Fedora 13 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Apr 22 21:21:13 UTC 2011
The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
https://admin.fedoraproject.org/updates/SimGear-2.0.0-5.fc13
https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.fc13
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999925-3.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/wireshark-1.2.16-1.fc13
https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
https://admin.fedoraproject.org/updates/xorg-x11-server-utils-7.4-17.fc13
https://admin.fedoraproject.org/updates/krb5-1.7.1-19.fc13
https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc13
https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.fc13
https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc13
https://admin.fedoraproject.org/updates/asterisk-1.6.2.17.3-1.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/NetworkManager-0.8.4-1.fc13
https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-penmount-1.4.1-2.fc13
https://admin.fedoraproject.org/updates/python-ethtool-0.7-2.fc13
https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc13
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13
https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13
https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13
https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13
https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13
The following builds have been pushed to Fedora 13 updates-testing
ack-1.94-1.fc13
asterisk-1.6.2.17.3-1.fc13
mediawiki-1.16.4-58.fc13
perl-App-Nopaste-0.28-1.fc13
perl-Path-Class-0.23-1.fc13
Details about builds:
================================================================================
ack-1.94-1.fc13 (FEDORA-2011-5809)
Grep-like text finder
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2011 <ianburrell at gmail.com> - 1.94-1
- Update to 1.94
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.92-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
asterisk-1.6.2.17.3-1.fc13 (FEDORA-2011-5802)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:
* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)
The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
Security advisory AST-2011-005 and AST-2011-006 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.2.17.3-1
- The Asterisk Development Team has announced security releases for Asterisk
- branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
- released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
- issues:
-
- * File Descriptor Resource Exhaustion (AST-2011-005)
- * Asterisk Manager User Shell Access (AST-2011-006)
-
- The issues and resolutions are described in the AST-2011-005 and AST-2011-006
- security advisories.
-
- For more information about the details of these vulnerabilities, please read the
- security advisories AST-2011-005 and AST-2011-006, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
-
- Security advisory AST-2011-005 and AST-2011-006 are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #698916 - CVE-2011-1507 Asterisk: file descriptor resource exhaustion (AST-2011-005)
https://bugzilla.redhat.com/show_bug.cgi?id=698916
[ 2 ] Bug #698917 - CVE-2011-1599 Asterisk: Shell command execution via manager Originate action (AST-2011-006)
https://bugzilla.redhat.com/show_bug.cgi?id=698917
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.16.4-58.fc13 (FEDORA-2011-5807)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
This update brings mediawiki to version 1.16.4, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community.
Further changes:
* some simple wiki management functionality was added:
* mw-createinstance <path> creates a wiki instance under
<path>, which is autoupgraded upon package updates.
* any wiki path entered in /etc/mediawiki/instances will be
autoupgraded upon package updates.
* /var/www/wiki is entered into this list automatically, but
you can remove it if you don't want this instance to be
autoupgraded.
* opensearch and suggestions are enabled by default
* several bug fixes (see changelog).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Axel Thimm <Axel.Thimm at ATrpms.net> - 1.16.4-58
- texvc was being accidentially wiped out before packaging it.
* Sat Apr 16 2011 Axel Thimm <Axel.Thimm at ATrpms.net> - 1.16.4-57
- Update to 1.16.4.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #697434 - texvc binary missing and deal link in package mediawiki-math-1.16.2-56.fc14.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=697434
[ 2 ] Bug #614065 - mediawiki opensearch_desc.php has bad path
https://bugzilla.redhat.com/show_bug.cgi?id=614065
[ 3 ] Bug #644325 - /etc/httpd/conf.d/mediawiki.conf has execute permission
https://bugzilla.redhat.com/show_bug.cgi?id=644325
[ 4 ] Bug #682281 - Mediawiki uses the reserved word Namespace introduced in latest release of PHP
https://bugzilla.redhat.com/show_bug.cgi?id=682281
[ 5 ] Bug #662402 - Cannot enable math display for mediawiki
https://bugzilla.redhat.com/show_bug.cgi?id=662402
[ 6 ] Bug #674456 - CVE-2011-0047 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=674456
[ 7 ] Bug #667201 - CVE-2011-0003 mediawiki: clickjacking vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=667201
[ 8 ] Bug #620226 - CVE-2010-2787 CVE-2010-2788 mediawiki various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=620226
[ 9 ] Bug #696361 - CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 mediawiki: multiple vulnerabilities fixed in 1.16.3 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=696361
--------------------------------------------------------------------------------
================================================================================
perl-App-Nopaste-0.28-1.fc13 (FEDORA-2011-5816)
Easy access to any pastebin
--------------------------------------------------------------------------------
Update Information:
This update to the latest upstream adds a `--open` (`-o`) option for opening the nopaste in your browser. It also includes the following fixes:
* If LWP is producing errors, *report them*
* Correct path to Pastie
* Throw an error if you specify -p and files
* Remove Mathbin; doy moved it to a separate dist
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 9 2011 Iain Arnell <iarnell at gmail.com> 1:0.28-1
- update to latest upstream version
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Path-Class-0.23-1.fc13 (FEDORA-2011-5799)
Cross-platform path specification manipulation
--------------------------------------------------------------------------------
Update Information:
Update to 0.23
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Ian Burrell <ianburrell at gmail.com> - 0.23-1
- Update to 0.23
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.18-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Marcela Maslanova <mmaslano at redhat.com> - 0.18-3
- 661697 rebuild for fixing problems with vendorach/lib
* Tue May 4 2010 Marcela Maslanova <mmaslano at redhat.com> - 0.18-2
- Mass rebuild with perl-5.12.0
* Mon Feb 22 2010 Chris Weyl <cweyl at alumni.drew.edu> 0.18-1
- update to 0.18 (for latest DBIx::Class)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #696091 - RFE: Update to 0.23
https://bugzilla.redhat.com/show_bug.cgi?id=696091
--------------------------------------------------------------------------------
More information about the test
mailing list