Annvix:About/Changelog/3.0-RELEASE
From linsec.ca
|
This page contains content from the old Annvix.org wiki and has been moved here to preserve content. These pages have been retained for historical and nostalgic purposes only. |
Annvix 3.0-RELEASE Changelog
2008-03-27 00:36 vdanen * gnupg/SOURCES/gnupg-1.4.8.tar.bz2, gnupg/SOURCES/gnupg-1.4.8.tar.bz2.sig, gnupg/SOURCES/gnupg-1.4.9.tar.bz2, gnupg/SOURCES/gnupg-1.4.9.tar.bz2.sig, gnupg/SPECS/gnupg.spec: - 1.4.9: fixes a possible memory corruption bug while importing keys 2008-03-21 16:27 vdanen * bzip2/SOURCES/bzip2-1.0.4.tar.gz, bzip2/SOURCES/bzip2-1.0.5.tar.gz, bzip2/SPECS/bzip2.spec: - 1.0.5: fixes CVE-2008-1372 2008-03-20 16:18 vdanen * perl-Net-DNS/SOURCES/Net-DNS-0.61.tar.gz, perl-Net-DNS/SOURCES/Net-DNS-0.63.tar.gz, perl-Net-DNS/SPECS/perl-Net-DNS.spec: - 0.63: fixes CVE-2007-6341 2008-03-20 15:52 vdanen * krb5/SOURCES/krb5-1.6.1-rh-CVE-2007-5901.patch, krb5/SOURCES/krb5-1.6.1-rh-CVE-2007-5971.patch, krb5/SOURCES/krb5-1.6.1-rh-CVE-2008-0062_0063.patch, krb5/SOURCES/krb5-1.6.1-rh-CVE-2008-0947.patch, krb5/SPECS/krb5.spec: - P19: security fix for CVE-2007-5901 - P20: security fix for CVE-2007-5971 - P21: security fix for CVE-2008-0062 and CVE-2008-0063 - P22: security fix for CVE-2008-0947 2008-03-20 15:39 vdanen * tcl/SOURCES/tcl-8.4.15-rh-CVE-2007-4772.patch, tcl/SPECS/tcl.spec: - P4: security fix for CVE-2007-4772 2008-03-20 15:33 vdanen * unzip/SOURCES/unzip-5.52-deb-CVE-2008-0888.patch, unzip/SPECS/unzip.spec: - P4: security fix for CVE-2008-0888 2008-03-18 18:34 vdanen * ghostscript/SOURCES/ghostscript-CVE-2008-0411.patch, ghostscript/SPECS/ghostscript.spec: - P0: security fix for CVE-2008-0411 2008-03-18 18:25 vdanen * pcre/SOURCES/pcre-7.4.tar.bz2, pcre/SOURCES/pcre-7.4.tar.bz2.sig, pcre/SOURCES/pcre-7.6.tar.bz2, pcre/SOURCES/pcre-7.6.tar.bz2.sig, pcre/SPECS/pcre.spec, releases/3.1-CURRENT/pcre/SPECS/pcre.spec: - 7.6: fixes CVE-2008-0674 - enable unicode properties 2008-03-17 18:49 vdanen * kernel26/SOURCES/patches/scripts/create_configs, kernel26/SPECS/kernel26-avx.spec: - set the memory support back to 4GB 2008-03-14 05:41 vdanen * kernel26/SOURCES/patches/configs/i386.config, kernel26/SOURCES/patches/scripts/create_configs, kernel26/SPECS/kernel26-avx.spec: - drop the supported arch from i686 to i586 as per tmb's note in bugzilla 2008-03-10 15:44 vdanen * dovecot/SOURCES/dovecot-1.0.10.tar.gz, dovecot/SOURCES/dovecot-1.0.10.tar.gz.sig, dovecot/SOURCES/dovecot-1.0.13.tar.gz, dovecot/SOURCES/dovecot-1.0.13.tar.gz.sig, dovecot/SPECS/dovecot.spec: - 1.0.13: security fixes (user login without valid password) 2008-03-08 17:23 vdanen * kernel26/SPECS/kernel26-avx.spec: - actually use the new version 