The following Fedora 15 Security updates need testing:

https://admin.fedoraproject.org/updates/perl-FCGI-0.74-1.fc15 https://admin.fedoraproject.org/updates/thunderbird-lightning-1.0-0.50.b7.fc... https://admin.fedoraproject.org/updates/tomcat6-6.0.32-8.fc15 https://admin.fedoraproject.org/updates/quagga-0.99.20-1.fc15 https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-1... https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.fc15 https://admin.fedoraproject.org/updates/cyrus-imapd-2.4.11-1.fc15 https://admin.fedoraproject.org/updates/php-5.3.8-3.fc15 https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc15

The following Fedora 15 Critical Path updates have yet to be approved:

https://admin.fedoraproject.org/updates/livecd-tools-15.10-1.fc15 https://admin.fedoraproject.org/updates/system-setup-keyboard-0.8.7-2.fc15 https://admin.fedoraproject.org/updates/gdb-7.3-44.fc15 https://admin.fedoraproject.org/updates/evolution-data-server-3.0.3.1-1.fc15 https://admin.fedoraproject.org/updates/tzdata-2011k-0.1.20110921.fc15 https://admin.fedoraproject.org/updates/m4-1.4.16-2.fc15 https://admin.fedoraproject.org/updates/xfwm4-4.8.1-3.fc15 https://admin.fedoraproject.org/updates/redhat-rpm-config-9.1.0-13.fc15 https://admin.fedoraproject.org/updates/sendmail-8.14.5-2.fc15.1 https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-5.fc15 https://admin.fedoraproject.org/updates/openldap-2.4.24-5.fc15 https://admin.fedoraproject.org/updates/lldpad-0.9.41-4.fc15 https://admin.fedoraproject.org/updates/evolution-mapi-3.0.3-2.fc15,evolutio... https://admin.fedoraproject.org/updates/nspr-4.8.8-4.fc15 https://admin.fedoraproject.org/updates/nss-softokn-3.12.10-4.fc15 https://admin.fedoraproject.org/updates/mash-0.5.22-1.fc15 https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-14.f... https://admin.fedoraproject.org/updates/libfprint-0.4.0-1.fc15,fprintd-0.4.1...

The following builds have been pushed to Fedora 15 updates-testing

cab-0.1.6-1.fc15 compiz-fusion-extras-0.9.5.0-2.fc15 condor-7.7.1-0.1.fc15 deltacloud-core-0.4.0-4.fc15 drupal6-pathauto-2.0-0.4.rc2.fc15 eekboard-1.0.4-1.fc15 facter-1.6.1-1.fc15 ghc-data-default-0.3.0-1.fc15 ghc-rpm-macros-0.13.11-1.fc15 gromacs-4.5.5-1.fc15 groonga-1.2.6-1.fc15 haveged-1.2-3.fc15 kmymoney-4.6.0-1.fc15 libalkimia-4.3.1-3.fc15 libjingle-0.6.0-2.fc15 mfiler3-4.4.3-2.fc15 mk-files-20110808-1.fc15 mozc-1.2.831.102-1.fc15 mozilla-noscript-2.1.4-1.fc15 ncl-6.0.0-2.fc15 php-bartlett-PHP-Reflect-1.0.2-2.fc15 python-asciitable-0.7.1-1.fc15 quagga-0.99.20-1.fc15 saphire-3.5.3-1.fc15 scsi-target-utils-1.0.18-2.fc15 thunderbird-7.0-1.fc15 thunderbird-lightning-1.0-0.50.b7.fc15

Details about builds:

================================================================================ cab-0.1.6-1.fc15 (FEDORA-2011-13588) Maintenance command for Haskell cabal packages -------------------------------------------------------------------------------- Update Information:

cab is a wrapper over Haskell cabal-install and cabal-dev. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #731972 - Review Request: cab - Haskell Cabal package maintenance program https://bugzilla.redhat.com/show_bug.cgi?id=731972 --------------------------------------------------------------------------------

