From nphilipp at redhat.com Mon Aug 2 19:05:43 2004 From: nphilipp at redhat.com (Nils Philippsen) Date: Mon, 02 Aug 2004 21:05:43 +0200 Subject: Fedora Core 2 Update: gimp-2.0.3-0.fc2.1 Message-ID: <1091473542.4509.2.camel@gibraltar.stuttgart.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-233 2004-08-02 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gimp Version : 2.0.3 Release : 0.fc2.1 Summary : The GNU Image Manipulation Program Description : The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. The GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The GIMP includes a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. The GIMP FTP site has a package of fonts that you can install by yourself, which includes all the fonts needed to run the included scripts. Some of the fonts have unusual licensing requirements; all the licenses are documented in the package. Get ftp://ftp.gimp.org/pub/gimp/fonts/freefonts-0.10.tar.gz and ftp://ftp.gimp.org/pub/gimp/fonts/sharefonts-0.10.tar.gz if you are so inclined. Alternatively, choose fonts which exist on your system before running the scripts. --------------------------------------------------------------------- Update Information: Update to 2.0.3. --------------------------------------------------------------------- * Thu Jul 22 2004 Nils Philippsen - version 2.0.3 - buildreq gtk2-devel >= 2.4.0 - use -32 or -64 postfixed binaries if available - rebuild for FC2 * Fri Jul 02 2004 Nils Philippsen - use included desktop (#126723), application-registry, mime-info and icon files - remove perl cruft (Gimp-Perl is an external package now) - further spec file cleaning --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 6cbc85a28f7a33acbf61115d60f2d7eb SRPMS/gimp-2.0.3-0.fc2.1.src.rpm 0821f09a961268b01ba92680a6527277 x86_64/gimp-2.0.3-0.fc2.1.x86_64.rpm 44dce307373d3a75c044b33db09d0768 x86_64/gimp-devel-2.0.3-0.fc2.1.x86_64.rpm 668574d1eaabe06a60a6c79e4afc3694 x86_64/debug/gimp-debuginfo-2.0.3-0.fc2.1.x86_64.rpm d318bec17eab5658c5d8d12331d4f432 i386/gimp-2.0.3-0.fc2.1.i386.rpm e1fc5a18af6b1d53bc69cd3f79bc31c5 i386/gimp-devel-2.0.3-0.fc2.1.i386.rpm 84c512a2a99c81c59b352e4b13cdd37c i386/debug/gimp-debuginfo-2.0.3-0.fc2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Nils Philippsen / Red Hat / nphilipp at redhat.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From caolanm at redhat.com Tue Aug 3 13:52:12 2004 From: caolanm at redhat.com (Caolan McNamara) Date: Tue, 3 Aug 2004 09:52:12 -0400 Subject: Fedora Core 2 Update: gnumeric-1.2.8-2 Message-ID: <20040803135212.GA30694@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-243 2004-08-03 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gnumeric Version : 1.2.8 Release : 2 Summary : A spreadsheet program for GNOME. Description : Gnumeric is a spreadsheet program for the GNOME GUI desktop environment. --------------------------------------------------------------------- Update Information: plugins in gnumeric not available in FC2 --------------------------------------------------------------------- * Tue Apr 13 2004 Warren Togami 1.2.8-2 - #74034 own plugin dir - #111112 BR intltool scrollkeeper gettext desktop-file-utils - some cleanup --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 9efe81eec169223c863f80fd69aeb487 SRPMS/gnumeric-1.2.8-2.src.rpm c9373057de61ec87245855feccdc3193 x86_64/gnumeric-1.2.8-2.x86_64.rpm 7d60de11ed1228a4a52f57edcfe14b11 x86_64/gnumeric-devel-1.2.8-2.x86_64.rpm 36ba7e6ee6e327e23722240630ffbe70 x86_64/debug/gnumeric-debuginfo-1.2.8-2.x86_64.rpm 309cb92fc2cdd4ec8246089266f96fa4 i386/gnumeric-1.2.8-2.i386.rpm 7240f7f05b232a5c04f7c2002ce0469f i386/gnumeric-devel-1.2.8-2.i386.rpm 2bf144730c5b75b4bde25f9074293727 i386/debug/gnumeric-debuginfo-1.2.8-2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From arjanv at redhat.com Tue Aug 3 17:33:21 2004 From: arjanv at redhat.com (Arjan van de Ven) Date: Tue, 3 Aug 2004 19:33:21 +0200 Subject: Fedora Core 2 Update: kernel-2.6.7-1.494.2.2 Message-ID: <20040803173321.GA26545@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-247 2004-08-03 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kernel Version : 2.6.7 Release : 1.494.2.2 Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: This update kernel for Fedora Core 2 contains the security fixes as found by Paul Starzetz from isec.pl. In addition this kernel contains a significant number of bugfixes that are inherited from the newer kernel.org kernel this release is based on. --------------------------------------------------------------------- * Wed Aug 04 2004 Arjan van de Ven - fix ppos races * Sat Jul 17 2004 Arjan van de Ven - ppc32 embedded updates * Fri Jul 16 2004 Arjan van de Ven - make USB modules again and add Alan's real fix for the SMM-meets-USB bug - 2.6.8-rc1-bk4 * Thu Jul 15 2004 Arjan van de Ven - 2.6.8-rc1-bk3 * Wed Jul 14 2004 Arjan van de Ven - add "enforcemodulesig" boot option to make the kernel load signed modules only * Tue Jul 13 2004 Arjan van de Ven - updated voluntary preempt - 2.6.8-rc1 * Thu Jul 08 2004 Arjan van de Ven - fix boot breakage that was hitting lots of people (Dave Jones) * Wed Jul 07 2004 Arjan van de Ven - add voluntary preemption patch from Ingo - 2.6.7-bk19 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 7c34ff18c58199a9559e41e0a89989f1 SRPMS/kernel-2.6.7-1.494.2.2.src.rpm 2e5ad2234291cbae1717808e5e6b1091 x86_64/kernel-2.6.7-1.494.2.2.x86_64.rpm 8cad3b767b875d9eda43d28e0fe44dcc x86_64/kernel-smp-2.6.7-1.494.2.2.x86_64.rpm b440fc206a2107c88ffbfda43d9de2ef x86_64/debug/kernel-debuginfo-2.6.7-1.494.2.2.x86_64.rpm 7fc266322f905637c9d4cb13968c5d00 x86_64/kernel-sourcecode-2.6.7-1.494.2.2.noarch.rpm c74e6ec7c9b3cc8bd0e37792aa6d0ba9 x86_64/kernel-doc-2.6.7-1.494.2.2.noarch.rpm e49810ed1e33f0be9841724e57da67dd i386/kernel-2.6.7-1.494.2.2.i586.rpm 866a4597feb9f75d8e9b44ac18e4e498 i386/kernel-smp-2.6.7-1.494.2.2.i586.rpm 2f3fe2937733e54dbdc40a920d310b21 i386/debug/kernel-debuginfo-2.6.7-1.494.2.2.i586.rpm d9edea58c35389d004397c10bcb95892 i386/kernel-2.6.7-1.494.2.2.i686.rpm 53ab1cccbb9e5d1db4f41484a04cfc4e i386/kernel-smp-2.6.7-1.494.2.2.i686.rpm b06b13774f0320c064f16340757c053e i386/debug/kernel-debuginfo-2.6.7-1.494.2.2.i686.rpm 7fc266322f905637c9d4cb13968c5d00 i386/kernel-sourcecode-2.6.7-1.494.2.2.noarch.rpm c74e6ec7c9b3cc8bd0e37792aa6d0ba9 i386/kernel-doc-2.6.7-1.494.2.2.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mclasen at redhat.com Wed Aug 4 16:28:40 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 04 Aug 2004 12:28:40 -0400 Subject: [SECURITY] Fedora Core 1 Update: libpng10-1.0.15-7 Message-ID: <1091636920.24836.31.camel@dhcp83-26.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-236 2004-08-04 --------------------------------------------------------------------- Product : Fedora Core 1 Name : libpng10 Version : 1.0.15 Release : 7 Summary : Old version of libpng, needed to run old binaries. Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. --------------------------------------------------------------------- Update Information: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues. In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim. Red Hat would like to thank Chris Evans for discovering these issues. --------------------------------------------------------------------- * Fri Jul 23 2004 Matthias Clasen 1.0.15-7 - Replace the patches for individual security problems with the cumulative patch issued by the png developers. - Build for FC1 * Tue Jun 15 2004 Elliot Lee - rebuilt * Mon Jun 14 2004 Matthias Clasen - 1.0.15-5 - Rebuilt for FC2 * Mon Jun 14 2004 Matthias Clasen - 1.0.15-4 - Rebuilt for FC1 * Mon Jun 14 2004 Matthias Clasen - 1.0.15-3 - Reinstate and improve the transfix patch which got lost sometime ago, but is still needed for CAN-2002-1363 (#125934) * Wed May 19 2004 Matthias Clasen 1.0.15-2 - Don't provide libpng-devel (#110161) * Wed May 19 2004 Matthias Clasen 1.0.15-1 - 1.0.15 - Update rhconf2 patch - Remove bogus badchunks patch (#89854) * Mon May 03 2004 Matthias Clasen 1.0.13-13 - Redo the out-of-bounds fix in a slightly better way. * Wed Apr 21 2004 Matthias Clasen 1.0.13-12 - Bump release number to disambiguate n-v-rs. * Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. #121229 * Tue Mar 02 2004 Elliot Lee - rebuilt * Fri Feb 13 2004 Elliot Lee - rebuilt * Mon Jun 09 2003 Elliot Lee - This package has no epochs! remove usage thereof * Wed Jun 04 2003 Elliot Lee - rebuilt * Tue Jun 03 2003 Jeff Johnson - add explicit epoch's where needed. * Wed Jan 22 2003 Tim Powers - rebuilt * Wed Jan 15 2003 Elliot Lee 1.0.13-7 - Bump & rebuild * Fri Dec 13 2002 Elliot Lee 1.0.13-6 - Rebuild, merging in multilib change * Fri Jun 21 2002 Tim Powers - automated rebuild * Sun May 26 2002 Tim Powers - automated rebuild * Tue May 21 2002 Elliot Lee 1.0.13-3 - The package totally broke the backwards compatibility that it was intended to provide. Fixed by setting soname to libpng.so.2, and only tweaking the build (libpng*.{so,a}) files. - Use _smp_mflags - Fix rhconf patch because it was patching a symlink instead of the actual file. - Don't provide libpng = {version}, because then the package conflicts with itself * Thu May 09 2002 Jeremy Katz 1.0.13-2 - rebuild * Thu May 02 2002 Havoc Pennington 1.0.13-1 - upgrade to 1.0.13, plus patch tarball from libpng web site - update rhconf patch to work with new makefiles * Mon Mar 04 2002 Bernhard Rosenkraenzer 1.0.12-6 - Revert fix for #59988 as it introduces a worse problem, #60410 * Tue Feb 26 2002 Bernhard Rosenkraenzer 1.0.12-5 - Conflict with libpng < 1.2.0 (#59988) * Wed Jan 30 2002 Bill Nottingham 1.0.12-4 - provide libpng = %{version}, libpng-devel = %{version} * Wed Jan 09 2002 Tim Powers - automated rebuild * Fri Jan 04 2002 Bill Nottingham 1.0.12-2 - add devel stuff (we may change this around later) * Wed Sep 19 2001 Bernhard Rosenkraenzer 1.0.12-1 - initial compat package --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 748a5bae718537c066affeab55f8cd13 SRPMS/libpng10-1.0.15-7.src.rpm 2a700f1c32460cd298338eb9ea8eff2f x86_64/libpng10-1.0.15-7.x86_64.rpm 6fd56ffb02374f63a6babfce021bf726 x86_64/libpng10-devel-1.0.15-7.x86_64.rpm b7413234354a1bb0b0f450a55501ecf3 x86_64/debug/libpng10-debuginfo-1.0.15-7.x86_64.rpm 76795623a70bc6724f03205acce15e63 i386/libpng10-1.0.15-7.i386.rpm 4cbe2c20bb6738d3f1a7674a413218ca i386/libpng10-devel-1.0.15-7.i386.rpm bfbb7f83ca69dac0aa25345ca74ad4b7 i386/debug/libpng10-debuginfo-1.0.15-7.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Wed Aug 4 16:28:44 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 04 Aug 2004 12:28:44 -0400 Subject: [SECURITY] Fedora Core 1 Update: libpng-1.2.5-7 Message-ID: <1091636924.24836.32.camel@dhcp83-26.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-237 2004-08-04 --------------------------------------------------------------------- Product : Fedora Core 1 Name : libpng Version : 1.2.5 Release : 7 Summary : A library of functions for manipulating PNG image format files. Description : The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. --------------------------------------------------------------------- Update Information: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues. In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim. Red Hat would like to thank Chris Evans for discovering these issues. --------------------------------------------------------------------- * Fri Jul 23 2004 Matthias Clasen 2:1.2.5-7 - Replace the patches for individual security problems with the cumulative patch issued by the png developers. * Tue Jun 15 2004 Elliot Lee - rebuilt * Mon Jun 14 2004 Matthias Clasen - 2:1.2.5-5 - Rebuild for FC2 * Mon Jun 14 2004 Matthias Clasen - 2:1.2.5-4 - Rebuild for FC1 * Mon Jun 14 2004 Matthias Clasen - 2:1.2.5-3 - Reinstate and improve the transfix patch which got lost sometime ago, but is still needed for CAN-2002-1363 (#125934) * Mon May 24 2004 Than Ngo 2:1.2.5-2 - add patch to link libm automatically - get rid of rpath * Wed May 19 2004 Matthias Clasen 2:1.2.5-1 - 1.2.5 * Mon May 03 2004 Matthias Clasen 2:1.2.2-22 - Redo the out-of-bounds fix in a slightly better way. * Wed Apr 21 2004 Matthias Clasen - Bump release number to disambiguate n-v-rs. * Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. #121229 * Tue Mar 02 2004 Elliot Lee - rebuilt * Fri Feb 27 2004 Mark McLoughlin 2:1.2.2-19 - rebuild with changed bits/setjmp.h on ppc * Fri Feb 13 2004 Elliot Lee - rebuilt * Wed Jun 04 2003 Elliot Lee - rebuilt * Tue Jun 03 2003 Jeff Johnson - add explicit epoch's where needed. * Mon Feb 24 2003 Jonathan Blandford 2:1.2.2-15 - change pkg-config to use libdir instead of hardcoding /usr/lib * Mon Feb 24 2003 Elliot Lee - rebuilt * Thu Feb 20 2003 Jonathan Blandford 2:1.2.2-12 - add Provides: libpng.so.3, #67007 * Fri Jan 24 2003 Jonathan Blandford - change requires to include the Epoch * Thu Jan 23 2003 Karsten Hopp 2:1.2.2-11 - Bump & rebuild * Wed Jan 22 2003 Tim Powers - rebuilt * Wed Jan 15 2003 Elliot Lee 2:1.2.2-9 - Bump & rebuild * Thu Dec 12 2002 Tim Powers 2:1.2.2-7 - merge changes in from -6hammer * Fri Jun 21 2002 Tim Powers - automated rebuild * Thu May 23 2002 Tim Powers - automated rebuild * Tue May 07 2002 Bernhard Rosenkraenzer 1.2.2-4 - Don't own /usr/lib/pkgconfig - Don't strip library, that's up to rpm * Tue May 07 2002 Bernhard Rosenkraenzer 1.2.2-3 - Forgot png.h * Mon May 06 2002 Bernhard Rosenkraenzer 1.2.2-2 - Fix compatibility with everyone else. * Thu May 02 2002 Havoc Pennington - 1.2.2 plus makefile patches tarball - update file list to contain versioned libpng only * Wed Jan 09 2002 Tim Powers - automated rebuild * Mon Dec 17 2001 Bernhard Rosenkraenzer 1.2.1-1 - 1.2.1 * Wed Sep 19 2001 Bernhard Rosenkraenzer 1.2.0-1 - 1.2.0 * Mon Jul 16 2001 Trond Eivind Glomsr?d - s/Copyright/License/ - fix weird versioning system (epoch was set to "2" in the main package, serial to "1" in the devel package. Huh?) * Wed Jun 20 2001 Than Ngo 1.0.12-1 - update to 1.0.12 - add missing libpng symlink * Thu May 03 2001 Bernhard Rosenkraenzer 1.0.11-2 - libpng-devel requires zlib-devel (since png.h includes zlib.h) (#38883) * Wed May 02 2001 Bernhard Rosenkraenzer 1.0.11-1 - 1.0.11 * Sun Apr 15 2001 Bernhard Rosenkraenzer - 1.0.10 * Tue Feb 06 2001 Bernhard Rosenkraenzer - 1.0.9, fixes Mozilla problems * Tue Dec 12 2000 Bernhard Rosenkraenzer - Rebuild to get rid of 0777 dirs * Wed Nov 15 2000 Bernhard Rosenkraenzer - Remove the workaround for Bug #20018 (from Oct 30). Qt 2.2.2 fixes the problem the workaround addressed. * Mon Oct 30 2000 Bernhard Rosenkraenzer - Work around a problem causing konqueror to segfault in image preview mode (Bug #20018) - Copy SuSE 7.0's patch to handle bad chunks * Sun Sep 03 2000 Florian La Roche - only include the man5 man-pages once in the main rpm * Fri Jul 28 2000 Preston Brown - upgrade to 1.0.8 - fixes small memory leak, other bugs * Thu Jul 13 2000 Prospector - automatic rebuild * Mon Jun 19 2000 Bernhard Rosenkraenzer - patchlevel c - FHSify * Tue Mar 21 2000 Nalin Dahyabhai - update to 1.0.6 * Mon Mar 13 2000 Nalin Dahyabhai - change serial to Epoch to get dependencies working correctly * Fri Feb 11 2000 Nalin Dahyabhai - move buildroot and add URL * Sat Feb 05 2000 Bernhard Rosenkr?nzer - strip library - rebuild to compress man pages * Sun Nov 21 1999 Bernhard Rosenkr?nzer - 1.0.5 - some tweaks to spec file to make updating easier - handle RPM_OPT_FLAGS * Mon Sep 20 1999 Matt Wilson - changed requires in libpng-devel to include serial - corrected typo * Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 2) * Sun Feb 07 1999 Michael Johnson - rev to 1.0.3 * Thu Dec 17 1998 Cristian Gafton - build for 6.0 * Wed Sep 23 1998 Cristian Gafton - we are Serial: 1 now because we are reverting the 1.0.2 version from 5.2 beta to this prior one - install man pages; set defattr defaults * Thu May 07 1998 Prospector System - translations modified for de, fr, tr * Thu Apr 30 1998 Cristian Gafton - devel subpackage moved to Development/Libraries * Wed Apr 08 1998 Cristian Gafton - upgraded to 1.0.1 - added buildroot * Tue Oct 14 1997 Donnie Barnes - updated to new version - spec file cleanups * Thu Jul 10 1997 Erik Troan - built against glibc --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ ddfaeadf308bfc528f769bee9b8af3e4 SRPMS/libpng-1.2.5-7.src.rpm 79d2c07cc01280b88df13a2846d28376 x86_64/libpng-1.2.5-7.x86_64.rpm 4bbf88bfefecfeeb99a70a50201d2804 x86_64/libpng-devel-1.2.5-7.x86_64.rpm fa4ad0f9b024f15f7f79012f31914ce3 x86_64/debug/libpng-debuginfo-1.2.5-7.x86_64.rpm 81fcd51814f7d428eb8898a635412896 x86_64/libpng-1.2.5-7.i386.rpm 81fcd51814f7d428eb8898a635412896 i386/libpng-1.2.5-7.i386.rpm c618312ab7b8a520a92aa8c56048f0a8 i386/libpng-devel-1.2.5-7.i386.rpm 99d64e601f653ad889452841efa883f5 i386/debug/libpng-debuginfo-1.2.5-7.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Wed Aug 4 16:28:48 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 04 Aug 2004 12:28:48 -0400 Subject: [SECURITY] Fedora Core 2 Update: libpng10-1.0.15-8 Message-ID: <1091636928.24836.33.camel@dhcp83-26.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-238 2004-08-04 --------------------------------------------------------------------- Product : Fedora Core 2 Name : libpng10 Version : 1.0.15 Release : 8 Summary : Old version of libpng, needed to run old binaries. Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. --------------------------------------------------------------------- Update Information: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues. In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim. Red Hat would like to thank Chris Evans for discovering these issues. --------------------------------------------------------------------- * Fri Jul 23 2004 Matthias Clasen 1.0.15-8 - Build for FC2 * Fri Jul 23 2004 Matthias Clasen 1.0.15-7 - Replace the patches for individual security problems with the cumulative patch issued by the png developers. - Build for FC1 * Tue Jun 15 2004 Elliot Lee - rebuilt * Mon Jun 14 2004 Matthias Clasen - 1.0.15-5 - Rebuilt for FC2 * Mon Jun 14 2004 Matthias Clasen - 1.0.15-4 - Rebuilt for FC1 * Mon Jun 14 2004 Matthias Clasen - 1.0.15-3 - Reinstate and improve the transfix patch which got lost sometime ago, but is still needed for CAN-2002-1363 (#125934) * Wed May 19 2004 Matthias Clasen 1.0.15-2 - Don't provide libpng-devel (#110161) * Wed May 19 2004 Matthias Clasen 1.0.15-1 - 1.0.15 - Update rhconf2 patch - Remove bogus badchunks patch (#89854) * Mon May 03 2004 Matthias Clasen 1.0.13-13 - Redo the out-of-bounds fix in a slightly better way. * Wed Apr 21 2004 Matthias Clasen 1.0.13-12 - Bump release number to disambiguate n-v-rs. * Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. #121229 * Tue Mar 02 2004 Elliot Lee - rebuilt * Fri Feb 13 2004 Elliot Lee - rebuilt * Mon Jun 09 2003 Elliot Lee - This package has no epochs! remove usage thereof * Wed Jun 04 2003 Elliot Lee - rebuilt * Tue Jun 03 2003 Jeff Johnson - add explicit epoch's where needed. * Wed Jan 22 2003 Tim Powers - rebuilt * Wed Jan 15 2003 Elliot Lee 1.0.13-7 - Bump & rebuild * Fri Dec 13 2002 Elliot Lee 1.0.13-6 - Rebuild, merging in multilib change * Fri Jun 21 2002 Tim Powers - automated rebuild * Sun May 26 2002 Tim Powers - automated rebuild * Tue May 21 2002 Elliot Lee 1.0.13-3 - The package totally broke the backwards compatibility that it was intended to provide. Fixed by setting soname to libpng.so.2, and only tweaking the build (libpng*.{so,a}) files. - Use _smp_mflags - Fix rhconf patch because it was patching a symlink instead of the actual file. - Don't provide libpng = {version}, because then the package conflicts with itself * Thu May 09 2002 Jeremy Katz 1.0.13-2 - rebuild * Thu May 02 2002 Havoc Pennington 1.0.13-1 - upgrade to 1.0.13, plus patch tarball from libpng web site - update rhconf patch to work with new makefiles * Mon Mar 04 2002 Bernhard Rosenkraenzer 1.0.12-6 - Revert fix for #59988 as it introduces a worse problem, #60410 * Tue Feb 26 2002 Bernhard Rosenkraenzer 1.0.12-5 - Conflict with libpng < 1.2.0 (#59988) * Wed Jan 30 2002 Bill Nottingham 1.0.12-4 - provide libpng = %{version}, libpng-devel = %{version} * Wed Jan 09 2002 Tim Powers - automated rebuild * Fri Jan 04 2002 Bill Nottingham 1.0.12-2 - add devel stuff (we may change this around later) * Wed Sep 19 2001 Bernhard Rosenkraenzer 1.0.12-1 - initial compat package --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ df256b5fd7568b39ea7e737eb4ede582 SRPMS/libpng10-1.0.15-8.src.rpm 0765cb769f591d9cbed2bb1ca02a6108 x86_64/libpng10-1.0.15-8.x86_64.rpm 49230b3792d80f80b8bcf4e81a5a5462 x86_64/libpng10-devel-1.0.15-8.x86_64.rpm 87344871592251377c94b6eaa3215855 x86_64/debug/libpng10-debuginfo-1.0.15-8.x86_64.rpm 6570d903af2d1e9d77523934cb6a73d9 i386/libpng10-1.0.15-8.i386.rpm 478673873b01f6013d8d73b099171443 i386/libpng10-devel-1.0.15-8.i386.rpm 99b03b2015ec3756c8640d74d5d93fcc i386/debug/libpng10-debuginfo-1.0.15-8.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Wed Aug 4 16:28:50 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 04 Aug 2004 12:28:50 -0400 Subject: [SECURITY] Fedora Core 2 Update: libpng-1.2.5-8 Message-ID: <1091636930.24836.34.camel@dhcp83-26.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-239 2004-08-04 --------------------------------------------------------------------- Product : Fedora Core 2 Name : libpng Version : 1.2.5 Release : 8 Summary : A library of functions for manipulating PNG image format files. Description : The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. --------------------------------------------------------------------- Update Information: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues. In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim. Red Hat would like to thank Chris Evans for discovering these issues. --------------------------------------------------------------------- * Fri Jul 23 2004 Matthias Clasen 2:1.2.5-8 - Build for FC2 * Fri Jul 23 2004 Matthias Clasen 2:1.2.5-7 - Replace the patches for individual security problems with the cumulative patch issued by the png developers. - Build for FC1 * Tue Jun 15 2004 Elliot Lee - rebuilt * Mon Jun 14 2004 Matthias Clasen - 2:1.2.5-5 - Rebuild for FC2 * Mon Jun 14 2004 Matthias Clasen - 2:1.2.5-4 - Rebuild for FC1 * Mon Jun 14 2004 Matthias Clasen - 2:1.2.5-3 - Reinstate and improve the transfix patch which got lost sometime ago, but is still needed for CAN-2002-1363 (#125934) * Mon May 24 2004 Than Ngo 2:1.2.5-2 - add patch to link libm automatically - get rid of rpath * Wed May 19 2004 Matthias Clasen 2:1.2.5-1 - 1.2.5 * Mon May 03 2004 Matthias Clasen 2:1.2.2-22 - Redo the out-of-bounds fix in a slightly better way. * Wed Apr 21 2004 Matthias Clasen - Bump release number to disambiguate n-v-rs. * Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. #121229 * Tue Mar 02 2004 Elliot Lee - rebuilt * Fri Feb 27 2004 Mark McLoughlin 2:1.2.2-19 - rebuild with changed bits/setjmp.h on ppc * Fri Feb 13 2004 Elliot Lee - rebuilt * Wed Jun 04 2003 Elliot Lee - rebuilt * Tue Jun 03 2003 Jeff Johnson - add explicit epoch's where needed. * Mon Feb 24 2003 Jonathan Blandford 2:1.2.2-15 - change pkg-config to use libdir instead of hardcoding /usr/lib * Mon Feb 24 2003 Elliot Lee - rebuilt * Thu Feb 20 2003 Jonathan Blandford 2:1.2.2-12 - add Provides: libpng.so.3, #67007 * Fri Jan 24 2003 Jonathan Blandford - change requires to include the Epoch * Thu Jan 23 2003 Karsten Hopp 2:1.2.2-11 - Bump & rebuild * Wed Jan 22 2003 Tim Powers - rebuilt * Wed Jan 15 2003 Elliot Lee 2:1.2.2-9 - Bump & rebuild * Thu Dec 12 2002 Tim Powers 2:1.2.2-7 - merge changes in from -6hammer * Fri Jun 21 2002 Tim Powers - automated rebuild * Thu May 23 2002 Tim Powers - automated rebuild * Tue May 07 2002 Bernhard Rosenkraenzer 1.2.2-4 - Don't own /usr/lib/pkgconfig - Don't strip library, that's up to rpm * Tue May 07 2002 Bernhard Rosenkraenzer 1.2.2-3 - Forgot png.h * Mon May 06 2002 Bernhard Rosenkraenzer 1.2.2-2 - Fix compatibility with everyone else. * Thu May 02 2002 Havoc Pennington - 1.2.2 plus makefile patches tarball - update file list to contain versioned libpng only * Wed Jan 09 2002 Tim Powers - automated rebuild * Mon Dec 17 2001 Bernhard Rosenkraenzer 1.2.1-1 - 1.2.1 * Wed Sep 19 2001 Bernhard Rosenkraenzer 1.2.0-1 - 1.2.0 * Mon Jul 16 2001 Trond Eivind Glomsr?d - s/Copyright/License/ - fix weird versioning system (epoch was set to "2" in the main package, serial to "1" in the devel package. Huh?) * Wed Jun 20 2001 Than Ngo 1.0.12-1 - update to 1.0.12 - add missing libpng symlink * Thu May 03 2001 Bernhard Rosenkraenzer 1.0.11-2 - libpng-devel requires zlib-devel (since png.h includes zlib.h) (#38883) * Wed May 02 2001 Bernhard Rosenkraenzer 1.0.11-1 - 1.0.11 * Sun Apr 15 2001 Bernhard Rosenkraenzer - 1.0.10 * Tue Feb 06 2001 Bernhard Rosenkraenzer - 1.0.9, fixes Mozilla problems * Tue Dec 12 2000 Bernhard Rosenkraenzer - Rebuild to get rid of 0777 dirs * Wed Nov 15 2000 Bernhard Rosenkraenzer - Remove the workaround for Bug #20018 (from Oct 30). Qt 2.2.2 fixes the problem the workaround addressed. * Mon Oct 30 2000 Bernhard Rosenkraenzer - Work around a problem causing konqueror to segfault in image preview mode (Bug #20018) - Copy SuSE 7.0's patch to handle bad chunks * Sun Sep 03 2000 Florian La Roche - only include the man5 man-pages once in the main rpm * Fri Jul 28 2000 Preston Brown - upgrade to 1.0.8 - fixes small memory leak, other bugs * Thu Jul 13 2000 Prospector - automatic rebuild * Mon Jun 19 2000 Bernhard Rosenkraenzer - patchlevel c - FHSify * Tue Mar 21 2000 Nalin Dahyabhai - update to 1.0.6 * Mon Mar 13 2000 Nalin Dahyabhai - change serial to Epoch to get dependencies working correctly * Fri Feb 11 2000 Nalin Dahyabhai - move buildroot and add URL * Sat Feb 05 2000 Bernhard Rosenkr?nzer - strip library - rebuild to compress man pages * Sun Nov 21 1999 Bernhard Rosenkr?nzer - 1.0.5 - some tweaks to spec file to make updating easier - handle RPM_OPT_FLAGS * Mon Sep 20 1999 Matt Wilson - changed requires in libpng-devel to include serial - corrected typo * Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 2) * Sun Feb 07 1999 Michael Johnson - rev to 1.0.3 * Thu Dec 17 1998 Cristian Gafton - build for 6.0 * Wed Sep 23 1998 Cristian Gafton - we are Serial: 1 now because we are reverting the 1.0.2 version from 5.2 beta to this prior one - install man pages; set defattr defaults * Thu May 07 1998 Prospector System - translations modified for de, fr, tr * Thu Apr 30 1998 Cristian Gafton - devel subpackage moved to Development/Libraries * Wed Apr 08 1998 Cristian Gafton - upgraded to 1.0.1 - added buildroot * Tue Oct 14 1997 Donnie Barnes - updated to new version - spec file cleanups * Thu Jul 10 1997 Erik Troan - built against glibc --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 6b45823b67235316b2a3014c9a01f46e SRPMS/libpng-1.2.5-8.src.rpm 14c09742eaaf43659202a23c112ef183 x86_64/libpng-1.2.5-8.x86_64.rpm e0c5c96590877ea498811d929934ad81 x86_64/libpng-devel-1.2.5-8.x86_64.rpm 96ae464a75a12ac39ed303108eee40b7 x86_64/debug/libpng-debuginfo-1.2.5-8.x86_64.rpm c5c3418992aa4d48f1bb92dc1db42603 x86_64/libpng-1.2.5-8.i386.rpm c5c3418992aa4d48f1bb92dc1db42603 i386/libpng-1.2.5-8.i386.rpm 87e3b3fdd3c733d5f29efd0e78c00185 i386/libpng-devel-1.2.5-8.i386.rpm 3e015c843a8829ccbe2f313f1e773744 i386/debug/libpng-debuginfo-1.2.5-8.