The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/openttd-1.0.5-1.fc13
https://admin.fedoraproject.org/updates/bind-9.7.2-1.P3.fc13,bind-dyndb-ldap-0.1.0-0.10.a1.20091210git.fc13,dnsperf-1.0.1.0-19.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.7-63.fc13
https://admin.fedoraproject.org/updates/fontforge-20090923-4.fc13
https://admin.fedoraproject.org/updates/clamav-0.96.5-1300.fc13
https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13
https://admin.fedoraproject.org/updates/phpMyAdmin-3.3.8.1-1.fc13
https://admin.fedoraproject.org/updates/wireshark-1.2.13-1.fc13
https://admin.fedoraproject.org/updates/krb5-1.7.1-16.fc13
https://admin.fedoraproject.org/updates/bareftp-0.3.7-1.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/perl-5.10.1-121.fc13,perl-CGI-3.50-2.fc13
https://admin.fedoraproject.org/updates/elfutils-0.150-2.fc13
https://admin.fedoraproject.org/updates/mingetty-1.08-6.fc13
https://admin.fedoraproject.org/updates/sendmail-8.14.4-6.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
The following builds have been pushed to Fedora 13 updates-testing
clamav-0.96.5-1300.fc13
fontforge-20090923-4.fc13
ghc-regex-tdfa-1.1.7-1.fc13
gnome-chemistry-utils-0.12.5-2.fc13
gnumeric-1.10.12-1.fc13
goffice-0.8.12-1.fc13
openttd-1.0.5-1.fc13
qbittorrent-2.5.0-1.fc13
qbittorrent-2.5.1-1.fc13
xmp-3.3.0-1.fc13
Details about builds:
================================================================================
clamav-0.96.5-1300.fc13 (FEDORA-2010-18564)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2010 Enrico Scholz <enrico.scholz@xxxxxxxxxxxxxxxxxxxxxxxxx> - 0.96.5-1300
- updated to 0.96.5
- CVE-2010-4260 Multiple errors within the processing of PDF files can
be exploited to e.g. cause a crash.
- CVE-2010-4261 An off-by-one error within the "icon_cb()" function
can be exploited to cause a memory corruption.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #659861 - CVE-2010-4260 CVE-2010-4261 clamav: multiple flaws corrected in 0.96.5
https://bugzilla.redhat.com/show_bug.cgi?id=659861
--------------------------------------------------------------------------------
================================================================================
fontforge-20090923-4.fc13 (FEDORA-2010-18577)
Outline and bitmap font editor
--------------------------------------------------------------------------------
Update Information:
fixes CVE-2010-4259 crash. See bug for proof of concept to test with.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2010 Kevin Fenzi <kevin@xxxxxxxxx> - 20090923-4
- Add patch to fix CVE-2010-4259 (fixes #659359)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #659359 - CVE-2010-4259 FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header
https://bugzilla.redhat.com/show_bug.cgi?id=659359
--------------------------------------------------------------------------------
================================================================================
ghc-regex-tdfa-1.1.7-1.fc13 (FEDORA-2010-18562)
Haskell regular expression library
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 28 2010 Lakshmi Narasimhan T V <lakshminaras2002@xxxxxxxxx> - 1.1.7-1
- package updated to 1.1.7
--------------------------------------------------------------------------------
================================================================================
gnome-chemistry-utils-0.12.5-2.fc13 (FEDORA-2010-18576)
A set of chemical utilities
--------------------------------------------------------------------------------
Update Information:
This update syncs goffice and gnumeric with their latest upstream bugfix releases:
* ftp://ftp.gnome.org/pub/GNOME/sources/goffice/0.8/goffice-0.8.12.news
* ftp://ftp.gnome.org/pub/gnome/sources/gnumeric/1.10/gnumeric-1.10.12.news
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2010 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.12.5-2
- Rebuilt for goffice-0.8.12 and gnumeric-1.10.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654099 - Gnumeric file history shows ODT files
https://bugzilla.redhat.com/show_bug.cgi?id=654099
--------------------------------------------------------------------------------
================================================================================
gnumeric-1.10.12-1.fc13 (FEDORA-2010-18576)
Spreadsheet program for GNOME
--------------------------------------------------------------------------------
Update Information:
This update syncs goffice and gnumeric with their latest upstream bugfix releases:
* ftp://ftp.gnome.org/pub/GNOME/sources/goffice/0.8/goffice-0.8.12.news
* ftp://ftp.gnome.org/pub/gnome/sources/gnumeric/1.10/gnumeric-1.10.12.news
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2010 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 1:1.10.12-1
- Updated to 1.10.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654099 - Gnumeric file history shows ODT files
https://bugzilla.redhat.com/show_bug.cgi?id=654099
--------------------------------------------------------------------------------
================================================================================
goffice-0.8.12-1.fc13 (FEDORA-2010-18576)
Goffice support libraries
--------------------------------------------------------------------------------
Update Information:
This update syncs goffice and gnumeric with their latest upstream bugfix releases:
* ftp://ftp.gnome.org/pub/GNOME/sources/goffice/0.8/goffice-0.8.12.news
* ftp://ftp.gnome.org/pub/gnome/sources/gnumeric/1.10/gnumeric-1.10.12.news
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2010 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.8.12-1
- Updated to 0.8.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654099 - Gnumeric file history shows ODT files
https://bugzilla.redhat.com/show_bug.cgi?id=654099
--------------------------------------------------------------------------------
================================================================================
openttd-1.0.5-1.fc13 (FEDORA-2010-18571)
Transport system simulation game
--------------------------------------------------------------------------------
Update Information:
- 1.0.5
- fixes CVE-2010-4168 Denial of service (server/client) via invalid read
- switched to using the XZ tarball
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 21 2010 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1.0.5-1
- 1.0.5
- fixes CVE-2010-4168 Denial of service (server/client) via invalid read
- switched to using the XZ tarball
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654376 - CVE-2010-4168 OpenTTD: multiple remote DoS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=654376
--------------------------------------------------------------------------------
================================================================================
qbittorrent-2.5.0-1.fc13 (FEDORA-2010-18567)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
* Sun Dec 5 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.5.0
- FEATURE: qBittorrent can now act as a tracker
- FEATURE: New and improved RSS feed automated downloader
- FEATURE: Added feature to shutdown qbittorrent on torrents completion
- FEATURE: Added a torrent import assistant to seed or keep downloading outside torrents
- FEATURE: qBittorrent can update itself from Sourceforge (Windows/Mac OS X only)
- FEATURE: Added a transfer list column to display the current tracker
- FEATURE: Remember the last trackers used in the torrent creation tool
- FEATURE: The optimal piece size is now automatically computed in the torrent creation tool
- FEATURE: Bring up the connection settings when clicking on the connection status icon
- FEATURE: Major code refactoring and optimization
- FEATURE: Added "Amount downloaded/left" columns to transfer list
- FEATURE: Simplified proxy settings
- FEATURE: Optimized and improved the peer country resolution code
- FEATURE: Download first/last pieces first when sequential download is
enabled (Thanks Ahmad)
- FEATURE: Download first/last pieces first now applies to all media files
in the torrent (Thanks Ahmad)
- BUGFIX: Fix SOCKS5 proxy authentication in search engine(closes #680072)
- BUGFIX: Fix two advanced settings (ignore limits on LAN and protocol
overhead inclusion in rate limiter)
- BUGFIX: Fix strict super seeding (was not working)
- BUGFIX: Improve magnet save path handling (closes #683395)
- BUGFIX: Disable overwrite confirmation in torrent addition dialog (closes # 685269)
- COSMETIC: Replaced message box by on-screen notification for download errors
- COSMETIC: Improved the torrent creation tool appearance
- COSMETIC: Use country flags by Mark James (Thanks to Dmytro Pukha)
- COSMETIC: Use bigger alternative speed icon
- OTHERS: Dropped support for Qt <= 4.4
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 5 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.5.0-1
- update to 2.5.0 release
--------------------------------------------------------------------------------
================================================================================
qbittorrent-2.5.1-1.fc13 (FEDORA-2010-18570)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
* Sun Dec 5 2010 - Christophe Dumez <chris@xxxxxxxxxxxxxxx> - v2.5.1
- BUGFIX: Fix possible crash when right-clicking on a torrent
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 5 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.5.1-1
- update to 2.5.1
* Sun Dec 5 2010 leigh scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.5.0-1
- update to 2.5.0 release
--------------------------------------------------------------------------------
================================================================================
xmp-3.3.0-1.fc13 (FEDORA-2010-18578)
A multi-format module player
--------------------------------------------------------------------------------
Update Information:
Bugfixes and minor enhancements, upstream changelog: http://sourceforge.net/projects/xmp/files/xmp/3.3.0/ChangeLog/view
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2010 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 3.3.0-1
- updated to 3.3.0
- drop obsolete patches
* Wed Jul 21 2010 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 3.2.0-3
- Patch and rebuild for Audacious 2.4 beta1 generic plugin API/ABI bump.
* Thu Jul 15 2010 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 3.2.0-2
- Rebuild for Audacious 2.4 alpha3 generic plugin API/ABI bump.
* Thu Jul 8 2010 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 3.2.0-1
- updated to 3.2.0
- fixed compilation on rawhide
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
