Fedora 14 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Fri Aug 12 18:27:56 UTC 2011


The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/ecryptfs-utils-90-1.fc14
    https://admin.fedoraproject.org/updates/foomatic-4.0.7-2.fc14
    https://admin.fedoraproject.org/updates/samba-3.5.11-79.fc14
    https://admin.fedoraproject.org/updates/freetype-2.4.2-5.fc14
    https://admin.fedoraproject.org/updates/clamav-0.97.2-1400.fc14
    https://admin.fedoraproject.org/updates/cgit-0.9.0.2-2.fc14
    https://admin.fedoraproject.org/updates/bugzilla-3.6.6-1.fc14
    https://admin.fedoraproject.org/updates/system-config-firewall-1.2.27-2.fc14
    https://admin.fedoraproject.org/updates/libsndfile-1.0.25-1.fc14
    https://admin.fedoraproject.org/updates/libmodplug-0.8.8.4-1.fc14
    https://admin.fedoraproject.org/updates/libcap-2.22-1.fc14
    https://admin.fedoraproject.org/updates/libvpx-0.9.7-1.fc14
    https://admin.fedoraproject.org/updates/zabbix-1.8.6-1.fc14
    https://admin.fedoraproject.org/updates/dhcp-4.2.0-23.P2.fc14
    https://admin.fedoraproject.org/updates/libsoup-2.32.2-2.fc14
    https://admin.fedoraproject.org/updates/dbus-1.4.0-3.fc14
    https://admin.fedoraproject.org/updates/tomcat6-6.0.26-21.fc14
    https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14
    https://admin.fedoraproject.org/updates/gdk-pixbuf2-2.22.0-2.fc14


The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/tzdata-2011h-2.fc14
    https://admin.fedoraproject.org/updates/PackageKit-0.6.12-4.fc14
    https://admin.fedoraproject.org/updates/libsoup-2.32.2-2.fc14
    https://admin.fedoraproject.org/updates/libcap-2.22-1.fc14
    https://admin.fedoraproject.org/updates/pinentry-0.8.1-4.fc14
    https://admin.fedoraproject.org/updates/libsndfile-1.0.25-1.fc14
    https://admin.fedoraproject.org/updates/ModemManager-0.4.998-1.git20110706.fc14
    https://admin.fedoraproject.org/updates/unique-1.1.6-3.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-savage-2.3.2-3.fc14
    https://admin.fedoraproject.org/updates/mash-0.5.22-1.fc14
    https://admin.fedoraproject.org/updates/perl-5.12.4-146.fc14
    https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-30.2.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-8.fc14.2
    https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
    https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14
    https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14


The following builds have been pushed to Fedora 14 updates-testing

    389-admin-1.1.22-1.fc14
    389-admin-1.1.23-1.fc14
    389-ds-base-1.2.9.6-1.fc14
    certmonger-0.44-1.fc14
    dhcp-4.2.0-23.P2.fc14
    ecryptfs-utils-90-1.fc14
    freewrl-1.22.12-0.3.pre2.fc14
    gkrellm-weather-2.0.8-1.fc14
    papi-4.1.3-2.fc14
    pekwm-0.1.13-1.fc14
    perl-Hash-Diff-0.005-1.fc14
    perl-Test-Spelling-0.14-1.fc14
    php-libvirt-0.4.3-1.fc14
    php-pear-Mail-Mime-1.8.2-1.fc14
    tzdata-2011h-2.fc14
    volumeicon-0.4.1-3.fc14

Details about builds:


================================================================================
 389-admin-1.1.22-1.fc14 (FEDORA-2011-10727)
 389 Administration Server (admin)
--------------------------------------------------------------------------------
Update Information:

