Fedora 12 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 12 Security updates need testing:

    https://admin.fedoraproject.org/updates/clamav-0.96.3-1200.fc12
    https://admin.fedoraproject.org/updates/bzip2-1.0.6-1.fc12
    https://admin.fedoraproject.org/updates/subversion-1.6.13-1.fc12.1
    https://admin.fedoraproject.org/updates/tomcat6-6.0.26-3.fc12
    https://admin.fedoraproject.org/updates/gif2png-2.5.1-1202.fc12
    https://admin.fedoraproject.org/updates/ocsinventory-agent-1.1.2.1-1.fc12
    https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc12
    https://admin.fedoraproject.org/updates/apr-util-1.3.10-1.fc12
    https://admin.fedoraproject.org/updates/galeon-2.0.7-26.fc12,xulrunner-1.9.1.14-1.fc12,firefox-3.5.14-1.fc12,gnome-python2-extras-2.25.3-21.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.16,mozvoikko-1.0-13.fc12
    https://admin.fedoraproject.org/updates/openldap-2.4.19-6.fc12
    https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc12
    https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12


The following builds have been pushed to Fedora 12 updates-testing

    cbrpager-0.9.22-1.fc12
    chkrootkit-0.49-2.fc12
    clustershell-1.3.3-1.fc12
    dwm-5.8.2-4.fc12
    emacs-mew-6.3-2.fc12
    firefox-3.5.14-1.fc12
    galeon-2.0.7-26.fc12
    gnome-python2-extras-2.25.3-21.fc12
    horde-3.3.9-1.fc12
    kernel-2.6.32.23-170.fc12
    kobo-0.3.1-1.fc12
    ktorrent-4.0.4-1.fc12
    libktorrent-1.0.4-1.fc12
    libtirpc-0.2.1-2.fc12
    mock-1.0.13-1.fc12
    mozvoikko-1.0-13.fc12
    nfs-utils-1.2.1-6.fc12
    perl-Gtk2-MozEmbed-0.08-6.fc12.16
    petit-1.0.3-1.fc12
    policycoreutils-2.0.82-5.fc12
    xulrunner-1.9.1.14-1.fc12

Details about builds:


================================================================================
 cbrpager-0.9.22-1.fc12 (FEDORA-2010-16576)
 Simple comic book pager for Linux
--------------------------------------------------------------------------------
Update Information:

New version 0.9.22 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 21 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 0.9.22-1
- 0.9.22
--------------------------------------------------------------------------------


================================================================================
 chkrootkit-0.49-2.fc12 (FEDORA-2010-16568)
 Tool to locally check for signs of a rootkit
--------------------------------------------------------------------------------
Update Information:

Fixes segfault and stack smashing.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Jon Ciesla <limb@xxxxxxxxxxxx> 0.49-2
- Updated outofbounds patch, BZ 577979 and 626067.
* Thu Mar 18 2010 Jon Ciesla <limb@xxxxxxxxxxxx> 0.49-1
- New upstream, including upstreamed patches.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #577979 - [abrt] crash in chkrootkit-0.48-14.fc12: Process /usr/lib64/chkrootkit-0.48/chkutmp was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=577979
  [ 2 ] Bug #626067 - Chkrootkit - "Stack Smashing"
        https://bugzilla.redhat.com/show_bug.cgi?id=626067
--------------------------------------------------------------------------------


================================================================================
 clustershell-1.3.3-1.fc12 (FEDORA-2010-16556)
 Python framework for efficient cluster administration
--------------------------------------------------------------------------------
Update Information:

Update release to 1.3.3. Minor bug fixed and improved documentation.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 20 2010 Stephane Thiell <stephane.thiell@xxxxxx> 1.3.3-1
- update to 1.3.3
--------------------------------------------------------------------------------


================================================================================
 dwm-5.8.2-4.fc12 (FEDORA-2010-16597)
 Dynamic window manager for X
--------------------------------------------------------------------------------
Update Information:

dwm(1) Fedora Notes update
--------------------------------------------------------------------------------


================================================================================
 emacs-mew-6.3-2.fc12 (FEDORA-2010-16578)
 Email client for GNU Emacs
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Akira TAGOH <tagoh@xxxxxxxxxx> - 6.3-2
- Add the icon path to image-load-path to display the icons on toolbar
  correctly. (#606772)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #606772 - Emacs-mew icons do not display in tool bar
        https://bugzilla.redhat.com/show_bug.cgi?id=606772
--------------------------------------------------------------------------------


================================================================================
 firefox-3.5.14-1.fc12 (FEDORA-2010-16554)
 Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14

Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.5.14-1
- Update to 3.5.14
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
  [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------


================================================================================
 galeon-2.0.7-26.fc12 (FEDORA-2010-16554)
 GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14

Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-26
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
  [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------


================================================================================
 gnome-python2-extras-2.25.3-21.fc12 (FEDORA-2010-16554)
 Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14

Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.25.3-21
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
  [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------


================================================================================
 horde-3.3.9-1.fc12 (FEDORA-2010-16592)
 The common framework for all Horde applications
--------------------------------------------------------------------------------
Update Information:

Fix 2 security bugs by upgrading to 3.3.9
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 3.3.9-1
- Upgrade to 3.3.9
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #630687 - CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9
        https://bugzilla.redhat.com/show_bug.cgi?id=630687
--------------------------------------------------------------------------------


================================================================================
 kernel-2.6.32.23-170.fc12 (FEDORA-2010-16565)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:

Two bug fixes for networking drivers (skge and r8169) and add support for Ricoh e822 card readers.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 27 2010 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.32.23-170
- Linux 2.6.32.23
- Drop merged patches:
  aio-check-for-multiplication-overflow-in-do_io_submit.patch
  inotify-fix-inotify-oneshot-support.patch
  inotify-send-IN_UNMOUNT-events.patch
  irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch
  keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch
  keys-fix-rcu-no-lock-warning-in-keyctl_session_to_parent.patch
- Fix typo in Xen patch from 2.6.32.22.
* Mon Sep 20 2010 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.32.22-169
- Linux 2.6.32.22
- Drop merged patches:
  01-compat-make-compat_alloc_user_space-incorporate-the-access_ok-check.patch
  02-compat-test-rax-for-the-system-call-number-not-eax.patch
  03-compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch
  hid-01-usbhid-initialize-interface-pointers-early-enough.patch
  hid-02-fix-suspend-crash-by-moving-initializations-earlier.patch
  alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch
  tracing-do-not-allow-llseek-to-set_ftrace_filter.patch
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #447489 - [x86-64] No network with 4GB RAM support
        https://bugzilla.redhat.com/show_bug.cgi?id=447489
  [ 2 ] Bug #629158 - Network adapter "disappears" after resuming from acpi suspend
        https://bugzilla.redhat.com/show_bug.cgi?id=629158
  [ 3 ] Bug #596475 - ricoh e822 sdhci device not working
        https://bugzilla.redhat.com/show_bug.cgi?id=596475
--------------------------------------------------------------------------------


================================================================================
 kobo-0.3.1-1.fc12 (FEDORA-2010-16563)
 Python modules for tools development
--------------------------------------------------------------------------------
Update Information:

bump to new upstream version
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Daniel Mach <dmach@xxxxxxxxxx> - 0.3.1-1
- Add help-admin command to display help for admin commands. (Daniel Mach)
- Add config parser support for glob matching on dict keys. (Tomas Kopecek)
- Implement timeout support in xmlrpc transports. (Daniel Mach)
- Improve kobo.xmlrpc.CookieTransport to work with python 2.7 as well. (Daniel Mach)
- Add kobo-admin utility. (Martin Bukatovic)
- Add missing HttpResponseForbidden import to kobo.hub.views. (Daniel Mach)
- Fix bug in "Show only my tasks" search option on Tasks page. (Daniel Mach)
--------------------------------------------------------------------------------


================================================================================
 ktorrent-4.0.4-1.fc12 (FEDORA-2010-16567)
 A BitTorrent program
--------------------------------------------------------------------------------
Update Information:

KTorrent 4.0.4

Fixed several minor things, and improved the performance when there are many torrents.

libktorrent-1.0.4

Fixed a deadlock and a crash in the ÂTP protocol code.

See http://ktorrent.org/?q=node/46
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 4.0.4-1
- ktorrent-4.0.4
--------------------------------------------------------------------------------


================================================================================
 libktorrent-1.0.4-1.fc12 (FEDORA-2010-16567)
 Library providing torrent downloading code
--------------------------------------------------------------------------------
Update Information:

KTorrent 4.0.4

Fixed several minor things, and improved the performance when there are many torrents.

libktorrent-1.0.4

Fixed a deadlock and a crash in the ÂTP protocol code.

