The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org
/updates/mantis-1.1.8-4.fc13 https://admin.fedoraproject.org
/updates/galeon-2.0.7-33.fc13,firefox-3.6.10-1.fc13,xulrunner-1.9.2.10-1.fc13,gnome-python2-extras-2.25.3-22.fc13,gnome-web-photo-0.9-12.fc13,mozvoikko-1.0-14.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.17 https://admin.fedoraproject.org
/updates/roundup-1.4.15-1.fc13 https://admin.fedoraproject.org
/updates/libmspack-0.2-0.1.20100723alpha.fc13,cabextract-1.3-1.fc13 https://admin.fedoraproject.org
/updates/lib3ds-1.3.0-9.fc13 https://admin.fedoraproject.org
/updates/ghostscript-8.71-16.fc13 https://admin.fedoraproject.org
/updates/php-nusoap-0.9.5-1.fc13 https://admin.fedoraproject.org
/updates/mailman-2.1.12-16.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
The following builds have been pushed to Fedora 13 updates-testing
arduino-0019-6.fc13
bsf-2.4.0-5.fc13
firefox-3.6.10-1.fc13
gajim-0.14-4.fc13
galeon-2.0.7-33.fc13
gnome-python2-extras-2.25.3-22.fc13
gnome-web-photo-0.9-12.fc13
iproute-2.6.33-4.fc13
mantis-1.1.8-4.fc13
mingw32-pcre-8.10-2.fc13
mozvoikko-1.0-14.fc13
mpi4py-1.2.2-1.fc13
mutt-1.5.21-1.fc13
perl-Gtk2-MozEmbed-0.08-6.fc13.17
pinfo-0.6.10-1.fc13
rubygem-test-unit-2.1.1-2.fc13
thunderbird-3.1.4-1.fc13
tigervnc-1.0.90-0.15.20100420svn4030.fc13
upstart-0.6.5-6.fc13
xulrunner-1.9.2.10-1.fc13
Details about builds:
================================================================================
arduino-0019-6.fc13 (FEDORA-2010-15087)
An IDE for Arduino-compatible electronics prototyping platforms
--------------------------------------------------------------------------------
Update Information:
An IDE for Arduino-compatible electronics prototyping platforms
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #631558 - Review Request: arduino - An IDE for Arduino-compatible electronics prototyping platforms
https://bugzilla.redhat.com/show_bug.cgi?id=631558
--------------------------------------------------------------------------------
================================================================================
bsf-2.4.0-5.fc13 (FEDORA-2010-15076)
Bean Scripting Framework
--------------------------------------------------------------------------------
Update Information:
Enable JavaScript support
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0:2.4.0-5
- Build against rhino for JavaScript support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #581658 - bsf is not built against rhino, description is incorrect
https://bugzilla.redhat.com/show_bug.cgi?id=581658
--------------------------------------------------------------------------------
================================================================================
firefox-3.6.10-1.fc13 (FEDORA-2010-15070)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 20 2010 Martin Stransky <stransky@xxxxxxxxxx> - 3.6.10-1
- Update to 3.6.10
* Mon Sep 6 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.6.9-1
- Update to 3.6.9
--------------------------------------------------------------------------------
================================================================================
gajim-0.14-4.fc13 (FEDORA-2010-15083)
Jabber client written in PyGTK
--------------------------------------------------------------------------------
Update Information:
Add dependencies required for out-of-box audio/video support.
Fix a traceback when a remote client sent an invalid iq:last reply.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Michal Schmidt <mschmidt@xxxxxxxxxx> 0.14-4
- Replace our gnome-keyring patch with one picked from upstream hg.
- Prevent traceback when receiving strange reply to iq:last.
* Mon Sep 20 2010 Michal Schmidt <mschmidt@xxxxxxxxxx> 0.14-3
- Require gstreamer-python too. (RHBZ#632927)
* Tue Sep 14 2010 Michal Schmidt <mschmidt@xxxxxxxxxx> 0.14-2
- Require farsight2-python for audio/video. (RHBZ#632927)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #632927 - farsight2-python is required for auvio/video
https://bugzilla.redhat.com/show_bug.cgi?id=632927
--------------------------------------------------------------------------------
================================================================================
galeon-2.0.7-33.fc13 (FEDORA-2010-15070)
GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Yanko Kaneti <yaneti@xxxxxxxxxxx> - 2.0.7-33
- Bump and build with latest xulrunner.
* Fri Sep 17 2010 Yanko Kaneti <yaneti@xxxxxxxxxxx> - 2.0.7-32
- Add some workarounds for crashes involving embeds coming and going without
being sufficiently accounted for e.g. various popups.
- Use existing network status icons for online/offline status.
* Wed Sep 8 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-31
- Rebuild against newer gecko
* Tue Aug 10 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-30
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
gnome-python2-extras-2.25.3-22.fc13 (FEDORA-2010-15070)
Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Martin Stransky <stransky@xxxxxxxxxx> - 2.25.3-22
- Rebuild against newer gecko
* Wed Sep 8 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.25.3-21
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
gnome-web-photo-0.9-12.fc13 (FEDORA-2010-15070)
HTML pages thumbnailer
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Martin Stransky <stransky@xxxxxxxxxx> - 0.9-12
- Rebuild against newer gecko
* Wed Sep 8 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.9-11
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
iproute-2.6.33-4.fc13 (FEDORA-2010-15069)
Advanced IP routing and network device configuration tools
--------------------------------------------------------------------------------
Update Information:
Don't print negative metrics fix
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 31 2010 Petr Sabata <psabata@xxxxxxxxxx> - 2.6.33-4
- Route metric print patch, iproute2-print-route-u32.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #628739 - routes with negative metric
https://bugzilla.redhat.com/show_bug.cgi?id=628739
--------------------------------------------------------------------------------
================================================================================
mantis-1.1.8-4.fc13 (FEDORA-2010-15082)
Web-based issue tracking system
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 20 2010 Gianluca Sforna <giallu@xxxxxxxxx> - 1.1.8-4
- Fix CVE-2010-3070 using system's NuSOAP (#633011)
- Fix CVE-2010-2574 and CVE-2010-3303 (#633003 #634340)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #633011 - Mantis: Vulnerable to CVE-2010-3070 (XSS in php-nusoap) due use of embedded copy of nusoap library
https://bugzilla.redhat.com/show_bug.cgi?id=633011
[ 2 ] Bug #634340 - CVE-2010-3303 mantis: several XSS flaws fixed in 1.2.3
https://bugzilla.redhat.com/show_bug.cgi?id=634340
[ 3 ] Bug #633003 - CVE-2010-2574 Mantis: XSS in Add Category action.
https://bugzilla.redhat.com/show_bug.cgi?id=633003
--------------------------------------------------------------------------------
================================================================================
mingw32-pcre-8.10-2.fc13 (FEDORA-2010-15084)
MinGW Windows pcre library
--------------------------------------------------------------------------------
Update Information:
New package bz 619799
--------------------------------------------------------------------------------
================================================================================
mozvoikko-1.0-14.fc13 (FEDORA-2010-15070)
Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Martin Stransky <stransky@xxxxxxxxxx> - 1.0-14
- Rebuild against newer gecko
* Wed Sep 8 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-13
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
mpi4py-1.2.2-1.fc13 (FEDORA-2010-15078)
Python bindings of the Message Passing Interface (MPI)
--------------------------------------------------------------------------------
Update Information:
Changelog:
* Add ``mpi4py.get_config()`` to retrieve information (compiler
wrappers, includes, libraries, etc) about the MPI implementation
employed to build mpi4py.
* Workaround Python libraries with missing GILState-related API calls
in case of non-threaded Python builds.
* Windows: look for MPICH2, DeinoMPI, Microsoft HPC Pack at their
default install locations under %ProgramFiles.
* MPE: fix hacks related to old API's, these hacks are broken when MPE
is built with a MPI implementations other than MPICH2.
* HP-MPI: fix for missing Fortran datatypes, use dlopen() to load the
MPI shared library before MPI_Init()
* Many distutils-related fixes, cleanup, and enhancements, better
logics to find MPI compiler wrappers.
