The following Fedora 14 Security updates need testing: https://admin.fedoraproject.org/updates/seamonkey-2.0.14-1.fc14 https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14 https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14 https://admin.fedoraproject.org/updates/kdenetwork-4.6.2-2.fc14 https://admin.fedoraproject.org/updates/acpid-2.0.9-1.fc14 https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14 https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14 https://admin.fedoraproject.org/updates/polkit-0.98-5.fc14 https://admin.fedoraproject.org/updates/widelands-0-0.24.build16.fc14 https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999929-3.fc14 https://admin.fedoraproject.org/updates/wordpress-3.1.2-1.fc14 https://admin.fedoraproject.org/updates/tomcat6-6.0.26-21.fc14 https://admin.fedoraproject.org/updates/asterisk-1.6.2.18-1.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14 The following Fedora 14 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/libpcap-1.1.1-3.fc14 https://admin.fedoraproject.org/updates/binutils-2.20.51.0.7-8.fc14 https://admin.fedoraproject.org/updates/tar-1.23-9.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14 https://admin.fedoraproject.org/updates/evolution-exchange-2.32.3-1.fc14,evolution-data-server-2.32.3-1.fc14,evolution-2.32.3-1.fc14 https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14 https://admin.fedoraproject.org/updates/dosfstools-3.0.9-6.fc14 https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc14 https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14 https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14 https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14 The following builds have been pushed to Fedora 14 updates-testing acpid-2.0.9-1.fc14 bluedevil-1.1-2.fc14 gnome-commander-1.2.8.11-1.fc14 gramps-3.2.6-1.fc14 libpcap-1.1.1-3.fc14 lirc-0.9.0-2.fc14 lsyncd-2.0.4-1.fc14 mupdf-0.8.165-2.fc14 olpc-utils-1.2.10-1.fc14 perl-Catalyst-Plugin-Authorization-Roles-0.09-1.fc14 perl-Devel-Declare-0.006004-1.fc14 perl-Mojolicious-0.999929-3.fc14 php-captchaphp-2.3-1.fc14 rubygem-rspec-core-2.6.0-0.1.rc4.fc14 rubygem-rspec-expectations-2.6.0-0.1.rc4.fc14 rubygem-rspec-mocks-2.6.0-0.1.rc4.fc14 supybot-fedora-0.2.8-3.fc14 supybot-koji-0.1-7.fc14 terminus-fonts-4.34-1.fc14 tomcat6-6.0.26-21.fc14 zeroinstall-injector-1.0-0.rc1.1.fc14 Details about builds: ================================================================================ acpid-2.0.9-1.fc14 (FEDORA-2011-6460) ACPI Event Daemon -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Jiri Skala <jskala@xxxxxxxxxx> - 2.0.9-1 - fixes #701340 - CVE-2011-1159 acpid: blocked writes can lead to acpid daemon hang - update to latest upstream 2.0.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #688698 - CVE-2011-1159 acpid: blocked writes can lead to acpid daemon hang https://bugzilla.redhat.com/show_bug.cgi?id=688698 -------------------------------------------------------------------------------- ================================================================================ bluedevil-1.1-2.fc14 (FEDORA-2011-6443) Bluetooth stack for KDE -------------------------------------------------------------------------------- Update Information: Bluedevil is rebuild against latest libbluedevil to support legacy pairing category. -------------------------------------------------------------------------------- ChangeLog: * Mon May 2 2011 Jaroslav Reznik <jreznik@xxxxxxxxxx> - 1.1-2 - rebuilt for libbluedevil 1.9 snapshot -------------------------------------------------------------------------------- References: [ 1 ] Bug #701050 - BlueDevil 1.1 requires libbluedevil 1.9 to work properly https://bugzilla.redhat.com/show_bug.cgi?id=701050 -------------------------------------------------------------------------------- ================================================================================ gnome-commander-1.2.8.11-1.fc14 (FEDORA-2011-6461) A nice and fast file manager for the GNOME desktop -------------------------------------------------------------------------------- Update Information: New version 1.2.8.11 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 3:1.2.8.11-1 - Update to 1.2.8.11 -------------------------------------------------------------------------------- ================================================================================ gramps-3.2.6-1.fc14 (FEDORA-2011-6455) Genealogical Research and Analysis Management Programming System -------------------------------------------------------------------------------- Update Information: Version 3.2.6 -- the "So far, so good." bug fix release. * fix memory leaks * fix corrupted reports * fix crash in cramplets * fix gedcom import and export * import speed