See http://ktorrent.org/?q=node/46
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.0.4-1
- libktorrent-1.0.4
--------------------------------------------------------------------------------


================================================================================
 libtirpc-0.2.1-2.fc12 (FEDORA-2010-16572)
 Transport Independent RPC Library
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 20 2010 Steve Dickson  <steved@xxxxxxxxxx> 0.2.1-2
- Updated latest RC release: libtirpc-0-2-2-rc2
    automount with nis maps crashes randomly (bz 621387)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #621387 - automount with nis maps crashes randomly
        https://bugzilla.redhat.com/show_bug.cgi?id=621387
--------------------------------------------------------------------------------


================================================================================
 mock-1.0.13-1.fc12 (FEDORA-2010-16570)
 Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:

This update addresses multiple issues seen with the new selinux plugin
create empty /var/log/{last,fail}log in chroot rather than copy in possible large sparse file from host filesystem

make sure that both --spec and --sources are specified when the --buildsrpm option is used

use rpm module function compareEVR to compare kernel versions (string comparison doesn't work).

change selinux plugin to use tmp directory for faux /proc/filesystems file, rather than cachedir (which may not exist)

fix a typo in exception.py

Added Alan Franzoni's umountall modifications

- run update after unpacking root cache
- clean up noarch builds
- fix selinux plugin issue
- fix repeated calls to umount
- clean up i585 target fix
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
create empty /var/log/{last,fail}log in chroot rather than copy in possible large sparse file from host filesystem

make sure that both --spec and --sources are specified when the --buildsrpm option is used

use rpm module function compareEVR to compare kernel versions (string comparison doesn't work).

change selinux plugin to use tmp directory for faux /proc/filesystems file, rather than cachedir (which may not exist)

fix a typo in exception.py

Added Alan Franzoni's umountall modifications

- run update after unpacking root cache
- clean up noarch builds
- fix selinux plugin issue
- fix repeated calls to umount
- clean up i585 target fix
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 14 2010 Clark Williams <williams@xxxxxxxxxx> - 1.0.13-1
- replace call to perl with native python edit function
- change permissions of selinux plugin 'filesystems' file
- from Ville Skyttà <ville.skytta@xxxxxx>:
  - Find out completions for --*-plugin dynamically
  - Keep $COLUMNS in consolehelper environment for --help formatting
  - Document --scrub, --enable-plugin, and --disable-plugin
  - Fix option name in --enable-plugin/--disable-plugin error string
  - Add --scrub completion
  - Complete on *.spm (*.src.rpm are sometimes named like that e.g. in SUSE)
  - Fix buildsrpm() docstring
  - Error message improvements
* Fri Sep 17 2010 Clark Williams <williams@xxxxxxxxxx> - 1.0.12-1
- add cmpKernelEVR function to compare kernel versions (BZ# 526414)
- added commandline argument checking for --buildsrpm (BZ# 605800)
- create empty faillog and lastlog in <chroot>/var/log (BZ# 585973 & 633435)
- changed copyin/copyout prints from debug to info
- from Alan Franzoni <mailing@xxxxxxxxxxx>:
  - reworked the root object _umountall() method
- fix epel4 chroot cleanup and umountall issue
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #573111 - Mock environment needs to fake chroot into thinking SELinux is disabled.
        https://bugzilla.redhat.com/show_bug.cgi?id=573111
  [ 2 ] Bug #629041 - selinux plugin expects that yum cache directory exists
        https://bugzilla.redhat.com/show_bug.cgi?id=629041
  [ 3 ] Bug #630479 - rebuilds fail with ""execmod" access" errors from SELinux
        https://bugzilla.redhat.com/show_bug.cgi?id=630479
  [ 4 ] Bug #637555 - Mock selinux plugin creates /proc/filesystems with incorrect permissions
        https://bugzilla.redhat.com/show_bug.cgi?id=637555
  [ 5 ] Bug #642051 - Xvfb SELinux issues in mock
        https://bugzilla.redhat.com/show_bug.cgi?id=642051
  [ 6 ] Bug #585973 - root cache fails to untar with <fail|last>log
        https://bugzilla.redhat.com/show_bug.cgi?id=585973
  [ 7 ] Bug #633435 - /var/log/lastlog and /var/log/faillog included in cache.tar.gz
        https://bugzilla.redhat.com/show_bug.cgi?id=633435
  [ 8 ] Bug #605800 - TypeError when using --buildsrpm
        https://bugzilla.redhat.com/show_bug.cgi?id=605800
  [ 9 ] Bug #526414 - missing /dev/fd symlink causes some mock builds using it to fail
        https://bugzilla.redhat.com/show_bug.cgi?id=526414
  [ 10 ] Bug #622170 - Latest architecture patches broke noarch builds
        https://bugzilla.redhat.com/show_bug.cgi?id=622170
  [ 11 ] Bug #614440 - [PATCH] Get mock to turn off selinux within the chroot
        https://bugzilla.redhat.com/show_bug.cgi?id=614440
  [ 12 ] Bug #622544 - i586 target no more possible
        https://bugzilla.redhat.com/show_bug.cgi?id=622544
  [ 13 ] Bug #557526 - mock no longer runs yum update after unpacking root
        https://bugzilla.redhat.com/show_bug.cgi?id=557526
  [ 14 ] Bug #620143 - ERROR: pop from empty list
        https://bugzilla.redhat.com/show_bug.cgi?id=620143
  [ 15 ] Bug #620825 - Unmounts filesystems in wrong order, gives traceback
        https://bugzilla.redhat.com/show_bug.cgi?id=620825
  [ 16 ] Bug #619819 - Please ship fedora-14-*.cfg
        https://bugzilla.redhat.com/show_bug.cgi?id=619819
  [ 17 ] Bug #510409 - Mock not building SRPM
        https://bugzilla.redhat.com/show_bug.cgi?id=510409
  [ 18 ] Bug #600487 - site-defaults.cfg cites defaults.cfg fix
        https://bugzilla.redhat.com/show_bug.cgi?id=600487
  [ 19 ] Bug #607144 - mock -r epel-5-x86_64 --rebuild X.src.rpm is not working (dependencies problems?)
        https://bugzilla.redhat.com/show_bug.cgi?id=607144
  [ 20 ] Bug #570434 - 'man mock' does not tell user to add him or herself to group 'mock'
        https://bugzilla.redhat.com/show_bug.cgi?id=570434
  [ 21 ] Bug #450726 - No way to clean mock cache directory
        https://bugzilla.redhat.com/show_bug.cgi?id=450726
  [ 22 ] Bug #516355 - newest mock not working on RHEL5
        https://bugzilla.redhat.com/show_bug.cgi?id=516355
  [ 23 ] Bug #486555 - Need to be able to clean/disable yum cache
        https://bugzilla.redhat.com/show_bug.cgi?id=486555
  [ 24 ] Bug #522505 - --unpriv only works with --chroot
        https://bugzilla.redhat.com/show_bug.cgi?id=522505
  [ 25 ] Bug #593654 - mock/yum: IndexError: list index out of range
        https://bugzilla.redhat.com/show_bug.cgi?id=593654
--------------------------------------------------------------------------------


================================================================================
 mozvoikko-1.0-13.fc12 (FEDORA-2010-16554)
 Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14

Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-13
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
  [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------


================================================================================
 nfs-utils-1.2.1-6.fc12 (FEDORA-2010-16569)
 NFS utilities and supporting clients and daemons for the kernel NFS server
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 18 2010 Steve Dickson <steved@xxxxxxxxxx> 1.2.1-6
- nfs-utils init scripts don't support "try-restart" option (bz 521844)
- nfslock service doesn't support "reload" option (bz 521852)
- nfs init scripts return wrong exit codes (bz 521675)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #521844 - nfs-utils init scripts don't support "try-restart" option
        https://bugzilla.redhat.com/show_bug.cgi?id=521844
  [ 2 ] Bug #521852 - nfslock service doesn't support "reload" option
        https://bugzilla.redhat.com/show_bug.cgi?id=521852
  [ 3 ] Bug #521675 - nfs init scripts return wrong exit codes
        https://bugzilla.redhat.com/show_bug.cgi?id=521675
  [ 4 ] Bug #547718 - mount.nfs should have mountproto=tcp as default
        https://bugzilla.redhat.com/show_bug.cgi?id=547718
--------------------------------------------------------------------------------


================================================================================
 perl-Gtk2-MozEmbed-0.08-6.fc12.16 (FEDORA-2010-16554)
 Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14

Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.08-6.16
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
  [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------


================================================================================
 petit-1.0.3-1.fc12 (FEDORA-2010-16590)
 Log analysis tool for syslog, Apache and raw log files
--------------------------------------------------------------------------------
Update Information:

new upstream version
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------


================================================================================
 policycoreutils-2.0.82-5.fc12 (FEDORA-2010-16582)
 SELinux policy core utilities
--------------------------------------------------------------------------------
Update Information:



--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 22 2010 Dan Walsh <dwalsh@xxxxxxxxxx> 2.0.82-5
- Fix sandbox command on HOMEDIR
--------------------------------------------------------------------------------


================================================================================
 xulrunner-1.9.1.14-1.fc12 (FEDORA-2010-16554)
 XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14

Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.9.1.14-1
- Update to 1.9.1.14
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
  [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux