The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/udev-153-5.fc13
https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13
https://admin.fedoraproject.org/updates/phpMyAdmin-3.3.8.1-1.fc13
https://admin.fedoraproject.org/updates/wireshark-1.2.13-1.fc13
https://admin.fedoraproject.org/updates/krb5-1.7.1-16.fc13
https://admin.fedoraproject.org/updates/bareftp-0.3.7-1.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/perl-5.10.1-121.fc13,perl-CGI-3.5...
https://admin.fedoraproject.org/updates/curl-7.20.1-5.fc13
https://admin.fedoraproject.org/updates/elfutils-0.150-1.fc13
https://admin.fedoraproject.org/updates/udev-153-5.fc13
https://admin.fedoraproject.org/updates/livecd-tools-13.0-1.fc13
https://admin.fedoraproject.org/updates/gnome-desktop-2.30.2-1.fc13
https://admin.fedoraproject.org/updates/mingetty-1.08-6.fc13
https://admin.fedoraproject.org/updates/sendmail-8.14.4-6.fc13
https://admin.fedoraproject.org/updates/hunspell-1.2.8-18.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7...
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7...
The following builds have been pushed to Fedora 13 updates-testing
alleggl-0.4.3-8.fc13
django-addons-0.6.3-1.fc13
django-ajax-selects-1.1.4-3.fc13
fedora-business-cards-0.2.4.3-1.fc13
fgrun-1.5.2-5.fc13
ibus-anthy-1.2.5-1.fc13
input-pad-1.0.0-1.fc13
krb5-1.7.1-16.fc13
libint-1.1.4-3.fc13
perl-5.10.1-121.fc13
perl-CGI-3.50-2.fc13
php-pecl-apc-3.1.6-1.fc13
phpwapmail-0.9.4-1.fc13
pidgin-2.7.7-1.fc13
rec-applet-0.2.3-3.fc13
spyder-2.0.1-1.fc13
texmakerx-2.0-1.fc13
transifex-0.9.0-4.fc13
xl2tpd-1.2.7-1.fc13
Details about builds:
================================================================================
alleggl-0.4.3-8.fc13 (FEDORA-2010-18416)
OpenGL support library for Allegro
--------------------------------------------------------------------------------
Update Information:
Fix a crash when libGL reports a NULL rendering string.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 1 2010 Hans de Goede <hdegoede(a)redhat.com> 0.4.3-8
- Fix crash when libGL reports a NULL rendering string (#658758)
* Fri Sep 10 2010 Hans de Goede <hdegoede(a)redhat.com> 0.4.3-7
- Fix FTBFS (#631146)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #658758 - [abrt] machineball-1.0-9.fc13: _xwin_signal_handler: Process
/usr/bin/machineball was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=658758
--------------------------------------------------------------------------------
================================================================================
django-addons-0.6.3-1.fc13 (FEDORA-2010-18413)
A framework to create pluggable Django add-ons
--------------------------------------------------------------------------------
Update Information:
This is a framework
to create pluggable
Django add-ons.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #645764 - Review Request: django-addons - to add plugging functionality in
your projects easier
https://bugzilla.redhat.com/show_bug.cgi?id=645764
--------------------------------------------------------------------------------
================================================================================
django-ajax-selects-1.1.4-3.fc13 (FEDORA-2010-18427)
Enables editing of ForeignKey, ManyToMany and simple text fields
--------------------------------------------------------------------------------
Update Information:
Enables editing of ForeignKey,
ManyToMany and simple text
fields.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #645760 - Review Request: django-ajax-selects - Enables editing of ForeignKey,
ManyToMany and simple text fields
https://bugzilla.redhat.com/show_bug.cgi?id=645760
--------------------------------------------------------------------------------
================================================================================
fedora-business-cards-0.2.4.3-1.fc13 (FEDORA-2010-18428)
The Fedora business card generator
--------------------------------------------------------------------------------
Update Information:
Adds a new template for the standard European business card size, and other enhancements.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 30 2010 Ian Weller <ian(a)ianweller.org> - 0.2.4.3-1
- Add template for the Europe business card size
* Sun Jul 25 2010 Ian Weller <iweller(a)redhat.com> - 0.2.4.2-5
- Rebuilt again for
https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Wed Jul 21 2010 David Malcolm <dmalcolm(a)redhat.com> - 0.2.4.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #656769 - [abrt] fedora-business-cards-0.2.4.2-3.fc12:
generate.py:46:gen_front:AttributeError: 'NoneType' object has no attribute
'appendChild'
https://bugzilla.redhat.com/show_bug.cgi?id=656769
--------------------------------------------------------------------------------
================================================================================
fgrun-1.5.2-5.fc13 (FEDORA-2010-18415)
Graphical front-end for launching FlightGear flight simulator
--------------------------------------------------------------------------------
Update Information:
This new package is a graphical front-end for launching
the FlightGear flight simulator.
