The following Fedora 12 Security updates need testing: https://admin.fedoraproject.org/updates/bzip2-1.0.6-1.fc12 https://admin.fedoraproject.org/updates/tomcat6-6.0.26-3.fc12 https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc12 https://admin.fedoraproject.org/updates/openldap-2.4.19-6.fc12 https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc12 https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12 https://admin.fedoraproject.org/updates/gnucash-2.2.9-5.fc12 https://admin.fedoraproject.org/updates/seamonkey-2.0.9-1.fc12 https://admin.fedoraproject.org/updates/pidgin-2.7.4-1.fc12 https://admin.fedoraproject.org/updates/gif2png-2.5.1-1202.fc12 https://admin.fedoraproject.org/updates/xpdf-3.02-16.fc12 https://admin.fedoraproject.org/updates/luci-0.22.4-2.0.b9faf868074git.fc12 https://admin.fedoraproject.org/updates/cvs-1.11.23-9.fc12 https://admin.fedoraproject.org/updates/clamav-0.96.3-1200.fc12 https://admin.fedoraproject.org/updates/nss-util-3.12.8-1.fc12,nss-softokn-3.12.8-1.fc12,nss-3.12.8-2.fc12 https://admin.fedoraproject.org/updates/gnome-web-photo-0.9-10.fc12,galeon-2.0.7-26.fc12,xulrunner-1.9.1.14-1.fc12,firefox-3.5.14-1.fc12,gnome-python2-extras-2.25.3-21.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.16,mozvoikko-1.0-13.fc12 https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc12 https://admin.fedoraproject.org/updates/thunderbird-3.0.9-1.fc12,sunbird-1.0-0.25.20090916hg.fc12 https://admin.fedoraproject.org/updates/glibc-2.11.2-3 The following builds have been pushed to Fedora 12 updates-testing 389-ds-base-1.2.7-0.3.a3.fc12 bristol-0.40.7-7.fc12 dovecot-1.2.15-2.fc12 driftnet-0.1.6-20.20040426cvs.fc12 drupal-service_links-6.x.2.0-1.fc12 firefox-3.5.14-1.fc12 flashrom-0.9.3-0.1.svn1205.fc12 fuse-2.8.5-1.fc12 galeon-2.0.7-26.fc12 glibc-2.11.2-3 gnome-gmail-1.7-1.fc12 gnome-python2-extras-2.25.3-21.fc12 gnome-web-photo-0.9-10.fc12 gphotoframe-1.1-1.fc12 lua-copas-1.1.6-1.fc12 lua-coxpcall-1.13.0-1.fc12 lua-md5-1.1.2-1.fc12 lua-wsapi-1.3.4-2.fc12 lua-xmlrpc-1.2.1-1.fc12 mailx-12.5-1.fc12 mingetty-1.08-5.fc12 mozvoikko-1.0-13.fc12 nagios-3.2.3-1.fc12 nrpe-2.12-16.fc12 openscada-0.7.0-2.fc12 perl-Gtk2-MozEmbed-0.08-6.fc12.16 pidgin-2.7.4-1.fc12 preupgrade-1.1.8-1.fc12.1 publican-2.3-0.fc12 publican-fedora-2.0-0.fc12 qbittorrent-2.4.8-1.fc12 qdigidoc-0.4.0-3.fc12 root-5.26.00e-1.fc12 rubygem-ruby-debug-0.10.4-0.6.rc3.fc12 rubygem-ruby-debug-base-0.10.4-0.5.rc3.fc12 seamonkey-2.0.9-1.fc12 sunbird-1.0-0.25.20090916hg.fc12 thunderbird-3.0.9-1.fc12 tomboy-1.0.0-3.fc12 usbmuxd-1.0.6-1.fc12 vanessa_adt-0.0.7-6.fc12 xoo-0.7-12.fc12 xpdf-3.02-16.fc12 xulrunner-1.9.1.14-1.fc12 Details about builds: ================================================================================ 389-ds-base-1.2.7-0.3.a3.fc12 (FEDORA-2010-16683) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: This is the 389-ds-base 1.2.7 Alpha 3 release. On Fedora 14 and later, this package uses openldap instead of mozldap. This release fixes some serious problems with upgrade and replication, as well as many other bugs. new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.3.a3 - 1.2.7.a3 release - a2 was never released - Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs - Bug 629681 - Retro Changelog trimming does not behave as expected - Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif - are not upgraded in the server instance schema dir * Tue Oct 19 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.2.a2 - 1.2.7.a2 release - a1 was the OpenLDAP testday release - git tag 389-ds-base-1.2.7.a2 - added openldap support on platforms that use openldap with moznss - for crypto (F-14 and later) - many bug fixes - Account Policy Plugin (keep track of last login, disable old accounts) * Fri Oct 8 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.1.a1 - added openldap support -------------------------------------------------------------------------------- References: [ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7 https://bugzilla.redhat.com/show_bug.cgi?id=576869 [ 2 ] Bug #634561 - Server crushes when using Windows Sync Agreement https://bugzilla.redhat.com/show_bug.cgi?id=634561 [ 3 ] Bug #631862 - crash - delete entries not in cache + referint https://bugzilla.redhat.com/show_bug.cgi?id=631862 -------------------------------------------------------------------------------- ================================================================================ bristol-0.40.7-7.fc12 (FEDORA-2010-16676) Synthesizer emulator -------------------------------------------------------------------------------- Update Information: This update stops altering LD_LIBRARY_PATH for Bristol insecurely at runtime. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 25 2010 Jon Ciesla <limb@xxxxxxxxxxxx> - 0.40.7-7 - Fix for CVE-2010-3351, BZ 638376. -------------------------------------------------------------------------------- References: [ 1 ] Bug #638376 - CVE-2010-3351 bristol: insecure library loading vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=638376 -------------------------------------------------------------------------------- ================================================================================ dovecot-1.2.15-2.fc12 (FEDORA-2010-16656) Secure imap and pop3 server -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 25 2010 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:1.2.15-2 - do not use dotlocking by default for deliver too (#629020) -------------------------------------------------------------------------------- References: [ 1 ] Bug #629020 - "deliver" uses dotlocking despite Fedora patch https://bugzilla.redhat.com/show_bug.cgi?id=629020 -------------------------------------------------------------------------------- ================================================================================ driftnet-0.1.6-20.20040426cvs.fc12 (FEDORA-2010-16642) Network image sniffer -------------------------------------------------------------------------------- Update Information: Implicit DSO linking fix -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 5 2010 Paul Wouters <paul@xxxxxxxxxxxxx> - 0.1.6-20.20040426cvs - Bugfix for https://bugzilla.redhat.com/show_bug.cgi?id=564945 -------------------------------------------------------------------------------- References: [ 1 ] Bug #564945 - FTBFS driftnet-0.1.6-19.20040426cvs.fc12: ImplicitDSOLinking https://bugzilla.redhat.com/show_bug.cgi?id=564945 -------------------------------------------------------------------------------- ================================================================================ drupal-service_links-6.x.2.0-1.fc12 (FEDORA-2010-16659) Enables admins to add links to a number of sites -------------------------------------------------------------------------------- Update Information: Update to upstream supported version. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 25 2010 Jon Ciesla <limb@xxxxxxxxxxxx> - 6.x.2.0-1 - New upstream, BZ 645757. -------------------------------------------------------------------------------- References: [ 1 ] Bug #645757 - Version not supported anymore https://bugzilla.redhat.com/show_bug.cgi?id=645757 -------------------------------------------------------------------------------- ================================================================================ firefox-3.5.14-1.fc12 (FEDORA-2010-16554) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.5.14-1 - Update to 3.5.14 -------------------------------------------------------------------------------- References: [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw https://bugzilla.redhat.com/show_bug.cgi?id=642300 [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls https://bugzilla.redhat.com/show_bug.cgi?id=642294 [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs https://bugzilla.redhat.com/show_bug.cgi?id=642290 [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter https://bugzilla.redhat.com/show_bug.cgi?id=642286 [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp https://bugzilla.redhat.com/show_bug.cgi?id=642283 [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write https://bugzilla.redhat.com/show_bug.cgi?id=642277 [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=642272 -------------------------------------------------------------------------------- ================================================================================ flashrom-0.9.3-0.1.svn1205.fc12 (FEDORA-2010-16672) Simple program for reading/writing BIOS chips content -------------------------------------------------------------------------------- Update Information: * Pre-release of ver. 0.9.3 * Now builds on PPC and PPC64. Other arches are not tested. * Now builds with autotools -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 26 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 0.9.3-0.1.svn1205 - Ver. 0.9.3 (pre-release, exported from SCM) * Wed Sep 29 2010 jkeating - 0.9.2-7.svn1180 - Rebuilt for gcc bug 634757 * Fri Sep 24 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 0.9.2-6.svn1180 - Added autotools support * Tue Sep 21 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 0.9.2-5.svn1180 - Patch no.3 merged upstream * Fri Sep 17 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 0.9.2-4.svn1158 - Enable building on PowerPC (only external flashers enabled so far). See rhbz #283491. * Sun Sep 12 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 0.9.2-3.svn1158 - Clean up spec-file - Updated to latest svn ver. 1158 - Doubles the number of known boards! * Sun Jun 13 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 0.9.2-2 - Added missing Requires - dmidecode (for accurate board matching) -------------------------------------------------------------------------------- References: [ 1 ] Bug #283491 - flashrom can't be built at powerpc https://bugzilla.redhat.com/show_bug.cgi?id=283491 [ 2 ] Bug #617621 - Flashrom / dmidecode bad interaction could brick laptops https://bugzilla.redhat.com/show_bug.cgi?id=617621 -------------------------------------------------------------------------------- ================================================================================ fuse-2.8.5-1.fc12 (FEDORA-2010-16700) File System in Userspace (FUSE) utilities -------------------------------------------------------------------------------- Update Information: Ver. 2.8.5 (bugfix release) -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 26 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> 2.8.5-1 - Ver. 2.8.5 -------------------------------------------------------------------------------- ================================================================================ galeon-2.0.7-26.fc12 (FEDORA-2010-16554) GNOME2 Web browser based on Mozilla -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-26 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw https://bugzilla.redhat.com/show_bug.cgi?id=642300 [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls https://bugzilla.redhat.com/show_bug.cgi?id=642294 [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs https://bugzilla.redhat.com/show_bug.cgi?id=642290 [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter https://bugzilla.redhat.com/show_bug.cgi?id=642286 [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp https://bugzilla.redhat.com/show_bug.cgi?id=642283 [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write https://bugzilla.redhat.com/show_bug.cgi?id=642277 [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=642272 -------------------------------------------------------------------------------- ================================================================================ glibc-2.11.2-3 (FEDORA-2010-16641) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: - Correct x86 CPU family and model check (BZ#11640, #596554) - Don't crash on unresolved weak symbol reference - sunrpc: Fix spurious fall-through - Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847) - Require suid bit on audit objects in privileged programs (CVE-2010-3856) -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Andreas Schwab <schwab@xxxxxxxxxx> - 2.11.2-3 - Require suid bit on audit objects in privileged programs (CVE-2010-3856) * Thu Oct 21 2010 Andreas Schwab <schwab@xxxxxxxxxx> - 2.11.2-2 - Update from 2.11 branch - Correct x86 CPU family and model check (BZ#11640, #596554) - Don't crash on unresolved weak symbol reference - sunrpc: Fix spurious fall-through - Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847) -------------------------------------------------------------------------------- References: [ 1 ] Bug #643306 - CVE-2010-3847 glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs https://bugzilla.redhat.com/show_bug.cgi?id=643306 [ 2 ] Bug #645672 - CVE-2010-3856 glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs https://bugzilla.redhat.com/show_bug.cgi?id=645672 -------------------------------------------------------------------------------- ================================================================================ gnome-gmail-1.7-1.fc12 (FEDORA-2010-16712) Integrate GMail into the GNOME desktop -------------------------------------------------------------------------------- Update Information: Upstream 1.7 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ gnome-python2-extras-2.25.3-21.fc12 (FEDORA-2010-16554) Additional PyGNOME Python extension modules -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.25.3-21 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw https://bugzilla.redhat.com/show_bug.cgi?id=642300 [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls https://bugzilla.redhat.com/show_bug.cgi?id=642294 [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs https://bugzilla.redhat.com/show_bug.cgi?id=642290 [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter https://bugzilla.redhat.com/show_bug.cgi?id=642286 [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp https://bugzilla.redhat.com/show_bug.cgi?id=642283 [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write https://bugzilla.redhat.com/show_bug.cgi?id=642277 [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=642272 -------------------------------------------------------------------------------- ================================================================================ gnome-web-photo-0.9-10.fc12 (FEDORA-2010-16554) HTML pages thumbnailer -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.9-10 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw https://bugzilla.redhat.com/show_bug.cgi?id=642300 [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls https://bugzilla.redhat.com/show_bug.cgi?id=642294 [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs https://bugzilla.redhat.com/show_bug.cgi?id=642290 [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter https://bugzilla.redhat.com/show_bug.cgi?id=642286 [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp https://bugzilla.redhat.com/show_bug.cgi?id=642283 [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write https://bugzilla.redhat.com/show_bug.cgi?id=642277 [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=642272 -------------------------------------------------------------------------------- ================================================================================ gphotoframe-1.1-1.fc12 (FEDORA-2010-16660) Photo Frame Gadget for the GNOME Desktop -------------------------------------------------------------------------------- Update Information: New version 1.1 is released. -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 23 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1.1-1 - Update to 1.1 * Tue Jul 27 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - F-14: rebuild against python 2.7 -------------------------------------------------------------------------------- ================================================================================ lua-copas-1.1.6-1.fc12 (FEDORA-2010-16663) Coroutine Oriented Portable Asynchronous Services for Lua -------------------------------------------------------------------------------- Update Information: Initial package import -------------------------------------------------------------------------------- References: [ 1 ] Bug #645182 - Review Request: lua-copas - Coroutine Oriented Portable Asynchronous Services for Lua https://bugzilla.redhat.com/show_bug.cgi?id=645182 -------------------------------------------------------------------------------- ================================================================================ lua-coxpcall-1.13.0-1.fc12 (FEDORA-2010-16696) Coroutine safe xpcall and pcall versions for Lua -------------------------------------------------------------------------------- Update Information: Initial package import -------------------------------------------------------------------------------- References: [ 1 ] Bug #645181 - Review Request: lua-coxpcall - Coroutine safe xpcall and pcall versions for Lua https://bugzilla.redhat.com/show_bug.cgi?id=645181 -------------------------------------------------------------------------------- ================================================================================ lua-md5-1.1.2-1.fc12 (FEDORA-2010-16666) Cryptographic Library for MD5 hashes for Lua -------------------------------------------------------------------------------- Update Information: Initial package import -------------------------------------------------------------------------------- References: [ 1 ] Bug #645183 - Review Request: lua-md5 - Cryptographic Library for MD5 hashes for Lua https://bugzilla.redhat.com/show_bug.cgi?id=645183 -------------------------------------------------------------------------------- ================================================================================ lua-wsapi-1.3.4-2.fc12 (FEDORA-2010-16691) Lua Web Server API -------------------------------------------------------------------------------- Update Information: Initial package import -------------------------------------------------------------------------------- References: [ 1 ] Bug #645184 - Review Request: lua-wsapi - Lua Web Server API https://bugzilla.redhat.com/show_bug.cgi?id=645184 -------------------------------------------------------------------------------- ================================================================================ lua-xmlrpc-1.2.1-1.fc12 (FEDORA-2010-16710) Lua package to access and provide XML-RPC services -------------------------------------------------------------------------------- Update Information: Initial package import -------------------------------------------------------------------------------- References: [ 1 ] Bug #645185 - Review Request: lua-xmlrpc - Lua package to access and provide XML-RPC services https://bugzilla.redhat.com/show_bug.cgi?id=645185 -------------------------------------------------------------------------------- ================================================================================ mailx-12.5-1.fc12 (FEDORA-2010-16673) Enhanced implementation of the mailx command -------------------------------------------------------------------------------- Update Information: Update to 12.5 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 26 2010 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> - 12.5-1 - update to 12.5 - drop patches applied upstream * Fri Oct 1 2010 Ivana Hutarova Varekova <varekova@xxxxxxxxxx> - 12.4-7 - fix the typo in man-page * Mon Dec 21 2009 Ivana Hutarova Varekova <varekova@xxxxxxxxxx> - 12.4-6 - fix source tag * Fri Dec 18 2009 Ivana Hutarova Varekova <varekova@xxxxxxxxxx> - 12.4-5 - fix license tag * Sat Dec 12 2009 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 12.4-4 - Make OpenSSL support working again if NSS flag is disabled -------------------------------------------------------------------------------- References: [ 1 ] Bug #646549 - request upgrade to cvs version of mailx https://bugzilla.redhat.com/show_bug.cgi?id=646549 -------------------------------------------------------------------------------- ================================================================================ mingetty-1.08-5.fc12 (FEDORA-2010-16624) A compact getty program for virtual consoles only -------------------------------------------------------------------------------- Update Information: In addition, deprecated syslog facility has been updated to modern LOG_AUTHPRIV constant -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 26 2010 Petr Pisar <ppisar@xxxxxxxxxx> - 1.08-5 - Check chroot(), chdir(), and nice() (bug #635412) - Open syslog with AUTPRIV facility - Limit TTY name length to prevent buffer overflow (bug #551754) -------------------------------------------------------------------------------- References: [ 1 ] Bug #551754 - Buffer overflow in open_tty() https://bugzilla.redhat.com/show_bug.cgi?id=551754 [ 2 ] Bug #635412 - unsafe chroot() calls in mingetty https://bugzilla.redhat.com/show_bug.cgi?id=635412 -------------------------------------------------------------------------------- ================================================================================ mozvoikko-1.0-13.fc12 (FEDORA-2010-16554) Finnish Voikko spell-checker extension for Mozilla programs -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-13 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw https://bugzilla.redhat.com/show_bug.cgi?id=642300 [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls https://bugzilla.redhat.com/show_bug.cgi?id=642294 [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs https://bugzilla.redhat.com/show_bug.cgi?id=642290 [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter https://bugzilla.redhat.com/show_bug.cgi?id=642286 [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp https://bugzilla.redhat.com/show_bug.cgi?id=642283 [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write https://bugzilla.redhat.com/show_bug.cgi?id=642277 [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=642272 -------------------------------------------------------------------------------- ================================================================================ nagios-3.2.3-1.fc12 (FEDORA-2010-16654) Nagios monitors hosts and services and yells if somethings breaks -------------------------------------------------------------------------------- Update Information: * Ver. 3.2.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 26 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.2.3-1 - Ver. 3.2.3 - Further cleanups in spec-file * Wed Sep 29 2010 jkeating - 3.2.2-2 - Rebuilt for gcc bug 634757 -------------------------------------------------------------------------------- References: [ 1 ] Bug #639941 - nagios: please update to 3.2.3 https://bugzilla.redhat.com/show_bug.cgi?id=639941 -------------------------------------------------------------------------------- ================================================================================ nrpe-2.12-16.fc12 (FEDORA-2010-16679) Host/service/network monitoring agent for Nagios -------------------------------------------------------------------------------- Update Information: Proper directory access mode for %{_localstatedir}/run/nrpe -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 25 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> - 2.12-16 - Issue with SELinux was resolved (see rhbz #565220#c25). 2nd try. * Wed Sep 29 2010 jkeating - 2.12-15 - Rebuilt for gcc bug 634757 -------------------------------------------------------------------------------- References: [ 1 ] Bug #565220 - SELinux is preventing /usr/sbin/nrpe "dac_override" access . https://bugzilla.redhat.com/show_bug.cgi?id=565220 -------------------------------------------------------------------------------- ================================================================================ openscada-0.7.0-2.fc12 (FEDORA-2010-16671) Open SCADA system project -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 26 2010 Aleksey Popkov <aleksey@xxxxxxxxxx> - 0.7.0-2 - Build the 0.7.0 version. * Wed Oct 13 2010 Aleksey Popkov <aleksey@xxxxxxxxxx> - 0.7.0-2 - Adding the module to self package of PostgreSQL servers. - Build the 0.7.0 version. -------------------------------------------------------------------------------- ================================================================================ perl-Gtk2-MozEmbed-0.08-6.fc12.16 (FEDORA-2010-16554) Interface to the Mozilla embedding widget -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.08-6.16 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw https://bugzilla.redhat.com/show_bug.cgi?id=642300 [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls https://bugzilla.redhat.com/show_bug.cgi?id=642294 [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs https://bugzilla.redhat.com/show_bug.cgi?id=642290 [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter https://bugzilla.redhat.com/show_bug.cgi?id=642286 [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp https://bugzilla.redhat.com/show_bug.cgi?id=642283 [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write https://bugzilla.redhat.com/show_bug.cgi?id=642277 [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=642272 -------------------------------------------------------------------------------- ================================================================================ pidgin-2.7.4-1.fc12 (FEDORA-2010-16682) A Gtk+ based multiprotocol instant messaging client -------------------------------------------------------------------------------- Update Information: New release 2.7.4 Full Upstream ChangeLog: http://developer.pidgin.im/wiki/ChangeLog -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Stu Tomlinson <stu@xxxxxxxxxxxxx> 2.7.4-1 - 2.7.4, includes security fix for CVE-2010-3711 * Tue Oct 12 2010 Milan Crha <mcrha@xxxxxxxxxx> - 2.7.3-6 - Rebuild against newer evolution-data-server * Wed Sep 29 2010 jkeating - 2.7.3-5 - Rebuilt for gcc bug 634757 * Thu Sep 16 2010 Stu Tomlinson <stu@xxxxxxxxxxxxx> 2.7.3-4 - Rebuild against newer libedataserver * Mon Sep 13 2010 Dan HorÃk <dan[at]danny.cz> 2.7.3-3 - drop the s390(x) ifarchs * Mon Aug 23 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> 2.7.3-2 - use _isa in explicit Requires on libpurple to prevent yum from trying to jump architectures to resolve dependency -------------------------------------------------------------------------------- References: [ 1 ] Bug #641921 - CVE-2010-3711 Pidgin (libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values https://bugzilla.redhat.com/show_bug.cgi?id=641921 -------------------------------------------------------------------------------- ================================================================================ preupgrade-1.1.8-1.fc12.1 (FEDORA-2010-16653) Prepares a system for an upgrade -------------------------------------------------------------------------------- Update Information: - New upstream release. - Reinvigorate pre-upgrade-cli with the same fixes as the gui tool. - Translation updates. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 25 2010 Dan HorÃk <dan[at]danny.cz> - 1.1.8-1.1 - Fix build on F-12 * Thu Sep 9 2010 Richard Hughes <richard@xxxxxxxxxxx> - 1.1.8-1 - New upstream release. - Reinvigorate pre-upgrade-cli with the same fixes as the gui tool. - Translation updates. * Wed Jul 21 2010 David Malcolm <dmalcolm@xxxxxxxxxx> - 1.1.6-3 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild * Sat Jun 5 2010 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 1.1.6-2 - Fix description to clarify that skipping releases is ok - Update spec to match current guidelines -------------------------------------------------------------------------------- ================================================================================ publican-2.3-0.fc12 (FEDORA-2010-16639) Common files and scripts for publishing with DocBook XML -------------------------------------------------------------------------------- Update Information: * Thu Oct 07 2010 Jeff Fearn <jfearn@xxxxxxxxxx> 2.3-0 - Prepend product name to product/version splash pages. - Fix bash completion for --brand and --type. - Use --nocolours in spec files. - Update tocs when home/product/version pages are updated. BZ #612027 - Scroll to current entry in navigation menu. - Highlight current book in navigation menu. - Fix single quote in abstract/subtitle breaking RPM install. BZ #642088 - Fix RPM website not installing cleanly. - Fix splash page icon wrap. BZ #642109 - Moved titles before: example, equation, table. BZ #638787 - Change html and PDF style for verbatim & example. BZ #638787 - Change html and PDF style for admonitions. BZ #638787 - Fix HTML footer style and layout. - Add bump action Tech Preview. - Fix indexterm merge missing nested nodes. BZ #643275 - Add phrase to translatable tag list. BZ #643287 - Fix POT files breaking when using HTML::Tree 4.0. - Fix translated label missing from manually installed book. BZ #643781 - Add icon.svg to Create Book. BZ #644105 - Add XML dump options for site config. - Fix histroy typo - Stop max_image_width overriding XML width settings. - Decrease white space at top and bottom of PDF. - Fix toc links to refentry in chunked HTML. BZ #645602 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 26 2010 Jeff Fearn <jfearn@xxxxxxxxxx> 2.3-0 - Prepend product name to product/version splash pages. - Fix bash completion for --brand and --type. - Use --nocolours in spec files. - Update tocs when home/product/version pages are updated. BZ #612027 - Scroll to current entry in navigation menu. - Highlight current book in navigation menu. - Fix single quote in abstract/subtitle breaking RPM install. BZ #642088 - Fix RPM website not installing cleanly. - Fix splash page icon wrap. BZ #642109 - Moved titles before: example, equation, table. BZ #638787 - Change html and PDF style for verbatim & example. BZ #638787 - Change html and PDF style for admonitions. BZ #638787 - Fix HTML footer style and layout. - Add bump action Tech Preview. - Fix indexterm merge missing nested nodes. BZ #643275 - Add phrase to translatable tag list. BZ #643287 - Fix POT files breaking when using HTML::Tree 4.0. - Fix translated label missing from manually installed book. BZ #643781 - Add icon.svg to Create Book. BZ #644105 - Add XML dump options for site config. - Fix histroy typo - Stop max_image_width overriding XML width settings. - Decrease white space at top and bottom of PDF. - Fix toc links to refentry in chunked HTML. BZ #645602 -------------------------------------------------------------------------------- ================================================================================ publican-fedora-2.0-0.fc12 (FEDORA-2010-16658) Publican documentation template files for fedora -------------------------------------------------------------------------------- Update Information: * Sun Aug 29 2010 RÃdiger Landmann <r.landmann@xxxxxxxxxx> 2.0-0 - Extend callout graphics to 40; adjust colour and font BZ #629804 <r.landmann@xxxxxxxxxx> - Restrict CSS style for edition to title pages to avoid applying to bibliographies <r.landmann@xxxxxxxxxx> -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 29 2010 RÃdiger Landmann <r.landmann@xxxxxxxxxx> 2.0-0 - Extend callout graphics to 40; adjust colour and font BZ #629804 <r.landmann@xxxxxxxxxx> - Restrict CSS style for edition to title pages to avoid applying to bibliographies <r.landmann@xxxxxxxxxx> * Sun Aug 29 2010 RÃdiger Landmann <r.landmann@xxxxxxxxxx> 1.9-0 - Note ownership of MySQL trademark per Pamela Chestek <pchestek@xxxxxxxxxx> - Low German translation from Nils-Christoph Fiedler <ncfiedler@xxxxxxxxxxxxxxxxx> - Persian translation from Mostafa Daneshvar <info@xxxxxxxxxxxxxxxxxxxx> -------------------------------------------------------------------------------- ================================================================================ qbittorrent-2.4.8-1.fc12 (FEDORA-2010-16665) A Bittorrent Client -------------------------------------------------------------------------------- Update Information: * Sun Oct 24 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.4.8 - BUGFIX: Fix possible crash on manual peer ban - BUGFIX: Improved hostname resolution code - BUGFIX: Several search plugins fixed - BUGFIX: Auto-disable the shutdown feature - BUGFIX: Remember the current property tab on startup - BUGFIX: Fix status list widget height issue on style change - BUGFIX: Fix rounding issue in torrent progress display - BUGFIX: Fix issue when altering files priorities of a seeding torrent - BUGFIX: Better fix for save path editing issues in torrent addition dialog - BUGFIX: Peers can now be sorted by country * Tue Oct 19 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.4.7 - BUGFIX: Display the priority column when the queueing system gets enabled - BUGFIX: Fix encoding problem in file renaming - BUGFIX: Delete uneeded files on torrent "soft" deletion - BUGFIX: Fix issues when marking a file as 'not downloaded' causes the torrent to complete - BUGFIX: Improved "Set Location" and "Change save path" dialogs - BUGFIX: Fix display of queued seeding torrents * Sun Oct 17 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.4.6 - BUGFIX: Fix "torrent seeding after creation" feature - BUGFIX: The properties panel data would sometimes not match the selected torrent - BUGFIX: Fix detection of files at final destination when temp dir is used - BUGFIX: Fix moving of a torrent to an unexisting directory * Tue Oct 12 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.4.5 - BUGFIX: Remember torrent completion date correctly - BUGFIX: Fix feature to keep incomplete torrents in a separate folder - BUGFIX: Fix display of URL seeds in the UI - BUGFIX: Improved peer hostname resolution with caching - BUGFIX: Piece availability/downloaded widgets performance improvement -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 24 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.4.8-1 - update to 2.4.8 * Mon Oct 18 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.4.6-1 - update to 2.4.6 -------------------------------------------------------------------------------- ================================================================================ qdigidoc-0.4.0-3.fc12 (FEDORA-2010-16708) Estonian digital signature application -------------------------------------------------------------------------------- Update Information: QDigiDoc is an application for digitally signing and encrypting documents in BDoc, DDoc, and CDoc container formats. These file formats are widespread in Estonia where they are used for storing legally binding digital signatures. -------------------------------------------------------------------------------- ================================================================================ root-5.26.00e-1.fc12 (FEDORA-2010-16694) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: Update to version 5.26.00e - for a summary of what was fixed in this version see the release notes at: http://root.cern.ch/drupal/content/root-version-v5-26-00-patch-release-notes -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.26.00e-1 - Update to 5.26.00e - Drop patch fixed upstream: root-tmva-segfault.patch - Add Requires on root-proof to root-proofd -------------------------------------------------------------------------------- ================================================================================ rubygem-ruby-debug-0.10.4-0.6.rc3.fc12 (FEDORA-2010-16703) Command line interface (CLI) for ruby-debug-base -------------------------------------------------------------------------------- Update Information: ruby-debug 0.10.4 rc3 is released. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 0.10.4-0.6.rc2 - 0.10.4 rc3 * Mon Oct 18 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 0.10.4-0.5.rc2 - 0.10.4 rc2 * Tue Sep 21 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 0.10.4-0.4.svn952_trunk - Try using latest svn -------------------------------------------------------------------------------- ================================================================================ rubygem-ruby-debug-base-0.10.4-0.5.rc3.fc12 (FEDORA-2010-16703) Core component for fast Ruby debugger -------------------------------------------------------------------------------- Update Information: ruby-debug 0.10.4 rc3 is released. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 0.10.4-0.5.rc2 - 0.10.4 rc3 * Mon Oct 18 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 0.10.4-0.4.rc2 - 0.10.4 rc2 * Tue Oct 5 2010 jkeating - 0.10.4-0.3.svn952.1 - Rebuilt for gcc bug 634757 * Tue Sep 21 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 0.10.4-0.3.svn952_trunk - Try using latest svn -------------------------------------------------------------------------------- ================================================================================ seamonkey-2.0.9-1.fc12 (FEDORA-2010-16651) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information: Update to new upstream SeaMonkey version 2.0.9, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.9 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 21 2010 Martin Stransky <stransky@xxxxxxxxxx> 2.0.9-1 - Update to 2.0.9 * Wed Oct 13 2010 Martin Stransky <stransky@xxxxxxxxxx> 2.0.8-2 - Added fix for mozbz#522635 -------------------------------------------------------------------------------- ================================================================================ sunbird-1.0-0.25.20090916hg.fc12 (FEDORA-2010-16634) Calendar application built upon Mozilla toolkit -------------------------------------------------------------------------------- Update Information: Update to new upstream Thunderbird version 3.0.9, fixing multiple security issues detailed in the upstream advisory: http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html#thunderbird3.0.9 Update also includes sunbird package rebuilt against new version of Thunderbird. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 20 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-0.25.20090916hg - Rebuild against new Thunderbird -------------------------------------------------------------------------------- ================================================================================ thunderbird-3.0.9-1.fc12 (FEDORA-2010-16634) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: Update to new upstream Thunderbird version 3.0.9, fixing multiple security issues detailed in the upstream advisory: http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html#thunderbird3.0.9 Update also includes sunbird package rebuilt against new version of Thunderbird. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.0.9-1 - Update to 3.0.9 -------------------------------------------------------------------------------- ================================================================================ tomboy-1.0.0-3.fc12 (FEDORA-2010-16701) Note-taking application -------------------------------------------------------------------------------- Update Information: This update fixes a serious bug in the web sync plugin that could ultimately lead to data loss. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 25 2010 Ray Strode <rstrode@xxxxxxxxxx> 1.0.0-3 - Fix websync regex Resolves: #646676 -------------------------------------------------------------------------------- References: [ 1 ] Bug #646676 - Note data loss with Tomboy sync, for notes created in Gnote https://bugzilla.redhat.com/show_bug.cgi?id=646676 -------------------------------------------------------------------------------- ================================================================================ usbmuxd-1.0.6-1.fc12 (FEDORA-2010-16661) Daemon for communicating with Apple's iPod Touch and iPhone -------------------------------------------------------------------------------- Update Information: New upstream release with suport for newer hardware -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 24 2010 Peter Robinson <pbrobinson@xxxxxxxxx> 1.0.6-1 - New stable 1.0.6 release -------------------------------------------------------------------------------- ================================================================================ vanessa_adt-0.0.7-6.fc12 (FEDORA-2010-16644) Library of Abstract Data Types -------------------------------------------------------------------------------- References: [ 1 ] Bug #518316 - Review Request: vanessa_adt - Library of Abstract Data Types https://bugzilla.redhat.com/show_bug.cgi?id=518316 -------------------------------------------------------------------------------- ================================================================================ xoo-0.7-12.fc12 (FEDORA-2010-16631) Xoo is a graphical wrapper around xnest -------------------------------------------------------------------------------- Update Information: Implicit DSO linking fix. -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 23 2010 Paul Wouters <paul@xxxxxxxxxxxxx> - 0.7-12 - bz#599871 FTBFS xoo-0.7-11.fc12: ImplicitDSOLinking fix -------------------------------------------------------------------------------- References: [ 1 ] Bug #599871 - FTBFS xoo-0.7-11.fc12: ImplicitDSOLinking https://bugzilla.redhat.com/show_bug.cgi?id=599871 -------------------------------------------------------------------------------- ================================================================================ xpdf-3.02-16.fc12 (FEDORA-2010-16705) A PDF file viewer for the X Window System -------------------------------------------------------------------------------- Update Information: apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1:3.02-16 - apply xpdf-3.02pl5 security patch to fix: CVE-2010-3702, CVS-2010-3704 -------------------------------------------------------------------------------- References: [ 1 ] Bug #595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=595245 [ 2 ] Bug #638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() https://bugzilla.redhat.com/show_bug.cgi?id=638960 -------------------------------------------------------------------------------- ================================================================================ xulrunner-1.9.1.14-1.fc12 (FEDORA-2010-16554) XUL Runtime for Gecko Applications -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.14, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.9.1.14-1 - Update to 1.9.1.14 -------------------------------------------------------------------------------- References: [ 1 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw https://bugzilla.redhat.com/show_bug.cgi?id=642300 [ 2 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls https://bugzilla.redhat.com/show_bug.cgi?id=642294 [ 3 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs https://bugzilla.redhat.com/show_bug.cgi?id=642290 [ 4 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter https://bugzilla.redhat.com/show_bug.cgi?id=642286 [ 5 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp https://bugzilla.redhat.com/show_bug.cgi?id=642283 [ 6 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write https://bugzilla.redhat.com/show_bug.cgi?id=642277 [ 7 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=642272 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test