The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13
https://admin.fedoraproject.org/updates/logwatch-7.3.6-55.fc13
https://admin.fedoraproject.org/updates/dhcp-4.1.2-2.ESV.R1.fc13
https://admin.fedoraproject.org/updates/openssl-1.0.0d-1.fc13
https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc13
https://admin.fedoraproject.org/updates/php-pear-1.9.2-1.fc13
https://admin.fedoraproject.org/updates/asterisk-1.6.2.16.2-1.fc13
https://admin.fedoraproject.org/updates/moodle-1.9.11-1.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/pywebdav-0.9.4.1-1.fc13
https://admin.fedoraproject.org/updates/mailman-2.1.12-17.fc13
https://admin.fedoraproject.org/updates/xulrunner-1.9.2.14-1.fc13,firefox...
https://admin.fedoraproject.org/updates/389-admin-1.1.15-1.fc13
https://admin.fedoraproject.org/updates/TeXmacs-1.0.7.9-2.fc13
https://admin.fedoraproject.org/updates/rubygem-actionpack-2.3.5-4.fc13
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
https://admin.fedoraproject.org/updates/moin-1.9.3-4.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.8-68.fc13
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/nss-3.12.9-8.fc13,nss-softokn-3.1...
https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.996-1.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.8-68.fc13
https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13
https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13
https://admin.fedoraproject.org/updates/librsvg2-2.26.3-3.fc13
https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1....
https://admin.fedoraproject.org/updates/less-436-9.fc13
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-4.fc13
https://admin.fedoraproject.org/updates/openssl-1.0.0d-1.fc13
https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc13
https://admin.fedoraproject.org/updates/file-5.04-7.fc13
https://admin.fedoraproject.org/updates/tzdata-2011b-1.fc13
https://admin.fedoraproject.org/updates/system-config-users-1.2.107-1.fc13
https://admin.fedoraproject.org/updates/python-ethtool-0.6-1.fc13
https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/libfprint-0.3.0-1.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7...
https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13
The following builds have been pushed to Fedora 13 updates-testing
389-ds-base-1.2.8-0.5.a3.fc13
R-2.12.2-1.fc13
UpTools-8.5.4-11.fc13
cgnslib-2.5-5.r1.fc13
dwarves-1.9-1.fc13
firefox-3.6.14-1.fc13
galeon-2.0.7-37.fc13
gnome-python2-extras-2.25.3-26.fc13
gnome-web-photo-0.9-16.fc13
mozvoikko-1.0-18.fc13
openldap-2.4.21-12.fc13
perl-Digest-JHash-0.07-1.fc13
perl-Gtk2-MozEmbed-0.08-6.fc13.21
perl-Test-CheckManifest-1.22-2.fc13
pywebdav-0.9.4.1-1.fc13
rkward-0.5.4-3.fc13
rpy-2.0.8-7.fc13
rubygem-hpricot-0.8.4-1.fc13
setroubleshoot-3.0.30-1.fc13
tweepy-1.7.1-3.fc13
tzdata-2011b-1.fc13
xulrunner-1.9.2.14-1.fc13
Details about builds:
================================================================================
389-ds-base-1.2.8-0.5.a3.fc13 (FEDORA-2011-2439)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
Split off 389-ds-base-libs to solve multilib issues
1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3
see bugs for a list of bugs fixed
This is the 1.2.8 alpha 2 release - many bug fixes
389-ds-base 1.2.8 alpha 1
contains many bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 28 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.5.a3
- Bug 676598 - 389-ds-base multilib: file conflicts
- split off libs into a separate -libs package
* Thu Feb 24 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.4.a3
- do not create /var/run/dirsrv - setup will create it instead
- remove the fedora-ds initscript upgrade stuff - we do not support that anymore
- convert the remaining lua stuff to plain old shell script
* Wed Feb 9 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.3.a3
- 1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3
- Bug 675320 - empty modify operation with repl on or lastmod off will crash server
- Bug 675265 - preventryusn gets added to entries on a failed delete
- Bug 677774 - added support for tmpfiles.d
- Bug 666076 - dirsrv crash (1.2.7.5) with multiple simple paged result search
es
- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
- Bug 671199 - Don't allow other to write to rundir
- Bug 678646 - Ignore tombstone operations in managed entry plug-in
- Bug 676053 - export task followed by import task causes cache assertion
- Bug 677440 - clean up compiler warnings in 389-ds-base 1.2.8
- Bug 675113 - ns-slapd core dump in windows_tot_run if oneway sync is used
- Bug 676689 - crash while adding a new user to be synced to windows
- Bug 604881 - admin server log files have incorrect permissions/ownerships
- Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv
ice is restarted
- Bug 675853 - dirsrv crash segfault in need_new_pw()
* Thu Feb 3 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.2.a2
- 1.2.8.a2 release - git tag 389-ds-base-1.2.8.a2
- Bug 674430 - Improve error messages for attribute uniqueness
- Bug 616213 - insufficient stack size for HP-UX on PA-RISC
- Bug 615052 - intrinsics and 64-bit atomics code fails to compile
- on PA-RISC
- Bug 151705 - Need to update Console Cipher Preferences with new ciphers
- Bug 668862 - init scripts return wrong error code
- Bug 670616 - Allow SSF to be set for local (ldapi) connections
- Bug 667935 - DS pipe log script's logregex.py plugin is not redirecting the
- log output to the text file
- Bug 668619 - slapd stops responding
- Bug 624547 - attrcrypt should query the given slot/token for
- supported ciphers
- Bug 646381 - Faulty password for nsmultiplexorcredentials does not give any
- error message in logs
* Fri Jan 21 2011 Nathan Kinder <nkinder(a)redhat.com> - 1.2.8-0.1.a1
- 1.2.8-0.1.a1 release - git tag 389-ds-base-1.2.8.a1
- many bug fixes
--------------------------------------------------------------------------------
================================================================================
R-2.12.2-1.fc13 (FEDORA-2011-2456)
A language for data analysis and graphics
--------------------------------------------------------------------------------
Update Information:
Update to R 2.12.2. A full list of changes in this release is here:
http://cran.r-project.org/src/base/NEWS
Notably, it fixes this issue:
Complex arithmetic (notably z^n for complex z and integer n) gave
incorrect results since R 2.10.0 on platforms without C99 complex
support. This and some lesser issues in trignometric functions
have been corrected. Such platforms were rare (we know of Cygwin and FreeBSD). However,
because of new compiler optimizations in the way complex arguments are handled, the same
code was selected on x86_64 Linux with gcc 4.5.x at the default -O2 optimization (but not
at -O).
In addition, rpy and rkward were rebuilt to use the new R. No other changes were made to
these packages.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 27 2011 Tom Callaway <spot(a)fedoraproject.org> - 2.12.2-1
- update to 2.12.2
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.12.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
UpTools-8.5.4-11.fc13 (FEDORA-2011-2453)
C++ library for HPC, networking, DB, memory, etc
--------------------------------------------------------------------------------
Update Information:
UpTools is an open source C++ development library that contains powerful classes to
facilitate and accelerate modern application development. The following aspects are
covered by the library: High performance computing (HPC), Load distribution and parallel
processing, Multi-threading, Time and timers, Memory management, Text and strings,
Database access, Networking, and others.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #673589 - Review Request: UpTools - C++ library for hpc, networking, db,
memory, etc.
https://bugzilla.redhat.com/show_bug.cgi?id=673589
--------------------------------------------------------------------------------
================================================================================
cgnslib-2.5-5.r1.fc13 (FEDORA-2011-2443)
Computational Fluid Dynamics General Notation System
--------------------------------------------------------------------------------
Update Information:
Updated to new 2.5.5 release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 17 2011 Shakthi Kannan <shakthimaan [AT] fedoraproject DOT org> 2.5-5.r1
- Updated to 2.5-5 release.
