The following Fedora 14 Security updates need testing:
https://admin.fedoraproject.org/updates/pure-ftpd-1.0.32-1.fc14
https://admin.fedoraproject.org/updates/fetchmail-6.3.20-1.fc14
https://admin.fedoraproject.org/updates/pam_ssh-1.97-7.fc14
https://admin.fedoraproject.org/updates/libvoikko-3.0-3.fc14
https://admin.fedoraproject.org/updates/subversion-1.6.17-1.fc14
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-21.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14
https://admin.fedoraproject.org/updates/oprofile-0.9.6-21.fc14
https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
https://admin.fedoraproject.org/updates/ejabberd-2.1.8-1.fc14
https://admin.fedoraproject.org/updates/weechat-0.3.5-1.fc14
https://admin.fedoraproject.org/updates/libxml-1.8.17-26.fc14
https://admin.fedoraproject.org/updates/torque-2.4.11-2.fc14
The following Fedora 14 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/gtk2-2.22.0-2.fc14
https://admin.fedoraproject.org/updates/audit-2.1.2-1.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-8.fc14.2
https://admin.fedoraproject.org/updates/pygobject2-2.21.5-4.fc14
https://admin.fedoraproject.org/updates/sudo-1.7.4p5-2.fc14
https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-42.fc14
https://admin.fedoraproject.org/updates/dash-0.5.6-4.fc14
https://admin.fedoraproject.org/updates/pcre-8.10-2.fc14
https://admin.fedoraproject.org/updates/libedit-3.0-3.20090923cvs.fc14
https://admin.fedoraproject.org/updates/libpcap-1.1.1-3.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14
https://admin.fedoraproject.org/updates/evolution-exchange-2.32.3-1.fc14,evolution-data-server-2.32.3-1.fc14,evolution-2.32.3-1.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-6.fc14
https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc14
https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14
https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc14
https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14
https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14
The following builds have been pushed to Fedora 14 updates-testing
akonadi-googledata-1.2.0-4.fc14
bdii-5.2.3-1.fc14
cppcheck-1.49-1.fc14
cuneiform-1.1.0-3.fc14
gwibber-3.1.0-1.fc14
htmldoc-1.8.27-15.fc14
hulahop-0.8.1-1.fc14
ibus-m17n-1.3.2-5.fc14
ibus-skk-1.3.7-1.fc14
leksah-server-0.10.0.4-2.fc14
lmms-0.4.11-1.fc14
oxygen-gtk-1.0.5-1.fc14
pitivi-0.14.0-2.fc14
pondus-0.8.0-1.fc14
puddletag-0.10.6-1.fc14
pysdm-0.4.1-2.fc14
python-telepathy-0.15.19-2.fc14
q4wine-0.121-1.fc14
rubygem-ffi-1.0.9-2.fc14
subversion-1.6.17-1.fc14
sugar-xoirc-10-1.fc14
zeroinstall-injector-1.0-1.fc14
Details about builds:
================================================================================
akonadi-googledata-1.2.0-4.fc14 (FEDORA-2011-8337)
Google contacts and calendar akonadi resource
--------------------------------------------------------------------------------
Update Information:
First package of akonadi-googledata version 1.2.0 for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #711058 - Review Request: akonadi-googledata - Google contacts and
calendar akonadi resource
https://bugzilla.redhat.com/show_bug.cgi?id=711058
--------------------------------------------------------------------------------
================================================================================
bdii-5.2.3-1.fc14 (FEDORA-2011-8343)
The Berkeley Database Information Index (BDII)
--------------------------------------------------------------------------------
Update Information:
Update BDII to version 5.2.3.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 13 2011 Mattias Ellert <[email protected]> - 5.2.3-1
- New upstream version 5.2.3
- Drop patches accepted upstream: bdii-runuser.patch, bdii-context.patch,
bdii-default.patch, bdii-shadowerr.patch, bdii-sysconfig.patch
* Mon Feb 7 2011 Fedora Release Engineering <[email protected]>
- 5.1.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
cppcheck-1.49-1.fc14 (FEDORA-2011-8333)
A tool for static C/C++ code analysis
--------------------------------------------------------------------------------
Update Information:
Update to 1.49. For full changelog see
https://raw.github.com/danmar/cppcheck/master/Changelog .
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 13 2011 Jussi Lehtola <[email protected]> - 1.49-1
- Update to 1.49.
* Sat Apr 30 2011 Ville Skyttä <[email protected]> - 1.48-2
- Build with system tinyxml and support for rules.
- Run test suite during build, don't include its sources in docs.
