Fedora 13 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Aug 12 04:13:25 UTC 2010
The following builds have been pushed to Fedora 13 updates-testing
GMT-4.5.3-3.fc13
asterisk-1.6.2.11-1.fc13
clamav-0.96.1-1300.fc13
coot-0.6.1-3.20100127svn2740.fc13
decibel-audio-player-1.05-1.fc13
diffuse-0.4.3-1.fc13
erlang-mochiweb-1.3-0.6.20100724git9a53dbd7.fc13
faenza-icon-theme-0.6-1.fc13
fedora-packager-0.5.1.1-1.fc13
gdesklet-SlideShow-0.9-8.fc13
gnome-applet-netspeed-0.16-4.fc13
gridengine-6.2u5-4.fc13
gutenprint-5.2.6-1.fc13
liblockfile-1.08-9.fc13
libwbxml-0.10.8-1.fc13
maniadrive-1.2-22.fc13
mingw32-nsis-2.46-1.fc13
nas-1.9.2-1.fc13
perl-Geo-IPfree-1.1.0.1.6.5.0-1.fc13
perl-libwhisker2-2.5-1.fc13
php-5.3.3-1.fc13
php-eaccelerator-0.9.6.1-2.fc13
php-pecl-xdebug-2.1.0-1.fc13
pidgin-2.7.3-1.fc13
rubygem-cucumber-0.8.5-4.fc13
samba-3.5.4-63.fc13
system-config-firewall-1.2.27-1.fc13
Details about builds:
================================================================================
GMT-4.5.3-3.fc13 (FEDORA-2010-12516)
Generic Mapping Tools
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 22 2010 Orion Poplawski <orion at cora.nwra.com> 4.5.3-3
- Fix buffer overflow in psimage (bug #617332)
* Tue Jul 20 2010 Orion Poplawski <orion at cora.nwra.com> 4.5.3-2
- Bump coastlines requirement to 2.1.0
* Mon Jul 19 2010 Orion Poplawski <orion at cora.nwra.com> 4.5.3-1
- Update to 4.5.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #617332 - [abrt] crash in GMT-4.5.2-1.fc13: __libc_message: Process /usr/bin/psimage was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=617332
--------------------------------------------------------------------------------
================================================================================
asterisk-1.6.2.11-1.fc13 (FEDORA-2010-12529)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The following are a few of the issues resolved by community developers: *
Send DialPlanComplete as a response, not as a separate event. Otherwise, it
goes to all manager sessions and may exclude the current session, if the
Events mask excludes it. (Closes issue #17504. Reported, patched by rrb3942)
* Allow the "useragent" value to be restored into memory from the realtime
backend. This value is purely informational. It does not alter configuration
at all. (Closes issue #16029. Reported, patched by Guggemand) * Fix
rt(c)p set debug ip taking wrong argument Also clean up some coding errors.
(Closes issue #17469. Reported, patched by wdoekes) * Ensure channel placed
in meetme in ringing state is properly hung up. An outgoing channel placed
in meetme while still ringing which was then hung up would not exit meetme
and the channel was not properly destroyed. (Closes issue #15871. Reported,
patched by Ivan) * Correct how 100, 200, 300, etc. is said. Also add the
crazy British numbers. (Closes issue #16102. Reported, patched by Delvar)
* cdr_pgsql does not detect when a table is found. This change adds an ERROR
message to let you know when a failure exists to get the columns from the
pgsql database, which typically means that the table does not exist. (Closes
issue #17478. Reported, patched by kobaz) * Avoid crashing when installing a
duplicate translation path with a lower cost. (Closes issue #17092.
Reported, patched by moy) * Add missing handling for ringing state for use
with queue empty options. (Closes issue #17471. Reported, patched by jazzy)
* Fix reporting estimated queue hold time. Just say the number of seconds
(after minutes) rather than doing some incorrect calculation with respect to
minutes. (Closes issue #17498. Reported, patched by corruptor) For a full
list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.11
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.2.11-1
-
- The following are a few of the issues resolved by community developers:
-
- * Send DialPlanComplete as a response, not as a separate event. Otherwise, it
- goes to all manager sessions and may exclude the current session, if the
- Events mask excludes it.
- (Closes issue #17504. Reported, patched by rrb3942)
-
- * Allow the "useragent" value to be restored into memory from the realtime
- backend. This value is purely informational. It does not alter configuration
- at all.
