The following builds have been pushed to Fedora 11 updates-testing
dvisvgm-0.9-1.fc11
iksemel-1.4-2.fc11
openssl-0.9.8n-1.fc11
python-PSI-0.3-0.1.b2.fc11
spamass-milter-0.3.1-18.fc11
xiphos-3.1.3-1.fc11
zabbix-1.6.9-1.fc11
Details about builds:
================================================================================
dvisvgm-0.9-1.fc11 (FEDORA-2010-5372)
A DVI to SVG converter
--------------------------------------------------------------------------------
Update Information:
Changes in version 0.9: * The new command-line option --exact has been added.
It tells dvisvgm to compute the precise minimal bounding boxes of each character
instead of using TFM metrics. This prevents clipped characters at the edges of
the SVG graphic. * The new command-line option --keep has been added. * The
behavior of option --trace-all has been extended. See the manual page for
further details. * A bug in the evaluation of embedded PostScript headers has
been fixed. * Several internal code refactorings and improvements. For
further information see http://dvisvgm.sourceforge.net
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2010 Martin Gieseking <martin.gieseking@xxxxxx> - 0.9-1
- updated to latest upstream release 0.9
--------------------------------------------------------------------------------
================================================================================
iksemel-1.4-2.fc11 (FEDORA-2010-5361)
An XML parser library designed for Jabber applications
--------------------------------------------------------------------------------
Update Information:
Add a patch from Quentin Armitage that fixes alignment issues.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 24 2010 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 1.4-2
- Add patch from Quentin Armitage to fix alignment errors
* Thu Oct 22 2009 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 1.4-1
- Update to 1.4
- Apply patch from upstream so that gnutls autoconf works.
- Update gcrypt-sha patch so that it applies.
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #549034 - small patch to fix iksemel compile in fedora-arm
https://bugzilla.redhat.com/show_bug.cgi?id=549034
--------------------------------------------------------------------------------
================================================================================
openssl-0.9.8n-1.fc11 (FEDORA-2010-5357)
A general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 0.9.8n fixing multiple security issues:
CVE-2009-3555, CVE-2009-3245, CVE-2009-4355, and CVE-2010-0433. Refer to
upstream CHANGES file for the detailed list of changes since version 0.9.8k:
* http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.1238.2.193
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2010 Tomas Mraz <tmraz@xxxxxxxxxx> 0.9.8n-1
- fix CVE-2010-0740
* Mon Mar 22 2010 Tomas Mraz <tmraz@xxxxxxxxxx> 0.9.8m-1
- fix CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2010-0433
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation
https://bugzilla.redhat.com/show_bug.cgi?id=533125
[ 2 ] Bug #570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks
https://bugzilla.redhat.com/show_bug.cgi?id=570924
[ 3 ] Bug #546707 - CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests (DoS)
https://bugzilla.redhat.com/show_bug.cgi?id=546707
[ 4 ] Bug #569774 - CVE-2010-0433 openssl: crash caused by a missing krb5_sname_to_principal() return value check
https://bugzilla.redhat.com/show_bug.cgi?id=569774
--------------------------------------------------------------------------------
================================================================================
python-PSI-0.3-0.1.b2.fc11 (FEDORA-2010-5373)
Shows real time system information in python
--------------------------------------------------------------------------------
Update Information:
psi is a Python module providing direct access to real-time system and process
information.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #507585 - Review Request: python-PSI - Shows real time system information in python
https://bugzilla.redhat.com/show_bug.cgi?id=507585
--------------------------------------------------------------------------------
================================================================================
spamass-milter-0.3.1-18.fc11 (FEDORA-2010-5176)
Milter (mail filter) for spamassassin
--------------------------------------------------------------------------------
Update Information:
This update includes a fix for a problem where if the milter is running using
the "-x" option to expand aliases before passing inbound mail through
SpamAssassin, a malicious client using a carefully-crafted SMTP session could
execute arbitrary code on the mail server. The fix avoids the use of a shell in
the alias expansion and hence there is no longer a problem with having to
sanitize input from the client. No CVE number has yet been assigned to this
problem, which is tracked upstream at https://savannah.nongnu.org/bugs/?29136
The update also contains improved Received-header-generation for message
submission and a fix for a problem where the milter would erroneously log
warnings about the mail server's configuration when the first message from a
non-authenticated client passed through. As part of the fix for this issue, the
required milter macro configuration for the mail server has changed slightly:
see the README file included in the package for details.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 23 2010 Paul Howarth <paul@xxxxxxxxxxxx> 0.3.1-18
- Add patch to get rid of compiler warnings
- Reorder and re-base patches to optimize chances of upstream accepting them
- Improve Received-header patch (#496763) incorporating additional fix from
upstream update (http://savannah.nongnu.org/bugs/?17178)
* Fri Mar 12 2010 Paul Howarth <paul@xxxxxxxxxxxx> 0.3.1-17
- Update initscript to support running the milter as root, which is needed
for the -x (expand aliases) option; note that the milter does not run as
root by default
- Add patch for popen unsanitized input vulnerability
(#572117, #572119, http://savannah.nongnu.org/bugs/?29136)
- Rebase authuser patch
- Update patch adding auth info to dummy Received-header so that it doesn't
generate spurious warnings about missing macros (#532266), and update and
merge the macro documentation patch into this patch
- Document patch usage in spec file
* Tue Aug 11 2009 Paul Howarth <paul@xxxxxxxxxxxx> 0.3.1-16
- Switch to bzipped source tarball
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> 0.3.1-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #572117 - SpamAssassin Mail Filter: Arbitrary shell command injection (privilege escalation)
https://bugzilla.redhat.com/show_bug.cgi?id=572117
--------------------------------------------------------------------------------
================================================================================
xiphos-3.1.3-1.fc11 (FEDORA-2010-5366)
Bible study and research tool
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.3 release with fixes for previous reported Fedora bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2010 Deji Akingunola <dakingun@xxxxxxxxx> - 3.1.3-1
- New upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #544374 - [abrt] crash detected in xiphos-3.1.1-1.fc12
https://bugzilla.redhat.com/show_bug.cgi?id=544374
[ 2 ] Bug #550203 - [abrt] crash in xiphos-3.1.1-1.fc12
https://bugzilla.redhat.com/show_bug.cgi?id=550203
[ 3 ] Bug #552104 - [abrt] crash detected in xiphos-3.1.1-1.fc12
https://bugzilla.redhat.com/show_bug.cgi?id=552104
--------------------------------------------------------------------------------
================================================================================
zabbix-1.6.9-1.fc11 (FEDORA-2010-5374)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
- Update to 1.6.9 - Upstream changelog: http://www.zabbix.com/rn1.6.9.php
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 26 2010 Dan Horák <dan[at]danny.cz> - 1.6.9-1
- Update to 1.6.9
- Upstream changelog: http://www.zabbix.com/rn1.6.9.php
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
