Fedora 12 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 12 Security updates need testing:

    https://admin.fedoraproject.org/updates/bzip2-1.0.6-1.fc12
    https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.fc12
    https://admin.fedoraproject.org/updates/gnome-xcf-thumbnailer-1.0-4.fc12
    https://admin.fedoraproject.org/updates/seamonkey-2.0.10-1.fc12
    https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc12
    https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12
    https://admin.fedoraproject.org/updates/gif2png-2.5.1-1202.fc12
    https://admin.fedoraproject.org/updates/xpdf-3.02-16.fc12
    https://admin.fedoraproject.org/updates/clamav-0.96.3-1200.fc12
    https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc12
    https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc12
    https://admin.fedoraproject.org/updates/pyftpdlib-0.5.2-1.fc12
    https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc12
    https://admin.fedoraproject.org/updates/pidgin-2.7.5-1.fc12
    https://admin.fedoraproject.org/updates/pootle-2.1.2-1.fc12
    https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc12
    https://admin.fedoraproject.org/updates/libsmi-0.4.8-5.fc12
    https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc12


The following Fedora 12 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/NetworkManager-0.8.1-10.git20100831.fc12
    https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc12
    https://admin.fedoraproject.org/updates/findutils-4.4.2-7.fc12
    https://admin.fedoraproject.org/updates/nss-softokn-3.12.4-16.fc12
    https://admin.fedoraproject.org/updates/xorg-x11-drv-ati-6.13.0-0.22.20100316git819b4015.fc12
    https://admin.fedoraproject.org/updates/binutils-2.19.51.0.14-38.fc12
    https://admin.fedoraproject.org/updates/util-linux-ng-2.16.2-4.fc12
    https://admin.fedoraproject.org/updates/xorg-x11-drv-synaptics-1.2.0-3.fc12
    https://admin.fedoraproject.org/updates/findutils-4.4.2-5.fc12


The following builds have been pushed to Fedora 12 updates-testing

    NetworkManager-0.8.1-10.git20100831.fc12
    nagios-3.2.3-3.fc12
    perl-Devel-StackTrace-1.26-1.fc12
    perl-File-Find-Rule-Perl-1.10-1.fc12
    perl-Test-LongString-0.14-1.fc12
    proftpd-1.3.3c-1.fc12
    smart-1.3.1-66.fc12
    voms-1.9.19.2-1.fc12
    wavemon-0.7.0-1.fc12
    xforms-1.0.92-3.sp2.fc12

Details about builds:


================================================================================
 NetworkManager-0.8.1-10.git20100831.fc12 (FEDORA-2010-17227)
 Network connection manager and user applications
--------------------------------------------------------------------------------
Update Information:

This update preserves user-selected wireless state on reboot and resume.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Dan Williams <dcbw@xxxxxxxxxx> - 0.8.1-10
- core: preserve WiFi Enabled state across reboot and suspend/resume
--------------------------------------------------------------------------------


================================================================================
 nagios-3.2.3-3.fc12 (FEDORA-2010-17166)
 Nagios monitors hosts and services and yells if somethings breaks
--------------------------------------------------------------------------------
Update Information:

* Disable stripping of binaries
* Ver. 3.2.3
* Added accidentally missing patches
* Ver. 3.2.3
* Added accidentally missing patches
* Ver. 3.2.3
* Added accidentally missing patches
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.2.3-3
- Disable stripping of binaries (see rhbz #648223).
* Wed Oct 27 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.2.3-2
- Accidentally forgotten patches added back
* Tue Oct 26 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.2.3-1
- Ver. 3.2.3
- Further cleanups in spec-file
* Wed Sep 29 2010 jkeating - 3.2.2-2
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #648223 - nagios build strips binaries
        https://bugzilla.redhat.com/show_bug.cgi?id=648223
  [ 2 ] Bug #639941 - nagios: please update to 3.2.3
        https://bugzilla.redhat.com/show_bug.cgi?id=639941
--------------------------------------------------------------------------------


================================================================================
 perl-Devel-StackTrace-1.26-1.fc12 (FEDORA-2010-17226)
 Perl module implementing stack trace and stack trace frame objects
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 1:1.26-1
- Upstream update.
--------------------------------------------------------------------------------


================================================================================
 perl-File-Find-Rule-Perl-1.10-1.fc12 (FEDORA-2010-17180)
 Common rules for searching for Perl things
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.10-1
- Upstream update.
--------------------------------------------------------------------------------


================================================================================
 perl-Test-LongString-0.14-1.fc12 (FEDORA-2010-17207)
 Perl module to test long strings
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.14-1
- Upstream update.
- Minor spec cleanups.
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.3c-1.fc12 (FEDORA-2010-17220)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system.

* A logic error in the code for processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Successful exploitation may allow execution of arbitrary code. There isn't currently a CVE number for this issue but the original reporter of the problem has tagged this as ZDI-CAN-925. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3521

* An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory. Only configurations using "mod_site_misc", which is not enabled by default, and where the attacker has write access to a directory, are vulnerable to this issue, which has been assigned CVE-2010-3867. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3519

The update from 1.3.2d to 1.3.3c also includes a large number of non-security bugfixes and a number of additional loadable modules for enhanced functionality:

* mod_geoip
* mod_sftp
* mod_sftp_pam
* mod_sftp_sql
* mod_shaper
* mod_sql_passwd
* mod_tls_shmcache

There is also a new utility "ftpscrub" for scrubbing the scoreboard file.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.3.3c-1
- Update to 1.3.3c (#647965)
  - Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
  - Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)
  - Fixed SQLite authentications using "SQLAuthType Backend"
- New DSO module: mod_geoip
* Fri Sep 10 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.3.3b-1
- Update to 1.3.3b
  - Fixed SFTP directory listing bug
  - Avoid corrupting utmpx databases on FreeBSD
  - Avoid null pointer dereferences during data transfers
  - Fixed "AuthAliasOnly on" anonymous login
* Fri Jul  2 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.3.3a-1
- Update to 1.3.3a
  - Added Japanese translation
  - Many mod_sftp bugfixes
  - Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
  - Fixed handling of utmp/utmpx format changes on FreeBSD
* Thu Feb 25 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.3.3-1
- Update to 1.3.3 (see NEWS for list of fixed bugs)
- Update PID file location in initscript
- Drop upstreamed patches
- Upstream distribution now includes mod_exec, so drop unbundled source
- New DSO modules:
  - mod_sftp
  - mod_sftp_pam
  - mod_sftp_sql
  - mod_shaper
  - mod_sql_passwd
  - mod_tls_shmcache
- Configure script no longer appends "/proftpd" to --localstatedir option
- New utility ftpscrub for scrubbing the scoreboard file
- Include public key blacklist and Diffie-Hellman parameter files for mod_sftp
  in %{_sysconfdir}
- Remove IdentLookups from config file - disabled by default now
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647965 - proftpd-1.3.3c is available
        https://bugzilla.redhat.com/show_bug.cgi?id=647965
--------------------------------------------------------------------------------


================================================================================
 smart-1.3.1-66.fc12 (FEDORA-2010-17222)
 Next generation package handling tool
--------------------------------------------------------------------------------
Update Information:

- Update to 1.3.1.
- Apply fixes for bug #592503 (launchpad) (John Bray).

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Axel Thimm <Axel.Thimm@xxxxxxxxxx> - 1.3.1-66
- Update to 1.3.1.
- Apply fixes for bug #592503 (launchpad) (John Bray).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #643672 - No progress window displayed on gui
        https://bugzilla.redhat.com/show_bug.cgi?id=643672
--------------------------------------------------------------------------------


================================================================================
 voms-1.9.19.2-1.fc12 (FEDORA-2010-17230)
 Virtual Organization Membership Service
--------------------------------------------------------------------------------
Update Information:

Upstream bugfix release that fixes some memory leaks.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1.9.19.2-1
- Upstream 1.9.19.2 (CVS tag glite-security-voms_R_1_9_19_2)
--------------------------------------------------------------------------------


================================================================================
 wavemon-0.7.0-1.fc12 (FEDORA-2010-17212)
 Ncurses-based monitoring application for wireless network devices
--------------------------------------------------------------------------------
Update Information:

* Thu Nov 02 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.7.0-1
- Updated to new upstream 0.7.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  2 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.7.0-1
- Updated to new upstream 0.7.0
* Wed Aug 18 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.6.11-1
- Updated to new upstream 0.6.11
--------------------------------------------------------------------------------


================================================================================
 xforms-1.0.92-3.sp2.fc12 (FEDORA-2010-17170)
 XForms toolkit library
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.0.92-3.sp2
- Requires: xorg-x11-fonts-ISO8859-1-75dpi (#589726)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #589726 - Xforms apps often render text at the wrong size, causing layout issues
        https://bugzilla.redhat.com/show_bug.cgi?id=589726
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux