The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2011-13795
https://admin.fedoraproject.org/updates/FEDORA-2011-13499
https://admin.fedoraproject.org/updates/FEDORA-2011-13401
https://admin.fedoraproject.org/updates/FEDORA-2011-13181
https://admin.fedoraproject.org/updates/FEDORA-2011-13457
https://admin.fedoraproject.org/updates/FEDORA-2011-12874
https://admin.fedoraproject.org/updates/FEDORA-2011-13458
https://admin.fedoraproject.org/updates/FEDORA-2011-13633
https://admin.fedoraproject.org/updates/FEDORA-2011-13450
https://admin.fedoraproject.org/updates/FEDORA-2011-13805
https://admin.fedoraproject.org/updates/FEDORA-2011-13869
https://admin.fedoraproject.org/updates/FEDORA-2011-13864
https://admin.fedoraproject.org/updates/FEDORA-2011-13874
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2011-13874
https://admin.fedoraproject.org/updates/FEDORA-2011-13795
https://admin.fedoraproject.org/updates/FEDORA-2011-13515
https://admin.fedoraproject.org/updates/FEDORA-2011-13401
https://admin.fedoraproject.org/updates/FEDORA-2011-12717
https://admin.fedoraproject.org/updates/FEDORA-2011-9266
https://admin.fedoraproject.org/updates/FEDORA-2011-8835
https://admin.fedoraproject.org/updates/FEDORA-2011-8401
https://admin.fedoraproject.org/updates/FEDORA-2011-8116
https://admin.fedoraproject.org/updates/FEDORA-2011-5868
https://admin.fedoraproject.org/updates/FEDORA-2011-5174
https://admin.fedoraproject.org/updates/FEDORA-2011-3923
The following builds have been pushed to Fedora 14 updates-testing
cyrus-imapd-2.3.18-1.fc14
openswan-2.6.33-2.fc14
perl-5.12.4-147.fc14
perl-MooseX-Types-Structured-0.28-1.fc14
postgis-1.5.3-1.fc14
zabbix-1.8.8-1.fc14
Details about builds:
================================================================================
cyrus-imapd-2.3.18-1.fc14 (FEDORA-2011-13869)
A high-performance mail server with IMAP, POP3, NNTP and SIEVE support
--------------------------------------------------------------------------------
Update Information:
- cyrus-imapd updated to 2.3.18
- fixes incomplete authentication checks in nntpd (Secunia SA46093)
- fix CVE-2011-3208: a remotely exploitable buffer overflow in nntpd
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Michal Hlavinka <mhlavink(a)redhat.com> - 2.3.18-1
- cyrus-imapd updated to 2.3.18
- fixes incomplete authentication checks in nntpd (Secunia SA46093)
* Mon Sep 19 2011 Michal Hlavinka <mhlavink(a)redhat.com> - 2.3.17-1
- updated to 2.3.17
--------------------------------------------------------------------------------
================================================================================
openswan-2.6.33-2.fc14 (FEDORA-2011-13864)
IPSEC implementation with IKEv1 and IKEv2 keying protocols
--------------------------------------------------------------------------------
Update Information:
Fixes for cve-2011-3380.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Avesh Agarwal <avagarwa(a)redhat.com> - 2.6.33-2
- Fixes for cve-2011-3380
--------------------------------------------------------------------------------
================================================================================
perl-5.12.4-147.fc14 (FEDORA-2011-13874)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
This update fixes security bug in Digest object constructor (CVE-2011-3597) and in
decoding Unicode string by interpreter (CVE-2011-2939).
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Petr Pisar <ppisar(a)redhat.com> - 4:5.12.4-147
- Fix CVE-2011-3597 (code injection in Digest) (bug #743010)
- Fix CVE-2011-2939 (heap overflow while decoding Unicode string) (bug #731246)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #743010 - CVE-2011-3597 perl: code injection vulnerability in
Digest->new()
https://bugzilla.redhat.com/show_bug.cgi?id=743010
[ 2 ] Bug #731246 - CVE-2011-2939 Perl 5.{10,12,14} heap overflow while decoding Unicode
string
https://bugzilla.redhat.com/show_bug.cgi?id=731246
--------------------------------------------------------------------------------
================================================================================
perl-MooseX-Types-Structured-0.28-1.fc14 (FEDORA-2011-13856)
Structured Type Constraints for Moose
--------------------------------------------------------------------------------
Update Information:
This update fixes a regression where mixed type constraints (MX:Types style and
'classic' Stringy style) used in a single structured type doesn't work.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Iain Arnell <iarnell(a)gmail.com> 0.28-1
- update to latest upstream version
* Wed Jul 20 2011 Petr Sabata <contyk(a)redhat.com> - 0.27-2
- Perl mass rebuild
* Wed May 4 2011 Iain Arnell <iarnell(a)gmail.com> 0.27-1
- update to latest upstream version
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.26-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Jan 16 2011 Iain Arnell <iarnell(a)gmail.com> 0.26-2
- additional provides for packages hidden from PAUSE
* Sun Jan 16 2011 Iain Arnell <iarnell(a)gmail.com> 0.26-1
- update to latest upstream version
--------------------------------------------------------------------------------
================================================================================
postgis-1.5.3-1.fc14 (FEDORA-2011-13855)
Geographic Information Systems Extensions to PostgreSQL
--------------------------------------------------------------------------------
Update Information:
Update to 1.5.3, per changes described at:
http://postgis.org/news/20110625/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 4 2011 Devrim GÜNDÜZ <devrim(a)gunduz.org> - 1.5.3-1
- Update to 1.5.3
--------------------------------------------------------------------------------
================================================================================
zabbix-1.8.8-1.fc14 (FEDORA-2011-13867)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
- update to 1.8.8
- upstream changelog at
http://www.zabbix.com/rn1.8.8.php
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Dan Horák <dan[at]danny.cz> - 1.8.8-1
- Update for 1.8.8
- Drop the ZBX-4099 patch, that's now obsolete
- Remove two further htaccess files and put the configuration in
the main configuration file
- thanks to Volker Fröhlich for the changes above
- move zabbix_get to the server and proxy subpackages (#734512)
- remove prebuilt Windows binaries (#737341)
- remove flash clock applet (#737337)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #734512 - Package zabbix_get with servers and proxies instead of with agents
https://bugzilla.redhat.com/show_bug.cgi?id=734512
[ 2 ] Bug #737341 - Delete pre-built binaries
https://bugzilla.redhat.com/show_bug.cgi?id=737341
[ 3 ] Bug #737337 - Flash clock
https://bugzilla.redhat.com/show_bug.cgi?id=737337
--------------------------------------------------------------------------------