The following Fedora 12 Security updates need testing:
https://admin.fedoraproject.org/updates/bzip2-1.0.6-1.fc12
https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.fc12
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-3.fc12
https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc12
https://admin.fedoraproject.org/updates/openldap-2.4.19-6.fc12
https://admin.fedoraproject.org/updates/firefox-3.5.15-1.fc12,xulrunner-1.9.1.15-1.fc12,mozvoikko-1.0-14.fc12,gnome-web-photo-0.9-11.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.17,gnome-python2-extras-2.25.3-22.fc12,galeon-2.0.7-27.fc12
https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc12
https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12
https://admin.fedoraproject.org/updates/gnucash-2.2.9-5.fc12
https://admin.fedoraproject.org/updates/seamonkey-2.0.9-1.fc12
https://admin.fedoraproject.org/updates/pidgin-2.7.4-1.fc12
https://admin.fedoraproject.org/updates/gif2png-2.5.1-1202.fc12
https://admin.fedoraproject.org/updates/xpdf-3.02-16.fc12
https://admin.fedoraproject.org/updates/luci-0.22.4-2.0.b9faf868074git.fc12
https://admin.fedoraproject.org/updates/cvs-1.11.23-9.fc12
https://admin.fedoraproject.org/updates/clamav-0.96.3-1200.fc12
https://admin.fedoraproject.org/updates/nss-util-3.12.8-1.fc12,nss-softokn-3.12.8-1.fc12,nss-3.12.8-2.fc12
https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc12
https://admin.fedoraproject.org/updates/pyftpdlib-0.5.2-1.fc12
https://admin.fedoraproject.org/updates/thunderbird-3.0.9-1.fc12,sunbird-1.0-0.25.20090916hg.fc12
https://admin.fedoraproject.org/updates/glibc-2.11.2-3
https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc12
https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc12
The following builds have been pushed to Fedora 12 updates-testing
389-admin-1.1.12-0.2.a2.fc12
389-adminutil-1.1.13-1.fc12
389-ds-base-1.2.7-0.6.a3.fc12
389-dsgw-1.1.6-1.fc12
banshee-1.6.1-4.fc12
firefox-3.5.15-1.fc12
galeon-2.0.7-27.fc12
glpi-0.72.4-3.svn11497.fc12
gnome-python2-extras-2.25.3-22.fc12
gnome-web-photo-0.9-11.fc12
kdepim-4.4.7-1.fc12
kdepim-runtime-4.4.7-1.fc12
mozilla-firetray-0.2.8-3.fc12
mozvoikko-1.0-14.fc12
perl-Gtk2-MozEmbed-0.08-6.fc12.17
xscreensaver-5.12-6.fc12
xulrunner-1.9.1.15-1.fc12
Details about builds:
================================================================================
389-admin-1.1.12-0.2.a2.fc12 (FEDORA-2010-16904)
389 Administration Server (admin)
--------------------------------------------------------------------------------
Update Information:
the 1.2.7 alpha 3 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 26 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.12-0.2.a2
- fix mozldap build breakage
* Tue Sep 28 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.12-0.1.a1
- This is the 1.1.12 alpha 1 release - with openldap support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
389-adminutil-1.1.13-1.fc12 (FEDORA-2010-16904)
Utility library for 389 administration
--------------------------------------------------------------------------------
Update Information:
the 1.2.7 alpha 3 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 22 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.13-1
- add nss_inc to libadminutil build flags
* Tue Oct 19 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.12-1
- fix building with mozldap
* Tue Oct 19 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.11-1
- the 1.1.11 release
* Fri Feb 26 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.10-1
- Bug 460168 - FedoraDS' adminutil requires non-existent "icu.pc" on non-RH/Fedora systems
- this is the 1.1.10 release
* Thu Jan 14 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.9-1
- make sure we can find ICU genrb on all platforms
- this is the 1.1.9 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
389-ds-base-1.2.7-0.6.a3.fc12 (FEDORA-2010-16904)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
the 1.2.7 alpha 3 release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 27 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.6.a3
- fix more git merge problems
* Wed Oct 27 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.5.a3
- fix git merge problems
* Wed Oct 27 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.4.a3
- 1.2.7.a3 release - a2 was never released - this is a rebuild to pick up
- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs
- Adding the ancestorid fix code to ##upgradednformat.pl.
* Fri Oct 22 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.3.a3
- 1.2.7.a3 release - a2 was never released
- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs
- Bug 629681 - Retro Changelog trimming does not behave as expected
- Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif
- are not upgraded in the server instance schema dir
* Tue Oct 19 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.2.a2
- 1.2.7.a2 release - a1 was the OpenLDAP testday release
- git tag 389-ds-base-1.2.7.a2
- added openldap support on platforms that use openldap with moznss
- for crypto (F-14 and later)
- many bug fixes
- Account Policy Plugin (keep track of last login, disable old accounts)
* Fri Oct 8 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.1.a1
- added openldap support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
389-dsgw-1.1.6-1.fc12 (FEDORA-2010-16904)
389 Directory Server Gateway (dsgw)
--------------------------------------------------------------------------------
Update Information:
the 1.2.7 alpha 3 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 8 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.6-1
- bump version to 1.1.6
- support for openldap
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
banshee-1.6.1-4.fc12 (FEDORA-2010-16907)
Easily import, manage, and play selections from your music collection
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 25 2010 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 1.6.1-4
- Add a patch to fix CVE-2010-3998
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644554 - CVE-2010-3998 banshee: insecure library loading vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=644554
--------------------------------------------------------------------------------
================================================================================
firefox-3.5.15-1.fc12 (FEDORA-2010-16885)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories:
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 27 2010 Martin Stransky <stransky@xxxxxxxxxx> - 3.5.15-1
- Update to 3.5.15
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.5.14-1
- Update to 3.5.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 9 ] Bug #646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
https://bugzilla.redhat.com/show_bug.cgi?id=646997
--------------------------------------------------------------------------------
================================================================================
galeon-2.0.7-27.fc12 (FEDORA-2010-16885)
GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories:
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-27
- Rebuild against newer gecko
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-26
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 9 ] Bug #646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
https://bugzilla.redhat.com/show_bug.cgi?id=646997
--------------------------------------------------------------------------------
================================================================================
glpi-0.72.4-3.svn11497.fc12 (FEDORA-2010-16905)
Free IT asset management software
--------------------------------------------------------------------------------
Update Information:
Switch to system phpCAS.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 20 2010 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> - 0.72.4-3.svn11497
- use system phpCAS instead of bundled copy
- minor bug fixes from SVN
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #620743 - CVE-2010-2795 php-pear-CAS: authenticated session hijack by providing new well formed ticket (PHPCAS-61)
https://bugzilla.redhat.com/show_bug.cgi?id=620743
[ 2 ] Bug #620751 - CVE-2010-2796 php-pear-CAS: XSS in proxy mode (PHPCAS-67)
https://bugzilla.redhat.com/show_bug.cgi?id=620751
[ 3 ] Bug #646659 - CVE-2010-3690 CVE-2010-3691 CVE-2010-3692 phpCAS: multiple vulnerabilities fixes in 1.1.3
https://bugzilla.redhat.com/show_bug.cgi?id=646659
--------------------------------------------------------------------------------
================================================================================
gnome-python2-extras-2.25.3-22.fc12 (FEDORA-2010-16885)
Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories:
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.25.3-22
- Rebuild against newer gecko
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 2.25.3-21
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 9 ] Bug #646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
https://bugzilla.redhat.com/show_bug.cgi?id=646997
--------------------------------------------------------------------------------
================================================================================
gnome-web-photo-0.9-11.fc12 (FEDORA-2010-16885)
HTML pages thumbnailer
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories:
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.9-11
- Rebuild against newer gecko
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.9-10
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 9 ] Bug #646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
https://bugzilla.redhat.com/show_bug.cgi?id=646997
--------------------------------------------------------------------------------
================================================================================
kdepim-4.4.7-1.fc12 (FEDORA-2010-16918)
KDE PIM (Personal Information Manager) applications
--------------------------------------------------------------------------------
Update Information:
Bugfix release. See also,
http://www.kdedevelopers.org/node/4344
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 22 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 4.4.7-1
- update to 4.4.7
--------------------------------------------------------------------------------
================================================================================
kdepim-runtime-4.4.7-1.fc12 (FEDORA-2010-16918)
KDE PIM Runtime Environment
--------------------------------------------------------------------------------
Update Information:
Bugfix release. See also,
http://www.kdedevelopers.org/node/4344
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 22 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 4.4.7-1
- update to 4.4.7
--------------------------------------------------------------------------------
================================================================================
mozilla-firetray-0.2.8-3.fc12 (FEDORA-2010-16887)
A system tray addon for mozilla
--------------------------------------------------------------------------------
Update Information:
Please test if update goes fine from mozilla-firetray-sunbird-0.2.8-2
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 24 2010 Hicham HAOUARI <hicham.haouari@xxxxxxxxx> - 0.2.8-3
- Symlink the extension's directory for sunbird the same way of the
other applications using gecko >= 1.9.2, fixes rhbz #646185
- Add workaround for rhbz #646523
- Spec cleanup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #646185 - mozilla-firetray-sunbird prevents sunbird from starting
https://bugzilla.redhat.com/show_bug.cgi?id=646185
--------------------------------------------------------------------------------
================================================================================
mozvoikko-1.0-14.fc12 (FEDORA-2010-16885)
Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories:
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-14
- Rebuild against newer gecko
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-13
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 9 ] Bug #646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
https://bugzilla.redhat.com/show_bug.cgi?id=646997
--------------------------------------------------------------------------------
================================================================================
perl-Gtk2-MozEmbed-0.08-6.fc12.17 (FEDORA-2010-16885)
Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories:
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.08-6.17
- Rebuild against newer gecko
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 0.08-6.16
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 9 ] Bug #646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
https://bugzilla.redhat.com/show_bug.cgi?id=646997
--------------------------------------------------------------------------------
================================================================================
xscreensaver-5.12-6.fc12 (FEDORA-2010-16899)
X screen saver and locker
--------------------------------------------------------------------------------
Update Information:
Currently lauching xscreensaver-demo shows GTK warning about using non-zero value of page-size when using GtkSpinButton. This issue is fixed in this rpm.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 28 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1:5.12-6
- Remove GTK warning about non-zero page-size on GtkSpinButton
--------------------------------------------------------------------------------
================================================================================
xulrunner-1.9.1.15-1.fc12 (FEDORA-2010-16885)
XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories:
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15
Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 27 2010 Martin Stransky <stransky@xxxxxxxxxx> - 1.9.1.15-1
- Update to 1.9.1.15
* Tue Oct 19 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.9.1.14-1
- Update to 1.9.1.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 9 ] Bug #646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
https://bugzilla.redhat.com/show_bug.cgi?id=646997
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
