Fedora 8 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Jul 17 14:21:04 UTC 2008
The following builds have been pushed to Fedora 8 updates-testing
Miro-1.2.3-3.fc8
alexandria-0.6.3-5.fc8
blam-1.8.3-17.fc8
bzr-gtk-0.94.0-4.fc8
cairo-dock-1.6.1.1-1.fc8.1
chmsee-1.0.0-3.31.fc8
devhelp-0.16.1-9.fc8
epiphany-2.20.3-6.fc8
epiphany-extensions-2.20.1-9.fc8
evolution-rspam-0.0.6-3.fc8
f-spot-0.4.3.1-1.fc8
firefox-2.0.0.16-1.fc8
galeon-2.0.4-4.fc8.3
gambit-c-4.2.8-6.fc8.1
gnome-python2-extras-2.19.1-16.fc8
gnome-web-photo-0.3-12.fc8
gnupg2-2.0.9-2.fc8
gtkmozembedmm-1.4.2.cvs20060817-22.fc8
httpd-2.2.9-1.fc8
kazehakase-0.5.4-2.fc8.3
khmeros-fonts-5.0-3.fc8
liferea-1.4.15-3.fc8
openvrml-0.17.6-6.fc8
pastebin-0.60-4.fc8
perl-XML-Stream-1.22-8.fc8
python-fedora-0.3-1.fc8
python-fedora-0.3.1-1.fc8
ruby-gnome2-0.17.0-0.3.rc1.fc8
systemtap-0.7-1.fc8
vala-0.3.4-2.fc8
xdemorse-0.9-4.fc8
xfce4-screenshooter-plugin-1.3.0-1.fc8
xinetd-2.3.14-15.fc8
yelp-2.20.0-11.fc8
zhcon-0.2.6-9.fc8
Details about builds:
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
alexandria-0.6.3-5.fc8 (FEDORA-2008-6489)
Book collection manager
--------------------------------------------------------------------------------
Update Information:
Workaround for bug 436697 is removed. This was actually a bug in ruby-gnome2,
not in alexandria, which is fixed in ruby-gnome2 0.17.0 rc1 which Fedora
currently ships.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 16 2008 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.6.3-5
- Remove workaround for bug 436697 (tooltips crash).
This was a bug on ruby-gnome2 which is fixed in 0.17.0 rc1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #436697 - Segmentation fault when closing preference Windows
https://bugzilla.redhat.com/show_bug.cgi?id=436697
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
bzr-gtk-0.94.0-4.fc8 (FEDORA-2008-6493)
Bazaar plugin for GTK+ interfaces to most Bazaar operations
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 14 2008 Toshio Kuratomi <toshio at fedoraproject.org> 0.94.0-4
- Add upstream patch to fix a traceback when using log in olive.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #455284 - olive-gtk gives KeyError when Using Log Button
https://bugzilla.redhat.com/show_bug.cgi?id=455284
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
evolution-rspam-0.0.6-3.fc8 (FEDORA-2008-6476)
Evolution Plugin for reporting spam
--------------------------------------------------------------------------------
Update Information:
Rspam Evolution Plugin enables Evolution Mail client to report email messages
as spam to checksum-based and statistical filtering networks. It supports Razor
network, DCC, SpamCop and Pyzor.
