The following Fedora 13 Security updates need testing:

https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13 https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13 https://admin.fedoraproject.org/updates/php-5.3.5-1.fc13,maniadrive-1.2-26.f... https://admin.fedoraproject.org/updates/perl-Convert-UUlib-1.34-1.fc13 https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2 https://admin.fedoraproject.org/updates/wordpress-2.8.6-4.fc13 https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-3.fc13 https://admin.fedoraproject.org/updates/dpkg-1.15.5.6-6.fc13 https://admin.fedoraproject.org/updates/sssd-1.3.0-40.fc13 https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13 https://admin.fedoraproject.org/updates/mod_auth_mysql-3.0.0-12.fc13 https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.112-2.fc13

The following Fedora 13 Critical Path updates have yet to be approved:

https://admin.fedoraproject.org/updates/util-linux-ng-2.17.2-10.fc13 https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2 https://admin.fedoraproject.org/updates/dosfstools-3.0.9-3.fc13 https://admin.fedoraproject.org/updates/attr-2.4.44-4.fc13 https://admin.fedoraproject.org/updates/livecd-tools-13.1-1.fc13 https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-80.fc13 https://admin.fedoraproject.org/updates/libical-0.46-2.fc13 https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13 https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13 https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13 https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.... https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc...

The following builds have been pushed to Fedora 13 updates-testing

dpkg-1.15.5.6-6.fc13 freemind-0.9.0-0.8.rc14.fc13 jss-4.2.6-12.fc13 maniadrive-1.2-26.fc13.1 maniadrive-data-1.2-5.fc13 mc-4.7.5-1.fc13 openscada-0.7.0.1-5.fc13 php-5.3.5-1.fc13 php-eaccelerator-0.9.6.1-4.fc13 rubygem-aws-2.3.34-1.fc13 springlobby-0.120-1.fc13 sssd-1.3.0-40.fc13 uim-1.6.1-1.fc13 util-linux-ng-2.17.2-10.fc13 wordpress-mu-2.9.2-3.fc13 xqc-1.0-0.2.20101120svn7.fc13

Details about builds:

================================================================================ dpkg-1.15.5.6-6.fc13 (FEDORA-2011-0345) Package maintenance system for Debian Linux -------------------------------------------------------------------------------- Update Information:

Fix CVE-2010-1679 Fix CVE-2011-0402 -------------------------------------------------------------------------------- ChangeLog:

* Wed Jan 12 2011 Andrew Colin Kissa andrew@topdog.za.net - 1.15.5.6-6 - Fix CVE-2010-1679 - Fix CVE-2011-0402 * Sun Oct 17 2010 Jeroen van Meeuwen kanarip@kanarip.com - 1.15.5.6-5 - Apply minimal fix for rhbz #642160 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #668922 - CVE-2010-1679 dpkg: directory traversal flaw allows for arbitrary file creation https://bugzilla.redhat.com/show_bug.cgi?id=668922 [ 2 ] Bug #668930 - CVE-2011-0402 dpkg: arbitrary file modification via symlink attack https://bugzilla.redhat.com/show_bug.cgi?id=668930 --------------------------------------------------------------------------------

================================================================================ freemind-0.9.0-0.8.rc14.fc13 (FEDORA-2011-0361) Free mind mapping software -------------------------------------------------------------------------------- Update Information:

update to recent upstream version -------------------------------------------------------------------------------- ChangeLog:

* Wed Jan 12 2011 Johannes Lips <Johannes.Lips googlemail com> 0.9.0-0.8.rc14 - update to recent upstream version --------------------------------------------------------------------------------

================================================================================ jss-4.2.6-12.fc13 (FEDORA-2011-0336) Java Security Services (JSS) -------------------------------------------------------------------------------- Update Information:

fix to missing patch line in spec file Incorrect socket accept error message due to bad pointer arithmetic -------------------------------------------------------------------------------- ChangeLog:

* Tue Jan 11 2011 Kevin Wright kwright@redhat.com - 4.2.6-12 - added missing patch line * Tue Dec 21 2010 Christina Fu cfu@redhat.com - 4.2.6-11 - bug 654657 - jdennis@redhat.com Incorrect socket accept error message due to bad pointer arithmetic - bug 661142 - cfu@redhat.com Verification should fail when a revoked certificate is added -------------------------------------------------------------------------------- References:

[ 1 ] Bug #654657 - Incorrect socket accept error message due to bad pointer arithmetic https://bugzilla.redhat.com/show_bug.cgi?id=654657 --------------------------------------------------------------------------------

