The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/mailman-2.1.13-6.fc14
https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc14
https://admin.fedoraproject.org/updates/gromacs-4.5.2-2.fc14
https://admin.fedoraproject.org/updates/monotone-0.48.1-1.fc14
https://admin.fedoraproject.org/updates/apr-util-1.3.10-1.fc14
https://admin.fedoraproject.org/updates/bugzilla-3.6.3-1.fc14
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-14.fc14
https://admin.fedoraproject.org/updates/exim-4.72-2.fc14
https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc14
https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc14
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc14
https://admin.fedoraproject.org/updates/banshee-1.8.0-10.fc14
https://admin.fedoraproject.org/updates/pootle-2.1.2-1.fc14
https://admin.fedoraproject.org/updates/libsmi-0.4.8-5.fc14
https://admin.fedoraproject.org/updates/gnome-xcf-thumbnailer-1.0-4.fc14
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/libcap-ng-0.6.5-1.fc14
https://admin.fedoraproject.org/updates/rsyslog-4.6.3-2.fc14
https://admin.fedoraproject.org/updates/NetworkManager-0.8.1-10.git20100831.fc14
https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc14
https://admin.fedoraproject.org/updates/crontabs-1.11-1.20101022git.fc14
https://admin.fedoraproject.org/updates/livecd-tools-0.3.5-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-2.fc14
The following builds have been pushed to Fedora 14 updates-testing
PyQuante-1.6.3-5.174svn.fc14
audacious-plugins-2.4.0-7.fc14
bugzilla-3.6.3-1.fc14
emacs-ibus-0.2.1-1.fc14
ghc-6.12.3-7.fc14
gromacs-4.5.2-2.fc14
hamster-applet-2.32.0-2.fc14
jd-2.7.5-0.2.beta101104.fc14
libcap-ng-0.6.5-1.fc14
perl-Lingua-EN-Tagger-0.16-4.fc14
perl-Log-Dispatch-2.27-1.fc14
php-ZendFramework-1.11.0-1.fc14
python-mox-0.5.3-2.fc14
qbittorrent-2.4.9-1.fc14
ruby-1.8.7.302-2.fc14
rubygem-cairo-1.10.0-3.fc14
rubygem-rest-client-1.6.1-1.fc14
sane-backends-1.0.21-4.fc14
skf-1.97.3-1.fc14
squid-3.1.9-3.fc14
sunbird-1.0-0.32.b3pre.fc14
taipeifonts-1.2-12.fc14
thunderbird-3.1.6-2.fc14
viking-0.9.96-1.fc14
wireshark-1.4.1-2.fc14
workrave-1.9.2-1.fc14
yokadi-0.12.0-1.fc14
Details about builds:
================================================================================
PyQuante-1.6.3-5.174svn.fc14 (FEDORA-2010-17247)
Python Quantum Chemistry
--------------------------------------------------------------------------------
Update Information:
Switch to using an SVN snapshot, fixing quite a many bugs. PyQuante is also now built against libint, which speeds up calculations.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Jussi Lehtola <jussi.lehtola@xxxxxx> - 1.6.3-5.174svn
- Switch to using an SVN snapshot.
- Build against libint.
- Run tests.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #581955 - Tests failed on version 1.6.3
https://bugzilla.redhat.com/show_bug.cgi?id=581955
--------------------------------------------------------------------------------
================================================================================
audacious-plugins-2.4.0-7.fc14 (FEDORA-2010-17239)
Plugins for the Audacious audio player
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 2.4.0-7
- Prevent buffer realloc crash in cue.c playlist_load_cue (#649645).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649645 - [abrt] cue.c:81 *** glibc detected *** audacious2: realloc(): invalid pointer: 0x0805a156 ***
https://bugzilla.redhat.com/show_bug.cgi?id=649645
--------------------------------------------------------------------------------
================================================================================
bugzilla-3.6.3-1.fc14 (FEDORA-2010-17274)
Bug tracking system
--------------------------------------------------------------------------------
Update Information:
The following security issues have been discovered in Bugzilla:
* There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability.
* It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names.
* YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.
These are tracked by CVE-2010-3764.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Emmanuel Seyman <emmanuel.seyman@xxxxxxxxxxxxxxxx> - 3.6.3-1
- Update to 3.6.3 (#649406)
- Fix webdot alias in /etc/httpd/conf.d/bugzilla (#630255)
- Do not apply graphs patch (upstreamed)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649398 - CVE-2010-3172 bugzilla: header and content injection vulnerability via Server Push
https://bugzilla.redhat.com/show_bug.cgi?id=649398
[ 2 ] Bug #649404 - CVE-2010-3764 bugzilla: information leak via Old Charts system
https://bugzilla.redhat.com/show_bug.cgi?id=649404
--------------------------------------------------------------------------------
================================================================================
emacs-ibus-0.2.1-1.fc14 (FEDORA-2010-17257)
IBus client for GNU Emacs
--------------------------------------------------------------------------------
Update Information:
new upstream release (closes #627358); simplify the spec not to clean BuildRoot
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Daiki Ueno <dueno@xxxxxxxxxx> - 0.2.1-1
- new upstream release (closes #627358).
- simplify the spec not to clean BuildRoot.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #627358 - [abrt] emacs-ibus-0.1.1-1.fc13: display.py:544:send_and_recv:ConnectionClosedError: Display connection closed by server
https://bugzilla.redhat.com/show_bug.cgi?id=627358
--------------------------------------------------------------------------------
================================================================================
ghc-6.12.3-7.fc14 (FEDORA-2010-17266)
Glasgow Haskell Compilation system
--------------------------------------------------------------------------------
Update Information:
Avoid ghc-type-level when re-indexing haddock devel docs, since it takes far too long.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Jens Petersen <petersen@xxxxxxxxxx> - 6.12.3-7
- skip huge type-level docs from haddock re-indexing (#649228)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649228 - gen_contents_index takes too long to run after every rpm transaction
https://bugzilla.redhat.com/show_bug.cgi?id=649228
--------------------------------------------------------------------------------
================================================================================
gromacs-4.5.2-2.fc14 (FEDORA-2010-17248)
Fast, Free and Flexible Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:
Fix upgrade path issue caused by branching of libs.
Upgrade to 4.5.2, fixing CVE-2010-4001 and a bunch of other bugs. See full release notes at http://www.gromacs.org/About_Gromacs/Release_Notes/Versions_4.5.x .
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.2-2
- Make gromacs package obsolete older versions of gromacs package due to the
branching of libraries.
* Mon Nov 1 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.2-1
- Update to 4.5.2.
* Wed Oct 27 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.1-2
- Patch around #644950.
- Split libraries in own packages to avoid multilib problems.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644596 - CVE-2010-4001 gromacs: insecure library loading vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=644596
--------------------------------------------------------------------------------
================================================================================
hamster-applet-2.32.0-2.fc14 (FEDORA-2010-17281)
Time tracking applet
--------------------------------------------------------------------------------
Update Information:
Make hamster-applet work like an applet again. Add missing dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Mads Villadsen <maxx@xxxxxxxxx> - 2.32.0-2
- Added dependency on dbus-python (fixes bug #649150)
- Fixes bug #649243
* Tue Sep 28 2010 Mads Villadsen <maxx@xxxxxxxxx> - 2.32.0-1
- Update to 2.32.0
- Minor bugfixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649150 - hamster-applet has missing dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=649150
[ 2 ] Bug #649243 - Hamster applet not appearing neither in GNOME applet list, nor in panel
https://bugzilla.redhat.com/show_bug.cgi?id=649243
--------------------------------------------------------------------------------
================================================================================
jd-2.7.5-0.2.beta101104.fc14 (FEDORA-2010-17251)
A 2ch browser
--------------------------------------------------------------------------------
Update Information:
New version 2.7.5 beta101104 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 2.7.5-0.2.beta101104
- 2.7.5 beta 101104
--------------------------------------------------------------------------------
================================================================================
libcap-ng-0.6.5-1.fc14 (FEDORA-2010-17258)
An alternate posix capabilities library
--------------------------------------------------------------------------------
Update Information:
This update fixes a segfault when using filecap on a file.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Steve Grubb <sgrubb@xxxxxxxxxx> 0.6.5-1
- New upstream release fixing 2.6.36 kernel header issue
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #647771 - filecap segfaults when given a file instead of a directory.
https://bugzilla.redhat.com/show_bug.cgi?id=647771
--------------------------------------------------------------------------------
================================================================================
perl-Lingua-EN-Tagger-0.16-4.fc14 (FEDORA-2010-17214)
Part-of-speech tagger for English natural language processing
--------------------------------------------------------------------------------
Update Information:
This update fixes a problem with the architecture-dependent lexicon files.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Iain Arnell <iarnell@xxxxxxxxx> 0.16-4
- avoid empty debug package
* Wed Nov 3 2010 Iain Arnell <iarnell@xxxxxxxxx> 0.16-3
- force architecture dependent installation (installed lexicons are
arch-dependent)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649418 - perl-Lingua-EN-Tagger-debuginfo is empty
https://bugzilla.redhat.com/show_bug.cgi?id=649418
--------------------------------------------------------------------------------
================================================================================
perl-Log-Dispatch-2.27-1.fc14 (FEDORA-2010-17276)
Dispatches messages to one or more outputs
--------------------------------------------------------------------------------
Update Information:
Update to 2.27.
Log::Dispatch now has a new simplified constructor that makes it a lot easier to use.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 2.27-1
- update to 2.27
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #647503 - perl-Log-Dispatch: please update to 2.27
https://bugzilla.redhat.com/show_bug.cgi?id=647503
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework-1.11.0-1.fc14 (FEDORA-2010-17250)
Leading open-source PHP framework
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1.11.0-1
- update to 1.11.0
- new component: Cloud
- full changelog http://framework.zend.com/changelog/1.11.0
- release announcement:
http://devzone.zend.com/article/12724-Zend-Framework-1.11.0-FINAL-Released
--------------------------------------------------------------------------------
================================================================================
python-mox-0.5.3-2.fc14 (FEDORA-2010-17238)
Mock object framework
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #645603 - Review Request: python-mox - Mock object framework
https://bugzilla.redhat.com/show_bug.cgi?id=645603
--------------------------------------------------------------------------------
================================================================================
qbittorrent-2.4.9-1.fc14 (FEDORA-2010-17240)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
* Sun Oct 31 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.4.9
- BUGFIX: Fix crash when pressing enter in save path field in torrent addition dialog
- BUGFIX: Fix crash when deleting a torrent with no metadata (closes #667528)
- BUGFIX: Fix possible crash on clicking a RSS article (closes #575624)
- BUGFIX: Correctly update total number of torrents when a torrent is automatically removed (closes #668726)
- BUGFIX: Correctly display the hash of torrents with no metadata
- BUGFIX: Elide status bar text if it is too wide
- BUGFIX: Make sure the splash screen is displayed for 2 seconds
- BUGFIX: Make listening on a particular interface more reliable
- BUGFIX: Fix torrent size update in torrent addition dialog
- BUGFIX: Fix possible crash on qBittorrent shutdown
- BUGFIX: Fix and improve file priorities editing (closes #669084)
- I18N: Updated Arabic, Italian and Croatian translations
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 1 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.4.9-1
- update to 2.4.9
--------------------------------------------------------------------------------
================================================================================
ruby-1.8.7.302-2.fc14 (FEDORA-2010-17263)
An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:
Multilib conflict between i686 and x86_64 is found on -libs
subpackage. This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1.8.7.302-2
- Avoid multilib conflict on -libs subpackage (bug 649174)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649174 - ruby-libs i686 / x86_64 conflicts
https://bugzilla.redhat.com/show_bug.cgi?id=649174
--------------------------------------------------------------------------------
================================================================================
rubygem-cairo-1.10.0-3.fc14 (FEDORA-2010-17272)
Ruby bindings for cairo
--------------------------------------------------------------------------------
Update Information:
Move C extension library so that 'require "cairo"' works without
compat ruby-cairo subpackage being installed.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 31 2010 Mamoru Taska <mtasaka@xxxxxxxxxxxxxxxxxxx> 1.10.0-3
- Move C extension so that "require %gemname" works correctly
--------------------------------------------------------------------------------
================================================================================
rubygem-rest-client-1.6.1-1.fc14 (FEDORA-2010-17273)
Simple REST client for Ruby
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 8 2010 Michal Fojtik <mfojtik@xxxxxxxxxx> - 1.6.1-1
- New version release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #565811 - Review Request: rubygem-rest-client - Simple REST client for Ruby
https://bugzilla.redhat.com/show_bug.cgi?id=565811
--------------------------------------------------------------------------------
================================================================================
sane-backends-1.0.21-4.fc14 (FEDORA-2010-17242)
Scanner access software
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Nils Philippsen <nils@xxxxxxxxxx> - 1.0.21-4
- xerox_mfp: correct color mode malfunction (#614949)
- xerox_mfp: add USB id for SCX-4500W (#614948)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #614948 - No SCX-4500W in libsane.rules
https://bugzilla.redhat.com/show_bug.cgi?id=614948
[ 2 ] Bug #614949 - sane-backends-1.0.21-2 broke SCX-4500W color scanning
https://bugzilla.redhat.com/show_bug.cgi?id=614949
--------------------------------------------------------------------------------
================================================================================
skf-1.97.3-1.fc14 (FEDORA-2010-17234)
Utility binary files in Simple Kanji Filter
--------------------------------------------------------------------------------
Update Information:
New version 1.97.3 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1.97.3-1
- 1.97.3
--------------------------------------------------------------------------------
================================================================================
squid-3.1.9-3.fc14 (FEDORA-2010-17268)
The Squid proxy caching server
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Jiri Skala <jskala@xxxxxxxxxx> - 7:3.1.9-3
- fixes #647967 - build with -fPIE option back and dropped proper libltdl usage
* Mon Oct 25 2010 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> 7:3.1.9-2
- Upstream 3.1.9 bugfix release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #647967 - copyright attribution, compilation security settings and spec-file cleanups
https://bugzilla.redhat.com/show_bug.cgi?id=647967
--------------------------------------------------------------------------------
================================================================================
sunbird-1.0-0.32.b3pre.fc14 (FEDORA-2010-17262)
Calendar application built upon Mozilla toolkit
--------------------------------------------------------------------------------
Update Information:
- Wrong library path fixed
- Subpackage thunderbird-lightning moved to thunderbird package
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-0.32.b3pre
- Disable thunderbird-lightning extension
- The thunderbird-lightning extension moved to thunderbird package
--------------------------------------------------------------------------------
================================================================================
taipeifonts-1.2-12.fc14 (FEDORA-2010-17261)
Traditional Chinese Bitmap fonts
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 24 2010 Adam Tkac <atkac redhat com> - 1.2-12
- rebuild to ensure F14 has higher NVR than F13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #648059 - upgrade path f13 â f14 is broken
https://bugzilla.redhat.com/show_bug.cgi?id=648059
--------------------------------------------------------------------------------
================================================================================
thunderbird-3.1.6-2.fc14 (FEDORA-2010-17262)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
- Wrong library path fixed
- Subpackage thunderbird-lightning moved to thunderbird package
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.1.6-2
- Move thunderbird-lightning extension from Sunbird package to Thunderbird
- Removed dependency on static libraries
--------------------------------------------------------------------------------
================================================================================
viking-0.9.96-1.fc14 (FEDORA-2010-17277)
GPS data editor and analyzer
--------------------------------------------------------------------------------
Update Information:
* Wed Nov 03 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.9.96-1
- Updated to new upstream version 0.9.96
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.9.96-1
- Updated to new upstream version 0.9.96
* Wed Sep 29 2010 jkeating - 0.9.95-3
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
================================================================================
wireshark-1.4.1-2.fc14 (FEDORA-2010-17241)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 1 2010 Jan Safranek <jsafrane@xxxxxxxxxx> - 1.4.1-2
- temporarily disable zlib until
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4955 is resolved (#643461)
* Fri Oct 22 2010 Jan Safranek <jsafrane@xxxxxxxxxx> - 1.4.1-1
- upgrade to 1.4.1
- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.1.html
- Own the %{_libdir}/wireshark dir (#644508)
- associate *.pcap files with wireshark (#641163)
* Tue Oct 5 2010 jkeating - 1.4.0-2.1
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #643461 - Warn Error "File contains a record that's not valid" while reading: "/tmp/wireshark..."
https://bugzilla.redhat.com/show_bug.cgi?id=643461
[ 2 ] Bug #644508 - Unowned %{_libdir}/wireshark dir
https://bugzilla.redhat.com/show_bug.cgi?id=644508
[ 3 ] Bug #641163 - wireshark association with *.pcap files required
https://bugzilla.redhat.com/show_bug.cgi?id=641163
--------------------------------------------------------------------------------
================================================================================
workrave-1.9.2-1.fc14 (FEDORA-2010-17259)
Program that assists in the recovery and prevention of RSI
--------------------------------------------------------------------------------
Update Information:
This new upstream release adds a few small UI improvements and fixes many bugs including some aborts due to X errors.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Tomas Mraz <tmraz@xxxxxxxxxx> - 1.9.2-1
- new upstream release hopefully fixing at least some of the aborts
--------------------------------------------------------------------------------
================================================================================
yokadi-0.12.0-1.fc14 (FEDORA-2010-17249)
Command line oriented todo list system
--------------------------------------------------------------------------------
Update Information:
* Wed Nov 03 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.12.0-2
- Added man pages
* Wed Nov 03 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.12.0-1
- Updated to new upstream version 0.12
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.12.0-2
- Added man pages
* Wed Nov 3 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.12.0-1
- Updated to new upstream version 0.12
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