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From jakub at redhat.com Wed Aug 4 17:40:18 2004 From: jakub at redhat.com (Jakub Jelinek) Date: Wed, 4 Aug 2004 13:40:18 -0400 Subject: Fedora Core 1 Update: tzdata-2004b-1.fc1 Message-ID: <20040804174018.GP8296@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-249 2004-08-04 --------------------------------------------------------------------- Product : Fedora Core 1 Name : tzdata Version : 2004b Release : 1.fc1 Summary : Timezone data Description : This package contains data files with rules for various timezones around the world. --------------------------------------------------------------------- Update Information: This timezone data update includes adjustements for the recent timezone changes in Georgia, as well as some minor changes for Argentina, Singapore and Mongolia. Also Europe/Mariehamn zone file has been added for Aaland Islands. --------------------------------------------------------------------- * Wed Aug 04 2004 Jakub Jelinek 2004d-1.fc1 - 2004b --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ cc6a690c585c8c4535e82626c9fbed13 SRPMS/tzdata-2004b-1.fc1.src.rpm 85128fae68816b0549ba25072434c2b6 x86_64/tzdata-2004b-1.fc1.noarch.rpm 85128fae68816b0549ba25072434c2b6 i386/tzdata-2004b-1.fc1.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From jakub at redhat.com Wed Aug 4 17:41:35 2004 From: jakub at redhat.com (Jakub Jelinek) Date: Wed, 4 Aug 2004 13:41:35 -0400 Subject: Fedora Core 2 Update: tzdata-2004b-1.fc2 Message-ID: <20040804174135.GQ8296@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-250 2004-08-04 --------------------------------------------------------------------- Product : Fedora Core 2 Name : tzdata Version : 2004b Release : 1.fc2 Summary : Timezone data Description : This package contains data files with rules for various timezones around the world. --------------------------------------------------------------------- Update Information: This timezone data update includes adjustements for the recent timezone changes in Georgia, as well as some minor changes for Argentina, Singapore and Mongolia. Also Europe/Mariehamn zone file has been added for Aaland Islands. --------------------------------------------------------------------- * Wed Aug 04 2004 Jakub Jelinek 2004d-1.fc2 - 2004b --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ ee5da4c3e9feb4ada50e703213d80104 SRPMS/tzdata-2004b-1.fc2.src.rpm c263643cf6093b2b330b2a7b03a23b2b x86_64/tzdata-2004b-1.fc2.noarch.rpm c263643cf6093b2b330b2a7b03a23b2b i386/tzdata-2004b-1.fc2.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From rstrode at redhat.com Wed Aug 4 21:09:10 2004 From: rstrode at redhat.com (Ray Strode) Date: Wed, 04 Aug 2004 17:09:10 -0400 Subject: Fedora Core 2 Update: libbonobo-2.6.2-1 Message-ID: <1091653750.15479.2.camel@dhcp83-39.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-245 2004-08-04 --------------------------------------------------------------------- Product : Fedora Core 2 Name : libbonobo Version : 2.6.2 Release : 1 Summary : Bonobo component system Description : Bonobo is a component system based on CORBA, used by the GNOME desktop. --------------------------------------------------------------------- Update Information: This update is to partially address the bug mentioned in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123655. This bug causes bonobo-activation-server to remain after the user's session ends. --------------------------------------------------------------------- * Fri Jul 30 2004 Ray Strode 2.6.2-1 - Update to 2.6.2 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ ac6212a6128ddbf344fea02781662091 SRPMS/libbonobo-2.6.2-1.src.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From nphilipp at redhat.com Fri Aug 6 14:45:06 2004 From: nphilipp at redhat.com (Nils Philippsen) Date: Fri, 06 Aug 2004 16:45:06 +0200 Subject: Fedora Core 2 Update: gimp-help-2-0.0.3 Message-ID: <1091803506.3901.198.camel@gibraltar.stuttgart.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-255 2004-08-06 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gimp-help Version : 2 Release : 0.0.3 Summary : Help files for the GIMP. Description : The GIMP User Manual is a newly written User Manual for the GIMP. --------------------------------------------------------------------- Update Information: --------------------------------------------------------------------- * Fri Aug 06 2004 Nils Philippsen - rebuild for FC2 * Fri Jul 02 2004 Nils Philippsen - version 2-0.3 * Tue Jun 15 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ b74a9ad9681669043449b825f18ffe22 SRPMS/gimp-help-2-0.0.3.src.rpm 2f63c9f59ac10603ef4d080dc0ff7a4c x86_64/gimp-help-2-0.0.3.noarch.rpm 2f63c9f59ac10603ef4d080dc0ff7a4c i386/gimp-help-2-0.0.3.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Nils Philippsen / Red Hat / nphilipp at redhat.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From nphilipp at redhat.com Fri Aug 6 16:10:29 2004 From: nphilipp at redhat.com (Nils Philippsen) Date: Fri, 06 Aug 2004 18:10:29 +0200 Subject: Fedora Core 2 Update: gimp-2.0.4-0.fc2.1 Message-ID: <1091808629.3901.209.camel@gibraltar.stuttgart.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-256 2004-08-06 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gimp Version : 2.0.4 Release : 0.fc2.1 Summary : The GNU Image Manipulation Program Description : The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. The GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The GIMP includes a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. The GIMP FTP site has a package of fonts that you can install by yourself, which includes all the fonts needed to run the included scripts. Some of the fonts have unusual licensing requirements; all the licenses are documented in the package. Get ftp://ftp.gimp.org/pub/gimp/fonts/freefonts-0.10.tar.gz and ftp://ftp.gimp.org/pub/gimp/fonts/sharefonts-0.10.tar.gz if you are so inclined. Alternatively, choose fonts which exist on your system before running the scripts. --------------------------------------------------------------------- Update Information: Update to version 2.0.4. --------------------------------------------------------------------- * Fri Aug 06 2004 Nils Philippsen - version 2.0.4 - rebuild for FC2 * Wed Aug 04 2004 Nils Philippsen - rebuild to pick up new libcroco --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 33e7866fe5e931a5d08a4e187c9199ea SRPMS/gimp-2.0.4-0.fc2.1.src.rpm 4dbaabdda69358ad9191b28ee0108a1a x86_64/gimp-2.0.4-0.fc2.1.x86_64.rpm 77988df64dcd720c18926925f8daeb34 x86_64/gimp-devel-2.0.4-0.fc2.1.x86_64.rpm 5ec56d432283016bb49c1bdb8c181c9d x86_64/debug/gimp-debuginfo-2.0.4-0.fc2.1.x86_64.rpm b20ca3fb7b2725bae8ac079658764533 i386/gimp-2.0.4-0.fc2.1.i386.rpm 8c486f2fa45c0213e46157a692380054 i386/gimp-devel-2.0.4-0.fc2.1.i386.rpm 96c5afdcab6365a121c4b20fb0690df6 i386/debug/gimp-debuginfo-2.0.4-0.fc2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Nils Philippsen / Red Hat / nphilipp at redhat.