- Drop readme.txt from docs, it doesn't contain useful info after installed.
--------------------------------------------------------------------------------
================================================================================
cuneiform-1.1.0-3.fc14 (FEDORA-2011-8376)
Command-line OCR system
--------------------------------------------------------------------------------
Update Information:
Cuneiform is an multi-language OCR system originally developed
and open sourced by Cognitive Technologies. Cuneiform was
originally a Windows program, which was ported to Linux
by Jussi Pakkanen.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #693275 - Review Request: cuneiform - Command-line OCR system
https://bugzilla.redhat.com/show_bug.cgi?id=693275
--------------------------------------------------------------------------------
================================================================================
gwibber-3.1.0-1.fc14 (FEDORA-2011-8338)
An open source microblogging client for GNOME developed with Python and GTK
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.0, should stop duplicate message notifications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Tom Callaway <[email protected]> - 1:3.1.0-1
- update to 3.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #701795 - Getting each notification 4 times
https://bugzilla.redhat.com/show_bug.cgi?id=701795
--------------------------------------------------------------------------------
================================================================================
htmldoc-1.8.27-15.fc14 (FEDORA-2011-8363)
Converter from HTML into indexed HTML, PostScript, or PDF
--------------------------------------------------------------------------------
Update Information:
Fix DSO linking
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Peter Robinson <[email protected]> - 1.8.27-15
- Fix DSO linking so htmldoc actually compiles and works - RHBZ 631135 and
others
* Wed Feb 9 2011 Fedora Release Engineering <[email protected]>
- 1.8.27-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #631135 - FTBFS htmldoc-1.8.27-13.fc12: ImplicitDSOLinking
https://bugzilla.redhat.com/show_bug.cgi?id=631135
[ 2 ] Bug #642036 - [abrt] htmldoc-1.8.27-13.fc12: get_width: Process
/usr/bin/htmldoc was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=642036
[ 3 ] Bug #656295 - [abrt] htmldoc-1.8.27-13.fc12: __libc_message: Process
/usr/bin/htmldoc was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=656295
[ 4 ] Bug #656304 - [abrt] htmldoc-1.8.27-13.fc12: __libc_message: Process
/usr/bin/htmldoc was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=656304
[ 5 ] Bug #666113 - [abrt] htmldoc-1.8.27-13.fc12: get_width: Process
/usr/bin/htmldoc was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=666113
[ 6 ] Bug #676575 - [abrt] htmldoc-1.8.27-13.fc12: __libc_message: Process
/usr/bin/htmldoc was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=676575
--------------------------------------------------------------------------------
================================================================================
hulahop-0.8.1-1.fc14 (FEDORA-2011-8344)
A pygtk widget for embedding mozilla
--------------------------------------------------------------------------------
Update Information:
Fix transfer of focus from external widgets.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Daniel Drake <[email protected]> - 0.8.1-1
- New version, fixes focus issues
--------------------------------------------------------------------------------
================================================================================
ibus-m17n-1.3.2-5.fc14 (FEDORA-2011-8373)
The M17N engine for IBus platform
--------------------------------------------------------------------------------
Update Information:
fix surrounding-text not working at the very first time
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 15 2011 Daiki Ueno <[email protected]> - 1.3.2-5
- Add ibus-m17n-stsreq.patch.
- Fix bug 711126 - ibus: surrounding text support fails for the first
syllable upon activation
* Tue Jun 7 2011 Daiki Ueno <[email protected]> - 1.3.2-4
- Add ibus-m17n-stscap.patch.
- Fix bug 711126 - ibus: surrounding text support fails for the first
syllable upon activation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #711126 - ibus: surrounding text support fails for the first
syllable upon activation
https://bugzilla.redhat.com/show_bug.cgi?id=711126
--------------------------------------------------------------------------------
================================================================================
ibus-skk-1.3.7-1.fc14 (FEDORA-2011-8350)
Japanese SKK input method for ibus
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 15 2011 Daiki Ueno <[email protected]> - 1.3.7-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
leksah-server-0.10.0.4-2.fc14 (FEDORA-2011-8364)
Leksah is an IDE for Haskell
--------------------------------------------------------------------------------
Update Information:
leksah-server provides the ghc-api for leksah
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #664140 - Review Request: leksah-server - Package that provides the
interface to GHC-API for leksah
https://bugzilla.redhat.com/show_bug.cgi?id=664140
--------------------------------------------------------------------------------
================================================================================
lmms-0.4.11-1.fc14 (FEDORA-2011-8354)
Linux MultiMedia Studio
--------------------------------------------------------------------------------
Update Information:
Update to LMMS 0.4.11. This version is a maintenance release of the 0.4.x
series. It fixes various bugs found in version 0.4.10.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 11 2011 Thomas Moschny <[email protected]> - 0.4.11-1
- Update to 0.4.11.
* Sat May 28 2011 Thomas Moschny <[email protected]> - 0.4.10-3
- Rebuild for new fltk.
--------------------------------------------------------------------------------
================================================================================
oxygen-gtk-1.0.5-1.fc14 (FEDORA-2011-8357)
Oxygen GTK theme
--------------------------------------------------------------------------------
Update Information:
oxygen-gtk-1.0.5 is the final bugfix monthly release of oxygen-gtk's 1.0
series, the "kde official" Gtk port of Oxygen's widget style.
See https://projects.kde.org/projects/playground/artwork/oxygen-gtk/news
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 20 2011 Rex Dieter <[email protected]> 1.0.5-1
- 1.0.5
--------------------------------------------------------------------------------
================================================================================
pitivi-0.14.0-2.fc14 (FEDORA-2011-8358)
Non-linear video editor
--------------------------------------------------------------------------------
Update Information:
Update to 0.14.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 12 2011 Hicham HAOUARI <[email protected]> - 0.14.0-2
- Allow using "Default" as preset name, fixes rhbz #712700
- Lower pygtk2 min version to 2.17.0 so that we can push 0.14.0 to f14
* Thu Jun 2 2011 Hicham HAOUARI <[email protected]> - 0.14.0-1
- Update to 0.14
- Drop backported patches
- Remove BuildRoot tag and clean section
- Add patch to make sure welcome dialog apprears after the UI is loaded
- Fix license in some files headers
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #673440 - [abrt] pitivi-0.13.5-4.fc14: Process /usr/bin/python was
killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=673440
[ 2 ] Bug #675598 - [abrt] pitivi-0.13.5-4.fc14:
mainwindow.py:67:<module>:GError: Failed to contact configuration server; some
possible causes are that you need to enable TCP/IP networking for ORBit, or you
have stale NFS locks due to a system crash. See http://projects.gno
https://bugzilla.redhat.com/show_bug.cgi?id=675598
[ 3 ] Bug #676994 - [abrt] pitivi-0.13.5-4.fc14: goo_canvas_request_redraw:
Process /usr/bin/python was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=676994
[ 4 ] Bug #684562 - [abrt] pitivi-0.13.5-4.fc14: Process /usr/bin/python was
killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=684562
[ 5 ] Bug #685063 - [abrt] pitivi-0.13.5-4.fc14:
discoverer.py:537:_videoPadSeekCb:AttributeError: 'NoneType' object has no
attribute 'query_duration'
https://bugzilla.redhat.com/show_bug.cgi?id=685063
[ 6 ] Bug #691235 - [abrt] pitivi-0.13.5-4.fc14:
mixer.py:129:__init__:ElementNotFoundError: videomixer
https://bugzilla.redhat.com/show_bug.cgi?id=691235
[ 7 ] Bug #694356 - [abrt] pitivi-0.13.5-4.fc14: Process /usr/bin/python was
killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=694356
[ 8 ] Bug #699225 - [abrt] pitivi-0.13.5-4.fc14: Process /usr/bin/python was
killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=699225
[ 9 ] Bug #701681 - [abrt] pitivi-0.13.5-4.fc14:
encodingdialog.py:158:_settingsButtonClickedCb:AttributeError: 'EncodingDialog'
object has no attribute 'app'
https://bugzilla.redhat.com/show_bug.cgi?id=701681
[ 10 ] Bug #701684 - [abrt] pitivi-0.13.5-4.fc14: Process /usr/bin/python was
killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=701684
[ 11 ] Bug #704796 - [abrt] pitivi-0.13.5-4.fc14:
pipeline.py:446:_getFactoryEntryForStream:PipelineError
https://bugzilla.redhat.com/show_bug.cgi?id=704796
[ 12 ] Bug #650564 - [abrt] pitivi-0.13.5-1.fc14:
pipeline.py:269:setState:PipelineError: Failure changing state of the
gst.Pipeline to <enum GST_STATE_PAUSED of type GstState>, currently reset to
NULL
https://bugzilla.redhat.com/show_bug.cgi?id=650564
[ 13 ] Bug #656727 - [abrt] pitivi-0.13.5-1.fc14: PyEval_EvalCodeEx: Process
/usr/bin/python was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=656727
[ 14 ] Bug #658279 - [abrt] pitivi-0.13.5-1.fc14: Process /usr/bin/python was
killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=658279
[ 15 ] Bug #660567 - [abrt] pitivi-0.13.5-1.fc14:
log.py:768:debug:AttributeError: 'EncodingDialog' object has no attribute
'logCategory'
https://bugzilla.redhat.com/show_bug.cgi?id=660567
[ 16 ] Bug #661299 - [abrt] pitivi-0.13.5-2.fc14:
discoverer.py:675:_capsNotifyCb:KeyError: <GstPad (dbin:src1) at 7f8304012280>
https://bugzilla.redhat.com/show_bug.cgi?id=661299
[ 17 ] Bug #663634 - [abrt] pitivi-0.13.5-3.fc14:
track.py:224:removeKeyframe:ValueError: list.remove(x): x not in list
https://bugzilla.redhat.com/show_bug.cgi?id=663634
[ 18 ] Bug #663643 - [abrt] pitivi-0.13.5-3.fc14:
etree.py:96:_parsePropertyValue:TypeError: wrong arguments when creating
GstCaps object
https://bugzilla.redhat.com/show_bug.cgi?id=663643
[ 19 ] Bug #664201 - [abrt] pitivi-0.13.5-1.fc14:
plumber.py:132:_makeBin:AttributeError: 'NoneType' object has no attribute
'props'
https://bugzilla.redhat.com/show_bug.cgi?id=664201
[ 20 ] Bug #664202 - [abrt] pitivi-0.13.5-1.fc14:
encodingdialog.py:108:_fileButtonClickedCb:AttributeError: 'EncodingDialog'
object has no attribute 'outfile'
https://bugzilla.redhat.com/show_bug.cgi?id=664202
[ 21 ] Bug #665796 - [abrt] pitivi-0.13.5-4.fc14: Process /usr/bin/python was
killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=665796
[ 22 ] Bug #666627 - [abrt] pitivi-0.13.5-4.fc14:
stream.py:327:get_stream_for_caps:AttributeError: 'NoneType' object has no
attribute 'to_string'
https://bugzilla.redhat.com/show_bug.cgi?id=666627
[ 23 ] Bug #667511 - [abrt] pitivi-0.13.5-4.fc14:
gst_base_transform_acceptcaps: Process /usr/bin/python was killed by signal 11
(SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=667511
[ 24 ] Bug #668283 - [abrt] pitivi-0.13.5-4.fc14:
sourcelist.py:467:addUris:AttributeError: 'NoneType' object has no attribute
'sources'
https://bugzilla.redhat.com/show_bug.cgi?id=668283
[ 25 ] Bug #545275 - [abrt] crash detected in pitivi-0.13.3-2.fc12
https://bugzilla.redhat.com/show_bug.cgi?id=545275
[ 26 ] Bug #544912 - [abrt] crash detected in pitivi-0.13.3-2.fc12
https://bugzilla.redhat.com/show_bug.cgi?id=544912
--------------------------------------------------------------------------------
================================================================================
pondus-0.8.0-1.fc14 (FEDORA-2011-8348)
A personal weight management program
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.0, adding more plotting options.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 13 2011 Jussi Lehtola <[email protected]> - 0.8.0-1
- Update to 0.8.0.
* Wed Feb 9 2011 Fedora Release Engineering <[email protected]>
- 0.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #712335 - pondus-0.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=712335
--------------------------------------------------------------------------------
================================================================================
puddletag-0.10.6-1.fc14 (FEDORA-2011-8371)
Feature rich, easy to use tag editor
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release puddletag 0.10.6.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Terje Rosten <[email protected]> - 0.10.6-1
- 0.10.6
--------------------------------------------------------------------------------
================================================================================
pysdm-0.4.1-2.fc14 (FEDORA-2011-8366)
Python based Storage Device Manager
--------------------------------------------------------------------------------
Update Information:
PySDM is a Storage Device Manager that allows full customization of hard disk
mount points without manually access to fstab. It also allows the creation of
udev rules for dynamic configuration of storage devices.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #708475 - Review Request: pysdm - Python based Storage Device
Manager
https://bugzilla.redhat.com/show_bug.cgi?id=708475
--------------------------------------------------------------------------------
================================================================================
python-telepathy-0.15.19-2.fc14 (FEDORA-2011-8353)
Python libraries for Telepathy
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream release. It also fixes the problem
with telepathy-sunshine not starting.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Julian Sikorski <[email protected]> - 0.15.19-2
- Fixed a build failure using a patch from upstream git
* Fri Dec 3 2010 Brian Pepple <[email protected]> - 0.15.19-1
- Update to 0.15.19.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #712152 - [abrt] telepathy-sunshine-0.2.0-1.fc14:
protocol.py:33:<module>:AttributeError: 'module' object has no attribute
'Protocol'
https://bugzilla.redhat.com/show_bug.cgi?id=712152
--------------------------------------------------------------------------------
================================================================================
q4wine-0.121-1.fc14 (FEDORA-2011-8369)
Qt4 GUI for wine
--------------------------------------------------------------------------------
Update Information:
Update to 0.121.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Dmitrij S. Kryzhevich <[email protected]> - 0.121-1
- Update to 0.121.
