The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/libwmf-0.2.8.4-27.fc14
https://admin.fedoraproject.org/updates/seamonkey-2.0.11-1.fc14
https://admin.fedoraproject.org/updates/eclipse-3.6.1-6.1.fc14
https://admin.fedoraproject.org/updates/git-1.7.3.4-1.fc14
https://admin.fedoraproject.org/updates/drupal-views-6.x.2.12-1.fc14
https://admin.fedoraproject.org/updates/collectd-4.9.4-1.fc14
https://admin.fedoraproject.org/updates/php-5.3.4-1.fc14.1,php-eaccelerator-0.9.6.1-3.fc14,maniadrive-1.2-23.fc14
https://admin.fedoraproject.org/updates/ImageMagick-6.6.4.1-15.fc14
https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.112-2.fc14
https://admin.fedoraproject.org/updates/exim-4.72-2.fc14
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/kernel-2.6.35.10-68.fc14
https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-18.fc14
https://admin.fedoraproject.org/updates/cronie-1.4.5-4.fc14
https://admin.fedoraproject.org/updates/ncurses-5.7-9.20100703.fc14
https://admin.fedoraproject.org/updates/python-decorator-3.2.1-1.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.10-1.fc14
The following builds have been pushed to Fedora 14 updates-testing
GLC_Player-2.2.0-1.fc14
GLC_lib-2.0.0-1.fc14
ImageMagick-6.6.4.1-15.fc14
collectd-4.9.4-1.fc14
fcitx-4.0.1-1.fc14
gnote-0.7.3-4.fc14
jss-4.2.6-10.fc14
kernel-2.6.35.10-68.fc14
ksh-20101212-1.fc14
libspatialite-2.4.0-0.5.RC4.fc14
libwmf-0.2.8.4-27.fc14
man-pages-zh-CN-1.5.1-3.fc14
mingw32-cairo-1.10.0-2.fc14
mingw32-cairomm-1.9.2-1.fc14
partimage-0.6.9-1.fc14
perl-Object-Pluggable-1.29-1.fc14
workrave-1.9.3-1.fc14
Details about builds:
================================================================================
GLC_Player-2.2.0-1.fc14 (FEDORA-2010-19032)
GLC_Player is an Open Source software used to view 3d models (OBJ Format)
--------------------------------------------------------------------------------
Update Information:
Lot of improvements:
http://www.glc-player.net/fr/news.php
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 9 2010 Nicolas Chauvet <kwizart@xxxxxxxxx> - 2.2.0-1
- Update to 2.2.0
--------------------------------------------------------------------------------
================================================================================
GLC_lib-2.0.0-1.fc14 (FEDORA-2010-19032)
C++ class library for OpenGL application based on Qt 4
--------------------------------------------------------------------------------
Update Information:
Lot of improvements:
http://www.glc-player.net/fr/news.php
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 9 2010 Nicolas Chauvet <kwizart@xxxxxxxxx> - 2.0.0-1
- Update to 2.0.0
--------------------------------------------------------------------------------
================================================================================
ImageMagick-6.6.4.1-15.fc14 (FEDORA-2010-19025)
An X application for displaying and manipulating images
--------------------------------------------------------------------------------
Update Information:
Backport Patch2: diff-ImageMagick_trunk_magick_configure.c-from-r2002-to-r3022.diff
Fix CVE-2010-4167
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Pavel Alexeev <Pahan@xxxxxxxxxxxxx> - 6.6.4.1-15
- Backport Patch2: diff-ImageMagick_trunk_magick_configure.c-from-r2002-to-r3022.diff (BZ#652860, BZ#653577)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #652860 - CVE-2010-4167 ImageMagick: configuration files read from $CWD may allow arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=652860
--------------------------------------------------------------------------------
================================================================================
collectd-4.9.4-1.fc14 (FEDORA-2010-19031)
Statistics collection daemon for filling RRD files
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Alan Pevec <apevec@xxxxxxxxxx> 4.9.4-1
- New upstream version 4.9.4
http://collectd.org/news.shtml#news86
- fixes CVE-2010-4336 (rhbz#663799)
* Wed Sep 29 2010 jkeating - 4.9.2-1.1
- Rebuilt for gcc bug 634757
* Tue Jun 8 2010 Alan Pevec <apevec@xxxxxxxxxx> 4.9.2-1
- New upstream version 4.9.2
http://collectd.org/news.shtml#news83
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #663797 - CVE-2010-4336 collectd: DoS via the RRDtool and RRDCacheD plugins
https://bugzilla.redhat.com/show_bug.cgi?id=663797
--------------------------------------------------------------------------------
================================================================================
fcitx-4.0.1-1.fc14 (FEDORA-2010-19034)
Free Chinese Input Toy for X (XIM)
--------------------------------------------------------------------------------
Update Information:
Upgrade to FCITX 4.0.1 for bugfix
Update to fcitx 4.0.0
Update to fcitx 4.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Liang Suilong <liangsuilong@xxxxxxxxx> - 4.0.1-1
- Update to 4.0.1
* Fri Nov 19 2010 Chen Lei <supercyper@xxxxxxx> - 4.0.0-1
- Update to 4.0.0
--------------------------------------------------------------------------------
================================================================================
gnote-0.7.3-4.fc14 (FEDORA-2010-19030)
Note-taking application
--------------------------------------------------------------------------------
Update Information:
Fixes add-in enable/disable status being unpreserved when running gnote as a application.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.3-4
- Add the patch
* Fri Dec 17 2010 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.3-3
- Fix gnote losing add-in status when running as app
- Resolves rhbz#654562
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654562 - Can lose plugin enabled/disabled state on logout
https://bugzilla.redhat.com/show_bug.cgi?id=654562
--------------------------------------------------------------------------------
================================================================================
jss-4.2.6-10.fc14 (FEDORA-2010-19018)
Java Security Services (JSS)
--------------------------------------------------------------------------------
Update Information:
relocate jar to %{_libdir} per guidelines with respect to jni
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 16 2010 John Dennis <jdennis@xxxxxxxxxx> - 4.2.6-10
- move jar location to %{_libdir}/jss and provide symlinks, on 32bit looks like this:
/usr/lib/java/jss4.jar -> /usr/lib/jss/jss4.jar
/usr/lib/jss/jss4-<version>.jar
/usr/lib/jss/jss4.jar -> jss4-<version>.jar
/usr/lib/jss/libjss4.so
* Mon Dec 6 2010 John Dennis <jdennis@xxxxxxxxxx> - 4.2.6-9
- Resolves: bug 654657 - <jdennis@xxxxxxxxxx>
Incorrect socket accept error message due to bad pointer arithmetic
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654657 - Incorrect socket accept error message due to bad pointer arithmetic
https://bugzilla.redhat.com/show_bug.cgi?id=654657
--------------------------------------------------------------------------------
================================================================================
kernel-2.6.35.10-68.fc14 (FEDORA-2010-19035)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
Linux 2.6.35.10
Enable C++ demangling in perf.
Attempt to account for load average a bit better.
Enable newt TUI in perf.
Fix TPM stall on boot.
Fix a bug in orinoco wifi driver.
Fix jbd2 warnings with quota.
Fix issues mounting btrfs subvolumes.
Disable ASPM if BIOS asks us to.
V4L rebase to latest upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 16 2010 Jarod Wilson <jarod@xxxxxxxxxx> 2.6.35.10-68
- Additional mceusb updates just sent upstream, hopefully to fix
keybounce/excessive buffering issues
* Wed Dec 15 2010 Jarod Wilson <jarod@xxxxxxxxxx> 2.6.35.10-67
- Rebase v4l/dvb/rc code to latest upstream, should fix a fair
number of ir/rc-related issues, including bugzilla #662071
* Wed Dec 15 2010 Chuck Ebbert <cebbert@xxxxxxxxxx>
- Linux 2.6.35.10
- Remove merged patches and fix up conflicts:
drm-polling-fixes.patch
linux-2.6-v4l-dvb-hdpvr-updates.patch
kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch
- Drop merged patches:
linux-2.6-rcu-sched-warning.patch
pnpacpi-cope-with-invalid-device-ids.patch
ipc-zero-struct-memory-for-compat-fns.patch
ipc-shm-fix-information-leak-to-user.patch
r8169-01-fix-rx-checksum-offload.patch
r8169-02-_re_init-phy-on-resume.patch
r8169-03-fix-broken-checksum-for-invalid-sctp_igmp-packets.patch
hda_realtek-handle-unset-external-amp-bits.patch
* Fri Dec 10 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- pci-disable-aspm-if-bios-asks-us-to.patch: Patch from mjg59 to disable
ASPM if the BIOS has disabled it, but enabled it already on some devices.
* Fri Dec 10 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Fix some issues mounting btrfs devices with subvolumes (#656465)
* Fri Dec 10 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Fix jbd2 warnings when using quotas. (#578674)
* Thu Dec 9 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Snarf patch from wireless-next to fix mdomsch's orinico wifi.
