Fedora 15 updates-testing report

Wed Jun 20 00:37:02 UTC 2012

The following Fedora 15 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-2012-9008/boost-1.46.0-4.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9329/roundcubemail-0.7.2-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-7246/libsoup-2.34.3-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9623/openjpeg-1.4-13.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9622/gc-7.2b-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9422/mosh-1.2.2-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9633/rubygem-activerecord-3.0.5-4.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9597/rubygem-actionpack-3.0.5-9.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9430/xen-4.1.2-8.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9328/gd-2.0.35-17.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9349/mysql-5.5.24-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9155/perl-Gtk2-MozEmbed-0.09-1.fc15.12,gnome-python2-extras-2.25.3-35.fc15.8,firefox-13.0-1.fc15,xulrunner-13.0-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-7131/seamonkey-2.9.1-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9079/thunderbird-13.0-1.fc15,thunderbird-lightning-1.5-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8931/kernel-2.6.43.8-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8010/sudo-1.7.4p5-5.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9648/gallery3-3.0.4-1.fc15

The following Fedora 15 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/FEDORA-2012-9589/thunderbird-13.0.1-1.fc15,xulrunner-13.0.1-1.fc15,firefox-13.0.1-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9349/mysql-5.5.24-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9280/lxpanel-0.5.9-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9062/python-bugzilla-0.7.0-1.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-9079/thunderbird-13.0-1.fc15,thunderbird-lightning-1.5-2.fc15
    https://admin.fedoraproject.org/updates/FEDORA-2012-8931/kernel-2.6.43.8-1.fc15
    https://admin.fedoraproject.org/updates/iproute-2.6.38.1-7.fc15
    https://admin.fedoraproject.org/updates/dracut-009-15.fc15

The following builds have been pushed to Fedora 15 updates-testing

    389-ds-base-1.2.10.10-1.fc15
    gallery3-3.0.4-1.fc15

Details about builds:

================================================================================
 389-ds-base-1.2.10.10-1.fc15 (FEDORA-2012-9651)
 389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:

Ticket #390 - [abrt] 389-ds-base-1.2.10.6-1.fc16: slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
some repl and some crashing issues
fix ldclt crash in previous fix
a couple of crashes
Ticket #348 - crash in ldap_initialize with multiple threads
Ticket #347 - IPA dirsvr seg-fault during system longevity test
crash bug with multiple transactions and range searches
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 18 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.10-1
- Ticket #390 - [abrt] 389-ds-base-1.2.10.6-1.fc16: slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
* Thu May 24 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.9-1
- Ticket #382 - DS Shuts down intermittently
- Trac Ticket #359 - Database RUV could mismatch the one in changelog under the stress
- Bug #361: Bad DNs in ACIs can segfault ns-slapd
- Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object
* Thu May  3 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.8-1
- Ticket #348 - crash in ldap_initialize with multiple threads
-  previous fix would crash in ldclt - this fixes that crash
* Mon Apr 30 2012 Rich Megginson <rmeggins at redhat.com> - 1.2.10.7-1
- Ticket #348 - crash in ldap_initialize with multiple threads
- Ticket #347 - IPA dirsvr seg-fault during system longevity test
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #832506 - [abrt] 389-ds-base-1.2.10.6-1.fc16: slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=832506
--------------------------------------------------------------------------------

================================================================================
 gallery3-3.0.4-1.fc15 (FEDORA-2012-9648)
 Customizable photo gallery web site
--------------------------------------------------------------------------------
Update Information:

Gallery 3.0.4 was released with the following release notes:

After several extensive internal and external security audits which discovered 22 distinct vulnerabilities, we are releasing Gallery 3.0.4 as a security release. All of the issues require that someone with malicious intent either have an account with edit permissions, or trick a user with edit permissions into clicking on a malicious link. In most cases, this can only lead to a possible XSS vulnerability, but in several instances it allows arbitrary PHP code execution.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 19 2012 Jon Ciesla <limburgher at gmail.com> - 3.0.4-1
- 3.0.4, BZ 833189, 833190.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #833189 - gallery: 3.0.4 fixes numerous security flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=833189
  [ 2 ] Bug #833190 - gallery: 3.0.4 fixes numerous security flaws [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=833190
--------------------------------------------------------------------------------