--------------------------------------------------------------------------------
================================================================================
dwarves-1.9-1.fc13 (FEDORA-2011-2469)
Debugging Information Manipulation Tools
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 28 2011 Arnaldo Carvalho de Melo <acme(a)redhat.com> - 1.9-1
- New release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654471 - [abrt] dwarves-1.8-1.fc13: raise: Process /usr/bin/pahole was killed
by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=654471
[ 2 ] Bug #659981 - [abrt] dwarves-1.8-1.fc13: tag__delete: Process /usr/bin/pahole was
killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=659981
[ 3 ] Bug #564671 - FTBFS dwarves-1.8-1.fc13
https://bugzilla.redhat.com/show_bug.cgi?id=564671
--------------------------------------------------------------------------------
================================================================================
firefox-3.6.14-1.fc13 (FEDORA-2011-2447)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak(a)redhat.com> - 3.6.14-1
- Update to 3.6.14
--------------------------------------------------------------------------------
================================================================================
galeon-2.0.7-37.fc13 (FEDORA-2011-2447)
GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak(a)redhat.com> - 2.0.7-37
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
gnome-python2-extras-2.25.3-26.fc13 (FEDORA-2011-2447)
Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak(a)redhat.com> - 2.25.3-26
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
gnome-web-photo-0.9-16.fc13 (FEDORA-2011-2447)
HTML pages thumbnailer
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak(a)redhat.com> - 0.9-16
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
mozvoikko-1.0-18.fc13 (FEDORA-2011-2447)
Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak(a)redhat.com> - 1.0-18
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
openldap-2.4.21-12.fc13 (FEDORA-2011-2446)
LDAP support libraries
--------------------------------------------------------------------------------
Update Information:
- initscript: slaptest with '-u' to skip database opening (#667768)
- fix: verification of self issued certificates (#657984)
- removed slurpd options from sysconfig/ldap
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Vcelak <jvcelak(a)redhat.com> 2.4.21-12
- fix: CVE-2011-1024 ppolicy forwarded bind failure messages cause success (#680466)
- fix: CVE-2011-1025 rootpw is not verified for ndb backend (#680472)
- fix: security - DoS when submitting special MODRDN request (#680975)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680466 - CVE-2011-1024 openldap: forwarded bind failure messages cause
success
https://bugzilla.redhat.com/show_bug.cgi?id=680466
[ 2 ] Bug #680472 - CVE-2011-1025 openldap: rootpw is not verified with slapd.conf
https://bugzilla.redhat.com/show_bug.cgi?id=680472
[ 3 ] Bug #680975 - CVE-2011-1081 openldap: DoS when submitting special MODRDN request
https://bugzilla.redhat.com/show_bug.cgi?id=680975
--------------------------------------------------------------------------------
================================================================================
perl-Digest-JHash-0.07-1.fc13 (FEDORA-2011-2468)
Perl extension for 32 bit Jenkins Hashing Algorithm
--------------------------------------------------------------------------------
================================================================================
perl-Gtk2-MozEmbed-0.08-6.fc13.21 (FEDORA-2011-2447)
Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak(a)redhat.com> - 0.08-6.21
- Rebuild against newer gecko
--------------------------------------------------------------------------------
================================================================================
perl-Test-CheckManifest-1.22-2.fc13 (FEDORA-2011-2440)
Check if your Manifest matches your distro
--------------------------------------------------------------------------------
================================================================================
pywebdav-0.9.4.1-1.fc13 (FEDORA-2011-2470)
WebDAV library
--------------------------------------------------------------------------------
Update Information:
The server affected by the CVE is distributed only as documentation, not as a directly
runnable component.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Dan Horák <dan[at]danny.cz> 0.9.4.1-1
- update to 0.9.4.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #677718 - CVE-2011-0432 pywebdav: SQL injection due improper escaping of user
credentials
https://bugzilla.redhat.com/show_bug.cgi?id=677718
--------------------------------------------------------------------------------
================================================================================
rkward-0.5.4-3.fc13 (FEDORA-2011-2456)
Graphical frontend for R language
--------------------------------------------------------------------------------
Update Information:
Update to R 2.12.2. A full list of changes in this release is here:
http://cran.r-project.org/src/base/NEWS
Notably, it fixes this issue:
Complex arithmetic (notably z^n for complex z and integer n) gave
incorrect results since R 2.10.0 on platforms without C99 complex
support. This and some lesser issues in trignometric functions
have been corrected. Such platforms were rare (we know of Cygwin and FreeBSD). However,
because of new compiler optimizations in the way complex arguments are handled, the same
code was selected on x86_64 Linux with gcc 4.5.x at the default -O2 optimization (but not
at -O).
