The following Fedora 14 Security updates need testing: https://admin.fedoraproject.org/updates/ardour-2.8.11-5.fc14 https://admin.fedoraproject.org/updates/openswan-2.6.29-1.fc14 https://admin.fedoraproject.org/updates/rekonq-0.6.0-1.fc14 https://admin.fedoraproject.org/updates/seamonkey-2.0.8-1.fc14 https://admin.fedoraproject.org/updates/perl-libwww-perl-5.837-2.fc14 https://admin.fedoraproject.org/updates/mailman-2.1.13-6.fc14 https://admin.fedoraproject.org/updates/exim-4.72-2.fc14 https://admin.fedoraproject.org/updates/gnome-subtitles-1.0-3.fc14 https://admin.fedoraproject.org/updates/tuxguitar-1.2-3.fc14 https://admin.fedoraproject.org/updates/drupal-cck-6.x.2.8-1.fc14 https://admin.fedoraproject.org/updates/ghostscript-8.71-16.fc14 https://admin.fedoraproject.org/updates/pam_mount-2.5-1.fc14,libHX-3.6-1.fc14 https://admin.fedoraproject.org/updates/php-pear-CAS-1.1.3-1.fc14 https://admin.fedoraproject.org/updates/sepostgresql-9.0.0-20101005.fc14 https://admin.fedoraproject.org/updates/krb5-1.8.2-6.fc14 The following builds have been pushed to Fedora 14 updates-testing PackageKit-0.6.9-4.fc14 archimedes-0.9.1-1.fc14 bash-completion-1.2-4.fc14 bit-0.4.90-11.fc14 cairomm-1.9.2-1.fc14 clipsmm-0.1.0-4.fc14 conexus-0.9.1-3.fc14 dbus-cxx-0.7.0-2.fc14 eclipse-3.6.1-1.fc14 eclipse-fedorapackager-0.1.3-1.fc14 eclipse-jgit-0.9.1-1.fc14 erlang-gen_leader-0-0.2.fc14 erlang-getopt-0.3-2.fc14 erlang-protobuffs-0-0.2.20100930git58ff962.fc14 firmware-tools-2.1.14-1.fc14 gnome-color-manager-2.32.0-2.fc14 gnome-packagekit-2.32.0-2.fc14 gnome-power-manager-2.32.0-3.fc14 gnu-free-fonts-20100919-1.fc14 gplcver-2.12a-1.fc14 krb5-1.8.2-6.fc14 libsndfile-1.0.22-1.fc14 libsocialweb-0.24.9-3.fc14 motoya-lmaru-fonts-1.00-0.1.20100928git.fc14 neon-0.29.4-1.fc14 nmap-5.21-9.fc14 nqc-3.1.7-6.fc14 papyrus-0.13.3-2.fc14 perl-Test-Requires-0.06-1.fc14 php-domxml-php4-php5-1.21.2-1.fc14 php-pear-CAS-1.1.3-1.fc14 php-pear-File-Find-1.3.1-1.fc14 php-pecl-memcache-3.0.5-1.fc14 python-webtest-1.2.2-1.fc14 rubygem-cairo-1.10.0-2.fc14 sepostgresql-9.0.0-20101005.fc14 sugar-0.90.2-1.fc14 sugar-toolkit-0.90.1-1.fc14 udev-161-3.fc14 wine-1.3.4-1.fc14 xorg-x11-server-1.9.0-13.fc14 xournal-0.4.5-7.fc14 yum-3.2.28-5.fc14 zif-0.1.1-2.fc14 Details about builds: ================================================================================ PackageKit-0.6.9-4.fc14 (FEDORA-2010-15818) Package management service -------------------------------------------------------------------------------- Update Information: - New upstream release of 0.6.9. - Many small bugfixes and performance increases. - Disable gobject-introspection support as PackageKit upstream now only supports the newer introspection syntax in rawhide. - Delete the subpackage PackageKit-gtk3-module as GLib in F14 does not contain GApplication. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 4 2010 Richard Hughes <rhughes@xxxxxxxxxx> - 0.6.9-4 - Include a backported patch from master as the F14 buildroot has an old version of GTK3 that is different API to the rawhide version. * Mon Oct 4 2010 Richard Hughes <rhughes@xxxxxxxxxx> - 0.6.9-3 - Delete the subpackage PackageKit-gtk3-module as GLib in F14 does not contain GApplication. * Mon Oct 4 2010 Richard Hughes <rhughes@xxxxxxxxxx> - 0.6.9-2 - Disable gobject-introspection support as PackageKit upstream now only supports the newer introspection syntax in rawhide. * Mon Oct 4 2010 Richard Hughes <rhughes@xxxxxxxxxx> - 0.6.9-1 - New upstream release of 0.6.9. - Many small bugfixes and performance increases. - Resolves #634628 -------------------------------------------------------------------------------- References: [ 1 ] Bug #634628 - Servicepack fails to install; packagekitd stops working https://bugzilla.redhat.com/show_bug.cgi?id=634628 -------------------------------------------------------------------------------- ================================================================================ archimedes-0.9.1-1.fc14 (FEDORA-2010-15807) 2D Quantum Monte Carlo simulator for semiconductor devices -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 2 2010 Chitlesh Goorah <chitlesh [AT] fedoraproject DOT org> - 0.9.1-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ bash-completion-1.2-4.fc14 (FEDORA-2010-15649) Programmable completion for Bash -------------------------------------------------------------------------------- Update Information: Bugfix package release addressing a few reported issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Ville Skyttà <ville.skytta@xxxxxx> - 1:1.2-4 - More IPv6 address