- (Closes issue #16029. Reported, patched by Guggemand)
-
- * Fix rt(c)p set debug ip taking wrong argument Also clean up some coding
- errors.
- (Closes issue #17469. Reported, patched by wdoekes)
-
- * Ensure channel placed in meetme in ringing state is properly hung up. An
- outgoing channel placed in meetme while still ringing which was then hung up
- would not exit meetme and the channel was not properly destroyed.
- (Closes issue #15871. Reported, patched by Ivan)
-
- * Correct how 100, 200, 300, etc. is said. Also add the crazy British numbers.
- (Closes issue #16102. Reported, patched by Delvar)
-
- * cdr_pgsql does not detect when a table is found. This change adds an ERROR
- message to let you know when a failure exists to get the columns from the
- pgsql database, which typically means that the table does not exist.
- (Closes issue #17478. Reported, patched by kobaz)
-
- * Avoid crashing when installing a duplicate translation path with a lower
- cost.
- (Closes issue #17092. Reported, patched by moy)
-
- * Add missing handling for ringing state for use with queue empty options.
- (Closes issue #17471. Reported, patched by jazzy)
-
- * Fix reporting estimated queue hold time. Just say the number of seconds
- (after minutes) rather than doing some incorrect calculation with respect to
- minutes.
- (Closes issue #17498. Reported, patched by corruptor)
-
- For a full list of changes in the current release, please see the
- ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.11
--------------------------------------------------------------------------------
================================================================================
clamav-0.96.1-1300.fc13 (FEDORA-2010-9391)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 1 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.96.1-1400
- updated to 0.96.1
- applied upstream patch which allows to disable JIT compiler (#573191)
- disabled JIT compiler by default
- removed explicit 'pkgconfig' requirements in -devel (#533956)
- added some BRs
- rediffed patches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #533956 - please consider changing the requires on clamav-devel from /usr/lib/pkgconfig to pkgconfig%{?_isa}
https://bugzilla.redhat.com/show_bug.cgi?id=533956
--------------------------------------------------------------------------------
================================================================================
coot-0.6.1-3.20100127svn2740.fc13 (FEDORA-2010-12510)
The crystallographic object-oriented toolkit
--------------------------------------------------------------------------------
================================================================================
decibel-audio-player-1.05-1.fc13 (FEDORA-2010-12538)
Music player for GNOME
--------------------------------------------------------------------------------
Update Information:
* Wed Aug 11 2010 Debarshi Ray <rishi at fedoraproject.org> - 1.05-1 - Version
bump to 1.05. (Red Hat Bugzilla #608398) * Added presets to the equalizer.
* Close properly on Ctrl+C. * Fixed crash when trying to set the cover for
the current track. * Fixed Gnome media keys no longer working when
starting/closing multiple instances. * Fixed labels not always properly
updated in the equalizer. * Improved startup time. * Middle-click toggles
pause, scroll changes volume. * The playbin2 GStreamer component is now used
by default. * Equalizer module has a menu item (Ctrl+E) when enabled.
(Launchpad #495761) * Stick to the Media Player Remote Interface
Specifications. (Launchpad #534021) * Added Zeitgeist support.
(Launchpad #579972) * Skips two songs when one is not found. (Launchpad
#581654) * Ignore disc number when it looks like '1/1'. (Launchpad #596350)
* http://decibel.silent-blade.org/index.php?n=Main.ReleaseNotes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Debarshi Ray <rishi at fedoraproject.org> - 1.05-1
- Version bump to 1.05. (Red Hat Bugzilla #608398)
* Added presets to the equalizer.
* Close properly on Ctrl+C.
* Fixed crash when trying to set the cover for the current track.
* Fixed Gnome media keys no longer working when starting/closing multiple
instances.
* Fixed labels not always properly updated in the equalizer.
* Improved startup time.
* Middle-click toggles pause, scroll changes volume.
* The playbin2 GStreamer component is now used by default.
* Equalizer module has a menu item (Ctrl+E) when enabled. (Launchpad #495761)
* Stick to the Media Player Remote Interface Specifications. (Launchpad
* Added Zeitgeist support. (Launchpad #579972)
* Skips two songs when one is not found. (Launchpad #581654)
* Ignore disc number when it looks like '1/1'. (Launchpad #596350)
* http://decibel.silent-blade.org/index.php?n=Main.ReleaseNotes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #608398 - decibel-audio-player-1.05 is available
https://bugzilla.redhat.com/show_bug.cgi?id=608398
[ 2 ] Bug #623285 - decibel-audio-player may need to be rebuilt against Python 2.7 in F14 and rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=623285
--------------------------------------------------------------------------------
================================================================================
diffuse-0.4.3-1.fc13 (FEDORA-2010-12521)
Graphical tool for comparing and merging text files
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 10 2010 Jon Levell <fedora at coralbark.net> - 0.4.3-1
- Update to 0.4.3 upstream release
--------------------------------------------------------------------------------
================================================================================
erlang-mochiweb-1.3-0.6.20100724git9a53dbd7.fc13 (FEDORA-2010-12535)
An Erlang library for building lightweight HTTP servers
--------------------------------------------------------------------------------
Update Information:
- Fixed all tests on EL-5 - New git snapshot
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Peter Lemenkov <lemenkov at gmail.com> - 1.3-0.6.20100724git9a53dbd7
- Fixed all tests on EL-5
- New git snapshot
* Tue Jul 13 2010 Peter Lemenkov <lemenkov at gmail.com> - 1.3-0.5.20100507svn159
- Fixed several tests on EL-5 (enough to allow CouchDB to pass its own self-tests)
* Mon Jul 12 2010 Peter Lemenkov <lemenkov at gmail.com> - 1.3-0.4.20100507svn159
- Rebuild with new Erlang
- Simplified spec-file
--------------------------------------------------------------------------------
================================================================================
faenza-icon-theme-0.6-1.fc13 (FEDORA-2010-12514)
Icon theme designed for Equinox GTK theme
--------------------------------------------------------------------------------
Update Information:
new icon set for Gnome
--------------------------------------------------------------------------------
================================================================================
fedora-packager-0.5.1.1-1.fc13 (FEDORA-2010-12517)
Tools for setting up a fedora maintainer environment
--------------------------------------------------------------------------------
Update Information:
minor bug fix and feature release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 5 2010 Dennis Gilmore <dennis at ausil.us> - 0.5.1.1-1
- update to latest release
* Fri Jul 30 2010 Dennis Gilmore <dennis at ausil.us> -0.5.1.0-2
- split fedpkg out on its own
--------------------------------------------------------------------------------
================================================================================
gdesklet-SlideShow-0.9-8.fc13 (FEDORA-2010-12500)
A slideshow of collection for gdesklets
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Jonathan MERCIER <bioinfornatics at gmail.com> - 0.9-8
- rebuild for python 2.7'
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #623306 - gdesklet-SlideShow may need to be rebuilt against Python 2.7 in F14 and rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=623306
[ 2 ] Bug #621726 - SELinux is preventing /usr/bin/python "write" access on /usr/share/system-config-firewall.
https://bugzilla.redhat.com/show_bug.cgi?id=621726
--------------------------------------------------------------------------------
================================================================================
gnome-applet-netspeed-0.16-4.fc13 (FEDORA-2010-12528)
GNOME applet that shows traffic on a network device
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Michael Schwendt <mschwendt at fedoraproject.org> - 0.16-4
- Correctly disconnect icon_theme_changed_cb (from upstream bz 600597).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #530920 - [abrt] crash detected in gnome-applet-netspeed-0.15.2-3.fc12 : in init_quality_pixbufs / g_object_unref
https://bugzilla.redhat.com/show_bug.cgi?id=530920
--------------------------------------------------------------------------------
================================================================================
gridengine-6.2u5-4.fc13 (FEDORA-2010-12526)
Grid Engine - Distributed Computing Management software
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 - Orion Poplawski <orion at cora.nwra.com> - 6.2u5-4
- Use upstream my_configuration.conf as template for default one (bugs 557628,566294)
- Set SGE_CELL in sge.sh/sge.csh (bug 620907)
* Mon Jul 12 2010 - Orion Poplawski <orion at cora.nwra.com> - 6.2u5-3
- Exclude ppc64 - no java 1.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #557628 - installation directions error
https://bugzilla.redhat.com/show_bug.cgi?id=557628
[ 2 ] Bug #566293 - start order of qmaster and execd in init.d
https://bugzilla.redhat.com/show_bug.cgi?id=566293
[ 3 ] Bug #566294 - setting SGE_CLUSTER_NAME="p6444" missing in my_configuration.conf
https://bugzilla.redhat.com/show_bug.cgi?id=566294
[ 4 ] Bug #566296 - Copying of default/common/act_master + bootstrap not sufficient
https://bugzilla.redhat.com/show_bug.cgi?id=566296
[ 5 ] Bug #620907 - profile.d scripts don't set up SGE_CELL
https://bugzilla.redhat.com/show_bug.cgi?id=620907
--------------------------------------------------------------------------------
================================================================================
gutenprint-5.2.6-1.fc13 (FEDORA-2010-12523)
Printer Drivers Package
--------------------------------------------------------------------------------
Update Information:
New upstream release (many new printers supported).
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Jiri Popelka <jpopelka at redhat.com> 5.2.6-1
- 5.2.6.
* Mon Jul 12 2010 Jiri Popelka <jpopelka at redhat.com> 5.2.5-10
- Added COPYING file to main package.
* Thu Jul 8 2010 Jiri Popelka <jpopelka at redhat.com> 5.2.5-9
- Don't ship kitload.log in foomatic sub-package (bug #594709).
* Fri Jun 11 2010 Tim Waugh <twaugh at redhat.com> 5.2.5-8
- Fixed Source0 URL.
* Wed May 12 2010 Jiri Popelka <jpopelka at redhat.com> 5.2.5-7
- Added IEEE 1284 Device ID for:
Epson Stylus Photo 1400 (bug #577299).
Epson Stylus Photo 830U (bug #577307).
HP DeskJet 959C (bug #577291).
* Thu Mar 25 2010 Tim Waugh <twaugh at redhat.com> 5.2.5-6
- Added IEEE 1284 Device ID for Epson Stylus Photo R230 (from Ubuntu #520466).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #616379 - gutenprint-5.2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=616379
--------------------------------------------------------------------------------
================================================================================
liblockfile-1.08-9.fc13 (FEDORA-2010-12531)
This implements a number of functions found in -lmail on SysV systems
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #601577 - Review Request: liblockfile - This library implements a number of functions found in -lmail on SysV systems
https://bugzilla.redhat.com/show_bug.cgi?id=601577
--------------------------------------------------------------------------------
================================================================================
libwbxml-0.10.8-1.fc13 (FEDORA-2010-12504)
Library and tools to parse, encode and handle WBXML documents
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #621297 - libwbxml2-0.10.8 bump
https://bugzilla.redhat.com/show_bug.cgi?id=621297
--------------------------------------------------------------------------------
================================================================================
maniadrive-1.2-22.fc13 (FEDORA-2010-11481)
3D stunt driving game
--------------------------------------------------------------------------------
Update Information:
Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: * Rewrote
var_export() to use smart_str rather than output buffering, prevents data
disclosure if a fatal error occurs (CVE-2010-2531). * Fixed a possible resource
destruction issues in shm_put_var(). * Fixed a possible information leak
because of interruption of XOR operator. * Fixed a possible memory corruption
because of unexpected call-time pass by refernce and following memory clobbering
through callbacks. * Fixed a possible memory corruption in
ArrayObject::uasort(). * Fixed a possible memory corruption in parse_str(). *
Fixed a possible memory corruption in pack(). * Fixed a possible memory
corruption in substr_replace(). * Fixed a possible memory corruption in
addcslashes(). * Fixed a possible stack exhaustion inside fnmatch(). * Fixed a
possible dechunking filter buffer overflow. * Fixed a possible arbitrary memory
access inside sqlite extension. * Fixed string format validation inside phar
extension. * Fixed handling of session variable serialization on certain prefix
characters. * Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). * Fixed SplObjectStorage
unserialization problems (CVE-2010-2225). * Fixed possible buffer overflows in
mysqlnd_list_fields, mysqlnd_change_user. * Fixed possible buffer overflows
when handling error packets in mysqlnd. Full upstream Changelog:
http://www.php.net/ChangeLog-5.php#5.3.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 22 2010 Remi Collet <Fedora at famillecollet.com> 1.2-22
- Rebuild for new php 5.3.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #601897 - CVE-2010-2190 php: sensitive information disclosure (MOPS-2010-047, MOPS-2010-048)
https://bugzilla.redhat.com/show_bug.cgi?id=601897
[ 2 ] Bug #605641 - CVE-2010-2225 PHP unsafe unserialize() use flaw
https://bugzilla.redhat.com/show_bug.cgi?id=605641
[ 3 ] Bug #617180 - CVE-2010-1914 php Zend Engine: Information leaks, memory corruption by interrupting certain opcode handlers (MOPS-2010-014, MOPS-2010-015, MOPS-2010-016)
https://bugzilla.redhat.com/show_bug.cgi?id=617180
[ 4 ] Bug #617211 - CVE-2010-1915 php: Memory leaks, use-after-free by quoting regular expression characters (MOPS-2010-017)
https://bugzilla.redhat.com/show_bug.cgi?id=617211
[ 5 ] Bug #617232 - CVE-2010-1917 php: Local stack exhaustion by matching certain filenames against a pattern (MOPS-2010-021)
https://bugzilla.redhat.com/show_bug.cgi?id=617232
--------------------------------------------------------------------------------
================================================================================
mingw32-nsis-2.46-1.fc13 (FEDORA-2010-12511)
Nullsoft Scriptable Install System
--------------------------------------------------------------------------------
Update Information:
Update to NSIS 2.46, a bugfix release.
https://sourceforge.net/projects/nsis/files/NSIS%202/2.46/RELEASE.html/view
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 2.46-1
- Update to 2.46 (#544675)
--------------------------------------------------------------------------------
================================================================================
nas-1.9.2-1.fc13 (FEDORA-2010-12533)
The Network Audio System (NAS)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 9 2010 Petr Pisar <ppisar at redhat.com> - 1.9.2-1
- 1.9.2 bump, update URL, Source0
- Remove spec code specific for Fedora < 12 and EPEL < 4 as they are
unsupported now
- Apply nas-1.9.2-asneeded.patch to get libXau linked explicitly (bug #565181)
- Move AuErrorDB non-executable to share directory, distribute with libraries
- Unify spec file indentation
- Add postun action
* Sun Mar 14 2010 Frank Büttner <frank-buettner at gmx.net> - 1.9.1-7
- fix #565181
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #565181 - FTBFS nas-1.9.1-6.fc12: ImplicitDSOLinking
https://bugzilla.redhat.com/show_bug.cgi?id=565181
--------------------------------------------------------------------------------
================================================================================
perl-Geo-IPfree-1.1.0.1.6.5.0-1.fc13 (FEDORA-2010-12512)
Look up the country of an IPv4 Address
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Petr Pisar <ppisar at redhat.com> - 1.1.0.1.6.5.0-1
- 1.101650 bump
- Experimental RPM-extensible version numbering
--------------------------------------------------------------------------------
================================================================================
perl-libwhisker2-2.5-1.fc13 (FEDORA-2010-12539)
Perl module geared specifically for HTTP testing
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Petr Pisar <ppisar at redhat.com> - 2.5-1
- 2.5 bump
- License changed from to 2-clause-BSD
- Remove optional Requires.
- Enable tests
- Distribute developer examples in `doc' subpackage
--------------------------------------------------------------------------------
================================================================================
php-5.3.3-1.fc13 (FEDORA-2010-11481)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: * Rewrote
var_export() to use smart_str rather than output buffering, prevents data
disclosure if a fatal error occurs (CVE-2010-2531). * Fixed a possible resource
destruction issues in shm_put_var(). * Fixed a possible information leak
because of interruption of XOR operator. * Fixed a possible memory corruption
because of unexpected call-time pass by refernce and following memory clobbering
through callbacks. * Fixed a possible memory corruption in
ArrayObject::uasort(). * Fixed a possible memory corruption in parse_str(). *
Fixed a possible memory corruption in pack(). * Fixed a possible memory
corruption in substr_replace(). * Fixed a possible memory corruption in
addcslashes(). * Fixed a possible stack exhaustion inside fnmatch(). * Fixed a
possible dechunking filter buffer overflow. * Fixed a possible arbitrary memory
access inside sqlite extension. * Fixed string format validation inside phar
extension. * Fixed handling of session variable serialization on certain prefix
characters. * Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). * Fixed SplObjectStorage
unserialization problems (CVE-2010-2225). * Fixed possible buffer overflows in
mysqlnd_list_fields, mysqlnd_change_user. * Fixed possible buffer overflows
when handling error packets in mysqlnd. Full upstream Changelog:
http://www.php.net/ChangeLog-5.php#5.3.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 22 2010 Remi Collet <Fedora at famillecollet.com> 5.3.3-1
- PHP 5.3.3 released
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #601897 - CVE-2010-2190 php: sensitive information disclosure (MOPS-2010-047, MOPS-2010-048)
https://bugzilla.redhat.com/show_bug.cgi?id=601897
[ 2 ] Bug #605641 - CVE-2010-2225 PHP unsafe unserialize() use flaw
https://bugzilla.redhat.com/show_bug.cgi?id=605641
