-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-10097 2011-08-02 01:14:07 --------------------------------------------------------------------------------
Name : PackageKit Product : Fedora 15 Version : 0.6.17 Release : 1.fc15 URL : http://www.packagekit.org Summary : Package management service Description : PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API. -------------------------------------------------------------------------------- Update Information: - New upstream release. - Manually convert the results of GetDetails to unicode. - Parse the new style .discinfo files for F15 - Ignore local packages when calculating the simulate list - Allow the user to remove PackageKit-yum if PackageKit-zif is installed -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 1 2011 Richard Hughes <[email protected]> - 0.6.17-1 - New upstream release. - Manually convert the results of GetDetails to unicode. - Parse the new style .discinfo files for F15 - Ignore local packages when calculating the simulate list - Allow the user to remove PackageKit-yum if PackageKit-zif is installed - Resolves: #719916, #709865 * Mon Jul 4 2011 Richard Hughes <[email protected]> - 0.6.16-1 - New upstream release. - Do not try to parse any arguments in command-not-found. - Ensure we save the updates cache for the pre-transaction checks. * Fri Jul 1 2011 Richard Hughes <[email protected]> - 0.6.15-2 - Upstream yum recently changed the behaviour when checking signatures on a package. The commit added a new configuration key which only affects local packages, but the key was set by default to False. - This meant that an end user could install a local unsigned rpm package using PackageKit without a GPG trust check, and the user would be told the untrusted package is itself trusted. - To exploit this low-impact vulnerability, a user would have to manually download an unsigned package file and would still be required to authenticate to install the package. - The CVE-ID for this bug is CVE-2011-2515 - See https://bugzilla.redhat.com/show_bug.cgi?id=717566 for details. - Resolves #718127 * Tue Jun 7 2011 Richard Hughes <[email protected]> - 0.6.15-1 - New upstream release. - More GIR fixes - Allow the 'any' WhatProvides kind to match provide strings - Do not prevent updating when firefox is running, we don't have all the client UI ready yet. -------------------------------------------------------------------------------- References: [ 1 ] Bug #719916 - Gnome PackageKit displays backtrace for non-ascii characters in URL metadata https://bugzilla.redhat.com/show_bug.cgi?id=719916 [ 2 ] Bug #709865 - .discinfo file format has changed https://bugzilla.redhat.com/show_bug.cgi?id=709865 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update PackageKit' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
