Fedora 14 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Jan 13 18:01:45 UTC 2011


The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc14
    https://admin.fedoraproject.org/updates/perl-Convert-UUlib-1.34-1.fc14
    https://admin.fedoraproject.org/updates/libuser-0.56.18-3.fc14
    https://admin.fedoraproject.org/updates/wordpress-2.8.6-4.fc14
    https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-3.fc14
    https://admin.fedoraproject.org/updates/dpkg-1.15.5.6-6.fc14
    https://admin.fedoraproject.org/updates/sssd-1.5.0-2.fc14
    https://admin.fedoraproject.org/updates/php-5.3.5-1.fc14,maniadrive-1.2-26.fc14.1,php-eaccelerator-0.9.6.1-4.fc14,maniadrive-data-1.2-5.fc14
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14
    https://admin.fedoraproject.org/updates/socat-1.7.1.3-1.fc14
    https://admin.fedoraproject.org/updates/mod_auth_mysql-3.0.0-12.fc14
    https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.112-2.fc14
    https://admin.fedoraproject.org/updates/exim-4.72-2.fc14


The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/util-linux-ng-2.18-4.7.fc14
    https://admin.fedoraproject.org/updates/libuser-0.56.18-3.fc14
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-4.fc14
    https://admin.fedoraproject.org/updates/openldap-2.4.23-5.fc14
    https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-20.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.10-1.fc14


The following builds have been pushed to Fedora 14 updates-testing

    PackageKit-0.6.11-2.fc14
    dpkg-1.15.5.6-6.fc14
    erlang-ebloom-1.0.2-2.fc14
    freemind-0.9.0-0.8.rc14.fc14
    jss-4.2.6-12.fc14
    kmymoney-4.5.2-1.fc14
    lyx-2.0.0-0.11.beta3.fc14
    maniadrive-1.2-26.fc14.1
    maniadrive-data-1.2-5.fc14
    mc-4.7.5-1.fc14
    openscada-0.7.0.1-5.fc14
    php-5.3.5-1.fc14
    php-eaccelerator-0.9.6.1-4.fc14
    php-phpunit-PHPUnit-3.5.7-1.fc14
    rubygem-aws-2.3.34-1.fc14
    setroubleshoot-plugins-3.0.10-1.fc14
    slapi-nis-0.22-1.fc14
    springlobby-0.120-1.fc14
    sssd-1.5.0-2.fc14
    uim-1.6.1-1.fc14
    util-linux-ng-2.18-4.7.fc14
    wordpress-mu-2.9.2-3.fc14
    xqc-1.0-0.2.20101120svn7.fc14

Details about builds:


================================================================================
 PackageKit-0.6.11-2.fc14 (FEDORA-2011-0359)
 Package management service
--------------------------------------------------------------------------------
Update Information:

This update fixes non-ASCII characters (e.g. accented characters, umlauts, non-Latin characters etc.) in (translated) category names showing up as question marks ('?') in KPackageKit.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 12 2011 Kevin Kofler <Kevin at tigcc.ticalc.org> - 0.6.11-2
- Backport: yum: Ensure the category data is valid UTF8 (rhughes, #668282)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #668282 - PackageKit yum backend uses incorrect encoding for dynamic category names, makes them show up with '?' characters in KPackageKit
        https://bugzilla.redhat.com/show_bug.cgi?id=668282
--------------------------------------------------------------------------------


================================================================================
 dpkg-1.15.5.6-6.fc14 (FEDORA-2011-0362)
 Package maintenance system for Debian Linux
--------------------------------------------------------------------------------
Update Information:

Fix CVE-2010-1679
Fix CVE-2011-0402
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 12 2011 Andrew Colin Kissa <andrew at topdog.za.net> - 1.15.5.6-6
- Fix CVE-2010-1679
- Fix CVE-2011-0402
* Sun Oct 17 2010 Jeroen van Meeuwen <kanarip at kanarip.com> - 1.15.5.6-5
- Apply minimal fix for rhbz #642160
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #668922 - CVE-2010-1679 dpkg: directory traversal flaw allows for arbitrary file creation
        https://bugzilla.redhat.com/show_bug.cgi?id=668922
  [ 2 ] Bug #668930 - CVE-2011-0402 dpkg: arbitrary file modification via symlink attack
        https://bugzilla.redhat.com/show_bug.cgi?id=668930
--------------------------------------------------------------------------------


================================================================================
 erlang-ebloom-1.0.2-2.fc14 (FEDORA-2011-0347)
 A NIF wrapper around a basic bloom filter
--------------------------------------------------------------------------------
Update Information:

* Initial commit
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #652616 - Review Request: erlang-ebloom - A NIF wrapper around a basic bloom filter
        https://bugzilla.redhat.com/show_bug.cgi?id=652616
--------------------------------------------------------------------------------


================================================================================
 freemind-0.9.0-0.8.rc14.fc14 (FEDORA-2011-0338)
 Free mind mapping software
--------------------------------------------------------------------------------
Update Information:

update to recent upstream version
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 12 2011 Johannes Lips <Johannes.Lips googlemail com> 0.9.0-0.8.rc14
- update to recent upstream version
--------------------------------------------------------------------------------


================================================================================
 jss-4.2.6-12.fc14 (FEDORA-2011-0344)
 Java Security Services (JSS)
--------------------------------------------------------------------------------
Update Information:

fix to missing patch line in spec file
Incorrect socket accept error message due to bad pointer arithmetic
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 11 2011 Kevin Wright <kwright at redhat.com> - 4.2.6-12
- added missing patch line
* Tue Dec 21 2010 Christina Fu <cfu at redhat.com> - 4.2.6-11
- bug 654657 - <jdennis at redhat.com>
  Incorrect socket accept error message due to bad pointer arithmetic
- bug 661142 - <cfu at redhat.com>
  Verification should fail when a revoked certificate is added
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #654657 - Incorrect socket accept error message due to bad pointer arithmetic
        https://bugzilla.redhat.com/show_bug.cgi?id=654657
--------------------------------------------------------------------------------


================================================================================
 kmymoney-4.5.2-1.fc14 (FEDORA-2011-0346)
 Personal finance
--------------------------------------------------------------------------------
Update Information:

The KMyMoney Team is pleased to announce the immediate availability of KMyMoney version 4.5.2. This is a bugfix version from the 4.5 series and a Christmas present of the developers to the community.

See also:
http://mail.kde.org/pipermail/kmymoney/2010-December/000124.html
http://kmymoney2.sourceforge.net/ChangeLog-4.5.2.txt
http://kmymoney2.sourceforge.net/ChangeLog-4.5.1.txt


--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan  3 2011 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-1
- kmymoney-4.5.2
* Fri Nov 19 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-1
- kmymoney-4.5.1
* Tue Nov  2 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.5-2
- rebuild (kdchart)
--------------------------------------------------------------------------------


================================================================================
 lyx-2.0.0-0.11.beta3.fc14 (FEDORA-2011-0341)
 WYSIWYM (What You See Is What You Mean) document processor
--------------------------------------------------------------------------------
Update Information:

We are pleased to announce the third public pre-release of LyX 2.0.0.
Except usual bugfixing we addressed long-term slowness issues during this cycle,
in particular we tried to improve performance of the following areas:
* exporting of longer documents
* editing of documents with rich inset structure
* editing with opened outliner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 11 2011 Rex Dieter <rdieter at fedoraproject.org> 2.0.0-0.11.beta3
- lyx-2.0.0-beta3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #668841 - Please update to lyx-2.0.0 to beta 3
        https://bugzilla.redhat.com/show_bug.cgi?id=668841
--------------------------------------------------------------------------------


================================================================================
 maniadrive-1.2-26.fc14.1 (FEDORA-2011-0329)
 3D stunt driving game
--------------------------------------------------------------------------------
Update Information:

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. 
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 11 2011 Remi Collet <Fedora at famillecollet.com> 1.2-26.1
- rebuild
* Tue Jan 11 2011 Hans de Goede <hdegoede at redhat.com> 1.2-26
- Fix story mode not working with php >= 5.3.5 (rhbz#668657)
* Sun Jan  9 2011 Hans de Goede <hdegoede at redhat.com> 1.2-25
- Fix a crash when pressing 't', which enables the drawing of ode
  wire frames (rhbz#657353)
* Sat Jan  8 2011 Remi Collet <Fedora at famillecollet.com> 1.2-24
- Rebuild for new php 5.3.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
        https://bugzilla.redhat.com/show_bug.cgi?id=667806
--------------------------------------------------------------------------------


================================================================================
 maniadrive-data-1.2-5.fc14 (FEDORA-2011-0329)
 Data files for maniadrive, a 3D stunt driving game
--------------------------------------------------------------------------------
Update Information:

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. 
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 11 2011 Hans de Goede <hdegoede at redhat.com> - 1.2-5
- Fix story mode not working with php >= 5.3.5 (rhbz#668657)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
        https://bugzilla.redhat.com/show_bug.cgi?id=667806
--------------------------------------------------------------------------------


================================================================================
 mc-4.7.5-1.fc14 (FEDORA-2011-0354)
 User-friendly text console file manager and visual shell
--------------------------------------------------------------------------------
Update Information:

updates mc to 4.7.5
Fixes possible VFS file GUI crashes.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 12 2011 Jindrich Novy <jnovy at redhat.com> 4.7.5-1
- update to mc-4.7.5
- drop globfix, filegui and vfscrash patches - applied upstream
- introduce mc viewer segfault fix (#602124)
* Tue Dec 14 2010 Jindrich Novy <jnovy at redhat.com> 4.7.4-4
- make cons.saver not suid root, it is no more needed (#640365)
* Thu Dec  9 2010 Jindrich Novy <jnovy at redhat.com> 4.7.4-3
- fix crash in progress bar handling (#643256)
- fix crash in opening mc VFS (#661290, #588795, #653156)
- fix crash while creating a VFS timestamp (#660308)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #653156 - [abrt] mc-1:4.7.4-2.fc14: vfs_s_generate_entry: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=653156
  [ 2 ] Bug #660308 - [abrt] mc-1:4.7.4-2.fc14: vfs_stamp_create: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=660308
  [ 3 ] Bug #643256 - mc crashes on SIGSEV when had copy multiple files
        https://bugzilla.redhat.com/show_bug.cgi?id=643256
  [ 4 ] Bug #640365 - warning: user vcsa does not exist - using root
        https://bugzilla.redhat.com/show_bug.cgi?id=640365
--------------------------------------------------------------------------------


================================================================================
 openscada-0.7.0.1-5.fc14 (FEDORA-2011-0339)
 Open SCADA system project
--------------------------------------------------------------------------------
Update Information:

















--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 11 2011 Aleksey Popkov <aleksey at oscada.org> - 0.7.0.1-5
- Moved files of messages from main package to the self package
- Fixed macros errors
- Fixed of error in oscada.init.patch file
- Fixed somes of spelling-error.
* Tue Jan  4 2011 Aleksey Popkov <aleksey at oscada.org> - 0.7.0.1-4
- My mistake fixing. Sorry!
--------------------------------------------------------------------------------


================================================================================
 php-5.3.5-1.fc14 (FEDORA-2011-0329)
 PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. 
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  7 2011 Remi Collet <Fedora at famillecollet.com> 5.3.5-1
- update to 5.3.5
  http://www.php.net/ChangeLog-5.php#5.3.5
- clean duplicate configure options
- remove all RPM_SOURCE_DIR
- use mysql_config in libdir directly to avoid biarch build failures
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
        https://bugzilla.redhat.com/show_bug.cgi?id=667806
--------------------------------------------------------------------------------


================================================================================
 php-eaccelerator-0.9.6.1-4.fc14 (FEDORA-2011-0329)
 PHP accelerator, optimizer, encoder and dynamic content cacher
--------------------------------------------------------------------------------
Update Information:

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. 
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan  8 2011 Remi Collet <Fedora at FamilleCollet.com> - 1:0.9.6.1-4
- rebuild against PHP 5.3.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
        https://bugzilla.redhat.com/show_bug.cgi?id=667806
--------------------------------------------------------------------------------


================================================================================
 php-phpunit-PHPUnit-3.5.7-1.fc14 (FEDORA-2011-0360)
 Regression testing framework for unit tests
--------------------------------------------------------------------------------
Update Information:

Upstream Changelog:
PHPUnit 3.5.7
-------------
* Implemented GH-103: Improved handling of deprecated PHPUnit features.
* Fixed GH-100: `assertSame()` does not give useful output on misordered arrays.
* Fixed GH-105: Backup of static attributes causes memory exhaustion.
* The TextUI test runner now prints the normal progress output in verbose mode.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 11 2011 Remi Collet <Fedora at famillecollet.com> - 3.5.7-1
- Version 3.5.7 (stable) - API 3.5.7 (stable)
- README, CHANGELOG and LICENSE are now in the tarball
--------------------------------------------------------------------------------


================================================================================
 rubygem-aws-2.3.34-1.fc14 (FEDORA-2011-0356)
 Ruby gem for all Amazon Web Services
--------------------------------------------------------------------------------
Update Information:

Version bump
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 10 2011 Michal Fojtik <mfojtik at redhat.com> - 2.3.34-1
- Version bump
* Tue Nov 23 2010 Michal Fojtik <mfojtik at redhat.com> - 2.3.26-1
- Replaced right_http_connection with http_connection
- Version bump
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #668955 - Update rubygem-aws to 2.3.34
        https://bugzilla.redhat.com/show_bug.cgi?id=668955
--------------------------------------------------------------------------------


================================================================================
 setroubleshoot-plugins-3.0.10-1.fc14 (FEDORA-2011-0351)
 Analysis plugins for use with setroubleshoot
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 12 2011 <dwalsh at redhat.com> - 3.0.10-1
- Add dac_override plugin and update po
--------------------------------------------------------------------------------


================================================================================
 slapi-nis-0.22-1.fc14 (FEDORA-2011-0358)
 NIS Server and Schema Compatibility plugins for Directory Server
--------------------------------------------------------------------------------
Update Information:

This update corrects a number of bugs found by code analysis, and takes care to build using the same LDAP library as 389-ds-base.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  6 2011 Nalin Dahyabhai <nalin at redhat.com> - 0.22-1
- fix a number of scanner-uncovered defects
* Thu Jan  6 2011 Nalin Dahyabhai <nalin at redhat.com> - 0.21-2
- make sure we always pull in nss-devel and nspr-devel, and the right
  ldap toolkit for the Fedora or RHEL version
--------------------------------------------------------------------------------


================================================================================
 springlobby-0.120-1.fc14 (FEDORA-2011-0349)
 A lobby client for the spring RTS game engine
--------------------------------------------------------------------------------
Update Information:

* New upgrade release.
* BT download fixed (again).

--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 11 2011 Gilboa Davara <gilboad [at] gmail [dot] com> -  0.120-1
- BT download broken by new spring release.
--------------------------------------------------------------------------------


================================================================================
 sssd-1.5.0-2.fc14 (FEDORA-2011-0364)
 System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:

Addresses low-priority CVE-2010-4341: DoS in sssd PAM responder can prevent logins
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 11 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.0-2
- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins
        https://bugzilla.redhat.com/show_bug.cgi?id=661163
--------------------------------------------------------------------------------


================================================================================
 uim-1.6.1-1.fc14 (FEDORA-2011-0343)
 A multilingual input method library
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 12 2011 Akira TAGOH <tagoh at redhat.com> - 1.6.1-1
- New upstream release.
--------------------------------------------------------------------------------


================================================================================
 util-linux-ng-2.18-4.7.fc14 (FEDORA-2011-0350)
 A collection of basic system utilities
--------------------------------------------------------------------------------
Update Information:

libblkid RAIDs detection improvement
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 12 2011 Karel Zak <kzak at redhat.com> 2.18-4.7
- improve raid member detection on patitioned raid devices (#543749)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #543749 - After upgrade from Fedora 11, RAID-1 mdraid assembles incorrectly
        https://bugzilla.redhat.com/show_bug.cgi?id=543749
--------------------------------------------------------------------------------


================================================================================
 wordpress-mu-2.9.2-3.fc14 (FEDORA-2011-0335)
 WordPress-MU multi-user blogging software
--------------------------------------------------------------------------------
Update Information:

Security fixes for BZ 668192.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 11 2011 Jon Ciesla <limb at jcomserv.net> - 2.9.2-3
- Patches for security flaws, BZ 668192.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #668192 - Wordpress: various flaws [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=668192
--------------------------------------------------------------------------------


================================================================================
 xqc-1.0-0.2.20101120svn7.fc14 (FEDORA-2011-0348)
 C/C++ API for interfacing with XQuery processors
--------------------------------------------------------------------------------
Update Information:

The goal of the XQC project is to create standardized C/C++ APIs for interfacing with XQuery processors. They provide mechanisms to compile and execute XQueries, manage contexts, and provide a basic interface for the XQuery Data Model.

This package contains the C header file and corresponding API documentation.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #655866 - Review Request: xqc - C/C++ API for interfacing with XQuery processors
        https://bugzilla.redhat.com/show_bug.cgi?id=655866
--------------------------------------------------------------------------------



More information about the test mailing list