2008-03-08 17:16 vdanen * kernel26/SOURCES/linux-2.6.22.18.tar.bz2, kernel26/SOURCES/linux-2.6.22.18.tar.bz2.sign, kernel26/SOURCES/linux-2.6.22.19.tar.bz2, kernel26/SOURCES/linux-2.6.22.19.tar.bz2.sign, kernel26/SOURCES/patches/scripts/create_configs, kernel26/SPECS/kernel26-avx.spec: - 2.6.22.19: fixes CVE-2007-3731 - really set CONFIG_HIGHMEM=4GB (has to be done via scripts/create_configs) which should finally fix bug #65 2008-03-06 15:08 vdanen * dovecot/SPECS/dovecot.spec: - tighten permissions on the configuration file so it's no longer world- readable, as per Red Hat bug #436287 2008-03-05 16:28 vdanen * openldap/SOURCES/openldap-2.3.38-CVE-2008-0658.patch, openldap/SPECS/openldap.spec: - P17: security fix for CVE-2008-0658 2008-03-02 04:46 ying * postfix/SOURCES/postfix-2.4.6.tar.gz, postfix/SOURCES/postfix-2.4.6.tar.gz.sig, postfix/SOURCES/postfix-2.4.7.tar.gz, postfix/SOURCES/postfix-2.4.7.tar.gz.sig, postfix/SPECS/postfix.spec: Postfix 2.4.7 Update 2008-02-23 02:14 vdanen * cups/SOURCES/cups-1.3.5-source.tar.bz2, cups/SOURCES/cups-1.3.6-source.tar.bz2, cups/SPECS/cups.spec: - 1.3.6: fixes CVE-2008-0882 - fix permissions - fix some rpmlint warnings 2008-02-11 16:05 vdanen * kernel26/SOURCES/linux-2.6.22.17.tar.bz2, kernel26/SOURCES/linux-2.6.22.17.tar.bz2.sign, kernel26/SOURCES/linux-2.6.22.18.tar.bz2, kernel26/SOURCES/linux-2.6.22.18.tar.bz2.sign, kernel26/SPECS/kernel26-avx.spec: - 2.6.22.18: fixes CVE-2008-0600 2008-02-08 16:08 vdanen * kernel26/SOURCES/linux-2.6.22.16.tar.bz2, kernel26/SOURCES/linux-2.6.22.16.tar.bz2.sign, kernel26/SOURCES/linux-2.6.22.17.tar.bz2, kernel26/SOURCES/linux-2.6.22.17.tar.bz2.sign, kernel26/SOURCES/patches/patches/ZZ01_CVE-2007-6206_git.patch, kernel26/SOURCES/patches/patches/series, kernel26/SPECS/kernel26-avx.spec: - 2.6.22.17: fixes CVE-2007-6206, CVE-2008-0007 - drop PZZ01; fixed upstream 2008-02-08 05:32 vdanen * tk/SOURCES/tk-cvs-CVE-2008-0553.patch, tk/SPECS/tk.spec: - P2: security for for CVE-2008-0553 2008-01-28 20:49 vdanen * rsync/SOURCES/daemon-exclude-2.6.9-CVE-2007-6200.diff, rsync/SOURCES/munge-symlinks-2.6.9-CVE-2007-6199.diff, rsync/SPECS/rsync.spec: - P1: security fix for CVE-2007-6199 - P2: security fix for CVE-2007-6200 2008-01-26 22:59 vdanen * apparmor/SPECS/apparmor.spec: - apache 2.2.8 2008-01-26 22:52 vdanen * subversion/SPECS/subversion.spec: - apache 2.2.8 2008-01-26 22:51 vdanen * httpd-mod_suexec/SPECS/httpd-mod_suexec.spec: - apache 2.2.8 2008-01-26 22:51 vdanen * httpd-mod_security2/SPECS/httpd-mod_security2.spec: - apache 2.2.8 2008-01-26 22:49 vdanen * httpd-mod_security/SPECS/httpd-mod_security.spec: - apache 2.2.8 2008-01-26 22:44 vdanen * httpd-mod_php/SPECS/httpd-mod_php.spec: - apache 