Saturday, August 15, 2009

Security Update: Curl

One security update has been released along with many updates today. Java JRE and JDK has been upgraded to the latest version, while transfig and xfig were reverted due to problem on newer version. We are getting closer to 13.0 release.

Here's the latest -Current changelog:
Fri Aug 14 15:12:05 CDT 2009
a/aaa_elflibs-13.0-i486-1.txz: Upgraded.

a/mkinitrd-1.3.4-i486-3.txz: Rebuilt. Fixed quoting of "${MODULE_LIST}"

a/usbutils-0.82-i486-2.txz: Rebuilt. Updated usb.ids, removed usb.ids.gz.

ap/man-pages-3.22-noarch-2.txz: Rebuilt. Fixed missing part of doinst.sh.

kde/koffice-2.0.2-i486-1.txz: Upgraded.

kdei/koffice-l10n-*-2.0.2-noarch-1.txz: Upgraded to KOffice 2.0.2 l10n packages.

l/jre-6u16-i586-1.txz: Upgraded.
Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 6.0 update 16.

n/curl-7.19.6-i486-1.txz: Upgraded.
This update fixes a security issue where a zero byte embedded in an SSL or TLS certificate could fool cURL into validating the security of a connection to a system that the certificate was not issued for. It has been reported that at least one Certificate Authority allowed such certificates to be issued.
For more information, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
(* Security fix *)

n/elm-2.5.8-i486-3.txz: Rebuilt.

t/transfig-3.2.4-i486-2.txz: Reverted. This version is matched to xfig-3.2.4.

t/xfig-3.2.4-i486-4.txz: Reverted. This is due to xfig-3.2.5b not working correctly. .fig files will load, but making any changes causes xfig to hang consuming 100% CPU. We couldn't find a fix, and honestly RC2 just wasn't a good time to upgrade xfig (3.2.4 also required many patches to work right). Sorry, but we'll look at this again in the next -current.

extra/aspell-word-lists/aspell-nb-0.50.1_0-noarch-4.txz: Added.

extra/jdk-6/jdk-6u16-i586-1.txz: Upgraded.
Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 6.0 update 16.

extra/wicd/wicd-1.6.2-i486-2.txz: Rebuilt.
Fixed a problem with hidden networks. Thanks to Robby Workman.

isolinux/initrd.img: Rebuilt.

usb-and-pxe-installers/: Rebuilt.