In addition, rpy and rkward were rebuilt to use the new R. No other changes were made to
these packages.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Tom Callaway <spot(a)fedoraproject.org> - 0.5.4-3
- rebuild for R 2.12.2
--------------------------------------------------------------------------------
================================================================================
rpy-2.0.8-7.fc13 (FEDORA-2011-2456)
Python interface to the R language
--------------------------------------------------------------------------------
Update Information:
Update to R 2.12.2. A full list of changes in this release is here:
http://cran.r-project.org/src/base/NEWS
Notably, it fixes this issue:
Complex arithmetic (notably z^n for complex z and integer n) gave
incorrect results since R 2.10.0 on platforms without C99 complex
support. This and some lesser issues in trignometric functions
have been corrected. Such platforms were rare (we know of Cygwin and FreeBSD). However,
because of new compiler optimizations in the way complex arguments are handled, the same
code was selected on x86_64 Linux with gcc 4.5.x at the default -O2 optimization (but not
at -O).
In addition, rpy and rkward were rebuilt to use the new R. No other changes were made to
these packages.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 27 2011 Tom Callaway <spot(a)fedoraproject.org> - 2.0.8-7
- rebuild for R 2.12.2
--------------------------------------------------------------------------------
================================================================================
rubygem-hpricot-0.8.4-1.fc13 (FEDORA-2011-2457)
A Fast, Enjoyable HTML Parser for Ruby
--------------------------------------------------------------------------------
Update Information:
New version 0.8.4 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 2 2011 Mamoru Tasaka <mtasaka(a)fedoraproject.org> - 0.8.4-1
- 0.8.4
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
setroubleshoot-3.0.30-1.fc13 (FEDORA-2011-2441)
Helps troubleshoot SELinux problems
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 <dwalsh(a)redhat.com> - 3.0.30-1
- Change seapplet to only check for AVCs on login, if checkonlogin flag is turned on in
~/.setroubleshoot file
- Fix list_all_alerts bug causing crash on bad type
* Mon Feb 21 2011 <dwalsh(a)redhat.com> - 3.0.29-1
- Fix handling of "/" in alert list
- Update translations
* Fri Feb 18 2011 <dwalsh(a)redhat.com> - 3.0.28-1
- Tighten up screen to fit on little screens
* Fri Feb 18 2011 <dwalsh(a)redhat.com> - 3.0.27-1
- Remove dependance on gnome python modules
- Update translations
* Wed Feb 9 2011 <dwalsh(a)redhat.com> - 3.0.26-1
- Cleanup handling of current_alert
- Change Details button to say Plugin\nDetails
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.0.25-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
tweepy-1.7.1-3.fc13 (FEDORA-2011-2445)
Twitter library for python
--------------------------------------------------------------------------------
Update Information:
* Initial RPM package for tweepy-1.7.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #675104 - Review Request: tweepy - Twitter library for python
https://bugzilla.redhat.com/show_bug.cgi?id=675104
--------------------------------------------------------------------------------
================================================================================
tzdata-2011b-1.fc13 (FEDORA-2011-1222)
Timezone data
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Petr Machata <pmachata(a)redhat.com> - 2011b-1
- Upstream 2011b:
- America/North_Dakota/Beulah: Mercer County, North Dakota, changed
from the mountain time zone to the central time zone
* Mon Jan 24 2011 Petr Machata <pmachata(a)redhat.com> - 2011a-1
- Upstream 2011a:
- Updates of historical stamps for Hawaii
--------------------------------------------------------------------------------
================================================================================
xulrunner-1.9.2.14-1.fc13 (FEDORA-2011-2447)
XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2011 Jan Horak <jhorak(a)redhat.com> - 1.9.2.14-1
- Update to 1.9.2.14
--------------------------------------------------------------------------------