The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/bind-9.7.2-1.P3.fc13,bind-dyndb-ldap-0.1.0-0.10.a1.20091210git.fc13,dnsperf-1.0.1.0-19.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.7-63.fc13
https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13
https://admin.fedoraproject.org/updates/phpMyAdmin-3.3.8.1-1.fc13
https://admin.fedoraproject.org/updates/wireshark-1.2.13-1.fc13
https://admin.fedoraproject.org/updates/krb5-1.7.1-16.fc13
https://admin.fedoraproject.org/updates/bareftp-0.3.7-1.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/kernel-2.6.34.7-63.fc13
https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-74.fc13
https://admin.fedoraproject.org/updates/perl-5.10.1-121.fc13,perl-CGI-3.50-2.fc13
https://admin.fedoraproject.org/updates/elfutils-0.150-2.fc13
https://admin.fedoraproject.org/updates/livecd-tools-13.0-1.fc13
https://admin.fedoraproject.org/updates/mingetty-1.08-6.fc13
https://admin.fedoraproject.org/updates/sendmail-8.14.4-6.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
The following builds have been pushed to Fedora 13 updates-testing
3Depict-0.0.3-1.fc13
PyQuante-1.6.3-7.174svn.fc13
bind-9.7.2-1.P3.fc13
bind-dyndb-ldap-0.1.0-0.10.a1.20091210git.fc13
cobbler-2.0.8-1.fc13
dnsperf-1.0.1.0-19.fc13
elfutils-0.150-2.fc13
ibus-input-pad-0.1.4-1.fc13
jnr-netdb-1.0.1-3.fc13
jnr-posix-1.1.4-3.fc13
kernel-2.6.34.7-63.fc13
publican-2.5-1.fc13
rubygem-boxgrinder-build-0.6.4-3.fc13
tortoisehg-1.1.7-1.fc13
wmfrog-0.3.1-1.fc13
Details about builds:
================================================================================
3Depict-0.0.3-1.fc13 (FEDORA-2010-18487)
Valued 3D point cloud visualization and analysis
--------------------------------------------------------------------------------
Update Information:
Update to 0.0.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 26 2010 D Haley <mycae(a!t)yahoo.com> - 0.0.3-1
- Update to 0.0.3
--------------------------------------------------------------------------------
================================================================================
PyQuante-1.6.3-7.174svn.fc13 (FEDORA-2010-18497)
Python Quantum Chemistry
--------------------------------------------------------------------------------
Update Information:
Rebuild against newly recompiled libint. Added Requires: openbabel. Split libint module into separate package due to different licensing.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.6.3-7.174svn
- Rebuild against libint, which was recompiled to support basis sets of
larger angular momentum.
* Wed Dec 1 2010 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.6.3-6.174svn
- Added Requires: openbabel.
- Split libint library in a separate package due to the resulting binary
being GPLv2+ licensed.
--------------------------------------------------------------------------------
================================================================================
bind-9.7.2-1.P3.fc13 (FEDORA-2010-18521)
The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
--------------------------------------------------------------------------------
Update Information:
Update to 9.7.2-P3 release which contains various security fixes.
This update also provides bind-dyndb-ldap and dnsperf packages rebuild against updated bind.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2010 Adam Tkac <atkac redhat com> 32:9.7.2-1.P3
- update to 9.7.2-P3
* Mon Nov 29 2010 Jan GÃrig <jgorig redhat com> 32:9.7.1-3.P2
- added root zone DNS key
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #658974 - CVE-2010-3613 bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named
https://bugzilla.redhat.com/show_bug.cgi?id=658974
[ 2 ] Bug #658977 - CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure
https://bugzilla.redhat.com/show_bug.cgi?id=658977
--------------------------------------------------------------------------------
================================================================================
bind-dyndb-ldap-0.1.0-0.10.a1.20091210git.fc13 (FEDORA-2010-18521)
LDAP back-end plug-in for BIND
--------------------------------------------------------------------------------
Update Information:
Update to 9.7.2-P3 release which contains various security fixes.
This update also provides bind-dyndb-ldap and dnsperf packages rebuild against updated bind.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 3 2010 Adam Tkac <atkac redhat com> - 0.1.0-0.10.a1.20091210git
- rebuild against new bind
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #658974 - CVE-2010-3613 bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named
https://bugzilla.redhat.com/show_bug.cgi?id=658974
[ 2 ] Bug #658977 - CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure
https://bugzilla.redhat.com/show_bug.cgi?id=658977
--------------------------------------------------------------------------------
================================================================================
cobbler-2.0.8-1.fc13 (FEDORA-2010-18507)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
New upstream release, see CHANGELOG for full list of updates.
Cobbler 2.0.4 release
Cobbler 2.0.4 release
Cobbler 2.0.4 release
Cobbler 2.0.4 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 3 2010 Scott Henson <shenson@xxxxxxxxxx> - 2.0.8-1
- New upstream release
* Mon Oct 18 2010 Scott Henson <shenson@xxxxxxxxxx> - 2.0.7-1
- Bug fix relase, see Changelog for details
* Tue Jul 13 2010 Scott Henson <shenson@xxxxxxxxxx> - 2.0.5-1
- Bug fix release, see Changelog for details
* Tue Apr 27 2010 Scott Henson <shenson@xxxxxxxxxx> - 2.0.4-1
- Bug fix release, see Changelog for details
--------------------------------------------------------------------------------
================================================================================
dnsperf-1.0.1.0-19.fc13 (FEDORA-2010-18521)
Benchmarking authorative and recursing DNS servers
--------------------------------------------------------------------------------
Update Information:
Update to 9.7.2-P3 release which contains various security fixes.
This update also provides bind-dyndb-ldap and dnsperf packages rebuild against updated bind.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 3 2010 Adam Tkac <atkac redhat com> - 1.0.1.0-19
- rebuild against new bind
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #658974 - CVE-2010-3613 bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named
https://bugzilla.redhat.com/show_bug.cgi?id=658974
[ 2 ] Bug #658977 - CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure
https://bugzilla.redhat.com/show_bug.cgi?id=658977
--------------------------------------------------------------------------------
================================================================================
elfutils-0.150-2.fc13 (FEDORA-2010-18148)
A collection of utilities and DSOs to handle compiled objects
--------------------------------------------------------------------------------
Update Information:
This update fixes bugs in handling prelinked DSO files with separate debug files and in handling files with very large .debug_aranges sections.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2010 Roland McGrath <roland@xxxxxxxxxx> - 0.150-2
- libdwfl: Remove bogus assert. (#658268)
* Tue Nov 23 2010 Roland McGrath <roland@xxxxxxxxxx> - 0.150-1
- Update to 0.150
- libdw: Fix for handling huge .debug_aranges section. (#638432)
- libdwfl: Fix for handling prelinked DSO with separate debug file. (#652857)
- findtextrel: Fix diagnostics to work with usual section ordering.
* Wed Sep 29 2010 jkeating - 0.149-2
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #638432 - [abrt] elfutils-0.149-1.fc13: dwarf_getaranges: Process /usr/bin/eu-findtextrel was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=638432
[ 2 ] Bug #652857 - misaddresed user-space probes on prelinked shared libraries on i686 (REL)
https://bugzilla.redhat.com/show_bug.cgi?id=652857
--------------------------------------------------------------------------------
================================================================================
ibus-input-pad-0.1.4-1.fc13 (FEDORA-2010-18513)
Input Pad for IBus
--------------------------------------------------------------------------------
Update Information:
Updated package is available.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 3 2010 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 0.1.4-1
- Bumped to 0.1.4
--------------------------------------------------------------------------------
================================================================================
jnr-netdb-1.0.1-3.fc13 (FEDORA-2010-18494)
Network services database access for java
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #646637 - Review Request: jnr-netdb - Network services database access for java
https://bugzilla.redhat.com/show_bug.cgi?id=646637
--------------------------------------------------------------------------------
================================================================================
jnr-posix-1.1.4-3.fc13 (FEDORA-2010-18503)
Java Posix layer
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #561477 - Review Request: jnr-posix - Java Posix layer
https://bugzilla.redhat.com/show_bug.cgi?id=561477
--------------------------------------------------------------------------------
================================================================================
kernel-2.6.34.7-63.fc13 (FEDORA-2010-18506)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
Various security fixes and bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 3 2010 Kyle McMartin <kyle@xxxxxxxxxx> 2.6.34.7-63
- Enable hpilo.ko on x86_64. (#571329)
* Mon Nov 29 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Make ima an opt-in parameter like we did in F-14. Pass ima=on if you want
it enabled.
* Mon Nov 29 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Backport XFS fixes for the kernel.org xfs boog. [4d4e307a]
Needed two other backports to simplify life.
* Fri Nov 26 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Quiet a netlink build warning the INET_DIAG fix caused.
* Fri Nov 26 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Plug stack leaks in tty/serial drivers. (#648663, #648660)
* Fri Nov 26 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- r8169 fixes from sgruszka@xxxxxxxxxx (#502974)
* Wed Nov 24 2010 John W. Linville <linville@xxxxxxxxxx>
- rtl8180: improve signal reporting for rtl8185 hardware
- rtl8180: improve signal reporting for actual rtl8180 hardware
* Tue Nov 23 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- zero struct memory in ipc compat (CVE-2010-4073) (#648658)
- zero struct memory in ipc shm (CVE-2010-4072) (#648656)
- fix logic error in INET_DIAG bytecode auditing (CVE-2010-3880) (#651264)
- posix-cpu-timers: workaround to suppress the problems with mt exec
(rhbz#656264)
- clear memory in viafb ioctl (CVE-2010-4082) (#648671)
* Fri Oct 22 2010 Kyle McMartin <kyle@xxxxxxxxxx> 2.6.34.7-62
- tpm-autodetect-itpm-devices.patch: Auto-fix TPM issues on various
laptops which prevented suspend/resume.
- depessimize-rds_copy_page_user.patch: Fix CVE-2010-3904, local
privilege escalation via RDS protocol.
- rt2x00: Backport fixes for #642031 from Stanislaw Gruszka.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #648663 - CVE-2010-4077 kernel: drivers/char/nozomi.c: reading uninitialized stack memory
https://bugzilla.redhat.com/show_bug.cgi?id=648663
[ 2 ] Bug #648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory
https://bugzilla.redhat.com/show_bug.cgi?id=648660
[ 3 ] Bug #648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory
https://bugzilla.redhat.com/show_bug.cgi?id=648658
[ 4 ] Bug #648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory
https://bugzilla.redhat.com/show_bug.cgi?id=648656
[ 5 ] Bug #651264 - CVE-2010-3880 kernel: logic error in INET_DIAG bytecode auditing
https://bugzilla.redhat.com/show_bug.cgi?id=651264
[ 6 ] Bug #656264 - CVE-2010-4248 kernel: posix-cpu-timers: workaround to suppress the problems with mt exec
https://bugzilla.redhat.com/show_bug.cgi?id=656264
[ 7 ] Bug #648671 - CVE-2010-4082 kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory
https://bugzilla.redhat.com/show_bug.cgi?id=648671
--------------------------------------------------------------------------------
================================================================================
publican-2.5-1.fc13 (FEDORA-2010-18499)
Common files and scripts for publishing with DocBook XML
--------------------------------------------------------------------------------
Update Information:
* Thu Dec 2 2010 RÃdiger Landmann <r.landmann@xxxxxxxxxx> 2.5-1
- Rebase on new upstream version -- BZ#659589 BZ#659590 BZ#659591
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2010 RÃdiger Landmann <r.landmann@xxxxxxxxxx> 2.5-1
- Rebase on new upstream version -- BZ#659589 BZ#659590 BZ#659591
* Thu Dec 2 2010 RÃdiger Landmann <r.landmann@xxxxxxxxxx> 2.4-1
- Rebase on new upstream version -- BZ#659127 BZ#659128 BZ#659129
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #659591 - Update to new upstream version
https://bugzilla.redhat.com/show_bug.cgi?id=659591
--------------------------------------------------------------------------------
================================================================================
rubygem-boxgrinder-build-0.6.4-3.fc13 (FEDORA-2010-18511)
A tool for creating appliances from simple plain text files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #652400 - Review Request: rubygem-boxgrinder-build - Creates appliances for various virtual environments
https://bugzilla.redhat.com/show_bug.cgi?id=652400
--------------------------------------------------------------------------------
================================================================================
tortoisehg-1.1.7-1.fc13 (FEDORA-2010-18520)
Mercurial GUI command line tool hgtk
--------------------------------------------------------------------------------
Update Information:
This is a bug fix release, with minor improvements. Users are recommended to upgrade.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2010 Mads Kiilerich <mads@xxxxxxxxxxxxx> - 1.1.7-1
- tortoisehg-1.1.7
* Tue Nov 16 2010 Mads Kiilerich <mads@xxxxxxxxxxxxx> - 1.1.6.1-1
- tortoisehg-1.1.6.1
* Tue Nov 16 2010 Mads Kiilerich <mads@xxxxxxxxxxxxx> - 1.1.6-1
- tortoisehg-1.1.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #659431 - tortoisehg-1.1.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=659431
--------------------------------------------------------------------------------
================================================================================
wmfrog-0.3.1-1.fc13 (FEDORA-2010-18492)
A weather application, it shows the weather in a graphical way
--------------------------------------------------------------------------------
Update Information:
Fix weather parser
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2010 Petr Pisar <ppisar@xxxxxxxxxx> - 0.3.1-1
- 0.3.1 bump
- Fixed clouds/wind parsing issues
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
