Fedora 13 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
    https://admin.fedoraproject.org/updates/SimGear-2.0.0-5.fc13
    https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.fc13
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
    https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999925-3.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/wireshark-1.2.16-1.fc13
    https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
    https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-server-utils-7.4-17.fc13
    https://admin.fedoraproject.org/updates/krb5-1.7.1-19.fc13
    https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc13
    https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.fc13
    https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc13
    https://admin.fedoraproject.org/updates/asterisk-1.6.2.17.3-1.fc13


The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/NetworkManager-0.8.4-1.fc13
    https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-penmount-1.4.1-2.fc13
    https://admin.fedoraproject.org/updates/python-ethtool-0.7-2.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
    https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc13
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13
    https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13
    https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13
    https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
    https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13
    https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
    https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13


The following builds have been pushed to Fedora 13 updates-testing

    ack-1.94-1.fc13
    asterisk-1.6.2.17.3-1.fc13
    mediawiki-1.16.4-58.fc13
    perl-App-Nopaste-0.28-1.fc13
    perl-Path-Class-0.23-1.fc13

Details about builds:


================================================================================
 ack-1.94-1.fc13 (FEDORA-2011-5809)
 Grep-like text finder
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 21 2011 <ianburrell@xxxxxxxxx> - 1.94-1
- Update to 1.94
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.92-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 asterisk-1.6.2.17.3-1.fc13 (FEDORA-2011-5802)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:

* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)

The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3

Security advisory AST-2011-005 and AST-2011-006 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 22 2011 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 1.6.2.17.3-1
- The Asterisk Development Team has announced security releases for Asterisk
- branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
- released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
- issues:
-
- * File Descriptor Resource Exhaustion (AST-2011-005)
- * Asterisk Manager User Shell Access (AST-2011-006)
-
- The issues and resolutions are described in the AST-2011-005 and AST-2011-006
- security advisories.
-
- For more information about the details of these vulnerabilities, please read the
- security advisories AST-2011-005 and AST-2011-006, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
-
- Security advisory AST-2011-005 and AST-2011-006 are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #698916 - CVE-2011-1507 Asterisk: file descriptor resource exhaustion (AST-2011-005)
        https://bugzilla.redhat.com/show_bug.cgi?id=698916
  [ 2 ] Bug #698917 - CVE-2011-1599 Asterisk: Shell command execution via manager Originate action (AST-2011-006)
        https://bugzilla.redhat.com/show_bug.cgi?id=698917
--------------------------------------------------------------------------------


================================================================================
 mediawiki-1.16.4-58.fc13 (FEDORA-2011-5807)
 A wiki engine
--------------------------------------------------------------------------------
Update Information:

This update brings mediawiki to version 1.16.4, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community.

Further changes:
* some simple wiki management functionality was added:
  * mw-createinstance <path> creates a wiki instance under
    <path>, which is autoupgraded upon package updates.
  * any wiki path entered in /etc/mediawiki/instances will be
    autoupgraded upon package updates.
  * /var/www/wiki is entered into this list automatically, but
    you can remove it if you don't want this instance to be
    autoupgraded.
* opensearch and suggestions are enabled by default
* several bug fixes (see changelog).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 22 2011 Axel Thimm <Axel.Thimm@xxxxxxxxxx> - 1.16.4-58
- texvc was being accidentially wiped out before packaging it.
* Sat Apr 16 2011 Axel Thimm <Axel.Thimm@xxxxxxxxxx> - 1.16.4-57
- Update to 1.16.4.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #697434 - texvc binary missing and deal link in package mediawiki-math-1.16.2-56.fc14.x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=697434
  [ 2 ] Bug #614065 - mediawiki opensearch_desc.php has bad path
        https://bugzilla.redhat.com/show_bug.cgi?id=614065
  [ 3 ] Bug #644325 - /etc/httpd/conf.d/mediawiki.conf has execute permission
        https://bugzilla.redhat.com/show_bug.cgi?id=644325
  [ 4 ] Bug #682281 - Mediawiki uses the reserved word Namespace introduced in latest release of PHP
        https://bugzilla.redhat.com/show_bug.cgi?id=682281
  [ 5 ] Bug #662402 - Cannot enable math display for mediawiki
        https://bugzilla.redhat.com/show_bug.cgi?id=662402
  [ 6 ] Bug #674456 - CVE-2011-0047 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=674456
  [ 7 ] Bug #667201 - CVE-2011-0003 mediawiki: clickjacking vulnerability [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=667201
  [ 8 ] Bug #620226 - CVE-2010-2787 CVE-2010-2788 mediawiki various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=620226
  [ 9 ] Bug #696361 - CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 mediawiki: multiple vulnerabilities fixed in 1.16.3 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=696361
--------------------------------------------------------------------------------


================================================================================
 perl-App-Nopaste-0.28-1.fc13 (FEDORA-2011-5816)
 Easy access to any pastebin
--------------------------------------------------------------------------------
Update Information:

This update to the latest upstream adds a `--open` (`-o`) option for opening the nopaste in your browser. It also includes the following fixes:
* If LWP is producing errors, *report them*
* Correct path to Pastie
* Throw an error if you specify -p and files
* Remove Mathbin; doy moved it to a separate dist
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr  9 2011 Iain Arnell <iarnell@xxxxxxxxx> 1:0.28-1
- update to latest upstream version
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 perl-Path-Class-0.23-1.fc13 (FEDORA-2011-5799)
 Cross-platform path specification manipulation
--------------------------------------------------------------------------------
Update Information:

Update to 0.23
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 14 2011 Ian Burrell <ianburrell@xxxxxxxxx> - 0.23-1
- Update to 0.23
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.18-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 0.18-3
- 661697 rebuild for fixing problems with vendorach/lib
* Tue May  4 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 0.18-2
- Mass rebuild with perl-5.12.0
* Mon Feb 22 2010 Chris Weyl <cweyl@xxxxxxxxxxxxxxx> 0.18-1
- update to 0.18 (for latest DBIx::Class)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #696091 - RFE: Update to 0.23
        https://bugzilla.redhat.com/show_bug.cgi?id=696091
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux