The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/libcgroup-0.36.2-6.fc14
https://admin.fedoraproject.org/updates/libxml2-2.7.7-3.fc14
https://admin.fedoraproject.org/updates/pango-1.28.1-5.fc14
https://admin.fedoraproject.org/updates/clamav-0.97-1400.fc14
https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-19.fc14
https://admin.fedoraproject.org/updates/php-pear-1.9.2-1.fc14
https://admin.fedoraproject.org/updates/seamonkey-2.0.12-1.fc14
https://admin.fedoraproject.org/updates/whatsup-1.12-1.fc14
https://admin.fedoraproject.org/updates/cgit-0.9-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14
https://admin.fedoraproject.org/updates/mailman-2.1.13-7.fc14
https://admin.fedoraproject.org/updates/samba-3.5.8-74.fc14
https://admin.fedoraproject.org/updates/pidgin-2.7.11-1.fc14
https://admin.fedoraproject.org/updates/389-admin-1.1.15-1.fc14
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14
https://admin.fedoraproject.org/updates/vsftpd-2.3.4-1.fc14
https://admin.fedoraproject.org/updates/subversion-1.6.16-1.fc14
https://admin.fedoraproject.org/updates/exim-4.72-2.fc14
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14
https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/pango-1.28.1-5.fc14
https://admin.fedoraproject.org/updates/perl-ExtUtils-XSpp-0.15-2.fc14,perl-5.12.3-142.fc14,perl-Wx-0.98-5.fc14
https://admin.fedoraproject.org/updates/libgnome-keyring-2.32.0-2.fc14
https://admin.fedoraproject.org/updates/linux-firmware-20110304-1.fc14
https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-19.fc14
https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
https://admin.fedoraproject.org/updates/pinentry-0.8.1-3.fc14
https://admin.fedoraproject.org/updates/libxml2-2.7.7-3.fc14
https://admin.fedoraproject.org/updates/libconfig-1.4.6-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-9.fc14
https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc14
https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14
https://admin.fedoraproject.org/updates/libmodman-2.0.0-1.fc14
The following builds have been pushed to Fedora 14 updates-testing
dumb-0.9.3-11.fc14
flush-0.9.10-1.fc14
ibus-1.3.9-3.fc14
jd-2.8.1-1.fc14
kid3-1.6-3.fc14
knights-2.3.0-1.fc14
liblouis-2.2.0-2.fc14
lyx-2.0.0-0.17.rc1.fc14
mod_cluster-1.1.1-2.fc14
nickle-2.70-2.fc14
pango-1.28.1-5.fc14
perl-5.12.3-142.fc14
perl-ExtUtils-XSpp-0.15-2.fc14
perl-Wx-0.98-5.fc14
wine-1.3.15-1.fc14
zyGrib-3.9.9-3.fc14
Details about builds:
================================================================================
dumb-0.9.3-11.fc14 (FEDORA-2011-3187)
IT, XM, S3M and MOD player library
--------------------------------------------------------------------------------
Update Information:
Fix unresolved symbols from libm in the libraries (causing linking errors from
configure scripts).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 8 2011 Hans de Goede <[email protected]> - 0.9.3-11
- Fix unresolved symbols from libm in the libraries
* Tue Feb 8 2011 Fedora Release Engineering <[email protected]>
- 0.9.3-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
flush-0.9.10-1.fc14 (FEDORA-2011-3180)
GTK-based BitTorrent client
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #675914 - Review Request: flush - GTK-based BitTorrent client
https://bugzilla.redhat.com/show_bug.cgi?id=675914
--------------------------------------------------------------------------------
================================================================================
ibus-1.3.9-3.fc14 (FEDORA-2011-3188)
Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 11 2011 Takao Fujiwara <[email protected]> - 1.3.9-3
- Updated ibus-541492-xkb.patch
Fixed Bug 673047 - ibus-xkb does not work in non-XKB system
- Updated ibus-HEAD.patch
Removed snooper in class_fini
- Updated xinput-ibus
Set QT_IM_MODULE=xim if ibus-qt is not installed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #673047 - [abrt] ibus-1.3.9-2.fc14: ibus_xkb_get_current_layout:
Process /usr/libexec/ibus-xkb was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=673047
--------------------------------------------------------------------------------
================================================================================
jd-2.8.1-1.fc14 (FEDORA-2011-3193)
A 2ch browser
--------------------------------------------------------------------------------
Update Information:
New version 2.8.1 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 12 2011 Mamoru Tasaka <[email protected]> - 2.8.1-1
- 2.8.1
--------------------------------------------------------------------------------
================================================================================
kid3-1.6-3.fc14 (FEDORA-2011-3189)
Efficient KDE ID3 tag editor
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.6, add a kid3-qt package with Qt only (no KDE)
dependencies.
http://kid3.git.sourceforge.net/git/gitweb.cgi?p=kid3/kid3;a=blob_plain;f=ChangeLog;hp=Rel_1_6
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 7 2011 Fedora Release Engineering <[email protected]>
- 1.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Feb 5 2011 Ville Skyttä <[email protected]> - 1.6-2
- Add -qt subpackage containing a version without KDE dependencies.