completion fixes, #630658. * Tue Sep 28 2010 Ville Skyttà <ville.skytta@xxxxxx> - 1:1.2-3 - Apply upstream ~username completion fix for #628130. - Apply upstream rpm completion improvements for #630328. - Apply upstream IPv6 address completion fix for #630658. - Drop some completions that are included in respective upstream packages. - Fix qdbus/dcop uninstall trigger. -------------------------------------------------------------------------------- References: [ 1 ] Bug #628130 - ~user completion doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=628130 [ 2 ] Bug #630328 - Completion for RPM disables filename completion. https://bugzilla.redhat.com/show_bug.cgi?id=630328 [ 3 ] Bug #630658 - Completion about IPv6 address does not work properly https://bugzilla.redhat.com/show_bug.cgi?id=630658 -------------------------------------------------------------------------------- ================================================================================ bit-0.4.90-11.fc14 (FEDORA-2010-15795) C++ library to simplify bit stream parsing -------------------------------------------------------------------------------- Update Information: Updated to handle smart pointers for Fedora 14 gcc -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 16 2010 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> - 0.4.90-11 - Patch for changes to g++ C++0x in f14 - Fix obsoletes by lowering version to 0.4.90 from 0.5.0 -------------------------------------------------------------------------------- ================================================================================ cairomm-1.9.2-1.fc14 (FEDORA-2010-15823) C++ API for the cairo graphics library -------------------------------------------------------------------------------- Update Information: New release with minor bugfixes -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 4 2010 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> - 1.9.2-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ clipsmm-0.1.0-4.fc14 (FEDORA-2010-15806) C++ interface to the CLIPS expert system C library -------------------------------------------------------------------------------- Update Information: Updated to handle smart pointers for Fedora 14 gcc -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 16 2010 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> - 0.1.0-4 - Patch for changes to g++ C++0x in f14 * Tue Mar 9 2010 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> - 0.1.0-3 - Add libtermcap dependency for Fedora <= 9 and EL <= 5 -------------------------------------------------------------------------------- ================================================================================ conexus-0.9.1-3.fc14 (FEDORA-2010-15805) C++ I/O communication library -------------------------------------------------------------------------------- Update Information: Updated to handle smart pointers for Fedora 14 gcc -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 17 2010 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> - 0.9.1-3 - Patch for changes to g++ C++0x in f14 * Mon Sep 13 2010 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> - 0.9.1-2 - Rebuild for NSS lib changes to fix broken dependencies -------------------------------------------------------------------------------- ================================================================================ dbus-cxx-0.7.0-2.fc14 (FEDORA-2010-15820) C++ bindings for the DBus library -------------------------------------------------------------------------------- Update Information: Updated to handle smart pointers for Fedora 14 gcc -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 16 2010 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> - 0.7.0-2 - Patch for changes to g++ C++0x in f14 -------------------------------------------------------------------------------- ================================================================================ eclipse-3.6.1-1.fc14 (FEDORA-2010-15811) An open, extensible IDE -------------------------------------------------------------------------------- Update Information: List of fixed bugs: https://bugs.eclipse.org/bugs/buglist.cgi?query_format=advanced;resolution=FIXED;target_milestone=3.6.1;product=Equinox;product=JDT;product=PDE;product=Platform;classification=Eclipse;classification=RT. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Alexander Kurtakov <akurtako@xxxxxxxxxx> 1:3.6.1-1 - Update to 3.6.1. -------------------------------------------------------------------------------- ================================================================================ eclipse-fedorapackager-0.1.3-1.fc14 (FEDORA-2010-15808) Fedora Packager Tools -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 4 2010 Severin Gehwolf <sgehwolf@xxxxxxxxxx> 0.1.3-1 - Merge rawhide changes. * Mon Oct 4 2010 Severin Gehwolf <sgehwolf@xxxxxxxxxx> 0.1.3-0.1 - Better error checking in FedoraCheckoutWizard.java - Fixes https://fedorahosted.org/eclipse-fedorapackager/ticket/31 - Fixes https://fedorahosted.org/eclipse-fedorapackager/ticket/36 * Fri Oct 1 2010 Severin Gehwolf <sgehwolf@xxxxxxxxxx> 0.1.2-1 - Fix getDistDefines() in FedoraHandlerUtils. * Thu Sep 30 2010 Severin Gehwolf <sgehwolf@xxxxxxxxxx> 0.1.1-1 - Merge changes from master. * Fri Aug 27 2010 Severin Gehwolf <sgehwolf@xxxxxxxxxx> 0.1.0-0.3 - Updated Eclipse help for Eclipse Fedora Packager. * Thu Aug 26 2010 Severin Gehwolf <sgehwolf@xxxxxxxxxx> 0.1.0-0.2 - Fix feature and bundle version, egit/jgit dependencies. * Thu Aug 26 2010 Severin Gehwolf <sgehwolf at, redhat.com> 0.1.0-0.1 - Rebase to 0.1.0 (introduces dist-git support). -------------------------------------------------------------------------------- ================================================================================ eclipse-jgit-0.9.1-1.fc14 (FEDORA-2010-15816) Eclipse JGit -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 4 2010 Severin Gehwolf <sgehwolf@xxxxxxxxxx> 0.9.1-1 - Merge from rawhide. - Update to upstream release 0.9.1. -------------------------------------------------------------------------------- ================================================================================ erlang-gen_leader-0-0.2.fc14 (FEDORA-2010-15825) A leader election behavior modeled after gen_server -------------------------------------------------------------------------------- Update Information: initial commit -------------------------------------------------------------------------------- References: [ 1 ] Bug #638906 - Review Request: erlang-gen_leader - A leader election behavior modeled after gen_server https://bugzilla.redhat.com/show_bug.cgi?id=638906 -------------------------------------------------------------------------------- ================================================================================ erlang-getopt-0.3-2.fc14 (FEDORA-2010-15822) Erlang module to parse command line arguments using the GNU getopt syntax -------------------------------------------------------------------------------- Update Information: Initial commit (review request in rhbz #638948) -------------------------------------------------------------------------------- References: [ 1 ] Bug #638948 - Review Request: erlang-getopt - Erlang module to parse command line arguments using the GNU getopt syntax https://bugzilla.redhat.com/show_bug.cgi?id=638948 -------------------------------------------------------------------------------- ================================================================================ erlang-protobuffs-0-0.2.20100930git58ff962.fc14 (FEDORA-2010-15830) A set of Protocol Buffers tools and modules for Erlang applications -------------------------------------------------------------------------------- Update Information: Initial commit (review request in rhbz #638974) -------------------------------------------------------------------------------- References: [ 1 ] Bug #638974 - Review Request: erlang-protobuffs - A set of Protocol Buffers tools and modules for Erlang applications https://bugzilla.redhat.com/show_bug.cgi?id=638974 -------------------------------------------------------------------------------- ================================================================================ firmware-tools-2.1.14-1.fc14 (FEDORA-2010-15800) Scripts and tools to manage firmware and BIOS updates -------------------------------------------------------------------------------- Update Information: * Updated compare logic so packages will match to shortname on devices. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 2.1.14-1 - don't open root-writeable log files until necessary, fixes https://bugzilla.redhat.com/show_bug.cgi?id=582299 * Mon Sep 27 2010 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 2.1.13-1 - update to 2.1.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #582299 - [abrt] crash in firmware-tools-2.1.9-1.fc13: __init__.py:838:_open:IOError: [Errno 13] Permission denied: '/var/log/firmware-updates.log' https://bugzilla.redhat.com/show_bug.cgi?id=582299 -------------------------------------------------------------------------------- ================================================================================ gnome-color-manager-2.32.0-2.fc14 (FEDORA-2010-15819) Color management tools for GNOME -------------------------------------------------------------------------------- Update Information: - New upstream release. - Lots of translation updates. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Richard Hughes <richard@xxxxxxxxxxx> 2.32.0-2 - Rebuild after glibc breakage. * Mon Sep 27 2010 Richard Hughes <richard@xxxxxxxxxxx> 2.32.0-1 - New upstream release. - Lots of translation updates. * Sat Sep 11 2010 Richard Hughes <richard@xxxxxxxxxxx> 2.31.91-3 - Remove the explicit dependency on yelp. - Resolves: #626242 -------------------------------------------------------------------------------- ================================================================================ gnome-packagekit-2.32.0-2.fc14 (FEDORA-2010-15827) Session applications to manage packages -------------------------------------------------------------------------------- Update Information: - New upstream version. - Mostly translation updates. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Richard Hughes <richard@xxxxxxxxxxx> 2.32.0-2 - Rebuild after glibc breakage. * Mon Sep 27 2010 Richard Hughes <rhughes@xxxxxxxxxx> - 2.32.0-1 - New upstream version. - Mostly translation updates. -------------------------------------------------------------------------------- ================================================================================ gnome-power-manager-2.32.0-3.fc14 (FEDORA-2010-15799) GNOME power management service -------------------------------------------------------------------------------- Update Information: - New upstream release. - Lots of translation updates. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Richard Hughes <richard@xxxxxxxxxxx> 2.32.0-3 - Rebuild for msgmerge floating point exception bug. Gah. * Tue Oct 5 2010 Richard Hughes <richard@xxxxxxxxxxx> 2.32.0-2 - Rebuild after glibc breakage. * Mon Sep 27 2010 Richard Hughes <richard@xxxxxxxxxxx> 2.32.0-1 - New upstream release. - Lots of translation updates. -------------------------------------------------------------------------------- ================================================================================ gnu-free-fonts-20100919-1.fc14 (FEDORA-2010-15832) Free UCS Outline Fonts -------------------------------------------------------------------------------- Update Information: New upstream, fixes some missing glyphs. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Jon Ciesla <limb@xxxxxxxxxxxx> 20100919-1 - New upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #640151 - Font glyph is missing for U+25CC Unicode https://bugzilla.redhat.com/show_bug.cgi?id=640151 -------------------------------------------------------------------------------- ================================================================================ gplcver-2.12a-1.fc14 (FEDORA-2010-15824) An interpreted Verilog HDL simulator -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Shakthi Kannan <shakthimaan [AT] fedoraproject DOT org> 2.12a-1 - Updated to upstream 2.12a version. - Remove dinotrace.dir entry as it is not available in this release. -------------------------------------------------------------------------------- ================================================================================ krb5-1.8.2-6.fc14 (FEDORA-2010-15803) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: This update incorporates the upstream patch to fix an uninitialized pointer crash in the KDC's authorization data handling routines (CVE-2010-1322). It also pulls up a few backports and compilation flag changes from F15. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Nalin Dahyabhai <nalin@xxxxxxxxxx> 1.8.2-6 - incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data handling (CVE-2010-1322, #636335) * Tue Oct 5 2010 Nalin Dahyabhai <nalin@xxxxxxxxxx> 1.8.2-5 - pull down patches from trunk to implement k5login_authoritative and k5login_directory settings for krb5.conf (#539423) - fix reading of keyUsage extensions when attempting to select pkinit client certs (part of #629022, RT#6775) - fix selection of pkinit client certs when one or more don't include a subjectAltName extension (part of #629022, RT#6774) - also link binaries with -Wl,-z,relro,-z,now (part of #629950) - build with -fstack-protector-all instead of the default -fstack-protector, so that we add checking to more functions (i.e., all of them) (#629950) * Wed Sep 29 2010 jkeating - 1.8.2-4.1 - Rebuilt for gcc bug 634757 -------------------------------------------------------------------------------- References: [ 1 ] Bug #636335 - CVE-2010-1322 krb5: KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006) https://bugzilla.redhat.com/show_bug.cgi?id=636335 -------------------------------------------------------------------------------- ================================================================================ libsndfile-1.0.22-1.fc14 (FEDORA-2010-15814) Library for reading and writing sound files -------------------------------------------------------------------------------- Update Information: * Couple of fixes for SDS file writer. * Fixes arising from static analysis. * Handle FLAC files with ID3 meta data at start of file. * Handle FLAC files which report zero length. * Other minor bug fixes and improvements. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.22-1 - Update to 10.0.22 -------------------------------------------------------------------------------- ================================================================================ libsocialweb-0.24.9-3.fc14 (FEDORA-2010-15831) A social network data aggregator -------------------------------------------------------------------------------- Update Information: This update adds API keys, necessary to connect to the web services supported by libsocialweb. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 23 2010 Peter Robinson <pbrobinson@xxxxxxxxx> 0.24.9-3 - Obsolete mojito * Thu Aug 26 2010 Bastien Nocera <bnocera@xxxxxxxxxx> 0.24.9-2 - Add API keys to the -keys sub-package -------------------------------------------------------------------------------- ================================================================================ motoya-lmaru-fonts-1.00-0.1.20100928git.fc14 (FEDORA-2010-15793) Japanese Round Gothic-typeface TrueType fonts by MOTOYA Co,LTD -------------------------------------------------------------------------------- ================================================================================ neon-0.29.4-1.fc14 (FEDORA-2010-15802) An HTTP and WebDAV client library -------------------------------------------------------------------------------- Update Information: This update includes the latest stable release of neon. A bug fix for use of the TLS "Server Name Indication" feature is included, as well as some other minor fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 1 2010 Joe Orton <jorton@xxxxxxxxxx> - 0.29.4-1 - update to 0.29.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #588959 - regression: neon does not work with SNI, patched upstream https://bugzilla.redhat.com/show_bug.cgi?id=588959 -------------------------------------------------------------------------------- ================================================================================ nmap-5.21-9.fc14 (FEDORA-2010-15815) Network exploration tool and security scanner -------------------------------------------------------------------------------- Update Information: zenmap does not work at all because of some pygtk changes (621887) how to test: run zenmap (from nmap-fronted). Does it run (fixed) or crashes without even starting(still broken)? -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2:5.21-9 - add workaround for zenmap crash (#637403) -------------------------------------------------------------------------------- References: [ 1 ] Bug #637403 - zenmap (nmap-frontend) crashes with PyDict_SetItem: Assertion `value' failed https://bugzilla.redhat.com/show_bug.cgi?id=637403 -------------------------------------------------------------------------------- ================================================================================ nqc-3.1.7-6.fc14 (FEDORA-2010-15817) Not Quite C compiler -------------------------------------------------------------------------------- Update Information: Updated build requirements. No significant changes. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 19 2009 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> - 3.1.6-7 - Changed bison BR to byacc -------------------------------------------------------------------------------- ================================================================================ papyrus-0.13.3-2.fc14 (FEDORA-2010-15826) Cairo based C++ scenegraph library -------------------------------------------------------------------------------- Update Information: Updated to handle smart pointers for Fedora 14 gcc -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 14 2010 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> - 0.13.3-2 - Patch for changes to g++ C++0x in f14 -------------------------------------------------------------------------------- ================================================================================ perl-Test-Requires-0.06-1.fc14 (FEDORA-2010-15809) Checks to see if a given module can be loaded -------------------------------------------------------------------------------- Update Information: This update to the latest upstream version introduces no functional changes; it merely clarifies some dependencies. The update is necessary, however, for the latest version of Moose. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Iain Arnell <iarnell@xxxxxxxxx> 0.06-1 - update to latest upstream version -------------------------------------------------------------------------------- ================================================================================ php-domxml-php4-php5-1.21.2-1.fc14 (FEDORA-2010-15801) XML transition from PHP4 domxml to PHP5 dom module -------------------------------------------------------------------------------- Update Information: Upstream Changelog: * fix DomNode->add_child() -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> - 1.21.2-1 - update to 1.21.2 (minor bugfix) -------------------------------------------------------------------------------- ================================================================================ php-pear-CAS-1.1.3-1.fc14 (FEDORA-2010-15796) Central Authentication Service client library in php -------------------------------------------------------------------------------- Update Information: This release contains 3 security fixes for vulnerabilities in the proxy callback mechanism. These vulnerabilities only affect phpCAS clients that are running in proxy() mode. The release is fully compatible with all versions 1.1.x versions. The changes are: Security Issue * CVE-2010-3690 phpCAS: XSS during a proxy callback [PHPCAS-80] (Joachim Fritschi) * CVE-2010-3691 phpCAS: prevent symlink attacks during a proxy callback [PHPCAS-80] (Joachim Fritschi) * CVE-2010-3692 phpCAS: directory traversal during a proxy callback [PHPCAS-80] (Joachim Fritschi) Bug Fixes * fix broken redirection with safari [PHPCAS-79] (Alex Barker) * fix missing exit() call during ticket validation [PHPCAS-76] (Igor Blanco,Joachim Fritschi) * fix a notice because REQUEST_URL is not defined on IIS [PHPCAS-81] (IÃaki Arenaza) * fix a typo in pgt-db.php [PHPCAS-75] (Julien Cochennec) * removal of the non functional pgt-db backend [PHPCAS-81] (Joachim Fritschi) -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 4 2010 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> - 1.1.3-1 - update to 1.1.3 - fix CVE-2010-3690, CVE-2010-3691, CVE-2010-3692 - set timezone during build -------------------------------------------------------------------------------- ================================================================================ php-pear-File-Find-1.3.1-1.fc14 (FEDORA-2010-15829) Class which facilitates the search of filesystems -------------------------------------------------------------------------------- Update Information: Upstream Changelog: QA release * Bug #2132 Doc state &search() can be called statically. It isn't true. * Bug #2773 Directories with other directories named 0 * Bug #4669 Repeated calls to search or maptree return multiple copies of results * Bug #4983 Error in install * Bug #4994 Close TODO * Bug #7966 File_Find Stream Support * Bug #14816 Unit test failures RPM Changelog: * spec cleanup * set timezone during build * run tests in %check * rename File_Find.xml to php-pear-File-Find.xml -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 5 2020 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 1.3.1-1 - upstream Version 1.3.1 (stable) - API 1.3.0 (stable) - package.xml is now V2 - set timezone during build - run tests in %check -------------------------------------------------------------------------------- ================================================================================ php-pecl-memcache-3.0.5-1.fc14 (FEDORA-2010-15804) Extension to work with the Memcached caching daemon -------------------------------------------------------------------------------- Update Information: Upstream Changelog: * Fixed PECL bug #16059 (Build error: 'MSG_NOSIGNAL' undeclared) * Added method MemcachePool::findServer(key) which returns the server a key hashes to * Changed MemcachePool::findServer() to return only "hostname:port" since tcp port is significant * Fixed PECL bug #16536 (Weight of 0 causes SegFault on memcache_add_server) * Fixed PECL bug #17566 (3.0.4 cache delete bug) * Fixed PECL Bug #16442 (memcache_set fail with integer value) -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 3.0.5-1 - update to 3.0.5 * Thu Sep 30 2010 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 3.0.4-4 - patch for bug #599305 (upstream #17566) - add minimal load test in %check -------------------------------------------------------------------------------- References: [ 1 ] Bug #599305 - php-pecl-memcache extension broken due to a "protocol error" https://bugzilla.redhat.com/show_bug.cgi?id=599305 -------------------------------------------------------------------------------- ================================================================================ python-webtest-1.2.2-1.fc14 (FEDORA-2010-15813) Helper to test WSGI applications -------------------------------------------------------------------------------- Update Information: 1.2.2 ----- * Revert change to cookies that would add " around cookie values. * Added property :method:`webtest.Response.pyquery` which returns a PyQuery object. * Set base_url on resp.lxml * Include tests and docs in tarball. * Fix sending in webob.Request (or webtest.TestRequest) objects. * Fix handling forms with file uploads, when no file is selected. * Added extra_environ argument to :method:`webtest.TestResponse.click`. * Fixed/added wildcard statuses, like status="4*" * Fix file upload fields in forms: allow upload field to be empty. * Added support for single-quoted html attributes. * TestResponse now has unicode support. It is turned on by default for all responses with charset information. This is backward incompatible change if you rely (e.g. in doctests) on parsed form fields or responses returned by json and lxml methods being encoded strings when charset header is in response. In order to switch to old behaviour pass use_unicode=False flag to TestApp constructor. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Luke Macken <lmacken@xxxxxxxxxx> - 1.2.2-1 - Update to 1.2.2 - Add python-dtopt to the BuildRequires - Include the docs again -------------------------------------------------------------------------------- ================================================================================ rubygem-cairo-1.10.0-2.fc14 (FEDORA-2010-15797) Ruby bindings for cairo -------------------------------------------------------------------------------- ================================================================================ sepostgresql-9.0.0-20101005.fc14 (FEDORA-2010-15794) Security Enhanced PostgreSQL -------------------------------------------------------------------------------- Update Information: Update base version from 9.0beta1 to v9.0.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 KaiGai Kohei <kaigai@xxxxxxxxxxxx> - 9.0.0-20101005 - upgrade base version to 9.0.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #583072 - CVE-2010-1170 PostgreSQL: PL/Tcl Intended restriction bypass https://bugzilla.redhat.com/show_bug.cgi?id=583072 [ 2 ] Bug #582615 - CVE-2010-1169 PostgreSQL: PL/Perl Intended restriction bypass https://bugzilla.redhat.com/show_bug.cgi?id=582615 -------------------------------------------------------------------------------- ================================================================================ sugar-0.90.2-1.fc14 (FEDORA-2010-15798) Constructionist learning platform -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Peter Robinson <pbrobinson@xxxxxxxxx> - 0.90.2-1 - 0.90.2 release -------------------------------------------------------------------------------- ================================================================================ sugar-toolkit-0.90.1-1.fc14 (FEDORA-2010-15798) Sugar toolkit -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Peter Robinson <pbrobinson@xxxxxxxxx> - 0.90.1-1 - 0.90.1 release -------------------------------------------------------------------------------- ================================================================================ udev-161-3.fc14 (FEDORA-2010-15821) A rule-based device node and kernel event manager -------------------------------------------------------------------------------- Update Information: - add support for pre-MMC2 drives, which do not report cdrom profiles -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Harald Hoyer <harald@xxxxxxxxxx> 161-2 - add cdrom_id patch for pre-MMC2 drives, which do not report profiles Resolves: rhbz#637495 -------------------------------------------------------------------------------- References: [ 1 ] Bug #637495 - Anaconda loses InstallMedia