The following Fedora 13 Security updates need testing: https://admin.fedoraproject.org/updates/libvirt-0.8.2-3.fc13 https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13 https://admin.fedoraproject.org/updates/krb5-1.7.1-18.fc13 https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13 https://admin.fedoraproject.org/updates/php-pear-1.9.2-1.fc13 https://admin.fedoraproject.org/updates/libxml2-2.7.7-2.fc13 https://admin.fedoraproject.org/updates/dhcp-4.1.2-2.ESV.R1.fc13 https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13 https://admin.fedoraproject.org/updates/mailman-2.1.12-17.fc13 https://admin.fedoraproject.org/updates/pidgin-2.7.11-1.fc13 https://admin.fedoraproject.org/updates/php-5.3.6-1.fc13,maniadrive-1.2-27.fc13,php-eaccelerator-0.9.6.1-6.fc13 https://admin.fedoraproject.org/updates/libtiff-3.9.4-3.fc13 https://admin.fedoraproject.org/updates/389-admin-1.1.15-1.fc13 https://admin.fedoraproject.org/updates/gnash-0.8.9-1.fc13 https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13 https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13 https://admin.fedoraproject.org/updates/postfix-2.7.3-1.fc13 https://admin.fedoraproject.org/updates/mhonarc-2.6.18-3.fc13 The following Fedora 13 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-101.fc13 https://admin.fedoraproject.org/updates/policycoreutils-2.0.83-33.4.fc13 https://admin.fedoraproject.org/updates/tzdata-2011d-1.fc13 https://admin.fedoraproject.org/updates/tzdata-2011b-3.fc13 https://admin.fedoraproject.org/updates/perl-ExtUtils-XSpp-0.15-2.fc13,perl-5.10.1-122.fc13,perl-Wx-0.98-5.fc13 https://admin.fedoraproject.org/updates/libxml2-2.7.7-2.fc13 https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13 https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.997-1.fc13 https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13 https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13 https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13 https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13 https://admin.fedoraproject.org/updates/librsvg2-2.26.3-3.fc13 https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc13 https://admin.fedoraproject.org/updates/dosfstools-3.0.9-4.fc13 https://admin.fedoraproject.org/updates/file-5.04-7.fc13 https://admin.fedoraproject.org/updates/system-config-users-1.2.107-1.fc13 https://admin.fedoraproject.org/updates/python-ethtool-0.6-1.fc13 https://admin.fedoraproject.org/updates/libical-0.46-2.fc13 https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13 https://admin.fedoraproject.org/updates/libfprint-0.3.0-1.fc13 https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13 https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13 The following builds have been pushed to Fedora 13 updates-testing R-mAr-1.1.2-1.fc13 emacs-common-riece-7.0.3-1.fc13 gappa-0.14.0-1.fc13 gnash-0.8.9-1.fc13 libgadu-1.10.1-1.fc13 llvm-2.8-10.fc13 maniadrive-1.2-27.fc13 pam_afs_session-2.2-4.fc13 perl-Test-CPAN-Meta-YAML-0.17-2.fc13 php-5.3.6-1.fc13 php-eaccelerator-0.9.6.1-6.fc13 pulseaudio-equalizer-2.7-8.fc13 puppet-2.6.6-1.fc13 rubygem-stomp-1.1.8-1.fc13 rxtx-2.2-0.4.20100211.fc13 safekeep-1.3.2-1.fc13 Details about builds: ================================================================================ R-mAr-1.1.2-1.fc13 (FEDORA-2011-3642) R module to evaluate functions for multivariate AutoRegressive analysis -------------------------------------------------------------------------------- Update Information: Update to latest stable version. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 17 2011 Josà Matos <jamatos@xxxxxxxxxxxxxxxxx> - 1.1.2-1 - Update to latest release. * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.1-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ emacs-common-riece-7.0.3-1.fc13 (FEDORA-2011-3649) Yet Another IRC Client for Emacs and XEmacs -------------------------------------------------------------------------------- Update Information: Riece is an IRC client for Emacs. Riece provides the following features: - Several IRC servers may be used at the same time. - Essential features can be built upon the extension framework (called "add-on") capable of dependency tracking. - Installation is easy. Riece doesn't depend on other packages. - Setup is easy. Automatically save/restore the configuration. - Riece uses separate windows to display users, channels, and dialogues. The user can select the window layout. - Step-by-step instructions (in info format) are included. - Mostly compliant with RFC 2812. -------------------------------------------------------------------------------- References: [ 1 ] Bug #579449 - Review Request: emacs-common-riece - Yet Another IRC Client for Emacs and XEmacs https://bugzilla.redhat.com/show_bug.cgi?id=579449 -------------------------------------------------------------------------------- ================================================================================ gappa-0.14.0-1.fc13 (FEDORA-2011-3626) Prove programs with floating-point or fixed-point arithmetic -------------------------------------------------------------------------------- Update Information: The Coq backend now supports a Coq support library (not yet packaged for Fedora). See https://gforge.inria.fr/frs/shownotes.php?release_id=5526 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 15 2011 Jerry James <loganjerry@xxxxxxxxx> - 0.14.0-1 - New upstream version - Remove BuildRoot tag - Use flex and bison to regenerate the lexer and parser -------------------------------------------------------------------------------- ================================================================================ gnash-0.8.9-1.fc13 (FEDORA-2011-3662) GNU flash movie player -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 18 2011 Hicham HAOUARI <hicham.haouari@xxxxxxxxx> - 1:0.8.9-1 - Update to 0.8.9 final * Sat Mar 12 2011 Hicham HAOUARI <hicham.haouari@xxxxxxxxx> - 1:0.8.9-0.1.20110312git - Switch to 0.8.9 branch - Spec cleanup - Add extensions - Enable testsuite * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:0.8.8-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #669851 - CVE-2010-4337 gnash: symlink attack via configure script https://bugzilla.redhat.com/show_bug.cgi?id=669851 -------------------------------------------------------------------------------- ================================================================================ libgadu-1.10.1-1.fc13 (FEDORA-2011-3657) A Gadu-gadu protocol compatible communications library -------------------------------------------------------------------------------- Update Information: Latest stable release. Highlights: * SSL support * typing notification * extra contact information * multi-logging and preliminary support for file transfers via server. * fixed direct connections * fixed connections via proxy server -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 14 2011 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 1.10.1-1 - updated to 1.10.1 * Sun Feb 27 2011 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 1.10.0-1 - updated to 1.10.0 final - enabled SSL support via gnutls - added API docs to -doc - updated summaries and descriptions for -devel * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.9.1-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Nov 15 2010 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 1.9.1-1 - updated to 1.9.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #684733 - libgadu-1.10.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=684733 [ 2 ] Bug #677256 - libgadu-1.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=677256 -------------------------------------------------------------------------------- ================================================================================ llvm-2.8-10.fc13 (FEDORA-2011-3628) The Low Level Virtual Machine -------------------------------------------------------------------------------- Update Information: - Now includes arch-specific C++ header files in clang++'s search path - Shared libraries separated out to accommodate programs dynamically linked against LLVM -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 17 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 2.8-10 - Don't include test logs; breaks multilib (# 666195) - Split shared libraries into separate subpackage * Thu Mar 17 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 2.8-9 - clang++: fix platform-specific include dirs (# 680644) * Thu Mar 17 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 2.8-8 - clang++: also search for platform-specific include files (# 680644) * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.8-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Jan 10 2011 Richard W.M. Jones <rjones@xxxxxxxxxx> - 2.8-6 - Rebuild for OCaml 3.12 (http://fedoraproject.org/wiki/Features/OCaml3.12). -------------------------------------------------------------------------------- References: [ 1 ] Bug #680644 - Clang compiler: Can't find bits/c++config.h https://bugzilla.redhat.com/show_bug.cgi?id=680644 [ 2 ] Bug #666195 - Impossible to install 32bit and 64bit llvm at the same time https://bugzilla.redhat.com/show_bug.cgi?id=666195 -------------------------------------------------------------------------------- ================================================================================ maniadrive-1.2-27.fc13 (FEDORA-2011-3666) 3D stunt driving game -------------------------------------------------------------------------------- Update Information: Security Enhancements and Fixes in PHP 5.3.6: * Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153) * Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092) * Fixed bug #54055 (buffer overrun with high values for precision ini setting). * Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708) * Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421) Full upstream changelog : http://php.net/ChangeLog-5.php#5.3.6 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 17 2011 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 1.2-27 - Rebuild for new php 5.3.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #688378 - CVE-2011-1153 php: several format string vulnerabilities in PHP's Phar extension https://bugzilla.redhat.com/show_bug.cgi?id=688378 [ 2 ] Bug #680972 - CVE-2011-0708 php: buffer over-read in Exif extension https://bugzilla.redhat.com/show_bug.cgi?id=680972 [ 3 ] Bug #688735 - CVE-2011-0421 php/libzip: segfault with FL_UNCHANGED on empty archive in zip_name_locate() https://bugzilla.redhat.com/show_bug.cgi?id=688735 -------------------------------------------------------------------------------- ================================================================================ pam_afs_session-2.2-4.fc13 (FEDORA-2011-3632) AFS PAG and AFS tokens on login -------------------------------------------------------------------------------- Update Information: New Release. pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM module to obtain an AFS PAG (Process Authentication Group) and AFS tokens on login. It puts every new session in a PAG regardless of whether it was authenticated with Kerberos and runs a configurable external program to obtain tokens. -------------------------------------------------------------------------------- ================================================================================ perl-Test-CPAN-Meta-YAML-0.17-2.fc13 (FEDORA-2011-3637) Validate a META.yml file within a CPAN distribution -------------------------------------------------------------------------------- Update Information: This is the first Fedora/EPEL release of perl-Test-CPAN-Meta-YAML. -------------------------------------------------------------------------------- References: [ 1 ] Bug #688264 - Review Request: perl-Test-CPAN-Meta-YAML - Validate a META.yml file within a CPAN distribution https://bugzilla.redhat.com/show_bug.cgi?id=688264 -------------------------------------------------------------------------------- ================================================================================ php-5.3.6-1.fc13 (FEDORA-2011-3666) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: Security Enhancements and Fixes in PHP 5.3.6: * Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153) * Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092) * Fixed bug #54055 (buffer overrun with high values for precision ini setting). * Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708) * Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421) Full upstream changelog : http://php.net/ChangeLog-5.php#5.3.6 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 16 2011 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 5.3.6-1 - update to 5.3.6 http://www.php.net/ChangeLog-5.php#5.3.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #688378 - CVE-2011-1153 php: several format string vulnerabilities in PHP's Phar extension https://bugzilla.redhat.com/show_bug.cgi?id=688378 [ 2 ] Bug #680972 - CVE-2011-0708 php: buffer over-read in Exif extension https://bugzilla.redhat.com/show_bug.cgi?id=680972 [ 3 ] Bug #688735 - CVE-2011-0421 php/libzip: segfault with FL_UNCHANGED on empty archive in zip_name_locate() https://bugzilla.redhat.com/show_bug.cgi?id=688735 -------------------------------------------------------------------------------- ================================================================================ php-eaccelerator-0.9.6.1-6.fc13 (FEDORA-2011-3666) PHP accelerator, optimizer, encoder and dynamic content cacher -------------------------------------------------------------------------------- Update Information: Security Enhancements and Fixes in PHP 5.3.6: * Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153) * Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092) * Fixed bug #54055 (buffer overrun with high values for precision ini setting). * Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708) * Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421) Full upstream changelog : http://php.net/ChangeLog-5.php#5.3.6 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 17 2011 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> - 1:0.9.6.1-6 - rebuild against PHP 5.3.