The following builds have been pushed to Fedora 12 updates-testing
bugzilla-3.4.7-1.fc12
cups-1.4.4-4.fc12
kpartsplugin-0.0.1-0.2.20100604a.fc12
numpy-1.3.0-9.fc12
pekwm-0.1.12-4.fc12
pipviewer-0.3.9-7.fc12
python-paste-1.7.4-1.fc12
redhat-lsb-4.0-4.fc12
sems-1.2.1-4.fc12
xscreensaver-5.11-5.fc12.respin1
Details about builds:
================================================================================
bugzilla-3.4.7-1.fc12 (FEDORA-2010-10398)
Bug tracking system
--------------------------------------------------------------------------------
Update Information:
The Bugzilla team has released v3.4.7 of their software, which fixes a remote
information disclosure bug (users can search on time-tracking values even if
they are not permitted to see them). See CVE-2010-1204 for all the gory
details.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 25 2010 Emmanuel Seyman <emmanuel.seyman@xxxxxxxxxxxxxxxx> - 3.4.7-1
- Update to 3.4.7 (CVE-2010-1204)
--------------------------------------------------------------------------------
================================================================================
cups-1.4.4-4.fc12 (FEDORA-2010-10101)
Common Unix Printing System
--------------------------------------------------------------------------------
Update Information:
New upstream release fixing several security issues: CVE-2010-0540,
CVE-2010-0542, CVE-2010-1748.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 24 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.4-4
- Use gnutls again but disable threading (bug #607159).
* Tue Jun 22 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.4-3
- Removed dependency on ghostscript-cups package. The pstoraster
filter is not in that package until Fedora 13.
* Fri Jun 18 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.4-2
- Re-enabled SSL support by using OpenSSL instead of gnutls.
* Fri Jun 18 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.4-1
- 1.4.4. Fixes several security vulnerabilities (bug #605399):
CVE-2010-0540, CVE-2010-0542, CVE-2010-1748. No longer need str3503,
str3399, str3505, str3541, str3425p2 or CVE-2010-0302 patches.
- Fix lpd provides.
- Added comments for all sources and patches.
- Reset status after successful ipp job (bug #548219, STR #3460).
- Install udev rules in correct place (bug #530378).
- Removed unapplied gnutls-gcrypt-threads patch. Fixed typos in
descriptions for lpd and php sub-packages.
- Add an SNMP query for Ricoh's device ID OID (STR #3552).
- Mark DNS-SD Device IDs that have been guessed at with "FZY:1;".
- Add an SNMP query for HP's device ID OID (STR #3552).
* Wed Jun 9 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.3-8
- Use upstream method of handling SNMP quirks in PPDs (STR #3551,
bug #581825).
* Tue Jun 1 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.4.3-7
- Added back still useful str3425.patch.
Second part of STR #3425 is still not fixed in 1.4.3
* Tue May 18 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.3-6
- Adjust texttops output to be in natural orientation (STR #3563).
This fixes page-label orientation when texttops is used in the
filter chain (bug #572338).
* Thu May 6 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.3-5
- Use numeric addresses for interfaces unless HostNameLookups are
turned on (bug #583054).
* Fri Apr 16 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.4.3-4
- Fixed str3541.patch
- Added Require: ghostscript (bug #572701)
* Tue Apr 13 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.3-3
- Handle SNMP supply level quirks (bug #581825).
* Wed Mar 31 2010 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.4.3-2
- Another BrowsePoll fix: handle EAI_NODATA as well (bug #567353).
* Wed Mar 31 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.4.3-1
- 1.4.3.
- No longer need CVE-2009-3553, str3381, str3390, str3391,
str3403, str3407, str3413, str3418, str3422, str3425,
str3428, str3431, str3435, str3436, str3439, str3440,
str3442, str3448, str3458, str3460, cups-sidechannel-intrs,
negative-snmp-string-length, cups-media-empty-warning patches.
* Tue Mar 30 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.4.2-30
- Fixed lpstat to adhere to -o option (bug #577901, STR #3541).