Bug 724808 - startup CGIs write temp file to /
add man pages for ds_removal and ds_unregister
fixes for the makeUpgradeTar.sh script
bugfix
several tls/ssl and migration bug fixes
Rebuild with 389-adminutil-1.1.14
look for separate openldap ldif library
skip rebranding current brand - add support for different skins
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 11 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.22-1
- Bug 724808 - startup CGIs write temp file to /
- add man pages for ds_removal and ds_unregister
- fixes for the makeUpgradeTar.sh script
* Tue Aug  2 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.21-1
- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
* Tue Jul  5 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.20-3
- bump rel to rebuild with 389-adminutil-1.1.14
* Tue Jul  5 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.20-2
- bump rel to rebuild with 389-adminutil-1.1.14
* Tue Jul  5 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.20-1
- Bug 719056 - migrate-ds-admin.pl needs to update SELinux policy
- Bug 718285 - AdminServer should use "service" command instead of start/stop/restart scripts
- Bug 718079 - Perl errors when running migrate-ds-admin.pl
- Bug 713000 - Migration stops if old admin server cannot be stopped
- added tests for the security cgi
- fix typo in NSS_Shutdown warning message
- better NSS error handling - reduce memory leaks
- Bug 710372 - Not able to open the Manage Certificate from DS-console
* Thu Jun 30 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.19-2
- bump rev to rebuild with 389-adminutil-1.1.14
* Tue Jun 28 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.19-1
- look for separate openldap ldif library
* Tue Jun 21 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.18-1
- skip rebranding current brand
- support for skins
* Fri May 13 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.17-1
- 1.1.17
- support "in-place" upgrade and rebranding from Red Hat to 389
- many fixes for coverity issues
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #724808 - startup CGIs write temp file to /
        https://bugzilla.redhat.com/show_bug.cgi?id=724808
  [ 2 ] Bug #476925 - Admin Server: Do not allow 8-bit passwords for the admin user
        https://bugzilla.redhat.com/show_bug.cgi?id=476925
  [ 3 ] Bug #719056 - migrate-ds-admin.pl needs to update SELinux policy
        https://bugzilla.redhat.com/show_bug.cgi?id=719056
  [ 4 ] Bug #718285 - AdminServer should use "service" command instead of start/stop/restart scripts
        https://bugzilla.redhat.com/show_bug.cgi?id=718285
  [ 5 ] Bug #718079 - Perl errors when running migrate-ds-admin.pl
        https://bugzilla.redhat.com/show_bug.cgi?id=718079
  [ 6 ] Bug #713000 - Migration stops if old admin server cannot be stopped
        https://bugzilla.redhat.com/show_bug.cgi?id=713000
  [ 7 ] Bug #710372 - Not able to open the Manage Certificate from DS-console
        https://bugzilla.redhat.com/show_bug.cgi?id=710372
--------------------------------------------------------------------------------


================================================================================
 389-admin-1.1.23-1.fc14 (FEDORA-2011-10743)
 389 Administration Server (admin)
--------------------------------------------------------------------------------
Update Information:

fix selinux policy during upgrade
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 11 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.23-1
- Bug 730079 - Update SELinux policy during upgrades
* Thu Aug 11 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.22-1
- Bug 724808 - startup CGIs write temp file to /
- add man pages for ds_removal and ds_unregister
- fixes for the makeUpgradeTar.sh script
* Tue Aug  2 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.21-1
- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
* Tue Jul  5 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.20-3
- bump rel to rebuild with 389-adminutil-1.1.14
* Tue Jul  5 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.20-2
- bump rel to rebuild with 389-adminutil-1.1.14
* Tue Jul  5 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.20-1
- Bug 719056 - migrate-ds-admin.pl needs to update SELinux policy
- Bug 718285 - AdminServer should use "service" command instead of start/stop/restart scripts
- Bug 718079 - Perl errors when running migrate-ds-admin.pl
- Bug 713000 - Migration stops if old admin server cannot be stopped
- added tests for the security cgi
- fix typo in NSS_Shutdown warning message
- better NSS error handling - reduce memory leaks
- Bug 710372 - Not able to open the Manage Certificate from DS-console
* Thu Jun 30 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.19-2
- bump rev to rebuild with 389-adminutil-1.1.14
* Tue Jun 28 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.19-1
- look for separate openldap ldif library
* Tue Jun 21 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.18-1
- skip rebranding current brand
- support for skins
* Fri May 13 2011 Rich Megginson <rmeggins at redhat.com> - 1.1.17-1
- 1.1.17
- support "in-place" upgrade and rebranding from Red Hat to 389
- many fixes for coverity issues
--------------------------------------------------------------------------------


