Fedora 14 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Mon May 9 20:58:53 UTC 2011
The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/seamonkey-2.0.14-1.fc14
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14
https://admin.fedoraproject.org/updates/libmodplug-0.8.8.3-1.fc14
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14
https://admin.fedoraproject.org/updates/vino-2.32.2-1.fc14
https://admin.fedoraproject.org/updates/kdenetwork-4.6.2-2.fc14
https://admin.fedoraproject.org/updates/acpid-2.0.9-1.fc14
https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
https://admin.fedoraproject.org/updates/postfix-2.7.4-1.fc14
https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999929-3.fc14
https://admin.fedoraproject.org/updates/wordpress-3.1.2-1.fc14
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-21.fc14
https://admin.fedoraproject.org/updates/asterisk-1.6.2.18-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14
https://admin.fedoraproject.org/updates/mediawiki-1.16.5-59.fc14
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/pcre-8.10-2.fc14
https://admin.fedoraproject.org/updates/lvm2-2.02.84-2.fc14
https://admin.fedoraproject.org/updates/libedit-3.0-3.20090923cvs.fc14
https://admin.fedoraproject.org/updates/libpcap-1.1.1-3.fc14
https://admin.fedoraproject.org/updates/binutils-2.20.51.0.7-8.fc14
https://admin.fedoraproject.org/updates/tar-1.23-9.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14
https://admin.fedoraproject.org/updates/evolution-exchange-2.32.3-1.fc14,evolution-data-server-2.32.3-1.fc14,evolution-2.32.3-1.fc14
https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-6.fc14
https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc14
https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14
https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14
https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14
The following builds have been pushed to Fedora 14 updates-testing
eclipse-cdt-7.0.2-1.fc14
ghc-6.12.3-8.4.fc14
ghc-rpm-macros-0.10.55-1.fc14
mediawiki-1.16.5-59.fc14
mfiler3-4.3.4-2.fc14
pcre-8.10-2.fc14
postfix-2.7.4-1.fc14
saphire-3.0.5-1.fc14
upstart-1.2-1.fc14
vino-2.32.2-1.fc14
wallpapoz-0.5-6.fc14.1
Details about builds:
================================================================================
eclipse-cdt-7.0.2-1.fc14 (FEDORA-2011-6770)
Eclipse C/C++ Development Tools (CDT) plugin
--------------------------------------------------------------------------------
Update Information:
Upgrading to CDT 7.0.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 6 2011 Jeff Johnston <jjohnstn at redhat.com> 1:7.0.2-1
- Rebase CDT to 7.0.2
- Rebase Autotools and Libhover to use tarballs from git repo.
* Wed Mar 9 2011 Jeff Johnston <jjohnstn at redhat.com> 1:7.0.1-6
- Fix typo in libhover local patch so entire libhoverdocs directory
contents are installed.
--------------------------------------------------------------------------------
================================================================================
ghc-6.12.3-8.4.fc14 (FEDORA-2011-6779)
Glasgow Haskell Compilation system
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 9 2011 Jens Petersen <petersen at redhat.com> - 6.12.3-8.4
- ghc-rpm-macros-0.10.55 for automatic lib dependencies
- ghc now requires ghc-devel with ver-rel
- ghc-devel now require ghc with ver-rel
- ghc-prof now requires ghc-devel with ver-rel
- make devel and prof meta packages require subpackages with ver-rel
- make ghc-*-devel subpackages require ghc with ver-rel
- bring back ghc-libs to avoid yum resolver problems (#702934)
- drop haddock obsoletes
- use without_hscolour
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #702934 - dropping ghc-libs confuses yum resolver when installing shared libs
https://bugzilla.redhat.com/show_bug.cgi?id=702934
--------------------------------------------------------------------------------
================================================================================
ghc-rpm-macros-0.10.55-1.fc14 (FEDORA-2011-6780)
Macros for building packages for GHC
--------------------------------------------------------------------------------
Update Information:
Backport ghc-deps.sh rpm dependency script for automatic versioned library dependencies (without hashes).
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 9 2011 Jens Petersen <petersen at redhat.com> - 0.10.55-1
- include ghc_pkg_c_deps even when -c option used
* Mon May 9 2011 Jens Petersen <petersen at redhat.com> - 0.10.54-1
- ghc-deps.sh: ignore private ghc lib deps
- macros.ghc: drop ghc-prof requires from ghc_prof_requires
* Sat May 7 2011 Jens Petersen <petersen at redhat.com> - 0.10.53-1
- backport ghc-deps.sh rpm dependency script for automatic versioned
library dependencies (without hashes)
- drop ghc_pkg_deps from ghc_package_devel and ghc_package_prof since
ghc-deps.sh generates better inter-package dependencies already
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.16.5-59.fc14 (FEDORA-2011-6774)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
Mediawiki 1.16.5 was released to correct two security flaws:
The first issue is yet another recurrence of the Internet Explorer 6 XSS vulnerability that caused the release of 1.16.4. It was pointed out that there are dangerous extensions with more than four characters, so the regular expressions we introduced had to be updated to match longer extensions. (CVE-2011-1765)
The second issue allows unauthenticated users to gain additional
rights, on wikis where $wgBlockDisablesLogin is enabled. By default, it is disabled. The issue occurs when a malicious user sends cookies which contain the user name and user ID of a "victim" account. In certain circumstances, the rights of the victim are loaded and persist throughout the malicious request, allowing the malicious user to perform actions with the victim's rights. (CVE-2011-1766)
$wgBlockDisablesLogin is a feature which is sometimes used on private wikis to prevent users who have an account from logging in and viewing content on the wiki.
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 8 2011 Axel Thimm <Axel.Thimm at ATrpms.net> - 1.16.5-59
- Update to 1.16.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #702512 - CVE-2011-1765 mediawiki: two vulnerabilities fixed in 1.16.5
https://bugzilla.redhat.com/show_bug.cgi?id=702512
--------------------------------------------------------------------------------
================================================================================
mfiler3-4.3.4-2.fc14 (FEDORA-2011-6772)
Two pane file manager under UNIX console
--------------------------------------------------------------------------------
Update Information:
saphire 3.0.5 is released. mfiler3 was recompiled against new saphire.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 3 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 4.3.4-2
- Rebuild against newer saphire
--------------------------------------------------------------------------------
================================================================================
pcre-8.10-2.fc14 (FEDORA-2011-6776)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 9 2011 Petr Pisar <ppisar at redhat.com> - 8.10-2
- Fix caseless reference matching in UTF-8 mode when the upper/lower case
characters have different lengths (bug #702623)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #702623 - Problems with caseless reference matching in UTF-8 mode when the upper/lower case characters have different lengths
https://bugzilla.redhat.com/show_bug.cgi?id=702623
--------------------------------------------------------------------------------
================================================================================
postfix-2.7.4-1.fc14 (FEDORA-2011-6771)
Postfix Mail Transport Agent
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720). For original upstream announcement see: http://archives.neohapsis.com/archives/postfix/2011-05/0208.html
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 9 2011 Jaroslav Škarvada <jskarvad at redhat.com> - 2:2.7.4-1
- update to 2.7.4
- fix CVE-2011-1720
--------------------------------------------------------------------------------
================================================================================
saphire-3.0.5-1.fc14 (FEDORA-2011-6772)
Yet another shell
--------------------------------------------------------------------------------
Update Information:
saphire 3.0.5 is released. mfiler3 was recompiled against new saphire.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 3 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 3.0.5-1
- 3.0.5
--------------------------------------------------------------------------------
================================================================================
upstart-1.2-1.fc14 (FEDORA-2011-6768)
An event-driven init system
--------------------------------------------------------------------------------
Update Information:
This is update to upstart-1.2 release with support for .override files.
New stanzas have been introduced - manual, debug.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 9 2011 Petr Lautrbach <plautrba at redhat.com> 1.2-1
- upgrade to 1.2
- allow job override files
* Thu Nov 4 2010 Petr Lautrbach <plautrba at redhat.com> 0.6.5-11
- drop systemd-sysvinit obsoletes (#649510)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #649510 - upstart-sysvinit nobbles systemd-sysvinit
https://bugzilla.redhat.com/show_bug.cgi?id=649510
[ 2 ] Bug #690122 - upstart-1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=690122
--------------------------------------------------------------------------------
================================================================================
vino-2.32.2-1.fc14 (FEDORA-2011-6773)
A remote desktop system for GNOME
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 8 2011 Christopher Aillon <caillon at redhat.com> - 2.32.2-1
- Update to 2.32.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #694455 - CVE-2011-0904 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests
https://bugzilla.redhat.com/show_bug.cgi?id=694455
[ 2 ] Bug #694456 - CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
https://bugzilla.redhat.com/show_bug.cgi?id=694456
--------------------------------------------------------------------------------
================================================================================
wallpapoz-0.5-6.fc14.1 (FEDORA-2011-6769)
Gnome Multi Backgrounds and Wallpapers Configuration Tool
--------------------------------------------------------------------------------
Update Information:
Killed gsettings patch explicitly as calling gsettings with no-corresponding key causes gsettings crash.
Current wallpapoz shows some error messages on startup about missing files. This new rpm will fix thse issues.
Previous rpm -5 introduced a bug that wallpapoz won't launch when using xml file with desktop style. This new rpm will fix the issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 9 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 0.5-6.1
- F-14: kill gsettings patch explicitly: F-14 gsettings crashes
every time key is not found
* Fri May 6 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 0.5-6
- Fix crash on wallpapoz with desktop style xml which was introduced
in -5 (bug 702538)
* Thu May 5 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 0.5-5
- And more fix for gsettings key name change
- Kill warnings on startup when wallpapoz tries to show workspace name
as "images"
* Sat Apr 16 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 0.5-4
- Modify for gsettings key name change
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5-3.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #702538 - [abrt] wallpapoz-0.5-5.fc15: wallpapoz:1301:treeview_selection_changed:UnboundLocalError: local variable 'parent' referenced before assignment
https://bugzilla.redhat.com/show_bug.cgi?id=702538
--------------------------------------------------------------------------------
More information about the test
mailing list