The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
https://admin.fedoraproject.org/updates/vino-2.28.3-1.fc13
https://admin.fedoraproject.org/updates/seamonkey-2.0.14-1.fc13
https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
https://admin.fedoraproject.org/updates/xorg-x11-server-utils-7.4-17.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13
https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999925-4.fc13
https://admin.fedoraproject.org/updates/wordpress-3.1.2-1.fc13
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
https://admin.fedoraproject.org/updates/mediawiki-1.16.5-59.fc13
https://admin.fedoraproject.org/updates/postfix-2.7.4-1.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13
https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-penmount-1.4.1-2.fc13
https://admin.fedoraproject.org/updates/python-ethtool-0.7-2.fc13
https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc13
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13
https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13
https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13
https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13
https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13
The following builds have been pushed to Fedora 13 updates-testing
mediawiki-1.16.5-59.fc13
postfix-2.7.4-1.fc13
vino-2.28.3-1.fc13
Details about builds:
================================================================================
mediawiki-1.16.5-59.fc13 (FEDORA-2011-6775)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
Mediawiki 1.16.5 was released to correct two security flaws:
The first issue is yet another recurrence of the Internet Explorer 6 XSS
vulnerability that caused the release of 1.16.4. It was pointed out that there
are dangerous extensions with more than four characters, so the regular
expressions we introduced had to be updated to match longer extensions.
(CVE-2011-1765)
The second issue allows unauthenticated users to gain additional
rights, on wikis where $wgBlockDisablesLogin is enabled. By default, it is
disabled. The issue occurs when a malicious user sends cookies which contain
the user name and user ID of a "victim" account. In certain circumstances, the
rights of the victim are loaded and persist throughout the malicious request,
allowing the malicious user to perform actions with the victim's rights.
(CVE-2011-1766)
$wgBlockDisablesLogin is a feature which is sometimes used on private wikis to
prevent users who have an account from logging in and viewing content on the
wiki.
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 8 2011 Axel Thimm <axel.th...@atrpms.net> - 1.16.5-59
- Update to 1.16.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #702512 - CVE-2011-1765 mediawiki: two vulnerabilities fixed in
1.16.5
https://bugzilla.redhat.com/show_bug.cgi?id=702512
--------------------------------------------------------------------------------
================================================================================
postfix-2.7.4-1.fc13 (FEDORA-2011-6777)
Postfix Mail Transport Agent
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes memory corruption in Postfix SMTP server Cyrus
SASL support (CVE-2011-1720). For original upstream announcement see:
http://archives.neohapsis.com/archives/postfix/2011-05/0208.html
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 9 2011 Jaroslav Škarvada <jskar...@redhat.com> - 2:2.7.4-1
- update to 2.7.4
- fix CVE-2011-1720
--------------------------------------------------------------------------------
================================================================================
vino-2.28.3-1.fc13 (FEDORA-2011-6778)
A remote desktop system for GNOME
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 8 2011 Christopher Aillon <cail...@redhat.com> - 2.28.3-1
- Update to 2.28.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #694455 - CVE-2011-0904 vino: Out of bounds read flaw by processing
certain client raw encoding framebuffer update requests
https://bugzilla.redhat.com/show_bug.cgi?id=694455
[ 2 ] Bug #694456 - CVE-2011-0905 vino: Out of bounds read flaw by processing
certain client tight encoding framebuffer update requests
https://bugzilla.redhat.com/show_bug.cgi?id=694456
--------------------------------------------------------------------------------
--
test mailing list
test@lists.fedoraproject.org
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
