The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/thunderbird-3.1.5-1.fc13,sunbird-1.0-0.29.b2pre.fc13
https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.fc13
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-11.fc13
https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc13
https://admin.fedoraproject.org/updates/perl-libwww-perl-5.837-2.fc13
https://admin.fedoraproject.org/updates/monotone-0.48.1-1.fc13
https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc13
https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13
https://admin.fedoraproject.org/updates/luci-0.22.4-2.0.b9faf868074git.fc13
https://admin.fedoraproject.org/updates/xpdf-3.02-16.fc13
https://admin.fedoraproject.org/updates/clamav-0.96.3-1400.fc13
https://admin.fedoraproject.org/updates/gnucash-2.3.15-2.fc13
https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc13
https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc13
https://admin.fedoraproject.org/updates/seamonkey-2.0.9-1.fc13
https://admin.fedoraproject.org/updates/pidgin-2.7.4-1.fc13
The following builds have been pushed to Fedora 13 updates-testing
389-admin-1.1.12-0.2.a2.fc13
389-adminutil-1.1.13-1.fc13
389-ds-base-1.2.7-0.6.a3.fc13
389-dsgw-1.1.6-1.fc13
banshee-1.6.1-4.fc13
glpi-0.72.4-3.svn11497.fc13
kcm-gtk-0.5.3-5.fc13
kcm_touchpad-0.3.1-3.fc13
kdebase3-3.5.10-17.fc13
kdepim-4.4.7-1.fc13.1
kdepim-runtime-4.4.7-1.fc13.1
libguestfs-1.4.3-5.fc13
monotone-0.48.1-1.fc13
mozilla-firetray-0.2.8-3.fc13
perl-Pegex-0.11-1.fc13
virt-what-1.3-3.fc13
xscreensaver-5.12-6.fc13
Details about builds:
================================================================================
389-admin-1.1.12-0.2.a2.fc13 (FEDORA-2010-16911)
389 Administration Server (admin)
--------------------------------------------------------------------------------
Update Information:
the 1.2.7 alpha 3 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 26 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.12-0.2.a2
- fix mozldap build breakage
* Tue Sep 28 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.12-0.1.a1
- This is the 1.1.12 alpha 1 release - with openldap support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
389-adminutil-1.1.13-1.fc13 (FEDORA-2010-16911)
Utility library for 389 administration
--------------------------------------------------------------------------------
Update Information:
the 1.2.7 alpha 3 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 22 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.13-1
- add nss_inc to libadminutil build flags
* Tue Oct 19 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.12-1
- fix building with mozldap
* Tue Oct 19 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.11-1
- the 1.1.11 release
* Fri Feb 26 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.10-1
- Bug 460168 - FedoraDS' adminutil requires non-existent "icu.pc" on non-RH/Fedora systems
- this is the 1.1.10 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
389-ds-base-1.2.7-0.6.a3.fc13 (FEDORA-2010-16911)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
the 1.2.7 alpha 3 release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 27 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.6.a3
- fix more git merge problems
* Wed Oct 27 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.5.a3
- fix git merge problems
* Wed Oct 27 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.4.a3
- 1.2.7.a3 release - a2 was never released - this is a rebuild to pick up
- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs
- Adding the ancestorid fix code to ##upgradednformat.pl.
* Fri Oct 22 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.3.a3
- 1.2.7.a3 release - a2 was never released
- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs
- Bug 629681 - Retro Changelog trimming does not behave as expected
- Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif
- are not upgraded in the server instance schema dir
* Tue Oct 19 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.2.a2
- 1.2.7.a2 release - a1 was the OpenLDAP testday release
- git tag 389-ds-base-1.2.7.a2
- added openldap support on platforms that use openldap with moznss
- for crypto (F-14 and later)
- many bug fixes
- Account Policy Plugin (keep track of last login, disable old accounts)
* Fri Oct 8 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.1.a1
- added openldap support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
389-dsgw-1.1.6-1.fc13 (FEDORA-2010-16911)
389 Directory Server Gateway (dsgw)
--------------------------------------------------------------------------------
Update Information:
the 1.2.7 alpha 3 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 8 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.6-1
- bump version to 1.1.6
- support for openldap
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
banshee-1.6.1-4.fc13 (FEDORA-2010-16916)
Easily import, manage, and play selections from your music collection
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 25 2010 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 1.6.1-4
- Add a patch to fix CVE-2010-3998
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644554 - CVE-2010-3998 banshee: insecure library loading vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=644554
--------------------------------------------------------------------------------
================================================================================
glpi-0.72.4-3.svn11497.fc13 (FEDORA-2010-16912)
Free IT asset management software
--------------------------------------------------------------------------------
Update Information:
Switch to system phpCAS.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 20 2010 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> - 0.72.4-3.svn11497
- use system phpCAS instead of bundled copy
- minor bug fixes from SVN
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #620743 - CVE-2010-2795 php-pear-CAS: authenticated session hijack by providing new well formed ticket (PHPCAS-61)
https://bugzilla.redhat.com/show_bug.cgi?id=620743
[ 2 ] Bug #620751 - CVE-2010-2796 php-pear-CAS: XSS in proxy mode (PHPCAS-67)
https://bugzilla.redhat.com/show_bug.cgi?id=620751
[ 3 ] Bug #646659 - CVE-2010-3690 CVE-2010-3691 CVE-2010-3692 phpCAS: multiple vulnerabilities fixes in 1.1.3
https://bugzilla.redhat.com/show_bug.cgi?id=646659
--------------------------------------------------------------------------------
================================================================================
kcm-gtk-0.5.3-5.fc13 (FEDORA-2010-16895)
Configure the appearance of GTK apps in KDE
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 8 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.5.3-5
- kcm-gtk : "GTK+ Appearance" in systemsettings->lost and found (#628381)
- Requires: kdebase-runtime
* Wed Jul 7 2010 Ville Skyttà <ville.skytta@xxxxxx> - 0.5.3-4
- Apply modified upstream patch to add cursor theme support (#600976).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #628381 - kcm-gtk : "GTK+ Appearance" in systemsettings->lost and found
https://bugzilla.redhat.com/show_bug.cgi?id=628381
--------------------------------------------------------------------------------
================================================================================
kcm_touchpad-0.3.1-3.fc13 (FEDORA-2010-16884)
Synaptics driver based touchpads kcontrol module
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 7 2010 Ryan Rix <ry@xxxxxxxx> - 0.3.1-3
- Update the category to adhere to new SC 4.5 systemsettings layout. Will now
appear under the "input devices" section.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #628378 - kcm_touchpad: systemsettings item in "lost and found"
https://bugzilla.redhat.com/show_bug.cgi?id=628378
--------------------------------------------------------------------------------
================================================================================
kdebase3-3.5.10-17.fc13 (FEDORA-2010-16910)
KDE 3 core files
--------------------------------------------------------------------------------
Update Information:
Removes errant Obsoletes/Provides: kdebase(-devel), which can cause
dependency problems elsewhere.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 10 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 3.5.10-17
- drop old Obsoletes/Provides: kdebase(-devel)
--------------------------------------------------------------------------------
================================================================================
kdepim-4.4.7-1.fc13.1 (FEDORA-2010-16903)
KDE PIM (Personal Information Manager) applications
--------------------------------------------------------------------------------
Update Information:
Latest kdepim-4.4.x bugfix release. See also,
http://www.kdedevelopers.org/node/4344
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.4.7-1.1
- rebuild for kde-4.5 (f13)
* Fri Oct 22 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 4.4.7-1
- update to 4.4.7
* Tue Oct 19 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 6:4.4.6-4
- own %_libdir/akonadi/contact (#644540)
* Thu Oct 14 2010 Jesse Keating <jkeating@xxxxxxxxxx> - 6:4.4.6-3.1
- Rebuild for gcc bug 634757
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #628379 - kdepim-runtime : Akonadi Configuration shows in systemsettings->lost and found
https://bugzilla.redhat.com/show_bug.cgi?id=628379
--------------------------------------------------------------------------------
================================================================================
kdepim-runtime-4.4.7-1.fc13.1 (FEDORA-2010-16903)
KDE PIM Runtime Environment
--------------------------------------------------------------------------------
Update Information:
Latest kdepim-4.4.x bugfix release. See also,
http://www.kdedevelopers.org/node/4344
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.4.7-1.1
- rebuild for kde-4.5 (f13)
* Fri Oct 22 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 4.4.7-1
- update to 4.4.7-1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #628379 - kdepim-runtime : Akonadi Configuration shows in systemsettings->lost and found
https://bugzilla.redhat.com/show_bug.cgi?id=628379
--------------------------------------------------------------------------------
================================================================================
libguestfs-1.4.3-5.fc13 (FEDORA-2010-16913)
Access and modify virtual machine disk images
--------------------------------------------------------------------------------
Update Information:
Fix networking in the appliance.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Marek Goldmann <mgoldman@xxxxxxxxxx> - 1:1.4.3-5
- Fix networking in the appliance.
--------------------------------------------------------------------------------
================================================================================
monotone-0.48.1-1.fc13 (FEDORA-2010-16902)
A free, distributed version control system
--------------------------------------------------------------------------------
Update Information:
Update to monotone-0.48.1, which contains a fix for a DoS:
Running "mtn ''" or "mtn ls ''" doesn't cause an internal error anymore. In monotone 0.48 and earlier this behavior could be used to crash a server remotely (but only if it was configured to allow execution of remote commands). Therefore everyone running such a server should update as soon as possible.
There's also a fix for a non-critical issue:
Using mtn:// style URIs for netsync operations didn't work with 0.48 on systems which only have a 'monotone' entry in /etc/services. Failing to find a corresponding entry for the schema in a given URI isn't considered fatal now, instead mtn falls back to its default port.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 27 2010 Thomas Moschny <thomas.moschny@xxxxxx> - 0.48.1-1
- Update to 0.48.1.
- Add patch from upstream to support newer sqlite.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #647302 - CVE-2010-4098 monotone: remote DoS via empty arg to mtn command
https://bugzilla.redhat.com/show_bug.cgi?id=647302
--------------------------------------------------------------------------------
================================================================================
mozilla-firetray-0.2.8-3.fc13 (FEDORA-2010-16898)
A system tray addon for mozilla
--------------------------------------------------------------------------------
Update Information:
Please test if update goes fine from mozilla-firetray-sunbird-0.2.8-2
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 24 2010 Hicham HAOUARI <hicham.haouari@xxxxxxxxx> - 0.2.8-3
- Symlink the extension's directory for sunbird the same way of the
other applications using gecko >= 1.9.2, fixes rhbz #646185
- Add workaround for rhbz #646523
- Spec cleanup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #646185 - mozilla-firetray-sunbird prevents sunbird from starting
https://bugzilla.redhat.com/show_bug.cgi?id=646185
--------------------------------------------------------------------------------
================================================================================
perl-Pegex-0.11-1.fc13 (FEDORA-2010-16900)
Pegex Parser Generator
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #639684 - Review Request: perl-Pegex - Pegex Parser Generator
https://bugzilla.redhat.com/show_bug.cgi?id=639684
--------------------------------------------------------------------------------
================================================================================
virt-what-1.3-3.fc13 (FEDORA-2010-16894)
Detect if we are running in a virtual machine
--------------------------------------------------------------------------------
Update Information:
virt-what - detect if we are running in a virtual machine.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644259 - Review Request: virt-what - detect if we are running in a virtual machine
https://bugzilla.redhat.com/show_bug.cgi?id=644259
--------------------------------------------------------------------------------
================================================================================
xscreensaver-5.12-6.fc13 (FEDORA-2010-16901)
X screen saver and locker
--------------------------------------------------------------------------------
Update Information:
Currently lauching xscreensaver-demo shows GTK warning about using non-zero value of page-size when using GtkSpinButton. This issue is fixed in this rpm.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1:5.12-6
- Remove GTK warning about non-zero page-size on GtkSpinButton
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
