The following Fedora 13 Security updates need testing: https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.fc13 https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc13 https://admin.fedoraproject.org/updates/gnome-xcf-thumbnailer-1.0-4.fc13 https://admin.fedoraproject.org/updates/monotone-0.48.1-1.fc13 https://admin.fedoraproject.org/updates/seamonkey-2.0.10-1.fc13 https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc13 https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13 https://admin.fedoraproject.org/updates/xpdf-3.02-16.fc13 https://admin.fedoraproject.org/updates/clamav-0.96.3-1400.fc13 https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc13 https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc13 https://admin.fedoraproject.org/updates/gromacs-4.5.2-1.fc13 https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc13 https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc13 https://admin.fedoraproject.org/updates/pootle-2.1.2-1.fc13 https://admin.fedoraproject.org/updates/libsmi-0.4.8-5.fc13 The following Fedora 13 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/gawk-3.1.8-2.fc13 https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc13 https://admin.fedoraproject.org/updates/crontabs-1.11-1.20101022git.fc13 https://admin.fedoraproject.org/updates/gnome-settings-daemon-2.30.1-9.fc13 https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-69.fc13 https://admin.fedoraproject.org/updates/upstart-0.6.5-7.fc13 https://admin.fedoraproject.org/updates/libgsf-1.14.18-1.fc13 https://admin.fedoraproject.org/updates/goddard-kde-theme-13.1.0-1.fc13,fedora-logos-13.0.2-2.fc13,generic-logos-13.0.1-2.fc13,kde-settings-4.4-21.fc13 https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13 https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13 https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13 https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13 The following builds have been pushed to Fedora 13 updates-testing 389-ds-base-1.2.7-0.7.a4.fc13 cmake-fedora-0.3.0-1.fc13 crontabs-1.11-1.20101022git.fc13 gawk-3.1.8-2.fc13 gromacs-4.5.2-1.fc13 libsmi-0.4.8-5.fc13 libunicap-0.9.12-6.fc13 libvpx-0.9.5-1.fc13 mbuffer-20100526-2.fc13 mercurial-1.7-3.fc13 mesa-7.8.2-1.fc13 mysql-5.1.52-1.fc13 nagios-plugins-check-updates-1.4.9-1.fc13 pam-1.1.1-6.fc13 perl-DBIx-SearchBuilder-1.58-1.fc13 perl-DateTime-Format-Natural-0.91-1.fc13 perl-Term-ProgressBar-2.09-9.fc13 pidgin-2.7.5-1.fc13 proftpd-1.3.3c-1.fc13 python-redis-2.0.0-1.fc13 python-sphinx-0.6.6-3.fc13 rabbitmq-server-2.1.1-1.fc13 seamonkey-2.0.10-1.fc13 wifi-radar-2.0.s08-1.fc13 Details about builds: ================================================================================ 389-ds-base-1.2.7-0.7.a4.fc13 (FEDORA-2010-17083) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: 1.2.7.a4 release - git tag 389-ds-base-1.2.7.a4 Bug 647932 - multiple memberOf configuration adding memberOf where there is no member Bug 491733 - dbtest crashes Bug 606545 - core schema should include numSubordinates Bug 638773 - permissions too loose on pid and lock files Bug 189985 - Improve attribute uniqueness error message Bug 619623 - attr-unique-plugin ignores requiredObjectClass on modrdn operations Bug 619633 - Make attribute uniqueness obey requiredObjectClass This is the 389-ds-base 1.2.7 Alpha 3 release. On Fedora 14 and later, this package uses openldap instead of mozldap. This release fixes some serious problems with upgrade and replication, as well as many other bugs. new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . This is the 389-ds-base 1.2.7 Alpha 3 release. On Fedora 14 and later, this package uses openldap instead of mozldap. This release fixes some serious problems with upgrade and replication, as well as many other bugs. new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . This is the 389-ds-base 1.2.7 Alpha 3 release. On Fedora 14 and later, this package uses openldap instead of mozldap. This release fixes some serious problems with upgrade and replication, as well as many other bugs. new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . This is the 389-ds-base 1.2.7 Alpha 3 release. On Fedora 14 and later, this package uses openldap instead of mozldap. This release fixes some serious problems with upgrade and replication, as well as many other bugs. new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . new release 1.2.6.1 to fix several moderate bugs: Bug 634561 - Server crushes when using Windows Sync Agreement Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 612264 - ACI issue with (targetattr='userPassword') Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" Bug 631862 - crash - delete entries not in cache + referint Put back the selinux dependencies I removed during a merge commit . . . -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.7.a4 - 1.2.7.a4 release - git tag 389-ds-base-1.2.7.a4 - Bug 647932 - multiple memberOf configuration adding memberOf where there is no member - Bug 491733 - dbtest crashes - Bug 606545 - core schema should include numSubordinates - Bug 638773 - permissions too loose on pid and lock files - Bug 189985 - Improve attribute uniqueness error message - Bug 619623 - attr-unique-plugin ignores requiredObjectClass on modrdn operations - Bug 619633 - Make attribute uniqueness obey requiredObjectClass * Wed Oct 27 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.6.a3 - fix more git merge problems * Wed Oct 27 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.5.a3 - fix git merge problems * Wed Oct 27 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.4.a3 - 1.2.7.a3 release - a2 was never released - this is a rebuild to pick up - Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs - Adding the ancestorid fix code to ##upgradednformat.pl. * Fri Oct 22 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.3.a3 - 1.2.7.a3 release - a2 was never released - Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs - Bug 629681 - Retro Changelog trimming does not behave as expected - Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif - are not upgraded in the server instance schema dir * Tue Oct 19 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.2.a2 - 1.2.7.a2 release - a1 was the OpenLDAP testday release - git tag 389-ds-base-1.2.7.a2 - added openldap support on platforms that use openldap with moznss - for crypto (F-14 and later) - many bug fixes - Account Policy Plugin (keep track of last login, disable old accounts) * Fri Oct 8 2010 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.7-0.1.a1 - added openldap support -------------------------------------------------------------------------------- References: [ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7 https://bugzilla.redhat.com/show_bug.cgi?id=576869 [ 2 ] Bug #634561 - Server crushes when using Windows Sync Agreement https://bugzilla.redhat.com/show_bug.cgi?id=634561 [ 3 ] Bug #631862 - crash - delete entries not in cache + referint https://bugzilla.redhat.com/show_bug.cgi?id=631862 -------------------------------------------------------------------------------- ================================================================================ cmake-fedora-0.3.0-1.fc13 (FEDORA-2010-17117) CMake helper modules for fedora developers -------------------------------------------------------------------------------- Update Information: - New macro: SETTING_FILE_GET_VARIABLES_PATTERN - New macro: PACK_SOURCE_FILES - Fixed: Variable lost in SETTING_FILE_GET_ALL_VARIABLES and SETTING_FILE_GET_VARABLE. - Fixed: Variable values won't apply in SETTING_FILE_GET_ALL_VARIABLES - UseUninstall finds cmake_uninstall.in in additional paths: /usr/share/cmake/Modules and /usr/share/cmake/Modules - Minor improvements in CMakeLists.txt and project.spec.in templates. - Add new project building script. - Build for EL-5, EL-6 - Add el5, el6 build. - Fixed errors in UseFedpkg. - Fixed target: tag - Fixed target: bodhi_new Initial submission. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 2 2010 Ding-Yi Chen <dchen at redhat.com> - 0.3.0-1 - New macro: SETTING_FILE_GET_VARIABLES_PATTERN - New macro: PACK_SOURCE_FILES - Fixed: Variable lost in SETTING_FILE_GET_ALL_VARIABLES and SETTING_FILE_GET_VARABLE. - Fixed: Variable values won't apply in SETTING_FILE_GET_ALL_VARIABLES - UseUninstall finds cmake_uninstall.in in additional paths: /usr/share/cmake/Modules and /usr/share/cmake/Modules - Minor improvements in CMakeLists.txt and project.spec.in templates. * Wed Oct 20 2010 Ding-Yi Chen <dchen at redhat.com> - 0.2.4-1 - cmake-fedora-newprj.sh: New option "-e" that extract value from specified spec or spec.in. - Now usage is printed instead of junk output when project_name is not given. - Source code (whatever is packed) and tarball dependency now checked. -------------------------------------------------------------------------------- References: [ 1 ] Bug #639816 - Review Request: cmake-fedora - CMake helper modules for fedora developers https://bugzilla.redhat.com/show_bug.cgi?id=639816 -------------------------------------------------------------------------------- ================================================================================ crontabs-1.11-1.20101022git.fc13 (FEDORA-2010-17125) Root crontab files used to schedule the execution of programs -------------------------------------------------------------------------------- Update Information: Add --list option on users request. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Marcela MaÅlÃÅovà <mmaslano@xxxxxxxxxx> 1.11-1 - use sources from source fedorahosted * Mon Oct 18 2010 Marcela MaÅlÃÅovà <mmaslano@xxxxxxxxxx> 1.10-34 - add --list option into run-parts * Wed Mar 24 2010 Marcela MaÅlÃÅovà <mmaslano@xxxxxxxxxx> 1.10-33 - remove useless seting of home to "/" -------------------------------------------------------------------------------- ================================================================================ gawk-3.1.8-2.fc13 (FEDORA-2010-17093) The GNU version of the awk text processing utility -------------------------------------------------------------------------------- Update Information: - fix #629196: Double free in free_wstr - fix license tag, add description - remove BuildRoot tag - add byacc to BuildRequires - follow updated libsigsegv option in configure script -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 2 2010 Vojtech Vitek (V-Teq) <vvitek@xxxxxxxxxx> - 3.1.8-2 - fix #629196: Double free in free_wstr - fix license tag, add description - remove BuildRoot tag -------------------------------------------------------------------------------- References: [ 1 ] Bug #629196 - gawk regression from RHEL3/4 https://bugzilla.redhat.com/show_bug.cgi?id=629196 -------------------------------------------------------------------------------- ================================================================================ gromacs-4.5.2-1.fc13 (FEDORA-2010-17139) Fast, Free and Flexible Molecular Dynamics -------------------------------------------------------------------------------- Update Information: Upgrade to 4.5.2, fixing CVE-2010-4001 and a bunch of other bugs. See full release notes at http://www.gromacs.org/About_Gromacs/Release_Notes/Versions_4.5.x . -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.2-1 - Update to 4.5.2. * Wed Oct 27 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.1-2 - Patch around #644950. - Split libraries in own packages to avoid multilib problems. -------------------------------------------------------------------------------- References: [ 1 ] Bug #644596 - CVE-2010-4001 gromacs: insecure library loading vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=644596 -------------------------------------------------------------------------------- ================================================================================ libsmi-0.4.8-5.fc13 (FEDORA-2010-17096) A library to access SMI MIB information -------------------------------------------------------------------------------- Update Information: Resolve CVE-2010-2891 - LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 0.4.8-5 - fix CVE-2010-2891 * Thu Feb 25 2010 Radek Vokal <rvokal@xxxxxxxxxx> - 0.4.8-4 - fix lincese field, based on the tarball project is now GPL+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #647520 - CVE-2010-2891 libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=647520 -------------------------------------------------------------------------------- ================================================================================ libunicap-0.9.12-6.fc13 (FEDORA-2010-17099) Library to access different kinds of (video) capture devices -------------------------------------------------------------------------------- Update Information: fix a crasher bug introduced by libunicap-0.9.12-memerrs.patch (#647880) Use ATTRS rather SYSFS for udev where appropriate (#643729) -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 2 2010 Kamil Dudka <kdudka@xxxxxxxxxx> 0.9.12-6 - fix a crasher bug introduced by libunicap-0.9.12-memerrs.patch (#647880) * Fri Oct 29 2010 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.9.12-5 - Use ATTRS rather SYSFS for udev where appropriate (#643729) -------------------------------------------------------------------------------- References: [ 1 ] Bug #647880 - double-free in v4l2_cpi_close() https://bugzilla.redhat.com/show_bug.cgi?id=647880 [ 2 ] Bug #643729 - Please update 50-euvccam.rules (SYSFS deprecated) https://bugzilla.redhat.com/show_bug.cgi?id=643729 -------------------------------------------------------------------------------- ================================================================================ libvpx-0.9.5-1.fc13 (FEDORA-2010-17151) VP8 Video Codec SDK -------------------------------------------------------------------------------- Update Information: Update to 0.9.5. Notable bugfixes since 0.9.1 include: - Fix two-pass framrate for Y4M input. - Replace pinsrw (SSE) with MMX instructions - Fixed rate control bug with long key frame interval. - Fix DSO link errors on x86-64 when not using a version script - Fixed buffer selection for UV in AltRef filtering - Improve handling of invalid frames - Fix valgrind errors in the NEON loop filters. - Fix loopfilter delta zero transitions Full changelogs here: http://review.webmproject.org/gitweb?p=libvpx.git;a=blob_plain;f=CHANGELOG;hb=686b217ed7fa3d77ac4b7c7754edaecbd2acc1f4 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> 0.9.5-1 - update to 0.9.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #647990 - [RFE] Update to 0.9.5 https://bugzilla.redhat.com/show_bug.cgi?id=647990 -------------------------------------------------------------------------------- ================================================================================ mbuffer-20100526-2.fc13 (FEDORA-2010-17142) Measuring Buffer is an enhanced version of buffer -------------------------------------------------------------------------------- Update Information: * Mon Nov 02 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 20100526-3 - Removed ever piece of md5 * Mon Nov 01 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 20100526-2 - Rebuild with md5hash as requested in #608943 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 20100526-2 - Rebuild with md5hash as requested in #608943 -------------------------------------------------------------------------------- References: [ 1 ] Bug #608943 - enable md5hash by default? https://bugzilla.redhat.com/show_bug.cgi?id=608943 -------------------------------------------------------------------------------- ================================================================================ mercurial-1.7-3.fc13 (FEDORA-2010-17087) Mercurial -- a distributed SCM -------------------------------------------------------------------------------- Update Information: see: http://http://mercurial.selenic.com/wiki/WhatsNew -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Neal Becker <ndbecker2@xxxxxxxxx> - 1.7-3 - BR python-docutils * Mon Nov 1 2010 Neal Becker <ndbecker2@xxxxxxxxx> - 1.7-2 - Make that 1.7 * Mon Nov 1 2010 Neal Becker <ndbecker2@xxxxxxxxx> - 1.7.0-1 - Update to 1.7.0 * Thu Oct 21 2010 Neal Becker <ndbecker2@xxxxxxxxx> - 1.6.4-4 - Try another way to own directories * Wed Oct 20 2010 Neal Becker <ndbecker2@xxxxxxxxx> - 1.6.4-3 - Fixup unowned directories -------------------------------------------------------------------------------- ================================================================================ mesa-7.8.2-1.fc13 (FEDORA-2010-17124) Mesa graphics libraries -------------------------------------------------------------------------------- Update Information: Latest stable upstream 7.8.x. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Adam Jackson <ajax@xxxxxxxxxx> 7.8.2-1 - Mesa 7.8.2 (#617929) -------------------------------------------------------------------------------- References: [ 1 ] Bug #617929 - RFE Mesa 7.8.2 https://bugzilla.redhat.com/show_bug.cgi?id=617929 [ 2 ] Bug #577515 - Dri problem https://bugzilla.redhat.com/show_bug.cgi?id=577515 -------------------------------------------------------------------------------- ================================================================================ mysql-5.1.52-1.fc13 (FEDORA-2010-17090) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: Update to MySQL 5.1.52, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Tom Lane <tgl@xxxxxxxxxx> 5.1.52-1 - Update to MySQL 5.1.52, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html Resolves: #646569 -------------------------------------------------------------------------------- References: [ 1 ] Bug #646569 - Cascade Delete results in "Got error -1 from storage engine" https://bugzilla.redhat.com/show_bug.cgi?id=646569 -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-check-updates-1.4.9-1.fc13 (FEDORA-2010-17082) A Nagios plugin to check if Red Hat or Fedora system is up-to-date -------------------------------------------------------------------------------- References: [ 1 ] Bug #546445 - Review Request: nagios-plugins-check-updates - A Nagios plugin to check if Red Hat or Fedora system is up-to-date https://bugzilla.redhat.com/show_bug.cgi?id=546445 -------------------------------------------------------------------------------- ================================================================================ pam-1.1.1-6.fc13 (FEDORA-2010-17112) An extensible library which provides authentication for applications -------------------------------------------------------------------------------- Update Information: This update fixes moderate vulnerabilities in pam_env, pam_namespace, pam_mail, and pam_xauth modules. Default configurations (or configurations generated by authconfig) are not affected by the pam_mail and pam_namespace vulnerabilities. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 2 2010 Tomas Mraz <tmraz@xxxxxxxxxx> 1.1.1-6 - fix insecure dropping of priviledges in pam_xauth, pam_env, and pam_mail - CVE-2010-3316 (#637898), CVE-2010-3435 (#641335) - fix insecure executing of scripts with user supplied environment variables in pam_namespace - CVE-2010-3853 (#643043) * Thu Jul 15 2010 Tomas Mraz <tmraz@xxxxxxxxxx> 1.1.1-5 - do not overwrite tallylog with empty file on upgrade -------------------------------------------------------------------------------- References: [ 1 ] Bug #637898 - CVE-2010-3316 pam: pam_xauth missing return value checks from setuid() and similar calls https://bugzilla.redhat.com/show_bug.cgi?id=637898 [ 2 ] Bug #641335 - CVE-2010-3435 pam: pam_env and pam_mail accessing users' file with root privileges https://bugzilla.redhat.com/show_bug.cgi?id=641335 [ 3 ] Bug #643043 - CVE-2010-3853 pam: pam_namespace executes namespace.init with service's environment https://bugzilla.redhat.com/show_bug.cgi?id=643043 -------------------------------------------------------------------------------- ================================================================================ perl-DBIx-SearchBuilder-1.58-1.fc13 (FEDORA-2010-17154) Encapsulate SQL queries and rows in simple perl objects -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 2 2010 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.58-1 - Upstream update. - Spec cleanup. -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-Format-Natural-0.91-1.fc13 (FEDORA-2010-17106) Create machine readable date/time with natural parsing logic -------------------------------------------------------------------------------- Update Information: This month's update to DateTime::Format::Natural includes: * New supported formats: * <time> <month> <monthday> * <time> AM/PM <month> <monthday> * <monthday> <month> <time> * <monthday> <month> <time> AM/PM * <month> <monthday> <time> AM/PM * <variant> <weekday> <time> AM/PM * <time> AM/PM <variant> <weekday> * Record the grammar keyword for each valid expression parsed * Describe trace()'s purpose and its inclusion of a grammar keyword * Fix reference to the Calc class in the documentation of trace() * Adjust phrasing of parse_datetime_duration()'s documentation * Correct spelling of the examples description -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 2 2010 Iain Arnell <iarnell@xxxxxxxxx> 0.91-1 - update to latest upstream version -------------------------------------------------------------------------------- ================================================================================ perl-Term-ProgressBar-2.09-9.fc13 (FEDORA-2010-17121) Provide a progress meter on a standard terminal -------------------------------------------------------------------------------- Update Information: Term::ReadKey is now mandatory requirement, which allow more features. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 2 2010 Marcela MaÅlÃÅovà <mmaslano@xxxxxxxxxx> - 2.09-9 - 648598 add requirement on Term::ReadKey, it add width feature * Thu May 6 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 2.09-8 - Mass rebuild with perl-5.12.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #648598 - perl-Term-ProgressBar is missing a dependency on perl-TermReadKey https://bugzilla.redhat.com/show_bug.cgi?id=648598 -------------------------------------------------------------------------------- ================================================================================ pidgin-2.7.5-1.fc13 (FEDORA-2010-17148) A Gtk+ based multiprotocol instant messaging client -------------------------------------------------------------------------------- Update Information: New release 2.7.5 Full Upstream ChangeLog: http://developer.pidgin.im/wiki/ChangeLog -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Stu Tomlinson <stu@xxxxxxxxxxxxx> 2.7.5-1 - 2.7.5 -------------------------------------------------------------------------------- ================================================================================ proftpd-1.3.3c-1.fc13 (FEDORA-2010-17098) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information: This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system. * A logic error in the code for processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Successful exploitation may allow execution of arbitrary code. There isn't currently a CVE number for this issue but the original reporter of the problem has tagged this as ZDI-CAN-925. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3521 * An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory. Only configurations using "mod_site_misc", which is not enabled by default, and where the attacker has write access to a directory, are vulnerable to this issue, which has been assigned CVE-2010-3867. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3519 This update also fixes an issue with SQLite authentication and adds a new module "mod_geoip", which can be used to look up geographical information on connecting clients and use that to set access controls for the server. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.3.3c-1 - Update to 1.3.3c (#647965) - Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925) - Fixed directory traversal bug in mod_site_misc (CVE-2010-3867) - Fixed SQLite authentications using "SQLAuthType Backend" - New DSO module: mod_geoip -------------------------------------------------------------------------------- References: [ 1 ] Bug #647965 - proftpd-1.3.3c is available https://bugzilla.redhat.com/show_bug.cgi?id=647965 -------------------------------------------------------------------------------- ================================================================================ python-redis-2.0.0-1.fc13 (FEDORA-2010-17118) A Python client for redis -------------------------------------------------------------------------------- References: [ 1 ] Bug #630339 - Review Request: python-redis - A Python client for redis https://bugzilla.redhat.com/show_bug.cgi?id=630339 -------------------------------------------------------------------------------- ================================================================================ python-sphinx-0.6.6-3.fc13 (FEDORA-2010-17085) Python documentation generator -------------------------------------------------------------------------------- Update Information: - Actually include *.js locale files - Fix -doc Makefile to allow regeneration of .rst files -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 0.6.6-3 - Fix -doc Makefile to allow regeneration of .rst files * Mon Nov 1 2010 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 0.6.6-2 - Actually include *.js locale files -------------------------------------------------------------------------------- ================================================================================ rabbitmq-server-2.1.1-1.fc13 (FEDORA-2010-17149) The RabbitMQ server -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Hubert Plociniczak <hubert.plociniczak@xxxxxxxxx> 2.1.1-1 - New Upstream Release -------------------------------------------------------------------------------- ================================================================================ seamonkey-2.0.10-1.fc13 (FEDORA-2010-17084) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information: Update to new upstream SeaMonkey version 2.0.10, fixing multiple security issues detailed in the upstream advisories: * http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.9 * http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.10 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Martin Stransky <stransky@xxxxxxxxxx> 2.0.10-1 - Update to 2.0.10 * Thu Oct 21 2010 Martin Stransky <stransky@xxxxxxxxxx> 2.0.9-1 - Update to 2.0.9 -------------------------------------------------------------------------------- ================================================================================ wifi-radar-2.0.s08-1.fc13 (FEDORA-2010-17119) A utility for managing WiFi profiles -------------------------------------------------------------------------------- Update Information: Update to 2.0.s08 which fix three bugs -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Pablo Martin-Gomez <bouska@xxxxxxxxxxxxxxxxx> -2.0.s08-1 - Update to 2.0.s08 -------------------------------------------------------------------------------- References: [ 1 ] Bug #493586 - Default configuration files missing/wrong https://bugzilla.redhat.com/show_bug.cgi?id=493586 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test