The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/perl-FCGI-0.74-1.fc14
https://admin.fedoraproject.org/updates/quagga-0.99.20-1.fc14
https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.1...
https://admin.fedoraproject.org/updates/NetworkManager-0.8.5.92-1.git2011...
https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.fc14
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-27.fc14
https://admin.fedoraproject.org/updates/kernel-2.6.35.14-97.fc14
https://admin.fedoraproject.org/updates/cyrus-imapd-2.3.17-1.fc14
https://admin.fedoraproject.org/updates/php-5.3.8-3.fc14
https://admin.fedoraproject.org/updates/thunderbird-3.1.15-1.fc14
https://admin.fedoraproject.org/updates/firefox-3.6.23-1.fc14,xulrunner-1...
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/livecd-tools-14.5-1.fc14
https://admin.fedoraproject.org/updates/NetworkManager-0.8.5.92-1.git2011...
https://admin.fedoraproject.org/updates/lldpad-0.9.41-4.fc14
https://admin.fedoraproject.org/updates/ModemManager-0.4.998-1.git2011070...
https://admin.fedoraproject.org/updates/mash-0.5.22-1.fc14
https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-30.3.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-8...
https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20...
https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9...
The following builds have been pushed to Fedora 14 updates-testing
cab-0.1.6-1.fc14
facter-1.6.1-1.fc14
ghc-data-default-0.3.0-1.fc14
ghc-rpm-macros-0.10.60-1.fc14
groonga-1.2.6-1.fc14
libjingle-0.6.0-2.fc14
mfiler3-4.4.3-2.fc14
mozc-1.2.831.102-1.fc14
ncl-6.0.0-2.fc14
olpc-utils-1.3.5-1.fc14
python-asciitable-0.7.1-1.fc14
quagga-0.99.20-1.fc14
saphire-3.5.3-1.fc14
scsi-target-utils-1.0.18-2.fc14
Details about builds:
================================================================================
cab-0.1.6-1.fc14 (FEDORA-2011-13594)
Maintenance command for Haskell cabal packages
--------------------------------------------------------------------------------
Update Information:
cab is a wrapper over Haskell cabal-install and cabal-dev.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #731972 - Review Request: cab - Haskell Cabal package maintenance program
https://bugzilla.redhat.com/show_bug.cgi?id=731972
--------------------------------------------------------------------------------
================================================================================
facter-1.6.1-1.fc14 (FEDORA-2011-13580)
Ruby module for collecting simple facts about a host operating system
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release. Refer to the release announcement for full details:
http://groups.google.com/group/puppet-users/browse_thread/thread/d2061ec6...
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Todd Zullinger <tmz(a)pobox.com> - 1.6.1-1
- Update to 1.6.1
- Minor spec file reformatting
--------------------------------------------------------------------------------
================================================================================
ghc-data-default-0.3.0-1.fc14 (FEDORA-2011-13578)
Provides a class for types with a default value
--------------------------------------------------------------------------------
Update Information:
This package provides a class for types with a default value.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #737228 - Review Request: ghc-data-default - A class for types with a default
value
https://bugzilla.redhat.com/show_bug.cgi?id=737228
--------------------------------------------------------------------------------
================================================================================
ghc-rpm-macros-0.10.60-1.fc14 (FEDORA-2011-13583)
Macros for building packages for GHC
--------------------------------------------------------------------------------
Update Information:
Fix versions in obsoletes/provides generated for ghc's devel subpackages.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Jens Petersen <petersen(a)redhat.com> - 0.10.60-1
- fix devel subpackage's prof and doc obsoletes and provides versions
for multiple lib packages like ghc (reported by Henrik Nordström)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #742407 - broken obsoletes/provides in ghc-7.0.2-16.4.fc15
https://bugzilla.redhat.com/show_bug.cgi?id=742407
--------------------------------------------------------------------------------
================================================================================
groonga-1.2.6-1.fc14 (FEDORA-2011-13570)
An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:
new upstream release
new upstream release
new upstream release
new upstream release
new upstream release
new upstream release
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Daiki Ueno <dueno(a)redhat.com> - 1.2.6-1
- build in fedora
* Thu Sep 29 2011 Kouhei Sutou <kou(a)clear-code.com> - 1.2.6-0
- new upstream release.