--------------------------------------------------------------------------------
================================================================================
f-spot-0.4.3.1-1.fc8 (FEDORA-2008-6498)
Photo management application
--------------------------------------------------------------------------------
Update Information:
Backporting 0.4.3.1 from Fedora 9 and Rawhide to fix bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 13 2008 Nigel Jones <dev at nigelj.com> - 0.4.3.1-1
- Update to 0.4.3.1 (backporting spec file from Fedora 9)
* Tue Apr 15 2008 Alex Lancaster <alexlan[AT]fedoraproject org> - 0.4.2-5
- Add patch from Debian to use system mono-addins (from #442343)
* Sat Mar 1 2008 Christopher Aillon <caillon at redhat.com> - 0.4.2-4
- Require dcraw
* Fri Feb 29 2008 Christopher Aillon <caillon at redhat.com> - 0.4.2-3
- Fix the build
* Mon Feb 18 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 0.4.2-2
- Autorebuild for GCC 4.3
* Thu Feb 14 2008 Matthias Clasen <mclasen at redhat.com> - 0.4.2-1
- Update to 0.4.2
* Fri Jan 18 2008 Matthias Clasen <mclasen at redhat.com> - 0.4.1-2
- Add support for content-types
* Thu Dec 6 2007 Matthias Clasen <mclasen at redhat.com> - 0.4.1-1
- Update to 0.4.1
* Sat Nov 17 2007 Matthias Clasen <mclasen at redhat.com> - 0.4.0-4
- Remove comments from ExclusiveArch line (#388581)
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
gambit-c-4.2.8-6.fc8.1 (FEDORA-2008-6485)
Gambit-C Scheme programming system
--------------------------------------------------------------------------------
Update Information:
Moves include files and library archives to make it easier to perform native
compilation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #449707 - Review Request: gambit-c - Gambit-C Scheme programming system
https://bugzilla.redhat.com/show_bug.cgi?id=449707
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
gnupg2-2.0.9-2.fc8 (FEDORA-2008-6469)
Utility for secure communication and data storage
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 24 2008 Tom "spot" Callaway <tcallawa at redhat.com> 2.0.9-2
- Patch from upstream to fix curl 7.18.1+ and gcc4.3+ compile error
* Mon May 19 2008 Tom "spot" Callaway <tcallawa at redhat.com> 2.0.9-1.1
- minor release bump for sparc rebuild
* Wed Mar 26 2008 Rex Dieter <rdieter at fedoraproject.org> 2.0.9-1
- gnupg2-2.0.9
- drop Provides: openpgp
- versioned Provides: gpg
- own %_sysconfdir/gnupg
* Fri Feb 8 2008 Rex Dieter <rdieter at fedoraproject.org> 2.0.8-3
- respin (gcc43)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #427500 - update breaks signing in kmail/kontact
https://bugzilla.redhat.com/show_bug.cgi?id=427500
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
httpd-2.2.9-1.fc8 (FEDORA-2008-6314)
Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
This update includes the latest release of httpd 2.2. A security issue is
fixed in this update: A flaw was found in the handling of excessive interim
responses from an origin server when using mod_proxy_http. In a forward proxy
configuration, if a user of the proxy could be tricked into visiting a malicious
web server, the proxy could be forced into consuming a large amount of stack or
heap memory. This could lead to an eventual process crash due to stack space
exhaustion.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 14 2008 Joe Orton <jorton at redhat.com> 2.2.9-1.fc8
- update to 2.2.9 (#454100)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #451615 - CVE-2008-2364 httpd: mod_proxy_http DoS via excessive interim responses from the origin server
https://bugzilla.redhat.com/show_bug.cgi?id=451615
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
khmeros-fonts-5.0-3.fc8 (FEDORA-2008-6488)
Khmer font set created by Danh Hong of the Cambodian Open Institute
--------------------------------------------------------------------------------
Update Information:
The Khmer OS fonts include Khmer and Latin alphabets, and they have equivalent
sizes for Khmer and English alphabets, so that when texts mix both it is not
necessary to have different point sizes for the text in each language. They
were created by Danh Hong of the Cambodian Open Institute. * Tue Jul 8 2008
Michal Nowak <mnowak at redhat.com> - 5.0-3 - reshaping to multiple subpackages
based on font type/purpose - license uncertainity is solved; licence field is
set according to information from .ttf files read via gnome-font-viewer *
Mon Jul 7 2008 Michal Nowak <mnowak at redhat.com> - 5.0-2 - removing Fedora
specific license - refactoring summary and description texts (Nicolas Mailhot)
* Fri Jul 4 2008 Michal Nowak <mnowak at redhat.com> - 5.0-1 - Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #454078 - Review Request: khmeros-fonts - Khmer free/libre font set created by Danh Hong of the Cambodian Open Institute
https://bugzilla.redhat.com/show_bug.cgi?id=454078
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
pastebin-0.60-4.fc8 (FEDORA-2008-6468)
A collaborative debugging tool
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Michael Stahnke <stahnma at fedoraprojet.org> - 0.60-4
- Fix a requires (added php)
- Bug number 455389
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #455389 - Should depend on PHP
https://bugzilla.redhat.com/show_bug.cgi?id=455389
--------------------------------------------------------------------------------
================================================================================
perl-XML-Stream-1.22-8.fc8 (FEDORA-2008-6461)
XML::Stream - streaming XML library
--------------------------------------------------------------------------------
Update Information:
* Mon Jul 14 2008 Chris Weyl <cweyl at alumni.drew.edu> 1.22-8 - add
IO::Socket::SSL as a BR/R (see BZ#455344) - also add Net::DNS - make tests run
if --with network-tests - misc spec touchups
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 14 2008 Chris Weyl <cweyl at alumni.drew.edu> 1.22-8
- add IO::Socket::SSL as a BR/R (see BZ#455344)
- also add Net::DNS
- make tests run if --with network-tests
- misc spec touchups
* Thu Feb 7 2008 Tom "spot" Callaway <tcallawa at redhat.com> 1.22-7
- rebuild for new perl
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.3-1.fc8 (FEDORA-2008-6516)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
* New fedora.client.bodhi API * Lots of bugfixes * New
fedora.client.ProxyClient class that can be used for writing proxies and lower
level clients that talk to Fedora Services. - BaseClient rewritten to run on
top of ProxyClient. * Rearranging of many modules. The old names should still
work but issue a DeprecationWarning and the new location to import the module
from. * Documentation on how to build a Fedora Service that will work well with
BaseClient and documentation on building apps with BaseClient. - Note that
present Fedora Services (Bodhi, PackageDB, MirrorManager, FAS2) will need to be
updated to conform to this spec. Until that happens, not everything (notably,
error handling) will work 100% correctly. * This release contains API breaks
with the previous 0.2 series and deprecations that will go away in 0.4. Please
see the NEWS file for more information: http://fedorahosted.org/python-
fedora/browser/python-fedora-stable/NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 2 2008 Luke Macken <lmacken at redhat.com> - 0.3-1
- New upstream release.
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.3.1-1.fc8 (FEDORA-2008-6460)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
* New fedora.client.bodhi API * Lots of various bugfixes * New
fedora.client.ProxyClient class that can be used for writing proxies and lower
level clients that talk to Fedora Services. - BaseClient rewritten to run on
top of ProxyClient. * Rearranging of many modules. The old names should still
work but issue a DeprecationWarning and the new location to import the module
from. * Documentation on how to build a Fedora Service that will work well with
BaseClient and documentation on building apps with BaseClient. - Note that
present Fedora Services (Bodhi, PackageDB, MirrorManager, FAS2) will need to be
updated to conform to this spec. Until that happens, not everything (notably,
error handling) will work 100% correctly. * This release contains API breaks
with the previous 0.2 series and deprecations that will go away in 0.4. Please
see the NEWS file for more information: http://fedorahosted.org/python-
fedora/browser/python-fedora-stable/NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 14 2008 Luke Macken <lmacken at redhat.com> - 0.3.1-1
- New upstream bugfix release
* Wed Jul 2 2008 Luke Macken <lmacken at redhat.com> - 0.3-1
- New upstream release.
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
systemtap-0.7-1.fc8 (FEDORA-2008-6478)
Instrumentation System
--------------------------------------------------------------------------------
Update Information:
Update to Systemtap 0.7. Release notes at:
http://sources.redhat.com/ml/systemtap/2008-q3/msg00180.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Frank Ch. Eigler <fche at redhat.com> - 0.7-1
- Upstream release.
--------------------------------------------------------------------------------
================================================================================
vala-0.3.4-2.fc8 (FEDORA-2008-6471)
A modern programming language for GNOME
--------------------------------------------------------------------------------
Update Information:
Add emacs mode for editing Vala code
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Michel Alexandre Salim <salimma at fedoraproject.org> - 0.3.4-2
- Add vala-mode for editing Vala code in Emacs
* Tue Jul 1 2008 Lennart Poettering <lpoetter at redhat.com> - 0.3.4-1
- Update to 0.3.4
--------------------------------------------------------------------------------
================================================================================
xdemorse-0.9-4.fc8 (FEDORA-2008-6483)
GTK based application for decoding and displaying Morse code signals
--------------------------------------------------------------------------------
Update Information:
It has an FFT-derived "waterfall" display of the incoming audio signal's
spectrum, as well as a 'scope-like display of the audio detector's output and
status of the mark/space discriminator ("slicer"). xdemorse also has CAT for
the FT-847 and this can be used to net the receiver's frequency to the incoming
signal, by clicking near its trace in the waterfall display.
--------------------------------------------------------------------------------
================================================================================
xfce4-screenshooter-plugin-1.3.0-1.fc8 (FEDORA-2008-6497)
Screenshot utility for the Xfce panel
--------------------------------------------------------------------------------
Update Information:
This release mainly aims at improving the command line utility. Three CLI
options have been added: - do not show the save dialog - set a default save
folder - set a custom save folder
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 16 2008 Christoph Wickert <fedora christoph-wickert de> - 1.3.0-1
- Update to 1.3.0
* Thu Jul 3 2008 Christoph Wickert <fedora christoph-wickert de> - 1.2.0-1
- Update to 1.2.0
- Include new xfce4-screenshooter manpage
* Sun Jun 22 2008 Christoph Wickert <fedora christoph-wickert de> - 1.1.0-1
- Update to 1.1.0
- BR gettext
* Mon Feb 18 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.0.0-7
- Autorebuild for GCC 4.3
--------------------------------------------------------------------------------
================================================================================
xinetd-2.3.14-15.fc8 (FEDORA-2008-6466)
A secure replacement for inetd.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 16 2008 Jan Safranek <jsafranek at redhat.com> - 2:2.3.14-15
- fix wrong bind() call (#448069)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #448069 - xinetd: socket bind: Invalid argument (errno = 22) when using USERID on ipv6
https://bugzilla.redhat.com/show_bug.cgi?id=448069
--------------------------------------------------------------------------------
================================================================================
ruby-gnome2-0.17.0-0.3.rc1.fc8 (FEDORA-2008-6491)
Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues are now available for
Fedora 8. An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785) A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
https://bugzilla.redhat.com/show_bug.cgi?id=452204
[ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------
================================================================================
zhcon-0.2.6-9.fc8 (FEDORA-2008-6455)
A fast Linux Console Chinese System that supports framebuffer
--------------------------------------------------------------------------------
Update Information:
The bugs in i386 has been fixed. However, it uses mmap to load binary input
methods, which is not compatible with x86_64. Simply put, the input on x86_64
machines is still broken.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 15 2008 Ding-Yi Chen <dchen at redhat dot com> - 0.2.6-9
- [Bug 454228] [zhcon] Cannot start input method for x86_64 user
- [Bug 449625] FTBFS zhcon-0.2.6-8.fc9
- [Bug 441203] [zhcon] The input methods other than the default one were not changable for use
* Mon Mar 3 2008 Hu Zheng <zhu at redhat.com> - 0.2.6-8
- i386 build fix.
* Tue Feb 26 2008 Hu Zheng <zhu at redhat.com> - 0.2.6-7
- Gcc-4.3 compile fix.
* Wed Feb 20 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 0.2.6-6
- Autorebuild for GCC 4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #449625 - FTBFS zhcon-0.2.6-8.fc9
https://bugzilla.redhat.com/show_bug.cgi?id=449625
[ 2 ] Bug #454228 - [zhcon] Cannot start input method for x86_64 user
https://bugzilla.redhat.com/show_bug.cgi?id=454228
[ 3 ] Bug #441203 - [zhcon] The input methods other than the default one were not changable for use.
https://bugzilla.redhat.com/show_bug.cgi?id=441203
--------------------------------------------------------------------------------
More information about the test
mailing list