The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/logwatch-7.3.6-60.fc14
https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc14
https://admin.fedoraproject.org/updates/php-pear-1.9.2-1.fc14
https://admin.fedoraproject.org/updates/moodle-1.9.11-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14
https://admin.fedoraproject.org/updates/xulrunner-1.9.2.14-1.fc14,firefox-3.6.14-1.fc14,mozvoikko-1.0-18.fc14.1,gnome-web-photo-0.9-17.fc14.1,perl-Gtk2-MozEmbed-0.08-6.fc14.23,gnome-python2-extras-2.25.3-27.fc14.1,galeon-2.0.7-37.fc14.1
https://admin.fedoraproject.org/updates/mailman-2.1.13-7.fc14
https://admin.fedoraproject.org/updates/asterisk-1.6.2.17-1.fc14
https://admin.fedoraproject.org/updates/pywebdav-0.9.4.1-1.fc14
https://admin.fedoraproject.org/updates/389-admin-1.1.15-1.fc14
https://admin.fedoraproject.org/updates/TeXmacs-1.0.7.9-2.fc14
https://admin.fedoraproject.org/updates/rubygem-actionpack-2.3.8-3.fc14
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14
https://admin.fedoraproject.org/updates/moin-1.9.3-4.fc14
https://admin.fedoraproject.org/updates/exim-4.72-2.fc14
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14
https://admin.fedoraproject.org/updates/socat-1.7.1.3-1.fc14
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/libconfig-1.4.6-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14
https://admin.fedoraproject.org/updates/gdb-7.2-45.fc14
https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc14
https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14
https://admin.fedoraproject.org/updates/dmidecode-2.11-1.fc14
https://admin.fedoraproject.org/updates/libmodman-2.0.0-1.fc14
The following builds have been pushed to Fedora 14 updates-testing
389-ds-base-1.2.8-0.5.a3.fc14
R-2.12.2-1.fc14
UpTools-8.5.4-11.fc14
asterisk-1.6.2.17-1.fc14
atkmm-2.22.2-2.fc14.1
cairomm-1.9.8-1.fc14
cgnslib-2.5-5.r1.fc14
cputnik-0.2.0-4.fc14
dwarves-1.9-1.fc14
firefox-3.6.14-1.fc14
ftop-1.0-3.fc14
galeon-2.0.7-37.fc14.1
glibmm24-2.24.2-2.fc14.1
gnome-python2-extras-2.25.3-27.fc14.1
gnome-web-photo-0.9-17.fc14.1
goocanvasmm-0.15.4-2.fc14
gstreamermm-0.10.8-2.fc14.1
gtkmm24-2.22.0-2.fc14.2
libconfig-1.4.6-1.fc14
libgda-4.2.4-2.fc14
libsigc++20-2.2.8-1.fc14.1
libxml++-2.33.2-1.fc14
mozvoikko-1.0-18.fc14.1
openldap-2.4.23-9.fc14
perl-Digest-JHash-0.07-1.fc14
perl-Gtk2-MozEmbed-0.08-6.fc14.23
perl-Test-CheckManifest-1.22-2.fc14
pywebdav-0.9.4.1-1.fc14
rkward-0.5.4-3.fc14
rpy-2.1.9-2.fc14
rubygem-hpricot-0.8.4-1.fc14
rubygem-thin-1.2.8-3.fc14
setroubleshoot-3.0.30-1.fc14
simple-scan-2.32.0.1-1.fc14
tellico-2.3.2-1.fc14
tweepy-1.7.1-3.fc14
xulrunner-1.9.2.14-1.fc14
Details about builds:
================================================================================
389-ds-base-1.2.8-0.5.a3.fc14 (FEDORA-2011-2459)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
Split off 389-ds-base-libs to solve multilib issues
1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3
see bugs for a list of bugs fixed
This is the 1.2.8 alpha 2 release - many bug fixes
389-ds-base 1.2.8 alpha 1
contains many bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 28 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.8-0.5.a3
- Bug 676598 - 389-ds-base multilib: file conflicts
- split off libs into a separate -libs package
* Thu Feb 24 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.8-0.4.a3
- do not create /var/run/dirsrv - setup will create it instead
- remove the fedora-ds initscript upgrade stuff - we do not support that anymore
- convert the remaining lua stuff to plain old shell script
* Wed Feb 9 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.8-0.3.a3
- 1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3
- Bug 675320 - empty modify operation with repl on or lastmod off will crash server
- Bug 675265 - preventryusn gets added to entries on a failed delete
- Bug 677774 - added support for tmpfiles.d
- Bug 666076 - dirsrv crash (1.2.7.5) with multiple simple paged result search
es
- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
- Bug 671199 - Don't allow other to write to rundir
- Bug 678646 - Ignore tombstone operations in managed entry plug-in
- Bug 676053 - export task followed by import task causes cache assertion
- Bug 677440 - clean up compiler warnings in 389-ds-base 1.2.8
- Bug 675113 - ns-slapd core dump in windows_tot_run if oneway sync is used
- Bug 676689 - crash while adding a new user to be synced to windows
- Bug 604881 - admin server log files have incorrect permissions/ownerships
- Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv
ice is restarted
- Bug 675853 - dirsrv crash segfault in need_new_pw()
* Thu Feb 3 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.8-0.2.a2
- 1.2.8.a2 release - git tag 389-ds-base-1.2.8.a2
- Bug 674430 - Improve error messages for attribute uniqueness
- Bug 616213 - insufficient stack size for HP-UX on PA-RISC
- Bug 615052 - intrinsics and 64-bit atomics code fails to compile
- on PA-RISC
- Bug 151705 - Need to update Console Cipher Preferences with new ciphers
- Bug 668862 - init scripts return wrong error code
- Bug 670616 - Allow SSF to be set for local (ldapi) connections
- Bug 667935 - DS pipe log script's logregex.py plugin is not redirecting the
- log output to the text file
- Bug 668619 - slapd stops responding
- Bug 624547 - attrcrypt should query the given slot/token for
- supported ciphers
- Bug 646381 - Faulty password for nsmultiplexorcredentials does not give any
- error message in logs
* Fri Jan 21 2011 Nathan Kinder <nkinder@xxxxxxxxxx> - 1.2.8-0.1.a1
- 1.2.8-0.1.a1 release - git tag 389-ds-base-1.2.8.a1
- many bug fixes
--------------------------------------------------------------------------------
================================================================================
R-2.12.2-1.fc14 (FEDORA-2011-2466)
A language for data analysis and graphics
--------------------------------------------------------------------------------
Update Information:
Update to R 2.12.2. A full list of changes in this release is here: http://cran.r-project.org/src/base/NEWS
Notably, it fixes this issue:
Complex arithmetic (notably z^n for complex z and integer n) gave
incorrect results since R 2.10.0 on platforms without C99 complex
support. This and some lesser issues in trignometric functions
have been corrected. Such platforms were rare (we know of Cygwin and FreeBSD). However, because of new compiler optimizations in the way complex arguments are handled, the same code was selected on x86_64 Linux with gcc 4.5.x at the default -O2 optimization (but not at -O).
In addition, rpy and rkward were rebuilt to use the new R. No other changes were made to these packages.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 27 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.12.2-1
- update to 2.12.2
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.12.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
UpTools-8.5.4-11.fc14 (FEDORA-2011-2454)
C++ library for HPC, networking, DB, memory, etc
--------------------------------------------------------------------------------
Update Information:
UpTools is an open source C++ development library that contains powerful classes to facilitate and accelerate modern application development. The following aspects are covered by the library: High performance computing (HPC), Load distribution and parallel processing, Multi-threading, Time and timers, Memory management, Text and strings, Database access, Networking, and others.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #673589 - Review Request: UpTools - C++ library for hpc, networking, db, memory, etc.
https://bugzilla.redhat.com/show_bug.cgi?id=673589
--------------------------------------------------------------------------------
================================================================================
asterisk-1.6.2.17-1.fc14 (FEDORA-2011-2438)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced the release of Asterisk 1.6.2.17.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.6.2.17 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Resolve duplicated data in the AstDB when using DIALGROUP()
(Closes issue #18091. Reported by bunny. Patched by tilghman)
* Correct issue where res_config_odbc could populate fields with invalid data.
(Closes issue #18251, #18279. Reported by bcnit, zerohalo. Tested by trev,
jthurman, elguero, zerohalo. Patched by tilghman)
* When using cdr_pgsql the billsec field was not populated correctly on
unanswered calls.
(Closes issue #18406. Reported by joscas. Patched by tilghman)
* Resolve issue where re-transmissions of SUBSCRIBE could break presence.
(Closes issue #18075. Reported by mdu113. Patched by twilson)
* Fix regression causing forwarding voicemails to not work with file storage.
(Closes issue #18358. Reported by cabal95. Patched by jpeeler)
* This version of Asterisk includes the new Compiler Flags option
BETTER_BACKTRACES which uses libbfd to search for better symbol information
within both the Asterisk binary, as well as loaded modules, to assist when
using inline backtraces to track down problems.
(Patched by tilghman)
* Resolve several issues with DTMF based attended transfers.
(Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
shihchaun, grecco. Patched by rmudgett).
NOTE: Be sure to read the ChangeLog for more information about these changes.
* Resolve issue where no Music On Hold may be triggered when using
res_timing_dahdi.
(Closes issues #18262. Reported by francesco_r. Patched by cjacobson. Tested
by francesco_r, rfrantik, one47)
* Fix regression that changed behavior of queues when ringing a queue member.
(Closes issue #18747, #18733. Reported by vrban. Patched by qwell.)
Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17
Asterisk Project Security Advisory - AST-2011-002
Product Asterisk
Summary Multiple array overflow and crash vulnerabilities in
UDPTL code
Nature of Advisory Exploitable Stack and Heap Array Overflows
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On January 27, 2011
Reported By Matthew Nicholson
Posted On February 21, 2011
Last Updated On February 21, 2011
Advisory Contact Matthew Nicholson <mnicholson@xxxxxxxxxx>
CVE Name
Description When decoding UDPTL packets, multiple stack and heap based
arrays can be made to overflow by specially crafted packets.
Systems doing T.38 pass through or termination are vulnerable.
Resolution The UDPTL decoding routines have been modified to respect the
limits of exploitable arrays.
In asterisk versions not containing the fix for this issue,
disabling T.38 support will prevent this vulnerability from
being exploited. T.38 support can be disabled in chan_sip by
setting the t38pt_udptl option to "no" (it is off by default).
t38pt_udptl = no
The chan_ooh323 module should also be disabled by adding the
following line in modles.conf.
noload => chan_ooh323
Affected Versions
Product Release Series
Asterisk Open Source 1.4.x All versions
Asterisk Open Source 1.6.x All versions
Asterisk Business Edition C.x.x All versions
AsteriskNOW 1.5 All versions
s800i (Asterisk Appliance) 1.2.x All versions
Corrected In
Product Release
Asterisk Open Source 1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4
Asterisk Business Edition C.3.6.3
Patches
URL Branch
http://downloads.asterisk.org/pub/security/AST-2011-002-1.4.diff 1.4
http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.1.diff 1.6.1
http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff 1.6.2
http://downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff 1.8
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-002.pdf and
http://downloads.digium.com/pub/security/AST-2011-002.html
Revision History
Date Editor Revisions Made
02/21/11 Matthew Nicholson Initial Release
Asterisk Project Security Advisory - AST-2011-002
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 <jeff@xxxxxxxxxx> - 1.6.2.17-1
- The Asterisk Development Team has announced the release of Asterisk 1.6.2.17.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.6.2.17 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Resolve duplicated data in the AstDB when using DIALGROUP()
- (Closes issue #18091. Reported by bunny. Patched by tilghman)
-
- * Correct issue where res_config_odbc could populate fields with invalid data.
- (Closes issue #18251, #18279. Reported by bcnit, zerohalo. Tested by trev,
- jthurman, elguero, zerohalo. Patched by tilghman)
-
- * When using cdr_pgsql the billsec field was not populated correctly on
- unanswered calls.
- (Closes issue #18406. Reported by joscas. Patched by tilghman)
-
- * Resolve issue where re-transmissions of SUBSCRIBE could break presence.
- (Closes issue #18075. Reported by mdu113. Patched by twilson)
-
- * Fix regression causing forwarding voicemails to not work with file storage.
- (Closes issue #18358. Reported by cabal95. Patched by jpeeler)
-
- * This version of Asterisk includes the new Compiler Flags option
- BETTER_BACKTRACES which uses libbfd to search for better symbol information
- within both the Asterisk binary, as well as loaded modules, to assist when
- using inline backtraces to track down problems.
- (Patched by tilghman)
-
- * Resolve several issues with DTMF based attended transfers.
- (Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
- shihchaun, grecco. Patched by rmudgett).
- NOTE: Be sure to read the ChangeLog for more information about these changes.
-
- * Resolve issue where no Music On Hold may be triggered when using
- res_timing_dahdi.
- (Closes issues #18262. Reported by francesco_r. Patched by cjacobson. Tested
- by francesco_r, rfrantik, one47)
-
- * Fix regression that changed behavior of queues when ringing a queue member.
- (Closes issue #18747, #18733. Reported by vrban. Patched by qwell.)
-
- Additionally, this release has the changes related to security bulletin
- AST-2011-002 which can be found at
- http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17
* Mon Feb 21 2011 <jeff@xxxxxxxxxx> - 1.6.2.16.2-1
-
- Asterisk Project Security Advisory - AST-2011-002
-
- Product Asterisk
- Summary Multiple array overflow and crash vulnerabilities in
- UDPTL code
- Nature of Advisory Exploitable Stack and Heap Array Overflows
- Susceptibility Remote Unauthenticated Sessions
- Severity Critical
- Exploits Known No
- Reported On January 27, 2011
- Reported By Matthew Nicholson
- Posted On February 21, 2011
- Last Updated On February 21, 2011
- Advisory Contact Matthew Nicholson <mnicholson@xxxxxxxxxx>
- CVE Name
-
- Description When decoding UDPTL packets, multiple stack and heap based
- arrays can be made to overflow by specially crafted packets.
- Systems doing T.38 pass through or termination are vulnerable.
-
- Resolution The UDPTL decoding routines have been modified to respect the
- limits of exploitable arrays.
-
- In asterisk versions not containing the fix for this issue,
- disabling T.38 support will prevent this vulnerability from
- being exploited. T.38 support can be disabled in chan_sip by
- setting the t38pt_udptl option to "no" (it is off by default).
-
- t38pt_udptl = no
-
- The chan_ooh323 module should also be disabled by adding the
- following line in modles.conf.
-
- noload => chan_ooh323
-
- Affected Versions
- Product Release Series
- Asterisk Open Source 1.4.x All versions
- Asterisk Open Source 1.6.x All versions
- Asterisk Business Edition C.x.x All versions
- AsteriskNOW 1.5 All versions
- s800i (Asterisk Appliance) 1.2.x All versions
-
- Corrected In
- Product Release
- Asterisk Open Source 1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4
- Asterisk Business Edition C.3.6.3
-
- Patches
- URL Branch
- http://downloads.asterisk.org/pub/security/AST-2011-002-1.4.diff 1.4
- http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.1.diff 1.6.1
- http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff 1.6.2
- http://downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff 1.8
-
- Links
-
- Asterisk Project Security Advisories are posted at
- http://www.asterisk.org/security
-
- This document may be superseded by later versions; if so, the latest
- version will be posted at
- http://downloads.digium.com/pub/security/AST-2011-002.pdf and
- http://downloads.digium.com/pub/security/AST-2011-002.html
-
- Revision History
- Date Editor Revisions Made
- 02/21/11 Matthew Nicholson Initial Release
-
- Asterisk Project Security Advisory - AST-2011-002
- Copyright (c) 2011 Digium, Inc. All Rights Reserved.
- Permission is hereby granted to distribute and publish this advisory in its
- original, unaltered form.
--------------------------------------------------------------------------------
================================================================================
atkmm-2.22.2-2.fc14.1 (FEDORA-2011-2451)
C++ interface for the ATK library
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 21 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 2.22.2-3
- Update to 2.22.2
- split doc into subpackage
- fix documentation location
- co-own /usr/share/devhelp
--------------------------------------------------------------------------------
================================================================================
cairomm-1.9.8-1.fc14 (FEDORA-2011-2451)
C++ API for the cairo graphics library
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 14 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 1.9.8-1
- upstream 1.9.8
- drop gtk-doc dependency and co-own /usr/share/doc (RHBZ #604169)
--------------------------------------------------------------------------------
================================================================================
cgnslib-2.5-5.r1.fc14 (FEDORA-2011-2452)
Computational Fluid Dynamics General Notation System
--------------------------------------------------------------------------------
Update Information:
Updated to new 2.5.5 release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 17 2011 Shakthi Kannan <shakthimaan [AT] fedoraproject DOT org> 2.5-5.r1
- Updated to 2.5-5 release.
--------------------------------------------------------------------------------
================================================================================
cputnik-0.2.0-4.fc14 (FEDORA-2011-2448)
Dockapp which displays CPU and memory usage
--------------------------------------------------------------------------------
Update Information:
Dockapp which displays cpu and memory usage.
Configuration can be changed via ~/.clay/cputnik.rc using a text editor.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680268 - Review Request: cputnik - Dockapp which displays cpu and memory usage
https://bugzilla.redhat.com/show_bug.cgi?id=680268
--------------------------------------------------------------------------------
================================================================================
dwarves-1.9-1.fc14 (FEDORA-2011-2437)
Debugging Information Manipulation Tools
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 28 2011 Arnaldo Carvalho de Melo <acme@xxxxxxxxxx> - 1.9-1
- New release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654471 - [abrt] dwarves-1.8-1.fc13: raise: Process /usr/bin/pahole was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=654471
[ 2 ] Bug #659981 - [abrt] dwarves-1.8-1.fc13: tag__delete: Process /usr/bin/pahole was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=659981
[ 3 ] Bug #564671 - FTBFS dwarves-1.8-1.fc13
https://bugzilla.redhat.com/show_bug.cgi?id=564671
--------------------------------------------------------------------------------
================================================================================
firefox-3.6.14-1.fc14 (FEDORA-2011-2444)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak@xxxxxxxxxx> - 3.6.14-1
- Update to 3.6.14
--------------------------------------------------------------------------------
================================================================================
ftop-1.0-3.fc14 (FEDORA-2011-2442)
Utility that shows shows progress of open files and file systems
--------------------------------------------------------------------------------
Update Information:
Ftop is to files what top is to processes. The progress of all open files file systems can be monitored.
The selection of which files to display is possible through
a wide assortment of options. As with top, the items are displayed in order from most to least active.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #679913 - Review Request: ftop - Shows progress of open files and file systems
https://bugzilla.redhat.com/show_bug.cgi?id=679913
--------------------------------------------------------------------------------
================================================================================
galeon-2.0.7-37.fc14.1 (FEDORA-2011-2444)
GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak@xxxxxxxxxx> - 2.0.7-37.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
glibmm24-2.24.2-2.fc14.1 (FEDORA-2011-2451)
C++ interface for the GLib library
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 21 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 2.24.2-2
- fix documentation location
- co-own /usr/share/devhelp
--------------------------------------------------------------------------------
================================================================================
gnome-python2-extras-2.25.3-27.fc14.1 (FEDORA-2011-2444)
Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak@xxxxxxxxxx> - 2.25.3-27.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
gnome-web-photo-0.9-17.fc14.1 (FEDORA-2011-2444)
HTML pages thumbnailer
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak@xxxxxxxxxx> - 0.9-17.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
goocanvasmm-0.15.4-2.fc14 (FEDORA-2011-2451)
C++ interface for goocanvas
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 20 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 0.15.4-2
- fix devhelp documentation location
--------------------------------------------------------------------------------
================================================================================
gstreamermm-0.10.8-2.fc14.1 (FEDORA-2011-2451)
C++ wrapper for GStreamer library
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 22 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 0.10.8-2
- split doc into subpackage
--------------------------------------------------------------------------------
================================================================================
gtkmm24-2.22.0-2.fc14.2 (FEDORA-2011-2451)
C++ interface for GTK2 (a GUI library for X)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 21 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 2.22.0-2
- fix documentation location
--------------------------------------------------------------------------------
================================================================================
libconfig-1.4.6-1.fc14 (FEDORA-2011-2458)
C/C++ configuration file library
--------------------------------------------------------------------------------
Update Information:
Bugfix release. See /usr/share/doc/libconfig-1.4.6/ChangeLog for full changelog
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 1.4.6-1
- Update to 1.4.6
- Install libconfig_tests
- Fix rpmlint warnings
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libgda-4.2.4-2.fc14 (FEDORA-2011-2451)
Library for writing gnome database programs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 22 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 1:4.2.4-2
- fix sqlite loading (RHBZ #673809)
* Thu Feb 17 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 1:4.2.4-1
- upstream 4.2.4
--------------------------------------------------------------------------------
================================================================================
libsigc++20-2.2.8-1.fc14.1 (FEDORA-2011-2451)
Typesafe signal framework for C++
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 21 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 2.2.8-1
- upstream 2.2.8
- rename spec file to match actual package name
- fix documentation location (RHBZ #678981)
- co-own /usr/share/devhelp
--------------------------------------------------------------------------------
================================================================================
libxml++-2.33.2-1.fc14 (FEDORA-2011-2451)
C++ wrapper for the libxml2 XML parser library
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 22 2011 HaÃkel GuÃmar <hguemar@xxxxxxxxxxxxxxxxx> - 2.33.2-1
- Update to upstream 2.33.2
--------------------------------------------------------------------------------
================================================================================
mozvoikko-1.0-18.fc14.1 (FEDORA-2011-2444)
Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak@xxxxxxxxxx> - 1.0-18.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
openldap-2.4.23-9.fc14 (FEDORA-2011-2467)
LDAP support libraries
--------------------------------------------------------------------------------
Update Information:
- initscript: slaptest with '-u' to skip database opening (#667768)
- fix: verification of self issued certificates (#657984)
- removed slurpd options from sysconfig/ldap
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Vcelak <jvcelak@xxxxxxxxxx> 2.4.23-9
- fix: CVE-2011-1024 ppolicy forwarded bind failure messages cause success (#680466)
- fix: CVE-2011-1025 rootpw is not verified for ndb backend (#680472)
- fix: security - DoS when submitting special MODRDN request (#680975)
* Wed Feb 2 2011 Jan Vcelak <jvcelak@xxxxxxxxxx> 2.4.23-8
- fix update: openldap can't use TLS after a fork() (#636956)
* Tue Jan 25 2011 Jan Vcelak <jvcelak@xxxxxxxxxx> 2.4.23-7
- fix: openldap can't use TLS after a fork() (#636956)
- fix: openldap-server upgrade gets stuck when the database is damaged (#664433)
* Thu Jan 20 2011 Jan Vcelak <jvcelak@xxxxxxxxxx> 2.4.23-6
- fix: some server certificates refused with inadequate type error (#668899)
- fix: default encryption strength dropped in switch to using NSS (#669446)
* Thu Jan 6 2011 Jan Vcelak <jvcelak@xxxxxxxxxx> 2.4.23-5
- initscript: slaptest with '-u' to skip database opening (#667768)
- removed slurpd options from sysconfig/ldap
- fix: verification of self issued certificates (#657984)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680466 - CVE-2011-1024 openldap: forwarded bind failure messages cause success
https://bugzilla.redhat.com/show_bug.cgi?id=680466
[ 2 ] Bug #680472 - CVE-2011-1025 openldap: rootpw is not verified with slapd.conf
https://bugzilla.redhat.com/show_bug.cgi?id=680472
[ 3 ] Bug #680975 - CVE-2011-1081 openldap: DoS when submitting special MODRDN request
https://bugzilla.redhat.com/show_bug.cgi?id=680975
--------------------------------------------------------------------------------
================================================================================
perl-Digest-JHash-0.07-1.fc14 (FEDORA-2011-2463)
Perl extension for 32 bit Jenkins Hashing Algorithm
--------------------------------------------------------------------------------
================================================================================
perl-Gtk2-MozEmbed-0.08-6.fc14.23 (FEDORA-2011-2444)
Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak@xxxxxxxxxx> - 0.08-6.23
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
perl-Test-CheckManifest-1.22-2.fc14 (FEDORA-2011-2461)
Check if your Manifest matches your distro
--------------------------------------------------------------------------------
================================================================================
pywebdav-0.9.4.1-1.fc14 (FEDORA-2011-2460)
WebDAV library
--------------------------------------------------------------------------------
Update Information:
The server affected by the CVE is distributed only as documentation, not as a directly runnable component.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Dan HorÃk <dan[at]danny.cz> 0.9.4.1-1
- update to 0.9.4.1
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #677718 - CVE-2011-0432 pywebdav: SQL injection due improper escaping of user credentials
https://bugzilla.redhat.com/show_bug.cgi?id=677718
--------------------------------------------------------------------------------
================================================================================
rkward-0.5.4-3.fc14 (FEDORA-2011-2466)
Graphical frontend for R language
--------------------------------------------------------------------------------
Update Information:
Update to R 2.12.2. A full list of changes in this release is here: http://cran.r-project.org/src/base/NEWS
Notably, it fixes this issue:
Complex arithmetic (notably z^n for complex z and integer n) gave
incorrect results since R 2.10.0 on platforms without C99 complex
support. This and some lesser issues in trignometric functions
have been corrected. Such platforms were rare (we know of Cygwin and FreeBSD). However, because of new compiler optimizations in the way complex arguments are handled, the same code was selected on x86_64 Linux with gcc 4.5.x at the default -O2 optimization (but not at -O).
In addition, rpy and rkward were rebuilt to use the new R. No other changes were made to these packages.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 0.5.4-3
- rebuild for R 2.12.2
--------------------------------------------------------------------------------
================================================================================
rpy-2.1.9-2.fc14 (FEDORA-2011-2466)
Python interface to the R language
--------------------------------------------------------------------------------
Update Information:
Update to R 2.12.2. A full list of changes in this release is here: http://cran.r-project.org/src/base/NEWS
Notably, it fixes this issue:
Complex arithmetic (notably z^n for complex z and integer n) gave
incorrect results since R 2.10.0 on platforms without C99 complex
support. This and some lesser issues in trignometric functions
have been corrected. Such platforms were rare (we know of Cygwin and FreeBSD). However, because of new compiler optimizations in the way complex arguments are handled, the same code was selected on x86_64 Linux with gcc 4.5.x at the default -O2 optimization (but not at -O).
In addition, rpy and rkward were rebuilt to use the new R. No other changes were made to these packages.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.1.9-2
- rebuild for R 2.12.2
--------------------------------------------------------------------------------
================================================================================
rubygem-hpricot-0.8.4-1.fc14 (FEDORA-2011-2449)
A Fast, Enjoyable HTML Parser for Ruby
--------------------------------------------------------------------------------
Update Information:
New version 0.8.4 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 2 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 0.8.4-1
- 0.8.4
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rubygem-thin-1.2.8-3.fc14 (FEDORA-2011-2464)
A thin and fast web server
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Michal Fojtik <mfojtik@xxxxxxxxxx> - 1.2.8-3
- Removed Rake dependency completely
* Tue Mar 1 2011 Michal Fojtik <mfojtik@xxxxxxxxxx> - 1.2.8-2
- Fixed RSpec tests
* Tue Mar 1 2011 Michal Fojtik <mfojtik@xxxxxxxxxx> - 1.2.8-1
- Updated to upstream version
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Sep 8 2010 Michal Fojtik <mfojtik@xxxxxxxxxx> - 1.2.7-1
- Updated to upstream version
--------------------------------------------------------------------------------
================================================================================
setroubleshoot-3.0.30-1.fc14 (FEDORA-2011-2462)
Helps troubleshoot SELinux problems
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 <dwalsh@xxxxxxxxxx> - 3.0.30-1
- Change seapplet to only check for AVCs on login, if checkonlogin flag is turned on in ~/.setroubleshoot file
- Fix list_all_alerts bug causing crash on bad type
* Mon Feb 21 2011 <dwalsh@xxxxxxxxxx> - 3.0.29-1
- Fix handling of "/" in alert list
- Update translations
* Fri Feb 18 2011 <dwalsh@xxxxxxxxxx> - 3.0.28-1
- Tighten up screen to fit on little screens
* Fri Feb 18 2011 <dwalsh@xxxxxxxxxx> - 3.0.27-1
- Remove dependance on gnome python modules
- Update translations
* Wed Feb 9 2011 <dwalsh@xxxxxxxxxx> - 3.0.26-1
- Cleanup handling of current_alert
- Change Details button to say Plugin\nDetails
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #678718 - [abrt] setroubleshoot-server-3.0.25-1.fc14: browser.py:625:on_delete_button_clicked:IndexError: list index out of range
https://bugzilla.redhat.com/show_bug.cgi?id=678718
[ 2 ] Bug #677106 - [abrt] setroubleshoot-server-3.0.25-1.fc14: browser.py:618:on_details_button_clicked:IndexError: list index out of range
https://bugzilla.redhat.com/show_bug.cgi?id=677106
[ 3 ] Bug #676257 - [abrt] setroubleshoot-server-3.0.25-1.fc14: browser.py:326:on_ignore_button_clicked:IndexError: list index out of range
https://bugzilla.redhat.com/show_bug.cgi?id=676257
[ 4 ] Bug #666042 - selinux alert browser doesn't fit in a 1024x576 screen
https://bugzilla.redhat.com/show_bug.cgi?id=666042
[ 5 ] Bug #678799 - [abrt] setroubleshoot-server-3.0.25-1.fc14: browser.py:384:add_row:Error: NULL pointer
https://bugzilla.redhat.com/show_bug.cgi?id=678799
--------------------------------------------------------------------------------
================================================================================
simple-scan-2.32.0.1-1.fc14 (FEDORA-2011-2465)
Simple scanning utility
--------------------------------------------------------------------------------
Update Information:
Several minor bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 2.32.0.1-1
- Update to 2.32.0.1
- http://bazaar.launchpad.net/~simple-scan-team/simple-scan/trunk/revision/470#NEWS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649067 - Text mode produces blank pdf
https://bugzilla.redhat.com/show_bug.cgi?id=649067
[ 2 ] Bug #636491 - scanner not recognized under F14 Beta RC3 liveCD gnome desktop
https://bugzilla.redhat.com/show_bug.cgi?id=636491
[ 3 ] Bug #625810 - Meaningless Title stored in PDF
https://bugzilla.redhat.com/show_bug.cgi?id=625810
[ 4 ] Bug #656345 - simple-scan doesn't save to pdf
https://bugzilla.redhat.com/show_bug.cgi?id=656345
[ 5 ] Bug #669319 - Simple-scan produces empty PDF
https://bugzilla.redhat.com/show_bug.cgi?id=669319
[ 6 ] Bug #655849 - Scanning from sheet feeder does not work over network
https://bugzilla.redhat.com/show_bug.cgi?id=655849
--------------------------------------------------------------------------------
================================================================================
tellico-2.3.2-1.fc14 (FEDORA-2011-2450)
A collection manager
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.3.2. Fixes bugs with bibtex, amongst others.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 11 2011 Alex Lancaster <alexlan[AT]fedoraproject org> - 2.3.2-1
- Update to upstream 2.3.2. Fixes bugs with bibtex, amongst others.
- Add patches from upstream SVN to fix build with GCC 4.6.x and use
version 1 of v4l API for barcode support so that it compiles with
newer kernels.
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654791 - tellico-2.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=654791
--------------------------------------------------------------------------------
================================================================================
tweepy-1.7.1-3.fc14 (FEDORA-2011-2455)
Twitter library for python
--------------------------------------------------------------------------------
Update Information:
* Initial RPM package for tweepy-1.7.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #675104 - Review Request: tweepy - Twitter library for python
https://bugzilla.redhat.com/show_bug.cgi?id=675104
--------------------------------------------------------------------------------
================================================================================
xulrunner-1.9.2.14-1.fc14 (FEDORA-2011-2444)
XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak@xxxxxxxxxx> - 1.9.2.14-1
- Update to 1.9.2.14
* Mon Jan 10 2011 Dennis Gilmore <dennis@xxxxxxxx> 1.9.2.13-6
- disable nanojit on sparc64 its not supported and doesnt get automatically switched off
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