================================================================================ compiz-fusion-extras-0.9.5.0-2.fc15 (FEDORA-2011-13565) Additional plugins for Compiz -------------------------------------------------------------------------------- Update Information:

obsolete compiz-fusion-extras-gnome -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Leigh Scott leigh123linux@googlemail.com - 0.9.5.0-2 - obsolete compiz-fusion-extras-gnome --------------------------------------------------------------------------------

================================================================================ condor-7.7.1-0.1.fc15 (FEDORA-2011-13567) Condor: High Throughput Computing -------------------------------------------------------------------------------- Update Information:

Update to condor 7.7.1 package -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 16 2011 tstclair@redhat.com - 7.7.1-0.1 - Fast forward to 7.7.1 official release tag V7_7_1 - ghost var/lock and var/run in spec (BZ656562) --------------------------------------------------------------------------------

================================================================================ deltacloud-core-0.4.0-4.fc15 (FEDORA-2011-13585) Deltacloud REST API -------------------------------------------------------------------------------- Update Information:

Re-enable the condor driver. -------------------------------------------------------------------------------- ChangeLog:

* Thu Sep 29 2011 Chris Lalancette clalance@redhat.com - 0.4.0-4 - Add a patch to re-enable deltacloud-core-condor --------------------------------------------------------------------------------

================================================================================ drupal6-pathauto-2.0-0.4.rc2.fc15 (FEDORA-2011-13590) Automatically generates path aliases -------------------------------------------------------------------------------- Update Information:

Updated to 2.0. -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Peter Borsa asrob@claire - 2.0-0.4.rc2 - Updated to 2.0 version. --------------------------------------------------------------------------------

================================================================================ eekboard-1.0.4-1.fc15 (FEDORA-2011-13577) An Easy-to-use Virtual Keyboard Toolkit -------------------------------------------------------------------------------- Update Information:

* add eekboard -k option to specify keyboards * fix Hebrew keyboard rendering -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Daiki Ueno dueno@redhat.com - 1.0.4-1 - new upstream release (fixes #737441) * Thu Sep 29 2011 Daiki Ueno dueno@redhat.com - 1.0.3-5 - add eekboard-command-line-keyboards.patch (#737441) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #737441 - RFE: provide back eekboard-inscript https://bugzilla.redhat.com/show_bug.cgi?id=737441 --------------------------------------------------------------------------------

================================================================================ facter-1.6.1-1.fc15 (FEDORA-2011-13587) Ruby module for collecting simple facts about a host operating system -------------------------------------------------------------------------------- Update Information:

Upstream bugfix release. Refer to the release announcement for full details:

http://groups.google.com/group/puppet-users/browse_thread/thread/d2061ec6263... -------------------------------------------------------------------------------- ChangeLog:

* Thu Sep 29 2011 Todd Zullinger tmz@pobox.com - 1.6.1-1 - Update to 1.6.1 - Minor spec file reformatting --------------------------------------------------------------------------------

================================================================================ ghc-data-default-0.3.0-1.fc15 (FEDORA-2011-13581) Provides a class for types with a default value -------------------------------------------------------------------------------- Update Information:

This package provides a class for types with a default value. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #737228 - Review Request: ghc-data-default - A class for types with a default value https://bugzilla.redhat.com/show_bug.cgi?id=737228 --------------------------------------------------------------------------------

================================================================================ ghc-rpm-macros-0.13.11-1.fc15 (FEDORA-2011-13571) Macros for building packages for GHC -------------------------------------------------------------------------------- Update Information:

Fix versions in obsoletes/provides generated for ghc's devel subpackages. -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Jens Petersen petersen@redhat.com - 0.13.11-1 - fix devel subpackage's prof and doc obsoletes and provides versions for multiple lib packages like ghc (reported by Henrik Nordström) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #742407 - broken obsoletes/provides in ghc-7.0.2-16.4.fc15 https://bugzilla.redhat.com/show_bug.cgi?id=742407 --------------------------------------------------------------------------------

================================================================================ gromacs-4.5.5-1.fc15 (FEDORA-2011-13593) Fast, Free and Flexible Molecular Dynamics -------------------------------------------------------------------------------- Update Information:

Bugfix update to 4.5.5, see http://lists.gromacs.org/pipermail/gmx-users/2011-September/064683.html for release info. First build in EL6. -------------------------------------------------------------------------------- ChangeLog:

* Tue Sep 20 2011 Jussi Lehtola jussilehtola@fedoraproject.org - 4.5.5-1 - Update to 4.5.5. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #739875 - gromacs-4.5.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=739875 [ 2 ] Bug #739212 - EL-6 branch is missing https://bugzilla.redhat.com/show_bug.cgi?id=739212 --------------------------------------------------------------------------------

================================================================================ groonga-1.2.6-1.fc15 (FEDORA-2011-13591) An Embeddable Fulltext Search Engine -------------------------------------------------------------------------------- Update Information:

new upstream release new upstream release new upstream release new upstream release new upstream release new upstream release new upstream release -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Daiki Ueno dueno@redhat.com - 1.2.6-1 - build in fedora * Thu Sep 29 2011 Kouhei Sutou kou@clear-code.com - 1.2.6-0 - new upstream release. * Mon Sep 5 2011 Daiki Ueno dueno@redhat.com - 1.2.5-1 - build in fedora * Mon Aug 29 2011 Kouhei Sutou kou@clear-code.com - 1.2.5-0 - new upstream release. * Fri Jul 29 2011 Daiki Ueno dueno@redhat.com - 1.2.4-1 - build in fedora * Fri Jul 29 2011 Kouhei Sutou kou@clear-code.com - 1.2.4-0 - new upstream release. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #742181 - groonga-1.2.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=742181 [ 2 ] Bug #734043 - groonga-1.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=734043 --------------------------------------------------------------------------------

================================================================================ haveged-1.2-3.fc15 (FEDORA-2011-13572) A Linux entropy source using the HAVEGE algorithm. -------------------------------------------------------------------------------- Update Information:

A Linux entropy source using the HAVEGE algorithm. Feed entropy into random pool -------------------------------------------------------------------------------- References:

[ 1 ] Bug #739347 - Review Request: haveged - A Linux entropy source using the HAVEGE algorithm. Feed entropy into random pool https://bugzilla.redhat.com/show_bug.cgi?id=739347 --------------------------------------------------------------------------------

================================================================================ kmymoney-4.6.0-1.fc15 (FEDORA-2011-13564) Personal finance -------------------------------------------------------------------------------- Update Information:

New kmymoney release, includes several new features, many bugfixes, and improved translations.

See also http://sourceforge.net/news/?group_id=4708 -------------------------------------------------------------------------------- ChangeLog:

* Sun Aug 21 2011 Rex Dieter rdieter@fedoraproject.org 4.6.0-1 - 4.6.0 - use more pkgconfig-type build deps -------------------------------------------------------------------------------- References:

[ 1 ] Bug #728701 - Review Request: libalkimia - Financial library https://bugzilla.redhat.com/show_bug.cgi?id=728701 --------------------------------------------------------------------------------

================================================================================ libalkimia-4.3.1-3.fc15 (FEDORA-2011-13564) Financial library -------------------------------------------------------------------------------- Update Information:

New kmymoney release, includes several new features, many bugfixes, and improved translations.

See also http://sourceforge.net/news/?group_id=4708 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #728701 - Review Request: libalkimia - Financial library https://bugzilla.redhat.com/show_bug.cgi?id=728701 --------------------------------------------------------------------------------

================================================================================ libjingle-0.6.0-2.fc15 (FEDORA-2011-13596) GoogleTalk implementation of Jingle -------------------------------------------------------------------------------- Update Information:

Update libjingle to 0.6.0, needed for chromium 14+. -------------------------------------------------------------------------------- ChangeLog:

* Tue Sep 27 2011 Tom Callaway spot@fedoraproject.org - 0.6.0-2 - fix phone bits up - properly bump to 0.6 * Tue Sep 27 2011 Tom Callaway spot@fedoraproject.org - 0.6.0-1 - update to 0.6.0 --------------------------------------------------------------------------------

================================================================================ mfiler3-4.4.3-2.fc15 (FEDORA-2011-13574) Two pane file manager under UNIX console -------------------------------------------------------------------------------- Update Information:

saphire 3.5.3 is released. mfiler3 is rebuilt against this new saphire. -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Mamoru Tasaka mtasaka@fedoraproject.org - 4.4.3-2 - Rebuild against new saphire --------------------------------------------------------------------------------