* Wed Mar 10 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.4.2-29
- Fixed (for the third time) patch for STR #3425 to correctly
remove job info files in /var/spool/cups (bug #571830).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #591983 - CVE-2010-1748 cups: web interface memory disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=591983
[ 2 ] Bug #587746 - CVE-2010-0542 CUPS: texttops unchecked memory allocation failure leading to NULL pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=587746
[ 3 ] Bug #605397 - cups: latent privilege escalation vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=605397
[ 4 ] Bug #588805 - CVE-2010-0540 CUPS administrator web interface CSRF
https://bugzilla.redhat.com/show_bug.cgi?id=588805
--------------------------------------------------------------------------------
================================================================================
kpartsplugin-0.0.1-0.2.20100604a.fc12 (FEDORA-2010-10386)
KParts technology to embed file viewers into non-KDE browsers
--------------------------------------------------------------------------------
Update Information:
* Major refactoring * Supported mime types determined through KDE-internal
functions; hard-coded list no longer necessary * Adding support for keyboard
focus. Tip from Jeremy Sanders (http://barmag.net/) * Saving file failed if
part was not loaded properly. * CMakeLists.txt contains a variable with
installation directory * New script src/generate-mimetype-includes.sh to
enhance "raw" source files to final files containing a list of objects (one
for each supported mime type) List of mime types can be controlled via text
file src/mimetypes.txt * Showing a list of compiled-in/supported mime types
while waiting for the file's data * Open and save buttons are available even if
no part is available to show the file's data * Fixing warnings
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 24 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 0.0.1-0.2.20100604a
- kpartsplugin 20100604a
--------------------------------------------------------------------------------
================================================================================
numpy-1.3.0-9.fc12 (FEDORA-2010-10405)
A fast multidimensional array facility for Python
--------------------------------------------------------------------------------
Update Information:
Backport of upstream patch to resolve double free situation.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 24 2010 Jef Spaleta <jspaleta@xxxxxxxxxxxxxxxxx> 1.3.0-9
- Backport fix for doublefree situation from upstream trunk, BZ 607683.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #607683 - Please fix the memory corruption problem with NumPy
https://bugzilla.redhat.com/show_bug.cgi?id=607683
--------------------------------------------------------------------------------
================================================================================
pekwm-0.1.12-4.fc12 (FEDORA-2010-10399)
A small and flexible window manager
--------------------------------------------------------------------------------
Update Information:
Pekwm is a window manager that once up on a time was based on the aewm++ window
manager, but it has evolved enough that it no longer resembles aewm++ at all. It
has a much expanded feature-set, including window grouping (similar to ion, pwm,
or fluxbox), autoproperties, xinerama, keygrabber that supports keychains, and
much more.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 11 2010 German A. Racca <gracca@xxxxxxxxx> 0.1.12-4
- Fixed BuildRequires to compile from scratch
* Sun May 9 2010 German A. Racca <gracca@xxxxxxxxx> 0.1.12-3
- Deleted makefiles form contrib folder
- Rearranged contents in contrib folder
* Mon Apr 26 2010 German A. Racca <gracca@xxxxxxxxx> 0.1.12-2
- Added %{dist} tag
- Fixed patch
- Added contrib stuff to docs
* Tue Apr 20 2010 German A. Racca <gracca@xxxxxxxxx> 0.1.12-1
- New version 0.1.12
- Fixed timestamp for tarball source
- Added BuildRoot tag
- Fixed BuildRequires
- Added menu patch
- Added INSTALL="install -p" to preserve timestamps
- Corrected type in xsession file
- Added ChangeLog.aewm++ and ChangeLog.until-0.1.6 to doc files
- Own directory %{_datadir}/%{name}
- Marqued 'start' as config file
* Sat Feb 20 2010 German A. Racca <gracca@xxxxxxxxx> 0.1.11-3
- Changed Summary
- Changed BuildRequires
- Modified desktop file
- Added exec attr to 'start' file
* Fri Jan 15 2010 German A. Racca <gracca@xxxxxxxxx> 0.1.11-2
- Added Source0 to spec file
* Thu Dec 17 2009 German A. Racca <gracca@xxxxxxxxx> 0.1.11-1
- Initial release of RPM package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576685 - Review Request: pekwm - A small and flexible window manager
https://bugzilla.redhat.com/show_bug.cgi?id=576685
--------------------------------------------------------------------------------
================================================================================
pipviewer-0.3.9-7.fc12 (FEDORA-2010-10377)
Visualizer for multiple alignments of genomic sequences
--------------------------------------------------------------------------------
Update Information:
* Sat Jun 19 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.3.9-7 - Fixed
BZ # 579521
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 19 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.3.9-7
- Fixed BZ # 579521
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #579521 - [abrt] crash in pipviewer-0.3.9-6.fc12: pkg_resources.py:524:resolve:DistributionNotFound: OpenGL>=2.0
https://bugzilla.redhat.com/show_bug.cgi?id=579521
--------------------------------------------------------------------------------
================================================================================
python-paste-1.7.4-1.fc12 (FEDORA-2010-10383)
Tools for using a Web Server Gateway Interface stack
--------------------------------------------------------------------------------
Update Information:
***1.7.4*** * The only real change is to paste.httpexceptions, which was
using insecure quoting of some parameters and allowed an XSS hole, most
specifically with its 404 messages. The most notably WSGI application using
this is paste.urlparse.StaticURLParser and PkgResourcesParser. By directing
someone to an appropriately formed URL an attacker can execute arbitrary
Javascript on the victim's client. paste.urlmap.URLMap is also affected, but
only if you have no application attached to /. Other applications using
paste.httpexceptions may be effected (especially HTTPNotFound).
WebOb/webob.exc.HTTPNotFound is not affected. ***1.7.3*** * Fix
paste.httpserver on Python 2.6. * Fix paste.auth.cookie, which would insert
newlines for long cookies. * paste.util.mimeparse parses a single * in Accept
headers (sent by IE 6). * Fix some problems with the wdg_validate middleware.
* Improvements to paste.auth.auth_tkt: add httponly support, don’t always
aggressively set cookies without the wildcard_cookie option. Also on logout,
make cookies expire. * In paste.proxy.Proxy handle Content-Length of -1. * In
paste.httpexceptions avoid some unicode errors. * In paste.httpserver handle
.read() from 100 Continue properly (because of a typo it was doing a readline).
* Update paste.util.mimeparse from upstream. http://pythonpaste.org/news.html
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 24 2010 Luke Macken <lmacken@xxxxxxxxxx> - 1.7.4-1
- 1.7.4 security release
--------------------------------------------------------------------------------
================================================================================
redhat-lsb-4.0-4.fc12 (FEDORA-2010-10385)
LSB base libraries support for Red Hat Enterprise Linux
--------------------------------------------------------------------------------
Update Information:
Update to 4.0 version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 25 2010 Parag <pnemade AT redhat.com> - 4.0-4
- Revert license back to GPLv2
* Thu Jun 24 2010 Parag <pnemade AT redhat.com> - 4.0-3
- Resolves:rh#585858:-redhat-lsb-graphics broken
* Fri Jan 15 2010 Lawrence Lim <llim@xxxxxxxxxx> - 4.0-2
- update spec file to split package into core, desktop and printing (Curtis Doty, #472633)
* Fri Jan 8 2010 Lawrence Lim <llim@xxxxxxxxxx> - 4.0-1
- update to LSB4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #585858 - redhat-lsb-graphics broken
https://bugzilla.redhat.com/show_bug.cgi?id=585858
[ 2 ] Bug #472633 - redhat-lsb doesn't split core and graphics
https://bugzilla.redhat.com/show_bug.cgi?id=472633
--------------------------------------------------------------------------------
================================================================================
sems-1.2.1-4.fc12 (FEDORA-2010-10393)
SIP Express Media Server, an extensible SIP media server
--------------------------------------------------------------------------------
Update Information:
Several minor bugfixes and one big fix for regression in modules conference and
early_media.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 25 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 1.2.1-4
- Fixed escaping variables strategy for new CMake (and only for new CMake)
- Disable mysql++ in early_announce and conference modules
* Tue Jun 1 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 1.2.1-3
- Fixed config-file generation for EPEL (old CMake)
- Fixed MOD_NAME parameter passing
- Fixed few typos
* Fri May 7 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 1.2.1-2
- Fixed build for EPEL
--------------------------------------------------------------------------------
================================================================================
xscreensaver-5.11-5.fc12.respin1 (FEDORA-2010-10376)
X screen saver and locker
--------------------------------------------------------------------------------
Update Information:
xscreensaver contains many screensaver hacks and some of them have the same
names as in gnome-screensaver, which caused some troublesome issue. This new
rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 24 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1:5.11-4.respin1
- Make hacks' names in gss compat desktop files written in full path
(ref: bug 531151)
- Update gss compat desktop creation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #531151 - [abrt] crash detected in gnome-screensaver-2.28.0-5.fc12
https://bugzilla.redhat.com/show_bug.cgi?id=531151
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