[ 3 ] Bug #617180 - CVE-2010-1914 php Zend Engine: Information leaks, memory corruption by interrupting certain opcode handlers (MOPS-2010-014, MOPS-2010-015, MOPS-2010-016)
https://bugzilla.redhat.com/show_bug.cgi?id=617180
[ 4 ] Bug #617211 - CVE-2010-1915 php: Memory leaks, use-after-free by quoting regular expression characters (MOPS-2010-017)
https://bugzilla.redhat.com/show_bug.cgi?id=617211
[ 5 ] Bug #617232 - CVE-2010-1917 php: Local stack exhaustion by matching certain filenames against a pattern (MOPS-2010-021)
https://bugzilla.redhat.com/show_bug.cgi?id=617232
--------------------------------------------------------------------------------
================================================================================
php-eaccelerator-0.9.6.1-2.fc13 (FEDORA-2010-11481)
PHP accelerator, optimizer, encoder and dynamic content cacher
--------------------------------------------------------------------------------
Update Information:
Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: * Rewrote
var_export() to use smart_str rather than output buffering, prevents data
disclosure if a fatal error occurs (CVE-2010-2531). * Fixed a possible resource
destruction issues in shm_put_var(). * Fixed a possible information leak
because of interruption of XOR operator. * Fixed a possible memory corruption
because of unexpected call-time pass by refernce and following memory clobbering
through callbacks. * Fixed a possible memory corruption in
ArrayObject::uasort(). * Fixed a possible memory corruption in parse_str(). *
Fixed a possible memory corruption in pack(). * Fixed a possible memory
corruption in substr_replace(). * Fixed a possible memory corruption in
addcslashes(). * Fixed a possible stack exhaustion inside fnmatch(). * Fixed a
possible dechunking filter buffer overflow. * Fixed a possible arbitrary memory
access inside sqlite extension. * Fixed string format validation inside phar
extension. * Fixed handling of session variable serialization on certain prefix
characters. * Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). * Fixed SplObjectStorage
unserialization problems (CVE-2010-2225). * Fixed possible buffer overflows in
mysqlnd_list_fields, mysqlnd_change_user. * Fixed possible buffer overflows
when handling error packets in mysqlnd. Full upstream Changelog:
http://www.php.net/ChangeLog-5.php#5.3.3
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 8 2010 Remi Collet <Fedora at FamilleCollet.com> - 1:0.9.6.1-2
- strong requires PHP version
- rebuild against php 5.3.3
* Sat Jul 3 2010 Remi Collet <Fedora at FamilleCollet.com> - 1:0.9.6.1-1
- update to 0.9.6.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #601897 - CVE-2010-2190 php: sensitive information disclosure (MOPS-2010-047, MOPS-2010-048)
https://bugzilla.redhat.com/show_bug.cgi?id=601897
[ 2 ] Bug #605641 - CVE-2010-2225 PHP unsafe unserialize() use flaw
https://bugzilla.redhat.com/show_bug.cgi?id=605641
[ 3 ] Bug #617180 - CVE-2010-1914 php Zend Engine: Information leaks, memory corruption by interrupting certain opcode handlers (MOPS-2010-014, MOPS-2010-015, MOPS-2010-016)
https://bugzilla.redhat.com/show_bug.cgi?id=617180
[ 4 ] Bug #617211 - CVE-2010-1915 php: Memory leaks, use-after-free by quoting regular expression characters (MOPS-2010-017)
https://bugzilla.redhat.com/show_bug.cgi?id=617211
[ 5 ] Bug #617232 - CVE-2010-1917 php: Local stack exhaustion by matching certain filenames against a pattern (MOPS-2010-021)
https://bugzilla.redhat.com/show_bug.cgi?id=617232
--------------------------------------------------------------------------------
================================================================================
php-pecl-xdebug-2.1.0-1.fc13 (FEDORA-2010-12532)
PECL package for debugging PHP scripts
--------------------------------------------------------------------------------
Update Information:
New upstream version. This shoudl fix PHP 5.3 compatibility. Full
changelog: http://pecl.php.net/package-changelog.php?package=xdebug
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 29 2010 Remi Collet <Fedora at FamilleCollet.com> - 2.1.0-1
- update to 2.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #550174 - Xdebug 2.0.5 does not return variable values to the debugger application
https://bugzilla.redhat.com/show_bug.cgi?id=550174
[ 2 ] Bug #585414 - [abrt] crash in php-cli-5.3.2-1.fc12: Process /usr/bin/php was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=585414
--------------------------------------------------------------------------------
================================================================================
pidgin-2.7.3-1.fc13 (FEDORA-2010-12525)
A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:
New release 2.7.3 Full Upstream ChangeLog:
http://developer.pidgin.im/wiki/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 11 2010 Stu Tomlinson <stu at nosnilmot.com> 2.7.3-1
- 2.7.3
--------------------------------------------------------------------------------
================================================================================
rubygem-cucumber-0.8.5-4.fc13 (FEDORA-2010-12505)
Tool to execute plain-text documents as functional tests
--------------------------------------------------------------------------------
Update Information:
Fixed JSON version Updated to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 4 2010 Michal Fojtik <mfojtik at redhat.com> - 0.8.3-4
- Fixed JSON version
* Wed Aug 4 2010 Michal Fojtik <mfojtik at redhat.com> - 0.8.3-3
- Removed JSON patch (JSON updated in Fedora)
* Sun Aug 1 2010 Michal Fojtik <mfojtik at redhat.com> - 0.8.3-2
- Patched Rakefile and replaced rspec beta version dependency
- Patched Rakefile and downgraded JSON dependency
* Wed Jun 30 2010 Michal Fojtik <mfojtik at redhat.com> - 0.8.3-1
- Newer release
* Sun Oct 18 2009 Lubomir Rintel (Good Data) <lubo.rintel at gooddata.com> - 0.4.2-1
- Newer release
--------------------------------------------------------------------------------
================================================================================
samba-3.5.4-63.fc13 (FEDORA-2010-12520)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 10 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-63
- Fix winbind secure channel (samlogonex)
--------------------------------------------------------------------------------
================================================================================
system-config-firewall-1.2.27-1.fc13 (FEDORA-2010-12519)
A graphical interface for basic firewall setup
--------------------------------------------------------------------------------
Update Information:
- added libvirt services (rhbz#565625) - added Bakula service (rhbz#588377) -
fixed DBUS mechanism to report complete syslog message (rhbz#604623) - fixed
crash because of missing /etc/services file (rhbz#604726) - updated
translations: ar, as, bn_IN, da, de, es, fi, fr, gu, he, hi, is, it,
ja, kn, ko, ml, mr, nl, or, pa, pl, pt, ru, ta, te,
zh_CN - updated translations: bn_IN, de, fi, fr, gu, hi, it, ja, kn, ko, ml,
mr, or, pt_BR, ru, ta, te, zh_CN, zh_TW
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 10 2010 Thomas Woerner <twoerner at redhat.com> 1.2.27-1
- updated translations: bn_IN, de, fi, fr, gu, hi, it, ja, kn, ko, ml, mr, or,
pt_BR, ru, ta, te, zh_CN, zh_TW
* Tue Jun 29 2010 Thomas Woerner <twoerner at redhat.com> 1.2.26-1
- added libvirt services (rhbz#565625)
- added Bakula service (rhbz#588377)
- fixed DBUS mechanism to report complete syslog message (rhbz#604623)
- fixed crash because of missing /etc/services file (rhbz#604726)
- updated translations: ar, as, bn_IN, da, de, es, fi, fr, gu, he, hi, is, it,
ja, kn, ko, ml, mr, nl, or, pa, pl, pt, ru, ta, te,
zh_CN
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #603099 - [abrt] crash in system-config-firewall-1.2.25-1.fc13: etc_services.py:74:load:IOError: [Errno 2] Aucun fichier ou dossier de ce type: '/etc/services'
https://bugzilla.redhat.com/show_bug.cgi?id=603099
--------------------------------------------------------------------------------
More information about the test
mailing list