[AC] mutt - security upgrade
There is a new version of mutt which fixes CVE-2007-2683 and
CVE-2007-1558. I enclose patch for the AC-branch.
Best wishes,
--
Kacper Kornet
Index: mutt.spec
===
RCS file: /cvsroot/SPECS/mutt.spec,v
retrieving revision 1.183.2.1
diff -u -r1.183.2.1 mutt.spec
--- mutt.spec 17 Jul 2006 13:35:04 - 1.183.2.1
+++ mutt.spec 1 Jun 2007 16:25:29 -
@@ -19,13 +19,13 @@
Summary(tr): Mutt elektronik posta programý
Summary(uk): đĎŰÔĎ×Á ËĚŚ¤ÎÔÓŘËÁ ĐŇĎÇŇÁÍÁ Mutt
Name: mutt
-Version: 1.4.2.2
+Version: 1.4.2.3
Release: 1
Epoch: 6
License: GPL
Group: Applications/Mail
-Source0: ftp://ftp.mutt.org/mutt/%{name}-%{version}i.tar.gz
-# Source0-md5: 51a08429c5bd5c34af3f4268b8cbcda3
+Source0: ftp://ftp.mutt.org/mutt/%{name}-%{version}.tar.gz
+# Source0-md5: dcb94661827dd090fa813e73e122ea0c
Source1: %{name}.desktop
Source2: %{name}.png
Source3: %{name}.1.pl
___
pld-devel-en mailing list
pld-devel-en@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
Re: /dev/null in bind chroot()
Arkadiusz Miskiewicz wrote: Hello I wonder what for /dev/null can be used by named inside of it's chroot() ? Any ideas? I guess glibc itself doesn't really need it. /dev/random for example is no longer needed since bind can use /dev/random from outside of chroot (it opens it early and keeps descriptor). Is the descriptor kept over a reload of named? AFAIR there were problems with that. Now if /dev/null could be dropped, too then it would be great. -- === Andrzej M. Krzysztofowicz [EMAIL PROTECTED] phone (48)(58) 347 19 36 Faculty of Applied Phys. Math., Gdansk University of Technology ___ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
Re: /dev/null in bind chroot()
On Friday 01 of June 2007, Andrzej Krzysztofowicz wrote: Arkadiusz Miskiewicz wrote: Hello I wonder what for /dev/null can be used by named inside of it's chroot() ? Any ideas? I guess glibc itself doesn't really need it. /dev/random for example is no longer needed since bind can use /dev/random from outside of chroot (it opens it early and keeps descriptor). Is the descriptor kept over a reload of named? AFAIR there were problems with that. Seems so. [EMAIL PROTECTED] ~]# lsof -n |grep named |grep random named 24763 named5r CHR1,8 402654872 /dev/random [EMAIL PROTECTED] ~]# service named reload Przeładowanie usługi Named... [ ZROBIONE ] [EMAIL PROTECTED] ~]# lsof -n |grep named |grep random named 24763 named5r CHR1,8 402654872 /dev/random no complains in log. For testing I also deleted /var/lib/named/dev/null - so far no problems. -- Arkadiusz MiśkiewiczPLD/Linux Team arekm / maven.plhttp://ftp.pld-linux.org/ ___ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
[AC] gimp upgrade
I enclose the path with the upgrade of gimp. The new version corrects
CVE-2007-2356.
P.S. Building new gimp I discovered that pango-devel probably misses
requirement for glitz-devel.
--
Kacper Kornet
Index: gimp.spec
===
RCS file: /cvsroot/SPECS/gimp.spec,v
retrieving revision 1.275
diff -u -r1.275 gimp.spec
--- gimp.spec 27 Apr 2007 19:33:20 - 1.275
+++ gimp.spec 2 Jun 2007 01:43:30 -
@@ -21,13 +21,13 @@
Summary(zh_CN.UTF-8): [ĺžĺ]GNUĺžčąĄĺ¤ç塼ĺ
ˇ
Summary(zh_TW.UTF-8): [ĺĺ]GNUĺ蹥čç塼ĺ
ˇ
Name: gimp
-Version: 2.2.14
+Version: 2.2.15
Release: 1
Epoch: 1
License: GPL
Group: X11/Applications/Graphics
Source0: ftp://ftp.gimp.org/pub/gimp/v2.2/%{name}-%{version}.tar.bz2
-# Source0-md5: 2f47dd66d714a970356e275dd1d3caac
+# Source0-md5: 5e705f0c7a3b37703d407e88bee357bb
Patch0:%{name}-home_etc.patch
URL: http://www.gimp.org/
%{?with_aalib:BuildRequires: aalib-devel}
___
pld-devel-en mailing list
pld-devel-en@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
