Fedora 13 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
    https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13
    https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
    https://admin.fedoraproject.org/updates/mod_auth_mysql-3.0.0-12.fc13
    https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.fc13
    https://admin.fedoraproject.org/updates/wireshark-1.2.14-1.fc13
    https://admin.fedoraproject.org/updates/hplip-3.10.9-14.fc13
    https://admin.fedoraproject.org/updates/myproxy-5.3-1.fc13
    https://admin.fedoraproject.org/updates/proftpd-1.3.3d-1.fc13
    https://admin.fedoraproject.org/updates/perl-CGI-3.51-1.fc13
    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
    https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.113-1.fc13


The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/procps-3.2.8-8.fc13
    https://admin.fedoraproject.org/updates/elfutils-0.151-1.fc13
    https://admin.fedoraproject.org/updates/util-linux-ng-2.17.2-10.fc13
    https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2
    https://admin.fedoraproject.org/updates/livecd-tools-13.1-1.fc13
    https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-80.fc13
    https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
    https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
    https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
    https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13


The following builds have been pushed to Fedora 13 updates-testing

    cambozola-0.92-2.fc13
    cyrus-imapd-2.3.16-4.fc13
    dolphin-connector-1.0-4.fc13
    graphviz-2.26.3-1.fc13
    perl-CGI-3.51-1.fc13
    perl-CGI-Simple-1.113-1.fc13
    perl-Class-Autouse-2.00-1.fc13
    perl-Mail-MboxParser-0.55-2.fc13
    perl-String-Similarity-1.04-2.fc13
    publican-jboss-2.4-1.fc13
    publican-redhat-2.7-1.fc13
    rsibreak-0.11-1.fc13
    smstools-3.1.5-5.fc13
    system-config-printer-1.2.6-3.fc13
    systemtap-1.4-2.fc13
    tor-0.2.1.29-1300.fc13
    xscreensaver-5.12-12.fc13

Details about builds:


================================================================================
 cambozola-0.92-2.fc13 (FEDORA-2011-0658)
 A viewer for multipart jpeg streams
--------------------------------------------------------------------------------
Update Information:

First release of a viewer for multipart jpeg streams
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #655496 - Review Request: cambozola - A viewer for multipart jpeg streams
        https://bugzilla.redhat.com/show_bug.cgi?id=655496
--------------------------------------------------------------------------------


================================================================================
 cyrus-imapd-2.3.16-4.fc13 (FEDORA-2011-0647)
 A high-performance mail server with IMAP, POP3, NNTP and SIEVE support
--------------------------------------------------------------------------------
Update Information:

- don't force sync io for all filesystems

This only prevents from setting sync io, it does not unset it. So if you have to unset it manually if you use different fs than ext2 for /var :

chattr -R -S /var/lib/imap/{user,quota} /var/spool/imap
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 21 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.3.16-4
- don't force sync io for all filesystems
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #665309 - cyrus imapd performance low after upgrade from fedora 12
        https://bugzilla.redhat.com/show_bug.cgi?id=665309
--------------------------------------------------------------------------------


================================================================================
 dolphin-connector-1.0-4.fc13 (FEDORA-2011-0646)
 Simple MySQL C API wrapper for C++
--------------------------------------------------------------------------------
Update Information:

Dolphin Connector is a simple MySQL C API wrapper for C++.
It is originally designed to be as efficient as is possible,
and makes no use of exceptions.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #668863 - Review Request: dolphin-connector - Simple MySQL C API wrapper for C++
        https://bugzilla.redhat.com/show_bug.cgi?id=668863
--------------------------------------------------------------------------------


================================================================================
 graphviz-2.26.3-1.fc13 (FEDORA-2011-0659)
 Graph Visualization Tools
--------------------------------------------------------------------------------
Update Information:

This is a new version of graphviz package that fixes several bugs. For full list of bugs fixed by upstream please see ChangeLog in source package.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  6 2011 Jaroslav Åkarvada <jskarvad@xxxxxxxxxx> - 2.26.3-1
- New version (#580017)
- Fixed gtk plugin program-name (#640671, gtk-progname patch)
- Fixed broken links in doc index (#642536, doc-index-fix patch)
- Fixed SIGSEGVs on testsuite (#645703, testsuite-sigsegv-fix patch)
- Testsuite now do diff check also in case of err output (#645703,
  rtest-errout-fix patch)
- Testsuite enabled on all arches (#645703)
- Added urw-fonts to BuildRequires
- Compiled with -fno-strict-aliasing
- Fixed rpmlint warnings on spec file
- Removed unused patches
* Wed Mar 24 2010 Josh Boyer <jwboyer@xxxxxxxxx> 2.26.0-3
- Backport patch from upstream graphviz to fix broken powerpc-darwin workaround
  that prevented this from building on ppc64 (#569454)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #580017 - graphviz-2.26.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=580017
  [ 2 ] Bug #640671 - Missing program name in DotEdit: Help -> About
        https://bugzilla.redhat.com/show_bug.cgi?id=640671
  [ 3 ] Bug #642536 - Broken links in HTML documentation
        https://bugzilla.redhat.com/show_bug.cgi?id=642536
  [ 4 ] Bug #645703 - Enable and fix testsuite in graphviz
        https://bugzilla.redhat.com/show_bug.cgi?id=645703
  [ 5 ] Bug #507982 - Doxygen causes slightly different images on i386 and x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=507982
--------------------------------------------------------------------------------


================================================================================
 perl-CGI-3.51-1.fc13 (FEDORA-2011-0654)
 Handle Common Gateway Interface requests and responses
--------------------------------------------------------------------------------
Update Information:

Update to version 3.51, extending the fix for CVE-2010-2761.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #657950 - perl-5.12.2/CGI-3.50 security update
        https://bugzilla.redhat.com/show_bug.cgi?id=657950
--------------------------------------------------------------------------------


================================================================================
 perl-CGI-Simple-1.113-1.fc13 (FEDORA-2011-0631)
 Simple totally OO CGI interface that is CGI.pm compliant
--------------------------------------------------------------------------------
Update Information:

Update to 1.113 and apply additional patch to resolve CVE-2010-4410.

Fix boundary to use randomized value as opposed to hardcoded value.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 21 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.113-1
- Update to 1.113, apply additional patch to fully resolve CVE-2010-4411
* Wed Dec  1 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1.112-2
- patch for randomizing boundary (bz 658973)
* Mon Jul 12 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1.112-1
- update to 1.112
* Fri Apr 30 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 1.108-4
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #658976 - perl-CGI, perl-CGI-Simple: CVE-2010-2761 -- hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, CVE-2010-4410 -- CRLF injection vulnerability in the header function
        https://bugzilla.redhat.com/show_bug.cgi?id=658976
  [ 2 ] Bug #658970 - perl-CGI-Simple: CRLF injection vulnerability via a crafted URL
        https://bugzilla.redhat.com/show_bug.cgi?id=658970
--------------------------------------------------------------------------------


================================================================================
 perl-Class-Autouse-2.00-1.fc13 (FEDORA-2011-0637)
 Run-time class loading on first method call
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 21 2011 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 2.00-1
- Upstream update.
- Adjust BR:'s.
- Add %bcond_with xt_tests.
--------------------------------------------------------------------------------


================================================================================
 perl-Mail-MboxParser-0.55-2.fc13 (FEDORA-2011-0660)
 Read-only access to UNIX-mailboxes
--------------------------------------------------------------------------------
Update Information:

This package is requirement for dspam (mentioned in bug).

Details about package:
http://search.cpan.org/~vparseval/Mail-MboxParser-0.55/MboxParser.pm
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #622502 - dspam_train requires Mail::MboxParser, but it isn't listed as a dependency
        https://bugzilla.redhat.com/show_bug.cgi?id=622502
--------------------------------------------------------------------------------


================================================================================
 perl-String-Similarity-1.04-2.fc13 (FEDORA-2011-0636)
 Calculates the similarity of two strings
--------------------------------------------------------------------------------


================================================================================
 publican-jboss-2.4-1.fc13 (FEDORA-2011-0662)
 Common documentation files for JBoss
--------------------------------------------------------------------------------
Update Information:

Remove max_image_width
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 21 2011 RÃdiger Landmann <r.landmann@xxxxxxxxxx> 2.4-1
- remove max_image_width
--------------------------------------------------------------------------------


================================================================================
 publican-redhat-2.7-1.fc13 (FEDORA-2011-0649)
 Common documentation files for RedHat
--------------------------------------------------------------------------------
Update Information:

Removes max_image_width restriction
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 19 2011 RÃdiger Landmann <r.landmann@xxxxxxxxxx> 2.7-1
- correct Requires: and BuildRequires:
* Wed Jan 19 2011 RÃdiger Landmann <r.landmann@xxxxxxxxxx> 2.7-0
- rm max_image_width override per BZ#662584
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #662584 - RedHat brand restricts images to 444px
        https://bugzilla.redhat.com/show_bug.cgi?id=662584
--------------------------------------------------------------------------------


================================================================================
 rsibreak-0.11-1.fc13 (FEDORA-2011-0634)
 A small utility which bothers you at certain intervals
--------------------------------------------------------------------------------
Update Information:

Fixes a lot of bugs from older RSIBreak versions, especially working with multiple screens was completely broken, buggy screenshots from the system tray, make the timers work for Qt=>4.4, etc.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 21 2011 Tom Albers <toma@xxxxxxx> - 0.11-1
- New upstream version
--------------------------------------------------------------------------------


================================================================================
 smstools-3.1.5-5.fc13 (FEDORA-2011-0665)
 Tools to send and receive short messages through GSM modems or mobile phones
--------------------------------------------------------------------------------
Update Information:

added if clause for deciding between uucp and dialout group (BZ#605211)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 20 2011 Patrick C. F. Ernzer <smstools.spec@xxxxxxxx> 3.1.5-5
- added if clause for deciding between uucp and dialout group (BZ#605211)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #605211 - smstools missing a group membership
        https://bugzilla.redhat.com/show_bug.cgi?id=605211
--------------------------------------------------------------------------------


================================================================================
 system-config-printer-1.2.6-3.fc13 (FEDORA-2010-19111)
 A printer administration tool
--------------------------------------------------------------------------------
Update Information:

New upstream release that fixes several bugs.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 21 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> 1.2.6-3
- Fixed driver selection when there are duplicate PPDs available. (#667571)
- Grabbing focus for editing breaks it (bug #650995).
* Tue Jan 18 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> 1.2.6-2
- Allow %, ( and ) characters in dnssd URI (bug #669820).
* Mon Jan 17 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> 1.2.6-1
- 1.2.6:
  - Remove reference to current printer on exit (bug #556548).
  - Handle cups.Connection() failure in PrinterURIIndexr (bug #648014).
  - Block unwanted characters when editing queue name (bug #658550).
  - Initialise D-Bus threading in timedops module (bug #662047).
  - many other fixes
* Mon Dec 20 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1.2.5-8
- Updated pycups to 1.9.53 (bug #662805).
* Thu Dec  2 2010 Tim Waugh <twaugh@xxxxxxxxxx> - 1.2.5-7
- Grab focus on the IconView after setting it editable (bug #650995).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #650995 - [Compiz] Unable to rename printer
        https://bugzilla.redhat.com/show_bug.cgi?id=650995
  [ 2 ] Bug #662805 - [abrt] system-config-printer-1.2.5-6.fc14: PyObject_Call: Process /usr/bin/python was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=662805
  [ 3 ] Bug #648014 - [abrt] system-config-printer-1.2.4-1.fc13: jobviewer.py:125:_map_printer:RuntimeError: failed to connect to server
        https://bugzilla.redhat.com/show_bug.cgi?id=648014
  [ 4 ] Bug #658550 - Spaces in printer name get removed
        https://bugzilla.redhat.com/show_bug.cgi?id=658550
  [ 5 ] Bug #662047 - troubleshooter uses D-Bus from two threads
        https://bugzilla.redhat.com/show_bug.cgi?id=662047
  [ 6 ] Bug #667571 - Did something change my CUPS driver from Postscript to pxlmono?
        https://bugzilla.redhat.com/show_bug.cgi?id=667571
  [ 7 ] Bug #668127 - [abrt] system-config-printer-1.2.5-8.fc14: system-config-printer.py:5634:entry_changed:UnicodeDecodeError: 'utf8' codec can't decode byte 0xaa in position 52: invalid start byte
        https://bugzilla.redhat.com/show_bug.cgi?id=668127
  [ 8 ] Bug #669820 - dnssd unable to resolve URI for HP network printer
        https://bugzilla.redhat.com/show_bug.cgi?id=669820
--------------------------------------------------------------------------------


================================================================================
 systemtap-1.4-2.fc13 (FEDORA-2011-0664)
 Instrumentation System
--------------------------------------------------------------------------------
Update Information:

Updates to upstream release 1.4, plus subsequent <sys/sdt.h> fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 19 2011 Stan Cox <scox@xxxxxxxxxx> - 1.4-2
- sdt fixes
* Mon Jan 17 2011 Frank Ch. Eigler <fche@xxxxxxxxxx> - 1.4-1
- Upstream release.
* Tue Dec  7 2010 Dan HorÃk <dan[at]danny.cz> - 1.3-4
- publican now needs a versioned BR (see /usr/bin/publican for details)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #670646 - Markers using %rbx register incorrectly masked to low byte
        https://bugzilla.redhat.com/show_bug.cgi?id=670646
--------------------------------------------------------------------------------


================================================================================
 tor-0.2.1.29-1300.fc13 (FEDORA-2011-0650)
 Anonymizing overlay network for TCP (The onion router)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 17 2011 Enrico Scholz <enrico.scholz@xxxxxxxxxxxxxxxxxxxxxxxxx> - 0.2.1.29-1300
- updated to 0.2.1.29 (SECURITY)
- CVE-2011-0427: heap overflow bug, potential remote code execution
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #671259 - CVE-2011-0015 CVE-2011-0016 CVE-2011-0427 CVE-2011-0490 CVE-2011-0491 CVE-2011-0492 CVE-2011-0493 tor: multiple security flaws fixed in 0.2.1.29
        https://bugzilla.redhat.com/show_bug.cgi?id=671259
--------------------------------------------------------------------------------


================================================================================
 xscreensaver-5.12-12.fc13 (FEDORA-2011-0635)
 X screen saver and locker
--------------------------------------------------------------------------------
Update Information:

It is found that currently webcollage and vidwhacker don't show any pictures on root window. This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 21 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1:5.12-12
- Make webcollage work again (for newer gdk-pixbuf)
- Fix vidwhacker also
* Tue Jan 11 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1:5.12-10
- From F-14+ (not for F-13), kill perl dependency on -base, move
  hack related files to -extras-base (bug 668427)
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux