The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13
https://admin.fedoraproject.org/updates/php-5.3.5-1.fc13,maniadrive-1.2-26.fc13.1,php-eaccelerator-0.9.6.1-4.fc13,maniadrive-data-1.2-5.fc13
https://admin.fedoraproject.org/updates/perl-Convert-UUlib-1.34-1.fc13
https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2
https://admin.fedoraproject.org/updates/wordpress-2.8.6-4.fc13
https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-3.fc13
https://admin.fedoraproject.org/updates/dpkg-1.15.5.6-6.fc13
https://admin.fedoraproject.org/updates/sssd-1.3.0-40.fc13
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
https://admin.fedoraproject.org/updates/mod_auth_mysql-3.0.0-12.fc13
https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.fc13
https://admin.fedoraproject.org/updates/wireshark-1.2.14-1.fc13
https://admin.fedoraproject.org/updates/sudo-1.7.4p5-1.fc13
https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.112-2.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/sudo-1.7.4p5-1.fc13
https://admin.fedoraproject.org/updates/elfutils-0.151-1.fc13
https://admin.fedoraproject.org/updates/util-linux-ng-2.17.2-10.fc13
https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-3.fc13
https://admin.fedoraproject.org/updates/attr-2.4.44-4.fc13
https://admin.fedoraproject.org/updates/livecd-tools-13.1-1.fc13
https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-80.fc13
https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
The following builds have been pushed to Fedora 13 updates-testing
anki-1.2.2-1.fc13
chm2pdf-0.9.1-8.fc13
clustershell-1.4-1.fc13
ghc-text-0.10.0.0-1.fc13
gpodder-2.12-1.fc13
gthumb-2.12.2-1.fc13
ldc-0.9.2-30.20110115hg1832.fc13
libgpod-0.8.0-3.fc13
mathomatic-15.4.0-1.fc13
perl-Locale-Maketext-Lexicon-0.84-1.fc13
perl-Mail-GnuPG-0.16-1.fc13
python-mygpoclient-1.5-1.fc13
python-pymtp-0.0.4-1.fc13
rabbitmq-server-2.2.0-1.fc13
rubygem-boxgrinder-build-fedora-os-plugin-0.0.6-1.fc13
sudo-1.7.4p5-1.fc13
uprof-0.3-0.1.20110115gita6832f7a.fc13
wireshark-1.2.14-1.fc13
Details about builds:
================================================================================
anki-1.2.2-1.fc13 (FEDORA-2011-0462)
Flashcard program for using space repetition learning
--------------------------------------------------------------------------------
Update Information:
* update to new upstream version 1.2.2
* full changelog: http://www.ankisrs.net/changes.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 14 2011 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 1.2.2-1
- Update to new upstream version 1.2.2 (BZ 665163)
* Tue Dec 14 2010 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 1.1.10-1
- Update to new upstream version 1.1.10 (BZ 655939)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #665163 - anki-1.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=665163
--------------------------------------------------------------------------------
================================================================================
chm2pdf-0.9.1-8.fc13 (FEDORA-2011-0467)
A tool to convert CHM files to PDF files
--------------------------------------------------------------------------------
Update Information:
This update fixes security bugs #474455 and #474457. The security issue is about unsafe use of fixed temporary directories by chm2pdf.
This update will break --dontextract option. The option will not be shown in the list of available options.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 9 2011 Lakshmi Narasimhan T V <lakshminaras2002@xxxxxxxxx> - 0.9.1-8
- Applied patch to fix use of fixed temporary directories. Fixes bugs 474455,474457
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #474455 - CVE-2008-5298 chm2pdf insecure temporary file use
https://bugzilla.redhat.com/show_bug.cgi?id=474455
[ 2 ] Bug #474457 - CVE-2008-5299 chm2pdf insecure temporary file symlink flaw
https://bugzilla.redhat.com/show_bug.cgi?id=474457
--------------------------------------------------------------------------------
================================================================================
clustershell-1.4-1.fc13 (FEDORA-2011-0469)
Python framework for efficient cluster administration
--------------------------------------------------------------------------------
Update Information:
* performance improvements on large cluster
* several new minor features
* CLI tools code rewrite
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 15 2011 Stephane Thiell <stephane.thiell@xxxxxx> 1.4-1
- update to 1.4
--------------------------------------------------------------------------------
================================================================================
ghc-text-0.10.0.0-1.fc13 (FEDORA-2011-0459)
Haskell text library
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 1 2010 Jens Petersen <petersen@xxxxxxxxxx> - 0.10.0.0-1
- update to 0.10.0.0
- README renamed to README.markdown
--------------------------------------------------------------------------------
================================================================================
gpodder-2.12-1.fc13 (FEDORA-2011-0480)
Podcast receiver/catcher written in Python
--------------------------------------------------------------------------------
Update Information:
This update includes the newest versions of gPodder and mygpoclient as well as pymtp, which is now required by gPodder for MTP device support.
Some of the most important changes in gPodder for Fedora users include:
* Fix YouTube downloads
* Add support for the widescreen fmt_id 18 YouTube format
* Add support for file:// URLs for local feeds
* Clean and bling up the CLI interface
* Download list: Display filesize in progress bar
* Fix issue with opening OPML files
* Fix Soundcloud download URLs
* Sort the episode list by title, size and date
* Per-podcast pause subscription feature
For a full list of changes, refer to http://gpodder.org/oldnews.html
Mygpoclient 1.5 is a bugfix release, for more information, refer to http://thp.io/2010/mygpoclient/
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 15 2011 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 2.12-1
- New upstream release
- Add patch to fix exception handling in the 'gpo' command line utility
(rhbz #668284, gPodder #1264)
- Add patch to fix youtube search (Maemo #11756)
- Require python-pymtp for MTP support
* Mon Dec 20 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 2.11-1
- New upstream release
* Sat Dec 18 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 2.10-1
- New upstream release
* Tue Oct 12 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 2.9-1
- New upstream release
- Remove unneeded patch
- Add patch to use systemwide pymtp and remove bundled pymtp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #668284 - [abrt] gpodder-2.8-2.fc14: feedcore.py:156:_check_offline:Offline
https://bugzilla.redhat.com/show_bug.cgi?id=668284
[ 2 ] Bug #628230 - Unable to sync to mtp device; missing dependencies pymtp and pymad
https://bugzilla.redhat.com/show_bug.cgi?id=628230
--------------------------------------------------------------------------------
================================================================================
gthumb-2.12.2-1.fc13 (FEDORA-2011-0475)
Image viewer, editor, organizer
--------------------------------------------------------------------------------
Update Information:
* new bugfix upstream release 2.12.2
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 15 2011 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 2.12.2-1
- Update to 2.12.2 (#669612)
- Drop 3 upstreamed patches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #669612 - gthumb-2.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=669612
--------------------------------------------------------------------------------
================================================================================
ldc-0.9.2-30.20110115hg1832.fc13 (FEDORA-2011-0463)
A compiler for the D programming language
--------------------------------------------------------------------------------
Update Information:
this new revision allow build gtkd without use hack
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 16 2011 Jonathan MERCIER <bioinfornatics at gmail.com> 0.9.2-30.20110115hg1832
update to latest revision 1832
* Fri Jan 7 2011 Jonathan MERCIER <bioinfornatics at gmail.com> 0.9.2-29.20110110hg1828
update to latest revision 1828
* Fri Jan 7 2011 Jonathan MERCIER <bioinfornatics at gmail.com> 0.9.2-28.20110105hg1812
update to latest revision 1812
* Wed Jan 5 2011 Jonathan MERCIER <bioinfornatics at gmail.com> 0.9.2-27.20110102hg1705
- update to latest revision 1705
--------------------------------------------------------------------------------
================================================================================
libgpod-0.8.0-3.fc13 (FEDORA-2011-0451)
Library to access the contents of an iPod
--------------------------------------------------------------------------------
Update Information:
* fix mono bindings on 32 bit systems
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 8 2011 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 0.8.0-3
- Change patch to fix 32 bit issues in the mono bindings
(Itdb_Track data structure contained wrong values on x86 systems)
* Wed Oct 20 2010 Nathaniel McCallum <nathaniel@xxxxxxxxxxxxxxxx> - 0.8.0-2
- Add patch to fix 32 bit issues in the mono bindings
--------------------------------------------------------------------------------
================================================================================
mathomatic-15.4.0-1.fc13 (FEDORA-2011-0446)
Small, portable symbolic math program
--------------------------------------------------------------------------------
Update Information:
Add the rmath tool and update to latest upstream release mathomatic 15.4.0.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2011 Terje Rosten <terje.rosten@xxxxxxx> - 15.4.0-1
- 15.4.0
- Add rmath (#661410)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #661410 - Add rmath to the package
https://bugzilla.redhat.com/show_bug.cgi?id=661410
--------------------------------------------------------------------------------
================================================================================
perl-Locale-Maketext-Lexicon-0.84-1.fc13 (FEDORA-2011-0491)
Extract translatable strings from source
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2011 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.84-1
- Upstream update.
- Replace custom filters with perl_default_filter.
--------------------------------------------------------------------------------
================================================================================
perl-Mail-GnuPG-0.16-1.fc13 (FEDORA-2011-0458)
Process email with GPG
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2011 Ralf CorsÃpius < corsepiu@xxxxxxxxxxxxxxxxx> - 0.16-1
- Upstream update.
- Reflect upstream Source0-URL having changed.
- Reflect upstream having changed to Module::Build.
--------------------------------------------------------------------------------
================================================================================
python-mygpoclient-1.5-1.fc13 (FEDORA-2011-0480)
Python module to connect to the my.gpodder.org webservice
--------------------------------------------------------------------------------
Update Information:
This update includes the newest versions of gPodder and mygpoclient as well as pymtp, which is now required by gPodder for MTP device support.
Some of the most important changes in gPodder for Fedora users include:
* Fix YouTube downloads
* Add support for the widescreen fmt_id 18 YouTube format
* Add support for file:// URLs for local feeds
* Clean and bling up the CLI interface
* Download list: Display filesize in progress bar
* Fix issue with opening OPML files
* Fix Soundcloud download URLs
* Sort the episode list by title, size and date
* Per-podcast pause subscription feature
For a full list of changes, refer to http://gpodder.org/oldnews.html
Mygpoclient 1.5 is a bugfix release, for more information, refer to http://thp.io/2010/mygpoclient/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 12 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.5-1
- New upstream release
* Thu Jul 22 2010 David Malcolm <dmalcolm@xxxxxxxxxx> - 1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #668284 - [abrt] gpodder-2.8-2.fc14: feedcore.py:156:_check_offline:Offline
https://bugzilla.redhat.com/show_bug.cgi?id=668284
[ 2 ] Bug #628230 - Unable to sync to mtp device; missing dependencies pymtp and pymad
https://bugzilla.redhat.com/show_bug.cgi?id=628230
--------------------------------------------------------------------------------
================================================================================
python-pymtp-0.0.4-1.fc13 (FEDORA-2011-0480)
A Pythonic wrapper around libmtp
--------------------------------------------------------------------------------
Update Information:
This update includes the newest versions of gPodder and mygpoclient as well as pymtp, which is now required by gPodder for MTP device support.
Some of the most important changes in gPodder for Fedora users include:
* Fix YouTube downloads
* Add support for the widescreen fmt_id 18 YouTube format
* Add support for file:// URLs for local feeds
* Clean and bling up the CLI interface
* Download list: Display filesize in progress bar
* Fix issue with opening OPML files
* Fix Soundcloud download URLs
* Sort the episode list by title, size and date
* Per-podcast pause subscription feature
For a full list of changes, refer to http://gpodder.org/oldnews.html
Mygpoclient 1.5 is a bugfix release, for more information, refer to http://thp.io/2010/mygpoclient/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #668284 - [abrt] gpodder-2.8-2.fc14: feedcore.py:156:_check_offline:Offline
https://bugzilla.redhat.com/show_bug.cgi?id=668284
[ 2 ] Bug #628230 - Unable to sync to mtp device; missing dependencies pymtp and pymad
https://bugzilla.redhat.com/show_bug.cgi?id=628230
--------------------------------------------------------------------------------
================================================================================
rabbitmq-server-2.2.0-1.fc13 (FEDORA-2011-0486)
The RabbitMQ server
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 15 2011 Hubert Plociniczak <hubert.plociniczak@xxxxxxxxx> 2.2.0-1
- New Upstream Release
--------------------------------------------------------------------------------
================================================================================
rubygem-boxgrinder-build-fedora-os-plugin-0.0.6-1.fc13 (FEDORA-2011-0490)
Fedora Operating System Plugin
--------------------------------------------------------------------------------
Update Information:
* [BGBUILD-117] Remove Fedora 11 and 12 support
* [BGBUILD-113] Allow to specify supported file formats for operating system plugin
* [BGBUILD-73] Add support for kickstart files
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 12 2010 <mgoldman@xxxxxxxxxx> - 0.0.6-1
- Updated to upstream version: 0.0.6
- [BGBUILD-113] Allow to specify supported file formats for operating system plugin
- [BGBUILD-73] Add support for kickstart files
- [BGBUILD-117] Remove Fedora 11 and 12 support
--------------------------------------------------------------------------------
================================================================================
sudo-1.7.4p5-1.fc13 (FEDORA-2011-0455)
Allows restricted root access for specified users
--------------------------------------------------------------------------------
Update Information:
- rebase to 1.7.4p5
- fixed sudo-1.7.4p4-getgrouplist.patch
- fixes CVE-2011-0008, CVE-2011-0010
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2011 Daniel Kopecek <dkopecek@xxxxxxxxxx> - 1.7.4p5-1
- rebase to 1.7.4p5
- fixed sudo-1.7.4p4-getgrouplist.patch
- fixes CVE-2011-0008, CVE-2011-0010
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #668843 - CVE-2011-0008 sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediff
https://bugzilla.redhat.com/show_bug.cgi?id=668843
[ 2 ] Bug #668879 - CVE-2011-0010 sudo: does not ask for password on GID changes
https://bugzilla.redhat.com/show_bug.cgi?id=668879
--------------------------------------------------------------------------------
================================================================================
uprof-0.3-0.1.20110115gita6832f7a.fc13 (FEDORA-2011-0474)
Profiling toolkit
--------------------------------------------------------------------------------
Update Information:
New upstream version, adds an ncurses tool which allows live viewing of the results.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 15 2011 Adel Gadllah <adel.gadllah@xxxxxxxxx> - 0.3-0.1.20110115gita6832f7a
- Update to 0.3
--------------------------------------------------------------------------------
================================================================================
wireshark-1.2.14-1.fc13 (FEDORA-2011-0460)
Network traffic analyzer
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2011 Jan Safranek <jsafrane@xxxxxxxxxx> - 1.2.14-1
- upgrade to 1.2.14
- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.14.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #669441 - CVE-2011-0444 wireshark: buffer overflow in MAC-LTE disector (upstream bug #5530)
https://bugzilla.redhat.com/show_bug.cgi?id=669441
[ 2 ] Bug #669443 - CVE-2011-0445 wireshark: DoS via crafted packets to ASN.1 BER dissector (upstream bug #5537)
https://bugzilla.redhat.com/show_bug.cgi?id=669443
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