================================================================================ maniadrive-1.2-26.fc13.1 (FEDORA-2011-0321) 3D stunt driving game -------------------------------------------------------------------------------- Update Information:

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. -------------------------------------------------------------------------------- ChangeLog:

* Tue Jan 11 2011 Remi Collet Fedora@famillecollet.com 1.2-26.1 - rebuild * Tue Jan 11 2011 Hans de Goede hdegoede@redhat.com 1.2-26 - Fix story mode not working with php >= 5.3.5 (rhbz#668657) * Sun Jan 9 2011 Hans de Goede hdegoede@redhat.com 1.2-25 - Fix a crash when pressing 't', which enables the drawing of ode wire frames (rhbz#657353) * Sat Jan 8 2011 Remi Collet Fedora@famillecollet.com 1.2-24 - Rebuild for new php 5.3.5 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu https://bugzilla.redhat.com/show_bug.cgi?id=667806 --------------------------------------------------------------------------------

================================================================================ maniadrive-data-1.2-5.fc13 (FEDORA-2011-0321) Data files for maniadrive, a 3D stunt driving game -------------------------------------------------------------------------------- Update Information:

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. -------------------------------------------------------------------------------- ChangeLog:

* Tue Jan 11 2011 Hans de Goede hdegoede@redhat.com - 1.2-5 - Fix story mode not working with php >= 5.3.5 (rhbz#668657) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu https://bugzilla.redhat.com/show_bug.cgi?id=667806 --------------------------------------------------------------------------------

================================================================================ mc-4.7.5-1.fc13 (FEDORA-2011-0357) User-friendly text console file manager and visual shell -------------------------------------------------------------------------------- Update Information:

updates mc to 4.7.5 Fixes possible VFS and file GUI crashes. -------------------------------------------------------------------------------- ChangeLog:

* Wed Jan 12 2011 Jindrich Novy jnovy@redhat.com 4.7.5-1 - update to mc-4.7.5 - drop globfix, filegui and vfscrash patches - applied upstream - update mcviewsegfault patch * Tue Dec 14 2010 Jindrich Novy jnovy@redhat.com 4.7.4-4 - make cons.saver not suid root, it is no more needed (#640365) * Thu Dec 9 2010 Jindrich Novy jnovy@redhat.com 4.7.4-3 - fix crash in progress bar handling (#643256) - fix crash in opening mc VFS (#661290, #588795, #653156) - fix crash while creating a VFS timestamp (#660308) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #588795 - [abrt] crash in mc-1:4.7.1-2.fc13: Process /usr/bin/mc was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=588795 [ 2 ] Bug #643256 - mc crashes on SIGSEV when had copy multiple files https://bugzilla.redhat.com/show_bug.cgi?id=643256 [ 3 ] Bug #660308 - [abrt] mc-1:4.7.4-2.fc14: vfs_stamp_create: Process /usr/bin/mc was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=660308 [ 4 ] Bug #640365 - warning: user vcsa does not exist - using root https://bugzilla.redhat.com/show_bug.cgi?id=640365 --------------------------------------------------------------------------------

================================================================================ openscada-0.7.0.1-5.fc13 (FEDORA-2011-0353) Open SCADA system project -------------------------------------------------------------------------------- Update Information:

-------------------------------------------------------------------------------- ChangeLog:

* Tue Jan 11 2011 Aleksey Popkov aleksey@oscada.org - 0.7.0.1-5 - Moved files of messages from main package to the self package - Fixed macros errors - Fixed of error in oscada.init.patch file - Fixed somes of spelling-error. * Tue Jan 4 2011 Aleksey Popkov aleksey@oscada.org - 0.7.0.1-4 - My mistake fixing. Sorry! --------------------------------------------------------------------------------

================================================================================ php-5.3.5-1.fc13 (FEDORA-2011-0321) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information:

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. -------------------------------------------------------------------------------- ChangeLog:

* Fri Jan 7 2011 Remi Collet Fedora@famillecollet.com 5.3.5-1 - update to 5.3.5 http://www.php.net/ChangeLog-5.php#5.3.5 - clean duplicate configure options - remove all RPM_SOURCE_DIR - use mysql_config in libdir directly to avoid biarch build failures -------------------------------------------------------------------------------- References:

[ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu https://bugzilla.redhat.com/show_bug.cgi?id=667806 --------------------------------------------------------------------------------

================================================================================ php-eaccelerator-0.9.6.1-4.fc13 (FEDORA-2011-0321) PHP accelerator, optimizer, encoder and dynamic content cacher -------------------------------------------------------------------------------- Update Information:

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. -------------------------------------------------------------------------------- ChangeLog:

* Sat Jan 8 2011 Remi Collet Fedora@FamilleCollet.com - 1:0.9.6.1-4 - rebuild against PHP 5.3.5 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu https://bugzilla.redhat.com/show_bug.cgi?id=667806 --------------------------------------------------------------------------------

================================================================================ rubygem-aws-2.3.34-1.fc13 (FEDORA-2011-0363) Ruby gem for all Amazon Web Services -------------------------------------------------------------------------------- Update Information:

Version bump -------------------------------------------------------------------------------- ChangeLog:

* Mon Jan 10 2011 Michal Fojtik mfojtik@redhat.com - 2.3.34-1 - Version bump * Tue Nov 23 2010 Michal Fojtik mfojtik@redhat.com - 2.3.26-1 - Replaced right_http_connection with http_connection - Version bump -------------------------------------------------------------------------------- References:

[ 1 ] Bug #668955 - Update rubygem-aws to 2.3.34 https://bugzilla.redhat.com/show_bug.cgi?id=668955 --------------------------------------------------------------------------------

================================================================================ springlobby-0.120-1.fc13 (FEDORA-2011-0340) A lobby client for the spring RTS game engine -------------------------------------------------------------------------------- Update Information:

- New upgrade release. - BT download fixed (again). -------------------------------------------------------------------------------- ChangeLog:

* Tue Jan 11 2011 Gilboa Davara <gilboad [at] gmail [dot] com> - 0.120-1 - BT download broken by new spring release. --------------------------------------------------------------------------------

================================================================================ sssd-1.3.0-40.fc13 (FEDORA-2011-0337) System Security Services Daemon -------------------------------------------------------------------------------- Update Information:

Addresses low-priority CVE-2010-4341: DoS in sssd PAM responder can prevent logins -------------------------------------------------------------------------------- ChangeLog:

* Wed Jan 12 2011 Stephen Gallagher sgallagh@redhat.com - 1.3.0-40 - Bump release to rebuild with patch in source-control * Tue Jan 11 2011 Stephen Gallagher sgallagh@redhat.com - 1.3.0-39 - CVE-2010-4341 - DoS in sssd PAM responder can prevent logins -------------------------------------------------------------------------------- References:

[ 1 ] Bug #661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins https://bugzilla.redhat.com/show_bug.cgi?id=661163 --------------------------------------------------------------------------------

================================================================================ uim-1.6.1-1.fc13 (FEDORA-2011-0355) A multilingual input method library -------------------------------------------------------------------------------- ChangeLog:

* Wed Jan 12 2011 Akira TAGOH tagoh@redhat.com - 1.6.1-1 - New upstream release. --------------------------------------------------------------------------------

================================================================================ util-linux-ng-2.17.2-10.fc13 (FEDORA-2011-0342) A collection of basic system utilities -------------------------------------------------------------------------------- Update Information:

improve libblkid RAIDs detection -------------------------------------------------------------------------------- ChangeLog:

* Wed Jan 12 2011 Karel Zak kzak@redhat.com 2.17.2-10 - improve libblkid RAIDs detection (#543749) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #543749 - After upgrade from Fedora 11, RAID-1 mdraid assembles incorrectly https://bugzilla.redhat.com/show_bug.cgi?id=543749 --------------------------------------------------------------------------------

================================================================================ wordpress-mu-2.9.2-3.fc13 (FEDORA-2011-0352) WordPress-MU multi-user blogging software -------------------------------------------------------------------------------- Update Information:

Security fixes for BZ 668192. -------------------------------------------------------------------------------- ChangeLog:

* Tue Jan 11 2011 Jon Ciesla limb@jcomserv.net - 2.9.2-3 - Patches for security flaws, BZ 668192. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #668192 - Wordpress: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=668192 --------------------------------------------------------------------------------

================================================================================ xqc-1.0-0.2.20101120svn7.fc13 (FEDORA-2011-0365) C/C++ API for interfacing with XQuery processors -------------------------------------------------------------------------------- Update Information:

The goal of the XQC project is to create standardized C/C++ APIs for interfacing with XQuery processors. They provide mechanisms to compile and execute XQueries, manage contexts, and provide a basic interface for the XQuery Data Model.

This package contains the C header file and corresponding API documentation. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #655866 - Review Request: xqc - C/C++ API for interfacing with XQuery processors https://bugzilla.redhat.com/show_bug.cgi?id=655866 --------------------------------------------------------------------------------