Fedora 13 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/clamav-0.96.3-1400.fc13
    https://admin.fedoraproject.org/updates/tomcat6-6.0.26-11.fc13
    https://admin.fedoraproject.org/updates/ocsinventory-agent-1.1.2.1-1.fc13
    https://admin.fedoraproject.org/updates/sepostgresql-9.0.0-20101005.fc13
    https://admin.fedoraproject.org/updates/sepostgresql-9.0.1-20101007.fc13
    https://admin.fedoraproject.org/updates/perl-libwww-perl-5.837-2.fc13
    https://admin.fedoraproject.org/updates/apr-util-1.3.10-1.fc13
    https://admin.fedoraproject.org/updates/subversion-1.6.13-1.fc13
    https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc13
    https://admin.fedoraproject.org/updates/xulrunner-1.9.2.11-1.fc13,firefox-3.6.11-1.fc13,galeon-2.0.7-34.fc13,gnome-python2-extras-2.25.3-23.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.18,gnome-web-photo-0.9-13.fc13,mozvoikko-1.0-15.fc13
    https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13
    https://admin.fedoraproject.org/updates/glibc-2.12.1-3


The following builds have been pushed to Fedora 13 updates-testing

    NetworkManager-0.8.1-9.git20100831.fc13
    anyremote-5.3-1.fc13
    cbrpager-0.9.22-1.fc13
    chkrootkit-0.49-2.fc13
    clustershell-1.3.3-1.fc13
    clutter-sharp-0-0.8.20090828.fc13
    dwm-5.8.2-4.fc13
    emacs-mew-6.3-2.fc13
    firefox-3.6.11-1.fc13
    freeradius-2.1.10-1.fc13
    galeon-2.0.7-34.fc13
    gegl-0.1.2-4.fc13
    gio-sharp-0.2-2.fc13
    gkeyfile-sharp-0.1-3.fc13
    glibc-2.12.1-3
    gnome-python2-extras-2.25.3-23.fc13
    gnome-web-photo-0.9-13.fc13
    gnupg-1.4.11-1.fc13
    gnupg-1.4.11-2.fc13
    gparted-0.6.4-1.fc13
    gudev-sharp-0.1-3.fc13
    horde-3.3.9-1.fc13
    hplip-3.10.9-2.fc13
    kernel-2.6.34.7-61.fc13
    kobo-0.3.1-1.fc13
    konversation-1.3.1-2.fc13
    ktorrent-4.0.4-1.fc13
    libktorrent-1.0.4-1.fc13
    mock-1.1.6-1.fc13
    mozvoikko-1.0-15.fc13
    openmpi-1.4.3-1.fc13
    patcher-0.6-3.fc13
    perl-Gtk2-MozEmbed-0.08-6.fc13.18
    petit-1.0.3-1.fc13
    redis-2.0.3-1.fc13
    rubygem-factory_girl-1.3.2-3.fc13
    rubygem-typhoeus-0.1.31-3.fc13
    tigase-server-5.0.4-1.fc13
    tigase-utils-3.3.10-1.fc13
    tigase-xmltools-3.3.5-1.fc13
    xulrunner-1.9.2.11-1.fc13

Details about builds:


================================================================================
 NetworkManager-0.8.1-9.git20100831.fc13 (FEDORA-2010-16571)
 Network connection manager and user applications
--------------------------------------------------------------------------------
Update Information:

This update fixes an issue where NetworkManager would not be told by pm-utils to wake up after resuming from suspend or hibernate.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 15 2010 Dan Williams <dcbw@xxxxxxxxxx> - 0.8.1-9
- core: fix suspend/resume regression (rh #638640)
- core: fix issue causing some nmcli requests to be ignored
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #638640 - REGRESSION: NetworkManager disables networking everytime i suspend to RAM and won't re-enable
        https://bugzilla.redhat.com/show_bug.cgi?id=638640
--------------------------------------------------------------------------------


================================================================================
 anyremote-5.3-1.fc13 (FEDORA-2010-16584)
 Remote control through bluetooth or IR connection
--------------------------------------------------------------------------------
Update Information:



