The following Fedora 14 Security updates need testing: https://admin.fedoraproject.org/updates/seamonkey-2.0.14-1.fc14 https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14 https://admin.fedoraproject.org/updates/libmodplug-0.8.8.3-1.fc14 https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14 https://admin.fedoraproject.org/updates/vino-2.32.2-1.fc14 https://admin.fedoraproject.org/updates/kdenetwork-4.6.2-2.fc14 https://admin.fedoraproject.org/updates/acpid-2.0.9-1.fc14 https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14 https://admin.fedoraproject.org/updates/postfix-2.7.4-1.fc14 https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999929-3.fc14 https://admin.fedoraproject.org/updates/wordpress-3.1.2-1.fc14 https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14 https://admin.fedoraproject.org/updates/tomcat6-6.0.26-21.fc14 https://admin.fedoraproject.org/updates/asterisk-1.6.2.18-1.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14 https://admin.fedoraproject.org/updates/mediawiki-1.16.5-59.fc14 The following Fedora 14 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/pcre-8.10-2.fc14 https://admin.fedoraproject.org/updates/lvm2-2.02.84-2.fc14 https://admin.fedoraproject.org/updates/libedit-3.0-3.20090923cvs.fc14 https://admin.fedoraproject.org/updates/libpcap-1.1.1-3.fc14 https://admin.fedoraproject.org/updates/binutils-2.20.51.0.7-8.fc14 https://admin.fedoraproject.org/updates/tar-1.23-9.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14 https://admin.fedoraproject.org/updates/evolution-exchange-2.32.3-1.fc14,evolution-data-server-2.32.3-1.fc14,evolution-2.32.3-1.fc14 https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14 https://admin.fedoraproject.org/updates/dosfstools-3.0.9-6.fc14 https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc14 https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14 https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc14 https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14 https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14 https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14 The following builds have been pushed to Fedora 14 updates-testing eclipse-cdt-7.0.2-1.fc14 ghc-6.12.3-8.4.fc14 ghc-rpm-macros-0.10.55-1.fc14 mediawiki-1.16.5-59.fc14 mfiler3-4.3.4-2.fc14 pcre-8.10-2.fc14 postfix-2.7.4-1.fc14 saphire-3.0.5-1.fc14 upstart-1.2-1.fc14 vino-2.32.2-1.fc14 wallpapoz-0.5-6.fc14.1 Details about builds: ================================================================================ eclipse-cdt-7.0.2-1.fc14 (FEDORA-2011-6770) Eclipse C/C++ Development Tools (CDT) plugin -------------------------------------------------------------------------------- Update Information: Upgrading to CDT 7.0.2. -------------------------------------------------------------------------------- ChangeLog: * Fri May 6 2011 Jeff Johnston <jjohnstn@xxxxxxxxxx> 1:7.0.2-1 - Rebase CDT to 7.0.2 - Rebase Autotools and Libhover to use tarballs from git repo. * Wed Mar 9 2011 Jeff Johnston <jjohnstn@xxxxxxxxxx> 1:7.0.1-6 - Fix typo in libhover local patch so entire libhoverdocs directory contents are installed. -------------------------------------------------------------------------------- ================================================================================ ghc-6.12.3-8.4.fc14 (FEDORA-2011-6779) Glasgow Haskell Compilation system -------------------------------------------------------------------------------- ChangeLog: * Mon May 9 2011 Jens Petersen <petersen@xxxxxxxxxx> - 6.12.3-8.4 - ghc-rpm-macros-0.10.55 for automatic lib dependencies - ghc now requires ghc-devel with ver-rel - ghc-devel now require ghc with ver-rel - ghc-prof now requires ghc-devel with ver-rel - make devel and prof meta packages require subpackages with ver-rel - make ghc-*-devel subpackages require ghc with ver-rel - bring back ghc-libs to avoid yum resolver problems (#702934) - drop haddock obsoletes - use without_hscolour -------------------------------------------------------------------------------- References: [ 1 ] Bug #702934 - dropping ghc-libs confuses yum resolver when installing shared libs https://bugzilla.redhat.com/show_bug.cgi?id=702934 -------------------------------------------------------------------------------- ================================================================================ ghc-rpm-macros-0.10.55-1.fc14 (FEDORA-2011-6780) Macros for building packages for GHC -------------------------------------------------------------------------------- Update Information: Backport ghc-deps.sh rpm dependency script for automatic versioned library dependencies (without hashes). -------------------------------------------------------------------------------- ChangeLog: * Mon May 9 2011 Jens Petersen <petersen@xxxxxxxxxx> - 0.10.55-1 - include ghc_pkg_c_deps even when -c option used * Mon May 9 2011 Jens Petersen <petersen@xxxxxxxxxx> - 0.10.54-1 - ghc-deps.sh: ignore private ghc lib deps - macros.ghc: drop ghc-prof requires from ghc_prof_requires * Sat May 7 2011 Jens Petersen <petersen@xxxxxxxxxx> - 0.10.53-1 - backport ghc-deps.sh rpm dependency script for automatic versioned library dependencies (without hashes) - drop ghc_pkg_deps from ghc_package_devel and ghc_package_prof since ghc-deps.sh generates better inter-package dependencies already -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.16.5-59.fc14 (FEDORA-2011-6774) A wiki engine -------------------------------------------------------------------------------- Update Information: Mediawiki 1.16.5 was released to correct two security flaws: The first issue is yet another recurrence of the Internet Explorer 6 XSS vulnerability that caused the release of 1.16.4. It was pointed out that there are dangerous extensions with more than four characters, so the regular expressions we introduced had to be updated to match longer extensions. (CVE-2011-1765) The second issue allows unauthenticated users to gain additional rights, on wikis where $wgBlockDisablesLogin is enabled. By default, it is disabled. The issue occurs when a malicious user sends cookies which contain the user name and user ID of a "victim" account. In certain circumstances, the rights of the victim are loaded and persist throughout the malicious request, allowing the malicious user to perform actions with the victim's rights. (CVE-2011-1766) $wgBlockDisablesLogin is a feature which is sometimes used on private wikis to prevent users who have an account from logging in and viewing content on the wiki. -------------------------------------------------------------------------------- ChangeLog: * Sun May 8 2011 Axel Thimm <Axel.Thimm@xxxxxxxxxx> - 1.16.5-59 - Update to 1.16.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #702512 - CVE-2011-1765 mediawiki: two vulnerabilities fixed in 1.16.5 https://bugzilla.redhat.com/show_bug.cgi?id=702512 -------------------------------------------------------------------------------- ================================================================================ mfiler3-4.3.4-2.fc14 (FEDORA-2011-6772) Two pane file manager under UNIX console -------------------------------------------------------------------------------- Update Information: saphire 3.0.5 is released. mfiler3 was recompiled against new saphire. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 4.3.4-2 - Rebuild against newer saphire -------------------------------------------------------------------------------- ================================================================================ pcre-8.10-2.fc14 (FEDORA-2011-6776) Perl-compatible regular expression library -------------------------------------------------------------------------------- ChangeLog: * Mon May 9 2011 Petr Pisar <ppisar@xxxxxxxxxx> - 8.10-2 - Fix caseless reference matching in UTF-8 mode when the upper/lower case characters have different lengths (bug #702623) -------------------------------------------------------------------------------- References: [ 1 ] Bug #702623 - Problems with caseless reference matching in UTF-8 mode when the upper/lower case characters have different lengths https://bugzilla.redhat.com/show_bug.cgi?id=702623 -------------------------------------------------------------------------------- ================================================================================ postfix-2.7.4-1.fc14 (FEDORA-2011-6771) Postfix Mail Transport Agent -------------------------------------------------------------------------------- Update Information: This is an update that fixes memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720). For original upstream announcement see: http://archives.neohapsis.com/archives/postfix/2011-05/0208.html -------------------------------------------------------------------------------- ChangeLog: * Mon May 9 2011 Jaroslav Åkarvada <jskarvad@xxxxxxxxxx> - 2:2.7.4-1 - update to 2.7.4 - fix CVE-2011-1720 -------------------------------------------------------------------------------- ================================================================================ saphire-3.0.5-1.fc14 (FEDORA-2011-6772) Yet another shell -------------------------------------------------------------------------------- Update Information: saphire 3.0.5 is released. mfiler3 was recompiled against new saphire. -------------------------------------------------------------------------------- ChangeLog: * Tue May 3 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 3.0.5-1 - 3.0.5 -------------------------------------------------------------------------------- ================================================================================ upstart-1.2-1.fc14 (FEDORA-2011-6768) An event-driven init system -------------------------------------------------------------------------------- Update Information: This is update to upstart-1.2 release with support for .override files. New stanzas have been introduced - manual, debug. -------------------------------------------------------------------------------- ChangeLog: * Mon May 9 2011 Petr Lautrbach <plautrba@xxxxxxxxxx> 1.2-1 - upgrade to 1.2 - allow job override files * Thu Nov 4 2010 Petr Lautrbach <plautrba@xxxxxxxxxx> 0.6.5-11 - drop systemd-sysvinit obsoletes (#649510) -------------------------------------------------------------------------------- References: [ 1 ] Bug #649510 - upstart-sysvinit nobbles systemd-sysvinit https://bugzilla.redhat.com/show_bug.cgi?id=649510 [ 2 ] Bug #690122 - upstart-1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=690122 -------------------------------------------------------------------------------- ================================================================================ vino-2.32.2-1.fc14 (FEDORA-2011-6773) A remote desktop system for GNOME -------------------------------------------------------------------------------- ChangeLog: * Sun May 8 2011 Christopher Aillon <caillon@xxxxxxxxxx> - 2.32.2-1 - Update to 2.32.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #694455 - CVE-2011-0904 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests https://bugzilla.redhat.com/show_bug.cgi?id=694455 [ 2 ] Bug #694456 - CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests https://bugzilla.redhat.com/show_bug.cgi?id=694456 -------------------------------------------------------------------------------- ================================================================================ wallpapoz-0.5-6.fc14.1 (FEDORA-2011-6769) Gnome Multi Backgrounds and Wallpapers Configuration Tool -------------------------------------------------------------------------------- Update Information: Killed gsettings patch explicitly as calling gsettings with no-corresponding key causes gsettings crash. Current wallpapoz shows some error messages on startup about missing files. This new rpm will fix thse issues. Previous rpm -5 introduced a bug that wallpapoz won't launch when using xml file with desktop style. This new rpm will fix the issue. -------------------------------------------------------------------------------- ChangeLog: * Mon May 9 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 0.5-6.1 - F-14: kill gsettings patch explicitly: F-14 gsettings crashes every time key is not found * Fri May 6 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 0.5-6 - Fix crash on wallpapoz with desktop style xml which was introduced in -5 (bug 702538) * Thu May 5 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 0.5-5 - And more fix for gsettings key name change - Kill warnings on startup when wallpapoz tries to show workspace name as "images" * Sat Apr 16 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 0.5-4 - Modify for gsettings key name change * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #702538 - [abrt] wallpapoz-0.5-5.fc15: wallpapoz:1301:treeview_selection_changed:UnboundLocalError: local variable 'parent' referenced before assignment https://bugzilla.redhat.com/show_bug.cgi?id=702538 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test