2.2.8 2008-01-26 22:39 vdanen * httpd-mod_perl/SPECS/httpd-mod_perl.spec: - apache 2.2.8 2008-01-26 22:38 vdanen * httpd-mod_layout/SPECS/httpd-mod_layout.spec: - apache 2.2.8 2008-01-26 22:37 vdanen * httpd-mod_auth_shadow/SPECS/httpd-mod_auth_shadow.spec: - apache 2.2.8 2008-01-26 22:37 vdanen * httpd-mod_auth_remote/SPECS/httpd-mod_auth_remote.spec: - apache 2.2.8 2008-01-26 22:36 vdanen * httpd-mod_auth_radius/SPECS/httpd-mod_auth_radius.spec: - apache 2.2.8 2008-01-26 22:35 vdanen * httpd-mod_auth_pgsql/SPECS/httpd-mod_auth_pgsql.spec: - apache 2.2.8 2008-01-26 22:34 vdanen * httpd-mod_auth_mysql/SPECS/httpd-mod_auth_mysql.spec: - apache 2.2.8 2008-01-26 22:33 vdanen * httpd-mod_auth_external/SPECS/httpd-mod_auth_external.spec: - apache 2.2.8 2008-01-26 22:04 vdanen * httpd-conf/SOURCES/httpd-conf-2.2.6.tar.bz2, httpd-conf/SOURCES/httpd-conf-2.2.8.tar.bz2: - commit sources 2008-01-26 22:03 vdanen * httpd-conf/SOURCES/httpd.conf, httpd-conf/SOURCES/mime.types, httpd-conf/SPECS/httpd-conf.spec: - apache 2.2.8 2008-01-26 22:02 vdanen * httpd/SOURCES/apachesrc.diff, httpd/SOURCES/httpd-2.2.6-ssllibver.patch, httpd/SOURCES/httpd-2.2.6.tar.gz, httpd/SOURCES/httpd-2.2.6.tar.gz.asc, httpd/SOURCES/httpd-2.2.8.tar.gz, httpd/SOURCES/httpd-2.2.8.tar.gz.asc, httpd/SOURCES/httpd-limitipconn.diff, httpd/SOURCES/perl-framework.tar.bz2, httpd/SOURCES/worker_init_patch_plus_r572937_2.2.x.patch, httpd/SPECS/httpd.spec: - 2.2.8: security fixes for CVE-2007-6421, CVE-2007-6422, CVE-2007-6388, and CVE-2007-5000 - drop upstream patches: P17, P20 - update perl framework (S4) to r609180 2008-01-22 22:49 vdanen * kernel26/SOURCES/patches/configs/i386.config, kernel26/SPECS/kernel26-avx.spec: - set CONFIG_HIGHMEM=64G off and enable HIGHMEM4G instead (x86) - disable CONFIG_RESOURCES_64BIT (x86) - hopefully these will solve the "PANIC: CPU too old for this kernel" that some people are seeing 2008-01-17 20:36 vdanen * kernel26/SOURCES/linux-2.6.22.15.tar.bz2, kernel26/SOURCES/linux-2.6.22.15.tar.bz2.sign, kernel26/SOURCES/linux-2.6.22.16.tar.bz2, kernel26/SOURCES/linux-2.6.22.16.tar.bz2.sign, kernel26/SPECS/kernel26-avx.spec: - 2.6.22.16; fixes CVE-2008-0001 2008-01-12 01:02 vdanen * postgresql/SOURCES/postgresql-8.2.5.tar.bz2, postgresql/SOURCES/postgresql-8.2.5.tar.bz2.md5, postgresql/SOURCES/postgresql-8.2.6.tar.bz2, postgresql/SOURCES/postgresql-8.2.6.tar.bz2.md5, postgresql/SPECS/postgresql.spec: - 8.2.6: fixes CVE-2007-6600, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6601, CVE-2007-3278 2008-01-11 21:03 vdanen * libxml2/SOURCES/libxml2-CVE-2007-6284.patch, libxml2/SPECS/libxml2.spec: - P2: security fix for CVE-2007-6284 2007-12-30 22:22 vdanen * .: branch 3.0-RELEASE
