The following Fedora 15 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2012-5256/wireshark-1.4.12-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5094/drupal7-ctools-1.0-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4988/trytond-1.8.6-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4569/gnutls-2.10.5-3.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4997/perl-YAML-LibYAML-0.38-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4417/mingw-libtasn1-2.12-1.fc15,mingw32-gnutls-2.10.5-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5079/libpng10-1.0.59-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4659/openssl-1.0.0h-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5436/quagga-0.99.20.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5267/moodle-1.9.17-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5420/rpm-4.9.1.3-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5422/freetype-2.4.4-8.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5406/libtiff-3.9.5-3.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15
The following Fedora 15 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2012-5406/libtiff-3.9.5-3.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5422/freetype-2.4.4-8.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5435/kernel-2.6.43.1-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5420/rpm-4.9.1.3-1.fc15
https://admin.fedoraproject.org/updates/dracut-009-15.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5102/mysql-5.5.22-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4959/mdadm-3.2.3-7.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4971/python-cups-1.9.60-3.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-5053/openldap-2.4.24-6.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4725/perl-Scalar-List-Utils-1.25-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4715/perl-common-sense-3.5-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4659/openssl-1.0.0h-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4569/gnutls-2.10.5-3.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4570/audit-2.2.1-1.fc15
https://admin.fedoraproject.org/updates/lm_sensors-3.3.2-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-4571/llvm-2.8-15.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-13190/phonon-backend-gstreamer-4.5.90-2.fc15,phonon-4.5.57-1.20110914.fc15
The following builds have been pushed to Fedora 15 updates-testing
bird-1.3.7-1.fc15
freetype-2.4.4-8.fc15
ghc-vault-0.1.0.0-1.fc15
haproxy-1.4.20-1.fc15
kernel-2.6.43.1-2.fc15
libtiff-3.9.5-3.fc15
love-0.8.0-1.fc15
love-0.8.0-2.fc15
python-rhsm-0.99.8-1.fc15
python-testtools-0.9.14-1.fc15
quagga-0.99.20.1-1.fc15
rpm-4.9.1.3-1.fc15
rubygem-foreigner-1.1.6-1.fc15
subscription-manager-0.99.13-1.fc15
twirssi-2.5.1-2.fc15
Details about builds:
================================================================================
bird-1.3.7-1.fc15 (FEDORA-2012-5416)
BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:
bird package updated to upstream version 1.3.7
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 4 2012 Stanislav Kozina <skoz...@redhat.com> 1.3.7-1
- updated to latest upstream 1.3.7
--------------------------------------------------------------------------------
================================================================================
freetype-2.4.4-8.fc15 (FEDORA-2012-5422)
A free and portable font rendering engine
--------------------------------------------------------------------------------
Update Information:
This update fixes various CVEs
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 4 2012 Marek Kasik <mka...@redhat.com> 2.4.4-8
- Fixes various CVEs
- Resolves: #806270
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #806270 -
CVE-2012-{1126,1127,1128,1130,1131,1132,1133,1134,1135,1136,1137,1138,1139,1140,1141,1142,1143,1144}
freetype: multiple vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=806270
--------------------------------------------------------------------------------
================================================================================
ghc-vault-0.1.0.0-1.fc15 (FEDORA-2012-5414)
Typed persistent stores for arbitrary type values
--------------------------------------------------------------------------------
Update Information:
Haskell typed persistent stores for arbitrary type values
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #800797 - Review Request: ghc-vault - Persistent store for typed
values
https://bugzilla.redhat.com/show_bug.cgi?id=800797
--------------------------------------------------------------------------------
================================================================================
haproxy-1.4.20-1.fc15 (FEDORA-2012-5429)
HA-Proxy is a TCP/HTTP reverse proxy for high availability environments
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.20
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 3 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.20-1
- Update to 1.4.20
--------------------------------------------------------------------------------
================================================================================
kernel-2.6.43.1-2.fc15 (FEDORA-2012-5435)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
Rebase to latest upstream stable 3.3.1 release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 3 2012 Dave Jones <da...@redhat.com> 2.6.43.1-2
- Disable CONFIG_DEBUG_PAGEALLOC in -debug builds again.
* Mon Apr 2 2012 Dave Jones <da...@redhat.com>
- Linux 3.3.1
* Mon Apr 2 2012 Dave Jones <da...@redhat.com>
- Linux 3.3
* Fri Mar 30 2012 Dave Jones <da...@redhat.com>
- Silence the timekeeping "Adjusting tsc more then 11%" spew. (rhbz 798600)
* Fri Mar 30 2012 Josh Boyer <jwbo...@redhat.com>
- CVE-2012-1601: kvm: NULL dereference from irqchip_in_kernel and
vcpu->arch.apic inconsistency (rhbz 808207)
- Add patch to fix incorrect buffer length in __nfs4_get_acl_uncached
* Thu Mar 29 2012 Josh Boyer <jwbo...@redhat.com>
- Drop __cpuinitdata on disable_nx for x86_32 (rhbz 808075)
* Mon Mar 26 2012 Dave Jones <da...@redhat.com>
- Linux 3.2.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #807396 - kernel-2.6.42.12-1.fc15.x86_64 prevents various system
types from booting
https://bugzilla.redhat.com/show_bug.cgi?id=807396
--------------------------------------------------------------------------------
================================================================================
libtiff-3.9.5-3.fc15 (FEDORA-2012-5406)
Library of functions for manipulating TIFF format image files
--------------------------------------------------------------------------------
Update Information:
Add fix for CVE-2012-1173
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 5 2012 Tom Lane <t...@redhat.com> 3.9.5-3
- Add fix for CVE-2012-1173
Resolves: #CVE-2012-1173
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #803078 - CVE-2012-1173 libtiff: Heap-buffer overflow due to
TileSize calculation when parsing tiff files
https://bugzilla.redhat.com/show_bug.cgi?id=803078
--------------------------------------------------------------------------------
================================================================================
love-0.8.0-1.fc15 (FEDORA-2012-5428)
A free 2D game engine which enables easy game creation in Lua
--------------------------------------------------------------------------------
Update Information:
Initial Version
--------------------------------------------------------------------------------
================================================================================
love-0.8.0-2.fc15 (FEDORA-2012-5403)
A free 2D game engine which enables easy game creation in Lua
--------------------------------------------------------------------------------
Update Information:
Fixed a typo in the man page
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #802050 - Review request: love - A free 2D game engine which
enables easy game creation in Lua
https://bugzilla.redhat.com/show_bug.cgi?id=802050
--------------------------------------------------------------------------------
================================================================================
python-rhsm-0.99.8-1.fc15 (FEDORA-2012-5419)
A Python library to communicate with a Red Hat Unified Entitlement Platform
--------------------------------------------------------------------------------
Update Information:
Minor bugfixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 4 2012 Michael Stead <mst...@redhat.com> 0.99.8-1
- 807721: Setting missing default values (mst...@redhat.com)
* Fri Mar 23 2012 Michael Stead <mst...@redhat.com> 0.99.7-1
- 803773: quote international characters in activation keys before sending to
server (cdur...@redhat.com)
- PEP8 fixes. (mst...@redhat.com)
--------------------------------------------------------------------------------
================================================================================
python-testtools-0.9.14-1.fc15 (FEDORA-2012-5418)
Extensions to the Python unit testing framework
--------------------------------------------------------------------------------
Update Information:
- restore API used by subunit
- enable unit tests
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 5 2012 Michel Salim <sali...@fedoraproject.org> - 0.9.14-1
- Update to 0.9.14
- Enable unit tests
* Tue Feb 7 2012 Michel Salim <sali...@fedoraproject.org> - 0.9.13-1
- Update to 0.9.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #788069 - python-testtools-0.9.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=788069
--------------------------------------------------------------------------------
================================================================================
quagga-0.99.20.1-1.fc15 (FEDORA-2012-5436)
Routing daemon
--------------------------------------------------------------------------------
Update Information:
fixes CVEs, updates to latest upstream quagga-0.99.20.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 15 2012 Jiri Skala <jsk...@redhat.com> - 0.99.20.1-1
- updated to latest upstream version 0.99.20.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due
improper length check for a received LS-Update OSPF packet
https://bugzilla.redhat.com/show_bug.cgi?id=802827
[ 2 ] Bug #802829 - CVE-2012-0250 quagga (ospfd): Crash by processing
LS-Update OSPF packet due improper length check of the Network-LSA structures
https://bugzilla.redhat.com/show_bug.cgi?id=802829
[ 3 ] Bug #802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by
processing malformed AS4 capability in BGP OPEN message
https://bugzilla.redhat.com/show_bug.cgi?id=802781
--------------------------------------------------------------------------------
================================================================================
rpm-4.9.1.3-1.fc15 (FEDORA-2012-5420)
The RPM package management system
--------------------------------------------------------------------------------
Update Information:
This update fixes various input-validation issues in rpm:
CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 3 2012 Panu Matilainen <pmati...@redhat.com> - 4.9.1.3-1
- update to 4.1.9.3 (http://rpm.org/wiki/Releases/4.9.1.3)
- fixes CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #744104 - CVE-2012-0815 rpm: incorrect handling of negated offsets
in headerVerifyInfo()
https://bugzilla.redhat.com/show_bug.cgi?id=744104
[ 2 ] Bug #744858 - CVE-2012-0060 rpm: insufficient validation of region tags
https://bugzilla.redhat.com/show_bug.cgi?id=744858
[ 3 ] Bug #798585 - CVE-2012-0061 rpm: improper validation of header contents
total size in headerLoad()
https://bugzilla.redhat.com/show_bug.cgi?id=798585
--------------------------------------------------------------------------------
================================================================================
rubygem-foreigner-1.1.6-1.fc15 (FEDORA-2012-5395)
Foreign Keys for Rails
--------------------------------------------------------------------------------
Update Information:
Release 1.1.6 of Foreigner.
Release 1.1.5 of Foreigner.
Release 1.1.4 of Foreigner.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 5 2012 Darryl L. Pierce <dpie...@redhat.com> - 1.1.6-1
- Release 1.1.6 of Foreigner.
- Added BuildRequires: {ruby(rubygems), ruby(abi) ruby} fields to the spec.
* Thu Mar 8 2012 Darryl L. Pierce <dpie...@redhat.com> - 1.1.5-1
- Release 1.1.5 of Foreigner.
- Restored the Ruby ABI version to 1.8 (was mistakenly moved to 1.9.1).
* Tue Mar 6 2012 Darryl L. Pierce <dpie...@redhat.com> - 1.1.4-1
- Release 1.1.4 of Foreigner.
--------------------------------------------------------------------------------
================================================================================
subscription-manager-0.99.13-1.fc15 (FEDORA-2012-5439)
Tools and libraries for subscription and repository management
--------------------------------------------------------------------------------
Update Information:
Added support for service level autobind in GUI, dozens of bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 4 2012 Michael Stead <mst...@redhat.com> 0.99.13-1
- latest strings into keys.pot and updated from zanata (alik...@redhat.com)
- 809611: Fix undefined variable in installedtab for expired
(alik...@redhat.com)
- pep8/pyflakes cleanups (alik...@redhat.com)
- Repolib now requires a UEP connection. (aw...@redhat.com)
- Use numeric index to access portion of URL. (aw...@redhat.com)
- 807785: use a better title on the autobind wizard (jbo...@redhat.com)
- latest strings from zanata (alik...@redhat.com)
- Add release selection to preferences dialog (alik...@redhat.com)
- 805415: handle entitlements for socket count of 0 (alik...@redhat.com)
- 804201: Fix sla select in firstboot after back button (jbo...@redhat.com)
- 807477: Delay attempt to connect to RHN until after basic error checks.
(aw...@redhat.com)
- 803374: Change the 'Subscribe' button to read 'Auto-subscribe.'
(aw...@redhat.com)
- 808217: Add a header to the release list (bkear...@redhat.com)
- 807153: Provide a more informative error message when encountering repodata
errors. (aw...@redhat.com)
- 807822: Allow setting release to '' (mst...@redhat.com)
- 807036: Instruct users to go to All Subscriptions for all SLA failures
(bkear...@redhat.com)
- 807407: Subscripton Manager substitutes "" for $releasever when releaseVer
not set on consumer (wpot...@redhat.com)
- 803756: Trap RemoteServerException as well as RestLibException (404) for
service-level command (mst...@redhat.com)
- 806941: Removed unknown swapped attribute from autobind.glade.
(mst...@redhat.com)
- 807360: Allow the repos command to work without being registered
(bkear...@redhat.com)
- 806457: Fix deletion of productids with yum localinstall (alik...@redhat.com)
* Fri Mar 23 2012 Michael Stead <mst...@redhat.com> 0.99.12-1
- Don't skip past firstboot login page on invalid user/pass (jbo...@redhat.com)
- 805690: Turn repo gpgcheck off if no gpgkey specified. (dgood...@redhat.com)
- 795552: Put safe int conversions around certain fact checks.
(bkear...@redhat.com)
- 804100: display an error when candlepin doesn't support release
(jbo...@redhat.com)
- 804227: expect a Release object instead of a bare string (alik...@redhat.com)
- Latest string files from zanata (bkear...@redhat.com)
- 805450: display better error message when autosubscribing
(cdur...@redhat.com)
- 805594: Give each "Subscribe" button in the GUI a unique at-spi name.
(aw...@redhat.com)
- 803374: Provide unambiguous at-spi names for widgets. (aw...@redhat.com)
- 805353: subscription-manager list --help should use consistent wording for
servicelevel option. (aw...@redhat.com)
* Thu Mar 22 2012 Michael Stead <mst...@redhat.com> 0.99.11-1
- 805906: fix missing imports for firstboot (jbo...@redhat.com)
- Fix RHEL6 firstboot attribute error (dgood...@redhat.com)
- 772218: throw an error if unparsed command line options exist
(cdur...@redhat.com)
- Add missing imports to rhsm_login for error dialogs (jbo...@redhat.com)
- 803386: Display product ID in GUI and CLI. (aw...@redhat.com)
- Fix specfile for el5 firstboot (jbo...@redhat.com)
- 804227,804076,804228: Handle 404's from old candlepin servers without
/release (alik...@redhat.com)
- 803778: Updated the --servicelevel not supported messages for subscribe
command (mst...@redhat.com)
- 803778: Updated the --servicelevel not supported messages for register
command (mst...@redhat.com)
- 803756,803762: Updated error message for service-level command
(mst...@redhat.com)
- fixups for strings from zanata (alik...@redhat.com)
- latest strings from zanata (alik...@redhat.com)
- 789007: Migration should fail early when attempted with non org admin user.
(aw...@redhat.com)
- 805024: Hide extra separator along with redeem button. (aw...@redhat.com)
- 800999: Added --servicelevel arg to CLI list command (mst...@redhat.com)
- 804227: Fix issues with repos --list (alik...@redhat.com)
- Add proper back/forward logic for firstboot sla subscribe (jbo...@redhat.com)
- 800933: Display service level and type in CLI list commands.
(dgood...@redhat.com)
- 789008: Print a more specific error message when Candlepin calls fail.
(aw...@redhat.com)
- hook up sla firstboot to more registration cases (jbo...@redhat.com)
- Define globals at module scope. (aw...@redhat.com)
- Remove firstboot subscriptions module (jbo...@redhat.com)
- Fix broken tests for DST. Stop using time.time() (alik...@redhat.com)
- Add error cases for firstboot autobind (jbo...@redhat.com)
- Perform the actual entitlement bind on confirm subs screen
(jbo...@redhat.com)
- Set up shared state for AutobindController in firstboot (jbo...@redhat.com)
- Extract a controller class for sla select logic (jbo...@redhat.com)
- Break apart autobind first boot module (jbo...@redhat.com)
- Add some autobind wizard button spacing. (dgood...@redhat.com)
- Always update the icon and notification details on status change.
(mst...@redhat.com)
- Only add icon click listeners once. (mst...@redhat.com)
- Adding notification nag icon support for Registration Required
(mst...@redhat.com)
- add firstboot rhsm_autobind to spec file (jbo...@redhat.com)
- Autobind cancel during registration will now unregister you.
(dgood...@redhat.com)
- Update CLI to handle server that doesn't support service levels.
(dgood...@redhat.com)
- Move back/forward/cancel buttons in sla selection to parent
(jbo...@redhat.com)
- Revert "Update CLI to handle server that doesn't support service levels."
(dgood...@redhat.com)
- Update GUI to handle server that does not support service levels.
(dgood...@redhat.com)
- Update CLI to handle server that doesn't support service levels.
(dgood...@redhat.com)
- Add autobind screen to firstboot (jbo...@redhat.com)
- Fix firstboot unregister import error. (dgood...@redhat.com)
- Add missing spacers to main window toolbar. (dgood...@redhat.com)
- Fix an error handling bug. (dgood...@redhat.com)
- Get register screen working in el6 firstboot (jbo...@redhat.com)
- Center wizard's error dialog on main window (mst...@redhat.com)
- Removing commented out code in register dialog (mst...@redhat.com)
- Add skip option instead of autobind in register dialog. (mst...@redhat.com)
- Fix preferences dialog error when not registered. (dgood...@redhat.com)
- Improved error handling for autobind wizard. (dgood...@rm-rf.ca)
- Fix message window warnings. (dgood...@rm-rf.ca)
- Fix alignment on select SLA screen. (dgood...@redhat.com)
- Display the service level selected when confirming autobind subs (dgoodwin
@rm-rf.ca)
- Implement Cancel button on autobind wizard screens. (dgood...@redhat.com)
- Allow setting service level from preferences dialog. (dgood...@redhat.com)
- First cut at a preferences dialog. (dgood...@redhat.com)
- Pack SLA's into a scrolled window. (dgood...@rm-rf.ca)
- Handle any exception that happens when the autobind wizard is loaded.
(mst...@redhat.com)
- Setting parent window on AutobindDialog and add titles to screens.
(mst...@redhat.com)
- Integrating autobind wizard with register gui. (mst...@redhat.com)
- Fix autobind wizard disappearing on window switch. (dgood...@redhat.com)
- Do not set SLA until user hit's subscribe button. (dgood...@redhat.com)
- Polish autobind glade UI (dgood...@redhat.com)
- Set and use the system's service level. (dgood...@redhat.com)
- Cleaning up Select SLA screen (mst...@redhat.com)
- Added framework for back button support (mst...@redhat.com)
- Handle no SLAs cover all installed products. (dgood...@rm-rf.ca)
- Handle launching autobind when no entitlements needed. (dgood...@rm-rf.ca)
- Set detected prod list in Select SLA screen (mst...@redhat.com)
- Close autobind wizard once complete. (dgood...@redhat.com)
- Hookup actual bind in autobind wizard. (dgood...@redhat.com)
- SelectSLA now keeps track of selected SLA and pass to confirm dialog.
(mst...@redhat.com)
- Load the autobind glade file on wizard creation. (mst...@redhat.com)
- Switch to more explicit screen switching. (dgood...@redhat.com)
- Set screen title when screen is changed. (mst...@redhat.com)
- Allow screens to pass custum data during wizard screen change.
(mst...@redhat.com)
- Hooking up button signals for selectsla (mst...@redhat.com)
- Add callback to allow screen change in wizard (mst...@redhat.com)
- Fixing broken tests due to leap year. (mst...@redhat.com)
- Attempt to keep button bar right aligned. (mst...@redhat.com)
- Removed the button bar form the wizard. (mst...@redhat.com)
- Created AutobindWizardScreen to provide contract for AutobindWizard
(mst...@redhat.com)
- Display appropriate screen in SLA wizard. (mst...@redhat.com)
- Fixed GtkWarning: IA__gtk_widget_reparent error when launchig dialog
(mst...@redhat.com)
- First cut at adding the Select SLA screen. (mst...@redhat.com)
- Check if dry-run results cover required products. (dgood...@redhat.com)
- Check dry run autobind results for each service level. (dgood...@redhat.com)
- Sketch out an autobind wizard class. (dgood...@redhat.com)
- Start sketching out the confirm subscriptions screen. (dgood...@redhat.com)
--------------------------------------------------------------------------------
================================================================================
twirssi-2.5.1-2.fc15 (FEDORA-2012-5412)
An Irssi script to interact with Twitter
--------------------------------------------------------------------------------
Update Information:
Twirssi is an Irssi script that allows you to interact with Twitter.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #808254 - Review Request: twirssi - Allows you to post to Twitter
from Irssi
https://bugzilla.redhat.com/show_bug.cgi?id=808254
--------------------------------------------------------------------------------
--
test mailing list
test@lists.fedoraproject.org
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