repo. https://bugzilla.redhat.com/show_bug.cgi?id=637495 -------------------------------------------------------------------------------- ================================================================================ wine-1.3.4-1.fc14 (FEDORA-2010-15810) A Windows 16/32/64 bit emulator -------------------------------------------------------------------------------- Update Information: * New implementation of console support on Unix terminals. * Many new functions in the C runtime dlls. * Improved support for right-to-left text. * Support for CMYK JPEG images. * Beginnings of a Game Explorer implementation. * Improved 64-bit support in MSI. * Stub inetcpl control panel applet. * A number of fixes to crypto support. * Support for right-to-left mirrored windows. * New taskkill.exe built-in application. * Inetcpl control panel fleshed out. * AcceptEx is implemented now. * Improved security checks for SSL connections. * Translation updates. -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 3 2010 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.3.4-1 - version upgrade * Wed Sep 29 2010 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.3.3-2 - winepulse upgrade (0.39) * Mon Sep 20 2010 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.3.3-1 - version upgrade * Wed Sep 8 2010 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.3.2-1 - version upgrade -------------------------------------------------------------------------------- ================================================================================ xorg-x11-server-1.9.0-13.fc14 (FEDORA-2010-15833) X.Org X11 X server -------------------------------------------------------------------------------- Update Information: Re-fix of previous VBE bug Fixes a bug in VBE support for pre-VBE-3.0 cards (including various virtual machines). -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Adam Jackson <ajax@xxxxxxxxxx> 1.9.0-13 - xserver-1.9.0-vbe-insanity.patch: Fix thinko. * Mon Oct 4 2010 Adam Jackson <ajax@xxxxxxxxxx> 1.9.0-12 - xserver-1.9.0-vbe-insanity.patch: Fix VBE < 3.0 support. * Wed Sep 29 2010 jkeating - 1.9.0-11 - Rebuilt for gcc bug 634757 * Thu Sep 16 2010 Adam Tkac <atkac redhat com> 1.9.0-10 - add more files to -sources subpkg to fix tigervnc builds -------------------------------------------------------------------------------- References: [ 1 ] Bug #621893 - F14 Beta RC1 X fails on VirtualBox https://bugzilla.redhat.com/show_bug.cgi?id=621893 [ 2 ] Bug #623596 - typing break does not count screen lock time https://bugzilla.redhat.com/show_bug.cgi?id=623596 -------------------------------------------------------------------------------- ================================================================================ xournal-0.4.5-7.fc14 (FEDORA-2010-15792) Notetaking, sketching, PDF annotation and general journal -------------------------------------------------------------------------------- Update Information: Rebuild against new poppler. No changes. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Rick L Vinyard Jr <rvinyard@xxxxxxxxxxx> 0.4.5-7 - rebuild (poppler) -------------------------------------------------------------------------------- ================================================================================ yum-3.2.28-5.fc14 (FEDORA-2010-15812) RPM installer/updater -------------------------------------------------------------------------------- Update Information: This is solely a bump-release and build of 3.2.28-4 for both fc13 and fc14 - no new patches have been applied. This just makes sure that the version in f12 is not newer. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Seth Vidal <skvidal at fedoraproject.org> - 3.2.28-5 - bumping to 3.2.28-5 so f12 doesn't have a higher version - bug # 640181 -------------------------------------------------------------------------------- References: [ 1 ] Bug #640181 - newer yum in Fed-12 than Fed-13 or Fed-14 https://bugzilla.redhat.com/show_bug.cgi?id=640181 -------------------------------------------------------------------------------- ================================================================================ zif-0.1.1-2.fc14 (FEDORA-2010-15828) Simple wrapper for rpm -------------------------------------------------------------------------------- Update Information: Zif is a simple yum-compatible library that only provides read-only access to the rpm database and the Fedora metadata for PackageKit. Zif is not designed as a replacement to yum, nor to be used by end users. -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test