The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/subversion-1.6.13-1.fc14
https://admin.fedoraproject.org/updates/ocsinventory-agent-1.1.2.1-1.fc14
https://admin.fedoraproject.org/updates/perl-libwww-perl-5.837-2.fc14
https://admin.fedoraproject.org/updates/mailman-2.1.13-6.fc14
https://admin.fedoraproject.org/updates/apr-util-1.3.10-1.fc14
https://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14
https://admin.fedoraproject.org/updates/exim-4.72-2.fc14
https://admin.fedoraproject.org/updates/tuxguitar-1.2-3.fc14
https://admin.fedoraproject.org/updates/pam_mount-2.5-1.fc14,libHX-3.6-1.fc14
https://admin.fedoraproject.org/updates/postgresql-8.4.5-1.fc14
https://admin.fedoraproject.org/updates/poppler-0.14.4-1.fc14
https://admin.fedoraproject.org/updates/sepostgresql-9.0.1-20101007.fc14
https://admin.fedoraproject.org/updates/rekonq-0.6.1-1.fc14
The following builds have been pushed to Fedora 14 updates-testing
deluge-1.3.0-1.fc14
fedora-logos-14.0.0-3.fc14
fetch-crl-3.0.3-1.fc14
glibc-2.12.90-16
gupnp-dlna-0.4.1-1.fc14
gwibber-2.33.0-12.894bzr.fc14
ibus-m17n-1.3.1-5.fc14
java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14
kernel-2.6.35.6-43.fc14
mesa-7.9-1.fc14
mpich2-1.2.1p1-10.fc14
ocsinventory-agent-1.1.2.1-1.fc14
plymouth-0.8.4-0.20100823.5.fc14
pungi-2.1.3-1.fc14
rubygem-authlogic-2.1.6-4.fc14
rubygem-rb-inotify-0.8.1-2.fc14
rubygem-simple-navigation-3.0.0-3.fc14
spin-kickstarts-0.14.3-2.fc14
sugar-physics-7-1.fc14
sugar-turtleart-100-1.fc14
ykpers-1.3.4-1.fc14
Details about builds:
================================================================================
deluge-1.3.0-1.fc14 (FEDORA-2010-16310)
A GTK+ BitTorrent client with support for DHT, UPnP, and PEX
--------------------------------------------------------------------------------
Update Information:
This update fixes a number of minor bugs, such as a key error after enabling certain plugins. It also adds options for maximum active downloading and seeding options to the scheduler. Please see the upstream changelog for a full list of fixes and enhancements: http://dev.deluge-torrent.org/wiki/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 Peter Gordon <peter@xxxxxxxxxxxxxxxx> - 1.3.0-1
- Update to new upstream release (1.3.0).
- Add P2P to the .desktop file Categories list.
- Resolves: #615984 (.desktop menu entry has wrong/missing categories)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #615984 - .desktop menu entry has wrong/missing categories
https://bugzilla.redhat.com/show_bug.cgi?id=615984
--------------------------------------------------------------------------------
================================================================================
fedora-logos-14.0.0-3.fc14 (FEDORA-2010-16303)
Fedora-related icons and pictures
--------------------------------------------------------------------------------
Update Information:
Fix missing deps on splashtolss.sh
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 14.0.0-3
- add missing Requires for splashtolss.sh (bz 635289)
* Tue Sep 28 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 14.0.0-2
- s/Fedora-KDE/oxygen/ icons (#615621)
- use hardlink to save a little space
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #635289 - missing dep on netpbm-progs
https://bugzilla.redhat.com/show_bug.cgi?id=635289
--------------------------------------------------------------------------------
================================================================================
fetch-crl-3.0.3-1.fc14 (FEDORA-2010-16317)
Downloads Certificate Revocation Lists
--------------------------------------------------------------------------------
Update Information:
fetch-crl 3.0.3 compared to 3.0.0 fixes some man pages.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Steve Traylen <steve.traylen@xxxxxxx> - 3.0.3-1