* Support for ``pip install mpi4py``.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 15 2010 Thomas Spura <tomspur@xxxxxxxxxxxxxxxxx> - 1.2.2-1
- update to new version
--------------------------------------------------------------------------------
================================================================================
mutt-1.5.21-1.fc13 (FEDORA-2010-15086)
A text mode mail user agent
--------------------------------------------------------------------------------
Update Information:
Update to new upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 5:1.5.21-1
- update to 1.5.21
- link with gpg-error when building with gpgme support (#621626)
* Fri Jul 30 2010 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 5:1.5.20-3.20100718hg1a35f0
- update to hg snapshot 20100718hg1a35f0
--------------------------------------------------------------------------------
================================================================================
perl-Gtk2-MozEmbed-0.08-6.fc13.17 (FEDORA-2010-15070)
Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Martin Stransky <stransky@xxxxxxxxxx> - 0.08-6.17
- Rebuild against newer gecko
* Wed Sep 8 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.08-6.16
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
pinfo-0.6.10-1.fc13 (FEDORA-2010-15077)
An info file viewer
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 0.6.10-1
- update to 0.6.10
* Thu Jan 7 2010 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 0.6.9-12
- fix source URL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #634802 - pinfo does not refresh curses so shell job control suspend/resume causes 100% CPU endless loop
https://bugzilla.redhat.com/show_bug.cgi?id=634802
--------------------------------------------------------------------------------
================================================================================
rubygem-test-unit-2.1.1-2.fc13 (FEDORA-2010-15075)
Improved version of Test::Unit bundled in Ruby 1.8.x
--------------------------------------------------------------------------------
================================================================================
thunderbird-3.1.4-1.fc13 (FEDORA-2010-15071)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Thunderbird version 3.1.4. Refer to upstream release notes for the detailed list of changes:
http://www.mozillamessaging.com/en-US/thunderbird/3.1.4/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Martin Stransky <stransky@xxxxxxxxxx> - 3.1.4-1
- Update to 3.1.4
--------------------------------------------------------------------------------
================================================================================
tigervnc-1.0.90-0.15.20100420svn4030.fc13 (FEDORA-2010-15081)
A TigerVNC remote display system
--------------------------------------------------------------------------------
Update Information:
This update fixes following issues:
* vncserver init script was too verbose (BZ#633645)
* Xvnc ignored Caps-Lock (BZ#633931)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Adam Tkac <atkac redhat com> 1.0.90-0.15.20100420svn4030
- improve patch for #633645 (fix tcsh incompatibilities)
* Thu Sep 16 2010 Adam Tkac <atkac redhat com> 1.0.90-0.14.20100420svn4030
- press fake modifiers correctly (#633931)
- supress unneeded debug information emitted from initscript (#633645)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #633645 - VNC init script is too verbose on stdout
https://bugzilla.redhat.com/show_bug.cgi?id=633645
[ 2 ] Bug #633931 - Last tigervnc upgrade broke Caps-Lock
https://bugzilla.redhat.com/show_bug.cgi?id=633931
--------------------------------------------------------------------------------
================================================================================
upstart-0.6.5-6.fc13 (FEDORA-2010-15079)
An event-driven init system
--------------------------------------------------------------------------------
Update Information:
This update fixes setting utmp DEAD_PROCESS for dead processes. It's needed for similar tools like pam, w, desktop switch user, ... to correctly recognize currently logged users.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2010 Petr Lautrbach <plautrba@xxxxxxxxxx> 0.6.5-6
- set DEAD_PROCESS for dead process with pid in utmp table (#572199, #632568)
- exit shutdown with nonzero exitcode when fails shutdown
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #572199 - tty logins stays in sessions list for user switching even if user has already logged out
https://bugzilla.redhat.com/show_bug.cgi?id=572199
[ 2 ] Bug #632568 - limits.conf file maxlogins
https://bugzilla.redhat.com/show_bug.cgi?id=632568
--------------------------------------------------------------------------------
================================================================================
xulrunner-1.9.2.10-1.fc13 (FEDORA-2010-15070)
XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 20 2010 Martin Stransky <stransky@xxxxxxxxxx> 1.9.2.10-1
- Update to 1.9.2.10
* Mon Sep 6 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.9.2.9-1
- Update to 1.9.2.9
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