- Some spec-file cleanup.
* Tue Feb 8 2011 Fedora Release Engineering <[email protected]>
- 0.120-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rubygem-ffi-1.0.9-2.fc14 (FEDORA-2011-8378)
FFI Extensions for Ruby
--------------------------------------------------------------------------------
Update Information:
The license is actually LGPLv3
Latest build from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Bryan Kearney <[email protected]> - 1.0.9-2
- Fixed the License, it is actually LGPL
* Mon Jun 13 2011 Bryan Kearney <[email protected]> - 1.0.9-1
- Bring in 1.0.9 from upstream.
* Wed Feb 9 2011 Fedora Release Engineering <[email protected]>
- 0.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
subversion-1.6.17-1.fc14 (FEDORA-2011-8341)
A Modern Concurrent Version Control System
--------------------------------------------------------------------------------
Update Information:
This update includes the latest release of Subversion, fixing three security
issues:
An infinite loop flaw was found in the way the mod_dav_svn module processed
certain data sets. If the SVNPathAuthz directive was set to "short_circuit",
and path-based access control for files and directories was enabled, a
malicious, remote user could use this flaw to cause the httpd process serving
the request to consume an excessive amount of system memory. (CVE-2011-1783)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module
processed requests submitted against the URL of a baselined resource. A
malicious, remote user could use this flaw to cause the httpd process serving
the request to crash. (CVE-2011-1752)
An information disclosure flaw was found in the way the mod_dav_svn
module processed certain URLs when path-based access control for files and
directories was enabled. A malicious, remote user could possibly use this flaw
to access certain files in a repository that would otherwise not be accessible
to them. Note: This vulnerability cannot be triggered if the SVNPathAuthz
directive is set to "short_circuit". (CVE-2011-1921)
The Fedora Project would like to thank the Apache Subversion project for
reporting these issues. Upstream acknowledges Joe Schaefer of the Apache
Software Foundation as the original reporter of CVE-2011-1752; Ivan Zhakov of
VisualSVN as the original reporter of CVE-2011-1783; and Kamesh
Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.
The following bugs are also fixed in this release:
* make 'blame -g' more efficient on with large mergeinfo
* preserve log message with a non-zero editor exit
* fix FSFS cache performance on 64-bit platforms
* make svn cleanup tolerate obstructed directories
* fix deadlock in multithreaded servers serving FSFS repositories
* detect very occasional corruption and abort commit
* fixed: file externals cause non-inheritable mergeinfo
* fixed: file externals cause mixed-revision working copies
* fixed: write-through proxy could direcly commit to slave
* detect a particular corruption condition in FSFS
* improve error message when clients refer to unkown revisions
* bugfixes and optimizations to the DAV mirroring code
* fixed: locked and deleted file causes tree conflict
* fixed: update touches locked file with svn:keywords property
* fix svnsync handling of directory copyfrom
* fix 'log -g' excessive duplicate output
* fix svnsync copyfrom handling bug with BDB
* server-side validation of svn:mergeinfo syntax during commit
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Joe Orton <[email protected]> - 1.6.17-1
- update to 1.6.17 (#709952)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #709952 - CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 subversion
various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=709952
--------------------------------------------------------------------------------
================================================================================
sugar-xoirc-10-1.fc14 (FEDORA-2011-8336)
IRC client for Sugar
--------------------------------------------------------------------------------
Update Information:
v10
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Peter Robinson <[email protected]> - 10-1
- New upstream 10 release
--------------------------------------------------------------------------------
================================================================================
zeroinstall-injector-1.0-1.fc14 (FEDORA-2011-8356)
The Zero Install Injector (0launch)
--------------------------------------------------------------------------------
Update Information:
Final upstream 1.0 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 14 2011 Michel Salim <[email protected]> - 1.0-1
- Update to 1.0
--------------------------------------------------------------------------------
--
test mailing list
[email protected]
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