improvements * NarrativeWeb fixes * prevent corrupting databases * many translation updates * other changes; see the changelog and the 3.2.6 roadmap: http://www.gramps-project.org/bugs/roadmap_page.php?version_id=23 -------------------------------------------------------------------------------- ChangeLog: * Mon May 2 2011 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 3.2.6-1 - Version 3.2.6 -- the "So far, so good." bug fix release. - * fix memory leaks - * fix corrupted reports - * fix crash in cramplets - * fix gedcom import and export - * import speed improvements - * NarrativeWeb fixes - * prevent corrupting databases - * many translation updates - * other changes; see the changelog and the 3.2.6 roadmap: http://www.gramps-project.org/bugs/roadmap_page.php?version_id=23 * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Jan 24 2011 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 3.2.5-2 - Removed dependencies on ImageMagik and python-reportlab - Added dependency on python-enchant -------------------------------------------------------------------------------- References: [ 1 ] Bug #682102 - Crash When I Click on "Geography" Button https://bugzilla.redhat.com/show_bug.cgi?id=682102 [ 2 ] Bug #666621 - [abrt] gramps-3.2.5-1.fc14: gtk_notebook_real_switch_page: Process /usr/bin/python was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=666621 [ 3 ] Bug #667343 - [abrt] gramps-3.2.5-1.fc14: EmbedPrivate::Realize: Process /usr/bin/python was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=667343 [ 4 ] Bug #669501 - [abrt] gramps-3.2.5-1.fc14: EmbedPrivate::Realize: Process /usr/bin/python was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=669501 -------------------------------------------------------------------------------- ================================================================================ libpcap-1.1.1-3.fc14 (FEDORA-2011-6445) A system-independent interface for user-level packet capture -------------------------------------------------------------------------------- Update Information: This update fixes listing of network interfaces when a bonded interface is present. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 22 2011 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 14:1.1.1-3 - ignore /sys/net/dev files on ENODEV (#693943) - drop ppp patch - compile with -fno-strict-aliasing * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 14:1.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #693943 - libpcap-1.1.1-1.fc14: pcap_findalldevs: SIOCGIFFLAGS: bonding_masters: No such device https://bugzilla.redhat.com/show_bug.cgi?id=693943 -------------------------------------------------------------------------------- ================================================================================ lirc-0.9.0-2.fc14 (FEDORA-2011-6444) The Linux Infrared Remote Control package -------------------------------------------------------------------------------- Update Information: Adjust initscript to not disable in-kernel decode when the user configures lircd for devinput mode, which relies upon the in-kernel decoders to map IR signals to input layer scancodes. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Jarod Wilson <jarod@xxxxxxxxxx> 0.9.0-2 - Only disable in-kernel IR decoders if we're not using devinput mode, as they're actually required for devinput mode to work right. -------------------------------------------------------------------------------- ================================================================================ lsyncd-2.0.4-1.fc14 (FEDORA-2011-6450) File change monitoring and synchronization daemon -------------------------------------------------------------------------------- ================================================================================ mupdf-0.8.165-2.fc14 (FEDORA-2011-6457) A lightweight PDF viewer and toolkit -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Pavel Zhukov <landgraf@xxxxxxxxxxxxxxxxx> - 0.8.165-2 - New upstream release - Fix *.a and *.h permissions -------------------------------------------------------------------------------- References: [ 1 ] Bug #700997 - mupdf-0.8.165 is available https://bugzilla.redhat.com/show_bug.cgi?id=700997 -------------------------------------------------------------------------------- ================================================================================ olpc-utils-1.2.10-1.fc14 (FEDORA-2011-6467) OLPC utilities -------------------------------------------------------------------------------- Update Information: Fixes to library homepage generation, X configuration, and needless autoloading of XO-1.5 camera driver. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 29 2011 Daniel Drake <dsd@xxxxxxxxxx> - 1.2.10-1 - New version with updated XO-1.5 X config and olpc-configure tweaks -------------------------------------------------------------------------------- ================================================================================ perl-Catalyst-Plugin-Authorization-Roles-0.09-1.fc14 (FEDORA-2011-6464) Role based authorization for Catalyst based on Catalyst::Plugin::Authentication -------------------------------------------------------------------------------- Update Information: This update fixes check_* to always return scalar values, even in list context. It also includes several documentation updates. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 30 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.09-1 - update to latest upstream version - clean up spec for modern rpmbuild * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.08-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Dec 15 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 0.08-3 - 661697 rebuild for fixing problems with vendorach/lib -------------------------------------------------------------------------------- ================================================================================ perl-Devel-Declare-0.006004-1.fc14 (FEDORA-2011-6463) Adding keywords to perl, in perl -------------------------------------------------------------------------------- Update Information: This update ensures compatibility with Devel::CallParser. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.006004-1 - update to latest upstream version * Wed Apr 20 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.006003-1 - update to latest upstream version * Sat Apr 9 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.006002-1 - update to latest upstream version * Sun Feb 27 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.006001-1 - update to latest upstream version * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.006000-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Dec 16 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 0.006000-3 - 661697 rebuild for fixing problems with vendorach/lib -------------------------------------------------------------------------------- ================================================================================ perl-Mojolicious-0.999929-3.fc14 (FEDORA-2011-6465) A next generation web framework for Perl -------------------------------------------------------------------------------- Update Information: Attempt at CVE-2011-1841(#701719) -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Yanko Kaneti <yaneti@xxxxxxxxxxx> 0.999929-3 - Attempt at CVE-2011-1841(#701719) -------------------------------------------------------------------------------- References: [ 1 ] Bug #701719 - CVE-2011-1841 perl-Mojolicious: XSS vulnerability in link_to helper [fedora-14] https://bugzilla.redhat.com/show_bug.cgi?id=701719 -------------------------------------------------------------------------------- ================================================================================ php-captchaphp-2.3-1.fc14 (FEDORA-2011-6451) PHP very user-friendly CAPTCHA solution -------------------------------------------------------------------------------- Update Information: * Tue May 3 2011 Patrick Monnerat <pm@xxxxxxxxxxxxx> 2.3-1 - New upstream release. - Patch "24pre" to apply pre 2.4 updates. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Patrick Monnerat <pm@xxxxxxxxxxxxx> 2.3-1 - New upstream release. - Patch "24pre" to apply pre 2.4 updates. -------------------------------------------------------------------------------- ================================================================================ rubygem-rspec-core-2.6.0-0.1.rc4.fc14 (FEDORA-2011-6466) Rspec-2 runner and formatters -------------------------------------------------------------------------------- Update Information: rspec 2.6.0 rc4 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 2.6.0-0.1.rc4 - 2.6.0 rc4 -------------------------------------------------------------------------------- ================================================================================ rubygem-rspec-expectations-2.6.0-0.1.rc4.fc14 (FEDORA-2011-6466) Rspec-2 expectations (should and matchers) -------------------------------------------------------------------------------- Update Information: rspec 2.6.0 rc4 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - And enable check on rawhide * Tue May 3 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 2.6.0-0.1.rc4 - 2.6.0 rc4 -------------------------------------------------------------------------------- ================================================================================ rubygem-rspec-mocks-2.6.0-0.1.rc4.fc14 (FEDORA-2011-6466) Rspec-2 doubles (mocks and stubs) -------------------------------------------------------------------------------- Update Information: rspec 2.6.0 rc4 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - And enable check on rawhide * Tue May 3 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 2.6.0-0.1.rc4 - 2.6.0 rc4 -------------------------------------------------------------------------------- ================================================================================ supybot-fedora-0.2.8-3.fc14 (FEDORA-2011-6448) Plugin for Supybot to interact with Fedora services -------------------------------------------------------------------------------- Update Information: fixed requires issue with supybot and supybot-gribble -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Dave Riches <david.r@xxxxxxxxxxxxxx> - 0.2.8-3 - fixed requires issue for supybot -------------------------------------------------------------------------------- ================================================================================ supybot-koji-0.1-7.fc14 (FEDORA-2011-6456) Plugin for Supybot to interact with Koji instances -------------------------------------------------------------------------------- Update Information: fixed requires for supybot and supybot-gribble -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Dave Riches <david.r@xxxxxxxxxxxxxx> - 0.1-7 - fixed requires for supybot and supybot-gribble -------------------------------------------------------------------------------- ================================================================================ terminus-fonts-4.34-1.fc14 (FEDORA-2011-6446) Clean fixed width font -------------------------------------------------------------------------------- Update Information: Update to upstream release 4.34 which consists of small fixes and improvements to various characters. -------------------------------------------------------------------------------- ChangeLog: * Mon May 2 2011 Hans Ulrich Niedermann <hun@xxxxxxxxxxxxxxxx> - 4.34-1 - Update to terminus-font-4.34 - Remove patch for alt/ge1.diff (4.34 uses ge1 by default) * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.32-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Feb 1 2011 Hans Ulrich Niedermann <hun@xxxxxxxxxxxxxxxx> - 4.32-1 - Update to 4.32 -------------------------------------------------------------------------------- References: [ 1 ] Bug #701260 - terminus-fonts-4.34 is available https://bugzilla.redhat.com/show_bug.cgi?id=701260 -------------------------------------------------------------------------------- ================================================================================ tomcat6-6.0.26-21.fc14 (FEDORA-2011-6454) Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API -------------------------------------------------------------------------------- Update Information: CVE-2011-0534, CVE-2011-0013, CVE-2010-3718 -------------------------------------------------------------------------------- ChangeLog: * Sun May 1 2011 David Knox <dknox@xxxxxxxxxx> O:6.0.26-21 * Resolves rhbz 701037 - bad symbolic link to tomcat-juli * Thu Apr 14 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-20 * Applied CVE-2010-3718, CVE-2011-0013, CVE-2011-0534 * Thu Feb 17 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-19 - Reversed changes in tomcat6.init so tomcat6.conf is read before - the system configuration * Thu Feb 3 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-18 - Resolves: rhbz 647601 - JDK Double.parseDouble DoS * Mon Jan 17 2011 David Knox <dknox@xxxxxxxxxx> 0:6.0.26-17 - Resolves: rhbz# 669969 - tomcat.conf sets javax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory" as the default. - Resolves issues running multiple instances on a single host. Logging - directory points to ${CATALINA_HOME}/logs/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #701037 - bad symbolic links created for tomcat-juli jar https://bugzilla.redhat.com/show_bug.cgi?id=701037 [ 2 ] Bug #675794 - CVE-2011-0013 CVE-2010-3718 CVE-2011-0534 tomcat6 various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=675794 -------------------------------------------------------------------------------- ================================================================================ zeroinstall-injector-1.0-0.rc1.1.fc14 (FEDORA-2011-6449) The Zero Install Injector (0launch) -------------------------------------------------------------------------------- Update Information: Release candidate for the upcoming 1.0 -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.0-0.rc1.1 - Update to 1.0rc1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #695308 - zeroinstall-injector-0.54 is available https://bugzilla.redhat.com/show_bug.cgi?id=695308 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test