================================================================================
 389-ds-base-1.2.9.6-1.fc14 (FEDORA-2011-10742)
 389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:

Fixes for update, winsync, ruv/counters
Fix another coverity NULL deref in previous patch
Fix coverity NULL deref defect in 1.2.9.3
A few bug fixes
The 1.2.9.0 release - several bug fixes found during alpha testing
389-ds-base-1.2.9.a2 - several bug fixes - automember improvements
look for separate openldap ldif library
Split automember regex rules into separate entries
writing Inf file shows SchemaFile = ARRAY(0xhexnum)
add support for ldif files with changetype: add
Auto Membership
More Coverity fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 10 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9.6-1
- Bug 728510 - Run dirsync after sending updates to AD
- Bug 729717 - Fatal error messages when syncing deletes from AD
- Bug 729369 - upgrade DB to upgrade from entrydn to entryrdn format is not working.
- Bug 729378 - delete user subtree container in AD + modify password in DS == DS crash
- Bug 723937 - Slapi_Counter API broken on  32-bit F15
-   fixed again - separate tests for atomic ops and atomic bool cas
* Mon Aug  8 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9.5-1
- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error
-  Fix another coverity NULL deref in previous patch
* Thu Aug  4 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9.4-1
- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error
-  Fix coverity NULL deref in previous patch
* Wed Aug  3 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9.3-1
- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error
-  previous patch broke build on el5
* Wed Aug  3 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9.2-1
- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error
* Tue Aug  2 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9.1-2
- Bug 723937 - Slapi_Counter API broken on  32-bit F15
-   fixed to use configure test for GCC provided 64-bit atomic functions
* Wed Jul 27 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9.1-1
- Bug 663752 - Cert renewal for attrcrypt and encchangelog
-   this was "re-fixed" due to a deadlock condition with cl2ldif task cancel
- Bug 725953 - Winsync: DS entries fail to sync to AD, if the User's CN entry contains a comma
- Bug 725743 - Make memberOf use PRMonitor for it's operation lock
- Bug 725542 - Instance upgrade fails when upgrading 389-ds-base package
- Bug 723937 - Slapi_Counter API broken on  32-bit F15
* Fri Jul 15 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9.0-1
- Bug 720059 - RDN with % can cause crashes or missing entries
- Bug 709468 - RSA Authentication Server timeouts when using simple paged results on RHDS 8.2.
- Bug 691313 - Need TLS/SSL error messages in repl status and errors log
- Bug 712855 - Directory Server 8.2 logs "Netscape Portable Runtime error -5961 (TCP connection reset by peer.)" to error log whereas Directory Server 8.1 did not
- Bug 713209 - Update sudo schema
- Bug 719069 - clean up compiler warnings in 389-ds-base 1.2.9
- Bug 718303 - Intensive updates on masters could break the consumer's cache
- Bug 711679 - unresponsive LDAP service when deleting vlv on replica
* Mon Jun 27 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9-0.2.a2
- 389-ds-base-1.2.9.a2
- look for separate openldap ldif library
- Split automember regex rules into separate entries
- writing Inf file shows SchemaFile = ARRAY(0xhexnum)
- add support for ldif files with changetype: add
- Bug 716980 - winsync uses old AD entry if new one not found
- Bug 697694 - rhds82 - incr update state stop_fatal_error "requires administrator action", with extop_result: 9
- bump console version to 1.2.6
- Bug 711679 - unresponsive LDAP service when deleting vlv on replica
- Bug 703703 - setup-ds-admin.pl asks for legal agreement to a non-existant file
- Bug 706209 - LEGAL: RHEL6.1 License issue for 389-ds-base package
- Bug 663752 - Cert renewal for attrcrypt and encchangelog
- Bug 706179 - DS can not restart after create a new objectClass has entryusn attribute
- Bug 711906 - ns-slapd segfaults using suffix referrals
- Bug 707384 - only allow FIPS approved cipher suites in FIPS mode
- Bug 710377 - Import with chain-on-update crashes ns-slapd
- Bug 709826 - Memory leak: when extra referrals configured
* Thu May 26 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.9-0.1.a1
- 389-ds-base-1.2.9.a1
- Auto Membership
- More Coverity fixes
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #728510 - WinSync: Renaming an user(which is synced from DS to AD) at AD is creating a new user at DS.
        https://bugzilla.redhat.com/show_bug.cgi?id=728510
  [ 2 ] Bug #729717 - Windows sync logs errors when a delete is synced from AD
        https://bugzilla.redhat.com/show_bug.cgi?id=729717
--------------------------------------------------------------------------------


================================================================================
 certmonger-0.44-1.fc14 (FEDORA-2011-10710)
 Certificate status monitor and PKI enrollment client
--------------------------------------------------------------------------------
Update Information:

This update rolls up a large number of bug fixes, but the main user-visible changes are:
* the "getcert" command now suppresses the technical details of certain error messages unless it is now invoked with the "-v" flag
* if key generation fails because the daemon can't access an NSS database due to an incorrect or missing PIN, the daemon will now recover if the correct PIN is supplied via the "getcert resubmit" command
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 11 2011 Nalin Dahyabhai <nalin at redhat.com> 0.44-1
- check specifically for cases where a specified token that we need to
  use just isn't present for whatever reason (#697058)
* Wed Aug 10 2011 Nalin Dahyabhai <nalin at redhat.com> 0.43-1
- add a -K option to ipa-submit, to use the current ccache, which makes
  it easier to test
* Fri Aug  5 2011 Nalin Dahyabhai <nalin at redhat.com>
- if xmlrpc-c's struct xmlrpc_curl_xportparms has a gss_delegate field, set
  it to TRUE when we're doing Negotiate auth (#727864, #727863, #727866)
* Wed Jul 13 2011 Nalin Dahyabhai <nalin at redhat.com>
- treat the ability to access keys in an NSS database without using a PIN,
  when we've been told we need one, as an error (#692766)
- when handling "getcert resubmit" requests, if we don't have a key yet,
  make sure we go all the way back to generating one (#694184)
- getcert: try to clean up tests for NSS and PEM file locations (#699059)
- don't try to set reconnect-on-exit policy unless we managed to connect
  to the bus (#712500)
- handle cases where we specify a token but the storage token isn't
  known (#699552)
- getcert: recognize -i and storage options to narrow down which requests
  the user wants to know about (#698772)
- output hints when the daemon has startup problems, too (#712075)
- add flags to specify whether we're bus-activated or not, so that we can
  exit if we have nothing to do after handling a request received over
  the bus if some specified amount of time has passed
- explicitly disallow non-root access in the D-Bus configuration (#712072)
- migrate to systemd on releases newer than Fedora 15 or RHEL 6 (#718172)
- fix a couple of incorrect calls to talloc_asprintf() (#721392)
* Wed Apr 13 2011 Nalin Dahyabhai <nalin at redhat.com> 0.42-1
- getcert: fix a buffer overrun preparing a request for the daemon when
  there are more parameters to encode than space in the array (#696185)
- updated translations: de, es, id, pl, ru, uk
* Mon Apr 11 2011 Nalin Dahyabhai <nalin at redhat.com> 0.41-1
- read information about the keys we've just generated before proceeding
  to generating a CSR (part of #694184, part of #695675)
- when processing a "resubmit" request from getcert, go back to key
  generation if we don't have keys yet, else go back to CSR generation as
  before (#694184, #695675)
- configure with --with-tmpdir=/var/run/certmonger and own /var/run/certmonger
  (#687899), and add a systemd tmpfiles.d control file for creating
  /var/run/certmonger on Fedora 15 and later
- let session instances exit when they get disconnected from the bus
- use a lock file to make sure there's only one session instance messing
  around with the user's files at a time
- fix errors saving certificates to NSS databases when there's already a
  certificate there with the same nickname (#695672)
- make key and certificate location output from 'getcert list' more properly
  translatable (#7)
* Mon Mar 28 2011 Nalin Dahyabhai <nalin at redhat.com> 0.40-1
- update to 0.40
  - fix validation check on EKU OIDs in getcert (#691351)
  - get session bus mode sorted
  - add a list of recognized EKU values to the getcert-request man page
* Fri Mar 25 2011 Nalin Dahyabhai <nalin at redhat.com> 0.39-1
- update to 0.39
  - fix use of an uninitialized variable in the xmlrpc-based submission
    helpers (#690886)
* Thu Mar 24 2011 Nalin Dahyabhai <nalin at redhat.com> 0.38-1
- update to 0.38
  - catch cases where we can't read a PIN file, but we never have to log
    in to the token to access the private key (more of #688229)
* Tue Mar 22 2011 Nalin Dahyabhai <nalin at redhat.com> 0.37-1
- update to 0.37
  - be more careful about checking if we can read a PIN file successfully
    before we even call an API that might need us to try (#688229)
  - fix strict aliasing warnings
* Tue Mar 22 2011 Nalin Dahyabhai <nalin at redhat.com> 0.36-1
- update to 0.36
  - fix some use-after-free bugs in the daemon (#689776)
  - fix a copy/paste error in certmonger-ipa-submit(8)
  - getcert now suppresses error details when not given its new -v option
    (#683926, more of #681641/#652047)
  - updated translations
    - de, es, pl, ru, uk
    - indonesian translation is now for "id" rather than "in"
--------------------------------------------------------------------------------


================================================================================
 dhcp-4.2.0-23.P2.fc14 (FEDORA-2011-10705)
 Dynamic host configuration protocol software
--------------------------------------------------------------------------------
Update Information:

This update fixes a pair of defects that could cause the server to halt upon processing certain packets.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 11 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-23.P2
- A pair of defects cause the server to halt upon processing certain packets
  (CVE-2011-2748, CVE-2011-2749, #729850)
* Mon May  9 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-22.P2
- Fix 11-dhclient to export variables (#702735)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #729382 - CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws
        https://bugzilla.redhat.com/show_bug.cgi?id=729382
--------------------------------------------------------------------------------


================================================================================
 ecryptfs-utils-90-1.fc14 (FEDORA-2011-10718)
 The eCryptfs mount helper and support libraries
--------------------------------------------------------------------------------
Update Information:

- privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832)
- race condition when checking source during mount (CVE-2011-1833)
- mtab corruption via improper handling (CVE-2011-1834)
- key poisoning via insecure temp directory handling (CVE-2011-1835)
- information disclosure via recovery mount in /tmp (CVE-2011-1836)
- arbitrary file overwrite via lock counter race (CVE-2011-1837)

- improve logging messages of ecryptfs pam module
- keep own copy of passphrase, pam clears it too early
- keyring from auth stack does not survive, use pam_data and delayed keyring initialization
- keyring from auth stack does not survive, use pam_data and delayed keyring initialization
- keyring from auth stack does not survive, use pam_data and delayed keyring initialization
- improve logging messages of ecryptfs pam module
- keep own copy of passphrase, pam clears it too early
- keyring from auth stack does not survive, use pam_data and delayed keyring initialization
- keyring from auth stack does not survive, use pam_data and delayed keyring initialization
- keyring from auth stack does not survive, use pam_data and delayed keyring initialization
- improve logging messages of ecryptfs pam module
- keep own copy of passphrase, pam clears it too early
- keyring from auth stack does not survive, use pam_data and delayed keyring initialization
- keyring from auth stack does not survive, use pam_data and delayed keyring initialization
- keyring from auth stack does not survive, use pam_data and delayed keyring initialization
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 11 2011 Michal Hlavinka <mhlavink at redhat.com> - 90-1
- security fixes:
- privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832)
- race condition when checking source during mount (CVE-2011-1833)
- mtab corruption via improper handling (CVE-2011-1834)
- key poisoning via insecure temp directory handling (CVE-2011-1835)
- information disclosure via recovery mount in /tmp (CVE-2011-1836)
- arbitrary file overwrite via lock counter race (CVE-2011-1837)
* Tue Aug  9 2011 Michal Hlavinka <mhlavink at redhat.com> - 87-8
- improve logging messages of ecryptfs pam module
- keep own copy of passphrase, pam clears it too early
* Wed Aug  3 2011 Michal Hlavinka <mhlavink at redhat.com> - 87-7
- keyring from auth stack does not survive, use pam_data and delayed 
  keyring initialization
* Thu Jul 21 2011 Michal Hlavinka <mhlavink at redhat.com> - 87-6
- fix pam module to set ecryptfs gid before mount helper execution
- do not use zombie process, it causes lock ups in ssh
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #729465 - CVE-2011-1831 CVE-2011-1832 CVE-2011-1833 CVE-2011-1834 CVE-2011-1835 CVE-2011-1836 CVE-2011-1837 ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information
        https://bugzilla.redhat.com/show_bug.cgi?id=729465
--------------------------------------------------------------------------------


