The following Fedora 12 Security updates need testing:
https://admin.fedoraproject.org
/updates/sudo-1.7.4p4-2.fc12 https://admin.fedoraproject.org
/updates/gif2png-2.5.1-1202.fc12 https://admin.fedoraproject.org
/updates/mantis-1.1.8-4.fc12 https://admin.fedoraproject.org
/updates/php-pecl-apc-3.1.4-2.fc12 https://admin.fedoraproject.org
/updates/lvm2-2.02.72-4.fc12 https://admin.fedoraproject.org
/updates/roundup-1.4.15-1.fc12 https://admin.fedoraproject.org
/updates/libmspack-0.2-0.1.20100723alpha.fc12,cabextract-1.3-1.fc12 https://admin.fedoraproject.org
/updates/lib3ds-1.3.0-9.fc12 https://admin.fedoraproject.org
/updates/ghostscript-8.71-16.fc12 https://admin.fedoraproject.org
/updates/mailman-2.1.12-10.fc12 https://admin.fedoraproject.org
/updates/php-nusoap-0.9.5-1.fc12 https://admin.fedoraproject.org
/updates/openldap-2.4.19-6.fc12
The following Fedora 12 Critical Path updates have yet to be approved:
The following builds have been pushed to Fedora 12 updates-testing
Miro-3.0.3-2.fc12
krb5-1.7.1-14.fc12
mantis-1.1.8-4.fc12
mpi4py-1.2.2-1.fc12
rubygem-test-unit-2.1.1-2.fc12
udev-145-22.fc12
upstart-0.3.11-5.fc12
Details about builds:
================================================================================
Miro-3.0.3-2.fc12 (FEDORA-2010-15072)
Internet TV Player
--------------------------------------------------------------------------------
Update Information:
Miro now gracefully exits when erroneously started without an available display
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 20 2010 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 3.0.3-2
- Catch exception when started without a valid DISPLAY (# 633999)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #633999 - [abrt] Miro-3.0.2-1.fc13: __init__.py:52:_init:RuntimeError: could not open display
https://bugzilla.redhat.com/show_bug.cgi?id=633999
--------------------------------------------------------------------------------
================================================================================
krb5-1.7.1-14.fc12 (FEDORA-2010-14662)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
The previous update switched to using the "pathmunge()" function to modify the user's PATH at login-time. For various reasons, it may end up not being defined at the point when it is being called, so this update reverts that change.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 13 2010 Nalin Dahyabhai <nalin@xxxxxxxxxx> 1.7.1-14
- revert pathmunge-related changes because pathmunge() isn't always there
if we've upgraded or anything weird's happened (#633212)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #633212 - pathmunge error when logging in
https://bugzilla.redhat.com/show_bug.cgi?id=633212
[ 2 ] Bug #634538 - pathmunge leftover
https://bugzilla.redhat.com/show_bug.cgi?id=634538
[ 3 ] Bug #635639 - command not found: pathmunge in /etc/profile.d/krb-*.sh under zsh
https://bugzilla.redhat.com/show_bug.cgi?id=635639
--------------------------------------------------------------------------------
================================================================================
mantis-1.1.8-4.fc12 (FEDORA-2010-15080)
Web-based issue tracking system
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 20 2010 Gianluca Sforna <giallu@xxxxxxxxx> - 1.1.8-4
- Fix CVE-2010-3070 using system's NuSOAP (#633011)
- Fix CVE-2010-2574 and CVE-2010-3303 (#633003 #634340)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #633011 - Mantis: Vulnerable to CVE-2010-3070 (XSS in php-nusoap) due use of embedded copy of nusoap library
https://bugzilla.redhat.com/show_bug.cgi?id=633011
[ 2 ] Bug #634340 - CVE-2010-3303 mantis: several XSS flaws fixed in 1.2.3
https://bugzilla.redhat.com/show_bug.cgi?id=634340
[ 3 ] Bug #633003 - CVE-2010-2574 Mantis: XSS in Add Category action.
https://bugzilla.redhat.com/show_bug.cgi?id=633003
--------------------------------------------------------------------------------
================================================================================
mpi4py-1.2.2-1.fc12 (FEDORA-2010-15085)
Python bindings of the Message Passing Interface (MPI)
--------------------------------------------------------------------------------
Update Information:
Changelog:
* Add ``mpi4py.get_config()`` to retrieve information (compiler
wrappers, includes, libraries, etc) about the MPI implementation
employed to build mpi4py.
* Workaround Python libraries with missing GILState-related API calls
in case of non-threaded Python builds.
* Windows: look for MPICH2, DeinoMPI, Microsoft HPC Pack at their
default install locations under %ProgramFiles.
* MPE: fix hacks related to old API's, these hacks are broken when MPE
is built with a MPI implementations other than MPICH2.
* HP-MPI: fix for missing Fortran datatypes, use dlopen() to load the
MPI shared library before MPI_Init()
* Many distutils-related fixes, cleanup, and enhancements, better
logics to find MPI compiler wrappers.
* Support for ``pip install mpi4py``.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 15 2010 Thomas Spura <tomspur@xxxxxxxxxxxxxxxxx> - 1.2.2-1
- update to new version
--------------------------------------------------------------------------------
================================================================================
rubygem-test-unit-2.1.1-2.fc12 (FEDORA-2010-15088)
Improved version of Test::Unit bundled in Ruby 1.8.x
--------------------------------------------------------------------------------
================================================================================
udev-145-22.fc12 (FEDORA-2010-15074)
A userspace implementation of devfs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Harald Hoyer <harald@xxxxxxxxxx> 145-22
- backported the upstream cdrom_id bugfixes and enhancements
(bug #533643)
- backported the upstream keymaps bugfixes and enhancements
(bug #444440)
- fixed floppy devices (bug#492404)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #533643 - audio CDs aren't recognised and produce kernel errors
https://bugzilla.redhat.com/show_bug.cgi?id=533643
[ 2 ] Bug #444440 - volume dial breaks keyboard handling
https://bugzilla.redhat.com/show_bug.cgi?id=444440
[ 3 ] Bug #492404 - udev doesn't create /dev/fd0xxxx devices nodes
https://bugzilla.redhat.com/show_bug.cgi?id=492404
--------------------------------------------------------------------------------
================================================================================
upstart-0.3.11-5.fc12 (FEDORA-2010-15073)
An event-driven init system
--------------------------------------------------------------------------------
Update Information:
This update fixes setting utmp DEAD_PROCESS for dead processes.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 20 2010 Petr Lautrbach <plautrba@xxxxxxxxxx> 0.3.11-5
- Don't rewind utmp file pointer (#632568)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #632568 - limits.conf file maxlogins
https://bugzilla.redhat.com/show_bug.cgi?id=632568
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