* Sat Feb 5 2011 Ville Skyttä <[email protected]> - 1.6-1
- Update to 1.6.
--------------------------------------------------------------------------------
================================================================================
knights-2.3.0-1.fc14 (FEDORA-2011-3181)
A chess board for KDE
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release
which brings many new features and
provides a more complete game.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 11 2011 Julian Aloofi <[email protected]> 2.3.0-1
- update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
liblouis-2.2.0-2.fc14 (FEDORA-2011-3178)
Braille translation and back-translation library
--------------------------------------------------------------------------------
Update Information:
Liblouis is an open-source braille translator and back-translator. It features
support for computer and literary braille, supports contracted and uncontracted
translation for many, many languages and has support for hyphenation. New
languages can easily be added through tables that support a rule- or dictionary
based approach. Liblouis also supports math braille (Nemeth and Marburg).
Liblouis is based on the translation routines in the BRLTTY screenreader for
Linux. It has, however, gone far beyond these routines. The library is named in
honor of Louis Braille.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #677943 - Review Request: liblouis - Braille translation and
back-translation library
https://bugzilla.redhat.com/show_bug.cgi?id=677943
--------------------------------------------------------------------------------
================================================================================
lyx-2.0.0-0.17.rc1.fc14 (FEDORA-2011-3184)
WYSIWYM (What You See Is What You Mean) document processor
--------------------------------------------------------------------------------
Update Information:
First public candidate for lyx-2.0.0 and thus this version has lots of fixes
over the last version.
This update also fixes the support for language spelling, to use the standard
dictionaries. The thesaurus is now correctly configured by default.
This update adds a new requirement to guarantee that the mathematical formula
instant preview works every time.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 12 2011 José Matos <[email protected]> - 2.0.0-0.17.rc1
- Add thesaurus and hunspell paths to lyxrc.dist thus fixing
http://www.lyx.org/trac/ticket/7253
- Simplified the content of lyxrc.dist leaving only the relevant
options and updating the format to the current one
* Fri Mar 11 2011 José Matos <[email protected]> - 2.0.0-0.16.rc1
- Update for rc1 and add a dependency to ensure that math instant
preview works by default
- Removed patch applied upstream for gcc 4.6 fixes
- Renamed patch for xdg_open to be in sync with current version (rc1)
* Fri Feb 11 2011 Orion Poplawski <[email protected]> 2.0.0-0.15.beta4
- Get gcc46 fixes from svn
* Tue Feb 8 2011 Fedora Release Engineering <[email protected]>
- 2.0.0-0.14.beta4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Feb 7 2011 Rex Dieter <[email protected]> 2.0.0-0.13.beta4
- 2.0.0-beta4
* Mon Feb 7 2011 Thomas Spura <[email protected]> 2.0.0-0.12.beta3
- rebuild for new boost
--------------------------------------------------------------------------------
================================================================================
mod_cluster-1.1.1-2.fc14 (FEDORA-2011-3179)
Apache HTTP load balancer
--------------------------------------------------------------------------------
Update Information:
New package: mod_cluster 1.1.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #655582 - Review Request: mod_cluster - Apache HTTPD based load
balancer
https://bugzilla.redhat.com/show_bug.cgi?id=655582
--------------------------------------------------------------------------------
================================================================================
nickle-2.70-2.fc14 (FEDORA-2011-3173)
A programming language-based prototyping environment
--------------------------------------------------------------------------------
Update Information:
- new upstream release
- updated license information: this software is additionally under GPLv3+ due
to linking with readline
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 12 2011 Michel Salim <[email protected]> - 2.70-2
- Update license field to include GPLv3+ (from readline)
* Sat Mar 12 2011 Michel Salim <[email protected]> - 2.70-1
- Update to 2.70
* Tue Feb 8 2011 Fedora Release Engineering <[email protected]>
- 2.69-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #612470 - nickle-2.70 is available
https://bugzilla.redhat.com/show_bug.cgi?id=612470
--------------------------------------------------------------------------------
================================================================================
pango-1.28.1-5.fc14 (FEDORA-2011-3194)
System for layout and rendering of internationalized text
--------------------------------------------------------------------------------
Update Information:
It was discovered that pango did not check for memory reallocation failures in
hb_buffer_ensure() function. This could trigger a NULL pointer dereference in
hb_buffer_add_glyph(), where possibly untrusted input is used as an index used
for accessing members of the incorrectly reallocated array, resulting in the
use of NULL address as the base array address. This can result in application
crash or, possibly, code execution.
It was demonstrated that it's possible to trigger this flaw in Firefox via a
specially crafted web page.
Mozilla bug report (currently not public):
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
Fix in the harfbuzz git:
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2e
Acknowledgements:
Red Hat would like to thank Mozilla Security Team for reporting this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 11 2011 Matthias Clasen <[email protected]> - 1.28.1-5
- Fix CVS-2011-0064
- Include an upstream heap corruption fix for pangoft2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #681378 - CVE-2011-0064 pango: missing memory reallocation failure
checking in hb_buffer_ensure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=681378
--------------------------------------------------------------------------------
================================================================================
perl-5.12.3-142.fc14 (FEDORA-2011-3174)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
perl-Padre does not launch on Fedora 14 (and has issues on Fedora 13). All of
these issues seem to be tied into perl-Wx being out of date on F-13 and F-14.
To get perl-Wx updated to a version which resolves these issues, perl
(specifically, perl-ExtUtils-ParseXS) and perl-ExtUtils-XSpp had to be updated
at the same time.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 10 2011 Tom Callaway <[email protected]> - 4:5.12.3-142
- update ExtUtils::ParseXS to 2.2206 (current) to fix Wx build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #656317 - libwx_gtk2u_stc-2.8.so: cannot open shared object file:
No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=656317
--------------------------------------------------------------------------------
================================================================================
perl-ExtUtils-XSpp-0.15-2.fc14 (FEDORA-2011-3174)
C++ variant of Perl's XS language
--------------------------------------------------------------------------------
Update Information:
perl-Padre does not launch on Fedora 14 (and has issues on Fedora 13). All of
these issues seem to be tied into perl-Wx being out of date on F-13 and F-14.
To get perl-Wx updated to a version which resolves these issues, perl
(specifically, perl-ExtUtils-ParseXS) and perl-ExtUtils-XSpp had to be updated
at the same time.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 8 2011 Fedora Release Engineering <[email protected]>
- 0.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Oct 22 2010 Marcela Mašláňová <[email protected]> - 0.15-1
- update, fix permission on Grammar.pm (generated file)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #656317 - libwx_gtk2u_stc-2.8.so: cannot open shared object file:
No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=656317
--------------------------------------------------------------------------------
================================================================================
perl-Wx-0.98-5.fc14 (FEDORA-2011-3174)
Interface to the wxWidgets cross-platform GUI toolkit
--------------------------------------------------------------------------------
Update Information:
perl-Padre does not launch on Fedora 14 (and has issues on Fedora 13). All of
these issues seem to be tied into perl-Wx being out of date on F-13 and F-14.
To get perl-Wx updated to a version which resolves these issues, perl
(specifically, perl-ExtUtils-ParseXS) and perl-ExtUtils-XSpp had to be updated
at the same time.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Tom Callaway <[email protected]> - 0.98-5
- add explicit provides for all XS files, not just the ones in XS/
* Wed Feb 9 2011 Fedora Release Engineering <[email protected]>
- 0.98-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Feb 8 2011 Tom Callaway <[email protected]> - 0.98-3
- add explicit provides for the stuff in the XS/ directory that
isn't autodetected
* Thu Jan 27 2011 Tom Callaway <[email protected]> - 0.98-2
- update filtering macros, filter out requires on Wx::PlValidator
* Wed Jan 26 2011 Tom Callaway <[email protected]> - 0.98-1
- update to 0.98
* Thu Dec 23 2010 Marcela Maslanova <[email protected]> - 0.92-5
- 661697 rebuild for fixing problems with vendorach/lib
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #656317 - libwx_gtk2u_stc-2.8.so: cannot open shared object file:
No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=656317
--------------------------------------------------------------------------------
================================================================================
wine-1.3.15-1.fc14 (FEDORA-2011-3190)
A Windows 16/32/64 bit emulator
--------------------------------------------------------------------------------
Update Information:
* Support for changing network passwords.
* Reflection support in shader compiler.
* A number of MSHTML and MSXML improvements.
* Various bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 8 2011 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 1.3.15-1
- version upgrade
--------------------------------------------------------------------------------
================================================================================
zyGrib-3.9.9-3.fc14 (FEDORA-2011-3177)
Visualization of meteo data from files in GRIB Format 1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #666572 - Review Request: zyGrib - Visualization of meteo data from
files in GRIB Format
https://bugzilla.redhat.com/show_bug.cgi?id=666572
--------------------------------------------------------------------------------
--
test mailing list
[email protected]
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
