Fedora 12 updates-testing report

Mon Nov 15 22:24:45 UTC 2010

The following Fedora 12 Security updates need testing:

    https://admin.fedoraproject.org/updates/freetype-2.3.11-7.fc12
    https://admin.fedoraproject.org/updates/bzip2-1.0.6-1.fc12
    https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12
    https://admin.fedoraproject.org/updates/gif2png-2.5.1-1202.fc12
    https://admin.fedoraproject.org/updates/cups-1.4.4-11.fc12
    https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc12
    https://admin.fedoraproject.org/updates/clamav-0.96.4-1200.fc12
    https://admin.fedoraproject.org/updates/libtlen-0-0.10.20060309.fc12
    https://admin.fedoraproject.org/updates/mod_fcgid-2.3.6-1.fc12

The following Fedora 12 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/freetype-2.3.11-7.fc12
    https://admin.fedoraproject.org/updates/mingetty-1.08-6.fc12
    https://admin.fedoraproject.org/updates/tzdata-2010o-1.fc12
    https://admin.fedoraproject.org/updates/pungi-2.0.20.1-1.fc12
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.1-10.git20100831.fc12
    https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc12
    https://admin.fedoraproject.org/updates/findutils-4.4.2-7.fc12
    https://admin.fedoraproject.org/updates/nss-softokn-3.12.4-16.fc12
    https://admin.fedoraproject.org/updates/xorg-x11-drv-ati-6.13.0-0.22.20100316git819b4015.fc12
    https://admin.fedoraproject.org/updates/binutils-2.19.51.0.14-38.fc12
    https://admin.fedoraproject.org/updates/util-linux-ng-2.16.2-4.fc12
    https://admin.fedoraproject.org/updates/xorg-x11-drv-synaptics-1.2.0-3.fc12
    https://admin.fedoraproject.org/updates/findutils-4.4.2-5.fc12

The following builds have been pushed to Fedora 12 updates-testing

    freetype-2.3.11-7.fc12
    libtlen-0-0.10.20060309.fc12
    scantailor-0.9.9.2-1.fc12
    smartmontools-5.39.1-3.fc12

Details about builds:

================================================================================
 freetype-2.3.11-7.fc12 (FEDORA-2010-17755)
 A free and portable font rendering engine
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-7
- Add freetype-2.3.11-CVE-2010-3855.patch
    (Protect against invalid `runcnt' values.)
- Resolves: #651764
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #645275 - CVE-2010-3855 Freetype : Heap based buffer overflow in ft_var_readpackedpoints()
        https://bugzilla.redhat.com/show_bug.cgi?id=645275
--------------------------------------------------------------------------------

================================================================================
 libtlen-0-0.10.20060309.fc12 (FEDORA-2010-17762)
 Tlen.pl client library
--------------------------------------------------------------------------------
Update Information:

This update unbundles the old copy of expat included in libtlen, fixing CVE-2009-3720 and possibly other vulnerabilities already fixed in system expat.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 14 2010 Dominik Mierzejewski <rpm at greysector.net> 0-0.10.20060309
- fix source URL
- unbundle expat (fix bug #652502, CVE-2009-3720)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #652502 - libtlen contains an embedded copy of expat, prone to CVE-2009-3720
        https://bugzilla.redhat.com/show_bug.cgi?id=652502
--------------------------------------------------------------------------------

================================================================================
 scantailor-0.9.9.2-1.fc12 (FEDORA-2010-17753)
 An interactive post-processing tool for scanned pages
--------------------------------------------------------------------------------
Update Information:

* Fixed page sorting issues on Linux.

* Fixed improper calculation of cut-off page outline.

* Fixed pages re-appearing in a project after being removed half-by-half.

* German and French translations were added.

* Compatibility with the latest version of boost.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 15 2010 Jan Horak <jhorak at redhat.com> - 0.9.9.2-1
- Update to 0.9.9.2
--------------------------------------------------------------------------------

================================================================================
 smartmontools-5.39.1-3.fc12 (FEDORA-2010-17748)
 Tools for monitoring SMART capable hard disks
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 15 2010 Michal Hlavinka <mhlavink at redhat.com> - 1:5.39.1-3
- megaraid: Fix segfault on non-data commands (#577935)
* Wed Nov 10 2010 Michal Hlavinka <mhlavink at redhat.com> - 1:5.39.1-2
- don't forget to restart smartd service after update (#651211)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #651211 - smartd doesn't restart after smartmontools package update
        https://bugzilla.redhat.com/show_bug.cgi?id=651211
  [ 2 ] Bug #577935 - Smartctl segmentation fault and crash followed by kernel invalid opcode trace
        https://bugzilla.redhat.com/show_bug.cgi?id=577935
--------------------------------------------------------------------------------