The following Fedora 12 Security updates need testing:
https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12
https://admin.fedoraproject.org/updates/wireshark-1.2.13-1.fc12
https://admin.fedoraproject.org/updates/phpMyAdmin-3.3.8.1-1.fc12
https://admin.fedoraproject.org/updates/clamav-0.96.4-1200.fc12
https://admin.fedoraproject.org/updates/bareftp-0.3.7-1.fc12
The following Fedora 12 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/glibc-2.11.3-1
https://admin.fedoraproject.org/updates/pungi-2.0.20.1-1.fc12
https://admin.fedoraproject.org/updates/findutils-4.4.2-7.fc12
https://admin.fedoraproject.org/updates/nss-softokn-3.12.4-16.fc12
https://admin.fedoraproject.org/updates/xorg-x11-drv-ati-6.13.0-0.22.2010...
https://admin.fedoraproject.org/updates/util-linux-ng-2.16.2-4.fc12
https://admin.fedoraproject.org/updates/xorg-x11-drv-synaptics-1.2.0-3.fc12
https://admin.fedoraproject.org/updates/findutils-4.4.2-5.fc12
The following builds have been pushed to Fedora 12 updates-testing
QTeXEngine-0.3-1.fc12
darktable-0.7-1.fc12
glibc-2.11.3-1
phpMyAdmin-3.3.8.1-1.fc12
tomcat6-6.0.26-4.fc12
Details about builds:
================================================================================
QTeXEngine-0.3-1.fc12 (FEDORA-2010-18376)
Library enabling Qt based applications to easily export graphics to TeX
--------------------------------------------------------------------------------
Update Information:
Fixed a bug leading to the creation of empty drawing paths.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 30 2010 Chen Lei <supercyper(a)163.com> - 0.3-1
- Update to 0.3
--------------------------------------------------------------------------------
================================================================================
darktable-0.7-1.fc12 (FEDORA-2010-18364)
Utility to organize and develop raw images
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 29 2010 Edouard Bourguignon <madko(a)linuxed.net> - 0.7-1
- Upgrade to darktable 0.7
--------------------------------------------------------------------------------
================================================================================
glibc-2.11.3-1 (FEDORA-2010-18359)
The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:
Update to 2.11.3 release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 22 2010 Andreas Schwab <schwab(a)redhat.com> - 2.11.3-1
- Update to 2.11.3 release
- Allow aux_cache_file open()ing to fail silently even in the chroot
mode (BZ#11149)
- Fix multiple nss_compat initgroups() bugs (BZ#10085)
- Properly convert f_fsid in statvfs (BZ#11611)
- Define MAP_HUGETLB and SWAP_FLAG_DISCARD
- Avoid too much stack use in fnmatch (BZ#11883)
- Fix comparison in sqrtl for IBM long double 128
- Fix warnings in __bswap_16 (BZ#12194)
- Properly quote output of locale (BZ#11904)
- Fix concurrency problem between dl_open and dl_iterate_phdr
- Fix perturbing in malloc on free (BZ#12140)
- Don't expand DST twice in dl_open
- Fix memory leak for some invalid regular expressions (BZ#12078)
- Linux getifaddrs might return entries with ->ifa_addr being NULL
(BZ#12093)
- Handle large malloc requests (BZ#12005)
- getdents64 fallback d_type support
- Fix _FORITY_SOURCE version of longjmp for Linux/x86-64 (BZ#11968)
- Fix array overflow in floating point parser (BZ#7066)
- Missing server address again leads to localhost being used (BZ#10851)
- Document M_PERTURB
- Fix vDSO synthetic hwcap handling so they are not masked out from
ld.so.cache matching
- 32bit memset-sse2.S fails with uneven cache size (BZ#12191)
- Verify in ttyname that the symlink is valid (BZ#12167)
- Fix x86-64 strchr propagation of search byte into all bytes of SSE
register (BZ#12159)
- Fix alignment of AVX safe area on x86-64 (BZ#12113, #643889)
- Fix strstr and memmem algorithm (BZ#12092)
- Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version
strn{,case}cmp (BZ#12077)
- Fix use of extend_alloca in NIS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #643889 - Dynamic linker failed to align TCB for AVX
https://bugzilla.redhat.com/show_bug.cgi?id=643889
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-3.3.8.1-1.fc12 (FEDORA-2010-18348)
Web based MySQL browser written in php
--------------------------------------------------------------------------------
Update Information:
Changes for 3.3.8.1 (2010-11-29)
- [security] XSS on db search, see PMASA-2010-8
-
http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php
- CVE-2010-4329
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 29 2010 Robert Scheck <robert(a)fedoraproject.org> 3.3.8.1-1
- Upstream released 3.3.8.1
--------------------------------------------------------------------------------
================================================================================
tomcat6-6.0.26-4.fc12 (FEDORA-2010-18336)
Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API
--------------------------------------------------------------------------------
Update Information:
Fixes directory destruction during uninstall. F14 and F15 builds already have this fixed.
tomcat6-6.0.26-13.fc15 & tomcat6-6.0.26-14.fc14.
tomcat6-6.0.26-4.fc12 and tomcat6-6.0.26-12.fc13 are new builds
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 23 2010 David Knox <dknox(a)redhat.com> 0:6.0.26-4
- resolves: rhbz#640686 Upgrade of tomcat6 wipes out directories
- Removed __rm appdir, confdir, and libdir from post
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #640686 - Upgrade of tomcat6 wipes out directories
https://bugzilla.redhat.com/show_bug.cgi?id=640686
--------------------------------------------------------------------------------