================================================================================ mk-files-20110808-1.fc15 (FEDORA-2011-13584) Support files for bmake, the NetBSD make(1) tool -------------------------------------------------------------------------------- Update Information:

Support files for bmake, the NetBSD make(1) tool -------------------------------------------------------------------------------- ChangeLog:

* Thu Sep 29 2011 Luis Bazan bazanluis20@gmail.com - 20110808-1 - New upstream version --------------------------------------------------------------------------------

================================================================================ mozc-1.2.831.102-1.fc15 (FEDORA-2011-13579) Open-sourced Google Japanese Input -------------------------------------------------------------------------------- Update Information:

various bug fixes and enhancements included -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Akira TAGOH tagoh@redhat.com - 1.2.831.102-1 - New upstream release. --------------------------------------------------------------------------------

================================================================================ mozilla-noscript-2.1.4-1.fc15 (FEDORA-2011-13563) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information:

With this update, it's possible to use noscript with firefox 7 again.

Other update notes at: http://noscript.net/changelog -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Thomas Spura tomspur@fedoraproject.org - 2.1.4-1 - update to new version (#712331) * Fri Aug 5 2011 Thomas Spura tomspur@fedoraproject.org - 2.1.1-2 - change the macros to match MozillaExtensionsDraft -------------------------------------------------------------------------------- References:

[ 1 ] Bug #712331 - mozilla-noscript-2.1.2.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=712331 --------------------------------------------------------------------------------

================================================================================ ncl-6.0.0-2.fc15 (FEDORA-2011-13586) NCAR Command Language and NCAR Graphics -------------------------------------------------------------------------------- Update Information:

- Update to 6.0.0, enable cairo and gdal support. - Use system udunits by linking it into where ncl expects it, drop udunits patch. Fixes bug 742307. -------------------------------------------------------------------------------- ChangeLog:

* Thu Sep 29 2011 - Orion Poplawski orion@cora.nwra.com - 6.0.0-2 - Use system udunits by linking it into where ncl expects it, drop udunits patch. Fixes bug 742307. * Thu Sep 1 2011 - Orion Poplawski orion@cora.nwra.com - 6.0.0-1 - Update to 6.0.0 final * Wed May 18 2011 - Orion Poplawski orion@cora.nwra.com - 6.0.0-0.2.beta - Rebuild for hdf5 1.8.7 * Thu Mar 31 2011 - Orion Poplawski orion@cora.nwra.com - 6.0.0-0.1.beta - Update to 6.0.0-beta - Enable cairo and gdal support -------------------------------------------------------------------------------- References:

[ 1 ] Bug #742307 - Segmentation fault https://bugzilla.redhat.com/show_bug.cgi?id=742307 --------------------------------------------------------------------------------

================================================================================ php-bartlett-PHP-Reflect-1.0.2-2.fc15 (FEDORA-2011-13576) Adds the ability to reverse-engineer PHP -------------------------------------------------------------------------------- Update Information:

PHP_Reflect adds the ability to reverse-engineer classes, interfaces, functions, constants and more, by connecting php callbacks to other tokens.

HTML Documentation: /usr/share/doc/pear/PHP_Reflect/docs/index.html -------------------------------------------------------------------------------- References:

[ 1 ] Bug #693200 - Review Request: php-bartlett-PHP-Reflect - Adds the ability to reverse-engineer PHP https://bugzilla.redhat.com/show_bug.cgi?id=693200 --------------------------------------------------------------------------------

================================================================================ python-asciitable-0.7.1-1.fc15 (FEDORA-2011-13589) Extensible ASCII table reader and writer -------------------------------------------------------------------------------- Update Information:

This is a minor feature and bug-fix release

- Add a method inconsistent_handler() to the BaseReader class as a hook to handle rows with an inconsistent number of data columns (contributed by Erik Tollerud). - Output a more informative error message when guessing fails. - Fix issues in column type handling, mostly related to the MemoryReader class which is used for writing tables. - Fix a problem in guessing where user-supplied args were not filtering the guess possibilities correctly. - Fix problem reading a single column, string-only table with MemoryReader on MacOS.

-------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Sergio Pascual sergiopr@fedoraproject.org - 0.7.1-1 - New upstream version, with bugfixes --------------------------------------------------------------------------------

================================================================================ quagga-0.99.20-1.fc15 (FEDORA-2011-13504) Routing daemon -------------------------------------------------------------------------------- Update Information:

fixes CVE-2011-332{3..7} update to latest upstream 0.99.20 -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Jiri Skala jskala@redhat.com - 0.99.20-1 - updated to latest upstream version 0.99.20 - fixes #741343 - CVE-2011-3325 corrected fix * Thu Sep 29 2011 Jiri Skala jskala@redhat.com - 0.99.19-1 - fixes #741343 - CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 - fixes #741580 - updated to latest upstream version 0.99.19 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA https://bugzilla.redhat.com/show_bug.cgi?id=738393 [ 2 ] Bug #738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers https://bugzilla.redhat.com/show_bug.cgi?id=738394 [ 3 ] Bug #738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type https://bugzilla.redhat.com/show_bug.cgi?id=738396 [ 4 ] Bug #738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type https://bugzilla.redhat.com/show_bug.cgi?id=738398 [ 5 ] Bug #738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes https://bugzilla.redhat.com/show_bug.cgi?id=738400 --------------------------------------------------------------------------------

================================================================================ saphire-3.5.3-1.fc15 (FEDORA-2011-13574) Yet another shell -------------------------------------------------------------------------------- Update Information:

saphire 3.5.3 is released. mfiler3 is rebuilt against this new saphire. -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 30 2011 Mamoru Tasaka mtasaka@fedoraproject.org - 3.5.3-1 - 3.5.3 * Fri Sep 9 2011 Mamoru Tasaka mtasaka@fedoraproject.org - 3.5.1-1 - 3.5.1 --------------------------------------------------------------------------------

================================================================================ scsi-target-utils-1.0.18-2.fc15 (FEDORA-2011-13562) The SCSI target daemon and utility programs -------------------------------------------------------------------------------- Update Information:

Fixes crash on stop. -------------------------------------------------------------------------------- ChangeLog:

* Thu Sep 29 2011 Andy Grover agrover@redhat.com - 1.0.18-2 - Add patch * scsi-target-utils-fix-segfault-on-exit.patch -------------------------------------------------------------------------------- References:

[ 1 ] Bug #712807 - [abrt] scsi-target-utils-1.0.14-2.el6: __list_del: Process /usr/sbin/tgtd was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=712807 --------------------------------------------------------------------------------

================================================================================ thunderbird-7.0-1.fc15 (FEDORA-2011-13442) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information:

The latest version of Thunderbird has the following changes:

- Fixed several security issues: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thund... - Numerous platform fixes that improve speed, performance and stability

The latest version of Firefox and Thunderbird has the following changes: - Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see bug mozbz#682927 and the security advisory)

-------------------------------------------------------------------------------- ChangeLog:

* Tue Sep 27 2011 Jan Horak jhorak@redhat.com - 7.0-1 - Update to 7.0 --------------------------------------------------------------------------------

================================================================================ thunderbird-lightning-1.0-0.50.b7.fc15 (FEDORA-2011-13442) The calendar extension to Thunderbird -------------------------------------------------------------------------------- Update Information:

The latest version of Thunderbird has the following changes:

- Fixed several security issues: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thund... - Numerous platform fixes that improve speed, performance and stability

The latest version of Firefox and Thunderbird has the following changes: - Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see bug mozbz#682927 and the security advisory)

-------------------------------------------------------------------------------- ChangeLog:

* Wed Sep 28 2011 Orion Poplawski orion@cora.nwra.com - 1.0-0.50.b7 - Use lightning 1.0b7 source for TB 7 - Update l10n source - Drop tbver patch * Wed Aug 31 2011 Dan Horák <dan[at]danny.cz> - 1.0-0.49.b5 - sync secondary arches support with xulrunner/thunderbird --------------------------------------------------------------------------------