--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Mikhail Fedotov <anyremote at mail.ru> - 5.3
- Support volume control through PulseAudio. Added configuration files for Miro player,
  MPRIS-compatible players. Some fixes in configuration files.
* Wed Aug 25 2010 Mikhail Fedotov <anyremote at mail.ru> - 5.2
- Enhanced support for Get(password) command. Properly handle ampersand in file
  names.
--------------------------------------------------------------------------------


================================================================================
 cbrpager-0.9.22-1.fc13 (FEDORA-2010-16579)
 Simple comic book pager for Linux
--------------------------------------------------------------------------------
Update Information:

New version 0.9.22 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 21 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 0.9.22-1
- 0.9.22
--------------------------------------------------------------------------------


================================================================================
 chkrootkit-0.49-2.fc13 (FEDORA-2010-16591)
 Tool to locally check for signs of a rootkit
--------------------------------------------------------------------------------
Update Information:

Fixes segfault and stack smashing.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Jon Ciesla <limb@xxxxxxxxxxxx> 0.49-2
- Updated outofbounds patch, BZ 577979 and 626067.
* Thu Mar 18 2010 Jon Ciesla <limb@xxxxxxxxxxxx> 0.49-1
- New upstream, including upstreamed patches.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #577979 - [abrt] crash in chkrootkit-0.48-14.fc12: Process /usr/lib64/chkrootkit-0.48/chkutmp was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=577979
  [ 2 ] Bug #626067 - Chkrootkit - "Stack Smashing"
        https://bugzilla.redhat.com/show_bug.cgi?id=626067
--------------------------------------------------------------------------------


================================================================================
 clustershell-1.3.3-1.fc13 (FEDORA-2010-16575)
 Python framework for efficient cluster administration
--------------------------------------------------------------------------------
Update Information:

Update release to 1.3.3. Minor bug fixed and improved documentation.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 20 2010 Stephane Thiell <stephane.thiell@xxxxxx> 1.3.3-1
- update to 1.3.3
--------------------------------------------------------------------------------


================================================================================
 clutter-sharp-0-0.8.20090828.fc13 (FEDORA-2010-16585)
 C#/.NET bindings to Clutter
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 18 2010 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 0-0.8.20090828
- Fix libdir path in %{_libdir}/pkgconfig/*.pc
--------------------------------------------------------------------------------


================================================================================
 dwm-5.8.2-4.fc13 (FEDORA-2010-16566)
 Dynamic window manager for X
--------------------------------------------------------------------------------
Update Information:

dwm(1) Fedora Notes update
--------------------------------------------------------------------------------


================================================================================
 emacs-mew-6.3-2.fc13 (FEDORA-2010-16580)
 Email client for GNU Emacs
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Akira TAGOH <tagoh@xxxxxxxxxx> - 6.3-2
- Add the icon path to image-load-path to display the icons on toolbar
  correctly. (#606772)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #606772 - Emacs-mew icons do not display in tool bar
        https://bugzilla.redhat.com/show_bug.cgi?id=606772
--------------------------------------------------------------------------------


================================================================================
 firefox-3.6.11-1.fc13 (FEDORA-2010-16593)
 Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.6.11-1
- Update to 3.6.11
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642275
  [ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
  [ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------


================================================================================
 freeradius-2.1.10-1.fc13 (FEDORA-2010-16564)
 High-performance and highly configurable free RADIUS server
--------------------------------------------------------------------------------
Update Information:

Upgrade to latest upstream release (2.1.10)

