Fedora 13 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.fc13
    https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc13
    https://admin.fedoraproject.org/updates/gromacs-4.5.2-2.fc13
    https://admin.fedoraproject.org/updates/gnome-xcf-thumbnailer-1.0-4.fc13
    https://admin.fedoraproject.org/updates/monotone-0.48.1-1.fc13
    https://admin.fedoraproject.org/updates/seamonkey-2.0.10-1.fc13
    https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13
    https://admin.fedoraproject.org/updates/bugzilla-3.4.9-1.fc13
    https://admin.fedoraproject.org/updates/clamav-0.96.3-1400.fc13
    https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc13
    https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc13
    https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc13
    https://admin.fedoraproject.org/updates/libguestfs-1.6.0-1.fc13.1
    https://admin.fedoraproject.org/updates/pootle-2.1.2-1.fc13
    https://admin.fedoraproject.org/updates/libsmi-0.4.8-5.fc13


The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/NetworkManager-0.8.1-10.git20100831.fc13
    https://admin.fedoraproject.org/updates/crontabs-1.11-1.20101022git.fc13
    https://admin.fedoraproject.org/updates/gnome-settings-daemon-2.30.1-9.fc13
    https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-69.fc13
    https://admin.fedoraproject.org/updates/upstart-0.6.5-7.fc13
    https://admin.fedoraproject.org/updates/libgsf-1.14.18-1.fc13
    https://admin.fedoraproject.org/updates/goddard-kde-theme-13.1.0-1.fc13,fedora-logos-13.0.2-2.fc13,generic-logos-13.0.1-2.fc13,kde-settings-4.4-21.fc13
    https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
    https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13


The following builds have been pushed to Fedora 13 updates-testing

    PyQuante-1.6.3-5.174svn.fc13
    bugzilla-3.4.9-1.fc13
    emacs-ibus-0.2.1-1.fc13
    gromacs-4.5.2-2.fc13
    jd-2.7.5-0.2.beta101104.fc13
    perl-Lingua-EN-Tagger-0.16-4.fc13
    perl-Log-Dispatch-2.27-1.fc13
    php-ZendFramework-1.11.0-1.fc13
    python-mox-0.5.3-2.fc13
    qbittorrent-2.4.9-1.fc13
    rubygem-cairo-1.10.0-3.fc13
    rubygem-rest-client-1.6.1-1.fc13
    sane-backends-1.0.21-4.fc13
    skf-1.97.3-1.fc13
    squid-3.1.9-3.fc13
    sunbird-1.0-0.31.b3pre.fc13
    thunderbird-3.1.6-2.fc13
    workrave-1.9.2-1.fc13

Details about builds:


================================================================================
 PyQuante-1.6.3-5.174svn.fc13 (FEDORA-2010-17244)
 Python Quantum Chemistry
--------------------------------------------------------------------------------
Update Information:

Switch to using an SVN snapshot, fixing quite a many bugs. PyQuante is also now built against libint, which speeds up calculations.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Jussi Lehtola <jussi.lehtola@xxxxxx> - 1.6.3-5.174svn
- Switch to using an SVN snapshot.
- Build against libint.
- Run tests.
* Wed Jul 21 2010 David Malcolm <dmalcolm@xxxxxxxxxx> - 1.6.3-4
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #581955 - Tests failed on version 1.6.3
        https://bugzilla.redhat.com/show_bug.cgi?id=581955
--------------------------------------------------------------------------------


================================================================================
 bugzilla-3.4.9-1.fc13 (FEDORA-2010-17280)
 Bug tracking system
--------------------------------------------------------------------------------
Update Information:

The following security issues have been discovered in Bugzilla:

* There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability.

* It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names.

* YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.

These are tracked by CVE-2010-3764.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Emmanuel Seyman <emmanuel.seyman@xxxxxxxxxxxxxxxx> - 3.4.9-1
- Update to 3.4.9
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #649398 - CVE-2010-3172 bugzilla: header and content injection vulnerability via Server Push
        https://bugzilla.redhat.com/show_bug.cgi?id=649398
  [ 2 ] Bug #649404 - CVE-2010-3764 bugzilla: information leak via Old Charts system
        https://bugzilla.redhat.com/show_bug.cgi?id=649404
--------------------------------------------------------------------------------


================================================================================
 emacs-ibus-0.2.1-1.fc13 (FEDORA-2010-17245)
 IBus client for GNU Emacs
--------------------------------------------------------------------------------
Update Information:

new upstream release (closes #627358); simplify the spec not to clean BuildRoot
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Daiki Ueno <dueno@xxxxxxxxxx> - 0.2.1-1
- new upstream release (closes #627358).
- simplify the spec not to clean BuildRoot.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #627358 - [abrt] emacs-ibus-0.1.1-1.fc13: display.py:544:send_and_recv:ConnectionClosedError: Display connection closed by server
        https://bugzilla.redhat.com/show_bug.cgi?id=627358
--------------------------------------------------------------------------------


================================================================================
 gromacs-4.5.2-2.fc13 (FEDORA-2010-17256)
 Fast, Free and Flexible Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:

Fix upgrade path issue caused by branching of libs.
Upgrade to 4.5.2, fixing CVE-2010-4001 and a bunch of other bugs. See full release notes at http://www.gromacs.org/About_Gromacs/Release_Notes/Versions_4.5.x .
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.2-2
- Make gromacs package obsolete older versions of gromacs package due to the
  branching of libraries.
* Mon Nov  1 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.2-1
- Update to 4.5.2.
* Wed Oct 27 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.1-2
- Patch around #644950.
- Split libraries in own packages to avoid multilib problems.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #644596 - CVE-2010-4001 gromacs: insecure library loading vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=644596
--------------------------------------------------------------------------------


================================================================================
 jd-2.7.5-0.2.beta101104.fc13 (FEDORA-2010-17236)
 A 2ch browser
--------------------------------------------------------------------------------
Update Information:

New version 2.7.5 beta 101104 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 2.7.5-0.2.beta101104
- 2.7.5 beta 101104
--------------------------------------------------------------------------------


================================================================================
 perl-Lingua-EN-Tagger-0.16-4.fc13 (FEDORA-2010-17186)
 Part-of-speech tagger for English natural language processing
--------------------------------------------------------------------------------
Update Information:

This update fixes a problem with the architecture-dependent lexicon files.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Iain Arnell <iarnell@xxxxxxxxx> 0.16-4
- avoid empty debug package
* Wed Nov  3 2010 Iain Arnell <iarnell@xxxxxxxxx> 0.16-3
- force architecture dependent installation (installed lexicons are
  arch-dependent)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #649418 - perl-Lingua-EN-Tagger-debuginfo is empty
        https://bugzilla.redhat.com/show_bug.cgi?id=649418
--------------------------------------------------------------------------------


================================================================================
 perl-Log-Dispatch-2.27-1.fc13 (FEDORA-2010-17253)
 Dispatches messages to one or more outputs
--------------------------------------------------------------------------------
Update Information:

Update to 2.27.

Log::Dispatch now has a new simplified constructor that makes it a lot easier to use.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 2.27-1
- update to 2.27
* Mon May  3 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 2.22-6
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647503 - perl-Log-Dispatch: please update to 2.27
        https://bugzilla.redhat.com/show_bug.cgi?id=647503
--------------------------------------------------------------------------------


================================================================================
 php-ZendFramework-1.11.0-1.fc13 (FEDORA-2010-17254)
 Leading open-source PHP framework
--------------------------------------------------------------------------------
Update Information:

Update to 1.11.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1.11.0-1
- update to 1.11.0
- new component: Cloud
- full changelog http://framework.zend.com/changelog/1.11.0
- release announcement:
  http://devzone.zend.com/article/12724-Zend-Framework-1.11.0-FINAL-Released
--------------------------------------------------------------------------------


================================================================================
 python-mox-0.5.3-2.fc13 (FEDORA-2010-17252)
 Mock object framework
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #645603 - Review Request: python-mox - Mock object framework
        https://bugzilla.redhat.com/show_bug.cgi?id=645603
--------------------------------------------------------------------------------


================================================================================
 qbittorrent-2.4.9-1.fc13 (FEDORA-2010-17271)
 A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:

* Sun Oct 31 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.4.9
    - BUGFIX: Fix crash when pressing enter in save path field in torrent addition dialog
    - BUGFIX: Fix crash when deleting a torrent with no metadata (closes #667528)
    - BUGFIX: Fix possible crash on clicking a RSS article (closes #575624)
    - BUGFIX: Correctly update total number of torrents when a torrent is automatically removed (closes #668726)
    - BUGFIX: Correctly display the hash of torrents with no metadata
    - BUGFIX: Elide status bar text if it is too wide
    - BUGFIX: Make sure the splash screen is displayed for 2 seconds
    - BUGFIX: Make listening on a particular interface more reliable
    - BUGFIX: Fix torrent size update in torrent addition dialog
    - BUGFIX: Fix possible crash on qBittorrent shutdown
    - BUGFIX: Fix and improve file priorities editing (closes #669084)
    - I18N: Updated Arabic, Italian and Croatian translations
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.4.9-1
- update to 2.4.9
--------------------------------------------------------------------------------


================================================================================
 rubygem-cairo-1.10.0-3.fc13 (FEDORA-2010-17255)
 Ruby bindings for cairo
--------------------------------------------------------------------------------
Update Information:

Move C extension library so that 'require "cairo"' works without compat ruby-cairo subpackage being installed.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Oct 31 2010 Mamoru Taska  <mtasaka@xxxxxxxxxxxxxxxxxxx> 1.10.0-3
- Move C extension so that "require %gemname" works correctly
--------------------------------------------------------------------------------


================================================================================
 rubygem-rest-client-1.6.1-1.fc13 (FEDORA-2010-17269)
 Simple REST client for Ruby
--------------------------------------------------------------------------------
Update Information:

Version bump
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep  8 2010 Michal Fojtik <mfojtik@xxxxxxxxxx> - 1.6.1-1
- New version release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #565811 - Review Request: rubygem-rest-client - Simple REST client for Ruby
        https://bugzilla.redhat.com/show_bug.cgi?id=565811
--------------------------------------------------------------------------------


================================================================================
 sane-backends-1.0.21-4.fc13 (FEDORA-2010-17278)
 Scanner access software
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Nils Philippsen <nils@xxxxxxxxxx> - 1.0.21-4
- xerox_mfp: correct color mode malfunction (#614949)
- xerox_mfp: add USB id for SCX-4500W (#614948)
* Fri Jun 25 2010 Nils Philippsen <nils@xxxxxxxxxx> - 1.0.21-3
- build with -fno-strict-aliasing
- use PIC/PIE because SANE-enabled software is likely to deal with data coming
  from untrusted sources (client <-> saned via network)
* Mon Jun  7 2010 Nils Philippsen <nils@xxxxxxxxxx>
- rectify devel subpackage description
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #614948 - No SCX-4500W in libsane.rules
        https://bugzilla.redhat.com/show_bug.cgi?id=614948
  [ 2 ] Bug #614949 - sane-backends-1.0.21-2 broke SCX-4500W color scanning
        https://bugzilla.redhat.com/show_bug.cgi?id=614949
--------------------------------------------------------------------------------


================================================================================
 skf-1.97.3-1.fc13 (FEDORA-2010-17275)
 Utility binary files in Simple Kanji Filter
--------------------------------------------------------------------------------
Update Information:

New version 1.97.3 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1.97.3-1
- 1.97.3
--------------------------------------------------------------------------------


================================================================================
 squid-3.1.9-3.fc13 (FEDORA-2010-17270)
 The Squid proxy caching server
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Jiri Skala <jskala@xxxxxxxxxx> - 7:3.1.9-3
- fixes #647967 - build with -fPIE option back and dropped proper libltdl usage
* Mon Oct 25 2010 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> - 7:3.1.9-2
- Upstrean 3.1.9 bugfix release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647967 - copyright attribution, compilation security settings and spec-file cleanups
        https://bugzilla.redhat.com/show_bug.cgi?id=647967
--------------------------------------------------------------------------------


================================================================================
 sunbird-1.0-0.31.b3pre.fc13 (FEDORA-2010-17279)
 Calendar application built upon Mozilla toolkit
--------------------------------------------------------------------------------
Update Information:

- Wrong library path fixed
- Subpackage thunderbird-lightning moved to thunderbird package
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-0.31.b3pre
- Disable thunderbird-lightning extension
- The thunderbird-lightning extension moved to thunderbird package
--------------------------------------------------------------------------------


================================================================================
 thunderbird-3.1.6-2.fc13 (FEDORA-2010-17279)
 Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:

- Wrong library path fixed
- Subpackage thunderbird-lightning moved to thunderbird package
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.1.6-2
- Move thunderbird-lightning extension from Sunbird package to Thunderbird
- Removed dependency on static libraries
--------------------------------------------------------------------------------


================================================================================
 workrave-1.9.2-1.fc13 (FEDORA-2010-17265)
 Program that assists in the recovery and prevention of RSI
--------------------------------------------------------------------------------
Update Information:

This new upstream release adds a few small UI improvements and fixes many bugs including some aborts due to X errors.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Tomas Mraz <tmraz@xxxxxxxxxx> - 1.9.2-1
- new upstream release hopefully fixing at least some of the aborts
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux