - 683200 - ca is now unicode, check for basestring, which is parent for both str and unicode type (msuchy@xxxxxxxxxx) - 683200 - set the protocol correctly (msuchy@xxxxxxxxxx) - 683200 - server_name and server_list should contain just hostname, not url (msuchy@xxxxxxxxxx) - 683200 - if value is int ConfigParser fails with interpolation (msuchy@xxxxxxxxxx) - 683200 - variable %proto is not used in up2date_cfg (msuchy@xxxxxxxxxx) - removing .rhncfgrc - it is not packed, probably forgotten for long time (msuchy@xxxxxxxxxx) - add () if you want to get result of function (msuchy@xxxxxxxxxx) * Wed Apr 13 2011 Miroslav Suchý 5.10.1-1 - bump up version (msuchy@xxxxxxxxxx) * Wed Apr 13 2011 Miroslav Suchý 5.9.55-1 - code cleanup * Wed Apr 13 2011 Miroslav Suchý 5.9.54-1 - dead code - module up2date_config_parser is not used any more - dead code - get_up2date_config() is not used any more - 695723, 683200 - use up2date_client.config instead of own parser (utils.get_up2date_config) * Mon Apr 11 2011 Michael Mraka <michael.mraka@xxxxxxxxxx> 5.9.53-1 - fixed moved imports - don't make link target absolute - 683264 - fixed extraneous directory creation via rhncfg-manager -------------------------------------------------------------------------------- References: [ 1 ] Bug #832037 - CVE-2012-2679 rhncfg: Insecure permissions used for /var/log/rhncfg-actions file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=832037 -------------------------------------------------------------------------------- ================================================================================ safekeep-1.4.1-1.fc16 (FEDORA-2013-1279) The SafeKeep backup system -------------------------------------------------------------------------------- Update Information: Upgrade to new upstream version. -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 19 2013 Frank Crawford <frank@xxxxxxxxxxxxxxxxxx> 1.4.1-1 - Latest upstream release * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ wine-1.5.22-1.fc16 (FEDORA-2012-21114) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: 1.5.22 * New version of the Gecko engine. * Fixes for RTL text in Uniscribe. * Various bug fixes. 1.5.21 * Beginnings of a netstat built-in program. * Support for selecting resolution in the PostScript driver. * Various bug fixes. 1.5.20 * A bunch of dlls with ugly names for API sets support. * More ATL functions implemented. * Still more C++ runtime functions. * Several text rendering fixes. * PostScript driver improvements. * Various bug fixes. 1.5.19 * Performance improvements in the DIB engine. * More fleshed out XML-lite implementation. * Some more C++ runtime functions. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 19 2013 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.5.22-1 - version upgrade - upgraded winepulse - wine gecko 1.9 * Sun Jan 6 2013 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.5.21-1 - version upgrade * Fri Dec 28 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.5.20-1 - version upgrade - upgraded winepulse * Sun Dec 9 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.5.19-1 - version upgrade - upgraded winepulse -------------------------------------------------------------------------------- ================================================================================ xen-4.1.4-3.fc16 (FEDORA-2013-1274) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075], fix a bug introduced by fix for XSA-27 VT-d interrupt remapping source validation flaw [XSA-33,CVE-2012-5634] -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 17 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.1.4-3 - Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] - fix a bug introduced by fix for XSA-27 * Sat Jan 12 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.1.4-2 - VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) -------------------------------------------------------------------------------- References: [ 1 ] Bug #886959 - CVE-2012-5634 kernel: xen: VT-d interrupt remapping source validation flaw https://bugzilla.redhat.com/show_bug.cgi?id=886959 -------------------------------------------------------------------------------- ================================================================================ xnec2c-2.1-1.beta.fc16 (FEDORA-2013-1192) GTK based graphical wrapper for nec2c -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 3 2013 Richard Shaw <hobbes1069@xxxxxxxxx> - 2.1-1.beta - Update to latest upstream release. * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Wed Dec 7 2011 Randall J. Berry, N3LRX <dp67@xxxxxxxxxxxxxxxxx> - 1.5-3 - linker error in build added libm.so * Tue Dec 6 2011 Adam Jackson <ajax@xxxxxxxxxx> - 1.5-2 - Rebuild for new libpng -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test