See Changelog for bug fixes and new features.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 John Dennis <jdennis@xxxxxxxxxx> - 2.1.10-1
Feature improvements
  * Install the "radcrypt" program.
  * Enable radclient to send requests containing MS-CHAPv1
    Send packets with: MS-CHAP-Password = "password".  It will
    be automatically converted to the correct MS-CHAP attributes.
  * Added "-t" command-line option to radtest.  You can use "-t pap",
   "-t chap", "-t mschap", or "-t eap-md5".  The default is "-t pap"
  * Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120
    This change and the previous one makes PEAP testing much easier.
  * Added more documentation and examples for the "passwd" module.
  * Added dictionaries for RFC 5607 and RFC 5904.
  * Added note in proxy.conf that we recommend setting
    "require_message_authenticator = yes" for all home servers.
  * Added example of second "files" configuration, with documentation.
    This shows how and where to use two instances of a module.
  * Updated radsniff to have it write pcap files, too.  See '-w'.
  * Print out large WARNING message if we send an Access-Challenge
    for EAP, and receive no follow-up messages from the client.
  * Added Cached-Session-Policy for EAP session resumption.  See
    raddb/eap.conf.
  * Added support for TLS-Cert-* attributes. For details, see
    raddb/sites-available/default, "post-auth" section.
  * Added sample raddb/modules/{opendirectory,dynamic_clients}
  * Updated Cisco and Huawei, HP, Redback, and ERX dictionaries.
  * Added RFCs 5607, 5904, and 5997.
  * For EAP-TLS, client certificates can now be validated using an
    external command.  See eap.conf, "validate" subsection of "tls".
  * Made rlm_pap aware of {nthash} prefix, for compatibility with
    legacy RADIUS systems.
  * Add Module-Failure-Message for mschap module (ntlm_auth)
  * made rlm_sql_sqlite database configurable.  Use "filename"
    in sql{} section.
  * Added %{tolower: ...string ... }, which returns the lowercase
    version of the string.  Also added %{toupper: ... } for uppercase.

  Bug fixes
  * Fix endless loop when there are multiple sub-options for
    DHCP option 82.
  * More debug output when sending / receiving DHCP packets.
  * EAP-MSCHAPv2 should return the MPPE keys when used outside
    of a TLS tunnel.  This is needed for IKE.
  * Added SSL "no ticket" option to prevent SSL from creating sessions
    without IDs.  We need the IDs, so this option should be set.
  * Fix proxying of packets from inside a TTLS/PEAP tunnel.
    Closes bug #25.
  * Allow IPv6 address attributes to be created from domain names
    Closes bug #82.
  * Set the string length to the correct value when parsing double
    quotes.  Closes bug #88.
  * No longer look users up in /etc/passwd in the default configuration.
    This can be reverted by enabling "unix" in the "authorize" section.
  * More #ifdef's to enable building on systems without certain
    features.
  * Fixed SQL-Group comparison to register only if the group
    query is defined.
  * Fixed SQL-Group comparison to register <instance>-SQL-Group,
    just like rlm_ldap.  This lets you have multiple SQL group checks.
  * Fix scanning of octal numbers in "unlang".  Closes bug #89.
  * Be less aggressive about freeing "stuck" requests.  Closes bug #35.
  * Fix example in "originate-coa" to refer to the correct packet.
  * Change default timeout for dynamic clients to 1 hour, not 1 day.
  * Allow passwd module to map IP addresses, too.
  * Allow passwd module to be used for CoA packets
  * Put boot filename into DHCP header when DHCP-Boot-Filename
    is specified.
  * raddb/certs/Makefile no longer has certs depend on index.txt and
     serial.  Closes bug #64.
  * Ignore NULL errorcode in PostgreSQL client.  Closes bug #39
  * Made Exec-Program and Exec-Program-Wait work in accounting
    section again.  See sites-available/default.
  * Fix long-standing memory leak in esoteric conditions.  Found
    by Jerry Nichols.
  * Added "Password-With-Header == userPassword" to raddb/ldap.attrmap
    This will automatically convert more passwords.
  * Updated rlm_pap to decode Password-With-Header, if it was base64
    encoded, and to treat the contents as potentially binary data.
  * Fix Novell eDir code to use the right function parameters.
    Closes bug #86.
  * Allow spaces to be escaped when executing external programs.
    Closes bug #93.
  * Be less restrictive about checking permissions on control socket.
    If we're root, allow connecting to a non-root socket.
  * Remove control socket on normal server exit.  If the server isn't
    running, the control socket should not exist.
  * Use MS-CHAP-User-Name as Name field from EAP-MSCHAPv2 for MS-CHAP
    calculations.  It *MAY* be different (upper / lower case) from
    the User-Name attribute.  Closes bug #17.
  * If the EAP-TLS methods have problems, more SSL errors are now
    available in the Module-Failure-Message attribute.
  * Update Oracle configure scripts.  Closes bug #57.
  * Added text to DESC fields of doc/examples/openldap.schema
  * Updated more documentation to use "Restructured Text" format.
    Thanks to James Lockie.
  * Fixed typos in raddb/sql/mssql/dialup.conf.  Closes bug #11.
  * Return error for potential proxy loops when using "-XC"
  * Produce better error messages when slow databases block
    the server.
  * Added notes on DHCP broadcast packets for FreeBSD.
  * Fixed crash when parsing some date strings.  Closes bug #98
  * Improperly formatted Attributes are now printed as "Attr-##".
    If they are not correct, they should not use the dictionary name.
  * Fix rlm_digest to be check the format of the Digest attributes,
    and return "noop" rather than "fail" if they're not right.
  * Enable "digest" in raddb/sites-available/default.  This change
    enables digest authentication to work "out of the box".
  * Be less aggressive about marking home servers as zombie.
    If they are responding to some packets, they are still alive.
  * Added Packet-Transmit-Counter, to track detail file retransmits.
    Closes bug #13.
  * Added configure check for lt_dladvise_init().  If it exists, then
    using it solves some issues related to libraries loading libraries.
  * Added indexes to the MySQL IP Pool schema.
  * Print WARNING message if too many attributes are put into a packet.
  * Include dhcp test client (not built by default)
  * Added checks for LDAP constraint violation.  Closes bug #18.
  * Change default raddebug timeout to 60 seconds.
  * Made error / warning messages more consistent.
  * Correct back-slash handling in variable expansion.  Closes bug #46.
    You SHOULD check your configuration for backslash expansion!
  * Fix typo in "configure" script (--enable-libltdl-install)
  * Use local libltdl in more situations.  This helps to avoid
    compile issues complaining about lt__PROGRAM__LTX_preloaded_symbols.
  * Fix hang on startup when multiple home servers were defined
    with "src_ipaddr" field.
  * Fix 32/64 bit issue in rlm_ldap.  Closes bug #105.
  * If the first "listen" section defines 127.0.0.1, don't use that
    as a source IP for proxying.  It won't work.
  * When Proxy-To-Realm is set to a non-existent realm, the EAP module
    should handle the request, rather than expecting it to be proxied.
  * Fix IPv4 issues with udpfromto.  Closes bug #110.
  * Clean up child processes of raddebug.  Closes bugs #108 and #109
  * retry OTP if the OTP daemon fails.  Closes bug #58.
  * Multiple calls to ber_printf seem to work better.  Closes #106.
  * Fix "unlang" so that "attribute not found" is treated as a "false"
    comparison, rather than a syntax error in the configuration.
  * Fix issue with "Group" attribute.
* Sat Jul 31 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 2.1.9-3
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Tue Jun  1 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 2.1.9-2
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------


================================================================================
 galeon-2.0.7-34.fc13 (FEDORA-2010-16593)
 GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-34
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642275
  [ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
  [ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------


================================================================================
 gegl-0.1.2-4.fc13 (FEDORA-2010-16589)
 A graph based image processing framework
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Nils Philippsen <nils@xxxxxxxxxx> - 0.1.2-4
- don't leak "root" symbol which clashes with (equally broken) xvnkb input
  method (#642992)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642992 - [abrt] gimp-2:2.6.11-1.fc13: timing_find: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=642992
--------------------------------------------------------------------------------


================================================================================
 gio-sharp-0.2-2.fc13 (FEDORA-2010-16586)
 C# bindings for gio
--------------------------------------------------------------------------------


================================================================================
 gkeyfile-sharp-0.1-3.fc13 (FEDORA-2010-16586)
 C# bindings for glib2's keyfile implementation
--------------------------------------------------------------------------------