================================================================================
 freewrl-1.22.12-0.3.pre2.fc14 (FEDORA-2011-10711)
 X3D / VRML visualization program
--------------------------------------------------------------------------------
Update Information:

New package - freewrl

FreeWRL is an X3D / VRML visualization program.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #726210 - Review Request: freewrl - X3D / VRML visualization program
        https://bugzilla.redhat.com/show_bug.cgi?id=726210
--------------------------------------------------------------------------------


================================================================================
 gkrellm-weather-2.0.8-1.fc14 (FEDORA-2011-10739)
 Weather plugin for GKrellM
--------------------------------------------------------------------------------
Update Information:

* fixed sprintf buffer overflows
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 10 2011 Adam Goode <adam at spicenitz.org> - 2.0.8-1
- New upstream release
  * fixed sprintf buffer overflows
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.7-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #680888 - gkrellm-weather-2.0.8 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=680888
  [ 2 ] Bug #724013 - Incorrect URL in 'rpm -qi' output
        https://bugzilla.redhat.com/show_bug.cgi?id=724013
--------------------------------------------------------------------------------


================================================================================
 papi-4.1.3-2.fc14 (FEDORA-2011-10736)
 Performance Application Programming Interface
--------------------------------------------------------------------------------
Update Information:

Rebase on papi-4.1.3.

--------------------------------------------------------------------------------
ChangeLog:

* Thu May 12 2011 William Cohen <wcohen at redhat.com> - 4.1.3-2
- Use corrected papi-4.1.3.
* Thu May 12 2011 William Cohen <wcohen at redhat.com> - 4.1.3-1
- Rebase to papi-4.1.3
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 24 2011 William Cohen <wcohen at redhat.com> - 4.1.2.1-1
- Rebase to papi-4.1.2.1
* Fri Oct  1 2010 William Cohen <wcohen at redhat.com> - 4.1.1-1
- Rebase to papi-4.1.1
--------------------------------------------------------------------------------


================================================================================
 pekwm-0.1.13-1.fc14 (FEDORA-2011-10734)
 A small and flexible window manager
--------------------------------------------------------------------------------
Update Information:

Pekwm is a window manager that once up on a time was based on the aewm++ window
manager, but it has evolved enough that it no longer resembles aewm++ at all.
It has a much expanded feature-set, including window grouping (similar to ion,
pwm, or fluxbox), autoproperties, xinerama, keygrabber that supports keychains,
and much more.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 10 2011 Germán A. Racca <skytux at fedoraproject.org> 0.1.13-1
- Updated to new version
- Removed the old patch and applied a new one to fix a similar issue
- Removed indentation of list items in %{description}
--------------------------------------------------------------------------------


================================================================================
 perl-Hash-Diff-0.005-1.fc14 (FEDORA-2011-10722)
 Return difference between to hashes as a hash
--------------------------------------------------------------------------------
Update Information:

This perl modules returns the difference between two hashes as a hash.
--------------------------------------------------------------------------------


================================================================================
 perl-Test-Spelling-0.14-1.fc14 (FEDORA-2011-10713)
 Check for spelling errors in POD files
--------------------------------------------------------------------------------
Update Information:

This is an update to the latest upstream release, containing a large number of bug fixes and enhancements:

* Remove temporary files more aggressively (CPAN RT#41586)
* Add set_pod_file_filter for skipping translations, etc. (CPAN RT#63755)
* Skip tests in all_pod_files_spelling_ok if there is no working spellchecker
* Provide a has_working_spellchecker so you can skip your own tests if there's no working spellchecker
* Rewrite and modernize a lot of the documentation
* Decruftify code, such as by using Exporter and lexical filehandles
* Support .plx files
* Make alternatives checking more robust by reading the spellchecker's STDERR
* Fix an error when using add_stopwords("constant","strings") (CPAN RT#68471)
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 27 2011 Paul Howarth <paul at city-fan.org> - 0.14-1
- Update to 0.14:
  - Fix an error when using add_stopwords("constant","strings") (CPAN RT#68471)
* Wed Apr 27 2011 Paul Howarth <paul at city-fan.org> - 0.13-1
- Update to 0.13:
  - Make alternatives checking more robust by reading the spellchecker's STDERR
* Tue Apr 26 2011 Paul Howarth <paul at city-fan.org> - 0.12-1
- Update to 0.12:
  - Best Practical has taken over maintainership of this module
  - Try various spellcheck programs instead of hardcoding the ancient `spell`
    (CPAN RT#56483)
  - Remove temporary files more aggressively (CPAN RT#41586)
  - Fixed by not creating them at all - instead we now use IPC::Open3
  - Remove suggestion to use broken `aspell -l` (CPAN RT#28967)
  - Add set_pod_file_filter for skipping translations, etc. (CPAN RT#63755)
  - Skip tests in all_pod_files_spelling_ok if there is no working spellchecker
  - Provide a has_working_spellchecker so you can skip your own tests if
    there's no working spellchecker
  - Switch to Module::Install
  - Rewrite and modernize a lot of the documentation
  - Decruftify code, such as by using Exporter and lexical filehandles
  - Support .plx files
- This release by SARTAK -> update source URL
- Rewrite hunspell patch to just favour hunspell over aspell
- BR: perl(IPC::Open3)
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.11-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Dec 22 2010 Marcela Maslanova <mmaslano at redhat.com> - 0.11-10
- Rebuild to fix problems with vendorarch/lib (#661697)
--------------------------------------------------------------------------------


================================================================================
 php-libvirt-0.4.3-1.fc14 (FEDORA-2011-10716)
 PHP language binding for Libvirt
--------------------------------------------------------------------------------
Update Information:

Rebase to 0.4.3
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 11 2011 Michal Novotny <minovotn at redhat.com> - 0.4.3
- Rebase to 0.4.3 from master branch
--------------------------------------------------------------------------------


================================================================================
 php-pear-Mail-Mime-1.8.2-1.fc14 (FEDORA-2011-10704)
 Classes to create MIME messages
--------------------------------------------------------------------------------
Update Information:

Upstream changelog:
* #18426: Fixed backward compatibility for "dfilename" parameter [alec]
* Removed xmail.dtd, xmail.xsl from the package [alec]
* Fixed handling of email addresses with quoted local part [alec]

--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 11 2011 Remi Collet <Fedora at FamilleCollet.com> 1.8.2-1
- Version 1.8.2 (stable) - API 1.4.1 (stable)
- doc in /usr/share/doc/pear
--------------------------------------------------------------------------------


================================================================================
 tzdata-2011h-2.fc14 (FEDORA-2011-10719)
 Timezone data
--------------------------------------------------------------------------------
Update Information:

This update adds a patch for upcoming change in Newfoundland.  The transition time changes from 12:01 AM to 2:00 AM.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 10 2011 Petr Machata <pmachata at redhat.com> - 2011h-2
- Patch for upcoming change in Newfoundland.  The transition time
  changes from 12:01 AM to 2:00 AM.
--------------------------------------------------------------------------------


================================================================================
 volumeicon-0.4.1-3.fc14 (FEDORA-2011-9627)
 Lightweight volume control for the system tray
--------------------------------------------------------------------------------
Update Information:

Volume Icon aims to be a lightweight volume control that sits in your system tray.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #722914 - Review Request: volumeicon - Lightweight volume control for the system tray
        https://bugzilla.redhat.com/show_bug.cgi?id=722914
--------------------------------------------------------------------------------



More information about the test mailing list