Fedora 16 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Dec 30 01:02:33 UTC 2011
The following Fedora 16 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2011-17289/python-virtualenv-1.7-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17493/krb5-appl-1.0.2-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-14691/tomcat6-6.0.32-19.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17560/zabbix-1.8.10-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17558/pidgin-2.10.1-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17542/ruby-1.8.7.357-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17267/libvirt-0.9.6-4.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17248/tor-0.2.2.35-1601.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17372/libguestfs-1.14.8-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17282/unbound-1.4.14-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17369/phpMyAdmin-3.4.9-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17386/glibc-2.14.90-24.fc16.4
https://admin.fedoraproject.org/updates/FEDORA-2011-17065/ipmitool-1.8.11-8.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-16966/jasper-1.900.1-18.fc16
The following Fedora 16 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2011-17507/konsole-4.7.4-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17454/jack-audio-connection-kit-1.9.8-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17414/xfconf-4.8.1-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17417/policycoreutils-2.1.4-13.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17419/cryptsetup-luks-1.3.1-3.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17365/livecd-tools-16.10-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17405/phonon-4.6.0-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17272/grubby-8.8-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17271/perl-5.14.2-193.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17277/cloog-0.15.11-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17263/libreport-2.0.8-4.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17296/shadow-utils-4.1.4.3-11.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17303/libXi-1.4.5-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17264/xfwm4-4.8.3-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17273/libxfce4ui-4.8.1-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17215/telepathy-glib-0.16.4-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17205/libical-0.48-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17209/evolution-data-server-3.2.2-2.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-17012/polkit-qt-0.103.0-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-15301/lxpanel-0.5.8-1.fc16,lxinput-0.3.1-1.fc16,lxsession-edit-0.2.0-1.fc16,lxrandr-0.1.2-1.fc16,lxpolkit-0.1.0-1.fc16,lxterminal-0.1.11-1.fc16,lxshortcut-0.1.2-1.fc16
https://admin.fedoraproject.org/updates/FEDORA-2011-15013/dnsmasq-2.59-2.fc16
The following builds have been pushed to Fedora 16 updates-testing
abi-compliance-checker-1.96.1-1.fc16
audex-0.74-0.1.beta1.fc16
dillo-3.0.2-1.fc16
drupal7-advanced_help-1.0-1.fc16
drupal7-features-1.0-0.2.beta5.fc16
eclipse-ptp-5.0.4-1.fc16
ejabberd-2.1.10-1.fc16
ferm-2.1-1.fc16
ghc-chalmers-lava2000-1.1.2-1.fc16
kmymoney-4.6.1-1.fc16
libcddb-1.3.2-7.fc16
libeXosip2-3.6.0-2.fc16
libosip2-3.6.0-1.fc16
linphone-3.5.0-2.fc16
ortp-0.18.0-1.fc16
paraview-3.12.0-3.fc16.3
pidgin-2.10.1-1.fc16
pvm-3.4.6-1.fc16
python-bunch-1.0.1-1.fc16
qt-4.8.0-5.fc16
ruby-1.8.7.357-1.fc16
rxvt-unicode-9.14-1.fc16
sipwitch-1.1.4-1.fc16
vim-latex-1.8.23-5.20110214.1049.git089726a.fc16
zabbix-1.8.10-1.fc16
Details about builds:
================================================================================
abi-compliance-checker-1.96.1-1.fc16 (FEDORA-2011-17548)
An ABI Compliance Checker
--------------------------------------------------------------------------------
Update Information:
Update to 1.96.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2011 Richard Shaw <hobbes1069 at gmail.com> - 1.96.1-1
- Update to 1.96.1.
- Fixes false positive: http://forge.ispras.ru/issues/2097
* Wed Dec 7 2011 Richard Shaw <hobbes1069 at gmail.com> - 1.95.13-1
- Updated to 1.95.13.
--------------------------------------------------------------------------------
================================================================================
audex-0.74-0.1.beta1.fc16 (FEDORA-2011-17536)
Audio ripper
--------------------------------------------------------------------------------
Update Information:
Newest beta version, fixes various smaller bugs of the last beta release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Roland Wolters <wolters.liste at gmx.net> 0.74-0.1.beta1
- Rebuilt for 0.74-0.1.beta1
--------------------------------------------------------------------------------
================================================================================
dillo-3.0.2-1.fc16 (FEDORA-2011-17557)
Very small and fast GUI web browser
--------------------------------------------------------------------------------
Update Information:
* HTTP digest authentication
* More sophisticated handling of linebreaks and whitespace
* CSS text-transform property
* Locale-independent ASCII character case handling
* Bind Ctrl-{PageUp,PageDown} to tab-{previous,next}
* If not following redirection, show body of redirecting page
* Middle click on stylesheet menu item opens in new tab/window
* Improved handling of combining characters
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.0.2-1
- version upgrade
* Tue Dec 6 2011 Adam Jackson <ajax at redhat.com> - 3.0.1-2
- Rebuild for new libpng
--------------------------------------------------------------------------------
================================================================================
drupal7-advanced_help-1.0-1.fc16 (FEDORA-2011-17562)
Allows module developers to store their help outside the module system in html
--------------------------------------------------------------------------------
Update Information:
New upstream version.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
drupal7-features-1.0-0.2.beta5.fc16 (FEDORA-2011-17561)
Provides feature management for Drupal
--------------------------------------------------------------------------------
Update Information:
New upstream version.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
eclipse-ptp-5.0.4-1.fc16 (FEDORA-2011-17532)
Eclipse Parallel Tools Platform
--------------------------------------------------------------------------------
Update Information:
Update to PTP 5.0.4 and Photran 7.0.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Orion Poplawski <orion at cora.nwra.com> - 5.0.4-1
- Update to PTP 5.0.4, photran 7.0.4
- Add pldt-fortran and rm-contrib sub-packages
- Update makesource.sh/spec/finddeps.sh to use git archive
- Unpack cdtdb-4.0.3-eclipse.jar from tar archive
- Remove orbitDeps usage, not needed
- Remove license feature hack, not needed
- Drop defattr, BuildRoot, clean
- Actually build master package
* Tue Oct 25 2011 Orion Poplawski <orion at cora.nwra.com> - 5.0.3-1
- Update to PTP 5.0.3, photran 7.0.3
--------------------------------------------------------------------------------
================================================================================
ejabberd-2.1.10-1.fc16 (FEDORA-2011-17541)
A distributed, fault-tolerant Jabber/XMPP server
--------------------------------------------------------------------------------
Update Information:
- Ver. 2.1.10
- Works with systemd
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Peter Lemenkov <lemenkov at gmail.com> - 2.1.10-1
- Ver. 2.1.10
- Works with systemd (closes rhbz #767793)
* Sun Dec 18 2011 Dan Horák <dan[at]danny.cz> - 2.1.9-2
- pdf docs require hevea, they are not prebuilt
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #767793 - Provide native systemd service
https://bugzilla.redhat.com/show_bug.cgi?id=767793
--------------------------------------------------------------------------------
================================================================================
ferm-2.1-1.fc16 (FEDORA-2011-17540)
For Easy Rule Making
--------------------------------------------------------------------------------
Update Information:
Update to new 2.1 version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Pavel Alexeev <Pahan at Hubbitus.info> - 2.1-1
- New version (update request: bz#769050)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #769050 - Ferm 2.1 has been released 17 Jul 2011
https://bugzilla.redhat.com/show_bug.cgi?id=769050
--------------------------------------------------------------------------------
================================================================================
ghc-chalmers-lava2000-1.1.2-1.fc16 (FEDORA-2011-17547)
Haskell chalmers-lava2000 library
--------------------------------------------------------------------------------
Update Information:
Updated to 1.1.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 1.1.2-1
- Updated to use cabal2spec-0.24.1.
- Updated to 1.1.2.
* Thu Oct 20 2011 Marcela Mašláňová <mmaslano at redhat.com> - 1.1.1-12.2
- rebuild with new gmp without compat lib
* Tue Oct 11 2011 Peter Schiffer <pschiffe at redhat.com> - 1.1.1-12.1
- rebuild with new gmp
--------------------------------------------------------------------------------
================================================================================
kmymoney-4.6.1-1.fc16 (FEDORA-2011-17564)
Personal finance
--------------------------------------------------------------------------------
Update Information:
New upstream stable bugfix release, see also http://sourceforge.net/news/?group_id=4708
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 7 2011 Rex Dieter <rdieter at fedoraproject.org> 4.6.1-1
- 4.6.1
* Wed Nov 2 2011 Rex Dieter <rdieter at fedoraproject.org> 4.6.0-2
- rebuild (gmp)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #770829 - RFE: new version available
https://bugzilla.redhat.com/show_bug.cgi?id=770829
--------------------------------------------------------------------------------
================================================================================
libcddb-1.3.2-7.fc16 (FEDORA-2011-17553)
Library (C API) for accessing CDDB servers
--------------------------------------------------------------------------------
Update Information:
Fix DNS timeout handler causing an abort due to longjmp from a signal handler and FORTIFY_SOURCE not liking each other.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Hans de Goede <hdegoede at redhat.com> - 1.3.2-7
- Fix DNS timeout handler causing an abort due to longjmp and
FORTIFY_SOURCE from a signal handler not liking each other (rhbz#770611)
* Sun Nov 20 2011 Adrian Reber <adrian at lisas.de> 1.3.2-6
- Rebuilt for new libcdio
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #770611 - [abrt] audacious-2.5.4-1.fc15: cdaudio-ng: longjmp causes uninitialized stack frame
https://bugzilla.redhat.com/show_bug.cgi?id=770611
--------------------------------------------------------------------------------
================================================================================
libeXosip2-3.6.0-2.fc16 (FEDORA-2011-17537)
A library that hides the complexity of using the SIP protocol
--------------------------------------------------------------------------------
Update Information:
Linphone-3.5.0
new features:
- Audio conferencing
- SRTP media encryption
- SIP/TCP and SIP/TLS network protocols
- G722 audio codec
- bug fixes
sipwitch-1.1.4
- switchview icon resources now themable, new icon resources added.
- icon resources now used in switchview menu.
- waiting threads include error handling and throttling.
libeXosip2-3.6.0
- use optionnal c-ares DNS library for non blocking DNS access as well as improvments over DNS operation such as NAPTR and SRV records.
- many minor change/fix/improvments
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 26 2011 Alexey Kurov <nucleo at fedoraproject.org> - 3.6.0-2
- BR: c-ares-devel
* Mon Dec 26 2011 Alexey Kurov <nucleo at fedoraproject.org> - 3.6.0-1
- libeXosip2-3.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #753755 - sipwitch-1.1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=753755
--------------------------------------------------------------------------------
================================================================================
libosip2-3.6.0-1.fc16 (FEDORA-2011-17537)
oSIP is an implementation of SIP
--------------------------------------------------------------------------------
Update Information:
Linphone-3.5.0
new features:
- Audio conferencing
- SRTP media encryption
- SIP/TCP and SIP/TLS network protocols
- G722 audio codec
- bug fixes
sipwitch-1.1.4
- switchview icon resources now themable, new icon resources added.
- icon resources now used in switchview menu.
- waiting threads include error handling and throttling.
libeXosip2-3.6.0
- use optionnal c-ares DNS library for non blocking DNS access as well as improvments over DNS operation such as NAPTR and SRV records.
- many minor change/fix/improvments
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 26 2011 Alexey Kurov <nucleo at fedoraproject.org> - 3.6.0-1
- libosip2-3.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #753755 - sipwitch-1.1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=753755
--------------------------------------------------------------------------------
================================================================================
linphone-3.5.0-2.fc16 (FEDORA-2011-17537)
Phone anywhere in the whole world by using the Internet
--------------------------------------------------------------------------------
Update Information:
Linphone-3.5.0
new features:
- Audio conferencing
- SRTP media encryption
- SIP/TCP and SIP/TLS network protocols
- G722 audio codec
- bug fixes
sipwitch-1.1.4
- switchview icon resources now themable, new icon resources added.
- icon resources now used in switchview menu.
- waiting threads include error handling and throttling.
libeXosip2-3.6.0
- use optionnal c-ares DNS library for non blocking DNS access as well as improvments over DNS operation such as NAPTR and SRV records.
- many minor change/fix/improvments
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 27 2011 Alexey Kurov <nucleo at fedoraproject.org> - 3.5.0-2
- enable spandsp
* Mon Dec 26 2011 Alexey Kurov <nucleo at fedoraproject.org> - 3.5.0-1
- linphone-3.5.0
- add BR: libnotify-devel
- disable spandsp (#691039)
* Tue Dec 6 2011 Adam Jackson <ajax at redhat.com> - 3.4.3-2
- Rebuild for new libpng
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #753755 - sipwitch-1.1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=753755
--------------------------------------------------------------------------------
================================================================================
ortp-0.18.0-1.fc16 (FEDORA-2011-17537)
A C library implementing the RTP protocol (RFC3550)
--------------------------------------------------------------------------------
Update Information:
Linphone-3.5.0
new features:
- Audio conferencing
- SRTP media encryption
- SIP/TCP and SIP/TLS network protocols
- G722 audio codec
- bug fixes
sipwitch-1.1.4
- switchview icon resources now themable, new icon resources added.
- icon resources now used in switchview menu.
- waiting threads include error handling and throttling.
libeXosip2-3.6.0
- use optionnal c-ares DNS library for non blocking DNS access as well as improvments over DNS operation such as NAPTR and SRV records.
- many minor change/fix/improvments
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 26 2011 Alexey Kurov <nucleo at fedoraproject.org> - 0.18.0-1
- ortp-0.18.0
- drop patches for issues fixed in upstream (retval and unused vars)
* Tue Sep 27 2011 Dan Horák <dan[at]danny.cz> - 1:0.16.5-2
- fix another gcc warning and move all fixes to one patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #753755 - sipwitch-1.1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=753755
--------------------------------------------------------------------------------
================================================================================
paraview-3.12.0-3.fc16.3 (FEDORA-2011-16891)
Parallel visualization application
--------------------------------------------------------------------------------
Update Information:
- Update to 3.12.0, see http://www.kitware.com/news/home/browse/Paraview?2011_11_09&ParaView+3.12.0+is+Now+Available!
- Enable PARAVIEW_INSTALL_DEVELOPMENT and re-add -devel sub-package
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 27 2011 Orion Poplawski <orion at cora.nwra.com> - 3.12.0-3.3
- vtkPV*Python.so needs to go into the paraview python dir
- Drop chrpath
* Fri Dec 16 2011 Orion Poplawski <orion at cora.nwra.com> - 3.12.0-3.2
- Oops, install vtk*Python.so, not libvtk*Python.so
* Wed Dec 14 2011 Orion Poplawski <orion at cora.nwra.com> - 3.12.0-3.1
- Rebuild with hdf5-1.8.7-3 which defines _hdf5_version
* Mon Dec 12 2011 Orion Poplawski <orion at cora.nwra.com> - 3.12.0-3
- Install more libvtk libraries by hand and manually remove rpath
- Add needed BRs
- Explicitly require hdf5 version
* Thu Dec 1 2011 Orion Poplawski <orion at cora.nwra.com> - 3.12.0-2
- Enable PARAVIEW_INSTALL_DEVELOPMENT and re-add -devel sub-package
- Install libvtk*Python.so by hand for now
* Thu Nov 10 2011 Orion Poplawski <orion at cora.nwra.com> - 3.12.0-1
- Update to 3.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #759158 - paraview-devel is missing
https://bugzilla.redhat.com/show_bug.cgi?id=759158
--------------------------------------------------------------------------------
================================================================================
pidgin-2.10.1-1.fc16 (FEDORA-2011-17558)
A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:
New release 2.10.1
Full Upstream ChangeLog:
http://developer.pidgin.im/wiki/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Stu Tomlinson <stu at nosnilmot.com> 2.10.1-1
- 2.10.1, includes security fixes for CVE-2011-3594, CVE-2011-4601,
CVE-2011-4602, CVE-2011-4603
* Mon Nov 28 2011 Milan Crha <mcrha at redhat.com> 2.10.0-5
- Rebuild against newer evolution-data-server
* Sun Oct 30 2011 Bruno Wolff III <bruno at wolff.to> 2.10.0-4
- Rebuild against newer evolution-data-server
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #761517 - CVE-2011-4601 pidgin (libpurple): Invalid UTF-8 string handling in OSCAR messages
https://bugzilla.redhat.com/show_bug.cgi?id=761517
[ 2 ] Bug #761510 - CVE-2011-4602 pidgin: Multiple NULL pointer deference flaws by processing certain Jingle stanzas in the XMPP protocol plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=761510
[ 3 ] Bug #766446 - CVE-2011-4603 pidgin: SILC remote crash on channel messages
https://bugzilla.redhat.com/show_bug.cgi?id=766446
[ 4 ] Bug #743481 - CVE-2011-3594 libpurple: invalid UTF-8 string handling in SILC messages
https://bugzilla.redhat.com/show_bug.cgi?id=743481
[ 5 ] Bug #742450 - pidgin: Heap-based buffer overflow by processing certain SILC private messages
https://bugzilla.redhat.com/show_bug.cgi?id=742450
--------------------------------------------------------------------------------
================================================================================
pvm-3.4.6-1.fc16 (FEDORA-2011-17563)
Libraries for distributed computing.
--------------------------------------------------------------------------------
Update Information:
Update to 3.4.6.
--------------------------------------------------------------------------------
================================================================================
python-bunch-1.0.1-1.fc16 (FEDORA-2011-17556)
Python dictionary with attribute-style access
--------------------------------------------------------------------------------
Update Information:
* Add ability to serialize bunch's to yaml and json
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Toshio Kuratomi <toshio at fedoraproject.org> - 1.0.1-1
- New upstream release that adds pyyaml and json serialization
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #770697 - python-bunch-1.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=770697
--------------------------------------------------------------------------------
================================================================================
qt-4.8.0-5.fc16 (FEDORA-2011-17326)
Qt toolkit
--------------------------------------------------------------------------------
Update Information:
Qt 4.8.0 final release, includes many bug fixes, improved translations and documentation.
This build re-enables qvfb support, and includes a patch to address ghosted applications in kde's task manager applet (http://bugs.kde.org/275469 )
See also,
http://labs.qt.nokia.com/2011/12/15/qt-4-8-0-released/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 27 2011 Rex Dieter <rdieter at fedoraproject.org> 4.8.0-5
- fix qvfb
* Tue Dec 27 2011 Rex Dieter <rdieter at fedoraproject.org> 4.8.0-4
- filter event patch, avoid "ghost entries in kde taskbar" problem (kde#275469)
* Tue Dec 20 2011 Rex Dieter <rdieter at fedoraproject.org> 4.8.0-3
- don't spam if libicu is not present at runtime (#759923)
* Mon Dec 19 2011 Dan Horák <dan[at]dannu.cz> 4.8.0-2
- add missing method for QBasicAtomicPointer on s390(x)
* Thu Dec 15 2011 Jaroslav Reznik <jreznik at redhat.com> 4.8.0-1
- 4.8.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #759923 - Control whether icu support is built
https://bugzilla.redhat.com/show_bug.cgi?id=759923
--------------------------------------------------------------------------------
================================================================================
ruby-1.8.7.357-1.fc16 (FEDORA-2011-17542)
An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:
A security flaw was found on the previous ruby that with some series of strings which was specially crafted to intentionally collide their hash values with each other, rails applications may fall into denial of services when such strings are used in HTTP requests (CVE-2011-4815). This new ruby will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 1.8.7.357-1
- Update to 1.8.7p357
- Randomize hash on process startup (CVE-2011-4815, bug 750564)
* Fri Dec 23 2011 Dennis Gilmore <dennis at ausil.us> - 1.8.7.352-2
- dont normalise arm cpus to arm
- there is something weird about how ruby choses where to put bits
* Wed Nov 16 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 1.8.7.352-3
- F-17: kill gdbm support for now due to licensing compatibility issue
* Sat Oct 1 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 1.8.7.352-2
- F-17: rebuild against new gdbm
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #750564 - CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
https://bugzilla.redhat.com/show_bug.cgi?id=750564
--------------------------------------------------------------------------------
================================================================================
rxvt-unicode-9.14-1.fc16 (FEDORA-2011-17538)
Unicode version of rxvt
--------------------------------------------------------------------------------
Update Information:
* bg image operations overhaul
* urxvtd default socket path is now $HOME/.urxvt/urxvtd-<nodename>
* dropped libAfterImage support (deprecated)
* various bugfixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 9.14-1
- version ugprade
- drop screen patch (upstream)
- disable libAfterImage as it is deprecated
--------------------------------------------------------------------------------
================================================================================
sipwitch-1.1.4-1.fc16 (FEDORA-2011-17537)
A secure peer-to-peer VoIP server for the SIP protocol
--------------------------------------------------------------------------------
Update Information:
Linphone-3.5.0
new features:
- Audio conferencing
- SRTP media encryption
- SIP/TCP and SIP/TLS network protocols
- G722 audio codec
- bug fixes
sipwitch-1.1.4
- switchview icon resources now themable, new icon resources added.
- icon resources now used in switchview menu.
- waiting threads include error handling and throttling.
libeXosip2-3.6.0
- use optionnal c-ares DNS library for non blocking DNS access as well as improvments over DNS operation such as NAPTR and SRV records.
- many minor change/fix/improvments
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 26 2011 Alexey Kurov <nucleo at fedoraproject.org> - 1.1.4-1
- sipwitch-1.1.4
* Sun Nov 20 2011 Alexey Kurov <nucleo at fedoraproject.org> - 1.1.3-1
- sipwitch-1.1.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #753755 - sipwitch-1.1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=753755
--------------------------------------------------------------------------------
================================================================================
vim-latex-1.8.23-5.20110214.1049.git089726a.fc16 (FEDORA-2011-17555)
Tools to view, edit and compile LaTeX documents in Vim
--------------------------------------------------------------------------------
Update Information:
fix mismatch in the spec file
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 29 2011 Mario Santagiuliana <mario at marionline.it> - 1.8.23-5.20110214.1049-git089726a
- Review spec file
- Fix changelog error
* Mon Nov 28 2011 Mario Santagiuliana <mario at marionline.it> - 1.8.23-4.20110214.1049-git089726a
- Review spec file
* Mon Feb 14 2011 Till Maas <opensource at till.name> - 1.8.23-3.20110214.1049.git089726a
- Update to new release
- Adjust to new upstream snapshot schema
- build documentation, that is not included in upstream snapshot anymore
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #451108 - Two "eth10" entries under HARDWARE tab
https://bugzilla.redhat.com/show_bug.cgi?id=451108
--------------------------------------------------------------------------------
================================================================================
zabbix-1.8.10-1.fc16 (FEDORA-2011-17560)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
- update to 1.8.10
- upstream changelog at http://www.zabbix.com/rn1.8.10.php
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 28 2011 Dan Horák <dan[at]danny.cz> - 1.8.10-1
- update to 1.8.10 (fixes CVE-2011-4615)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #768525 - CVE-2011-4615 zabbix: persistent XSS flaws in 1.8.x
https://bugzilla.redhat.com/show_bug.cgi?id=768525
--------------------------------------------------------------------------------
More information about the test
mailing list