The following Fedora 13 Security updates need testing: https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13 https://admin.fedoraproject.org/updates/seamonkey-2.0.14-1.fc13 https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.fc13 https://admin.fedoraproject.org/updates/firefox-3.6.17-1.fc13,mozvoikko-1.0-21.fc13,gnome-web-photo-0.9-19.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.24,gnome-python2-extras-2.25.3-29.fc13,galeon-2.0.7-40.fc13,thunderbird-3.1.10-1.fc13,xulrunner-1.9.2.17-2.fc13 https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13 https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13 https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13 https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13 https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13 https://admin.fedoraproject.org/updates/widelands-0-0.24.build16.fc13 https://admin.fedoraproject.org/updates/xorg-x11-server-utils-7.4-17.fc13 https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13 https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999925-4.fc13 https://admin.fedoraproject.org/updates/wordpress-3.1.2-1.fc13 https://admin.fedoraproject.org/updates/asterisk-1.6.2.18-1.fc13 The following Fedora 13 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13 https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13 https://admin.fedoraproject.org/updates/xorg-x11-drv-penmount-1.4.1-2.fc13 https://admin.fedoraproject.org/updates/python-ethtool-0.7-2.fc13 https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13 https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc13 https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13 https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13 https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13 https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13 https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13 https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13 https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13 https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13 https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13 https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13 The following builds have been pushed to Fedora 13 updates-testing gnome-commander-1.2.8.11-1.fc13 gramps-3.2.6-1.fc13 kernel-2.6.34.9-69.fc13 mupdf-0.8.165-2.fc13 perl-Devel-Declare-0.006004-1.fc13 perl-Mojolicious-0.999925-4.fc13 supybot-fedora-0.2.8-2.fc13 supybot-koji-0.1-6.fc13 zeroinstall-injector-1.0-0.rc1.1.fc13 Details about builds: ================================================================================ gnome-commander-1.2.8.11-1.fc13 (FEDORA-2011-6468) A nice and fast file manager for the GNOME desktop -------------------------------------------------------------------------------- Update Information: New version 1.2.8.11 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 2:1.2.8.11-1 - Update to 1.2.8.11 -------------------------------------------------------------------------------- ================================================================================ gramps-3.2.6-1.fc13 (FEDORA-2011-6459) Genealogical Research and Analysis Management Programming System -------------------------------------------------------------------------------- Update Information: Version 3.2.6 -- the "So far, so good." bug fix release. * fix memory leaks * fix corrupted reports * fix crash in cramplets * fix gedcom import and export * import speed improvements * NarrativeWeb fixes * prevent corrupting databases * many translation updates * other changes; see the changelog and the 3.2.6 roadmap: http://www.gramps-project.org/bugs/roadmap_page.php?version_id=23 -------------------------------------------------------------------------------- ChangeLog: * Mon May 2 2011 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 3.2.6-1 - Version 3.2.6 -- the "So far, so good." bug fix release. - * fix memory leaks - * fix corrupted reports - * fix crash in cramplets - * fix gedcom import and export - * import speed improvements - * NarrativeWeb fixes - * prevent corrupting databases - * many translation updates - * other changes; see the changelog and the 3.2.6 roadmap: http://www.gramps-project.org/bugs/roadmap_page.php?version_id=23 * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Jan 24 2011 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 3.2.5-2 - Removed dependencies on ImageMagik and python-reportlab - Added dependency on python-enchant -------------------------------------------------------------------------------- References: [ 1 ] Bug #682102 - Crash When I Click on "Geography" Button https://bugzilla.redhat.com/show_bug.cgi?id=682102 [ 2 ] Bug #666621 - [abrt] gramps-3.2.5-1.fc14: gtk_notebook_real_switch_page: Process /usr/bin/python was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=666621 [ 3 ] Bug #667343 - [abrt] gramps-3.2.5-1.fc14: EmbedPrivate::Realize: Process /usr/bin/python was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=667343 [ 4 ] Bug #669501 - [abrt] gramps-3.2.5-1.fc14: EmbedPrivate::Realize: Process /usr/bin/python was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=669501 -------------------------------------------------------------------------------- ================================================================================ kernel-2.6.34.9-69.fc13 (FEDORA-2011-6447) The Linux kernel -------------------------------------------------------------------------------- Update Information: Update to kernel 2.6.34.9: http://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.34/ChangeLog-2.6.34.9 -------------------------------------------------------------------------------- ChangeLog: * Mon May 2 2011 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.34.9-69 - [SCSI] mpt2sas: prevent heap overflows and unchecked reads (CVE-2011-1494, CVE-2011-1495) - dccp: fix oops on Reset after close (CVE-2011-1093) * Fri Apr 29 2011 Chuck Ebbert <cebbert@xxxxxxxxxx> - Bluetooth: bnep: fix buffer overflow (CVE-2011-1079) - agp: fix arbitrary kernel memory writes (CVE-2011-1745) - agp: fix OOM and buffer overflow (CVE-2011-1746) * Sun Apr 17 2011 Chuck Ebbert <cebbert@xxxxxxxxxx> - Linux 2.6.34.9 - Fix up drm-next.patch to apply on top of cda4b7d3a, e06b14ee9 - Un-revert 6a1a82df9 from upstream - Drop: linux-2.6-v4l-dvb-av7110-check-for-negative-array-offset.patch ipc-zero-struct-memory-for-compat-fns.patch ipc-shm-fix-information-leak-to-user.patch posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch ioat2-catch-and-recover-from-broken-vtd-configurations.patch sctp-fix-out-of-bounds-reading-in-sctp_asoc_get_hmac.patch do_exit-make-sure-that-we-run-with-get_fs-user_ds.patch perf_events-fix-perf_counter_mmap-hook-in-mprotect.patch bio-take-care-not-overflow-page-count-when-mapping-copying-user-data.patch af_unix-limit-unix_tot_inflight.patch filter-make-sure-filters-dont-read-uninitialized-memory.patch can-bcm-fix-minor-heap-overflow.patch block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov.patch block-check-for-proper-length-of-iov-entries-earlier-in-blk_rq_map_user_iov.patch install-special-mapping-skips-security-file-mmap-check.patch ib-uverbs-handle-large-number-of-poll-entries-in-poll-cq.patch ima-fix-add-lsm-rule-bug.patch orinoco-fix-tkip-countermeasure-behaviour.patch fuse-verify-ioctl-retries.patch tcp-avoid-a-possible-divide-by-zero.patch tcp-bug-fix-in-initialization-of-receive-window.patch tcp-don-t-change-unlocked-socket-state-in-tcp_v4_err.patch tcp-increase-tcp_maxseg-socket-option-minimum.patch tcp-make-tcp_maxseg-minimum-more-correct.patch * Wed Mar 23 2011 Kyle McMartin <kmcmartin@xxxxxxxxxx> - Backport 3e9d08e: "virtio_net: Add schedule check to napi_enable call" * Fri Mar 11 2011 Chuck Ebbert <cebbert@xxxxxxxxxx> - Drop linux-2.6-defaults-aspm.patch; fixing ASPM properly will be too difficult in this old kernel. * Thu Feb 24 2011 Chuck Ebbert <cebbert@xxxxxxxxxx> - Fix crash when dropping filesystem caches (#649871) -------------------------------------------------------------------------------- References: [ 1 ] Bug #690028 - CVE-2011-1182 kernel signal spoofing issue https://bugzilla.redhat.com/show_bug.cgi?id=690028 [ 2 ] Bug #694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows https://bugzilla.redhat.com/show_bug.cgi?id=694021 [ 3 ] Bug #681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator https://bugzilla.redhat.com/show_bug.cgi?id=681260 [ 4 ] Bug #682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close https://bugzilla.redhat.com/show_bug.cgi?id=682954 [ 5 ] Bug #698996 - CVE-2011-1745 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls https://bugzilla.redhat.com/show_bug.cgi?id=698996 [ 6 ] Bug #698998 - CVE-2011-1746 kernel: agp: insufficient page_count parameter checking in agp_allocate_memory() https://bugzilla.redhat.com/show_bug.cgi?id=698998 [ 7 ] Bug #632069 - CVE-2010-3084 kernel: niu: buffer overflow for ETHTOOL_GRXCLSRLALL https://bugzilla.redhat.com/show_bug.cgi?id=632069 [ 8 ] Bug #679925 - CVE-2011-1013 kernel: drm_modeset_ctl signedness issue https://bugzilla.redhat.com/show_bug.cgi?id=679925 [ 9 ] Bug #667615 - CVE-2010-4527 kernel: buffer overflow in OSS load_mixer_volumes https://bugzilla.redhat.com/show_bug.cgi?id=667615 [ 10 ] Bug #631623 - CVE-2010-3079 kernel: ftrace NULL ptr deref https://bugzilla.redhat.com/show_bug.cgi?id=631623 -------------------------------------------------------------------------------- ================================================================================ mupdf-0.8.165-2.fc13 (FEDORA-2011-6453) A lightweight PDF viewer and toolkit -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Pavel Zhukov <landgraf@xxxxxxxxxxxxxxxxx> - 0.8.165-2 - New upstream release - Fix *.a and *.h permissions -------------------------------------------------------------------------------- References: [ 1 ] Bug #700997 - mupdf-0.8.165 is available https://bugzilla.redhat.com/show_bug.cgi?id=700997 -------------------------------------------------------------------------------- ================================================================================ perl-Devel-Declare-0.006004-1.fc13 (FEDORA-2011-6470) Adding keywords to perl, in perl -------------------------------------------------------------------------------- Update Information: This update ensures compatibility with Devel::CallParser. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.006004-1 - update to latest upstream version * Wed Apr 20 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.006003-1 - update to latest upstream version * Sat Apr 9 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.006002-1 - update to latest upstream version * Sun Feb 27 2011 Iain Arnell <iarnell@xxxxxxxxx> 0.006001-1 - update to latest upstream version * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.006000-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Dec 16 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 0.006000-3 - 661697 rebuild for fixing problems with vendorach/lib -------------------------------------------------------------------------------- ================================================================================ perl-Mojolicious-0.999925-4.fc13 (FEDORA-2011-6462) A next generation web framework for Perl -------------------------------------------------------------------------------- Update Information: Blind attempt at CVE-2010-4803(#701718) and CVE-2011-1841 -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Yanko Kaneti <yaneti@xxxxxxxxxxx> 0.999925-4 - Blind attempt at CVE-2010-4803(#701718) and CVE-2011-1841. -------------------------------------------------------------------------------- References: [ 1 ] Bug #701718 - CVE-2011-1841 CVE-2010-4803 perl-Mojolicious various flaws [fedora-13] https://bugzilla.redhat.com/show_bug.cgi?id=701718 -------------------------------------------------------------------------------- ================================================================================ supybot-fedora-0.2.8-2.fc13 (FEDORA-2011-6458) Plugin for Supybot to interact with Fedora services -------------------------------------------------------------------------------- Update Information: fixed requires issue for supybot and supybot-gribble -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Dave Riches <david.r@xxxxxxxxxxxxxx> - 0.2.8-2 - fixed requires issue for supybot -------------------------------------------------------------------------------- ================================================================================ supybot-koji-0.1-6.fc13 (FEDORA-2011-6469) Plugin for Supybot to interact with Koji instances -------------------------------------------------------------------------------- Update Information: fixed requires for supybot and supybot-gribble -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Dave Riches <david.r@xxxxxxxxxxxxxx> - 0.1-6 - fixed requires for supybot and supybot-gribble -------------------------------------------------------------------------------- ================================================================================ zeroinstall-injector-1.0-0.rc1.1.fc13 (FEDORA-2011-6452) The Zero Install Injector (0launch) -------------------------------------------------------------------------------- Update Information: Release candidate for the upcoming 1.0 -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.0-0.rc1.1 - Update to 1.0rc1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #695308 - zeroinstall-injector-0.54 is available https://bugzilla.redhat.com/show_bug.cgi?id=695308 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test