The following Fedora 12 Security updates need testing:
https://admin.fedoraproject.org/updates/clamav-0.96.3-1200.fc12
https://admin.fedoraproject.org/updates/bzip2-1.0.6-1.fc12
https://admin.fedoraproject.org/updates/subversion-1.6.13-1.fc12.1
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-3.fc12
https://admin.fedoraproject.org/updates/gif2png-2.5.1-1202.fc12
https://admin.fedoraproject.org/updates/ocsinventory-agent-1.1.2.1-1.fc12
https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc12
https://admin.fedoraproject.org/updates/apr-util-1.3.10-1.fc12
https://admin.fedoraproject.org/updates/galeon-2.0.7-26.fc12,xulrunner-1.9.1.14-1.fc12,firefox-3.5.14-1.fc12,gnome-python2-extras-2.25.3-21.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.16,mozvoikko-1.0-13.fc12
https://admin.fedoraproject.org/updates/openldap-2.4.19-6.fc12
https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc12
https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12
The following builds have been pushed to Fedora 12 updates-testing
cbrpager-0.9.22-1.fc12
chkrootkit-0.49-2.fc12
clustershell-1.3.3-1.fc12
dwm-5.8.2-4.fc12
emacs-mew-6.3-2.fc12
firefox-3.5.14-1.fc12
galeon-2.0.7-26.fc12
gnome-python2-extras-2.25.3-21.fc12
horde-3.3.9-1.fc12
kernel-2.6.32.23-170.fc12
kobo-0.3.1-1.fc12
ktorrent-4.0.4-1.fc12
libktorrent-1.0.4-1.fc12
libtirpc-0.2.1-2.fc12
mock-1.0.13-1.fc12
mozvoikko-1.0-13.fc12
nfs-utils-1.2.1-6.fc12
perl-Gtk2-MozEmbed-0.08-6.fc12.16
petit-1.0.3-1.fc12
policycoreutils-2.0.82-5.fc12
xulrunner-1.9.1.14-1.fc12
Details about builds:
================================================================================
cbrpager-0.9.22-1.fc12 (FEDORA-2010-16576)
Simple comic book pager for Linux
--------------------------------------------------------------------------------
Update Information:
New version 0.9.22 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 0.9.22-1
- 0.9.22
--------------------------------------------------------------------------------
================================================================================
chkrootkit-0.49-2.fc12 (FEDORA-2010-16568)
Tool to locally check for signs of a rootkit
--------------------------------------------------------------------------------
Update Information:
Fixes segfault and stack smashing.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Jon Ciesla <limb@xxxxxxxxxxxx> 0.49-2
- Updated outofbounds patch, BZ 577979 and 626067.
* Thu Mar 18 2010 Jon Ciesla <limb@xxxxxxxxxxxx> 0.49-1
- New upstream, including upstreamed patches.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #577979 - [abrt] crash in chkrootkit-0.48-14.fc12: Process /usr/lib64/chkrootkit-0.48/chkutmp was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=577979
[ 2 ] Bug #626067 - Chkrootkit - "Stack Smashing"
https://bugzilla.redhat.com/show_bug.cgi?id=626067
--------------------------------------------------------------------------------
================================================================================
clustershell-1.3.3-1.fc12 (FEDORA-2010-16556)
Python framework for efficient cluster administration
--------------------------------------------------------------------------------
Update Information:
Update release to 1.3.3. Minor bug fixed and improved documentation.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2010 Stephane Thiell <stephane.thiell@xxxxxx> 1.3.3-1
- update to 1.3.3
--------------------------------------------------------------------------------
================================================================================
dwm-5.8.2-4.fc12 (FEDORA-2010-16597)
Dynamic window manager for X
--------------------------------------------------------------------------------
Update Information:
dwm(1) Fedora Notes update
--------------------------------------------------------------------------------
================================================================================
emacs-mew-6.3-2.fc12 (FEDORA-2010-16578)
Email client for GNU Emacs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Akira TAGOH <tagoh@xxxxxxxxxx> - 6.3-2
- Add the icon path to image-load-path to display the icons on toolbar
correctly. (#606772)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #606772 - Emacs-mew icons do not display in tool bar
https://bugzilla.redhat.com/show_bug.cgi?id=606772
--------------------------------------------------------------------------------
================================================================================
firefox-3.5.14-1.fc12 (FEDORA-2010-16554)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.5.14-1
- Update to 3.5.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------
================================================================================
galeon-2.0.7-26.fc12 (FEDORA-2010-16554)
GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-26