(orinoco: initialise priv->hw before assigning the interrupt)
[229bd792]
* Thu Dec 9 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Copy tpm-fix-stall-on-boot.patch from rawhide tree. (#530393)
* Thu Dec 9 2010 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.35.9-65
- Require newt-devel for building perf, to enable the perf TUI (#661180)
* Wed Dec 8 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- sched-cure-more-NO_HZ-load-average-woes.patch: fix some of the complaints
in 2.6.35+ about load average with dynticks. (rhbz#650934)
* Sat Dec 4 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Enable C++ symbol demangling with perf by linking against libiberty.a,
which is LGPL2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #650934 - Idle System has high load without visible cause
https://bugzilla.redhat.com/show_bug.cgi?id=650934
[ 2 ] Bug #661180 - perf needs newt headers
https://bugzilla.redhat.com/show_bug.cgi?id=661180
[ 3 ] Bug #530393 - tpm_tis 00:0a: tpm_transmit: tpm_send: error -62
https://bugzilla.redhat.com/show_bug.cgi?id=530393
[ 4 ] Bug #578674 - JBD: Spotted dirty metadata buffer
https://bugzilla.redhat.com/show_bug.cgi?id=578674
[ 5 ] Bug #656465 - Systemd and kernel crash after mounting btrfs subvolume disc
https://bugzilla.redhat.com/show_bug.cgi?id=656465
--------------------------------------------------------------------------------
================================================================================
ksh-20101212-1.fc14 (FEDORA-2010-19024)
The Original ATT Korn Shell
--------------------------------------------------------------------------------
Update Information:
- A bug in which typeset -l displayed namespaces as well as lower case variables has been fixed.
- A bug in which a pipeline could terminate prematurely for a pipeline whose right hand side is a builtin, and whose left hand side ends in a simple command that has standard output redirected has been fixed.
- A bug in hexfloat assignments when the right hand side is a string variable starting with 0x has been fixed.
- A bug in the expansion of ${$1+"$@"} which causes the last positional parameter to disappear when it is empty has been fixed.
- A number of changes were made to reduce the startup time.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 16 2010 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20101212-1
- ksh updated to 2010-12-12
--------------------------------------------------------------------------------
================================================================================
libspatialite-2.4.0-0.5.RC4.fc14 (FEDORA-2010-19027)
Enables SQLite to support spatial data
--------------------------------------------------------------------------------
Update Information:
This build doesn't utilize geocallbacks, since it requires SQLite 3.7.3.
--------------------------------------------------------------------------------
================================================================================
libwmf-0.2.8.4-27.fc14 (FEDORA-2010-19033)
Windows MetaFile Library
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 6 2010 CaolÃn McNamara <caolanm@xxxxxxxxxx> - 0.2.8.4-27
- Resolves: rhbz#660161 security issues
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #660161 - Embeds vulnerable version of gd prone to many CVEs
https://bugzilla.redhat.com/show_bug.cgi?id=660161
--------------------------------------------------------------------------------
================================================================================
man-pages-zh-CN-1.5.1-3.fc14 (FEDORA-2010-19020)
Chinese Man Pages from Chinese Man Pages Project
--------------------------------------------------------------------------------
Update Information:
Initial package for manpages-zh
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #661193 - Review Request: man-pages-zh-CN - Chinese man pages
https://bugzilla.redhat.com/show_bug.cgi?id=661193
--------------------------------------------------------------------------------
================================================================================
mingw32-cairo-1.10.0-2.fc14 (FEDORA-2010-19026)
MinGW Windows Cairo library
--------------------------------------------------------------------------------
Update Information:
- fix libpng link error
- ensure versions match the native packages
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 7 2010 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 1.10.0-2
- Rebuild in order to have soft dependency on libintl
* Fri Sep 24 2010 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 1.10.0-1
- Update to 1.10.0
- Added the GObject library
- Fixed a small rpmlint warning
--------------------------------------------------------------------------------
================================================================================
mingw32-cairomm-1.9.2-1.fc14 (FEDORA-2010-19026)
MinGW Windows C++ API for the cairo graphics library
--------------------------------------------------------------------------------
Update Information:
- fix libpng link error
- ensure versions match the native packages
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 6 2010 Thomas Sailer <t.sailer@xxxxxxxxxxxxxx> - 1.9.2-1
- update to 1.9.2 to match native
--------------------------------------------------------------------------------
================================================================================
partimage-0.6.9-1.fc14 (FEDORA-2010-19038)
Partition imaging utility, much like Ghost
--------------------------------------------------------------------------------
Update Information:
Updated to latest 0.6.9 version.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 5 2010 Paulo Roma <roma@xxxxxxxxxxx> - 0.6.9-1
- Updated to 0.6.9.
- Fixed user creation.
- Removed gcc4 patch.
- No more deleting partimag user upon package removal.
--------------------------------------------------------------------------------
================================================================================
perl-Object-Pluggable-1.29-1.fc14 (FEDORA-2010-19023)
Base class for creating plugin-enabled objects
--------------------------------------------------------------------------------
Update Information:
Description: Object::Pluggable is a base class for creating plugin enabled objects. It is a generic port of POE::Component::IRC's plugin system.
Details: http://search.cpan.org/~hinrik/Object-Pluggable-1.29/lib/Object/Pluggable.pm
--------------------------------------------------------------------------------
================================================================================
workrave-1.9.3-1.fc14 (FEDORA-2010-19029)
Program that assists in the recovery and prevention of RSI
--------------------------------------------------------------------------------
Update Information:
New upstream release that brings usability and stability improvements.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Tomas Mraz <tmraz@xxxxxxxxxx> - 1.9.3-1
- new upstream release with bug fixes and usability improvements
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