--------------------------------------------------------------------------------
================================================================================
ibus-anthy-1.2.5-1.fc13 (FEDORA-2010-18414)
The Anthy engine for IBus input platform
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 1 2010 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.2.5-1
- Updated to 1.2.5
Fixed Bug 652881 - SEGV when key tables are customized in new gconf.
Fixed Bug 654322 - new custom keys are not loaded.
--------------------------------------------------------------------------------
================================================================================
input-pad-1.0.0-1.fc13 (FEDORA-2010-18410)
On-screen Input Pad to Send Characters with Mouse
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 30 2010 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.0.0-1
- Bumped to 1.0.0
--------------------------------------------------------------------------------
================================================================================
krb5-1.7.1-16.fc13 (FEDORA-2010-18425)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
This update incorporates the upstream patches to correct bugs outlined in
MITKRB5-SA-2010-007 (CVE-2010-1323, CVE-2010-1324, and CVE-2010-4020).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 30 2010 Nalin Dahyabhai <nalin(a)redhat.com> 1.7.1-16
- add upstream patch to fix various issues from MITKRB5-SA-2010-007
(CVE-2010-1323, #648734, CVE-2010-1324, #648674)
* Thu Sep 23 2010 Nalin Dahyabhai <nalin(a)redhat.com> 1.7.1-15
- make -libs actually own /usr/kerberos, because it may be the only reason
that directory exists, due to owning /usr/kerberos/share (#636746)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #648734 - CVE-2010-1323 krb5: incorrect acceptance of certain checksums
(MITKRB5-SA-2010-007)
https://bugzilla.redhat.com/show_bug.cgi?id=648734
[ 2 ] Bug #648674 - CVE-2010-1324 krb5: multiple checksum handling vulnerabilities
(MITKRB5-SA-2010-007)
https://bugzilla.redhat.com/show_bug.cgi?id=648674
[ 3 ] Bug #648735 - CVE-2010-4020 krb5: krb5 may accept authdata checksums with
low-entropy derived keys (MITKRB5-SA-2010-007)
https://bugzilla.redhat.com/show_bug.cgi?id=648735
--------------------------------------------------------------------------------
================================================================================
libint-1.1.4-3.fc13 (FEDORA-2010-18399)
A library for computing electron repulsion integrals efficiently
--------------------------------------------------------------------------------
Update Information:
Split libderiv and libr12 in separate packages. Increased value of maximum angular
momentum the library can handle to I-type functions.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 30 2010 Jussi Lehtola <jussi.lehtola(a)iki.fi> - 1.1.4-3
- Increase maximum angular momentum values by 2, making it possible to
use basis sets that use up to I-type functions, such as Dunning's cc-pVXZ
basis sets.
- Split libderiv and libr12 into their own packages, as e.g. PyQuante currently
only needs the libint library.
--------------------------------------------------------------------------------
================================================================================
perl-5.10.1-121.fc13 (FEDORA-2010-18403)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
Security update of perl-CGI. In main perl package was created CGI sub-package, which is
updated with new build of CGI.
For more details see upstream message:
http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 1 2010 Marcela Mašláňová <mmaslano(a)redhat.com> - 4:5.10.1-121
- create sub-package for CGI 3.43
- create sub-package for threads-shared
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #657950 - perl-5.12.2/CGI-3.50 security update
https://bugzilla.redhat.com/show_bug.cgi?id=657950
--------------------------------------------------------------------------------
================================================================================
perl-CGI-3.50-2.fc13 (FEDORA-2010-18403)
Handle Common Gateway Interface requests and responses
--------------------------------------------------------------------------------
Update Information:
Security update of perl-CGI. In main perl package was created CGI sub-package, which is
updated with new build of CGI.
For more details see upstream message:
http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #657950 - perl-5.12.2/CGI-3.50 security update
https://bugzilla.redhat.com/show_bug.cgi?id=657950
--------------------------------------------------------------------------------
================================================================================
php-pecl-apc-3.1.6-1.fc13 (FEDORA-2010-18418)
APC caches and optimizes PHP intermediate code
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog
* make slam_defense a little more optimistic, allow a thread/process to write to cache in
a loop
* ensure realpaths hit the realpath_cache, in no-stat mode
* prevent memory starvation, nuke all caches when expunging just one doesn't work
* fix uploadprogress keylength issues (NUL is part of keylen, pecl bug #20016)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 30 2010 Remi Collet <Fedora(a)FamilleCollet.com> - 3.1.6-1
- update to 3.1.6 (bugfix)
--------------------------------------------------------------------------------
================================================================================
phpwapmail-0.9.4-1.fc13 (FEDORA-2010-18431)
WAP-based e-mail client
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.4 to fix issues with php 5.3 and later
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 1 2010 Dmitry Butskoy <Dmitry(a)Butskoy.name> - 0.9.4-1
- update to 0.9.4
--------------------------------------------------------------------------------
================================================================================
pidgin-2.7.7-1.fc13 (FEDORA-2010-18398)
A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:
New release 2.7.7
Full Upstream ChangeLog:
http://developer.pidgin.im/wiki/ChangeLog
The Fedora package disables MSNP16 features of MSN protocol due to regressions retrieving
buddy icons & custom emoticons from the official client when enabled.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 29 2010 Stu Tomlinson <stu(a)nosnilmot.com> 2.7.7-1
- 2.7.7
- Disable MSNP16 due to regressions interacting with official client
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #658746 - upstream is 2.7.7
https://bugzilla.redhat.com/show_bug.cgi?id=658746
--------------------------------------------------------------------------------
================================================================================
rec-applet-0.2.3-3.fc13 (FEDORA-2010-18407)
An audio recording applet
--------------------------------------------------------------------------------
Update Information:
An audio recording applet
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #632970 - Review Request: rec-applet - An audio recording applet for the
GNOME-desktop
https://bugzilla.redhat.com/show_bug.cgi?id=632970
--------------------------------------------------------------------------------
================================================================================
spyder-2.0.1-1.fc13 (FEDORA-2010-18429)
Scientific Python Development Environment
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 1 2010 Chen Lei <supercyper(a)163.com> - 2.0.1-1
- Update to 2.0.1
--------------------------------------------------------------------------------
================================================================================
texmakerx-2.0-1.fc13 (FEDORA-2010-18397)
A feature-rich editor for LaTeX documents
--------------------------------------------------------------------------------
Update Information:
Update to recent upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 1 2010 Johannes Lips <Johannes.Lips googlemail com> 2.0-1
- Update to recent upstream version
- added several other build requirements
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #655911 - [abrt] texmakerx-1.9.9a-3.fc14: Process /usr/bin/texmakerx was
killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=655911
[ 2 ] Bug #648383 - [abrt] texmakerx-1.9.9a-3.fc13: bool: Process /usr/bin/texmakerx was
killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=648383
[ 3 ] Bug #647582 - [abrt] texmakerx-1.9.9a-3.fc13: size: Process /usr/bin/texmakerx was
killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=647582
--------------------------------------------------------------------------------
================================================================================
transifex-0.9.0-4.fc13 (FEDORA-2010-18394)
A system for distributed translation submissions
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 1 2010 Domingo Becker <domingobecker(a)gmail.com> - 0.9.0-4
- Added new dependency, python-sqlite2
* Mon Nov 29 2010 Domingo Becker <domingobecker(a)gmail.com> - 0.9.0-3
- Removed the exclude manage.py in files section
- New dependency: python-pygooglechart
- Fixed project url and source0 url
* Fri Sep 24 2010 Domingo Becker <domingobecker(a)gmail.com> - 0.9.0-2
- include manage.py in installation
- New dependencies: django-filter django-sorting django-ajax-selects \
django-threadedcomments django-staticfiles django-addons
- Dependencies version: Django-south >= 0.7.2
* Tue Sep 14 2010 Mike McGrath <mmcgrath(a)redhat.com> - 0.9.0-1
- Upstream released new version
* Wed Aug 11 2010 David Malcolm <dmalcolm(a)redhat.com> - 0.8.0-0.2.alpha
- recompiling .py files against Python 2.7 (rhbz#623411)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #645752 - update to new version - tracker bug for missing deps
https://bugzilla.redhat.com/show_bug.cgi?id=645752
--------------------------------------------------------------------------------
================================================================================
xl2tpd-1.2.7-1.fc13 (FEDORA-2010-18405)
Layer 2 Tunnelling Protocol Daemon (RFC 2661)
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 30 2010 Paul Wouters <paul(a)xelerance.com> - 1.2.7-1
- Updated to 1.2.7
- Added more DEBUG build options to the make command
- Minor cleanups
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #547316 - xl2tpd-1.2.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=547316
--------------------------------------------------------------------------------