Fedora 13 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Tue Nov 2 22:19:46 UTC 2010 

The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.fc13
    https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc13
    https://admin.fedoraproject.org/updates/gnome-xcf-thumbnailer-1.0-4.fc13
    https://admin.fedoraproject.org/updates/monotone-0.48.1-1.fc13
    https://admin.fedoraproject.org/updates/seamonkey-2.0.10-1.fc13
    https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc13
    https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13
    https://admin.fedoraproject.org/updates/xpdf-3.02-16.fc13
    https://admin.fedoraproject.org/updates/clamav-0.96.3-1400.fc13
    https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc13
    https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc13
    https://admin.fedoraproject.org/updates/gromacs-4.5.2-1.fc13
    https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc13
    https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc13
    https://admin.fedoraproject.org/updates/pootle-2.1.2-1.fc13
    https://admin.fedoraproject.org/updates/libsmi-0.4.8-5.fc13


The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/gawk-3.1.8-2.fc13
    https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc13
    https://admin.fedoraproject.org/updates/crontabs-1.11-1.20101022git.fc13
    https://admin.fedoraproject.org/updates/gnome-settings-daemon-2.30.1-9.fc13
    https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-69.fc13
    https://admin.fedoraproject.org/updates/upstart-0.6.5-7.fc13
    https://admin.fedoraproject.org/updates/libgsf-1.14.18-1.fc13
    https://admin.fedoraproject.org/updates/goddard-kde-theme-13.1.0-1.fc13,fedora-logos-13.0.2-2.fc13,generic-logos-13.0.1-2.fc13,kde-settings-4.4-21.fc13
    https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
    https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13


The following builds have been pushed to Fedora 13 updates-testing

    389-ds-base-1.2.7-0.7.a4.fc13
    cmake-fedora-0.3.0-1.fc13
    crontabs-1.11-1.20101022git.fc13
    gawk-3.1.8-2.fc13
    gromacs-4.5.2-1.fc13
    libsmi-0.4.8-5.fc13
    libunicap-0.9.12-6.fc13
    libvpx-0.9.5-1.fc13
    mbuffer-20100526-2.fc13
    mercurial-1.7-3.fc13
    mesa-7.8.2-1.fc13
    mysql-5.1.52-1.fc13
    nagios-plugins-check-updates-1.4.9-1.fc13
    pam-1.1.1-6.fc13
    perl-DBIx-SearchBuilder-1.58-1.fc13
    perl-DateTime-Format-Natural-0.91-1.fc13
    perl-Term-ProgressBar-2.09-9.fc13
    pidgin-2.7.5-1.fc13
    proftpd-1.3.3c-1.fc13
    python-redis-2.0.0-1.fc13
    python-sphinx-0.6.6-3.fc13
    rabbitmq-server-2.1.1-1.fc13
    seamonkey-2.0.10-1.fc13
    wifi-radar-2.0.s08-1.fc13

Details about builds:


================================================================================
 389-ds-base-1.2.7-0.7.a4.fc13 (FEDORA-2010-17083)
 389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:

1.2.7.a4 release - git tag 389-ds-base-1.2.7.a4
Bug 647932 - multiple memberOf configuration adding memberOf where there is no member
Bug 491733 - dbtest crashes
Bug 606545 - core schema should include numSubordinates
Bug 638773 - permissions too loose on pid and lock files
Bug 189985 - Improve attribute uniqueness error message
Bug 619623 - attr-unique-plugin ignores requiredObjectClass on modrdn operations
Bug 619633 - Make attribute uniqueness obey requiredObjectClass

This is the 389-ds-base 1.2.7 Alpha 3 release.  On Fedora 14 and later, this package uses openldap instead of mozldap.  This release fixes some serious problems with upgrade and replication, as well as many other bugs.
new release 1.2.6.1 to fix several moderate bugs:
Bug 634561 - Server crushes when using Windows Sync Agreement
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
Bug 631862 - crash - delete entries not in cache + referint

Put back the selinux dependencies I removed during a merge commit . . .
new release 1.2.6.1 to fix several moderate bugs:
Bug 634561 - Server crushes when using Windows Sync Agreement
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
Bug 631862 - crash - delete entries not in cache + referint

Put back the selinux dependencies I removed during a merge commit . . .
This is the 389-ds-base 1.2.7 Alpha 3 release.  On Fedora 14 and later, this package uses openldap instead of mozldap.  This release fixes some serious problems with upgrade and replication, as well as many other bugs.
new release 1.2.6.1 to fix several moderate bugs:
Bug 634561 - Server crushes when using Windows Sync Agreement
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
Bug 631862 - crash - delete entries not in cache + referint

Put back the selinux dependencies I removed during a merge commit . . .
new release 1.2.6.1 to fix several moderate bugs:
Bug 634561 - Server crushes when using Windows Sync Agreement
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
Bug 631862 - crash - delete entries not in cache + referint

Put back the selinux dependencies I removed during a merge commit . . .
This is the 389-ds-base 1.2.7 Alpha 3 release.  On Fedora 14 and later, this package uses openldap instead of mozldap.  This release fixes some serious problems with upgrade and replication, as well as many other bugs.
new release 1.2.6.1 to fix several moderate bugs:
Bug 634561 - Server crushes when using Windows Sync Agreement
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
Bug 631862 - crash - delete entries not in cache + referint

Put back the selinux dependencies I removed during a merge commit . . .
new release 1.2.6.1 to fix several moderate bugs:
Bug 634561 - Server crushes when using Windows Sync Agreement
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
Bug 631862 - crash - delete entries not in cache + referint

Put back the selinux dependencies I removed during a merge commit . . .
This is the 389-ds-base 1.2.7 Alpha 3 release.  On Fedora 14 and later, this package uses openldap instead of mozldap.  This release fixes some serious problems with upgrade and replication, as well as many other bugs.
new release 1.2.6.1 to fix several moderate bugs:
Bug 634561 - Server crushes when using Windows Sync Agreement
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
Bug 631862 - crash - delete entries not in cache + referint

Put back the selinux dependencies I removed during a merge commit . . .
new release 1.2.6.1 to fix several moderate bugs:
Bug 634561 - Server crushes when using Windows Sync Agreement
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
Bug 631862 - crash - delete entries not in cache + referint

Put back the selinux dependencies I removed during a merge commit . . .
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.7-0.7.a4
- 1.2.7.a4 release - git tag 389-ds-base-1.2.7.a4
- Bug 647932 - multiple memberOf configuration adding memberOf where there is no member
- Bug 491733 - dbtest crashes
- Bug 606545 - core schema should include numSubordinates
- Bug 638773 - permissions too loose on pid and lock files
- Bug 189985 - Improve attribute uniqueness error message
- Bug 619623 - attr-unique-plugin ignores requiredObjectClass on modrdn operations
- Bug 619633 - Make attribute uniqueness obey requiredObjectClass
* Wed Oct 27 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.7-0.6.a3
- fix more git merge problems
* Wed Oct 27 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.7-0.5.a3
- fix git merge problems
* Wed Oct 27 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.7-0.4.a3
- 1.2.7.a3 release - a2 was never released - this is a rebuild to pick up
- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs
- Adding the ancestorid fix code to ##upgradednformat.pl.
* Fri Oct 22 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.7-0.3.a3
- 1.2.7.a3 release - a2 was never released
- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs
- Bug 629681 - Retro Changelog trimming does not behave as expected
- Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif
-              are not upgraded in the server instance schema dir
* Tue Oct 19 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.7-0.2.a2
- 1.2.7.a2 release - a1 was the OpenLDAP testday release
- git tag 389-ds-base-1.2.7.a2
- added openldap support on platforms that use openldap with moznss
- for crypto (F-14 and later)
- many bug fixes
- Account Policy Plugin (keep track of last login, disable old accounts)
* Fri Oct  8 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.7-0.1.a1
- added openldap support
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
        https://bugzilla.redhat.com/show_bug.cgi?id=576869
  [ 2 ] Bug #634561 - Server crushes when using Windows Sync Agreement
        https://bugzilla.redhat.com/show_bug.cgi?id=634561
  [ 3 ] Bug #631862 - crash - delete entries not in cache + referint
        https://bugzilla.redhat.com/show_bug.cgi?id=631862
--------------------------------------------------------------------------------


================================================================================
 cmake-fedora-0.3.0-1.fc13 (FEDORA-2010-17117)
 CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:

- New macro: SETTING_FILE_GET_VARIABLES_PATTERN
- New macro: PACK_SOURCE_FILES
- Fixed: Variable lost in SETTING_FILE_GET_ALL_VARIABLES and
SETTING_FILE_GET_VARABLE.
- Fixed: Variable values won't apply in SETTING_FILE_GET_ALL_VARIABLES
- UseUninstall finds cmake_uninstall.in in additional paths:
/usr/share/cmake/Modules and /usr/share/cmake/Modules
- Minor improvements in CMakeLists.txt and project.spec.in templates.
- Add new project building script.
- Build for EL-5, EL-6
- Add el5, el6 build.
- Fixed errors in UseFedpkg.
- Fixed target: tag
- Fixed target: bodhi_new
Initial submission.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  2 2010 Ding-Yi Chen <dchen at redhat.com> - 0.3.0-1
- New macro: SETTING_FILE_GET_VARIABLES_PATTERN
- New macro: PACK_SOURCE_FILES
- Fixed: Variable lost in SETTING_FILE_GET_ALL_VARIABLES and
  SETTING_FILE_GET_VARABLE.
- Fixed: Variable values won't apply in SETTING_FILE_GET_ALL_VARIABLES
- UseUninstall finds cmake_uninstall.in in additional paths:
  /usr/share/cmake/Modules and /usr/share/cmake/Modules
- Minor improvements in CMakeLists.txt and project.spec.in templates.
* Wed Oct 20 2010 Ding-Yi Chen <dchen at redhat.com> - 0.2.4-1
- cmake-fedora-newprj.sh: New option "-e" that extract value from specified
  spec or spec.in.
- Now usage is printed instead of junk output when project_name is not given.
- Source code (whatever is packed) and tarball dependency now checked.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #639816 - Review Request: cmake-fedora - CMake helper modules for fedora developers
        https://bugzilla.redhat.com/show_bug.cgi?id=639816
--------------------------------------------------------------------------------


================================================================================
 crontabs-1.11-1.20101022git.fc13 (FEDORA-2010-17125)
 Root crontab files used to schedule the execution of programs
--------------------------------------------------------------------------------
Update Information:

Add --list option on users request.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 22 2010 Marcela Mašláňová <mmaslano at redhat.com> 1.11-1
- use sources from source fedorahosted
* Mon Oct 18 2010 Marcela Mašláňová <mmaslano at redhat.com> 1.10-34
- add --list option into run-parts
* Wed Mar 24 2010 Marcela Mašláňová <mmaslano at redhat.com> 1.10-33
- remove useless seting of home to "/"
--------------------------------------------------------------------------------


================================================================================
 gawk-3.1.8-2.fc13 (FEDORA-2010-17093)
 The GNU version of the awk text processing utility
--------------------------------------------------------------------------------
Update Information:

- fix #629196: Double free in free_wstr
- fix license tag, add description
- remove BuildRoot tag
- add byacc to BuildRequires
- follow updated libsigsegv option in configure script
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  2 2010 Vojtech Vitek (V-Teq) <vvitek at redhat.com> - 3.1.8-2
- fix #629196: Double free in free_wstr
- fix license tag, add description
- remove BuildRoot tag
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #629196 - gawk regression from RHEL3/4
        https://bugzilla.redhat.com/show_bug.cgi?id=629196
--------------------------------------------------------------------------------


================================================================================
 gromacs-4.5.2-1.fc13 (FEDORA-2010-17139)
 Fast, Free and Flexible Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:

Upgrade to 4.5.2, fixing CVE-2010-4001 and a bunch of other bugs. See full release notes at http://www.gromacs.org/About_Gromacs/Release_Notes/Versions_4.5.x .
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Jussi Lehtola <jussilehtola at fedoraproject.org> - 4.5.2-1
- Update to 4.5.2.
* Wed Oct 27 2010 Jussi Lehtola <jussilehtola at fedoraproject.org> - 4.5.1-2
- Patch around #644950.
- Split libraries in own packages to avoid multilib problems.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #644596 - CVE-2010-4001 gromacs: insecure library loading vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=644596
--------------------------------------------------------------------------------


================================================================================
 libsmi-0.4.8-5.fc13 (FEDORA-2010-17096)
 A library to access SMI MIB information
--------------------------------------------------------------------------------
Update Information:

Resolve CVE-2010-2891 - LibSMI smiGetNode Buffer Overflow
When Long OID Is Given In Numerical Form

--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 0.4.8-5
- fix CVE-2010-2891
* Thu Feb 25 2010 Radek Vokal <rvokal at redhat.com> - 0.4.8-4
- fix lincese field, based on the tarball project is now GPL+
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647520 - CVE-2010-2891 libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=647520
--------------------------------------------------------------------------------


================================================================================
 libunicap-0.9.12-6.fc13 (FEDORA-2010-17099)
 Library to access different kinds of (video) capture devices
--------------------------------------------------------------------------------
Update Information:

fix a crasher bug introduced by libunicap-0.9.12-memerrs.patch (#647880)
Use ATTRS rather SYSFS for udev where appropriate (#643729)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  2 2010 Kamil Dudka <kdudka at redhat.com> 0.9.12-6
- fix a crasher bug introduced by libunicap-0.9.12-memerrs.patch (#647880)
* Fri Oct 29 2010 Robert Scheck <robert at fedoraproject.org> 0.9.12-5
- Use ATTRS rather SYSFS for udev where appropriate (#643729)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647880 - double-free in v4l2_cpi_close()
        https://bugzilla.redhat.com/show_bug.cgi?id=647880
  [ 2 ] Bug #643729 - Please update 50-euvccam.rules (SYSFS deprecated)
        https://bugzilla.redhat.com/show_bug.cgi?id=643729
--------------------------------------------------------------------------------


================================================================================
 libvpx-0.9.5-1.fc13 (FEDORA-2010-17151)
 VP8 Video Codec SDK
--------------------------------------------------------------------------------
Update Information:

Update to 0.9.5. Notable bugfixes since 0.9.1 include:

- Fix two-pass framrate for Y4M input.
- Replace pinsrw (SSE) with MMX instructions
- Fixed rate control bug with long key frame interval.
- Fix DSO link errors on x86-64 when not using a version script
- Fixed buffer selection for UV in AltRef filtering
- Improve handling of invalid frames
- Fix valgrind errors in the NEON loop filters.
- Fix loopfilter delta zero transitions

Full changelogs here: 
http://review.webmproject.org/gitweb?p=libvpx.git;a=blob_plain;f=CHANGELOG;hb=686b217ed7fa3d77ac4b7c7754edaecbd2acc1f4


--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Tom "spot" Callaway <tcallawa at redhat.com> 0.9.5-1
- update to 0.9.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647990 - [RFE] Update to 0.9.5
        https://bugzilla.redhat.com/show_bug.cgi?id=647990
--------------------------------------------------------------------------------


================================================================================
 mbuffer-20100526-2.fc13 (FEDORA-2010-17142)
 Measuring Buffer is an enhanced version of buffer
--------------------------------------------------------------------------------
Update Information:

* Mon Nov 02 2010 Fabian Affolter <fabian at bernewireless.net> - 20100526-3
- Removed ever piece of md5

* Mon Nov 01 2010 Fabian Affolter <fabian at bernewireless.net> - 20100526-2
- Rebuild with md5hash as requested in #608943
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Fabian Affolter <fabian at bernewireless.net> - 20100526-2
- Rebuild with md5hash as requested in #608943
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #608943 - enable md5hash by default?
        https://bugzilla.redhat.com/show_bug.cgi?id=608943
--------------------------------------------------------------------------------


================================================================================
 mercurial-1.7-3.fc13 (FEDORA-2010-17087)
 Mercurial -- a distributed SCM
--------------------------------------------------------------------------------
Update Information:

see: http://http://mercurial.selenic.com/wiki/WhatsNew
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Neal Becker <ndbecker2 at gmail.com> - 1.7-3
- BR python-docutils
* Mon Nov  1 2010 Neal Becker <ndbecker2 at gmail.com> - 1.7-2
- Make that 1.7
* Mon Nov  1 2010 Neal Becker <ndbecker2 at gmail.com> - 1.7.0-1
- Update to 1.7.0
* Thu Oct 21 2010 Neal Becker <ndbecker2 at gmail.com> - 1.6.4-4
- Try another way to own directories
* Wed Oct 20 2010 Neal Becker <ndbecker2 at gmail.com> - 1.6.4-3
- Fixup unowned directories
--------------------------------------------------------------------------------


================================================================================
 mesa-7.8.2-1.fc13 (FEDORA-2010-17124)
 Mesa graphics libraries
--------------------------------------------------------------------------------
Update Information:

Latest stable upstream 7.8.x.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Adam Jackson <ajax at redhat.com> 7.8.2-1
- Mesa 7.8.2 (#617929)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #617929 - RFE Mesa 7.8.2
        https://bugzilla.redhat.com/show_bug.cgi?id=617929
  [ 2 ] Bug #577515 - Dri problem
        https://bugzilla.redhat.com/show_bug.cgi?id=577515
--------------------------------------------------------------------------------


================================================================================
 mysql-5.1.52-1.fc13 (FEDORA-2010-17090)
 MySQL client programs and shared libraries
--------------------------------------------------------------------------------
Update Information:

Update to MySQL 5.1.52, for various fixes described at
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html

--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Tom Lane <tgl at redhat.com> 5.1.52-1
- Update to MySQL 5.1.52, for various fixes described at
  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
Resolves: #646569
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #646569 - Cascade Delete results in "Got error -1 from storage engine"
        https://bugzilla.redhat.com/show_bug.cgi?id=646569
--------------------------------------------------------------------------------


================================================================================
 nagios-plugins-check-updates-1.4.9-1.fc13 (FEDORA-2010-17082)
 A Nagios plugin to check if Red Hat or Fedora system is up-to-date
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #546445 - Review Request: nagios-plugins-check-updates - A Nagios plugin to check if Red Hat or Fedora system is up-to-date
        https://bugzilla.redhat.com/show_bug.cgi?id=546445
--------------------------------------------------------------------------------


================================================================================
 pam-1.1.1-6.fc13 (FEDORA-2010-17112)
 An extensible library which provides authentication for applications
--------------------------------------------------------------------------------
Update Information:

This update fixes moderate vulnerabilities in pam_env, pam_namespace, pam_mail, and pam_xauth modules. Default configurations (or configurations generated by authconfig) are not affected by the pam_mail and pam_namespace vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  2 2010 Tomas Mraz <tmraz at redhat.com> 1.1.1-6
- fix insecure dropping of priviledges in pam_xauth, pam_env,
  and pam_mail - CVE-2010-3316 (#637898), CVE-2010-3435 (#641335)
- fix insecure executing of scripts with user supplied environment
  variables in pam_namespace - CVE-2010-3853 (#643043)
* Thu Jul 15 2010 Tomas Mraz <tmraz at redhat.com> 1.1.1-5
- do not overwrite tallylog with empty file on upgrade
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #637898 - CVE-2010-3316 pam: pam_xauth missing return value checks from setuid() and similar calls
        https://bugzilla.redhat.com/show_bug.cgi?id=637898
  [ 2 ] Bug #641335 - CVE-2010-3435 pam: pam_env and pam_mail accessing users' file with root privileges
        https://bugzilla.redhat.com/show_bug.cgi?id=641335
  [ 3 ] Bug #643043 - CVE-2010-3853 pam: pam_namespace executes namespace.init with service's environment
        https://bugzilla.redhat.com/show_bug.cgi?id=643043
--------------------------------------------------------------------------------


================================================================================
 perl-DBIx-SearchBuilder-1.58-1.fc13 (FEDORA-2010-17154)
 Encapsulate SQL queries and rows in simple perl objects
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  2 2010 Ralf Corsépius <corsepiu at fedoraproject.org> - 1.58-1
- Upstream update.
- Spec cleanup.
--------------------------------------------------------------------------------


================================================================================
 perl-DateTime-Format-Natural-0.91-1.fc13 (FEDORA-2010-17106)
 Create machine readable date/time with natural parsing logic
--------------------------------------------------------------------------------
Update Information:

This month's update to DateTime::Format::Natural includes:
* New supported formats: 
    * <time> <month> <monthday> 
    * <time> AM/PM <month> <monthday>
    * <monthday> <month> <time>
    * <monthday> <month> <time> AM/PM
    * <month> <monthday> <time> AM/PM
    * <variant> <weekday> <time> AM/PM
    * <time> AM/PM <variant> <weekday>
* Record the grammar keyword for each valid expression parsed
* Describe trace()'s purpose and its inclusion of a grammar keyword
* Fix reference to the Calc class in the documentation of trace()
* Adjust phrasing of parse_datetime_duration()'s documentation
* Correct spelling of the examples description

--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  2 2010 Iain Arnell <iarnell at gmail.com> 0.91-1
- update to latest upstream version
--------------------------------------------------------------------------------


================================================================================
 perl-Term-ProgressBar-2.09-9.fc13 (FEDORA-2010-17121)
 Provide a progress meter on a standard terminal
--------------------------------------------------------------------------------
Update Information:

Term::ReadKey is now mandatory requirement, which allow more features.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  2 2010 Marcela Mašláňová <mmaslano at redhat.com> - 2.09-9
- 648598 add requirement on Term::ReadKey, it add width feature
* Thu May  6 2010 Marcela Maslanova <mmaslano at redhat.com> - 2.09-8
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #648598 - perl-Term-ProgressBar is missing a dependency on perl-TermReadKey
        https://bugzilla.redhat.com/show_bug.cgi?id=648598
--------------------------------------------------------------------------------


================================================================================
 pidgin-2.7.5-1.fc13 (FEDORA-2010-17148)
 A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:

New release 2.7.5

Full Upstream ChangeLog:

http://developer.pidgin.im/wiki/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Stu Tomlinson <stu at nosnilmot.com> 2.7.5-1
- 2.7.5
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.3c-1.fc13 (FEDORA-2010-17098)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system.

* A logic error in the code for processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Successful exploitation may allow execution of arbitrary code. There isn't currently a CVE number for this issue but the original reporter of the problem has tagged this as ZDI-CAN-925. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3521

* An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory. Only configurations using "mod_site_misc", which is not enabled by default, and where the attacker has write access to a directory, are vulnerable to this issue, which has been assigned CVE-2010-3867. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3519

This update also fixes an issue with SQLite authentication and adds a new module "mod_geoip", which can be used to look up geographical information on connecting clients and use that to set access controls for the server.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Paul Howarth <paul at city-fan.org> 1.3.3c-1
- Update to 1.3.3c (#647965)
  - Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
  - Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)
  - Fixed SQLite authentications using "SQLAuthType Backend"
- New DSO module: mod_geoip
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647965 - proftpd-1.3.3c is available
        https://bugzilla.redhat.com/show_bug.cgi?id=647965
--------------------------------------------------------------------------------


================================================================================
 python-redis-2.0.0-1.fc13 (FEDORA-2010-17118)
 A Python client for redis
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #630339 - Review Request: python-redis - A Python client for redis
        https://bugzilla.redhat.com/show_bug.cgi?id=630339
--------------------------------------------------------------------------------


================================================================================
 python-sphinx-0.6.6-3.fc13 (FEDORA-2010-17085)
 Python documentation generator
--------------------------------------------------------------------------------
Update Information:

- Actually include *.js locale files
- Fix -doc Makefile to allow regeneration of .rst files

--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Michel Salim <salimma at fedoraproject.org> - 0.6.6-3
- Fix -doc Makefile to allow regeneration of .rst files
* Mon Nov  1 2010 Michel Salim <salimma at fedoraproject.org> - 0.6.6-2
- Actually include *.js locale files
--------------------------------------------------------------------------------


================================================================================
 rabbitmq-server-2.1.1-1.fc13 (FEDORA-2010-17149)
 The RabbitMQ server
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Hubert Plociniczak <hubert.plociniczak at gmail.com> 2.1.1-1
- New Upstream Release
--------------------------------------------------------------------------------


================================================================================
 seamonkey-2.0.10-1.fc13 (FEDORA-2010-17084)
 Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:

Update to new upstream SeaMonkey version 2.0.10, fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.9
* http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.10
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Martin Stransky <stransky at redhat.com> 2.0.10-1
- Update to 2.0.10
* Thu Oct 21 2010 Martin Stransky <stransky at redhat.com> 2.0.9-1
- Update to 2.0.9
--------------------------------------------------------------------------------


================================================================================
 wifi-radar-2.0.s08-1.fc13 (FEDORA-2010-17119)
 A utility for managing WiFi profiles
--------------------------------------------------------------------------------
Update Information:

Update to 2.0.s08 which fix three bugs
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Pablo Martin-Gomez <bouska at fedoraproject.org> -2.0.s08-1
- Update to 2.0.s08
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #493586 - Default configuration files missing/wrong
        https://bugzilla.redhat.com/show_bug.cgi?id=493586
--------------------------------------------------------------------------------

More information about the test mailing list