- New upstream 3.0.3
--------------------------------------------------------------------------------
================================================================================
glibc-2.12.90-16 (FEDORA-2010-16308)
The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:
Update from master
- Implement accurate fma (BZ#3268, #43358)
- Fix alignment of AVX save area on x86-64 (BZ#12113)
- Fix regex memory leaks (BZ#12078)
- Improve output of psiginfo (BZ#12107, BZ#12108)
- Don't return NULL address in getifaddrs (BZ#12093)
- Fix strstr and memmem algorithm (BZ#12092, #641124)
- Don't discard result of decoding ACE if AI_CANONIDN (#636642)
- Remove /etc/gai.conf from glibc-common and mark it %ghost in glibc
- Require exact glibc version in nscd
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Andreas Schwab <schwab@xxxxxxxxxx> - 2.12.90-16
- Update from master
- Implement accurate fma (BZ#3268, #43358)
- Fix alignment of AVX save area on x86-64 (BZ#12113)
- Fix regex memory leaks (BZ#12078)
- Improve output of psiginfo (BZ#12107, BZ#12108)
- Don't return NULL address in getifaddrs (BZ#12093)
- Fix strstr and memmem algorithm (BZ#12092, #641124)
- Don't discard result of decoding ACE if AI_CANONIDN (#636642)
- Remove /etc/gai.conf from glibc-common and mark it %ghost in glibc
- Require exact glibc version in nscd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #43358 - fma(x,y,z) does not compute x*y+z as a single ternary operation
https://bugzilla.redhat.com/show_bug.cgi?id=43358
[ 2 ] Bug #641124 - memmem, strstr, and strcasestr are broken
https://bugzilla.redhat.com/show_bug.cgi?id=641124
[ 3 ] Bug #636642 - [abrt] glibc-common-2.12-3: raise: Process /usr/bin/getent was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=636642
--------------------------------------------------------------------------------
================================================================================
gupnp-dlna-0.4.1-1.fc14 (FEDORA-2010-16309)
A collection of helpers for building UPnP AV applications
--------------------------------------------------------------------------------
Update Information:
Here is where you
give an explanation of
your update.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Peter Robinson <pbrobinson@xxxxxxxxx> 0.4.1-1
- New upstream 0.4.1 release
--------------------------------------------------------------------------------
================================================================================
gwibber-2.33.0-12.894bzr.fc14 (FEDORA-2010-16315)
An open source microblogging client for GNOME developed with Python and GTK
--------------------------------------------------------------------------------
Update Information:
Update gwibber to bzr894. This build uses a new facebook key, so you will need to delete your old facebook account from gwibber and re-add it (it should work much much better once you do this).
update to 875bzr, BigWhales DM fixes, fix digg, fix kitchen unicode patch, fix glib usage, right-click closes streams now, fixes identi.ca message parsing
update to 875bzr, BigWhales DM fixes, fix digg, fix kitchen unicode patch, fix glib usage, right-click closes streams now, fixes identi.ca message parsing
update to 875bzr, BigWhales DM fixes, fix digg, fix kitchen unicode patch, fix glib usage, right-click closes streams now, fixes identi.ca message parsing
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1:2.33.0-12.894bzr
- update to 894, improve result parsing, more digg fixes, fedora facebook key
* Mon Oct 11 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1:2.33.0-11.886bzr
- update to 886, dm patches merged, glibc fix merged, digg fix merged, several facebook fixes
* Thu Oct 7 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1:2.33.0-11.875bzr
- right click on a stream in the navigation bar and it closes
- RIBBIT!
* Thu Oct 7 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1:2.33.0-10.875bzr
- fix place where glib was being used without being imported
- apply BigWhale's DM fixes
* Thu Oct 7 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1:2.33.0-9.875bzr
- fix digg, apply kitchen changes to digg too
* Wed Oct 6 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1:2.33.0-8.875bzr
- sync to bzr875
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #619249 - doesn't work - org.freedesktop.DBus.Error.ServiceUnknown: The name com.Gwibber.Connection was not provided by any .service files
https://bugzilla.redhat.com/show_bug.cgi?id=619249
[ 2 ] Bug #637579 - incomplete facebook timeline
https://bugzilla.redhat.com/show_bug.cgi?id=637579
[ 3 ] Bug #637580 - Posting messages to facebook doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=637580
[ 4 ] Bug #634054 - [abrt] gwibber-1:2.31.4-1.fc13: decoder.py:338:raw_decode:ValueError: No JSON object could be decoded
https://bugzilla.redhat.com/show_bug.cgi?id=634054
--------------------------------------------------------------------------------
================================================================================
ibus-m17n-1.3.1-5.fc14 (FEDORA-2010-16311)
The M17N engine for IBus platform
--------------------------------------------------------------------------------
Update Information:
make Indic engines available by default
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 12 2010 Daiki Ueno <dueno@xxxxxxxxxx> - 1.3.1-5
- put several Fedora patches into one.
- Fix bug 640896 - Ibus does not load all the keymaps for a language
that is used for logging in.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #640896 - Ibus does not load all the keymaps for a language that is used for logging in
https://bugzilla.redhat.com/show_bug.cgi?id=640896
--------------------------------------------------------------------------------
================================================================================
java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 (FEDORA-2010-16312)
OpenJDK Runtime Environment
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 Deepak Bhole <dbhole@xxxxxxxxxx> - 1:1.6.0.0-44.1.9.1
- Added BR for libstdc++-statis
* Wed Oct 13 2010 Deepak Bhole <dbhole@xxxxxxxxxx> - 1:1.6.0.0-43.1.9.1
- From Andrew Hughes (ahughes@xxxxxxxxxx): Updated to IcedTea 1.9.1
- Sync with F13:
- Fixed plugin update to IcedTeaPlugin.so
- Fixed plugin cpu usage issue
- Fixed plugin rewrites ? in URL
- Resolves: rhbz#500077
- Resolves: rhbz#560193
- Resolves: rhbz#601281
- Resolves: rhbz#616893
- Resolves: rhbz#616895
- Resolves: rhbz#595191
- Resovles: rhbz#596850
- Resolves: rhbz#597134
- Resolves: rhbz#580432
- Resovles: rhbz#598353
- Resolves: rhbz#592553
- Resolves: rhbz#602906
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation
https://bugzilla.redhat.com/show_bug.cgi?id=533125
[ 2 ] Bug #642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)
https://bugzilla.redhat.com/show_bug.cgi?id=642202
[ 3 ] Bug #639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564)
https://bugzilla.redhat.com/show_bug.cgi?id=639909
[ 4 ] Bug #642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017)
https://bugzilla.redhat.com/show_bug.cgi?id=642180
[ 5 ] Bug #642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603)
https://bugzilla.redhat.com/show_bug.cgi?id=642187
[ 6 ] Bug #642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002)
https://bugzilla.redhat.com/show_bug.cgi?id=642167
[ 7 ] Bug #639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672)
https://bugzilla.redhat.com/show_bug.cgi?id=639880
[ 8 ] Bug #639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813)
https://bugzilla.redhat.com/show_bug.cgi?id=639904
[ 9 ] Bug #639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710)
https://bugzilla.redhat.com/show_bug.cgi?id=639897
[ 10 ] Bug #639914 - CVE-2010-3564 OpenJDK kerberos vulnerability (6958060)
https://bugzilla.redhat.com/show_bug.cgi?id=639914
[ 11 ] Bug #639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023)
https://bugzilla.redhat.com/show_bug.cgi?id=639920
[ 12 ] Bug #642197 - CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285)
https://bugzilla.redhat.com/show_bug.cgi?id=642197
[ 13 ] Bug #639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775)
https://bugzilla.redhat.com/show_bug.cgi?id=639876
[ 14 ] Bug #639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692)
https://bugzilla.redhat.com/show_bug.cgi?id=639925
[ 15 ] Bug #642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)
https://bugzilla.redhat.com/show_bug.cgi?id=642215
--------------------------------------------------------------------------------
================================================================================
kernel-2.6.35.6-43.fc14 (FEDORA-2010-16307)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
Disable xhci by default (should be release noted.) Pass xhci.enable=1 to use it. Rational is that it breaks suspend yet still has not seen widespread adoption. Proper fix will come post-GA. Also fix device-mapper blocker issue, lirc update, and nouveau fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 Dave Jones <davej@xxxxxxxxxx> 2.6.35.6-43
- bump build.
* Wed Oct 13 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Disable XHCI registration by default. Passing xhci.enable=1 to the
kernel will enable it, as will
echo "options xhci-hcd enable=1" >/etc/modprobe.d/xhci.conf
This is necessary, because it is beginning to turn up on more and
more boards, and prevents suspend if the device is probed (since it
does not implement suspend handlers.)
Simply removing the module alias would work (and require you to
manually load the driver, like for floppy) however, there's a chance
people would like to install onto usb3 drives, so let's provide them
with an easy means to enable it (the grub cmdline.)
* Tue Oct 12 2010 Kyle McMartin <kyle@xxxxxxxxxx> 2.6.35.6-42
- Fix devicemapper UUID field cannot be assigned after map creation
(rhbz#641476) thanks pjones@.
* Mon Oct 11 2010 Jarod Wilson <jarod@xxxxxxxxxx> 2.6.35.6-40
- update imon driver to fix issues with key releases and properly
auto-configure another 0xffdc device (VFD + MCE IR)
- add new nuvoton-cir driver (for integrated IR in ASRock ION 330HT)
- add lirc compat ioctl portability fixups
* Mon Oct 11 2010 Ben Skeggs <bskeggs@xxxxxxxxxx>
- fix ttm bug that can cause nouveau to crash
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #641476 - devicemapper UUID field cannot be assigned after map creation
https://bugzilla.redhat.com/show_bug.cgi?id=641476
--------------------------------------------------------------------------------
================================================================================
mesa-7.9-1.fc14 (FEDORA-2010-16305)
Mesa graphics libraries
--------------------------------------------------------------------------------
Update Information:
This updates mesa to the final 7.9 release package + bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Dave Airlie <airlied@xxxxxxxxxx> 7.9-1
- 7.9 branch post release + fixes
* Tue Oct 5 2010 jkeating - 7.9-0.8.1
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #625894 - kwin freezes when changing related settings in systemsettings while compositing is active
https://bugzilla.redhat.com/show_bug.cgi?id=625894
--------------------------------------------------------------------------------
================================================================================
mpich2-1.2.1p1-10.fc14 (FEDORA-2010-16169)
A high-performance implementation of MPI
--------------------------------------------------------------------------------
Update Information:
Set PYTHONPATH in the module file, and
Resolve undefined symbols in libmpichcxx.so
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 Deji Akingunola <dakingun@xxxxxxxxx> - 1.2.1p1-10
- Resolve undefined symbols in the mpichcxx library.
* Mon Oct 11 2010 Deji Akingunola <dakingun@xxxxxxxxx> - 1.2.1p1-9
- Set PYTHONPATH in the module file.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #635742 - external program cannot find mpi4py
https://bugzilla.redhat.com/show_bug.cgi?id=635742
--------------------------------------------------------------------------------
================================================================================
ocsinventory-agent-1.1.2.1-1.fc14 (FEDORA-2010-16314)
Open Computer and Software Inventory Next Generation client
--------------------------------------------------------------------------------
Update Information:
* security update for CVE-2009-0667
http://bugs.debian.org/590879
http://www.debian.org/security/2009/dsa-1828
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 1.1.2.1-1
- security update for CVE-2009-0667
http://bugs.debian.org/590879
http://www.debian.org/security/2009/dsa-1828
- remove perl-XML-SAX optional dep, which is broken on EL5
and cause overload when installed on the OCS server
--------------------------------------------------------------------------------
================================================================================
plymouth-0.8.4-0.20100823.5.fc14 (FEDORA-2010-16313)
Graphical Boot Animation and Logger
--------------------------------------------------------------------------------
Update Information:
This update make fix password caching with serial consoles.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 Ray Strode <rstrode@xxxxxxxxxx> 0.8.4-0.20100823.5
- Fix serial console crash.
Related: #642699
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642699 - Booting a system with multiple encrypted devices over serial console, prompts for passphrase multiple times
https://bugzilla.redhat.com/show_bug.cgi?id=642699
--------------------------------------------------------------------------------
================================================================================
pungi-2.1.3-1.fc14 (FEDORA-2010-16319)
Distribution compose tool
--------------------------------------------------------------------------------
Update Information:
Force LVM to show up on first piece of split media
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 Jesse Keating <jkeating@xxxxxxxxxx> - 2.1.3-1
- Fix a pkgorder issue
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642557 - after a split-media install, system fails to boot
https://bugzilla.redhat.com/show_bug.cgi?id=642557
--------------------------------------------------------------------------------
================================================================================
rubygem-authlogic-2.1.6-4.fc14 (FEDORA-2010-16318)
A clean, simple, and unobtrusive ruby authentication solution
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #621015 - Review Request: rubygem-authlogic - A simple ruby authentication solution
https://bugzilla.redhat.com/show_bug.cgi?id=621015
--------------------------------------------------------------------------------
================================================================================
rubygem-rb-inotify-0.8.1-2.fc14 (FEDORA-2010-16306)
A Ruby wrapper for Linux's inotify, using FFI
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #639991 - Review Request: rubygem-rb-inotify - A Ruby wrapper for Linux's inotify, using FFI
https://bugzilla.redhat.com/show_bug.cgi?id=639991
--------------------------------------------------------------------------------
================================================================================
rubygem-simple-navigation-3.0.0-3.fc14 (FEDORA-2010-16316)
Ruby library for creating navigation for your Rails2 or Sinatra application
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #639619 - Review Request: rubygem-simple-navigation - Ruby library for creating navigation for your Rails2 or Sinatra application
https://bugzilla.redhat.com/show_bug.cgi?id=639619
--------------------------------------------------------------------------------
================================================================================
spin-kickstarts-0.14.3-2.fc14 (FEDORA-2010-16320)
Kickstart files and templates for creating your own Fedora Spins
--------------------------------------------------------------------------------
Update Information:
Switch back to using $basearch which is currently supported by livecd-creator. ($releasever won't be supported until livecd-tools-035 is released.)
This is the version for the GA release. (Assuming no emergency changes are needed in the ks files.)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Bruno Wolff III <bruno@xxxxxxxx> 0.14.3-2
- Switch back to using $basearch as it looks like we still have time.
* Tue Oct 12 2010 Bruno Wolff III <bruno@xxxxxxxx> 0.14.3-1
- Version to appear on final release media unless something is badly broken.
--------------------------------------------------------------------------------
================================================================================
sugar-physics-7-1.fc14 (FEDORA-2010-16302)
A physical world simulator and playground for Sugar
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Peter Robinson <pbrobinson@xxxxxxxxx> - 7-1
- New 7 release
--------------------------------------------------------------------------------
================================================================================
sugar-turtleart-100-1.fc14 (FEDORA-2010-16304)
Turtle Art activity for sugar
--------------------------------------------------------------------------------
Update Information:
New v100 release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Peter Robinson <pbrobinson@xxxxxxxxx> - 100-1
- New 100 release
--------------------------------------------------------------------------------
================================================================================
ykpers-1.3.4-1.fc14 (FEDORA-2010-16301)
Yubikey personalization program
--------------------------------------------------------------------------------
Update Information:
Update to upstream bugfix release 1.3.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2010 - Maxim Burgerhout <maxim@xxxxxxxxx> - 1.3.4-1
- Version bump
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
