The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-20.fc14
https://admin.fedoraproject.org/updates/wireshark-1.4.6-1.fc14
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14
https://admin.fedoraproject.org/updates/kdenetwork-4.6.2-2.fc14
https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999929-2.fc14
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14
https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
https://admin.fedoraproject.org/updates/polkit-0.98-5.fc14
https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.fc14
https://admin.fedoraproject.org/updates/krb5-1.8.2-10.fc14
https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc14
https://admin.fedoraproject.org/updates/SimGear-2.0.0-5.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14
https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc14
https://admin.fedoraproject.org/updates/asterisk-1.6.2.17.3-1.fc14
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/evolution-exchange-2.32.3-1.fc14,evolution-data-server-2.32.3-1.fc14,evolution-2.32.3-1.fc14
https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-40.fc14
https://admin.fedoraproject.org/updates/NetworkManager-0.8.4-1.fc14
https://admin.fedoraproject.org/updates/audit-2.1.1-1.fc14
https://admin.fedoraproject.org/updates/polkit-0.98-5.fc14
https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-6.fc14
https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc14
https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14
https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14
https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14
The following builds have been pushed to Fedora 14 updates-testing
ack-1.94-1.fc14
asterisk-1.6.2.17.3-1.fc14
evolution-2.32.3-1.fc14
evolution-data-server-2.32.3-1.fc14
evolution-exchange-2.32.3-1.fc14
firebird-2.1.4.18393.0-3.fc14
geeqie-1.0-10.fc14
gitg-0.0.8-1.fc14
help2man-1.39.2-1.fc14
kdeedu-4.6.2-2.fc14
lua-wsapi-1.3.4-4.fc14
mediawiki-1.16.4-58.fc14
perl-App-Nopaste-0.28-1.fc14
perl-Path-Class-0.23-1.fc14
postler-0.1.1-4.fc14
sssd-1.5.6.1-1.fc14
Details about builds:
================================================================================
ack-1.94-1.fc14 (FEDORA-2011-5803)
Grep-like text finder
--------------------------------------------------------------------------------
Update Information:
Update to 1.94
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 <ianburrell@xxxxxxxxx> - 1.94-1
- Update to 1.94
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.92-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
asterisk-1.6.2.17.3-1.fc14 (FEDORA-2011-5800)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:
* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)
The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
Security advisory AST-2011-005 and AST-2011-006 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 1.6.2.17.3-1
- The Asterisk Development Team has announced security releases for Asterisk
- branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
- released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
- issues:
-
- * File Descriptor Resource Exhaustion (AST-2011-005)
- * Asterisk Manager User Shell Access (AST-2011-006)
-
- The issues and resolutions are described in the AST-2011-005 and AST-2011-006
- security advisories.
-
- For more information about the details of these vulnerabilities, please read the
- security advisories AST-2011-005 and AST-2011-006, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
-
- Security advisory AST-2011-005 and AST-2011-006 are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #698916 - CVE-2011-1507 Asterisk: file descriptor resource exhaustion (AST-2011-005)
https://bugzilla.redhat.com/show_bug.cgi?id=698916
[ 2 ] Bug #698917 - CVE-2011-1599 Asterisk: Shell command execution via manager Originate action (AST-2011-006)
https://bugzilla.redhat.com/show_bug.cgi?id=698917
--------------------------------------------------------------------------------
================================================================================
evolution-2.32.3-1.fc14 (FEDORA-2011-5805)
Mail and calendar client for GNOME
--------------------------------------------------------------------------------
Update Information:
Numerous backported bug fixes from Evolution 3.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 Matthew Barnes <mbarnes@xxxxxxxxxx> - 2.32.3-1.fc14
- Update to 2.32.3
--------------------------------------------------------------------------------
================================================================================
evolution-data-server-2.32.3-1.fc14 (FEDORA-2011-5805)
Backend data server for Evolution
--------------------------------------------------------------------------------
Update Information:
Numerous backported bug fixes from Evolution 3.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 Matthew Barnes <mbarnes@xxxxxxxxxx> - 2.32.3-1.fc14
- Update to 2.32.3
--------------------------------------------------------------------------------
================================================================================
evolution-exchange-2.32.3-1.fc14 (FEDORA-2011-5805)
Evolution plugin to interact with MS Exchange Server
--------------------------------------------------------------------------------
Update Information:
Numerous backported bug fixes from Evolution 3.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 Matthew Barnes <mbarnes@xxxxxxxxxx> - 2.32.3-1.fc14
- Update to 2.32.3
--------------------------------------------------------------------------------
================================================================================
firebird-2.1.4.18393.0-3.fc14 (FEDORA-2011-5817)
SQL relational database management system
--------------------------------------------------------------------------------
Update Information:
patch from upstream for icu > 4.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Philippe Makowski <makowski@xxxxxxxxxxxxxxxxx> 2.1.4.18393.0-3
- added patch from upstream to fix (rh #697313)
* Thu Mar 17 2011 Philippe Makowski <makowski@xxxxxxxxxxxxxxxxx> 2.1.4.18393.0-2
- added patch from upstream to fix the s390(x) build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #697313 - Collation order can't be used for any character (UTF8,ISO8859_1) others not tested
https://bugzilla.redhat.com/show_bug.cgi?id=697313
--------------------------------------------------------------------------------
================================================================================
geeqie-1.0-10.fc14 (FEDORA-2011-5808)
Image browser and viewer
--------------------------------------------------------------------------------
Update Information:
For anyone, who uses file grouping (e.g. JPG+CR2) and who modifies the current working-directory with external tools, please use this build, and report any trouble via ABRT or directly in bugzilla.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 15 2011 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 1.0-10
- Let's see how we do with a simpler vflist_setup_iter_recursive().
--------------------------------------------------------------------------------
================================================================================
gitg-0.0.8-1.fc14 (FEDORA-2011-5811)
GTK+ graphical interface for the git revision control system
--------------------------------------------------------------------------------
Update Information:
This update fixes a lot bugs and adds some new features. For details refer to /usr/share/doc/gitg-0.0.8/NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 Christoph Wickert <cwickert@xxxxxxxxxxxxxxxxx> - 0.0.8-1
- Update to 0.0.8
- Add -devel package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #657493 - [abrt] gitg-0.0.6-3.fc14: hide_header_details: Process /usr/bin/gitg was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=657493
--------------------------------------------------------------------------------
================================================================================
help2man-1.39.2-1.fc14 (FEDORA-2011-5804)
Create simple man pages from --help output
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Ralf CorsÃpius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.39.2-1
- Upstream update.
- Spec modernization.
- Abandon patches (unnecessary).
--------------------------------------------------------------------------------
================================================================================
kdeedu-4.6.2-2.fc14 (FEDORA-2011-5806)
Educational/Edutainment applications
--------------------------------------------------------------------------------
Update Information:
The Marble Team has just released Marble 1.1. This release is special! With many new features being developed during Google Code-in, the Marble Team decided to get it out between the usual KDE application releases. The new version provides several new features and improvements:
* Map Creation Wizard and Map Sharing
* OpenDesktop and Earthquakes Online Service
* Extended Plugin Configuration
* Map Editing
* Voice Navigation
As with every Marble release, there is a feature guide with screenshots: http://edu.kde.org/marble/current_1.1.php
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 4.6.2-2
- update Marble to 1.1.0 (interim release between kdeedu 4.6.x and 4.7.x)
--------------------------------------------------------------------------------
================================================================================
lua-wsapi-1.3.4-4.fc14 (FEDORA-2011-5810)
Lua Web Server API
--------------------------------------------------------------------------------
Update Information:
Require lua-coxpcall, fixes #666090
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Tim Niemueller <tim@xxxxxxxxxxxxx> - 1.3.4-4
- Require lua-coxpcall, fixes #666090
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #666090 - broken lua-wsapi package
https://bugzilla.redhat.com/show_bug.cgi?id=666090
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.16.4-58.fc14 (FEDORA-2011-5812)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
This update brings mediawiki to version 1.16.4, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community.
Further changes:
* some simple wiki management functionality was added:
* mw-createinstance <path> creates a wiki instance under
<path>, which is autoupgraded upon package updates.
* any wiki path entered in /etc/mediawiki/instances will be
autoupgraded upon package updates.
* /var/www/wiki is entered into this list automatically, but
you can remove it if you don't want this instance to be
autoupgraded.
* opensearch and suggestions are enabled by default
* several bug fixes (see changelog).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Axel Thimm <Axel.Thimm@xxxxxxxxxx> - 1.16.4-58
- texvc was being accidentially wiped out before packaging it.
* Sat Apr 16 2011 Axel Thimm <Axel.Thimm@xxxxxxxxxx> - 1.16.4-57
- Update to 1.16.4.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #697434 - texvc binary missing and deal link in package mediawiki-math-1.16.2-56.fc14.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=697434
[ 2 ] Bug #614065 - mediawiki opensearch_desc.php has bad path
https://bugzilla.redhat.com/show_bug.cgi?id=614065
[ 3 ] Bug #644325 - /etc/httpd/conf.d/mediawiki.conf has execute permission
https://bugzilla.redhat.com/show_bug.cgi?id=644325
[ 4 ] Bug #682281 - Mediawiki uses the reserved word Namespace introduced in latest release of PHP
https://bugzilla.redhat.com/show_bug.cgi?id=682281
[ 5 ] Bug #662402 - Cannot enable math display for mediawiki
https://bugzilla.redhat.com/show_bug.cgi?id=662402
[ 6 ] Bug #674456 - CVE-2011-0047 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=674456
[ 7 ] Bug #667201 - CVE-2011-0003 mediawiki: clickjacking vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=667201
[ 8 ] Bug #620226 - CVE-2010-2787 CVE-2010-2788 mediawiki various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=620226
[ 9 ] Bug #696361 - CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 mediawiki: multiple vulnerabilities fixed in 1.16.3 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=696361
--------------------------------------------------------------------------------
================================================================================
perl-App-Nopaste-0.28-1.fc14 (FEDORA-2011-5814)
Easy access to any pastebin
--------------------------------------------------------------------------------
Update Information:
This update to the latest upstream adds a `--open` (`-o`) option for opening the nopaste in your browser. It also includes the following fixes:
* If LWP is producing errors, *report them*
* Correct path to Pastie
* Throw an error if you specify -p and files
* Remove Mathbin; doy moved it to a separate dist
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 9 2011 Iain Arnell <iarnell@xxxxxxxxx> 1:0.28-1
- update to latest upstream version
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Path-Class-0.23-1.fc14 (FEDORA-2011-5813)
Cross-platform path specification manipulation
--------------------------------------------------------------------------------
Update Information:
Update to 0.23
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Ian Burrell <ianburrell@xxxxxxxxx> - 0.23-1
- Update to 0.23
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.18-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 0.18-3
- 661697 rebuild for fixing problems with vendorach/lib
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #696091 - RFE: Update to 0.23
https://bugzilla.redhat.com/show_bug.cgi?id=696091
--------------------------------------------------------------------------------
================================================================================
postler-0.1.1-4.fc14 (FEDORA-2011-5801)
An ultra simple desktop mail client
--------------------------------------------------------------------------------
Update Information:
Postler aims to be easy, simple, clean, beautiful, and automagic. It handles IMAP beautifully, and provides the user with smart, sensible defaults.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #690954 - Review Request: postler - An ultra simple desktop mail client
https://bugzilla.redhat.com/show_bug.cgi?id=690954
--------------------------------------------------------------------------------
================================================================================
sssd-1.5.6.1-1.fc14 (FEDORA-2011-5815)
System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.6.1-1
- Re-add manpage translations
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.6-1
- New upstream release 1.5.6
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
- Fixed a serious memory leak in the memberOf plugin
- Fixed a regression with the negative cache that caused it to be essentially
- nonfunctional
- Fixed an issue where the user's full name would sometimes be removed from
- the cache
- Fixed an issue with password changes in the kerberos provider not working
- with kpasswd
- Resolves: rhbz#697057 - kpasswd fails when using sssd and
- kadmin server != kdc server
- Fix a serious memory leak in the memberOf plugin
- Fix an issue where the user's full name would sometimes be removed
- from the cache
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.6.1-1
- Re-add manpage translations
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.6-1
- New upstream release 1.5.6
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
- Fixed a serious memory leak in the memberOf plugin
- Fixed a regression with the negative cache that caused it to be essentially
- nonfunctional
- Fixed an issue where the user's full name would sometimes be removed from
- the cache
- Fixed an issue with password changes in the kerberos provider not working
- with kpasswd
- Resolves: rhbz#697057 - kpasswd fails when using sssd and
- kadmin server != kdc server
- Fix a serious memory leak in the memberOf plugin
- Fix an issue where the user's full name would sometimes be removed
- from the cache
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
