The following builds have been pushed to Fedora 11 updates-testing 389-ds-base-1.2.6-0.7.rc2.fc11 cups-1.4.4-2.fc11 dhcp-4.1.0p1-6.fc11 Details about builds: ================================================================================ 389-ds-base-1.2.6-0.7.rc2.fc11 (FEDORA-2010-10119) 389 Directory Server (base) -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 16 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.6-0.7.rc2 - 1.2.6 release candidate 2 * Mon Jun 14 2010 Nathan Kinder <nkinder@xxxxxxxxxx> - 1.2.6-0.6.rc1 - install replication session plugin header with devel package * Wed Jun 9 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.6-0.5.rc1 - 1.2.6 release candidate 1 * Wed May 26 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.6-0.4.a4 - 1.2.6.a4 release * Wed Apr 7 2010 Nathan Kinder <nkinder@xxxxxxxxxx> - 1.2.6-0.3.a3 - 1.2.6.a3 release - add managed entries plug-in - many bug fixes - moved selinux subpackage into base package * Tue Mar 2 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.6-0.2.a2 - 1.2.6.a2 release - add support for matching rules - many bug fixes * Thu Jan 14 2010 Nathan Kinder <nkinder@xxxxxxxxxx> - 1.2.6-0.1.a1 - 1.2.6.a1 release - Added SELinux policy and subpackages -------------------------------------------------------------------------------- References: [ 1 ] Bug #543590 - Tracking bug for 389 Directory Server 1.2.6 https://bugzilla.redhat.com/show_bug.cgi?id=543590 -------------------------------------------------------------------------------- ================================================================================ cups-1.4.4-2.fc11 (FEDORA-2010-10066) Common Unix Printing System -------------------------------------------------------------------------------- Update Information: New upstream release fixing several security issues: CVE-2010-0540, CVE-2010-0542, CVE-2010-1748. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 18 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.4-2 - Re-enabled SSL support by using OpenSSL instead of gnutls. * Fri Jun 18 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.4-1 - 1.4.4. Fixes several security vulnerabilities (bug #605399): CVE-2010-0540, CVE-2010-0542, CVE-2010-1748. No longer need str3503, str3399, str3505, str3541, str3425p2 or CVE-2010-0302 patches. - Fix lpd provides. - Added comments for all sources and patches. - Reset status after successful ipp job (bug #548219, STR #3460). - Install udev rules in correct place (bug #530378). - Removed unapplied gnutls-gcrypt-threads patch. Fixed typos in descriptions for lpd and php sub-packages. - Add an SNMP query for Ricoh's device ID OID (STR #3552). - Mark DNS-SD Device IDs that have been guessed at with "FZY:1;". - Add an SNMP query for HP's device ID OID (STR #3552). - Don't mark initscript as config file. - Use %{_initddir}, %{_sysconfdir} and SMP make flags. - Use mode 0755 for binaries and libraries where appropriate. - Removed use of prereq and buildprereq. - Fixed use of '%' in changelog. - Versioned explicit obsoletes/provides. - Use tabs throughout. - Install udev rules in correct place (bug #530378). - Fix locale code for Norwegian (bug #520379). - Fixed cups.init to be LSB compliant (bug #521641) - Changed cups.init to be LSB compliant (bug #521641), i.e. return code "2" (instead of "3") if invalid arguments return code "4" if restarting service under nonprivileged user return code "5" if cupsd not exist or is not executable return code "6" if cupsd.conf not exist - Use password-auth common PAM configuration instead of system-auth when available. - Fixed 'service cups status' to check for correct subsys name (bug #521641). - Renumbered patches and sources. - Use upstream method of handling SNMP quirks in PPDs (STR #3551, bug #581825). - Added back still useful str3425.patch. Second part of STR #3425 is still not fixed in 1.4.3 - Use numeric addresses for interfaces unless HostNameLookups are turned on (bug #583054). - Handle SNMP supply level quirks (bug #581825). - No longer need CVE-2009-3553, str3381, str3390, str3391, str3403, str3407, str3413, str3418, str3422, str3425, str3428, str3431, str3435, str3436, str3439, str3440, str3442, str3448, str3458, str3460, cups-sidechannel-intrs, negative-snmp-string-length, cups-media-empty-warning patches. * Tue May 18 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.2-31 - Adjust texttops output to be in natural orientation (STR #3563). This fixes page-label orientation when texttops is used in the filter chain (bug #572338). * Fri Apr 16 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.4.2-30 - Fixed str3541.patch - Added Require: ghostscript (bug #572701) * Wed Mar 31 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.2-29 - Another BrowsePoll fix: handle EAI_NODATA as well (bug #567353). * Tue Mar 30 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.4.2-28 - Fixed lpstat to adhere to -o option (bug #577901, STR #3541). * Wed Mar 10 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.4.2-27 - Fixed (for the third time) patch for STR #3425 to correctly remove job info files in /var/spool/cups (bug #571830). -------------------------------------------------------------------------------- References: [ 1 ] Bug #591983 - CVE-2010-1748 cups: web interface memory disclosure https://bugzilla.redhat.com/show_bug.cgi?id=591983 [ 2 ] Bug #605397 - cups: latent privilege escalation vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=605397 [ 3 ] Bug #587746 - CVE-2010-0542 CUPS: texttops unchecked memory allocation failure leading to NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=587746 [ 4 ] Bug #588805 - CVE-2010-0540 CUPS administrator web interface CSRF https://bugzilla.redhat.com/show_bug.cgi?id=588805 -------------------------------------------------------------------------------- ================================================================================ dhcp-4.1.0p1-6.fc11 (FEDORA-2010-10083) Dynamic host configuration protocol software -------------------------------------------------------------------------------- Update Information: Fix for CVE-2010-2156 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 18 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> - 12:4.1.0p1-6 - Fix for CVE-2010-2156 -------------------------------------------------------------------------------- References: [ 1 ] Bug #601403 - CVE-2010-2156 dhcp: remote DoS via zero-length client ID https://bugzilla.redhat.com/show_bug.cgi?id=601403 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test