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------
================================================================================
gnome-python2-extras-2.25.3-21.fc12 (FEDORA-2010-16554)
Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.25.3-21
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------
================================================================================
horde-3.3.9-1.fc12 (FEDORA-2010-16592)
The common framework for all Horde applications
--------------------------------------------------------------------------------
Update Information:
Fix 2 security bugs by upgrading to 3.3.9
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 3.3.9-1
- Upgrade to 3.3.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #630687 - CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9
https://bugzilla.redhat.com/show_bug.cgi?id=630687
--------------------------------------------------------------------------------
================================================================================
kernel-2.6.32.23-170.fc12 (FEDORA-2010-16565)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
Two bug fixes for networking drivers (skge and r8169) and add support for Ricoh e822 card readers.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 27 2010 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.32.23-170
- Linux 2.6.32.23
- Drop merged patches:
aio-check-for-multiplication-overflow-in-do_io_submit.patch
inotify-fix-inotify-oneshot-support.patch
inotify-send-IN_UNMOUNT-events.patch
irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch
keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch
keys-fix-rcu-no-lock-warning-in-keyctl_session_to_parent.patch
- Fix typo in Xen patch from 2.6.32.22.
* Mon Sep 20 2010 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.32.22-169
- Linux 2.6.32.22
- Drop merged patches:
01-compat-make-compat_alloc_user_space-incorporate-the-access_ok-check.patch
02-compat-test-rax-for-the-system-call-number-not-eax.patch
03-compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch
hid-01-usbhid-initialize-interface-pointers-early-enough.patch
hid-02-fix-suspend-crash-by-moving-initializations-earlier.patch
alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch
tracing-do-not-allow-llseek-to-set_ftrace_filter.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #447489 - [x86-64] No network with 4GB RAM support
https://bugzilla.redhat.com/show_bug.cgi?id=447489
[ 2 ] Bug #629158 - Network adapter "disappears" after resuming from acpi suspend
https://bugzilla.redhat.com/show_bug.cgi?id=629158
[ 3 ] Bug #596475 - ricoh e822 sdhci device not working
https://bugzilla.redhat.com/show_bug.cgi?id=596475
--------------------------------------------------------------------------------
================================================================================
kobo-0.3.1-1.fc12 (FEDORA-2010-16563)
Python modules for tools development
--------------------------------------------------------------------------------
Update Information:
bump to new upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Daniel Mach <dmach@xxxxxxxxxx> - 0.3.1-1
- Add help-admin command to display help for admin commands. (Daniel Mach)
- Add config parser support for glob matching on dict keys. (Tomas Kopecek)
- Implement timeout support in xmlrpc transports. (Daniel Mach)
- Improve kobo.xmlrpc.CookieTransport to work with python 2.7 as well. (Daniel Mach)
- Add kobo-admin utility. (Martin Bukatovic)
- Add missing HttpResponseForbidden import to kobo.hub.views. (Daniel Mach)
- Fix bug in "Show only my tasks" search option on Tasks page. (Daniel Mach)
--------------------------------------------------------------------------------
================================================================================
ktorrent-4.0.4-1.fc12 (FEDORA-2010-16567)
A BitTorrent program
--------------------------------------------------------------------------------
Update Information:
KTorrent 4.0.4
Fixed several minor things, and improved the performance when there are many torrents.
libktorrent-1.0.4
Fixed a deadlock and a crash in the ÂTP protocol code.
See http://ktorrent.org/?q=node/46
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 4.0.4-1
- ktorrent-4.0.4
--------------------------------------------------------------------------------
================================================================================
libktorrent-1.0.4-1.fc12 (FEDORA-2010-16567)
Library providing torrent downloading code
--------------------------------------------------------------------------------
Update Information:
KTorrent 4.0.4
Fixed several minor things, and improved the performance when there are many torrents.
libktorrent-1.0.4
Fixed a deadlock and a crash in the ÂTP protocol code.
See http://ktorrent.org/?q=node/46
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.0.4-1
- libktorrent-1.0.4
--------------------------------------------------------------------------------
================================================================================
libtirpc-0.2.1-2.fc12 (FEDORA-2010-16572)
Transport Independent RPC Library
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2010 Steve Dickson <steved@xxxxxxxxxx> 0.2.1-2
- Updated latest RC release: libtirpc-0-2-2-rc2
automount with nis maps crashes randomly (bz 621387)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #621387 - automount with nis maps crashes randomly
https://bugzilla.redhat.com/show_bug.cgi?id=621387
--------------------------------------------------------------------------------
================================================================================
mock-1.0.13-1.fc12 (FEDORA-2010-16570)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
This update addresses multiple issues seen with the new selinux plugin
create empty /var/log/{last,fail}log in chroot rather than copy in possible large sparse file from host filesystem
make sure that both --spec and --sources are specified when the --buildsrpm option is used
use rpm module function compareEVR to compare kernel versions (string comparison doesn't work).
change selinux plugin to use tmp directory for faux /proc/filesystems file, rather than cachedir (which may not exist)
fix a typo in exception.py
Added Alan Franzoni's umountall modifications
- run update after unpacking root cache
- clean up noarch builds
- fix selinux plugin issue
- fix repeated calls to umount
- clean up i585 target fix
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
create empty /var/log/{last,fail}log in chroot rather than copy in possible large sparse file from host filesystem
make sure that both --spec and --sources are specified when the --buildsrpm option is used
use rpm module function compareEVR to compare kernel versions (string comparison doesn't work).
change selinux plugin to use tmp directory for faux /proc/filesystems file, rather than cachedir (which may not exist)
fix a typo in exception.py
Added Alan Franzoni's umountall modifications
- run update after unpacking root cache
- clean up noarch builds
- fix selinux plugin issue
- fix repeated calls to umount
- clean up i585 target fix
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Clark Williams <williams@xxxxxxxxxx> - 1.0.13-1
- replace call to perl with native python edit function
- change permissions of selinux plugin 'filesystems' file
- from Ville Skyttà <ville.skytta@xxxxxx>:
- Find out completions for --*-plugin dynamically
- Keep $COLUMNS in consolehelper environment for --help formatting
- Document --scrub, --enable-plugin, and --disable-plugin
- Fix option name in --enable-plugin/--disable-plugin error string
- Add --scrub completion
- Complete on *.spm (*.src.rpm are sometimes named like that e.g. in SUSE)
- Fix buildsrpm() docstring
- Error message improvements
* Fri Sep 17 2010 Clark Williams <williams@xxxxxxxxxx> - 1.0.12-1
- add cmpKernelEVR function to compare kernel versions (BZ# 526414)
- added commandline argument checking for --buildsrpm (BZ# 605800)
- create empty faillog and lastlog in <chroot>/var/log (BZ# 585973 & 633435)
- changed copyin/copyout prints from debug to info
- from Alan Franzoni <mailing@xxxxxxxxxxx>:
- reworked the root object _umountall() method
- fix epel4 chroot cleanup and umountall issue
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #573111 - Mock environment needs to fake chroot into thinking SELinux is disabled.
https://bugzilla.redhat.com/show_bug.cgi?id=573111
[ 2 ] Bug #629041 - selinux plugin expects that yum cache directory exists
https://bugzilla.redhat.com/show_bug.cgi?id=629041
[ 3 ] Bug #630479 - rebuilds fail with ""execmod" access" errors from SELinux
https://bugzilla.redhat.com/show_bug.cgi?id=630479
[ 4 ] Bug #637555 - Mock selinux plugin creates /proc/filesystems with incorrect permissions
https://bugzilla.redhat.com/show_bug.cgi?id=637555
[ 5 ] Bug #642051 - Xvfb SELinux issues in mock
https://bugzilla.redhat.com/show_bug.cgi?id=642051
[ 6 ] Bug #585973 - root cache fails to untar with <fail|last>log
https://bugzilla.redhat.com/show_bug.cgi?id=585973
[ 7 ] Bug #633435 - /var/log/lastlog and /var/log/faillog included in cache.tar.gz
https://bugzilla.redhat.com/show_bug.cgi?id=633435
[ 8 ] Bug #605800 - TypeError when using --buildsrpm
https://bugzilla.redhat.com/show_bug.cgi?id=605800
[ 9 ] Bug #526414 - missing /dev/fd symlink causes some mock builds using it to fail
https://bugzilla.redhat.com/show_bug.cgi?id=526414
[ 10 ] Bug #622170 - Latest architecture patches broke noarch builds
https://bugzilla.redhat.com/show_bug.cgi?id=622170
[ 11 ] Bug #614440 - [PATCH] Get mock to turn off selinux within the chroot
https://bugzilla.redhat.com/show_bug.cgi?id=614440
[ 12 ] Bug #622544 - i586 target no more possible
https://bugzilla.redhat.com/show_bug.cgi?id=622544
[ 13 ] Bug #557526 - mock no longer runs yum update after unpacking root
https://bugzilla.redhat.com/show_bug.cgi?id=557526
[ 14 ] Bug #620143 - ERROR: pop from empty list
https://bugzilla.redhat.com/show_bug.cgi?id=620143
[ 15 ] Bug #620825 - Unmounts filesystems in wrong order, gives traceback
https://bugzilla.redhat.com/show_bug.cgi?id=620825
[ 16 ] Bug #619819 - Please ship fedora-14-*.cfg
https://bugzilla.redhat.com/show_bug.cgi?id=619819
[ 17 ] Bug #510409 - Mock not building SRPM
https://bugzilla.redhat.com/show_bug.cgi?id=510409
[ 18 ] Bug #600487 - site-defaults.cfg cites defaults.cfg fix
https://bugzilla.redhat.com/show_bug.cgi?id=600487
[ 19 ] Bug #607144 - mock -r epel-5-x86_64 --rebuild X.src.rpm is not working (dependencies problems?)
https://bugzilla.redhat.com/show_bug.cgi?id=607144
[ 20 ] Bug #570434 - 'man mock' does not tell user to add him or herself to group 'mock'
https://bugzilla.redhat.com/show_bug.cgi?id=570434
[ 21 ] Bug #450726 - No way to clean mock cache directory
https://bugzilla.redhat.com/show_bug.cgi?id=450726
[ 22 ] Bug #516355 - newest mock not working on RHEL5
https://bugzilla.redhat.com/show_bug.cgi?id=516355
[ 23 ] Bug #486555 - Need to be able to clean/disable yum cache
https://bugzilla.redhat.com/show_bug.cgi?id=486555
[ 24 ] Bug #522505 - --unpriv only works with --chroot
https://bugzilla.redhat.com/show_bug.cgi?id=522505
[ 25 ] Bug #593654 - mock/yum: IndexError: list index out of range
https://bugzilla.redhat.com/show_bug.cgi?id=593654
--------------------------------------------------------------------------------
================================================================================
mozvoikko-1.0-13.fc12 (FEDORA-2010-16554)
Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-13
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------
================================================================================
nfs-utils-1.2.1-6.fc12 (FEDORA-2010-16569)
NFS utilities and supporting clients and daemons for the kernel NFS server
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Steve Dickson <steved@xxxxxxxxxx> 1.2.1-6
- nfs-utils init scripts don't support "try-restart" option (bz 521844)
- nfslock service doesn't support "reload" option (bz 521852)
- nfs init scripts return wrong exit codes (bz 521675)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #521844 - nfs-utils init scripts don't support "try-restart" option
https://bugzilla.redhat.com/show_bug.cgi?id=521844
[ 2 ] Bug #521852 - nfslock service doesn't support "reload" option
https://bugzilla.redhat.com/show_bug.cgi?id=521852
[ 3 ] Bug #521675 - nfs init scripts return wrong exit codes
https://bugzilla.redhat.com/show_bug.cgi?id=521675
[ 4 ] Bug #547718 - mount.nfs should have mountproto=tcp as default
https://bugzilla.redhat.com/show_bug.cgi?id=547718
--------------------------------------------------------------------------------
================================================================================
perl-Gtk2-MozEmbed-0.08-6.fc12.16 (FEDORA-2010-16554)
Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.08-6.16
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------
================================================================================
petit-1.0.3-1.fc12 (FEDORA-2010-16590)
Log analysis tool for syslog, Apache and raw log files
--------------------------------------------------------------------------------
Update Information:
new upstream version
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
policycoreutils-2.0.82-5.fc12 (FEDORA-2010-16582)
SELinux policy core utilities
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 22 2010 Dan Walsh <dwalsh@xxxxxxxxxx> 2.0.82-5
- Fix sandbox command on HOMEDIR
--------------------------------------------------------------------------------
================================================================================
xulrunner-1.9.1.14-1.fc12 (FEDORA-2010-16554)
XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.9.1.14-1
- Update to 1.9.1.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
