The following Fedora 14 Security updates need testing: https://admin.fedoraproject.org/updates/libcgroup-0.36.2-6.fc14 https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-19.fc14 https://admin.fedoraproject.org/updates/php-pear-1.9.2-1.fc14 https://admin.fedoraproject.org/updates/seamonkey-2.0.12-1.fc14 https://admin.fedoraproject.org/updates/gnash-0.8.9-0.1.20110312git.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14 https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14 https://admin.fedoraproject.org/updates/mailman-2.1.13-7.fc14 https://admin.fedoraproject.org/updates/samba-3.5.8-74.fc14 https://admin.fedoraproject.org/updates/mono-addins-0.5-2.fc14,mono-2.6.7-4.fc14 https://admin.fedoraproject.org/updates/libvirt-0.8.3-5.fc14 https://admin.fedoraproject.org/updates/pango-1.28.1-5.fc14 https://admin.fedoraproject.org/updates/389-admin-1.1.15-1.fc14 https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14 https://admin.fedoraproject.org/updates/subversion-1.6.16-1.fc14 https://admin.fedoraproject.org/updates/exim-4.72-2.fc14 https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14 https://admin.fedoraproject.org/updates/postfix-2.7.3-1.fc14 https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14 https://admin.fedoraproject.org/updates/pure-ftpd-1.0.30-1.fc14 https://admin.fedoraproject.org/updates/mhonarc-2.6.18-3.fc14 The following Fedora 14 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/tzdata-2011d-1.fc14 https://admin.fedoraproject.org/updates/tzdata-2011b-3.fc14 https://admin.fedoraproject.org/updates/perl-ExtUtils-XSpp-0.15-2.fc14,perl-5.12.3-142.fc14,perl-Wx-0.98-5.fc14 https://admin.fedoraproject.org/updates/linux-firmware-20110304-1.fc14 https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-19.fc14 https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14 https://admin.fedoraproject.org/updates/pinentry-0.8.1-3.fc14 https://admin.fedoraproject.org/updates/libconfig-1.4.6-1.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14 https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc14 https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14 https://admin.fedoraproject.org/updates/libmodman-2.0.0-1.fc14 The following builds have been pushed to Fedora 14 updates-testing abe-1.1-12.fc14 directfb-1.4.11-3.fc14 docky-2.0.12-1.fc14 dotconf-1.3-2.fc14 flies-python-client-0.8.1-1.fc14 ghc-ForSyDe-3.1.1-4.fc14 ike-2.1.7-4.fc14 jwhois-4.0-24.fc14 kcm-gtk-0.5.3-7.fc14 kde-plasma-networkmanagement-0.9-0.39.20110314.fc14 libprojectM-2.0.1-8.fc14 libvirt-0.8.3-5.fc14 mhonarc-2.6.18-3.fc14 mono-2.6.7-4.fc14 mono-addins-0.5-2.fc14 nsd-3.2.7-5.fc14 perl-Catalyst-View-HTML-Template-0.03-2.fc14 perl-HTTP-Server-Simple-PSGI-0.14-2.fc14 perl-Package-DeprecationManager-0.10-3.fc14 perl-Test-Database-1.11-1.fc14 perl-VOMS-Lite-0.11-1.fc14 postfix-2.7.3-1.fc14 puddletag-0.10.0-1.fc14 pure-ftpd-1.0.30-1.fc14 rawstudio-1.2-10.fc14.20110226svn3835 rhnmd-5.3.8-1.fc14 scap-workbench-0.2.3-1.fc14 speech-dispatcher-0.7.1-4.fc14 tcl-8.5.9-1.fc14 tintin-2.00.6-1.fc14 tk-8.5.9-1.fc14 tzdata-2011b-3.fc14 tzdata-2011d-1.fc14 v4l-utils-0.8.3-2.fc14 vifir-0.8-1.fc14 visualvm-1.3.2-1.2.7.fc14 xine-lib-1.1.19-2.fc14.2 xsettings-kde-0.12-3.fc14 znc-0.098-0.3.rc1.fc14 Details about builds: ================================================================================ abe-1.1-12.fc14 (FEDORA-2011-3389) Scrolling, platform-jumping, ancient pyramid exploring game -------------------------------------------------------------------------------- Update Information: This update fixes a double-free bug when running "abe -t" to list available video modes. It also cleans up several cosmetic issues, unlikely to be noticed by end users. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Jerry James <loganjerry@xxxxxxxxx> - 1.1-12 - Fix double free (bz 509052) - Fix incorrectly-sized format specifier - Don't use abe's extra optimization and debugging CFLAGS (fixes debuginfo) - Remove filename extension from Icon field in desktop file - Remove BuildRoot tag - Add post/postun scripts, fix Requires for those scripts -------------------------------------------------------------------------------- References: [ 1 ] Bug #509052 - Invalid free with abe -t https://bugzilla.redhat.com/show_bug.cgi?id=509052 -------------------------------------------------------------------------------- ================================================================================ directfb-1.4.11-3.fc14 (FEDORA-2011-3363) Graphics abstraction library for the Linux Framebuffer Device -------------------------------------------------------------------------------- Update Information: Drop broken ABI version modification patch from DirectFB, rebuild xine-lib against the fixed one. -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 7 2011 Nicolas Chauvet <kwizart@xxxxxxxxx> - 1.4.11-3 - Drop abi patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #673842 - directfb-1.4.11-2.fc14 / xine-lib-1.1.19-2.fc14.1 broken https://bugzilla.redhat.com/show_bug.cgi?id=673842 -------------------------------------------------------------------------------- ================================================================================ docky-2.0.12-1.fc14 (FEDORA-2011-3373) Advanced shortcut bar written in Mono -------------------------------------------------------------------------------- Update Information: Resolving bug with recycle bin. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 10 2011 Lukas Zapletal <lzap+rpm@xxxxxxxxxx> - 2.0.12-1 - version bump * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Jan 18 2011 Lukas Zapletal <lzap+rpm@xxxxxxxxxx> - 2.0.11-1 - version bump * Mon Jan 10 2011 Dan HorÃk <dan[at]danny.cz> - 2.0.10-2 - updated the supported arch list * Mon Jan 10 2011 Lukas Zapletal <lzap+rpm@xxxxxxxxxx> - 2.0.10-1 - Version bump - Man page added - Patch for shebang not needed anymore (fixed in mainstream) -------------------------------------------------------------------------------- ================================================================================ dotconf-1.3-2.fc14 (FEDORA-2011-3400) Libraries to parse configuration files -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Dec 8 2010 Peter Robinson <pbrobinson@xxxxxxxxx> - 1.3-1 - New upstream 1.3 release, update URL/Source -------------------------------------------------------------------------------- References: [ 1 ] Bug #569531 - jovie (formerly kttsd) doesn't start & installed voices cannot be selected https://bugzilla.redhat.com/show_bug.cgi?id=569531 [ 2 ] Bug #649403 - [abrt] speech-dispatcher-0.7.1-2.fc14: _int_free: Process /usr/bin/speech-dispatcher was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=649403 [ 3 ] Bug #654585 - speech-dispatcher cannot load modules https://bugzilla.redhat.com/show_bug.cgi?id=654585 [ 4 ] Bug #666681 - [abrt] speech-dispatcher-0.7.1-1.fc14.1: _int_free: Process /usr/bin/speech-dispatcher was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=666681 [ 5 ] Bug #678045 - [abrt] speech-dispatcher-0.7.1-2.fc14: Process /usr/bin/speech-dispatcher was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=678045 [ 6 ] Bug #681722 - [abrt] speech-dispatcher-0.7.1-2.fc14: fileinput.py:322:readline:OSError: [Errno 2] No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=681722 [ 7 ] Bug #654607 - Crash in speech-dispatcher: Update to dotconf version 1.3 https://bugzilla.redhat.com/show_bug.cgi?id=654607 -------------------------------------------------------------------------------- ================================================================================ flies-python-client-0.8.1-1.fc14 (FEDORA-2011-3379) Python Client for Flies Server -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 10 2011 James Ni <jni@xxxxxxxxxx> - 0.8.1 - Fix bugs(issue 272, issue 274) of retrieve the translation * Mon Mar 7 2011 James Ni <jni@xxxxxxxxxx> - 0.8.0 - Stable release * Wed Feb 23 2011 James Ni <jni@xxxxxxxxxx> - 0.7.6-1 - Rename the command line option, add a Logger class for better output, set copytrans default value to true, make the extensions to a list of gettext and comment. * Tue Feb 22 2011 James Ni <jni@xxxxxxxxxx> - 0.7.4-1 - Fix issue 245:stop processing when type 'n', Add version service, rename the command line option and help info, add InternalServerError * Mon Feb 21 2011 James Ni <jni@xxxxxxxxxx> - 0.7.3-1 - Fix issue 244, issue 245, issue 247 and issue 30, add command list for 'flies publican', rewrite the README * Fri Feb 18 2011 James Ni <jni@xxxxxxxxxx> - 0.7.2-1 - Rename the gettextutil to publicanutil, Remove the translator from textFlowTarget, Add more help info * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ ghc-ForSyDe-3.1.1-4.fc14 (FEDORA-2011-3384) Haskell ForSyDe library -------------------------------------------------------------------------------- Update Information: Enabled build for sparcv9. A Formal System Design methodology package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #680473 - Review Request: ghc-ForSyDe - Formal System Design methodology https://bugzilla.redhat.com/show_bug.cgi?id=680473 -------------------------------------------------------------------------------- ================================================================================ ike-2.1.7-4.fc14 (FEDORA-2011-3361) Shrew Soft VPN Client For Linux -------------------------------------------------------------------------------- References: [ 1 ] Bug #518441 - Review Request: ike - Shrew Soft VPN Client For Linux https://bugzilla.redhat.com/show_bug.cgi?id=518441 -------------------------------------------------------------------------------- ================================================================================ jwhois-4.0-24.fc14 (FEDORA-2011-3354) Internet whois/nicname client -------------------------------------------------------------------------------- Update Information: This updated jwhois package fixes lookup fail when quering domain with very long name and giving options to the whois server simultaneously. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 15 2011 Vitezslav Crhonek <vcrhonek@xxxxxxxxxx> - 4.0-24 - Fix IDN encoding failed with error code 5 Resolves: #682841 -------------------------------------------------------------------------------- References: [ 1 ] Bug #682841 - IDN encoding failed with error code 5 https://bugzilla.redhat.com/show_bug.cgi?id=682841 -------------------------------------------------------------------------------- ================================================================================ kcm-gtk-0.5.3-7.fc14 (FEDORA-2011-3380) Configure the appearance of GTK apps in KDE -------------------------------------------------------------------------------- Update Information: This update to xsettings-kde ensures GTK+ applications running in KDE Plasma sessions automatically inherit the cursor theme set in KDE System Settings. A previous update for kcm-gtk added a separate setting in KDE System Settings for the cursor theme for GTK+ applications. This duplicate option would now have no effect, so it has been removed. Use the cursor theme setting under Input Devices / Mouse in System Settings to set the cursor theme for all applications running in your KDE Plasma session, including GTK+ applications. (A session restart will be needed for the setting to take effect on GTK+ applications.) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> 0.5.3-7 - drop cursortheme patch, now set automatically by xsettings-kde (#591746) * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> 0.5.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #591746 - xsettings-kde should set Gtk/CursorThemeName based on the KDE setting https://bugzilla.redhat.com/show_bug.cgi?id=591746 -------------------------------------------------------------------------------- ================================================================================ kde-plasma-networkmanagement-0.9-0.39.20110314.fc14 (FEDORA-2011-3395) NetworkManager KDE 4 integration -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.39.20110314 - 20110314 snapshot * Mon Mar 14 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.38.20110310 - fix "In file (unencrypted)" secrets storage (#682972) * Thu Mar 10 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.37.20110310 - 20110310 snapshot - Updated code to fix "Enable ..." checkbox handling * Tue Mar 8 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.36.20110308 - 20110308 snapshot -------------------------------------------------------------------------------- References: [ 1 ] Bug #682972 - kde-plasma-networkmanagement: WiFi authentication regression https://bugzilla.redhat.com/show_bug.cgi?id=682972 -------------------------------------------------------------------------------- ================================================================================ libprojectM-2.0.1-8.fc14 (FEDORA-2011-3385) The libraries for the projectM music visualization plugin -------------------------------------------------------------------------------- Update Information: Replace obsolete bitstream-vera font requirements with dejavu -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 15 2011 Jameson Pugh (imntreal@xxxxxxxxx) - 2.0.1-8 - Replace obsolete bitstream-vera font requirements with dejavu -------------------------------------------------------------------------------- ================================================================================ libvirt-0.8.3-5.fc14 (FEDORA-2011-3365) Library providing a simple API virtualization -------------------------------------------------------------------------------- Update Information: fix a lack of API check on read-only connections -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 15 2011 Daniel Veillard <veillard@xxxxxxxxxx> 0.8.3-5 - fix a lack of API check on read-only connections 683655 - CVE-2011-1146 -------------------------------------------------------------------------------- References: [ 1 ] Bug #683650 - CVE-2011-1146 libvirt: several API calls do not honour read-only connection https://bugzilla.redhat.com/show_bug.cgi?id=683650 -------------------------------------------------------------------------------- ================================================================================ mhonarc-2.6.18-3.fc14 (FEDORA-2011-3390) Perl mail-to-HTML converter -------------------------------------------------------------------------------- Update Information: Update to latest stable release: - Fixes CVE-2010-1677 mhonarc: remote DoS via certain tags - Fixes CVE-2010-4524 MHonArc: Improper escaping of certain HTML sequences (XSS) - Fixes dealing with ISO-2022-JP charset. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 15 2011 Josà Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.6.18-3 - Fix requires filter. * Sat Mar 12 2011 Josà Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.6.18-2 - Take back the unwanted dependencies filter with new clothes. * Sat Mar 12 2011 Josà Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.6.18-1 - Thanks to Jeff Schroeder for the ideas to fix the spec file (bz 664730) - New upstream release - Fixes CVE-2010-1677 and CVE-2010-4524 (bz 664730) - Use %{version} in Source - Simplify the filter usage for perl requirements * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.6.16-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #667478 - CVE-2010-1677 mhonarc: remote DoS via certain tags https://bugzilla.redhat.com/show_bug.cgi?id=667478 [ 2 ] Bug #664718 - CVE-2010-4524 MHonArc: Improper escaping of certain HTML sequences (XSS) https://bugzilla.redhat.com/show_bug.cgi?id=664718 -------------------------------------------------------------------------------- ================================================================================ mono-2.6.7-4.fc14 (FEDORA-2011-3393) A .NET runtime environment -------------------------------------------------------------------------------- Update Information: * CVE-2010-4159 * CVE-2010-4254 * mono-core and mono-addins do not depend on mono-devel anymore -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 15 2011 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 2.6.7-4 - Move xbuild.exe and dependencies into -devel sub-package (BZ 671917) - Ensure that the symbolic links and the actual libraries in the GAC are always in the same sub-package - CVE-2010-4159 (BZ 654405) - CVE-2010-4254 (BZ 659911) -------------------------------------------------------------------------------- References: [ 1 ] Bug #654403 - CVE-2010-4159 mono: untrusted search path vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=654403 [ 2 ] Bug #659910 - CVE-2010-4254 mono: vulnerability when Moonlight is used may allow arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=659910 -------------------------------------------------------------------------------- ================================================================================ mono-addins-0.5-2.fc14 (FEDORA-2011-3393) Addins for mono -------------------------------------------------------------------------------- Update Information: * CVE-2010-4159 * CVE-2010-4254 * mono-core and mono-addins do not depend on mono-devel anymore -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 13 2011 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 0.5-2 - Use official 0.5 release linked from http://ftp.novell.com/pub/mono/archive/2.6.7/sources/ - Move MSBuild parts into -devel package so that the main package does not depend on mono-devel (BZ 671917) -------------------------------------------------------------------------------- References: [ 1 ] Bug #654403 - CVE-2010-4159 mono: untrusted search path vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=654403 [ 2 ] Bug #659910 - CVE-2010-4254 mono: vulnerability when Moonlight is used may allow arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=659910 -------------------------------------------------------------------------------- ================================================================================ nsd-3.2.7-5.fc14 (FEDORA-2011-3398) Fast and lean authoritative DNS Name Server -------------------------------------------------------------------------------- Update Information: Upgraded to 3.2.7. fix use of NSD_AUTOREBUILD for cron. Add %ghost for /var/run/nsd, fix initscript to properly display ok/failed. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 9 2011 Paul Wouters <paul@xxxxxxxxxxxxx> - 3.2.7-5 - Fix misnamed variable NSD_AUTORELOAD which should be NSD_AUTOREBUILD - Fix for init script properly returning OK/Failed (bz#535107) by Noa Resare - Add ghost directive to /var/run/nsd (bz#656642) - Bump release for EVR -------------------------------------------------------------------------------- References: [ 1 ] Bug #656642 - Please Update Spec File to use %ghost on files in /var/run and /var/lock https://bugzilla.redhat.com/show_bug.cgi?id=656642 [ 2 ] Bug #535107 - need to use the new auto-group icon https://bugzilla.redhat.com/show_bug.cgi?id=535107 -------------------------------------------------------------------------------- ================================================================================ perl-Catalyst-View-HTML-Template-0.03-2.fc14 (FEDORA-2011-3396) HTML::Template View Class -------------------------------------------------------------------------------- References: [ 1 ] Bug #684087 - Review Request: perl-Catalyst-View-HTML-Template - HTML::Template View Class https://bugzilla.redhat.com/show_bug.cgi?id=684087 -------------------------------------------------------------------------------- ================================================================================ perl-HTTP-Server-Simple-PSGI-0.14-2.fc14 (FEDORA-2011-3397) PSGI handler for HTTP::Server::Simple -------------------------------------------------------------------------------- References: [ 1 ] Bug #670477 - Review Request: perl-HTTP-Server-Simple-PSGI - PSGI handler for HTTP::Server::Simple https://bugzilla.redhat.com/show_bug.cgi?id=670477 -------------------------------------------------------------------------------- ================================================================================ perl-Package-DeprecationManager-0.10-3.fc14 (FEDORA-2011-3369) Manage deprecation warnings for your distribution -------------------------------------------------------------------------------- Update Information: This update, to the current upstream release, addresses issues in 'ignore' handling, which is used to ignore packages in your distribution that can appear on the call stack when a deprecated feature is used. The update also supports the use of regular expressions for the 'ignore' feature. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Sat Jan 8 2011 Paul Howarth <paul@xxxxxxxxxxxx> - 0.10-2 - Update patches for old Test::More and no Test::Requires - perl(Pod::Coverage::TrustPod) now available everywhere except EPEL-4 * Sat Jan 8 2011 Iain Arnell <iarnell@xxxxxxxxx> - 0.10-1 - Update to 0.10: - Test suite uses Test::Fatal instead of Test::Exception * Mon Oct 18 2010 Paul Howarth <paul@xxxxxxxxxxxx> - 0.09-1 - Update to 0.09: - Added a compilation test * Fri Oct 15 2010 Paul Howarth <paul@xxxxxxxxxxxx> - 0.08-1 - Update to 0.08: - The use of regular expressions in ignores didn't really work in 0.06 - Added missing deps on List::MoreUtils and Test::Requires - Replaced Test::Warn with Test::Output in the tests - Made the tests actually test what they should be testing - BR: Test::Output rather than Test::Warn - Update patches * Fri Oct 15 2010 Paul Howarth <paul@xxxxxxxxxxxx> - 0.06-1 - Update to 0.06: - Removed hard dep on Test::Warn for the benefit of Moose - Fixed what looked like a bug in -ignore handling - The -ignore parameter now accepts regexes as well as package names - Update compatibility patches - BR: List::MoreUtils - BR: Test::Requires where possible, patch it out elsewhere -------------------------------------------------------------------------------- ================================================================================ perl-Test-Database-1.11-1.fc14 (FEDORA-2011-3372) Database handles ready for testing -------------------------------------------------------------------------------- References: [ 1 ] Bug #684645 - Review Request: perl-Test-Database - Database handles ready for testing https://bugzilla.redhat.com/show_bug.cgi?id=684645 -------------------------------------------------------------------------------- ================================================================================ perl-VOMS-Lite-0.11-1.fc14 (FEDORA-2011-3381) Perl extension for VOMS Attribute certificate creation -------------------------------------------------------------------------------- Update Information: VOMS (virtual organisation membership service) is a system for managing grid level authorization data within multi-institutional collaborations via membership and roles within that membership. VOMS::Lite provides a perl library and client tools for interacting with an existing voms service including the well known C impementation of voms. -------------------------------------------------------------------------------- References: [ 1 ] Bug #565949 - Review Request: perl-VOMS-Lite - Perl extension for VOMS Attribute certificate creation https://bugzilla.redhat.com/show_bug.cgi?id=565949 -------------------------------------------------------------------------------- ================================================================================ postfix-2.7.3-1.fc14 (FEDORA-2011-3394) Postfix Mail Transport Agent -------------------------------------------------------------------------------- Update Information: This is an update that fixes the CVE-2011-0411 and other bugs. For more details about the CVE-2011-0411 see: http://www.postfix.org/CVE-2011-0411.html For full list of changes see changelog that is available from: http://www.postfix.org/download.html -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 13 2011 Jaroslav Åkarvada <jskarvad@xxxxxxxxxx> - 2:2.7.3-1 - update to 2.7.3 fixes CVE-2011-0411 (#683168) -------------------------------------------------------------------------------- References: [ 1 ] Bug #674814 - CVE-2011-0411 postfix: SMTP commands injection during plaintext to TLS session switch https://bugzilla.redhat.com/show_bug.cgi?id=674814 -------------------------------------------------------------------------------- ================================================================================ puddletag-0.10.0-1.fc14 (FEDORA-2011-3350) Feature rich, easy to use tag editor -------------------------------------------------------------------------------- Update Information: Update to latest upstream release puddletag 0.10.0. For more information about the release, please visit: http://puddletag.sourceforge.net/news.html -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 13 2011 Terje Rosten <terje.rosten@xxxxxxx> - 0.10.0-1 - 0.10.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #682434 - [abrt] puddletag-0.9.11-2.fc14: amazon.py:178:retrieve_album:KeyError: 'artist' https://bugzilla.redhat.com/show_bug.cgi?id=682434 -------------------------------------------------------------------------------- ================================================================================ pure-ftpd-1.0.30-1.fc14 (FEDORA-2011-3349) Lightweight, fast and secure FTP server -------------------------------------------------------------------------------- Update Information: Wietse Venema and Victor Duchovni discovered and reported an issue that could lead to a potential information disclosure. An unencrypted FTP command immediately following STARTTLS request would get buffered and processed prior to SSL/TLS handshake, resulting in potential authentication bypass in case a client certificate authentication was configured to provide user identity. A report of similar issue that was originally discovered in Postfix MTA contains further technical details and discusses possible impact: http://www.postfix.org/CVE-2011-0411.html Users of pure-ftpd are advised to install this updated package which contains a fix for the issue. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Michal Ingeli <mi@xxxxx> - 1.0.30-1 - version 1.0.30 - security bug fix #683221 by upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #683221 - pure-ftpd: command injection during plaintext to TLS session switch https://bugzilla.redhat.com/show_bug.cgi?id=683221 -------------------------------------------------------------------------------- ================================================================================ rawstudio-1.2-10.fc14.20110226svn3835 (FEDORA-2011-3351) Read, manipulate and convert digital camera raw images -------------------------------------------------------------------------------- Update Information: Upgrade to recent snapshot, supposedly fixes several reported crashes. Upgrade to recent snapshot, supposedly fixes several reported crashes. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Gianluca Sforna <giallu@xxxxxxxxx> - 1.2-10 - update to newer snapshot, another fixed crash * Mon Feb 21 2011 Gianluca Sforna <giallu@xxxxxxxxx> - 1.2-9 - update to newer snapshot, includes fixes for #635964 and #636919 - remove upstreamed patch, add new one to remove -Werror - require gphoto2 * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2-8.20100907svn3521 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Sun Jan 2 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.2-7.20100907svn3521 - rebuild (exiv2) -------------------------------------------------------------------------------- References: [ 1 ] Bug #635964 - [abrt] rawstudio-1.2-6.fc13.20100907svn3521: pixops_scale_nearest: Process /usr/bin/rawstudio was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=635964 [ 2 ] Bug #665999 - [abrt] rawstudio-1.2-6.fc14.20100907svn3521: Process /usr/bin/rawstudio was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=665999 [ 3 ] Bug #678967 - [abrt] rawstudio-1.2-6.fc14.20100907svn3521: Process /usr/bin/rawstudio was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=678967 -------------------------------------------------------------------------------- ================================================================================ rhnmd-5.3.8-1.fc14 (FEDORA-2011-3352) Red Hat Network Monitoring Daemon -------------------------------------------------------------------------------- Update Information: new package -------------------------------------------------------------------------------- References: [ 1 ] Bug #538057 - Review Request: rhnmd - Red Hat Network Monitoring Daemon https://bugzilla.redhat.com/show_bug.cgi?id=538057 -------------------------------------------------------------------------------- ================================================================================ scap-workbench-0.2.3-1.fc14 (FEDORA-2011-3370) Scanning, tailoring, editing and validation tool for SCAP content -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ================================================================================ speech-dispatcher-0.7.1-4.fc14 (FEDORA-2011-3400) To provide a high-level device independent layer for speech synthesis -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Dec 8 2010 Peter Robinson <pbrobinson@xxxxxxxxx> - 0.7.1-3 - Bump build for new dotconf -------------------------------------------------------------------------------- References: [ 1 ] Bug #569531 - jovie (formerly kttsd) doesn't start & installed voices cannot be selected https://bugzilla.redhat.com/show_bug.cgi?id=569531 [ 2 ] Bug #649403 - [abrt] speech-dispatcher-0.7.1-2.fc14: _int_free: Process /usr/bin/speech-dispatcher was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=649403 [ 3 ] Bug #654585 - speech-dispatcher cannot load modules https://bugzilla.redhat.com/show_bug.cgi?id=654585 [ 4 ] Bug #666681 - [abrt] speech-dispatcher-0.7.1-1.fc14.1: _int_free: Process /usr/bin/speech-dispatcher was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=666681 [ 5 ] Bug #678045 - [abrt] speech-dispatcher-0.7.1-2.fc14: Process /usr/bin/speech-dispatcher was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=678045 [ 6 ] Bug #681722 - [abrt] speech-dispatcher-0.7.1-2.fc14: fileinput.py:322:readline:OSError: [Errno 2] No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=681722 [ 7 ] Bug #654607 - Crash in speech-dispatcher: Update to dotconf version 1.3 https://bugzilla.redhat.com/show_bug.cgi?id=654607 -------------------------------------------------------------------------------- ================================================================================ tcl-8.5.9-1.fc14 (FEDORA-2011-3367) Tool Command Language, pronounced tickle -------------------------------------------------------------------------------- Update Information: This is an update that fixes many bugs (including crashes). For full list of bugs fixed see change logs that are shipped with packages (in /usr/share/doc/) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 15 2011 Jaroslav Åkarvada <jskarvad@xxxxxxxxxx> - 1:8.5.9-1 - New version (fixes #681263) - Updated hidden patch - Removed sigabrt patch (integrated upstream) - Rebuilt with TCL_NO_STACK_CHECK -------------------------------------------------------------------------------- References: [ 1 ] Bug #668788 - [abrt] tcl-1:8.5.8-2.fc14: TclGetNamespaceForQualName: Process /usr/bin/tclsh8.5 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=668788 [ 2 ] Bug #652889 - [abrt] tk-1:8.5.8-2.fc14: Process /usr/bin/wish8.5 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=652889 [ 3 ] Bug #671329 - [abrt] tk-1:8.5.8-2.fc14: reset: Process /usr/bin/wish8.5 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=671329 [ 4 ] Bug #681263 - [abrt] tk-1:8.5.8-2.fc14: UnsetVarStruct: Process /usr/bin/wish8.5 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=681263 -------------------------------------------------------------------------------- ================================================================================ tintin-2.00.6-1.fc14 (FEDORA-2011-3374) TinTin++, aka tt++, is a free MUD client -------------------------------------------------------------------------------- Update Information: TinTin++ 2.00.6 bump -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Petr Sabata <psabata@xxxxxxxxxx> - 2.00.6-1 - 2.00.6 bump - Removing obsolete attr definitions and utf8 conversion - Upstream now supports DESTDIR, removing the DESTDIR patch -------------------------------------------------------------------------------- ================================================================================ tk-8.5.9-1.fc14 (FEDORA-2011-3367) The graphical toolkit for the Tcl scripting language -------------------------------------------------------------------------------- Update Information: This is an update that fixes many bugs (including crashes). For full list of bugs fixed see change logs that are shipped with packages (in /usr/share/doc/) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 15 2011 Jaroslav Åkarvada <jskarvad@xxxxxxxxxx> - 1:8.5.9-1 - New version 8.5.9 - Updated make patch - Removed color patch (integrated upstream) - Removed wmiconphoto-fix patch (integrated upstream) - Fix xft detection (#677692) -------------------------------------------------------------------------------- References: [ 1 ] Bug #668788 - [abrt] tcl-1:8.5.8-2.fc14: TclGetNamespaceForQualName: Process /usr/bin/tclsh8.5 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=668788 [ 2 ] Bug #652889 - [abrt] tk-1:8.5.8-2.fc14: Process /usr/bin/wish8.5 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=652889 [ 3 ] Bug #671329 - [abrt] tk-1:8.5.8-2.fc14: reset: Process /usr/bin/wish8.5 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=671329 [ 4 ] Bug #681263 - [abrt] tk-1:8.5.8-2.fc14: UnsetVarStruct: Process /usr/bin/wish8.5 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=681263 -------------------------------------------------------------------------------- ================================================================================ tzdata-2011b-3.fc14 (FEDORA-2011-3362) Timezone data -------------------------------------------------------------------------------- Update Information: - Kemerovo oblast should use OMST/OMSST abbreviation. - Update of historical stamps for Juneau, Sitka, and histcurrent stamps for Metlakatla. Sitka and Metlakatla are new zones. - Delay end of DST in Chile in 2011 until first Sunday in April. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 4 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011b-3 - Kemerovo oblast should use OMST/OMSST abbreviation (tzdata-2011b-kemerovo.patch) * Thu Mar 3 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011b-2 - Update of historical stamps for Juneau, Sitka, and histcurrent stamps for Metlakatla. Sitka and Metlakatla are new zones. - Delay end of DST in Chile in 2011 until first Sunday in April. (tzdata-2011b-c.patch) -------------------------------------------------------------------------------- References: [ 1 ] Bug #684840 - Summer time extended in Chile until April 2 this year https://bugzilla.redhat.com/show_bug.cgi?id=684840 -------------------------------------------------------------------------------- ================================================================================ tzdata-2011d-1.fc14 (FEDORA-2011-3376) Timezone data -------------------------------------------------------------------------------- Update Information: - Change end of DST in Samoa in 2011. - Change start of DST in Cuba in 2011. - Move start of DST in Turkey by one day in 2011. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 15 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011d-1 - Upstream 2011d: - Change end of DST in Samoa in 2011. - Change start of DST in Cuba in 2011. - Move start of DST in Turkey by one day in 2011. - Dropped tzdata-2011b-c.patch * Fri Mar 4 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011b-3 - Kemerovo oblast should use OMST/OMSST abbreviation (tzdata-2011b-kemerovo.patch) * Thu Mar 3 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011b-2 - Update of historical stamps for Juneau, Sitka, and histcurrent stamps for Metlakatla. Sitka and Metlakatla are new zones. - Delay end of DST in Chile in 2011 until first Sunday in April. (tzdata-2011b-c.patch) -------------------------------------------------------------------------------- ================================================================================ v4l-utils-0.8.3-2.fc14 (FEDORA-2011-3386) Utilities for video4linux and DVB devices -------------------------------------------------------------------------------- Update Information: v4l-utils is a new Fedora package. Note that v4l-utils is a new v4l / dvb utility bundle which includes libv4l, this package thus replaces libv4l (this change comes from upstream). -------------------------------------------------------------------------------- References: [ 1 ] Bug #671883 - Review Request: v4l-utils - Utilities for video4linux and DVB devices https://bugzilla.redhat.com/show_bug.cgi?id=671883 -------------------------------------------------------------------------------- ================================================================================ vifir-0.8-1.fc14 (FEDORA-2011-3387) A viewer for electronic aviation charts -------------------------------------------------------------------------------- Update Information: Update to upstream vifir-0.8 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Dave Ludlow <dave@xxxxxxxxxx> - 0.8-1 - Clip airport elevations to 32,767 feet when importing X-Plane data * Sun Mar 13 2011 Marek Kasik <mkasik@xxxxxxxxxx> - 0.7-8 - Rebuild (poppler-0.16.3) * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Sun Jan 2 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.7-6 - rebuild (poppler) * Wed Dec 15 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.7-5 - rebuild (poppler) * Sat Nov 6 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.7-4 - rebuild (poppler) * Thu Sep 30 2010 Fabian Affolter <fabian@xxxxxxxxxxxxxxxxx> - 0.7-3 - rebuild (poppler) - Duplicated variable definitions removed -------------------------------------------------------------------------------- ================================================================================ visualvm-1.3.2-1.2.7.fc14 (FEDORA-2011-3392) Lightweight profiler that integrates many command-line JDK tools -------------------------------------------------------------------------------- Update Information: updated for visualvm 1.3.2 updated to 1.3.1 fixed bugs pushing last version to unstable (https://bugzilla.redhat.com/show_bug.cgi?id=667314) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 8 2011 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.3.2-1.2.7 - updated for vm 1.3.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #640205 - Review Request: visualvm - Lightweight profiler that integrates many command-line JDK tools https://bugzilla.redhat.com/show_bug.cgi?id=640205 -------------------------------------------------------------------------------- ================================================================================ xine-lib-1.1.19-2.fc14.2 (FEDORA-2011-3363) A multimedia engine -------------------------------------------------------------------------------- Update Information: Drop broken ABI version modification patch from DirectFB, rebuild xine-lib against the fixed one. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Ville Skyttà <ville.skytta@xxxxxx> - 1.1.19-2.2 - Rebuild for new DirectFB (#673842). -------------------------------------------------------------------------------- References: [ 1 ] Bug #673842 - directfb-1.4.11-2.fc14 / xine-lib-1.1.19-2.fc14.1 broken https://bugzilla.redhat.com/show_bug.cgi?id=673842 -------------------------------------------------------------------------------- ================================================================================ xsettings-kde-0.12-3.fc14 (FEDORA-2011-3380) XSettings Daemon for KDE -------------------------------------------------------------------------------- Update Information: This update to xsettings-kde ensures GTK+ applications running in KDE Plasma sessions automatically inherit the cursor theme set in KDE System Settings. A previous update for kcm-gtk added a separate setting in KDE System Settings for the cursor theme for GTK+ applications. This duplicate option would now have no effect, so it has been removed. Use the cursor theme setting under Input Devices / Mouse in System Settings to set the cursor theme for all applications running in your KDE Plasma session, including GTK+ applications. (A session restart will be needed for the setting to take effect on GTK+ applications.) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 0.12-3 - add support for Gtk/CursorThemeName (#591746) - drop SVN checkout script, we have a tarball now * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Feb 7 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.12-1 - 0.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #591746 - xsettings-kde should set Gtk/CursorThemeName based on the KDE setting https://bugzilla.redhat.com/show_bug.cgi?id=591746 -------------------------------------------------------------------------------- ================================================================================ znc-0.098-0.3.rc1.fc14 (FEDORA-2011-3360) An advanced IRC bouncer -------------------------------------------------------------------------------- Update Information: Upgrade to 0.098-rc1 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 12 2011 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 0.098-0.3.rc1 - Update to znc-0.098-rc1 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test