The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13
https://admin.fedoraproject.org/updates/php-5.3.5-1.fc13,maniadrive-1.2-26.fc13.1,php-eaccelerator-0.9.6.1-4.fc13,maniadrive-data-1.2-5.fc13
https://admin.fedoraproject.org/updates/perl-Convert-UUlib-1.34-1.fc13
https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2
https://admin.fedoraproject.org/updates/wordpress-2.8.6-4.fc13
https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-3.fc13
https://admin.fedoraproject.org/updates/dpkg-1.15.5.6-6.fc13
https://admin.fedoraproject.org/updates/sssd-1.3.0-40.fc13
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
https://admin.fedoraproject.org/updates/mod_auth_mysql-3.0.0-12.fc13
https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.112-2.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/util-linux-ng-2.17.2-10.fc13
https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-3.fc13
https://admin.fedoraproject.org/updates/attr-2.4.44-4.fc13
https://admin.fedoraproject.org/updates/livecd-tools-13.1-1.fc13
https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-80.fc13
https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
The following builds have been pushed to Fedora 13 updates-testing
dpkg-1.15.5.6-6.fc13
freemind-0.9.0-0.8.rc14.fc13
jss-4.2.6-12.fc13
maniadrive-1.2-26.fc13.1
maniadrive-data-1.2-5.fc13
mc-4.7.5-1.fc13
openscada-0.7.0.1-5.fc13
php-5.3.5-1.fc13
php-eaccelerator-0.9.6.1-4.fc13
rubygem-aws-2.3.34-1.fc13
springlobby-0.120-1.fc13
sssd-1.3.0-40.fc13
uim-1.6.1-1.fc13
util-linux-ng-2.17.2-10.fc13
wordpress-mu-2.9.2-3.fc13
xqc-1.0-0.2.20101120svn7.fc13
Details about builds:
================================================================================
dpkg-1.15.5.6-6.fc13 (FEDORA-2011-0345)
Package maintenance system for Debian Linux
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2010-1679
Fix CVE-2011-0402
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 12 2011 Andrew Colin Kissa <andrew@xxxxxxxxxxxxx> - 1.15.5.6-6
- Fix CVE-2010-1679
- Fix CVE-2011-0402
* Sun Oct 17 2010 Jeroen van Meeuwen <kanarip@xxxxxxxxxxx> - 1.15.5.6-5
- Apply minimal fix for rhbz #642160
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #668922 - CVE-2010-1679 dpkg: directory traversal flaw allows for arbitrary file creation
https://bugzilla.redhat.com/show_bug.cgi?id=668922
[ 2 ] Bug #668930 - CVE-2011-0402 dpkg: arbitrary file modification via symlink attack
https://bugzilla.redhat.com/show_bug.cgi?id=668930
--------------------------------------------------------------------------------
================================================================================
freemind-0.9.0-0.8.rc14.fc13 (FEDORA-2011-0361)
Free mind mapping software
--------------------------------------------------------------------------------
Update Information:
update to recent upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 12 2011 Johannes Lips <Johannes.Lips googlemail com> 0.9.0-0.8.rc14
- update to recent upstream version
--------------------------------------------------------------------------------
================================================================================
jss-4.2.6-12.fc13 (FEDORA-2011-0336)
Java Security Services (JSS)
--------------------------------------------------------------------------------
Update Information:
fix to missing patch line in spec file
Incorrect socket accept error message due to bad pointer arithmetic
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 11 2011 Kevin Wright <kwright@xxxxxxxxxx> - 4.2.6-12
- added missing patch line
* Tue Dec 21 2010 Christina Fu <cfu@xxxxxxxxxx> - 4.2.6-11
- bug 654657 - <jdennis@xxxxxxxxxx>
Incorrect socket accept error message due to bad pointer arithmetic
- bug 661142 - <cfu@xxxxxxxxxx>
Verification should fail when a revoked certificate is added
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654657 - Incorrect socket accept error message due to bad pointer arithmetic
https://bugzilla.redhat.com/show_bug.cgi?id=654657
--------------------------------------------------------------------------------
================================================================================
maniadrive-1.2-26.fc13.1 (FEDORA-2011-0321)
3D stunt driving game
--------------------------------------------------------------------------------
Update Information:
This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 11 2011 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 1.2-26.1
- rebuild
* Tue Jan 11 2011 Hans de Goede <hdegoede@xxxxxxxxxx> 1.2-26
- Fix story mode not working with php >= 5.3.5 (rhbz#668657)
* Sun Jan 9 2011 Hans de Goede <hdegoede@xxxxxxxxxx> 1.2-25
- Fix a crash when pressing 't', which enables the drawing of ode
wire frames (rhbz#657353)
* Sat Jan 8 2011 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 1.2-24
- Rebuild for new php 5.3.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
https://bugzilla.redhat.com/show_bug.cgi?id=667806
--------------------------------------------------------------------------------
================================================================================
maniadrive-data-1.2-5.fc13 (FEDORA-2011-0321)
Data files for maniadrive, a 3D stunt driving game
--------------------------------------------------------------------------------
Update Information:
This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 11 2011 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.2-5
- Fix story mode not working with php >= 5.3.5 (rhbz#668657)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
https://bugzilla.redhat.com/show_bug.cgi?id=667806
--------------------------------------------------------------------------------
================================================================================
mc-4.7.5-1.fc13 (FEDORA-2011-0357)
User-friendly text console file manager and visual shell
--------------------------------------------------------------------------------
Update Information:
updates mc to 4.7.5
Fixes possible VFS and file GUI crashes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 12 2011 Jindrich Novy <jnovy@xxxxxxxxxx> 4.7.5-1
- update to mc-4.7.5
- drop globfix, filegui and vfscrash patches - applied upstream
- update mcviewsegfault patch
* Tue Dec 14 2010 Jindrich Novy <jnovy@xxxxxxxxxx> 4.7.4-4
- make cons.saver not suid root, it is no more needed (#640365)
* Thu Dec 9 2010 Jindrich Novy <jnovy@xxxxxxxxxx> 4.7.4-3
- fix crash in progress bar handling (#643256)
- fix crash in opening mc VFS (#661290, #588795, #653156)
- fix crash while creating a VFS timestamp (#660308)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #588795 - [abrt] crash in mc-1:4.7.1-2.fc13: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=588795
[ 2 ] Bug #643256 - mc crashes on SIGSEV when had copy multiple files
https://bugzilla.redhat.com/show_bug.cgi?id=643256
[ 3 ] Bug #660308 - [abrt] mc-1:4.7.4-2.fc14: vfs_stamp_create: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=660308
[ 4 ] Bug #640365 - warning: user vcsa does not exist - using root
https://bugzilla.redhat.com/show_bug.cgi?id=640365
--------------------------------------------------------------------------------
================================================================================
openscada-0.7.0.1-5.fc13 (FEDORA-2011-0353)
Open SCADA system project
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 11 2011 Aleksey Popkov <aleksey@xxxxxxxxxx> - 0.7.0.1-5
- Moved files of messages from main package to the self package
- Fixed macros errors
- Fixed of error in oscada.init.patch file
- Fixed somes of spelling-error.
* Tue Jan 4 2011 Aleksey Popkov <aleksey@xxxxxxxxxx> - 0.7.0.1-4
- My mistake fixing. Sorry!
--------------------------------------------------------------------------------
================================================================================
php-5.3.5-1.fc13 (FEDORA-2011-0321)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 7 2011 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 5.3.5-1
- update to 5.3.5
http://www.php.net/ChangeLog-5.php#5.3.5
- clean duplicate configure options
- remove all RPM_SOURCE_DIR
- use mysql_config in libdir directly to avoid biarch build failures
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
https://bugzilla.redhat.com/show_bug.cgi?id=667806
--------------------------------------------------------------------------------
================================================================================
php-eaccelerator-0.9.6.1-4.fc13 (FEDORA-2011-0321)
PHP accelerator, optimizer, encoder and dynamic content cacher
--------------------------------------------------------------------------------
Update Information:
This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 8 2011 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> - 1:0.9.6.1-4
- rebuild against PHP 5.3.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
https://bugzilla.redhat.com/show_bug.cgi?id=667806
--------------------------------------------------------------------------------
================================================================================
rubygem-aws-2.3.34-1.fc13 (FEDORA-2011-0363)
Ruby gem for all Amazon Web Services
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 10 2011 Michal Fojtik <mfojtik@xxxxxxxxxx> - 2.3.34-1
- Version bump
* Tue Nov 23 2010 Michal Fojtik <mfojtik@xxxxxxxxxx> - 2.3.26-1
- Replaced right_http_connection with http_connection
- Version bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #668955 - Update rubygem-aws to 2.3.34
https://bugzilla.redhat.com/show_bug.cgi?id=668955
--------------------------------------------------------------------------------
================================================================================
springlobby-0.120-1.fc13 (FEDORA-2011-0340)
A lobby client for the spring RTS game engine
--------------------------------------------------------------------------------
Update Information:
- New upgrade release.
- BT download fixed (again).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 11 2011 Gilboa Davara <gilboad [at] gmail [dot] com> - 0.120-1
- BT download broken by new spring release.
--------------------------------------------------------------------------------
================================================================================
sssd-1.3.0-40.fc13 (FEDORA-2011-0337)
System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:
Addresses low-priority CVE-2010-4341: DoS in sssd PAM responder can prevent logins
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 12 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.3.0-40
- Bump release to rebuild with patch in source-control
* Tue Jan 11 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.3.0-39
- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins
https://bugzilla.redhat.com/show_bug.cgi?id=661163
--------------------------------------------------------------------------------
================================================================================
uim-1.6.1-1.fc13 (FEDORA-2011-0355)
A multilingual input method library
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 12 2011 Akira TAGOH <tagoh@xxxxxxxxxx> - 1.6.1-1
- New upstream release.
--------------------------------------------------------------------------------
================================================================================
util-linux-ng-2.17.2-10.fc13 (FEDORA-2011-0342)
A collection of basic system utilities
--------------------------------------------------------------------------------
Update Information:
improve libblkid RAIDs detection
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 12 2011 Karel Zak <kzak@xxxxxxxxxx> 2.17.2-10
- improve libblkid RAIDs detection (#543749)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #543749 - After upgrade from Fedora 11, RAID-1 mdraid assembles incorrectly
https://bugzilla.redhat.com/show_bug.cgi?id=543749
--------------------------------------------------------------------------------
================================================================================
wordpress-mu-2.9.2-3.fc13 (FEDORA-2011-0352)
WordPress-MU multi-user blogging software
--------------------------------------------------------------------------------
Update Information:
Security fixes for BZ 668192.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 11 2011 Jon Ciesla <limb@xxxxxxxxxxxx> - 2.9.2-3
- Patches for security flaws, BZ 668192.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #668192 - Wordpress: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=668192
--------------------------------------------------------------------------------
================================================================================
xqc-1.0-0.2.20101120svn7.fc13 (FEDORA-2011-0365)
C/C++ API for interfacing with XQuery processors
--------------------------------------------------------------------------------
Update Information:
The goal of the XQC project is to create standardized C/C++ APIs for interfacing with XQuery processors. They provide mechanisms to compile and execute XQueries, manage contexts, and provide a basic interface for the XQuery Data Model.
This package contains the C header file and corresponding API documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #655866 - Review Request: xqc - C/C++ API for interfacing with XQuery processors
https://bugzilla.redhat.com/show_bug.cgi?id=655866
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
