The following Fedora 14 Security updates need testing: https://admin.fedoraproject.org/updates/libcgroup-0.36.2-6.fc14 https://admin.fedoraproject.org/updates/libxml2-2.7.7-3.fc14 https://admin.fedoraproject.org/updates/pango-1.28.1-5.fc14 https://admin.fedoraproject.org/updates/clamav-0.97-1400.fc14 https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-19.fc14 https://admin.fedoraproject.org/updates/php-pear-1.9.2-1.fc14 https://admin.fedoraproject.org/updates/seamonkey-2.0.12-1.fc14 https://admin.fedoraproject.org/updates/whatsup-1.12-1.fc14 https://admin.fedoraproject.org/updates/cgit-0.9-1.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14 https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14 https://admin.fedoraproject.org/updates/mailman-2.1.13-7.fc14 https://admin.fedoraproject.org/updates/samba-3.5.8-74.fc14 https://admin.fedoraproject.org/updates/pidgin-2.7.11-1.fc14 https://admin.fedoraproject.org/updates/389-admin-1.1.15-1.fc14 https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14 https://admin.fedoraproject.org/updates/vsftpd-2.3.4-1.fc14 https://admin.fedoraproject.org/updates/subversion-1.6.16-1.fc14 https://admin.fedoraproject.org/updates/exim-4.72-2.fc14 https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14 https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14 The following Fedora 14 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/pango-1.28.1-5.fc14 https://admin.fedoraproject.org/updates/perl-ExtUtils-XSpp-0.15-2.fc14,perl-5.12.3-142.fc14,perl-Wx-0.98-5.fc14 https://admin.fedoraproject.org/updates/libgnome-keyring-2.32.0-2.fc14 https://admin.fedoraproject.org/updates/linux-firmware-20110304-1.fc14 https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-19.fc14 https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14 https://admin.fedoraproject.org/updates/pinentry-0.8.1-3.fc14 https://admin.fedoraproject.org/updates/libxml2-2.7.7-3.fc14 https://admin.fedoraproject.org/updates/libconfig-1.4.6-1.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14 https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc14 https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14 https://admin.fedoraproject.org/updates/libmodman-2.0.0-1.fc14 The following builds have been pushed to Fedora 14 updates-testing dumb-0.9.3-11.fc14 flush-0.9.10-1.fc14 ibus-1.3.9-3.fc14 jd-2.8.1-1.fc14 kid3-1.6-3.fc14 knights-2.3.0-1.fc14 liblouis-2.2.0-2.fc14 lyx-2.0.0-0.17.rc1.fc14 mod_cluster-1.1.1-2.fc14 nickle-2.70-2.fc14 pango-1.28.1-5.fc14 perl-5.12.3-142.fc14 perl-ExtUtils-XSpp-0.15-2.fc14 perl-Wx-0.98-5.fc14 wine-1.3.15-1.fc14 zyGrib-3.9.9-3.fc14 Details about builds: ================================================================================ dumb-0.9.3-11.fc14 (FEDORA-2011-3187) IT, XM, S3M and MOD player library -------------------------------------------------------------------------------- Update Information: Fix unresolved symbols from libm in the libraries (causing linking errors from configure scripts). -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 8 2011 Hans de Goede <hdegoede@xxxxxxxxxx> - 0.9.3-11 - Fix unresolved symbols from libm in the libraries * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.3-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ flush-0.9.10-1.fc14 (FEDORA-2011-3180) GTK-based BitTorrent client -------------------------------------------------------------------------------- References: [ 1 ] Bug #675914 - Review Request: flush - GTK-based BitTorrent client https://bugzilla.redhat.com/show_bug.cgi?id=675914 -------------------------------------------------------------------------------- ================================================================================ ibus-1.3.9-3.fc14 (FEDORA-2011-3188) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 11 2011 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.3.9-3 - Updated ibus-541492-xkb.patch Fixed Bug 673047 - ibus-xkb does not work in non-XKB system - Updated ibus-HEAD.patch Removed snooper in class_fini - Updated xinput-ibus Set QT_IM_MODULE=xim if ibus-qt is not installed -------------------------------------------------------------------------------- References: [ 1 ] Bug #673047 - [abrt] ibus-1.3.9-2.fc14: ibus_xkb_get_current_layout: Process /usr/libexec/ibus-xkb was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=673047 -------------------------------------------------------------------------------- ================================================================================ jd-2.8.1-1.fc14 (FEDORA-2011-3193) A 2ch browser -------------------------------------------------------------------------------- Update Information: New version 2.8.1 is released. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 12 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 2.8.1-1 - 2.8.1 -------------------------------------------------------------------------------- ================================================================================ kid3-1.6-3.fc14 (FEDORA-2011-3189) Efficient KDE ID3 tag editor -------------------------------------------------------------------------------- Update Information: Update to upstream release 1.6, add a kid3-qt package with Qt only (no KDE) dependencies. http://kid3.git.sourceforge.net/git/gitweb.cgi?p=kid3/kid3;a=blob_plain;f=ChangeLog;hp=Rel_1_6 -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Sat Feb 5 2011 Ville Skyttà <ville.skytta@xxxxxx> - 1.6-2 - Add -qt subpackage containing a version without KDE dependencies. * Sat Feb 5 2011 Ville Skyttà <ville.skytta@xxxxxx> - 1.6-1 - Update to 1.6. -------------------------------------------------------------------------------- ================================================================================ knights-2.3.0-1.fc14 (FEDORA-2011-3181) A chess board for KDE -------------------------------------------------------------------------------- Update Information: Update to latest upstream release which brings many new features and provides a more complete game. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 11 2011 Julian Aloofi <julian@xxxxxxxxxxxxxxxxx> 2.3.0-1 - update to latest upstream release -------------------------------------------------------------------------------- ================================================================================ liblouis-2.2.0-2.fc14 (FEDORA-2011-3178) Braille translation and back-translation library -------------------------------------------------------------------------------- Update Information: Liblouis is an open-source braille translator and back-translator. It features support for computer and literary braille, supports contracted and uncontracted translation for many, many languages and has support for hyphenation. New languages can easily be added through tables that support a rule- or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Liblouis is based on the translation routines in the BRLTTY screenreader for Linux. It has, however, gone far beyond these routines. The library is named in honor of Louis Braille. -------------------------------------------------------------------------------- References: [ 1 ] Bug #677943 - Review Request: liblouis - Braille translation and back-translation library https://bugzilla.redhat.com/show_bug.cgi?id=677943 -------------------------------------------------------------------------------- ================================================================================ lyx-2.0.0-0.17.rc1.fc14 (FEDORA-2011-3184) WYSIWYM (What You See Is What You Mean) document processor -------------------------------------------------------------------------------- Update Information: First public candidate for lyx-2.0.0 and thus this version has lots of fixes over the last version. This update also fixes the support for language spelling, to use the standard dictionaries. The thesaurus is now correctly configured by default. This update adds a new requirement to guarantee that the mathematical formula instant preview works every time. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 12 2011 Josà Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.0.0-0.17.rc1 - Add thesaurus and hunspell paths to lyxrc.dist thus fixing http://www.lyx.org/trac/ticket/7253 - Simplified the content of lyxrc.dist leaving only the relevant options and updating the format to the current one * Fri Mar 11 2011 Josà Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.0.0-0.16.rc1 - Update for rc1 and add a dependency to ensure that math instant preview works by default - Removed patch applied upstream for gcc 4.6 fixes - Renamed patch for xdg_open to be in sync with current version (rc1) * Fri Feb 11 2011 Orion Poplawski <orion@xxxxxxxxxxxxx> 2.0.0-0.15.beta4 - Get gcc46 fixes from svn * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.0-0.14.beta4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Feb 7 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.0.0-0.13.beta4 - 2.0.0-beta4 * Mon Feb 7 2011 Thomas Spura <tomspur@xxxxxxxxxxxxxxxxx> 2.0.0-0.12.beta3 - rebuild for new boost -------------------------------------------------------------------------------- ================================================================================ mod_cluster-1.1.1-2.fc14 (FEDORA-2011-3179) Apache HTTP load balancer -------------------------------------------------------------------------------- Update Information: New package: mod_cluster 1.1.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #655582 - Review Request: mod_cluster - Apache HTTPD based load balancer https://bugzilla.redhat.com/show_bug.cgi?id=655582 -------------------------------------------------------------------------------- ================================================================================ nickle-2.70-2.fc14 (FEDORA-2011-3173) A programming language-based prototyping environment -------------------------------------------------------------------------------- Update Information: - new upstream release - updated license information: this software is additionally under GPLv3+ due to linking with readline -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 12 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 2.70-2 - Update license field to include GPLv3+ (from readline) * Sat Mar 12 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 2.70-1 - Update to 2.70 * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.69-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #612470 - nickle-2.70 is available https://bugzilla.redhat.com/show_bug.cgi?id=612470 -------------------------------------------------------------------------------- ================================================================================ pango-1.28.1-5.fc14 (FEDORA-2011-3194) System for layout and rendering of internationalized text -------------------------------------------------------------------------------- Update Information: It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure() function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph(), where possibly untrusted input is used as an index used for accessing members of the incorrectly reallocated array, resulting in the use of NULL address as the base array address. This can result in application crash or, possibly, code execution. It was demonstrated that it's possible to trigger this flaw in Firefox via a specially crafted web page. Mozilla bug report (currently not public): https://bugzilla.mozilla.org/show_bug.cgi?id=606997 Fix in the harfbuzz git: http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2e Acknowledgements: Red Hat would like to thank Mozilla Security Team for reporting this issue. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 11 2011 Matthias Clasen <mclasen@xxxxxxxxxx> - 1.28.1-5 - Fix CVS-2011-0064 - Include an upstream heap corruption fix for pangoft2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #681378 - CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=681378 -------------------------------------------------------------------------------- ================================================================================ perl-5.12.3-142.fc14 (FEDORA-2011-3174) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information: perl-Padre does not launch on Fedora 14 (and has issues on Fedora 13). All of these issues seem to be tied into perl-Wx being out of date on F-13 and F-14. To get perl-Wx updated to a version which resolves these issues, perl (specifically, perl-ExtUtils-ParseXS) and perl-ExtUtils-XSpp had to be updated at the same time. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 10 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 4:5.12.3-142 - update ExtUtils::ParseXS to 2.2206 (current) to fix Wx build -------------------------------------------------------------------------------- References: [ 1 ] Bug #656317 - libwx_gtk2u_stc-2.8.so: cannot open shared object file: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=656317 -------------------------------------------------------------------------------- ================================================================================ perl-ExtUtils-XSpp-0.15-2.fc14 (FEDORA-2011-3174) C++ variant of Perl's XS language -------------------------------------------------------------------------------- Update Information: perl-Padre does not launch on Fedora 14 (and has issues on Fedora 13). All of these issues seem to be tied into perl-Wx being out of date on F-13 and F-14. To get perl-Wx updated to a version which resolves these issues, perl (specifically, perl-ExtUtils-ParseXS) and perl-ExtUtils-XSpp had to be updated at the same time. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Oct 22 2010 Marcela MaÅlÃÅovà <mmaslano@xxxxxxxxxx> - 0.15-1 - update, fix permission on Grammar.pm (generated file) -------------------------------------------------------------------------------- References: [ 1 ] Bug #656317 - libwx_gtk2u_stc-2.8.so: cannot open shared object file: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=656317 -------------------------------------------------------------------------------- ================================================================================ perl-Wx-0.98-5.fc14 (FEDORA-2011-3174) Interface to the wxWidgets cross-platform GUI toolkit -------------------------------------------------------------------------------- Update Information: perl-Padre does not launch on Fedora 14 (and has issues on Fedora 13). All of these issues seem to be tied into perl-Wx being out of date on F-13 and F-14. To get perl-Wx updated to a version which resolves these issues, perl (specifically, perl-ExtUtils-ParseXS) and perl-ExtUtils-XSpp had to be updated at the same time. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 9 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.98-5 - add explicit provides for all XS files, not just the ones in XS/ * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.98-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Feb 8 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.98-3 - add explicit provides for the stuff in the XS/ directory that isn't autodetected * Thu Jan 27 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.98-2 - update filtering macros, filter out requires on Wx::PlValidator * Wed Jan 26 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.98-1 - update to 0.98 * Thu Dec 23 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 0.92-5 - 661697 rebuild for fixing problems with vendorach/lib -------------------------------------------------------------------------------- References: [ 1 ] Bug #656317 - libwx_gtk2u_stc-2.8.so: cannot open shared object file: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=656317 -------------------------------------------------------------------------------- ================================================================================ wine-1.3.15-1.fc14 (FEDORA-2011-3190) A Windows 16/32/64 bit emulator -------------------------------------------------------------------------------- Update Information: * Support for changing network passwords. * Reflection support in shader compiler. * A number of MSHTML and MSXML improvements. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 8 2011 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.3.15-1 - version upgrade -------------------------------------------------------------------------------- ================================================================================ zyGrib-3.9.9-3.fc14 (FEDORA-2011-3177) Visualization of meteo data from files in GRIB Format 1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #666572 - Review Request: zyGrib - Visualization of meteo data from files in GRIB Format https://bugzilla.redhat.com/show_bug.cgi?id=666572 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test