The following Fedora 12 Security updates need testing:
https://admin.fedoraproject.org/updates/clamav-0.96.3-1200.fc12
https://admin.fedoraproject.org/updates/bzip2-1.0.6-1.fc12
https://admin.fedoraproject.org/updates/subversion-1.6.13-1.fc12.1
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-3.fc12
https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc12
https://admin.fedoraproject.org/updates/apr-util-1.3.10-1.fc12
https://admin.fedoraproject.org/updates/openldap-2.4.19-6.fc12
https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc12
https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12
https://admin.fedoraproject.org/updates/gnucash-2.2.9-5.fc12
https://admin.fedoraproject.org/updates/gif2png-2.5.1-1202.fc12
https://admin.fedoraproject.org/updates/cvs-1.11.23-9.fc12
https://admin.fedoraproject.org/updates/luci-0.22.4-2.0.b9faf868074git.fc12
The following builds have been pushed to Fedora 12 updates-testing
asterisk-sounds-core-1.4.20-1.fc12
cryptopp-5.6.1-2.fc12
cvs-1.11.23-9.fc12
django-simple-captcha-0.2.0-4.fc12
erlang-etap-0.3.4-5.fc12
gnucash-2.2.9-5.fc12
libmcrypto-0.8.0-0.1.20100629svn3775.fc12
libmstun-0.8.0-0.1.20091007svn3734.fc12
luci-0.22.4-2.0.b9faf868074git.fc12
Details about builds:
================================================================================
asterisk-sounds-core-1.4.20-1.fc12 (FEDORA-2010-16623)
Core sounds for Asterisk
--------------------------------------------------------------------------------
Update Information:
- Update to 1.4.20
- Add en_AU sounds
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 1.4.20-1
- Update to 1.4.20
- Add en_AU sounds
--------------------------------------------------------------------------------
================================================================================
cryptopp-5.6.1-2.fc12 (FEDORA-2010-16607)
Public domain C++ class library of cryptographic schemes
--------------------------------------------------------------------------------
Update Information:
- Added -DCRYPTOPP_DISABLE_SSE2 to CXXFLAGS instead of config.h for non-x86_64 (rhbz#645169).
- Installed TestVectors and TestData in cryptopp-progs.
- Patched cryptest for using data files in /usr/share/cryptopp.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 5.6.1-2
- add -DCRYPTOPP_DISABLE_SSE2 to CXXFLAGS instead of config.h for non-x86_64 (rhbz#645169)
- install TestVectors and TestData in cryptopp-progs
- patch cryptest for using data files in /usr/share/cryptopp
- build cryptestcwd for build time test only
- fix check section
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #645169 - conflict between cryptopp-devel i686 and x86_64 pkgs
https://bugzilla.redhat.com/show_bug.cgi?id=645169
--------------------------------------------------------------------------------
================================================================================
cvs-1.11.23-9.fc12 (FEDORA-2010-16599)
A version control system
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Petr Pisar <ppisar@xxxxxxxxxx> - 1.11.23-9
- Fix CVE-2010-3846 (bug #645386)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642146 - CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes
https://bugzilla.redhat.com/show_bug.cgi?id=642146
--------------------------------------------------------------------------------
================================================================================
django-simple-captcha-0.2.0-4.fc12 (FEDORA-2010-16621)
Django application to add captcha images to any Django form
--------------------------------------------------------------------------------
Update Information:
Here is where you
give an explanation of
your update.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644883 - Review Request: django-simple-captcha - Django application to add captcha images to any Django form.
https://bugzilla.redhat.com/show_bug.cgi?id=644883
--------------------------------------------------------------------------------
================================================================================
erlang-etap-0.3.4-5.fc12 (FEDORA-2010-16604)
Erlang testing library
--------------------------------------------------------------------------------
Update Information:
* Fixed runtime issues in EL-4
* Added %check target
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 0.3.4-5
- Fixed missing runtime dependency on EL-4
- Added %check target
* Tue Sep 28 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 0.3.4-4
- Narrowed BuildRequires
* Mon Jul 12 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 0.3.4-3
- Rebuild for Erlang/OTP R14A
- Simplified spec-file
--------------------------------------------------------------------------------
================================================================================
gnucash-2.2.9-5.fc12 (FEDORA-2010-16622)
Finance management application
--------------------------------------------------------------------------------
Update Information:
This update removes an unneeded file that could cause a security issue if ran from a directory that other users had write access to.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Bill Nottingham <notting@xxxxxxxxxx>
- don't ship gnc-test-env (#644933, CVE-2010-3999)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644933 - CVE-2010-3999 gnucash: insecure library loading vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=644933
--------------------------------------------------------------------------------
================================================================================
libmcrypto-0.8.0-0.1.20100629svn3775.fc12 (FEDORA-2010-16618)
A C++ library providing various cryptography related utilities
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #626699 - Review Request: libmcrypto - A C++ library providing various cryptography related utilities
https://bugzilla.redhat.com/show_bug.cgi?id=626699
--------------------------------------------------------------------------------
================================================================================
libmstun-0.8.0-0.1.20091007svn3734.fc12 (FEDORA-2010-16613)
A C++ library providing STUN client utilities
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #626462 - Review Request: libmstun - A C++ library providing STUN client utilities
https://bugzilla.redhat.com/show_bug.cgi?id=626462
--------------------------------------------------------------------------------
================================================================================
luci-0.22.4-2.0.b9faf868074git.fc12 (FEDORA-2010-16601)
Web-based high availability administration application
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2010-3852
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Fabio M. Di Nitto <fdinitto@xxxxxxxxxx> - 0.22.4-2.0.b9faf868074git
- Fix CVE-2010-3852 (bug #645404)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #626504 - CVE-2010-3852 Luci: Authentication bypass via fake ticket cookie
https://bugzilla.redhat.com/show_bug.cgi?id=626504
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