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From notting at redhat.com Fri Aug 6 22:04:25 2004 From: notting at redhat.com (Bill Nottingham) Date: Fri, 6 Aug 2004 18:04:25 -0400 Subject: Fedora Core 1 Status Update Message-ID: <20040806220425.GA14240@nostromo.devel.redhat.com> The Fedora Steering Committee proposes to transfer Fedora Core 1 to the Fedora Legacy Project at the point Fedora Core 3 Test 2 is released. This is currently scheduled for September 13, 2004. This represents a one month extension from the original timetable but an extension we hope will enable the Fedora Legacy Project to receive considerably better quality access to the codebase. For more information on the Fedora Legacy Project, or if you wish to join the team please see http://fedoralegacy.org/. From wtogami at redhat.com Sat Aug 7 09:15:57 2004 From: wtogami at redhat.com (Warren Togami) Date: Fri, 06 Aug 2004 23:15:57 -1000 Subject: Fedora Core 1 Update: gaim-0.81-0.FC1 Message-ID: <41149DCD.4090402@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-257 2004-08-07 --------------------------------------------------------------------- Product : Fedora Core 1 Name : gaim Version : 0.81 Release : 0.FC1 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: Regular update to latest gaim release. Gadu-Gadu protocol should be fixed now. Also Zephyr is now kerberos enabled. --------------------------------------------------------------------- * Fri Aug 06 2004 Warren Togami 0.81-0.FC1 - rename for FC1 update - disable evolution integration * Thu Aug 05 2004 Warren Togami 0.81-1 - 0.81 - krb5-devel for Zephyr - evolution-data-server-devel integration plugin disabled by default because it seems very unstable --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 8714416b8975987d2606b95cfe80bd5c SRPMS/gaim-0.81-0.FC1.src.rpm 56633be207225a220307e889bb45899a x86_64/gaim-0.81-0.FC1.x86_64.rpm 7430bbbd07785e2e3acec2f0f435b8c9 x86_64/debug/gaim-debuginfo-0.81-0.FC1.x86_64.rpm 12911a8e93c194248f5838251e818783 i386/gaim-0.81-0.FC1.i386.rpm cce071f2edc48ca575de7b5b3276a6c9 i386/debug/gaim-debuginfo-0.81-0.FC1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Sat Aug 7 09:16:47 2004 From: wtogami at redhat.com (Warren Togami) Date: Fri, 06 Aug 2004 23:16:47 -1000 Subject: Fedora Core 2 Update: gaim-0.81-0.FC2 Message-ID: <41149DFF.4000709@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-258 2004-08-07 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gaim Version : 0.81 Release : 0.FC2 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: Regular update to latest gaim release. Gadu-Gadu protocol should be fixed now. Also Zephyr is now kerberos enabled. --------------------------------------------------------------------- * Fri Aug 06 2004 Warren Togami 0.81-0.FC2 - rename for FC2 update - disable evolution integration * Thu Aug 05 2004 Warren Togami 0.81-1 - 0.81 - krb5-devel for Zephyr - evolution-data-server-devel integration plugin disabled by default because it seems very unstable --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 6e524d369e9ff392b9a97594b5b0a945 SRPMS/gaim-0.81-0.FC2.src.rpm 13020d394d606ab737c23c4941f6ecb5 x86_64/gaim-0.81-0.FC2.x86_64.rpm 3427ea79fbb6518ded88499a4df62a6e x86_64/debug/gaim-debuginfo-0.81-0.FC2.x86_64.rpm 90d99fa19ee8df7e9a665fe0df3566a3 i386/gaim-0.81-0.FC2.i386.rpm aeb36cb5eb542d1a83c5fb60d89bc462 i386/debug/gaim-debuginfo-0.81-0.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From davej at redhat.com Tue Aug 10 17:16:19 2004 From: davej at redhat.com (Dave Jones) Date: Tue, 10 Aug 2004 18:16:19 +0100 Subject: [SECURITY] Fedora Core 1 Update: kernel-2.4.22-1.2199.nptl Message-ID: <20040810171619.GA14555@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-251 2004-08-10 --------------------------------------------------------------------- Product : Fedora Core 1 Name : kernel Version : 2.4.22 Release : 1.2199.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Paul Starzetz discovered flaws in the Linux kernel when handling file offset pointers. These consist of invalid conversions of 64 to 32-bit file offset pointers and possible race conditions. A local unprivileged user could make use of these flaws to access large portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0415 to this issue. These packages contain a patch written by Al Viro to correct these flaws. Red Hat would like to thank iSEC Security Research for disclosing this issue and a number of vendor-sec participants for reviewing and working on the patch to this issue. Additionally, a number of issues were fixed in the USB serial code. References: http://www.isec.pl/vulnerabilities/isec-0016-procleaks.txt http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0415 --------------------------------------------------------------------- * Wed Aug 04 2004 Dave Jones - Fix various fpos races. (CAN-2004-0415) * Wed Jul 07 2004 Dave Jones - Updates to usbserial post_helper (Pete Zaitcev) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 990abbc3a23ceb0dad35dcf86a9f22bd SRPMS/kernel-2.4.22-1.2199.nptl.src.rpm 09a7dc7a6acc6dd91b5c5870fc0c2215 x86_64/kernel-2.4.22-1.2199.nptl.x86_64.rpm 3ddc71af11ce37ef2e45a24e82e2b3e9 x86_64/kernel-source-2.4.22-1.2199.nptl.x86_64.rpm 4c25c4633ea124cb13c983c4426aeb2c x86_64/kernel-doc-2.4.22-1.2199.nptl.x86_64.rpm e60c0a0d1974f55a1c6d391f277ac811 x86_64/kernel-smp-2.4.22-1.2199.nptl.x86_64.rpm b5e8570da6b93c2778c007b5252a2cab x86_64/debug/kernel-debuginfo-2.4.22-1.2199.nptl.x86_64.rpm 0235c05043346ac36fe34e7aa6d7981e i386/kernel-source-2.4.22-1.2199.nptl.i386.rpm 4761cf2c7322ec44fa6fa177ac17a075 i386/kernel-doc-2.4.22-1.2199.nptl.i386.rpm 51784ae484de03f848ae9036100f3c3b i386/kernel-BOOT-2.4.22-1.2199.nptl.i386.rpm fd796c7a0a4b8d95c4b4970b66ff24ab i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i386.rpm ae0865018027dd9805e1c6ed31d2ad5c i386/kernel-2.4.22-1.2199.nptl.i586.rpm 5b87410e6d21d49ffd9007b7c495e094 i386/kernel-smp-2.4.22-1.2199.nptl.i586.rpm 75cf98521b45187a13fce4fa2246181e i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i586.rpm 37382d2ff7beb3873032270e290c8bd0 i386/kernel-2.4.22-1.2199.nptl.i686.rpm e1d1d064c83af617d57018f820e52e92 i386/kernel-smp-2.4.22-1.2199.nptl.i686.rpm e87f2192c4ccb72a82ae6042b203fcf0 i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i686.rpm 3ab11ad24807b682f375a640c9040688 i386/kernel-2.4.22-1.2199.nptl.athlon.rpm d1d18eab4c48cd0e5857dd8775344d49 i386/kernel-smp-2.4.22-1.2199.nptl.athlon.rpm 5068d9d87ab03dff7a9a1b14ce35cfaf i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.athlon.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From caillon at redhat.com Wed Aug 11 07:46:06 2004 From: caillon at redhat.com (Christopher Aillon) Date: Wed, 11 Aug 2004 03:46:06 -0400 Subject: Fedora Core 2 Update: devhelp-0.9.1-0.2.0 Message-ID: <4119CEBE.4010903@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-256 2004-08-11 --------------------------------------------------------------------- Product : Fedora Core 2 Name : devhelp Version : 0.9.1 Release : 0.2.0 Summary : API document browser Description : An API document browser for GNOME 2. --------------------------------------------------------------------- Update Information: * Fri Aug 06 2004 Christopher Blizzard - Rebuilt to pick up new Mozilla dependencies * Wed Aug 04 2004 Christopher Aillon - Update to 0.9.1 - Remove ld-library patch. It is upstream now. * Wed Jun 23 2004 Christopher Aillon - Update ExclusiveArch * Tue Jun 22 2004 Christopher Aillon - rebuilt * Tue Jun 15 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ b77810f990d87f4426ec1aa6556e4094 SRPMS/devhelp-0.9.1-0.2.0.src.rpm 4eb6177d154b0b3bef4767fc9daee0a5 x86_64/devhelp-0.9.1-0.2.0.x86_64.rpm a561101aa48c09085bd924890053339d x86_64/devhelp-devel-0.9.1-0.2.0.x86_64.rpm 992733ff99f42d4bf5cfa63620ceb564 x86_64/debug/devhelp-debuginfo-0.9.1-0.2.0.x86 _64.rpm 8b43536fc39a34bdedcc0388c03b697c i386/devhelp-0.9.1-0.2.0.i386.rpm 2fb1036410a3cccf3f7bec1761318107 i386/devhelp-devel-0.9.1-0.2.0.i386.rpm e1af43472eb81a2bc37662f468bed6bd i386/debug/devhelp-debuginfo-0.9.1-0.2.0.i386. rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From caillon at redhat.com Wed Aug 11 19:54:08 2004 From: caillon at redhat.com (Christopher Aillon) Date: Wed, 11 Aug 2004 15:54:08 -0400 Subject: Fedora Core 2 Update: devhelp-0.9.1-0.2.0 Message-ID: <411A7960.4060904@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-261 2004-08-11 --------------------------------------------------------------------- Product : Fedora Core 2 Name : devhelp Version : 0.9.1 Release : 0.2.0 Summary : API document browser Description : An API document browser for GNOME 2. --------------------------------------------------------------------- Update Information: * Fri Aug 06 2004 Christopher Blizzard - Rebuilt to pick up new Mozilla dependencies * Wed Aug 04 2004 Christopher Aillon - Update to 0.9.1 - Remove ld-library patch. It is upstream now. * Wed Jun 23 2004 Christopher Aillon - Update ExclusiveArch * Tue Jun 22 2004 Christopher Aillon - rebuilt * Tue Jun 15 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ b77810f990d87f4426ec1aa6556e4094 SRPMS/devhelp-0.9.1-0.2.0.src.rpm 4eb6177d154b0b3bef4767fc9daee0a5 x86_64/devhelp-0.9.1-0.2.0.x86_64.rpm a561101aa48c09085bd924890053339d x86_64/devhelp-devel-0.9.1-0.2.0.x86_64.rpm 992733ff99f42d4bf5cfa63620ceb564 x86_64/debug/devhelp-debuginfo-0.9.1-0.2.0.x86 _64.rpm 8b43536fc39a34bdedcc0388c03b697c i386/devhelp-0.9.1-0.2.0.i386.rpm 2fb1036410a3cccf3f7bec1761318107 i386/devhelp-devel-0.9.1-0.2.0.i386.rpm e1af43472eb81a2bc37662f468bed6bd i386/debug/devhelp-debuginfo-0.9.1-0.2.0.i386. rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From dcbw at redhat.com Thu Aug 12 13:31:46 2004 From: dcbw at redhat.com (Dan Williams) Date: Thu, 12 Aug 2004 09:31:46 -0400 Subject: Fedora Core 1 Update: desktop-file-utils-0.3-10.1 Message-ID: <1092317506.5860.3.camel@dcbw.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-260 2004-08-12 --------------------------------------------------------------------- Product : Fedora Core 1 Name : desktop-file-utils Version : 0.3 Release : 10.1 Summary : Utilities for manipulating .desktop files Description : .desktop files are used to describe an application for inclusion in GNOME or KDE menus. This package contains desktop-file-validate which checks whether a .desktop file complies with the specification at http://www.freedesktop.org/standards/, and desktop-file-install which installs a desktop file to the standard directory, optionally fixing it up in the process. --------------------------------------------------------------------- Update Information: This update fixes the issue described in Bugzilla #90724 (Appending categories fails if no ";" is present). --------------------------------------------------------------------- * Wed Aug 11 2004 Dan Williams 0.3-10.1 - fix for #90724 (patch from Adrian Reber). Already fixed in upstream CVS for later versions * Wed Sep 03 2003 Havoc Pennington 0.3-10 - fix for #103276 (int/size_t issue) from twoerner --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 2041eaede606b9418982b4017e8e346f SRPMS/desktop-file- utils-0.3-10.1.src.rpm 8464c617991ffde54cc3920690a9b968 x86_64/desktop-file- utils-0.3-10.1.x86_64.rpm 2ec72172f3ace7a8a64fc1c47dd24904 x86_64/debug/desktop-file-utils- debuginfo-0.3-10.1.x86_64.rpm d572522cfe45b0b4db1842d09996a7ac i386/desktop-file- utils-0.3-10.1.i386.rpm 798da6389900ecff514678399a59e08f i386/debug/desktop-file-utils- debuginfo-0.3-10.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From nphilipp at redhat.com Fri Aug 13 07:06:53 2004 From: nphilipp at redhat.com (Nils Philippsen) Date: Fri, 13 Aug 2004 09:06:53 +0200 Subject: Fedora Core 2 Update: system-config-date-1.7.3.1-0.fc2.1 Message-ID: <1092380812.3287.6.camel@wombat.tiptoe.de> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-259 2004-08-13 --------------------------------------------------------------------- Product : Fedora Core 2 Name : system-config-date Version : 1.7.3.1 Release : 0.fc2.1 Summary : A graphical interface for modifying system date and time Description : system-config-date is a graphical interface for changing the system date and time, configuring the system time zone, and setting up the NTP daemon to synchronize the time of the system with a NTP time server. --------------------------------------------------------------------- * Wed Aug 11 2004 Nils Philippsen 1.7.3.1-0.fc2.1 - rebuild for FC2 * Tue Aug 03 2004 Nils Philippsen 1.7.3.1-1 - fix Japanese man page (#128766) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ e59f8494702bbb5874ef03d3fb70bc88 SRPMS/system-config-date-1.7.3.1-0.fc2.1.src.rpm 538dcce5c8739390e2727077c0281611 x86_64/system-config-date-1.7.3.1-0.fc2.1.noarch.rpm 538dcce5c8739390e2727077c0281611 i386/system-config-date-1.7.3.1-0.fc2.1.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Nils Philippsen / Red Hat / nphilipp at redhat.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From byte at aeon.com.my Sun Aug 15 14:59:52 2004 From: byte at aeon.com.my (Colin Charles) Date: Mon, 16 Aug 2004 00:59:52 +1000 Subject: Fedora News Updates #15 Message-ID: <1092581992.5424.101.camel@albus.aeon.com.my> Another issue of the Fedora News Updates has been released and is available at: http://fedoranews.org/colin/fnu/issue15.shtml The current issue is always linked to http://fedoranews.org/colin/fnu/current.shtml Covering the announced EOL for Fedora Core 1, many new updates in the Docs project, and plenty of talk about porting Fedora to other platforms - Intel IXP2400, SGI's Altix (ia64), and even Alpha. Some developer talk about updating current releases, as well as developing test suites for Fedora. And plenty more...! -- Colin Charles, byte at aeon.com.my http://www.bytebot.net/ "First they ignore you, then they laugh at you, then they fight you, then you win." -- Mohandas Gandhi From nphilipp at redhat.com Fri Aug 13 07:06:53 2004 From: nphilipp at redhat.com (Nils Philippsen) Date: Fri, 13 Aug 2004 09:06:53 +0200 Subject: Fedora Core 2 Update: system-config-date-1.7.3.1-0.fc2.1 Message-ID: <1092380812.3287.6.camel@wombat.tiptoe.de> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-259 2004-08-13 --------------------------------------------------------------------- Product : Fedora Core 2 Name : system-config-date Version : 1.7.3.1 Release : 0.fc2.1 Summary : A graphical interface for modifying system date and time Description : system-config-date is a graphical interface for changing the system date and time, configuring the system time zone, and setting up the NTP daemon to synchronize the time of the system with a NTP time server. --------------------------------------------------------------------- * Wed Aug 11 2004 Nils Philippsen 1.7.3.1-0.fc2.1 - rebuild for FC2 * Tue Aug 03 2004 Nils Philippsen 1.7.3.1-1 - fix Japanese man page (#128766) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ e59f8494702bbb5874ef03d3fb70bc88 SRPMS/system-config-date-1.7.3.1-0.fc2.1.src.rpm 538dcce5c8739390e2727077c0281611 x86_64/system-config-date-1.7.3.1-0.fc2.1.noarch.rpm 538dcce5c8739390e2727077c0281611 i386/system-config-date-1.7.3.1-0.fc2.1.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Nils Philippsen / Red Hat / nphilipp at redhat.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From twaugh at redhat.com Mon Aug 16 16:46:04 2004 From: twaugh at redhat.com (Tim Waugh) Date: Mon, 16 Aug 2004 17:46:04 +0100 Subject: Fedora Core 1 Update: ghostscript-7.07-15.3 Message-ID: <20040816164604.GK2177@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-252 2004-08-16 --------------------------------------------------------------------- Product : Fedora Core 1 Name : ghostscript Version : 7.07 Release : 15.3 Summary : A PostScript(TM) interpreter and renderer. Description : Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript. If you install ghostscript, you also need to install the ghostscript-fonts package. --------------------------------------------------------------------- Update Information: This update provides shared libraries. --------------------------------------------------------------------- * Wed Aug 04 2004 Tim Waugh 7.07-15.3 - Turn on libgs (bug #129062). --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 9609df78029f1771f225c1a2b92d8dd0 SRPMS/ghostscript-7.07-15.3.src.rpm 4e673c730ca3efcc41e65d8cea796c9d x86_64/ghostscript-7.07-15.3.x86_64.rpm faae1cc13af04433a9eb1cae5449063d x86_64/ghostscript-devel-7.07-15.3.x86_64.rpm b8fb2c0f98c2ec2638268983b1e577db x86_64/ghostscript-gtk-7.07-15.3.x86_64.rpm 42e57cf6bbaff07d5b57044a043c24a5 x86_64/hpijs-1.5-4.2.x86_64.rpm a5e981b42892850a8e13b5f3b8a1a5c5 x86_64/debug/ghostscript-debuginfo-7.07-15.3.x86_64.rpm 4b9eb17132905978cfa6200f4e2d98b5 i386/ghostscript-7.07-15.3.i386.rpm 380bd9b92613559f7f3bbe13c7a0a49c i386/ghostscript-devel-7.07-15.3.i386.rpm 9b951333f4f704950e66a0ac14eda876 i386/ghostscript-gtk-7.07-15.3.i386.rpm 3f2875894035a8c9f2bfc65d08d63833 i386/hpijs-1.5-4.2.i386.rpm 1a5bba827be54186dc2eac399176b7f6 i386/debug/ghostscript-debuginfo-7.07-15.3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From twaugh at redhat.com Tue Aug 17 15:42:45 2004 From: twaugh at redhat.com (Tim Waugh) Date: Tue, 17 Aug 2004 16:42:45 +0100 Subject: Fedora Core 1 Update: ghostscript-7.07-15.4 Message-ID: <20040817154245.GS2177@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-263 2004-08-17 --------------------------------------------------------------------- Product : Fedora Core 1 Name : ghostscript Version : 7.07 Release : 15.4 Summary : A PostScript(TM) interpreter and renderer. Description : Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript. If you install ghostscript, you also need to install the ghostscript-fonts package. --------------------------------------------------------------------- Update Information: This update provides shared libraries. This update has been re-made because the hpijs packages had the wrong release number (thanks go to Michal Jaegermann for spotting it). --------------------------------------------------------------------- * Tue Aug 17 2004 Tim Waugh 7.07-15.4 - Rebuilt. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ af6800ae4b7d62de9da6b8b097a60afe SRPMS/ghostscript-7.07-15.4.src.rpm 8ac5ad03c698fad9b3f51c91635226dd x86_64/ghostscript-7.07-15.4.x86_64.rpm fd69a278493faeadb964c07e4deb4592 x86_64/ghostscript-devel-7.07-15.4.x86_64.rpm 898f548a2e241d1ca35b0a3bb9ae1d8e x86_64/ghostscript-gtk-7.07-15.4.x86_64.rpm 3eccb9c1bb3f7407807eaa46b4ee0eb6 x86_64/hpijs-1.5-4.4.x86_64.rpm d55d96fe8db75ff0b24c1b56e2ef6557 x86_64/debug/ghostscript-debuginfo-7.07-15.4.x86_64.rpm 1215ffdcf9ec03ff446d87834a66add0 i386/ghostscript-7.07-15.4.i386.rpm af1cc5c2097d5b01600d6698ff56e455 i386/ghostscript-devel-7.07-15.4.i386.rpm c80122af1092cee0f27a3b453a2d69c6 i386/ghostscript-gtk-7.07-15.4.i386.rpm 76131bc868493af319c6dc5616b122c3 i386/hpijs-1.5-4.4.i386.rpm d6290072265b2b606b41b10aceb130fd i386/debug/ghostscript-debuginfo-7.07-15.4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From fenlason at redhat.com Thu Aug 19 21:33:04 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Thu, 19 Aug 2004 17:33:04 -0400 Subject: [SECURITY] Fedora Core 1 Update: rsync-2.5.7-5.fc1.1 Message-ID: <20040819213304.GC10860@redhat.com> Subject: Fedora Core 1 Update: rsync-2.5.7-5.fc1.1 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-268 2004-08-19 --------------------------------------------------------------------- Product : Fedora Core 1 Name : rsync Version : 2.5.7 Release : 5.fc1.1 Summary : A program for synchronizing files over a network. Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. --------------------------------------------------------------------- Update Information: This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see http://samba.org/rsync/#security_aug04 --------------------------------------------------------------------- * Thu Aug 19 2004 Jay Fenlason 2.5.7-5.fc1.1 - Backport fix for CAN-2004-0792 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 01fb9ef513ef0d484efb1bd66e91ad69 SRPMS/rsync-2.5.7-5.fc1.1.src.rpm dd13aba3dc99efc30ecaa0eeb49f242e x86_64/rsync-2.5.7-5.fc1.1.x86_64.rpm d8963193e902465e632e0ed993e92f82 x86_64/debug/rsync-debuginfo-2.5.7-5.fc1.1.x86_64.rpm bab0cb276f77596a6b9520401298764f i386/rsync-2.5.7-5.fc1.1.i386.rpm 094fa40ae453fddd43edce9fd10a054b i386/debug/rsync-debuginfo-2.5.7-5.fc1.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From fenlason at redhat.com Thu Aug 19 21:35:25 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Thu, 19 Aug 2004 17:35:25 -0400 Subject: [SECURITY] Fedora Core 2 Update: rsync-2.6.2-1.fc2.0 Message-ID: <20040819213525.GD10860@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-269 2004-08-19 --------------------------------------------------------------------- Product : Fedora Core 2 Name : rsync Version : 2.6.2 Release : 1.fc2.0 Summary : A program for synchronizing files over a network. Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. --------------------------------------------------------------------- Update Information: This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see http://samba.org/rsync/#security_aug04 --------------------------------------------------------------------- * Thu Aug 19 2004 Jay Fenlason 2.6.2-1.fc2.0 - Backport fix for CAN-2004-0792 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ d6ae9d1c6e5d18903911e1fdedd55a03 SRPMS/rsync-2.6.2-1.fc2.0.src.rpm f03bc05659c874cb39d4bab606dfaabf x86_64/rsync-2.6.2-1.fc2.0.x86_64.rpm 97f2ed68e7b3f7e0c5888b0aa8cd2088 x86_64/debug/rsync-debuginfo-2.6.2-1.fc2.0.x86_64.rpm 1dd097feb524de781f6ae9ecf74bcc3d i386/rsync-2.6.2-1.fc2.0.i386.rpm 38590683c5bca0a599fbc70a971c6b7e i386/debug/rsync-debuginfo-2.6.2-1.fc2.0.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From arjanv at redhat.com Fri Aug 20 07:34:07 2004 From: arjanv at redhat.com (Arjan van de Ven) Date: Fri, 20 Aug 2004 09:34:07 +0200 Subject: Fedora Core 2 Update: kernel-2.6.8-1.521 Message-ID: <20040820073407.GA4388@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-267 2004-08-20 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kernel Version : 2.6.8 Release : 1.521 Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: This update kernel updates the Fedora Core 2 kernel to version 2.6.8. Included in this new upstream kernel are several fixes on the networking front, including traffic shaping and window scaling fixes. Note: This kernel includes several Execshield cleanups and changes, and as a result programs that make certain restrictive assumptions about the virtual address space (such as Wine) need a different workaround than before. The applications can get the old (legacy) VA layout via the setarch -L option when a recent enough serarch application is in use, in addition there now is a global switch to go to the legacy VA layout: echo 1 > /proc/sys/vm/legacy_va_layout --------------------------------------------------------------------- * Sat Aug 14 2004 Arjan van de Ven - 2.6.8-rc4-bk3 - split execshield up some more * Sat Aug 14 2004 Dave Jones - Update SCSI whitelist again with some more card readers. * Tue Aug 10 2004 Arjan van de Ven - 2.6.8-rc3-bk3 * Thu Aug 05 2004 Arjan van de Ven - Add the flex-mmap bits for s390/s390x (Pete Zaitcev) - Add flex-mmap for x86-64 32 bit emulation - 2.6.8-rc3 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ c6a6b494059f01e20f69be28e35d7c34 SRPMS/kernel-2.6.8-1.521.src.rpm c8414cca0d78754981e7f22e98dc3378 x86_64/kernel-2.6.8-1.521.x86_64.rpm 183e619084d567f95730f29c60974c7a x86_64/kernel-smp-2.6.8-1.521.x86_64.rpm c9af2d7eaf18b507919a666ce31c083e x86_64/debug/kernel-debuginfo-2.6.8-1.521.x86_64.rpm 1249d155d13f218a29a9630fca462b26 x86_64/kernel-sourcecode-2.6.8-1.521.noarch.rpm 64d38986eb380f5a126435750bdb6143 x86_64/kernel-doc-2.6.8-1.521.noarch.rpm 5a4cb0bdd3d1f9a477c40d8c94810c08 i386/kernel-2.6.8-1.521.i586.rpm a5f6c23c132494c058b65c400e0e8f7a i386/kernel-smp-2.6.8-1.521.i586.rpm f2c200606b2ebbea9cfdbed8165486ab i386/debug/kernel-debuginfo-2.6.8-1.521.i586.rpm 0cc396210fec597d6440541a3bde5295 i386/kernel-2.6.8-1.521.i686.rpm 51155f6069b4d2b9831697e25ceb1fb3 i386/kernel-smp-2.6.8-1.521.i686.rpm 01d3bdeb3f225098af29be2c1a512ef8 i386/debug/kernel-debuginfo-2.6.8-1.521.i686.rpm 1249d155d13f218a29a9630fca462b26 i386/kernel-sourcecode-2.6.8-1.521.noarch.rpm 64d38986eb380f5a126435750bdb6143 i386/kernel-doc-2.6.8-1.521.noarch.rpm This update can also be installed with yum or the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Mon Aug 23 08:32:18 2004 From: than at redhat.com (Than Ngo) Date: Mon, 23 Aug 2004 10:32:18 +0200 Subject: [SECURITY] Fedora Core 1 Update: qt-3.1.2-14.2 Message-ID: <4129AB92.10502@redhat.com> Subject: Fedora Core 1 Update: qt-3.1.2-14.2 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-270 2004-08-23 --------------------------------------------------------------------- Product : Fedora Core 1 Name : qt Version : 3.1.2 Release : 14.2 Summary : The shared library for the Qt GUI toolkit. Description : Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run qt applications, as well as the README files for qt. --------------------------------------------------------------------- Update Information: During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0692 and CAN-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. --------------------------------------------------------------------- * Thu Aug 19 2004 Than Ngo 1:3.1.2-14.2 - fix image buffer overflows * Thu Jul 29 2004 Than Ngo 1:3.1.2-14.1 - fix overflow vulnerability, thanks to trolltech --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ c763ada78b47f3bc72a06e26b929c8c4 SRPMS/qt-3.1.2-14.2.src.rpm f86739a73579c5b6b698a873b4446d22 x86_64/qt-3.1.2-14.2.x86_64.rpm 6110ba73b9bbce08df7f8529d8185a51 x86_64/qt-devel-3.1.2-14.2.x86_64.rpm 86aad3b91aef11b01da1c816cccaffbe x86_64/qt-ODBC-3.1.2-14.2.x86_64.rpm fb94f45a83cabdfb45751fd293be2ccc x86_64/qt-MySQL-3.1.2-14.2.x86_64.rpm d4077aa9c95b065b89512e8937d3895d x86_64/qt-PostgreSQL-3.1.2-14.2.x86_64.rpm 2dce1a5d23a9f763f34b0f180cf5d5a1 x86_64/qt-designer-3.1.2-14.2.x86_64.rpm b34a6cc0e2af6a58241bdb9e25618919 x86_64/debug/qt-debuginfo-3.1.2-14.2.x86_64.rpm aca527b50ab8b71bbb7e4a6e93278173 i386/qt-3.1.2-14.2.i386.rpm d800a0e0f24c5c748c0e6d4d0cbc766d i386/qt-devel-3.1.2-14.2.i386.rpm 8dc18024573a730fd625a54c4283be63 i386/qt-ODBC-3.1.2-14.2.i386.rpm 62785195ce484b82c388c3bc38992895 i386/qt-MySQL-3.1.2-14.2.i386.rpm 586469add7922ac224dcdc24819ce284 i386/qt-PostgreSQL-3.1.2-14.2.i386.rpm 263b2d0b195ab4869be6f4074df1c728 i386/qt-designer-3.1.2-14.2.i386.rpm fb8ebc4323f3d36032d757a365a9bbbc i386/debug/qt-debuginfo-3.1.2-14.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Mon Aug 23 08:39:39 2004 From: than at redhat.com (Than Ngo) Date: Mon, 23 Aug 2004 10:39:39 +0200 Subject: [SECURITY] Fedora Core 2 Update: qt-3.3.3-0.1 Message-ID: <4129AD4B.7060205@redhat.com> Subject: Fedora Core 2 Update: qt-3.3.3-0.1 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-271 2004-08-23 --------------------------------------------------------------------- Product : Fedora Core 2 Name : qt Version : 3.3.3 Release : 0.1 Summary : The shared library for the Qt GUI toolkit. Description : Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run qt applications, as well as the README files for qt. --------------------------------------------------------------------- Update Information: During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0692 and CAN-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. --------------------------------------------------------------------- * Thu Aug 19 2004 Than Ngo 1:3.3.3-0.1 - update to 3.3.3, fix image buffer overflows * Thu Jul 29 2004 Than Ngo 1:3.3.2-2.1 - fix overflow vulnerability, thanks to trolltech --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ d7d133c9fb84ec203b4a96451397777c SRPMS/qt-3.3.3-0.1.src.rpm 3069582d6fc4e3472a9b578b9031b613 x86_64/qt-3.3.3-0.1.x86_64.rpm f827f011c8284069da86aa977399e16a x86_64/qt-devel-3.3.3-0.1.x86_64.rpm a98f9ad7b50bd5757f4d70cfe4e6b43d x86_64/qt-ODBC-3.3.3-0.1.x86_64.rpm 8d9305bbd849ad85033830adf8ce69d8 x86_64/qt-MySQL-3.3.3-0.1.x86_64.rpm 17eee4ff21a9afeab3af2e711fa350df x86_64/qt-PostgreSQL-3.3.3-0.1.x86_64.rpm c62a0d58db076e8aae868959410240fa x86_64/qt-designer-3.3.3-0.1.x86_64.rpm db3d362f1ccdc2643b0dad1494d3dae2 x86_64/debug/qt-debuginfo-3.3.3-0.1.x86_64.rpm 64f43afd922842ea5847d2549e989ffa i386/qt-3.3.3-0.1.i386.rpm 88f2edc217d4d6ef27974756aac2d590 i386/qt-devel-3.3.3-0.1.i386.rpm 0688e0872934c4dc365f496953e9b5cc i386/qt-ODBC-3.3.3-0.1.i386.rpm c0208bd84c45a11a2a90e738cd3f4232 i386/qt-MySQL-3.3.3-0.1.i386.rpm 7e6fa694913d8f03d88ba49dfbedf8e8 i386/qt-PostgreSQL-3.3.3-0.1.i386.rpm 67cfecbeb2b1528a1224daca29a4fd6c i386/qt-designer-3.3.3-0.1.i386.rpm 822a56de23158db0bfe1979ba064420a i386/debug/qt-debuginfo-3.3.3-0.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Thu Aug 26 05:12:53 2004 From: wtogami at redhat.com (Warren Togami) Date: Wed, 25 Aug 2004 19:12:53 -1000 Subject: (Security) Fedora Core 1 Update: gaim-0.82-0.FC1 Message-ID: <412D7155.2030803@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-278 2004-08-26 --------------------------------------------------------------------- Product : Fedora Core 1 Name : gaim Version : 0.82 Release : 0.FC1 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: 0.82 update contains many bug and security improvements. --------------------------------------------------------------------- * Wed Aug 25 2004 Warren Togami 0.82-0.FC1 - FC1 update * Wed Aug 25 2004 Warren Togami 0.82-1 - Update to 0.82 resolves several security issues and bugs CAN-2004-0500, CAN-2004-0754, CAN-2004-0784, CAN-2004-0785 More details at http://gaim.sourceforge.net/security/ --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 174ca09c008c59371289bb66e4e2632b SRPMS/gaim-0.82-0.FC1.src.rpm 9226eca202c3f8e40ca8dc0765b6a3f9 x86_64/gaim-0.82-0.FC1.x86_64.rpm e23da9cd2592709a6c392c50deca5124 x86_64/debug/gaim-debuginfo-0.82-0.FC1.x86_64.rpm d1a69928d1cf56234af3d507c328f826 i386/gaim-0.82-0.FC1.i386.rpm c3d68d0bd2913e436621bf5a59dbdc34 i386/debug/gaim-debuginfo-0.82-0.FC1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Thu Aug 26 05:13:10 2004 From: wtogami at redhat.com (Warren Togami) Date: Wed, 25 Aug 2004 19:13:10 -1000 Subject: (Security) Fedora Core 2 Update: gaim-0.82-0.FC2 Message-ID: <412D7166.9020802@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-279 2004-08-26 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gaim Version : 0.82 Release : 0.FC2 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: 0.82 update contains many bug and security improvements. --------------------------------------------------------------------- * Wed Aug 25 2004 Warren Togami 0.82-0.FC2 - FC2 update * Wed Aug 25 2004 Warren Togami 0.82-1 - Update to 0.82 resolves several security issues and bugs CAN-2004-0500, CAN-2004-0754, CAN-2004-0784, CAN-2004-0785 More details at http://gaim.sourceforge.net/security/ --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ b541c49b833569299e0493ee217cfbdf SRPMS/gaim-0.82-0.FC2.src.rpm 195b5fd6dc6b57b5efa7a0cb48ee784a x86_64/gaim-0.82-0.FC2.x86_64.rpm 54b376b2755796b1e3e98445db402f7b x86_64/debug/gaim-debuginfo-0.82-0.FC2.x86_64.rpm 424761cc496a309f0a11714bf49d15f3 i386/gaim-0.82-0.FC2.i386.rpm 8eea8d251a8aa321a46668f05f6df10a i386/debug/gaim-debuginfo-0.82-0.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From nalin at redhat.com Tue Aug 31 18:24:47 2004 From: nalin at redhat.com (Nalin Dahyabhai) Date: Tue, 31 Aug 2004 14:24:47 -0400 Subject: [SECURITY] Fedora Core 1 Update: krb5-1.3.4-5 Message-ID: <20040831182445.GA2566@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-276 2004-08-31 --------------------------------------------------------------------- Product : Fedora Core 1 Name : krb5 Version : 1.3.4 Release : 5 Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. --------------------------------------------------------------------- Update Information: Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues. A double-free bug was also found in the krb524 server (CAN-2004-0772), however this issue does not affect Fedora Core. An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue. --------------------------------------------------------------------- * Tue Aug 24 2004 Nalin Dahyabhai 1.3.4-5 - incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644, CAN-2004-0772 * Mon Aug 23 2004 Nalin Dahyabhai 1.3.4-4 - rebuild * Mon Aug 23 2004 Nalin Dahyabhai 1.3.4-3 - incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772 (MITKRB5-SA-2004-002, #130732) - incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003, #130732) * Tue Jul 27 2004 Nalin Dahyabhai 1.3.4-2 - fix indexing error in server sorting patch (#127336) * Tue Jun 15 2004 Elliot Lee - rebuilt * Mon Jun 14 2004 Nalin Dahyabhai 1.3.4-0.1 - update to 1.3.4 final * Mon Jun 07 2004 Nalin Dahyabhai 1.3.4-0 - update to 1.3.4 beta1 - remove MITKRB5-SA-2004-001, included in 1.3.4 * Mon Jun 07 2004 Nalin Dahyabhai 1.3.3-8 - rebuild --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 215744598787e8555852a42346523ff0 SRPMS/krb5-1.3.4-5.src.rpm 0bdb0a2c01e7682ac61009e86eb79c92 x86_64/krb5-devel-1.3.4-5.x86_64.rpm 575fa819175d43d6835867acb616da45 x86_64/krb5-libs-1.3.4-5.x86_64.rpm 2417f376a3f96de6514432efd70ba550 x86_64/krb5-server-1.3.4-5.x86_64.rpm f79c01f71dd81127946c5e951ee3fa70 x86_64/krb5-workstation-1.3.4-5.x86_64.rpm 43fd30f8236c8a05edc726d7a9a318c9 x86_64/debug/krb5-debuginfo-1.3.4-5.x86_64.rpm 90924e3b1aa64f7e0780613e49d97a77 x86_64/krb5-libs-1.3.4-5.i386.rpm 201f89557be28e3cbcf6c7e2d23187d0 i386/krb5-devel-1.3.4-5.i386.rpm 90924e3b1aa64f7e0780613e49d97a77 i386/krb5-libs-1.3.4-5.i386.rpm 0ea73ac3eeb55350d9ae5b2bcdf33059 i386/krb5-server-1.3.4-5.i386.rpm 69ecbbe96b6b900c0a8b5f5d76fffbab i386/krb5-workstation-1.3.4-5.i386.rpm dfb27688cf0416cb9c051e9df0bbe5ab i386/debug/krb5-debuginfo-1.3.4-5.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From nalin at redhat.com Tue Aug 31 18:26:18 2004 From: nalin at redhat.com (Nalin Dahyabhai) Date: Tue, 31 Aug 2004 14:26:18 -0400 Subject: [SECURITY] Fedora Core 2 Update: krb5-1.3.4-6 Message-ID: <20040831182618.GA3333@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-277 2004-08-31 --------------------------------------------------------------------- Product : Fedora Core 2 Name : krb5 Version : 1.3.4 Release : 6 Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. --------------------------------------------------------------------- Update Information: Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues. A double-free bug was also found in the krb524 server (CAN-2004-0772), however this issue does not affect Fedora Core. An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue. --------------------------------------------------------------------- * Tue Aug 24 2004 Nalin Dahyabhai 1.3.4-6 - rebuild * Tue Aug 24 2004 Nalin Dahyabhai 1.3.4-5 - incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644, CAN-2004-0772 * Mon Aug 23 2004 Nalin Dahyabhai 1.3.4-4 - rebuild * Mon Aug 23 2004 Nalin Dahyabhai 1.3.4-3 - incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772 (MITKRB5-SA-2004-002, #130732) - incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003, #130732) * Tue Jul 27 2004 Nalin Dahyabhai 1.3.4-2 - fix indexing error in server sorting patch (#127336) * Tue Jun 15 2004 Elliot Lee - rebuilt * Mon Jun 14 2004 Nalin Dahyabhai 1.3.4-0.1 - update to 1.3.4 final * Mon Jun 07 2004 Nalin Dahyabhai 1.3.4-0 - update to 1.3.4 beta1 - remove MITKRB5-SA-2004-001, included in 1.3.4 * Mon Jun 07 2004 Nalin Dahyabhai 1.3.3-8 - rebuild --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 2b26718a3e533f32a1e98b401a2e21d4 SRPMS/krb5-1.3.4-6.src.rpm beebe2125e840d9cb4546465b9833d66 x86_64/krb5-devel-1.3.4-6.x86_64.rpm e00056df9058bed4b00684d2a64ffbe6 x86_64/krb5-libs-1.3.4-6.x86_64.rpm abe8cf2e80236fb5a6adfa62c6e13240 x86_64/krb5-server-1.3.4-6.x86_64.rpm 11fdd50862bc0379fbfb3d804e59143b x86_64/krb5-workstation-1.3.4-6.x86_64.rpm a6abcfdeb10910b7b814391c720d2ae7 x86_64/debug/krb5-debuginfo-1.3.4-6.x86_64.rpm 1d720b00203ce00d4c75e3926ee618e4 x86_64/krb5-libs-1.3.4-6.i386.rpm 16d556d502f9d34729bcb166ec209ea8 i386/krb5-devel-1.3.4-6.i386.rpm 1d720b00203ce00d4c75e3926ee618e4 i386/krb5-libs-1.3.4-6.i386.rpm 4534128db2230d8e8f0b76a591e7f7a6 i386/krb5-server-1.3.4-6.i386.rpm c8f55dbadff7333fdb49b8f39173135b i386/krb5-workstation-1.3.4-6.i386.rpm 0092eed09687bf677aa0ed0c3980ec98 i386/debug/krb5-debuginfo-1.3.4-6.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: