The following Fedora 12 Security updates need testing:
https://admin.fedoraproject.org/updates/bzip2-1.0.6-1.fc12
https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.fc12
https://admin.fedoraproject.org/updates/gnome-xcf-thumbnailer-1.0-4.fc12
https://admin.fedoraproject.org/updates/seamonkey-2.0.10-1.fc12
https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc12
https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12
https://admin.fedoraproject.org/updates/gif2png-2.5.1-1202.fc12
https://admin.fedoraproject.org/updates/xpdf-3.02-16.fc12
https://admin.fedoraproject.org/updates/clamav-0.96.3-1200.fc12
https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc12
https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc12
https://admin.fedoraproject.org/updates/pyftpdlib-0.5.2-1.fc12
https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc12
https://admin.fedoraproject.org/updates/pidgin-2.7.5-1.fc12
https://admin.fedoraproject.org/updates/pootle-2.1.2-1.fc12
https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc12
https://admin.fedoraproject.org/updates/libsmi-0.4.8-5.fc12
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc12
The following Fedora 12 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/NetworkManager-0.8.1-10.git20100831.fc12
https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc12
https://admin.fedoraproject.org/updates/findutils-4.4.2-7.fc12
https://admin.fedoraproject.org/updates/nss-softokn-3.12.4-16.fc12
https://admin.fedoraproject.org/updates/xorg-x11-drv-ati-6.13.0-0.22.20100316git819b4015.fc12
https://admin.fedoraproject.org/updates/binutils-2.19.51.0.14-38.fc12
https://admin.fedoraproject.org/updates/util-linux-ng-2.16.2-4.fc12
https://admin.fedoraproject.org/updates/xorg-x11-drv-synaptics-1.2.0-3.fc12
https://admin.fedoraproject.org/updates/findutils-4.4.2-5.fc12
The following builds have been pushed to Fedora 12 updates-testing
NetworkManager-0.8.1-10.git20100831.fc12
nagios-3.2.3-3.fc12
perl-Devel-StackTrace-1.26-1.fc12
perl-File-Find-Rule-Perl-1.10-1.fc12
perl-Test-LongString-0.14-1.fc12
proftpd-1.3.3c-1.fc12
smart-1.3.1-66.fc12
voms-1.9.19.2-1.fc12
wavemon-0.7.0-1.fc12
xforms-1.0.92-3.sp2.fc12
Details about builds:
================================================================================
NetworkManager-0.8.1-10.git20100831.fc12 (FEDORA-2010-17227)
Network connection manager and user applications
--------------------------------------------------------------------------------
Update Information:
This update preserves user-selected wireless state on reboot and resume.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 1 2010 Dan Williams <dcbw@xxxxxxxxxx> - 0.8.1-10
- core: preserve WiFi Enabled state across reboot and suspend/resume
--------------------------------------------------------------------------------
================================================================================
nagios-3.2.3-3.fc12 (FEDORA-2010-17166)
Nagios monitors hosts and services and yells if somethings breaks
--------------------------------------------------------------------------------
Update Information:
* Disable stripping of binaries
* Ver. 3.2.3
* Added accidentally missing patches
* Ver. 3.2.3
* Added accidentally missing patches
* Ver. 3.2.3
* Added accidentally missing patches
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.2.3-3
- Disable stripping of binaries (see rhbz #648223).
* Wed Oct 27 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.2.3-2
- Accidentally forgotten patches added back
* Tue Oct 26 2010 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.2.3-1
- Ver. 3.2.3
- Further cleanups in spec-file
* Wed Sep 29 2010 jkeating - 3.2.2-2
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #648223 - nagios build strips binaries
https://bugzilla.redhat.com/show_bug.cgi?id=648223
[ 2 ] Bug #639941 - nagios: please update to 3.2.3
https://bugzilla.redhat.com/show_bug.cgi?id=639941
--------------------------------------------------------------------------------
================================================================================
perl-Devel-StackTrace-1.26-1.fc12 (FEDORA-2010-17226)
Perl module implementing stack trace and stack trace frame objects
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 1:1.26-1
- Upstream update.
--------------------------------------------------------------------------------
================================================================================
perl-File-Find-Rule-Perl-1.10-1.fc12 (FEDORA-2010-17180)
Common rules for searching for Perl things
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.10-1
- Upstream update.
--------------------------------------------------------------------------------
================================================================================
perl-Test-LongString-0.14-1.fc12 (FEDORA-2010-17207)
Perl module to test long strings
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.14-1
- Upstream update.
- Minor spec cleanups.
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3c-1.fc12 (FEDORA-2010-17220)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system.
* A logic error in the code for processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Successful exploitation may allow execution of arbitrary code. There isn't currently a CVE number for this issue but the original reporter of the problem has tagged this as ZDI-CAN-925. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3521
* An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory. Only configurations using "mod_site_misc", which is not enabled by default, and where the attacker has write access to a directory, are vulnerable to this issue, which has been assigned CVE-2010-3867. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3519
The update from 1.3.2d to 1.3.3c also includes a large number of non-security bugfixes and a number of additional loadable modules for enhanced functionality:
* mod_geoip
* mod_sftp
* mod_sftp_pam
* mod_sftp_sql
* mod_shaper
* mod_sql_passwd
* mod_tls_shmcache
There is also a new utility "ftpscrub" for scrubbing the scoreboard file.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 1 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.3.3c-1
- Update to 1.3.3c (#647965)
- Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
- Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)
- Fixed SQLite authentications using "SQLAuthType Backend"
- New DSO module: mod_geoip
* Fri Sep 10 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.3.3b-1
- Update to 1.3.3b
- Fixed SFTP directory listing bug
- Avoid corrupting utmpx databases on FreeBSD
- Avoid null pointer dereferences during data transfers
- Fixed "AuthAliasOnly on" anonymous login
* Fri Jul 2 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.3.3a-1
- Update to 1.3.3a
- Added Japanese translation
- Many mod_sftp bugfixes
- Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
- Fixed handling of utmp/utmpx format changes on FreeBSD
* Thu Feb 25 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.3.3-1
- Update to 1.3.3 (see NEWS for list of fixed bugs)
- Update PID file location in initscript
- Drop upstreamed patches
- Upstream distribution now includes mod_exec, so drop unbundled source
- New DSO modules:
- mod_sftp
- mod_sftp_pam
- mod_sftp_sql
- mod_shaper
- mod_sql_passwd
- mod_tls_shmcache
- Configure script no longer appends "/proftpd" to --localstatedir option
- New utility ftpscrub for scrubbing the scoreboard file
- Include public key blacklist and Diffie-Hellman parameter files for mod_sftp
in %{_sysconfdir}
- Remove IdentLookups from config file - disabled by default now
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #647965 - proftpd-1.3.3c is available
https://bugzilla.redhat.com/show_bug.cgi?id=647965
--------------------------------------------------------------------------------
================================================================================
smart-1.3.1-66.fc12 (FEDORA-2010-17222)
Next generation package handling tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.3.1.
- Apply fixes for bug #592503 (launchpad) (John Bray).
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Axel Thimm <Axel.Thimm@xxxxxxxxxx> - 1.3.1-66
- Update to 1.3.1.
- Apply fixes for bug #592503 (launchpad) (John Bray).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #643672 - No progress window displayed on gui
https://bugzilla.redhat.com/show_bug.cgi?id=643672
--------------------------------------------------------------------------------
================================================================================
voms-1.9.19.2-1.fc12 (FEDORA-2010-17230)
Virtual Organization Membership Service
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release that fixes some memory leaks.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 1 2010 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1.9.19.2-1
- Upstream 1.9.19.2 (CVS tag glite-security-voms_R_1_9_19_2)
--------------------------------------------------------------------------------
================================================================================
wavemon-0.7.0-1.fc12 (FEDORA-2010-17212)
Ncurses-based monitoring application for wireless network devices
--------------------------------------------------------------------------------
Update Information:
* Thu Nov 02 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.7.0-1
- Updated to new upstream 0.7.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 2 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.7.0-1
- Updated to new upstream 0.7.0
* Wed Aug 18 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.6.11-1
- Updated to new upstream 0.6.11
--------------------------------------------------------------------------------
================================================================================
xforms-1.0.92-3.sp2.fc12 (FEDORA-2010-17170)
XForms toolkit library
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.0.92-3.sp2
- Requires: xorg-x11-fonts-ISO8859-1-75dpi (#589726)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #589726 - Xforms apps often render text at the wrong size, causing layout issues
https://bugzilla.redhat.com/show_bug.cgi?id=589726
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
