The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/libcgroup-0.36.2-6.fc14
https://admin.fedoraproject.org/updates/wireshark-1.4.4-1.fc14
https://admin.fedoraproject.org/updates/logwatch-7.3.6-60.fc14
https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc14
https://admin.fedoraproject.org/updates/php-pear-1.9.2-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14
https://admin.fedoraproject.org/updates/mailman-2.1.13-7.fc14
https://admin.fedoraproject.org/updates/asterisk-1.6.2.17-1.fc14
https://admin.fedoraproject.org/updates/pywebdav-0.9.4.1-1.fc14
https://admin.fedoraproject.org/updates/thunderbird-3.1.8-3.fc14
https://admin.fedoraproject.org/updates/perl-Mail-Box-2.097-1.fc14
https://admin.fedoraproject.org/updates/389-admin-1.1.15-1.fc14
https://admin.fedoraproject.org/updates/libtiff-3.9.4-3.fc14
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14
https://admin.fedoraproject.org/updates/samba-3.5.7-73.fc14
https://admin.fedoraproject.org/updates/moin-1.9.3-4.fc14
https://admin.fedoraproject.org/updates/vsftpd-2.3.4-1.fc14
https://admin.fedoraproject.org/updates/exim-4.72-2.fc14
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14
https://admin.fedoraproject.org/updates/socat-1.7.1.3-1.fc14
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc14
https://admin.fedoraproject.org/updates/libcgroup-0.36.2-6.fc14
https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.997-1.fc14
https://admin.fedoraproject.org/updates/libtiff-3.9.4-3.fc14
https://admin.fedoraproject.org/updates/libconfig-1.4.6-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14
https://admin.fedoraproject.org/updates/gdb-7.2-45.fc14
https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc14
https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14
https://admin.fedoraproject.org/updates/dmidecode-2.11-1.fc14
https://admin.fedoraproject.org/updates/libmodman-2.0.0-1.fc14
The following builds have been pushed to Fedora 14 updates-testing
NetworkManager-0.8.3.997-1.fc14
apiextractor-0.10.0-1.fc14
dspam-3.9.0-17.fc14
fuse-2.8.5-5.fc14
generatorrunner-0.6.7-1.fc14
gnucash-2.4.3-1.fc14
libcgroup-0.36.2-6.fc14
lyx-2.0.0-0.13.beta4.fc14
manchu-fonts-2.006-3.fc14
openni-primesense-5.0.0.25-0.4.git894cea01.fc14
openscada-0.7.0.2-1.fc14
perl-CGI-Emulate-PSGI-0.11-1.fc14
perl-Eval-Closure-0.03-1.fc14
perl-Image-ExifTool-8.50-1.fc14
perl-Plack-0.9973-1.fc14
pyside-tools-0.2.7-1.fc14
python-pyside-1.0.0-1.fc14
qiv-2.2.3-2.fc14
samba-3.5.7-73.fc14
shiboken-1.0.0-1.fc14
sil-nuosu-fonts-2.1.1-3.fc14
smartmontools-5.40-5.fc14
task-1.9.4-1.fc14
ukij-tuz-fonts-2.0.0-5.fc14
vsftpd-2.3.4-1.fc14
wireshark-1.4.4-1.fc14
Details about builds:
================================================================================
NetworkManager-0.8.3.997-1.fc14 (FEDORA-2011-2644)
Network connection manager and user applications
--------------------------------------------------------------------------------
Update Information:
This update fixes a crash when editing connections which have passwords. It also stops periodically writing active connection timestamps to /etc (allowing for read-only /etc configurations), and enhances the file format of 'keyfile' connections that contain certificates and private keys.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Dan Williams <dcbw@xxxxxxxxxx> - 0.8.3.997-1
- Update to 0.8.3.997 (0.8.4-beta3)
- editor: fix crash requesting VPN secrets (rh #680707)
- core: keep connection timestamps in lookaside file, not in /etc
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680707 - [abrt] NetworkManager-gnome-1:0.8.3.996-1.fc14: type_check_is_value_type_U: Process /usr/bin/nm-connection-editor was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=680707
--------------------------------------------------------------------------------
================================================================================
apiextractor-0.10.0-1.fc14 (FEDORA-2011-2586)
Library headers parser to extract API information
--------------------------------------------------------------------------------
Update Information:
An update of PySide (Python bindings for Qt) to the stable version 1.0.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Kalev Lember <kalev@xxxxxxxxxxxx> - 0.10.0-1
- Update to 0.10.0
--------------------------------------------------------------------------------
================================================================================
dspam-3.9.0-17.fc14 (FEDORA-2011-2610)
A library and Mail Delivery Agent for Bayesian SPAM filtering
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Nathanael Noblet <nathanael@xxxxxxx> - 3.9.0-17
- Fixed packaging issue with non-existent group
- Removed chown -R in web post as well as httpd restart
* Wed Mar 2 2011 Nathanael Noblet <nathanael@xxxxxxx> - 3.9.0-16
- Added configure patch to build on F15+
* Tue Mar 1 2011 Nathanael Noblet <nathanael@xxxxxxx> - 3.9.0-15
- Applied Matej Cepl's patch to move the web dir to /var/www/dspam
- Removed autogen call to see if configure nodalcore option passes
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.9.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #672068 - dspam web interface completely broken
https://bugzilla.redhat.com/show_bug.cgi?id=672068
--------------------------------------------------------------------------------
================================================================================
fuse-2.8.5-5.fc14 (FEDORA-2011-2635)
File System in Userspace (FUSE) utilities
--------------------------------------------------------------------------------
Update Information:
- Use noreplace for /etc/fuse.conf
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Peter Lemenkov <lemenkov@xxxxxxxxx> - 2.8.5-5
- Use noreplace for /etc/fuse.conf
--------------------------------------------------------------------------------
================================================================================
generatorrunner-0.6.7-1.fc14 (FEDORA-2011-2586)
Plugin-based application to run apiextractor-based generators
--------------------------------------------------------------------------------
Update Information:
An update of PySide (Python bindings for Qt) to the stable version 1.0.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Kalev Lember <kalev@xxxxxxxxxxxx> - 0.6.7-1
- Update to 0.6.7
--------------------------------------------------------------------------------
================================================================================
gnucash-2.4.3-1.fc14 (FEDORA-2011-2601)
Finance management application
--------------------------------------------------------------------------------
Update Information:
This updates GnuCash to the latest update release, which fixes assorted bugs and updates translations.
For more information, see the upstream changelog at:
http://gnucash.org/#110227-2.4.3.news
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Bill Nottingham <notting@xxxxxxxxxx> - 2.4.3-1
- update to 2.4.3
--------------------------------------------------------------------------------
================================================================================
libcgroup-0.36.2-6.fc14 (FEDORA-2011-2631)
Tools and libraries to control and monitor control groups
--------------------------------------------------------------------------------
Update Information:
Two security bugs were fixed in this release:
* CVE-2011-1006: Heap-based buffer overflow by converting list of controllers for given task into an array of strings
* CVE-2011-1022: Unchecked origin of NETLINK messages
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Jan Safranek <jsafrane@xxxxxxxxxx> 0.36.2-6
- Fixed CVE-2011-1022 and CVE-2011-1006
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680409 - CVE-2011-1022 libcgroup: Uncheck origin of NETLINK messages
https://bugzilla.redhat.com/show_bug.cgi?id=680409
[ 2 ] Bug #678107 - CVE-2011-1006 libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings
https://bugzilla.redhat.com/show_bug.cgi?id=678107
--------------------------------------------------------------------------------
================================================================================
lyx-2.0.0-0.13.beta4.fc14 (FEDORA-2011-2633)
WYSIWYM (What You See Is What You Mean) document processor
--------------------------------------------------------------------------------
Update Information:
We are pleased to announce the fourth public pre-release of LyX 2.0.0.
Except usual bugfixing we fixed random crashes connected with the new background export and compilation feature.
As far as new features is considered it is now possible
* to set the table width,
* customize the language package per document,
* export LyX files as a single archive containing linked material (e.g. images) directly via export menu.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 7 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.0.0-0.13.beta4
- 2.0.0-beta4
* Mon Feb 7 2011 Thomas Spura <tomspur@xxxxxxxxxxxxxxxxx> 2.0.0-0.12.beta3
- rebuild for new boost
--------------------------------------------------------------------------------
================================================================================
manchu-fonts-2.006-3.fc14 (FEDORA-2011-2604)
A Manchu OpenType (TrueType-flavored) font
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #673027 - Review Request: manchu-fonts - A Manchu OpenType (TrueType-flavored) font
https://bugzilla.redhat.com/show_bug.cgi?id=673027
--------------------------------------------------------------------------------
================================================================================
openni-primesense-5.0.0.25-0.4.git894cea01.fc14 (FEDORA-2011-2600)
PrimeSensor/Kinect Modules for OpenNI
--------------------------------------------------------------------------------
Update Information:
PrimeSensor/Kinect Modules for OpenNI
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #674007 - Review Request: openni-primesense - PrimeSensor/Kinect Modules for OpenNI
https://bugzilla.redhat.com/show_bug.cgi?id=674007
--------------------------------------------------------------------------------
================================================================================
openscada-0.7.0.2-1.fc14 (FEDORA-2011-2619)
Open SCADA system project
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 2 2011 Aleksey Popkov <aleksey@xxxxxxxxxx> - 0.7.0.2-1
- Build of 0.7.0.2 version.
--------------------------------------------------------------------------------
================================================================================
perl-CGI-Emulate-PSGI-0.11-1.fc14 (FEDORA-2011-2618)
PSGI adapter for CGI applications
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> 0.11-1
- Upstream update.
- Spec cleanup.
--------------------------------------------------------------------------------
================================================================================
perl-Eval-Closure-0.03-1.fc14 (FEDORA-2011-2593)
Safely and cleanly create closures via string eval
--------------------------------------------------------------------------------
Update Information:
This update avoids adding #line directives when the debugger is active.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.03-1
- update to latest upstream version
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.02-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Image-ExifTool-8.50-1.fc14 (FEDORA-2011-2617)
Utility for reading and writing image meta info
--------------------------------------------------------------------------------
Update Information:
Update to 8.50. Full changelog here: http://owl.phy.queensu.ca/~phil/exiftool/history.html
Notable bugfixes:
Fixed problems with format of binary data in lists for some
output options
Fixed bug reading/writing some IPTC binary data tags
Fixed problem copying XMP:Thumbnails structure
Fixed conversion of MXF:ByteOrder value
Fixed potential "Undefined subroutine ConvertStruct" crash bug
Fixed bug introduced in 8.46 when calling GetValue(xxx,'Raw')
Relaxed structure validation to allow a structure to be written even if there were errors with some fields
Patched problem with formatting of very large numbers in JSON (-j) output
Fixed a few problems reading and writing structured information
Fixed bug which could cause hang with some user-defined tag definitions
Fixed a couple of minor bugs with the new -struct option
Fixed bug writing alternate languages for XMP-iptcExt:ArtworkTitle tag
Fixed problem where console echo was disabled when using -k option from a bash script
Fixed minor quirk in HtmlDump output
Fixed race condition with -stay_open when reading options requiring additional arguments from the argfile
Fixed problem copying makernotes from Nikon NRW image to JPEG
Fixed incorrect decoding of some AEInfo tags for newer Pentax DSLR's
Fixed bug where time could be wrong by up to 2 seconds when shifting multiple date/time values containing fractional seconds
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 8.50-1
- update to 8.50
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 8.40-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Plack-0.9973-1.fc14 (FEDORA-2011-2564)
Perl Superglue for Web frameworks and Web Servers (PSGI toolkit)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> 0.9973-1
- Upstream update.
- Reflect upstream not shipping Plack/Handler/Net/FastCGI.pm anymore.
- Spec file cleanup.
--------------------------------------------------------------------------------
================================================================================
pyside-tools-0.2.7-1.fc14 (FEDORA-2011-2586)
Development tools for PySide
--------------------------------------------------------------------------------
Update Information:
An update of PySide (Python bindings for Qt) to the stable version 1.0.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Kalev Lember <kalev@xxxxxxxxxxxx> - 0.2.7-1
- Update to 0.2.7
- Added man pages
--------------------------------------------------------------------------------
================================================================================
python-pyside-1.0.0-1.fc14 (FEDORA-2011-2586)
Python bindings for Qt4
--------------------------------------------------------------------------------
Update Information:
An update of PySide (Python bindings for Qt) to the stable version 1.0.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Kalev Lember <kalev@xxxxxxxxxxxx> - 1.0.0-1
- Update to 1.0.0
- Dropped upstreamed patches
- Force Release build type to make sure NDEBUG is defined
--------------------------------------------------------------------------------
================================================================================
qiv-2.2.3-2.fc14 (FEDORA-2011-2574)
Quick Image Viewer
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 2 2011 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 2.2.3-2
- exit instead of abort on child error (#680602)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680602 - Qiv generates coredump with qiv-command is not found
https://bugzilla.redhat.com/show_bug.cgi?id=680602
--------------------------------------------------------------------------------
================================================================================
samba-3.5.7-73.fc14 (FEDORA-2011-2592)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Guenther Deschner <gdeschner@xxxxxxxxxx> - 3.5.7-73
- Security update to 3.5.7 to address CVE-2011-0719
- resolves: #681852
* Thu Jan 6 2011 Guenther Deschner <gdeschner@xxxxxxxxxx> - 3.5.6-72
- Fix GSSAPI checksum for some SMB servers
- resolves: #667647
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #681852 - CVE-2011-0719 Samba unsafe fd_set usage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=681852
--------------------------------------------------------------------------------
================================================================================
shiboken-1.0.0-1.fc14 (FEDORA-2011-2586)
CPython bindings generator for C++ libraries
--------------------------------------------------------------------------------
Update Information:
An update of PySide (Python bindings for Qt) to the stable version 1.0.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Kalev Lember <kalev@xxxxxxxxxxxx> - 1.0.0-1
- Update to 1.0.0
- Dropped upstreamed pkgconfig patch
--------------------------------------------------------------------------------
================================================================================
sil-nuosu-fonts-2.1.1-3.fc14 (FEDORA-2011-2599)
The Nuosu SIL Font
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #673029 - Review Request: sil-nuosu-fonts - The Nuosu SIL Font
https://bugzilla.redhat.com/show_bug.cgi?id=673029
--------------------------------------------------------------------------------
================================================================================
smartmontools-5.40-5.fc14 (FEDORA-2011-1740)
Tools for monitoring SMART capable hard disks
--------------------------------------------------------------------------------
Update Information:
when disk is failing use notification system to inform user
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:5.40-5
- own %{_datadir}/%{name} and %{_libexecdir}/%{name} dirs
* Thu Feb 17 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:5.40-4
- notify users when disk is failing
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #675778 - Usability proposal: Automatic notification to desktop user
https://bugzilla.redhat.com/show_bug.cgi?id=675778
--------------------------------------------------------------------------------
================================================================================
task-1.9.4-1.fc14 (FEDORA-2011-2629)
A command-line to do list manager
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.9.4.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 4 2011 Federico Hernandez <ultrafredde@xxxxxxxxx> - 1.9.4-1
Intial RPM for task release 1.9.4
--------------------------------------------------------------------------------
================================================================================
ukij-tuz-fonts-2.0.0-5.fc14 (FEDORA-2011-2608)
Uyghur Computer Science Association (UKIJ) Unicode fonts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #673026 - Review Request: ukij-tuz-fonts - Uyghur Computer Science Association (UKIJ) Unicode fonts
https://bugzilla.redhat.com/show_bug.cgi?id=673026
--------------------------------------------------------------------------------
================================================================================
vsftpd-2.3.4-1.fc14 (FEDORA-2011-2590)
Very Secure Ftp Daemon
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Jiri Skala <jskala@xxxxxxxxxx> - 2.3.4-1
- update to latest upstream 2.3.4
- fixes #681935 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #681667 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern
https://bugzilla.redhat.com/show_bug.cgi?id=681667
--------------------------------------------------------------------------------
================================================================================
wireshark-1.4.4-1.fc14 (FEDORA-2011-2632)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
Several security bugs were fixed in this release:
* CVE-2011-0538: memory corruption when reading a malformed pcap file
* CVE-2010-3445: stack overflow in BER dissector
* CVE-2011-1143: Null pointer dereference causing application crash when reading malformed pcap file
* CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet
* CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service)
* CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field
* CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signalling traces
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 3 2011 Jan Safranek <jsafrane@xxxxxxxxxx>
- upgrade to 1.4.4
- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #676232 - CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file (upstream bug #5652)
https://bugzilla.redhat.com/show_bug.cgi?id=676232
[ 2 ] Bug #678198 - CVE-2011-0713 Wireshark: heap-based buffer overflow when reading malformed Nokia DCT3 phone signalling traces
https://bugzilla.redhat.com/show_bug.cgi?id=678198
[ 3 ] Bug #639486 - CVE-2010-3445 wireshark: stack overflow in BER dissector
https://bugzilla.redhat.com/show_bug.cgi?id=639486
[ 4 ] Bug #681760 - CVE-2011-1143 Wireshark: Null pointer dereference causing application crash when reading malformed pcap file
https://bugzilla.redhat.com/show_bug.cgi?id=681760
[ 5 ] Bug #681754 - CVE-2011-1140 Wireshark: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet
https://bugzilla.redhat.com/show_bug.cgi?id=681754
[ 6 ] Bug #681753 - CVE-2011-1138 Wireshark: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service)
https://bugzilla.redhat.com/show_bug.cgi?id=681753
[ 7 ] Bug #681748 - CVE-2011-1139 Wireshark: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field
https://bugzilla.redhat.com/show_bug.cgi?id=681748
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
