The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/openttd-1.0.5-1.fc14
https://admin.fedoraproject.org/updates/fontforge-20100501-5.fc14
https://admin.fedoraproject.org/updates/clamav-0.96.5-1400.fc14
https://admin.fedoraproject.org/updates/phpMyAdmin-3.3.8.1-1.fc14
https://admin.fedoraproject.org/updates/bind-9.7.2-4.P3.fc14
https://admin.fedoraproject.org/updates/krb5-1.8.2-7.fc14
https://admin.fedoraproject.org/updates/mailman-2.1.13-6.fc14.1
https://admin.fedoraproject.org/updates/exim-4.72-2.fc14
https://admin.fedoraproject.org/updates/bareftp-0.3.7-1.fc14
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/gstreamer-0.10.31-1.fc14,gstreamer-plugins-base-0.10.31-1.fc14,gstreamer-plugins-good-0.10.26-1.fc14
https://admin.fedoraproject.org/updates/elfutils-0.150-2.fc14
https://admin.fedoraproject.org/updates/libsoup-2.32.2-1.fc14
https://admin.fedoraproject.org/updates/python-decorator-3.2.1-1.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.10-1.fc14
The following builds have been pushed to Fedora 14 updates-testing
clamav-0.96.5-1400.fc14
fontforge-20100501-5.fc14
ghc-regex-tdfa-1.1.7-1.fc14
libfm-0.1.15-1.git3ec0a717ad.fc14
openttd-1.0.5-1.fc14
openvas-client-3.0.2-1.fc14
pcmanfm-0.9.9-1.git0f075cf5ba.fc14
qbittorrent-2.5.0-1.fc14
qbittorrent-2.5.1-1.fc14
slingshot-0.8.1p-5.fc14
xmp-3.3.0-1.fc14
Details about builds:
================================================================================
clamav-0.96.5-1400.fc14 (FEDORA-2010-18568)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2010 Enrico Scholz <enrico.scholz@xxxxxxxxxxxxxxxxxxxxxxxxx> - 0.96.5-1400
- updated to 0.96.5
- CVE-2010-4260 Multiple errors within the processing of PDF files can
be exploited to e.g. cause a crash.
- CVE-2010-4261 An off-by-one error within the "icon_cb()" function
can be exploited to cause a memory corruption.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #659861 - CVE-2010-4260 CVE-2010-4261 clamav: multiple flaws corrected in 0.96.5
https://bugzilla.redhat.com/show_bug.cgi?id=659861
--------------------------------------------------------------------------------
================================================================================
fontforge-20100501-5.fc14 (FEDORA-2010-18573)
Outline and bitmap font editor
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2010-4259 crash. See bug for proof of concept test.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2010 Kevin Fenzi <kevin@xxxxxxxxx> - 20100501-5
- Add patch for CVE-2010-4259
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #659359 - CVE-2010-4259 FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header
https://bugzilla.redhat.com/show_bug.cgi?id=659359
--------------------------------------------------------------------------------
================================================================================
ghc-regex-tdfa-1.1.7-1.fc14 (FEDORA-2010-18563)
Haskell regular expression library
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 28 2010 Lakshmi Narasimhan T V <lakshminaras2002@xxxxxxxxx> - 1.1.7-1
- package updated to 1.1.7
--------------------------------------------------------------------------------
================================================================================
libfm-0.1.15-1.git3ec0a717ad.fc14 (FEDORA-2010-18565)
GIO-based library for file manager-like programs
--------------------------------------------------------------------------------
Update Information:
libfm, pcmanfm are upgraded to the latest git to
fix various problem.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 5 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx>
- Update to the latest git
--------------------------------------------------------------------------------
================================================================================
openttd-1.0.5-1.fc14 (FEDORA-2010-18572)
Transport system simulation game
--------------------------------------------------------------------------------
Update Information:
- 1.0.5
- fixes CVE-2010-4168 Denial of service (server/client) via invalid read
- switched to using the XZ tarball
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 21 2010 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1.0.5-1
- 1.0.5
- fixes CVE-2010-4168 Denial of service (server/client) via invalid read
- switched to using the XZ tarball
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654376 - CVE-2010-4168 OpenTTD: multiple remote DoS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=654376
--------------------------------------------------------------------------------
================================================================================
openvas-client-3.0.2-1.fc14 (FEDORA-2010-18561)
Client component of Open Vulnerability Assessment (OpenVAS) Scanner
--------------------------------------------------------------------------------
Update Information:
Sync'ed with the upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 23 2010 Stjepan Gros <stjepan.gros@xxxxxxxxx> - 3.0.2-1
- Synced with latest stable upstream release
- Removed patches because upstream applied them
--------------------------------------------------------------------------------
================================================================================
pcmanfm-0.9.9-1.git0f075cf5ba.fc14 (FEDORA-2010-18565)
Extremly fast and lightweight file manager
--------------------------------------------------------------------------------
Update Information:
libfm, pcmanfm are upgraded to the latest git to
fix various problem.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 5 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx>
- Update to the latest git
--------------------------------------------------------------------------------
================================================================================
qbittorrent-2.5.0-1.fc14 (FEDORA-2010-18569)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
* Sun Dec 5 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.5.0
- FEATURE: qBittorrent can now act as a tracker
- FEATURE: New and improved RSS feed automated downloader
- FEATURE: Added feature to shutdown qbittorrent on torrents completion
- FEATURE: Added a torrent import assistant to seed or keep downloading outside torrents
- FEATURE: qBittorrent can update itself from Sourceforge (Windows/Mac OS X only)
- FEATURE: Added a transfer list column to display the current tracker
- FEATURE: Remember the last trackers used in the torrent creation tool
- FEATURE: The optimal piece size is now automatically computed in the torrent creation tool
- FEATURE: Bring up the connection settings when clicking on the connection status icon
- FEATURE: Major code refactoring and optimization
- FEATURE: Added "Amount downloaded/left" columns to transfer list
- FEATURE: Simplified proxy settings
- FEATURE: Optimized and improved the peer country resolution code
- FEATURE: Download first/last pieces first when sequential download is
enabled (Thanks Ahmad)
- FEATURE: Download first/last pieces first now applies to all media files
in the torrent (Thanks Ahmad)
- BUGFIX: Fix SOCKS5 proxy authentication in search engine(closes #680072)
- BUGFIX: Fix two advanced settings (ignore limits on LAN and protocol
overhead inclusion in rate limiter)
- BUGFIX: Fix strict super seeding (was not working)
- BUGFIX: Improve magnet save path handling (closes #683395)
- BUGFIX: Disable overwrite confirmation in torrent addition dialog (closes # 685269)
- COSMETIC: Replaced message box by on-screen notification for download errors
- COSMETIC: Improved the torrent creation tool appearance
- COSMETIC: Use country flags by Mark James (Thanks to Dmytro Pukha)
- COSMETIC: Use bigger alternative speed icon
- OTHERS: Dropped support for Qt <= 4.4
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 5 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.5.0-1
- update to 2.5.0 release
--------------------------------------------------------------------------------
================================================================================
qbittorrent-2.5.1-1.fc14 (FEDORA-2010-18575)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
* Sun Dec 5 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.5.1
- BUGFIX: Fix possible crash when right-clicking on a torrent
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 5 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.5.1-1
- update to 2.5.1
* Sun Dec 5 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.5.0-1
- update to 2.5.0 release
--------------------------------------------------------------------------------
================================================================================
slingshot-0.8.1p-5.fc14 (FEDORA-2010-18574)
A Newtonian strategy game
--------------------------------------------------------------------------------
Update Information:
Fixes several crashes on startup.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2010 Jon Ciesla <limb@xxxxxxxxxxxx> - 0.8.1p-5
- Fix for crash, BZ 652244.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #652244 - Slingshot will not start
https://bugzilla.redhat.com/show_bug.cgi?id=652244
--------------------------------------------------------------------------------
================================================================================
xmp-3.3.0-1.fc14 (FEDORA-2010-18566)
A multi-format module player
--------------------------------------------------------------------------------
Update Information:
Bugfixes and minor enhancements, upstream changelog: http://sourceforge.net/projects/xmp/files/xmp/3.3.0/ChangeLog/view
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2010 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 3.3.0-1
- updated to 3.3.0
- drop obsolete patches
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