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #688378 - CVE-2011-1153 php: several format string vulnerabilities in PHP's Phar extension https://bugzilla.redhat.com/show_bug.cgi?id=688378 [ 2 ] Bug #680972 - CVE-2011-0708 php: buffer over-read in Exif extension https://bugzilla.redhat.com/show_bug.cgi?id=680972 [ 3 ] Bug #688735 - CVE-2011-0421 php/libzip: segfault with FL_UNCHANGED on empty archive in zip_name_locate() https://bugzilla.redhat.com/show_bug.cgi?id=688735 -------------------------------------------------------------------------------- ================================================================================ pulseaudio-equalizer-2.7-8.fc13 (FEDORA-2011-3624) A 15 Bands Equalizer for PulseAudio -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 19 2011 Hicham HAOUARI <hicham.haouari@xxxxxxxxx> - 2.7-8 - Change gnome-volume-control to multimedia-volume-control in desktop file * Thu Mar 17 2011 Hicham HAOUARI <hicham.haouari@xxxxxxxxx> - 2.7-7 - Better fix for rhbz #632940 - Do not crash on missing preset, fixes rhbz #679005 * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.7-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #679005 - [abrt] pulseaudio-equalizer-2.7-5.fc14: pulseaudio-equalizer.py:184:on_presetsbox:IOError: [Errno 2] No such file or directory: '/usr/share/pulseaudio-equalizer/presets/m.preset' https://bugzilla.redhat.com/show_bug.cgi?id=679005 -------------------------------------------------------------------------------- ================================================================================ puppet-2.6.6-1.fc13 (FEDORA-2011-3665) A network tool for managing many disparate systems -------------------------------------------------------------------------------- Update Information: The update to puppet-2.6.6 brings a large number of bug fixes and several new language features. As is typical with puppet version bumps, it is recommended to update the puppetmaster before updating the clients. For details on what's changed, refer to the upstream release notes: http://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes (This update includes several of the fixes for regressions which are included in puppet-2.6.7rc1.) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 16 2011 Todd Zullinger <tmz@xxxxxxxxx> - 2.6.6-1 - Update to 2.6.6 - Ensure %pre exits cleanly - Fix License tag, puppet is now GPLv2 only - Create and own /usr/share/puppet/modules (#615432) - Properly restart puppet agent/master daemons on upgrades from 0.25.x - Require libselinux-utils when selinux support is enabled - Support tmpfiles.d for Fedora >= 15 (#656677) - Apply a few upstream fixes for 0.25.5 regressions * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.25.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #615432 - The puppet package should own /usr/share/puppet/modules https://bugzilla.redhat.com/show_bug.cgi?id=615432 [ 2 ] Bug #656677 - Please Update Spec File to use %ghost on files in /var/run and /var/lock https://bugzilla.redhat.com/show_bug.cgi?id=656677 [ 3 ] Bug #666094 - RFE: Update to 2.6 release series https://bugzilla.redhat.com/show_bug.cgi?id=666094 [ 4 ] Bug #615175 - warning: Puppet::Type.create is deprecated; use Puppet::Type.new https://bugzilla.redhat.com/show_bug.cgi?id=615175 [ 5 ] Bug #616519 - puppet warnings about metaclass deprecation https://bugzilla.redhat.com/show_bug.cgi?id=616519 -------------------------------------------------------------------------------- ================================================================================ rubygem-stomp-1.1.8-1.fc13 (FEDORA-2011-3623) Ruby client for the Stomp messaging protocol -------------------------------------------------------------------------------- Update Information: new version -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ rxtx-2.2-0.4.20100211.fc13 (FEDORA-2011-3646) Parallel communication for the Java Development Toolkit -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 17 2011 Levente Farkas <lfarkas@xxxxxxxxxxx> - 2.2-0.4.20100211 - fix fhs_lock #666761 * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.2-0.3.20100211.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Nov 9 2010 Levente Farkas <lfarkas@xxxxxxxxxxx> - 2.2-0.3.20100211 - fix lock dir location #650849 * Tue Mar 30 2010 Dennis Gilmore <dennis@xxxxxxxx> - 2.2-0.2.20100211 - apply patch from Patrick Ale excluding the inclusion of sys/io.h on sparc -------------------------------------------------------------------------------- References: [ 1 ] Bug #666761 - buffer overflow in fhs_lock https://bugzilla.redhat.com/show_bug.cgi?id=666761 -------------------------------------------------------------------------------- ================================================================================ safekeep-1.3.2-1.fc13 (FEDORA-2011-3654) The SafeKeep backup system -------------------------------------------------------------------------------- Update Information: Upgrade to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 12 2011 Frank Crawford <frank@xxxxxxxxxxxxxxxxxx> 1.3.2-1 - Latest upstream release * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test