================================================================================
 glibc-2.12.1-3 (FEDORA-2010-16594)
 The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:

- Fix strstr and memmem algorithm (BZ#12092, #641124)
- Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version strncmp (BZ#12077)
- Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Andreas Schwab <schwab@xxxxxxxxxx> - 2.12.1-3
- Update from 2.12 branch
  - Fix strstr and memmem algorithm (BZ#12092, #641124)
  - Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version
    strncmp (BZ#12077)
- Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #643306 - CVE-2010-3847 glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs
        https://bugzilla.redhat.com/show_bug.cgi?id=643306
--------------------------------------------------------------------------------


================================================================================
 gnome-python2-extras-2.25.3-23.fc13 (FEDORA-2010-16593)
 Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.25.3-23
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642275
  [ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
  [ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------


================================================================================
 gnome-web-photo-0.9-13.fc13 (FEDORA-2010-16593)
 HTML pages thumbnailer
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.9-13
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642275
  [ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
  [ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------


================================================================================
 gnupg-1.4.11-1.fc13 (FEDORA-2010-16588)
 A GNU utility for secure communication and data storage
--------------------------------------------------------------------------------
Update Information:

Update to upstream v1.4.11
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Brian C. Lane <bcl@xxxxxxxxxx> 1.4.11-1
- New upstream v1.4.11
- Dropped patch gnupg-1.4.6-dir.patch, now in upstream
--------------------------------------------------------------------------------


================================================================================
 gnupg-1.4.11-2.fc13 (FEDORA-2010-16558)
 A GNU utility for secure communication and data storage
--------------------------------------------------------------------------------
Update Information:

- Added ownership of %dir %{_libexecdir}/gnupg (#644576)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 20 2010 Brian C. Lane <bcl@xxxxxxxxxx> 1.4.11-2
- Added ownership of %dir /usr/libexec/gnupg (#644576)
* Mon Oct 18 2010 Brian C. Lane <bcl@xxxxxxxxxx> 1.4.11-1
- New upstream v1.4.11
- Dropped patch gnupg-1.4.6-dir.patch, now in upstream
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #644576 - Unowned %{_libexecdir}/gnupg dir
        https://bugzilla.redhat.com/show_bug.cgi?id=644576
--------------------------------------------------------------------------------


================================================================================
 gparted-0.6.4-1.fc13 (FEDORA-2010-16559)
 Gnome Partition Editor
--------------------------------------------------------------------------------
Update Information:

Latest upstream stable update
--------------------------------------------------------------------------------
ChangeLog:

* Sun Oct 17 2010 Deji Akingunola <dakingun@xxxxxxxxx> - 0.6.4-1
- Update to version 0.6.4
--------------------------------------------------------------------------------


================================================================================
 gudev-sharp-0.1-3.fc13 (FEDORA-2010-16586)
 C# bindings for gudev
--------------------------------------------------------------------------------


================================================================================
 horde-3.3.9-1.fc13 (FEDORA-2010-16555)
 The common framework for all Horde applications
--------------------------------------------------------------------------------
Update Information:

Fix 2 security bugs by upgrading to 3.3.9
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 3.3.9-1
- Upgrade to 3.3.9
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #630687 - CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9
        https://bugzilla.redhat.com/show_bug.cgi?id=630687
--------------------------------------------------------------------------------


================================================================================
 hplip-3.10.9-2.fc13 (FEDORA-2010-15738)
 HP Linux Imaging and Printing Project
--------------------------------------------------------------------------------
Update Information:

New upstream release. Adds support for new printers and fixes several bugs.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 14 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.10.9-2
- Fixed utils.addgroup() to return array instead of string (bug #642771).
* Mon Oct  4 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.10.9-1
- 3.10.9.
* Wed Sep 22 2010 Tim Waugh <twaugh@xxxxxxxxxx>
- More fixes from package review:
  - Avoided another macro in comment.
  - Use python_sitearch macro throughout.
* Mon Sep 20 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.10.6-5
- Increased timeouts for curl, wget, ping for high latency networks (bug #635388).
* Wed Sep 15 2010 Tim Waugh <twaugh@xxxxxxxxxx>
- Fixes from package review:
  - Main package and hpijs sub-package require cups for directories.
  - The common sub-package requires udev for directories.
  - The libs sub-package requires python for directories.
  - Avoided macro in comment.
  - The lib sub-package now runs ldconfig for post/postun.
  - Use python_sitearch macro.
* Mon Sep 13 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.10.6-4
- Added IEEE 1284 Device ID for HP LaserJet 4000 (bug #633227).
* Fri Aug 20 2010 Tim Waugh <twaugh@xxxxxxxxxx> - 3.10.6-3
- Added another SNMP quirk for an OfficeJet Pro 8500 variant.
* Thu Aug 12 2010 Tim Waugh <twaugh@xxxxxxxxxx> - 3.10.6-2
- Use correct fax PPD name for Qt3 UI.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #633227 - Missing Device ID for HP Laserjet 4000
        https://bugzilla.redhat.com/show_bug.cgi?id=633227
  [ 2 ] Bug #635388 - hp-setup times out too early when downloading plugin
        https://bugzilla.redhat.com/show_bug.cgi?id=635388
  [ 3 ] Bug #642771 - [abrt] hplip-3.10.9-1.fc14: utils.py:89:list_to_string:AttributeError: 'str' object has no attribute 'pop'
        https://bugzilla.redhat.com/show_bug.cgi?id=642771
--------------------------------------------------------------------------------


================================================================================
 kernel-2.6.34.7-61.fc13 (FEDORA-2010-16595)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:

Low impact kernel bug fixes. Work around DMAR issues on broken Ricoh PCI card readers.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Kyle McMartin <kyle@xxxxxxxxxx> 2.6.34.7-61
- Add Ricoh e822 support. (rhbz#596475) Thanks to sgruszka@ for
  sending the patches in.
* Mon Oct 18 2010 Kyle McMartin <kyle@xxxxxxxxxx> 2.6.34.7-60
- Quirk to disable DMAR with Ricoh card reader/firewire. (rhbz#605888)
* Mon Oct 18 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Two networking fixes (skge, r8169) from sgruska. (rhbz#447489,629158)
* Thu Oct 14 2010 Neil Horman <nhorman@xxxxxxxxxx>
- Fix rcu warning in twsock_net (bz 642905)
* Wed Oct  6 2010 Neil Horman <nhorman@xxxxxxxxxx>
- Fix WARN_ON when you try to create an exiting bond in bond_masters
* Thu Sep 30 2010 Chuck Ebbert <cebbert@xxxxxxxxxx>
- CVE-2010-3432: sctp-do-not-reset-the-packet-during-sctp_packet_config.patch
* Thu Sep 30 2010 Ben Skeggs <bskeggs@xxxxxxxxxx> 2.6.34.7-59
- nouveau: fix theoretical race condition that could be responsible for
  certain random hangs that have been reported.
* Mon Sep 27 2010 Ben Skeggs <bskeggs@xxxxxxxxxx> 2.6.34.7-58
- nouveau: better handling of certain GPU errors
* Fri Sep 24 2010 Chuck Ebbert <cebbert@xxxxxxxxxx>
- Fix typo in previous Xen fix that causes boot failure.
* Wed Sep 22 2010 Chuck Ebbert <cebbert@xxxxxxxxxx>
- Copy two Xen fixes from 2.6.35-stable for RHBZ#636534
* Tue Sep 21 2010 Chuck Ebbert <cebbert@xxxxxxxxxx>
- Fix RHBZ #633037, Process user time incorrectly accounted as system time
* Mon Sep 20 2010 Chuck Ebbert <cebbert@xxxxxxxxxx>
- Fix AGP aperture size detection on Intel G33/Q35 chipsets (#629203)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #596475 - ricoh e822 sdhci device not working
        https://bugzilla.redhat.com/show_bug.cgi?id=596475
  [ 2 ] Bug #605888 - Ricoh multifunction device fills log with error messages when DMAR is enabled
        https://bugzilla.redhat.com/show_bug.cgi?id=605888
  [ 3 ] Bug #447489 - [x86-64] No network with 4GB RAM support
        https://bugzilla.redhat.com/show_bug.cgi?id=447489
  [ 4 ] Bug #629158 - Network adapter "disappears" after resuming from acpi suspend
        https://bugzilla.redhat.com/show_bug.cgi?id=629158
  [ 5 ] Bug #642905 - include/net/inet_timewait_sock.h:227 invoked rcu_dereference_check() without protection!
        https://bugzilla.redhat.com/show_bug.cgi?id=642905
  [ 6 ] Bug #604630 - Loading bonding module causes a WARNING oops
        https://bugzilla.redhat.com/show_bug.cgi?id=604630
--------------------------------------------------------------------------------


================================================================================
 kobo-0.3.1-1.fc13 (FEDORA-2010-16581)
 Python modules for tools development
--------------------------------------------------------------------------------
Update Information:

bump to new upstream version
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Daniel Mach <dmach@xxxxxxxxxx> - 0.3.1-1
- Add help-admin command to display help for admin commands. (Daniel Mach)
- Add config parser support for glob matching on dict keys. (Tomas Kopecek)
- Implement timeout support in xmlrpc transports. (Daniel Mach)
- Improve kobo.xmlrpc.CookieTransport to work with python 2.7 as well. (Daniel Mach)
- Add kobo-admin utility. (Martin Bukatovic)
- Add missing HttpResponseForbidden import to kobo.hub.views. (Daniel Mach)
- Fix bug in "Show only my tasks" search option on Tasks page. (Daniel Mach)
--------------------------------------------------------------------------------


================================================================================
 konversation-1.3.1-2.fc13 (FEDORA-2010-16596)
 A user friendly IRC client
--------------------------------------------------------------------------------
Update Information:

Fixed scrolling background
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 1.3.1-2
- added patch to fix scrolling background
--------------------------------------------------------------------------------


================================================================================
 ktorrent-4.0.4-1.fc13 (FEDORA-2010-16553)
 A BitTorrent program
--------------------------------------------------------------------------------
Update Information:

KTorrent 4.0.4

Fixed several minor things, and improved the performance when there are many torrents.

libktorrent-1.0.4

Fixed a deadlock and a crash in the ÂTP protocol code.

See http://ktorrent.org/?q=node/46
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 4.0.4-1
- ktorrent-4.0.4
--------------------------------------------------------------------------------


================================================================================
 libktorrent-1.0.4-1.fc13 (FEDORA-2010-16553)
 Library providing torrent downloading code
--------------------------------------------------------------------------------
Update Information:

KTorrent 4.0.4

Fixed several minor things, and improved the performance when there are many torrents.

libktorrent-1.0.4

Fixed a deadlock and a crash in the ÂTP protocol code.

See http://ktorrent.org/?q=node/46
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.0.4-1
- libktorrent-1.0.4
--------------------------------------------------------------------------------


================================================================================
 mock-1.1.6-1.fc13 (FEDORA-2010-16552)
 Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:

This update addresses multiple issues seen with the new selinux plugin
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 14 2010 Clark Williams <williams@xxxxxxxxxx> - 1.1.6-1
- replace call to perl with native python edit function
- change permissions of selinux plugin 'filesystems' file
- from Ville Skyttà <ville.skytta@xxxxxx>:
  - Find out completions for --*-plugin dynamically
  - Keep $COLUMNS in consolehelper environment for --help formatting
  - Document --scrub, --enable-plugin, and --disable-plugin
  - Fix option name in --enable-plugin/--disable-plugin error string
  - Add --scrub completion
  - Complete on *.spm (*.src.rpm are sometimes named like that e.g. in SUSE)
  - Fix buildsrpm() docstring
  - Error message improvements
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #573111 - Mock environment needs to fake chroot into thinking SELinux is disabled.
        https://bugzilla.redhat.com/show_bug.cgi?id=573111
  [ 2 ] Bug #629041 - selinux plugin expects that yum cache directory exists
        https://bugzilla.redhat.com/show_bug.cgi?id=629041
  [ 3 ] Bug #630479 - rebuilds fail with ""execmod" access" errors from SELinux
        https://bugzilla.redhat.com/show_bug.cgi?id=630479
  [ 4 ] Bug #637555 - Mock selinux plugin creates /proc/filesystems with incorrect permissions
        https://bugzilla.redhat.com/show_bug.cgi?id=637555
  [ 5 ] Bug #642051 - Xvfb SELinux issues in mock
        https://bugzilla.redhat.com/show_bug.cgi?id=642051
--------------------------------------------------------------------------------


================================================================================
 mozvoikko-1.0-15.fc13 (FEDORA-2010-16593)
 Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-15
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642275
  [ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
  [ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------


================================================================================
 openmpi-1.4.3-1.fc13 (FEDORA-2010-16557)
 Open Message Passing Interface
--------------------------------------------------------------------------------
Update Information:

Upgrade to 1.4.3 and add MANPATH to openmpi module file.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 20 2010 Jay Fenlason <fenlason@xxxxxxxxxx> - 1.4.3-1
- update module.in to set MANPATH
- upgrade to 1.4.3
--------------------------------------------------------------------------------


================================================================================
 patcher-0.6-3.fc13 (FEDORA-2010-16587)
 Quick creation of patches against a project source tree
--------------------------------------------------------------------------------
Update Information:

Initial import.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #578135 - Review Request: patcher - Quick creation of patches against a project source tree
        https://bugzilla.redhat.com/show_bug.cgi?id=578135
--------------------------------------------------------------------------------


================================================================================
 perl-Gtk2-MozEmbed-0.08-6.fc13.18 (FEDORA-2010-16593)
 Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.08-6.18
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642275
  [ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
  [ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------


================================================================================
 petit-1.0.3-1.fc13 (FEDORA-2010-16583)
 Log analysis tool for syslog, Apache and raw log files
--------------------------------------------------------------------------------
Update Information:

new upstream version
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------


================================================================================
 redis-2.0.3-1.fc13 (FEDORA-2010-16573)
 A persistent key-value database
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #619237 - Review Request: redis - A persistent key-value database
        https://bugzilla.redhat.com/show_bug.cgi?id=619237
--------------------------------------------------------------------------------


================================================================================
 rubygem-factory_girl-1.3.2-3.fc13 (FEDORA-2010-16560)
 Framework and DSL for defining and using model instance factories
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #640627 - Review Request: rubygem-factory_girl - Framework and DSL for defining and using model instance factories
        https://bugzilla.redhat.com/show_bug.cgi?id=640627
--------------------------------------------------------------------------------


================================================================================
 rubygem-typhoeus-0.1.31-3.fc13 (FEDORA-2010-16561)
 A library for interacting with web services at blinding speed
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #641295 - Review Request: rubygem-typhoeus - A library for interacting with web services at blinding speed
        https://bugzilla.redhat.com/show_bug.cgi?id=641295
--------------------------------------------------------------------------------


================================================================================
 tigase-server-5.0.4-1.fc13 (FEDORA-2010-16562)
 Tigase Server
--------------------------------------------------------------------------------
Update Information:

Stabilizing on the released version.
--------------------------------------------------------------------------------


================================================================================
 tigase-utils-3.3.10-1.fc13 (FEDORA-2010-16574)
 Tigase Utils
--------------------------------------------------------------------------------
Update Information:

New upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 MatÄj Cepl <mcepl@xxxxxxxxxx> - 3.3.10-1
- New upstream release.
--------------------------------------------------------------------------------


================================================================================
 tigase-xmltools-3.3.5-1.fc13 (FEDORA-2010-16577)
 Tigase XML Tools
--------------------------------------------------------------------------------
Update Information:

New upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 MatÄj Cepl <mcepl@xxxxxxxxxx> - 3.3.5-1
- New upstream release.
--------------------------------------------------------------------------------


================================================================================
 xulrunner-1.9.2.11-1.fc13 (FEDORA-2010-16593)
 XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.9.2.11-1
- Update to 1.9.2.11
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642275
  [ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
  [ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux