The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.fc13
https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc13
https://admin.fedoraproject.org/updates/gromacs-4.5.2-2.fc13
https://admin.fedoraproject.org/updates/gnome-xcf-thumbnailer-1.0-4.fc13
https://admin.fedoraproject.org/updates/monotone-0.48.1-1.fc13
https://admin.fedoraproject.org/updates/seamonkey-2.0.10-1.fc13
https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13
https://admin.fedoraproject.org/updates/bugzilla-3.4.9-1.fc13
https://admin.fedoraproject.org/updates/clamav-0.96.3-1400.fc13
https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc13
https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc13
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc13
https://admin.fedoraproject.org/updates/libguestfs-1.6.0-1.fc13.1
https://admin.fedoraproject.org/updates/pootle-2.1.2-1.fc13
https://admin.fedoraproject.org/updates/libsmi-0.4.8-5.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/NetworkManager-0.8.1-10.git20100831.fc13
https://admin.fedoraproject.org/updates/crontabs-1.11-1.20101022git.fc13
https://admin.fedoraproject.org/updates/gnome-settings-daemon-2.30.1-9.fc13
https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-69.fc13
https://admin.fedoraproject.org/updates/upstart-0.6.5-7.fc13
https://admin.fedoraproject.org/updates/libgsf-1.14.18-1.fc13
https://admin.fedoraproject.org/updates/goddard-kde-theme-13.1.0-1.fc13,fedora-logos-13.0.2-2.fc13,generic-logos-13.0.1-2.fc13,kde-settings-4.4-21.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
The following builds have been pushed to Fedora 13 updates-testing
PyQuante-1.6.3-5.174svn.fc13
bugzilla-3.4.9-1.fc13
emacs-ibus-0.2.1-1.fc13
gromacs-4.5.2-2.fc13
jd-2.7.5-0.2.beta101104.fc13
perl-Lingua-EN-Tagger-0.16-4.fc13
perl-Log-Dispatch-2.27-1.fc13
php-ZendFramework-1.11.0-1.fc13
python-mox-0.5.3-2.fc13
qbittorrent-2.4.9-1.fc13
rubygem-cairo-1.10.0-3.fc13
rubygem-rest-client-1.6.1-1.fc13
sane-backends-1.0.21-4.fc13
skf-1.97.3-1.fc13
squid-3.1.9-3.fc13
sunbird-1.0-0.31.b3pre.fc13
thunderbird-3.1.6-2.fc13
workrave-1.9.2-1.fc13
Details about builds:
================================================================================
PyQuante-1.6.3-5.174svn.fc13 (FEDORA-2010-17244)
Python Quantum Chemistry
--------------------------------------------------------------------------------
Update Information:
Switch to using an SVN snapshot, fixing quite a many bugs. PyQuante is also now built against libint, which speeds up calculations.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Jussi Lehtola <jussi.lehtola@xxxxxx> - 1.6.3-5.174svn
- Switch to using an SVN snapshot.
- Build against libint.
- Run tests.
* Wed Jul 21 2010 David Malcolm <dmalcolm@xxxxxxxxxx> - 1.6.3-4
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #581955 - Tests failed on version 1.6.3
https://bugzilla.redhat.com/show_bug.cgi?id=581955
--------------------------------------------------------------------------------
================================================================================
bugzilla-3.4.9-1.fc13 (FEDORA-2010-17280)
Bug tracking system
--------------------------------------------------------------------------------
Update Information:
The following security issues have been discovered in Bugzilla:
* There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability.
* It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names.
* YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.
These are tracked by CVE-2010-3764.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Emmanuel Seyman <emmanuel.seyman@xxxxxxxxxxxxxxxx> - 3.4.9-1
- Update to 3.4.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649398 - CVE-2010-3172 bugzilla: header and content injection vulnerability via Server Push
https://bugzilla.redhat.com/show_bug.cgi?id=649398
[ 2 ] Bug #649404 - CVE-2010-3764 bugzilla: information leak via Old Charts system
https://bugzilla.redhat.com/show_bug.cgi?id=649404
--------------------------------------------------------------------------------
================================================================================
emacs-ibus-0.2.1-1.fc13 (FEDORA-2010-17245)
IBus client for GNU Emacs
--------------------------------------------------------------------------------
Update Information:
new upstream release (closes #627358); simplify the spec not to clean BuildRoot
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Daiki Ueno <dueno@xxxxxxxxxx> - 0.2.1-1
- new upstream release (closes #627358).
- simplify the spec not to clean BuildRoot.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #627358 - [abrt] emacs-ibus-0.1.1-1.fc13: display.py:544:send_and_recv:ConnectionClosedError: Display connection closed by server
https://bugzilla.redhat.com/show_bug.cgi?id=627358
--------------------------------------------------------------------------------
================================================================================
gromacs-4.5.2-2.fc13 (FEDORA-2010-17256)
Fast, Free and Flexible Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:
Fix upgrade path issue caused by branching of libs.
Upgrade to 4.5.2, fixing CVE-2010-4001 and a bunch of other bugs. See full release notes at http://www.gromacs.org/About_Gromacs/Release_Notes/Versions_4.5.x .
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.2-2
- Make gromacs package obsolete older versions of gromacs package due to the
branching of libraries.
* Mon Nov 1 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.2-1
- Update to 4.5.2.
* Wed Oct 27 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.5.1-2
- Patch around #644950.
- Split libraries in own packages to avoid multilib problems.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644596 - CVE-2010-4001 gromacs: insecure library loading vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=644596
--------------------------------------------------------------------------------
================================================================================
jd-2.7.5-0.2.beta101104.fc13 (FEDORA-2010-17236)
A 2ch browser
--------------------------------------------------------------------------------
Update Information:
New version 2.7.5 beta 101104 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 2.7.5-0.2.beta101104
- 2.7.5 beta 101104
--------------------------------------------------------------------------------
================================================================================
perl-Lingua-EN-Tagger-0.16-4.fc13 (FEDORA-2010-17186)
Part-of-speech tagger for English natural language processing
--------------------------------------------------------------------------------
Update Information:
This update fixes a problem with the architecture-dependent lexicon files.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Iain Arnell <iarnell@xxxxxxxxx> 0.16-4
- avoid empty debug package
* Wed Nov 3 2010 Iain Arnell <iarnell@xxxxxxxxx> 0.16-3
- force architecture dependent installation (installed lexicons are
arch-dependent)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649418 - perl-Lingua-EN-Tagger-debuginfo is empty
https://bugzilla.redhat.com/show_bug.cgi?id=649418
--------------------------------------------------------------------------------
================================================================================
perl-Log-Dispatch-2.27-1.fc13 (FEDORA-2010-17253)
Dispatches messages to one or more outputs
--------------------------------------------------------------------------------
Update Information:
Update to 2.27.
Log::Dispatch now has a new simplified constructor that makes it a lot easier to use.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 2.27-1
- update to 2.27
* Mon May 3 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 2.22-6
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #647503 - perl-Log-Dispatch: please update to 2.27
https://bugzilla.redhat.com/show_bug.cgi?id=647503
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework-1.11.0-1.fc13 (FEDORA-2010-17254)
Leading open-source PHP framework
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1.11.0-1
- update to 1.11.0
- new component: Cloud
- full changelog http://framework.zend.com/changelog/1.11.0
- release announcement:
http://devzone.zend.com/article/12724-Zend-Framework-1.11.0-FINAL-Released
--------------------------------------------------------------------------------
================================================================================
python-mox-0.5.3-2.fc13 (FEDORA-2010-17252)
Mock object framework
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #645603 - Review Request: python-mox - Mock object framework
https://bugzilla.redhat.com/show_bug.cgi?id=645603
--------------------------------------------------------------------------------
================================================================================
qbittorrent-2.4.9-1.fc13 (FEDORA-2010-17271)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
* Sun Oct 31 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.4.9
- BUGFIX: Fix crash when pressing enter in save path field in torrent addition dialog
- BUGFIX: Fix crash when deleting a torrent with no metadata (closes #667528)
- BUGFIX: Fix possible crash on clicking a RSS article (closes #575624)
- BUGFIX: Correctly update total number of torrents when a torrent is automatically removed (closes #668726)
- BUGFIX: Correctly display the hash of torrents with no metadata
- BUGFIX: Elide status bar text if it is too wide
- BUGFIX: Make sure the splash screen is displayed for 2 seconds
- BUGFIX: Make listening on a particular interface more reliable
- BUGFIX: Fix torrent size update in torrent addition dialog
- BUGFIX: Fix possible crash on qBittorrent shutdown
- BUGFIX: Fix and improve file priorities editing (closes #669084)
- I18N: Updated Arabic, Italian and Croatian translations
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 1 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.4.9-1
- update to 2.4.9
--------------------------------------------------------------------------------
================================================================================
rubygem-cairo-1.10.0-3.fc13 (FEDORA-2010-17255)
Ruby bindings for cairo
--------------------------------------------------------------------------------
Update Information:
Move C extension library so that 'require "cairo"' works without compat ruby-cairo subpackage being installed.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 31 2010 Mamoru Taska <mtasaka@xxxxxxxxxxxxxxxxxxx> 1.10.0-3
- Move C extension so that "require %gemname" works correctly
--------------------------------------------------------------------------------
================================================================================
rubygem-rest-client-1.6.1-1.fc13 (FEDORA-2010-17269)
Simple REST client for Ruby
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 8 2010 Michal Fojtik <mfojtik@xxxxxxxxxx> - 1.6.1-1
- New version release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #565811 - Review Request: rubygem-rest-client - Simple REST client for Ruby
https://bugzilla.redhat.com/show_bug.cgi?id=565811
--------------------------------------------------------------------------------
================================================================================
sane-backends-1.0.21-4.fc13 (FEDORA-2010-17278)
Scanner access software
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Nils Philippsen <nils@xxxxxxxxxx> - 1.0.21-4
- xerox_mfp: correct color mode malfunction (#614949)
- xerox_mfp: add USB id for SCX-4500W (#614948)
* Fri Jun 25 2010 Nils Philippsen <nils@xxxxxxxxxx> - 1.0.21-3
- build with -fno-strict-aliasing
- use PIC/PIE because SANE-enabled software is likely to deal with data coming
from untrusted sources (client <-> saned via network)
* Mon Jun 7 2010 Nils Philippsen <nils@xxxxxxxxxx>
- rectify devel subpackage description
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #614948 - No SCX-4500W in libsane.rules
https://bugzilla.redhat.com/show_bug.cgi?id=614948
[ 2 ] Bug #614949 - sane-backends-1.0.21-2 broke SCX-4500W color scanning
https://bugzilla.redhat.com/show_bug.cgi?id=614949
--------------------------------------------------------------------------------
================================================================================
skf-1.97.3-1.fc13 (FEDORA-2010-17275)
Utility binary files in Simple Kanji Filter
--------------------------------------------------------------------------------
Update Information:
New version 1.97.3 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1.97.3-1
- 1.97.3
--------------------------------------------------------------------------------
================================================================================
squid-3.1.9-3.fc13 (FEDORA-2010-17270)
The Squid proxy caching server
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 4 2010 Jiri Skala <jskala@xxxxxxxxxx> - 7:3.1.9-3
- fixes #647967 - build with -fPIE option back and dropped proper libltdl usage
* Mon Oct 25 2010 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> - 7:3.1.9-2
- Upstrean 3.1.9 bugfix release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #647967 - copyright attribution, compilation security settings and spec-file cleanups
https://bugzilla.redhat.com/show_bug.cgi?id=647967
--------------------------------------------------------------------------------
================================================================================
sunbird-1.0-0.31.b3pre.fc13 (FEDORA-2010-17279)
Calendar application built upon Mozilla toolkit
--------------------------------------------------------------------------------
Update Information:
- Wrong library path fixed
- Subpackage thunderbird-lightning moved to thunderbird package
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-0.31.b3pre
- Disable thunderbird-lightning extension
- The thunderbird-lightning extension moved to thunderbird package
--------------------------------------------------------------------------------
================================================================================
thunderbird-3.1.6-2.fc13 (FEDORA-2010-17279)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
- Wrong library path fixed
- Subpackage thunderbird-lightning moved to thunderbird package
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Jan Horak <jhorak@xxxxxxxxxx> - 3.1.6-2
- Move thunderbird-lightning extension from Sunbird package to Thunderbird
- Removed dependency on static libraries
--------------------------------------------------------------------------------
================================================================================
workrave-1.9.2-1.fc13 (FEDORA-2010-17265)
Program that assists in the recovery and prevention of RSI
--------------------------------------------------------------------------------
Update Information:
This new upstream release adds a few small UI improvements and fixes many bugs including some aborts due to X errors.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 3 2010 Tomas Mraz <tmraz@xxxxxxxxxx> - 1.9.2-1
- new upstream release hopefully fixing at least some of the aborts
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