* Mon Sep 5 2011 Daiki Ueno <dueno(a)redhat.com> - 1.2.5-1
- build in fedora
* Mon Aug 29 2011 Kouhei Sutou <kou(a)clear-code.com> - 1.2.5-0
- new upstream release.
* Fri Jul 29 2011 Daiki Ueno <dueno(a)redhat.com> - 1.2.4-1
- build in fedora
* Fri Jul 29 2011 Kouhei Sutou <kou(a)clear-code.com> - 1.2.4-0
- new upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #742181 - groonga-1.2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=742181
[ 2 ] Bug #734043 - groonga-1.2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=734043
--------------------------------------------------------------------------------
================================================================================
libjingle-0.6.0-2.fc14 (FEDORA-2011-13592)
GoogleTalk implementation of Jingle
--------------------------------------------------------------------------------
Update Information:
Update libjingle to 0.6.0, needed for chromium 14+.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2011 Tom Callaway <spot(a)fedoraproject.org> - 0.6.0-2
- fix phone bits up
- properly bump to 0.6
* Tue Sep 27 2011 Tom Callaway <spot(a)fedoraproject.org> - 0.6.0-1
- update to 0.6.0
--------------------------------------------------------------------------------
================================================================================
mfiler3-4.4.3-2.fc14 (FEDORA-2011-13575)
Two pane file manager under UNIX console
--------------------------------------------------------------------------------
Update Information:
saphire 3.5.3 is released. mfiler3 is rebuilt against this new saphire.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Mamoru Tasaka <mtasaka(a)fedoraproject.org> - 4.4.3-2
- Rebuild against new saphire
--------------------------------------------------------------------------------
================================================================================
mozc-1.2.831.102-1.fc14 (FEDORA-2011-13573)
Open-sourced Google Japanese Input
--------------------------------------------------------------------------------
Update Information:
various bug fixes and enhancements included
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Akira TAGOH <tagoh(a)redhat.com> - 1.2.831.102-1
- New upstream release.
--------------------------------------------------------------------------------
================================================================================
ncl-6.0.0-2.fc14 (FEDORA-2011-13561)
NCAR Command Language and NCAR Graphics
--------------------------------------------------------------------------------
Update Information:
- Update to 6.0.0, enable cairo and gdal support.
- Use system udunits by linking it into where ncl expects it, drop udunits patch. Fixes
bug 742307.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 - Orion Poplawski <orion(a)cora.nwra.com> - 6.0.0-2
- Use system udunits by linking it into where ncl expects it, drop
udunits patch. Fixes bug 742307.
* Thu Sep 1 2011 - Orion Poplawski <orion(a)cora.nwra.com> - 6.0.0-1
- Update to 6.0.0 final
* Wed May 18 2011 - Orion Poplawski <orion(a)cora.nwra.com> - 6.0.0-0.2.beta
- Rebuild for hdf5 1.8.7
* Thu Mar 31 2011 - Orion Poplawski <orion(a)cora.nwra.com> - 6.0.0-0.1.beta
- Update to 6.0.0-beta
- Enable cairo and gdal support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #742307 - Segmentation fault
https://bugzilla.redhat.com/show_bug.cgi?id=742307
--------------------------------------------------------------------------------
================================================================================
olpc-utils-1.3.5-1.fc14 (FEDORA-2011-13568)
OLPC utilities
--------------------------------------------------------------------------------
Update Information:
Enable hwcursor and rotation on XO-1.75. Fix creation of lockdev/screen directories.
Disable XO-1.75 renderaccel to avoid hangs. Disable tap-to-click and pad scrolling on
sentelic driver. Create runtime directories for screen and lockdev.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Daniel Drake <dsd(a)laptop.org> - 1.3.5-1
- Enable XO-1.75 hardware cursor and screen rotation
- Fix permissions on screen/lockdev runtime directories
* Sun Sep 25 2011 Daniel Drake <dsd(a)laptop.org> - 1.3.4-1
- Disable XO-1.75 renderaccel to avoid hangs
- Disable tap-to-click and pad scrolling on sentelic driver
- Create runtime directories for screen and lockdev
--------------------------------------------------------------------------------
================================================================================
python-asciitable-0.7.1-1.fc14 (FEDORA-2011-13595)
Extensible ASCII table reader and writer
--------------------------------------------------------------------------------
Update Information:
This is a minor feature and bug-fix release
- Add a method inconsistent_handler() to the BaseReader
class as a hook to handle rows with an inconsistent number
of data columns (contributed by Erik Tollerud).
- Output a more informative error message when guessing fails.
- Fix issues in column type handling, mostly related to the
MemoryReader class which is used for writing tables.
- Fix a problem in guessing where user-supplied args were
not filtering the guess possibilities correctly.
- Fix problem reading a single column, string-only table with
MemoryReader on MacOS.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Sergio Pascual <sergiopr(a)fedoraproject.org> - 0.7.1-1
- New upstream version, with bugfixes
--------------------------------------------------------------------------------
================================================================================
quagga-0.99.20-1.fc14 (FEDORA-2011-13499)
Routing daemon
--------------------------------------------------------------------------------
Update Information:
fixes CVE-2011-332{3..7}
update to latest upstream 0.99.20
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Jiri Skala <jskala(a)redhat.com> - 0.99.20-1
- updated to latest upstream version 0.99.20
- fixes #741343 - CVE-2011-3325 corrected fix
* Thu Sep 29 2011 Jiri Skala <jskala(a)redhat.com> - 0.99.19-1
- fixes #741343 - CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327
- fixes #741580 - updated to latest upstream version 0.99.19
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while
decoding Link State Update packet with malformed Inter Area Prefix LSA
https://bugzilla.redhat.com/show_bug.cgi?id=738393
[ 2 ] Bug #738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding
malformed Database Description packet headers
https://bugzilla.redhat.com/show_bug.cgi?id=738394
[ 3 ] Bug #738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too
short Hello packet or Hello packet with invalid OSPFv2 header type
https://bugzilla.redhat.com/show_bug.cgi?id=738396
[ 4 ] Bug #738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link
State Update LSAs of unknown type
https://bugzilla.redhat.com/show_bug.cgi?id=738398
[ 5 ] Bug #738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding
BGP UPDATE message with unknown AS_PATH attributes
https://bugzilla.redhat.com/show_bug.cgi?id=738400
--------------------------------------------------------------------------------
================================================================================
saphire-3.5.3-1.fc14 (FEDORA-2011-13575)
Yet another shell
--------------------------------------------------------------------------------
Update Information:
saphire 3.5.3 is released. mfiler3 is rebuilt against this new saphire.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Mamoru Tasaka <mtasaka(a)fedoraproject.org> - 3.5.3-1
- 3.5.3
* Fri Sep 9 2011 Mamoru Tasaka <mtasaka(a)fedoraproject.org> - 3.5.1-1
- 3.5.1
--------------------------------------------------------------------------------
================================================================================
scsi-target-utils-1.0.18-2.fc14 (FEDORA-2011-13566)
The SCSI target daemon and utility programs
--------------------------------------------------------------------------------
Update Information:
Fixes crash on stop.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Andy Grover <agrover(a)redhat.com> - 1.0.18-2
- Add patch
* scsi-target-utils-fix-segfault-on-exit.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #712807 - [abrt] scsi-target-utils-1.0.14-2.el6: __list_del: Process
/usr/sbin/tgtd was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=712807
--------------------------------------------------------------------------------