The following Fedora 17 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2012-9298/gd-2.0.35-17.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9040/lighttpd-1.4.31-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9556/gc-7.2b-2.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9550/openstack-nova-2012.1-10.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9575/vte-0.28.2-6.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9537/asterisk-10.5.1-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9602/openjpeg-1.4-13.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9442/mosh-1.2.2-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9606/rubygem-actionpack-3.0.11-5.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9635/rubygem-activerecord-3.0.11-3.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9818/boost-1.48.0-13.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9386/xen-4.1.2-20.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9705/gallery3-3.0.4-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9824/mod_security-2.6.6-2.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9813/mod_security_crs-2.2.5-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9739/sticky-notes-0.3.09062012.4-5.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9490/php-5.4.4-1.fc17,maniadrive-1.2-41.fc17
The following Fedora 17 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/file-5.11-2.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9826/jack-audio-connection-kit-1.9.8-9.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9803/telepathy-glib-0.18.1-2.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9794/mobile-broadband-provider-info-1.20120614-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9768/libtdb-1.2.10-15.fc17,libtevent-0.9.16-1.fc17,libldb-1.1.6-1.fc17,sssd-1.8.4-14.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9799/rsyslog-5.8.10-2.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9733/gstreamer-plugins-bad-free-0.10.23-7.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9653/clutter-1.10.8-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9719/glibc-2.15-48.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9675/folks-0.6.9-2.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9576/pygobject2-2.28.6-5.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9486/lorax-17.26-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9495/udisks2-1.94.0-7.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9470/metacity-2.34.3-2.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9456/gdb-7.4.50.20120120-49.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9374/kde-settings-4.8-15.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9364/libffado-2.1.0-0.9.20120325.svn2088.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9417/gnome-bluetooth-3.4.1-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9407/accountsservice-0.6.21-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9341/libX11-1.5.0-2.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9307/xorg-x11-drv-synaptics-1.6.2-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9352/python-setuptools-0.6.27-2.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9298/gd-2.0.35-17.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9252/gstreamer-plugins-good-0.10.31-4.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9281/gtkhtml3-4.4.2-3.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9172/parted-3.0-10.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9195/qtwebkit-2.2.2-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9604/webkitgtk3-1.8.1-3.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9448/tomahawk-0.4.2-2.fc17,choqok-1.3-2.fc17,attica-0.4.0-1.fc17,analitza-4.8.4-1.fc17,ark-4.8.4-1.fc17,blinken-4.8.4-1.fc17,cantor-4.8.4-1.fc17,filelight-4.8.4-2.fc17,gwenview-4.8.4-1.fc17,jovie-4.8.4-1.fc17,kaccessible-4.8.4-1.fc17,kactivities-4.8.4-1.fc17,kalgebra-4.8.4-1.fc17,kalzium-4.8.4-1.fc17,kamera-4.8.4-1.fc17,kanagram-4.8.4-1.fc17,kate-4.8.4-1.fc17,kbruch-4.8.4-1.fc17,kcalc-4.8.4-1.fc17,kcharselect-4.8.4-1.fc17,kcolorchooser-4.8.4-1.fc17,kdeaccessibility-4.8.4-1.fc17,kdeadmin-4.8.4-1.fc17,kdeartwork-4.8.4-1.fc17,kde-baseapps-4.8.4-1.fc17,kdebindings-4.8.4-1.fc17,kdeedu-4.8.4-1.fc17,kdegames-4.8.4-1.fc17,kdegraphics-4.8.4-1.fc17,kdegraphics-mobipocket-4.8.4-1.fc17,kdegraphics-strigi-analyzer-4.8.4-1.fc17,kdegraphics-thumbnailers-4.8.4-1.fc17,kde-l10n-4.8.4-1.fc17,kdelibs-4.8.4-5.fc17,kdemultimedia-4.8.4-3.fc17,kdenetwork-4.8.4-1.fc17,kdepim-4.8.4-2.fc17,kdepimlibs-4.8.4-1.fc17,kdepim-runtime-4.8.4-1.fc17,kdeplasma-addons-4.8.4-2.fc17,kde-printer-applet-4.8.4-1.fc17,kde-runtime-4.8.4-2.fc17,kdesdk-4.8.4-1.fc17,kdetoys-4.8.4-1.fc17,kdeutils-4.8.4-1.fc17,kde-wallpapers-4.8.4-1.fc17,kde-workspace-4.8.4-1.fc17,kdf-4.8.4-1.fc17,kfloppy-4.8.4-1.fc17,kgamma-4.8.4-1.fc17,kgeography-4.8.4-1.fc17,kgpg-4.8.4-1.fc17,khangman-4.8.4-1.fc17,kig-4.8.4-1.fc17,kimono-4.8.4-1.fc17,kiten-4.8.4-1.fc17,klettres-4.8.4-1.fc17,kmag-4.8.4-1.fc17,kmousetool-4.8.4-1.fc17,kmouth-4.8.4-1.fc17,kmplot-4.8.4-1.fc17,kolourpaint-4.8.4-1.fc17,konsole-4.8.4-1.fc17,kremotecontrol-4.8.4-1.fc17,kross-interpreters-4.8.4-1.fc17,kruler-4.8.4-1.fc17,ksaneplugin-4.8.4-1.fc17,ksecrets-4.8.4-1.fc17,ksnapshot-4.8.4-1.fc17,kstars-4.8.4-1.fc17,ktimer-4.8.4-1.fc17,ktouch-4.8.4-1.fc17,kturtle-4.8.4-1.fc17,kwallet-4.8.4-1.fc17,kwordquiz-4.8.4-1.fc17,libkdcraw-4.8.4-1.fc17,libkdeedu-4.8.4-1.fc17,libkexiv2-4.8.4-1.fc17,libkipi-4.8.4-1.fc17,libksane-4.8.4-1.fc17,marble-4.8.4-1.fc17,okular-4.8.4-1.fc17,oxygen-icon-theme-4.8.4-1.fc17,parley-4.8.4-1.fc17,pykde4-4.8.4-1.fc17,qyoto-4.8.4-1.fc17,rocs-4.8.4-1.f
c17,ruby-korundum-4.8.4-1.fc17,ruby-qt-4.8.4-1.fc17,smokegen-4.8.4-1.fc17,smokekde-4.8.4-2.fc17,smokeqt-4.8.4-1.fc17,step-4.8.4-1.fc17,superkaramba-4.8.4-1.fc17,svgpart-4.8.4-1.fc17,sweeper-4.8.4-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9017/gawk-4.0.1-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-9042/garcon-0.1.9-5.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-8993/sane-backends-1.0.22-11.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-8576/libpwquality-1.1.1-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-8988/mdadm-3.2.5-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-7461/libarchive-3.0.4-1.fc17
https://admin.fedoraproject.org/updates/FEDORA-2012-7262/biosdevname-0.4.0-1.fc17
The following builds have been pushed to Fedora 17 updates-testing
389-ds-base-1.2.11.6-1.fc17
boost-1.48.0-13.fc17
dnstracer-1.9-6.fc17
ghc-rpm-macros-0.15.6.1-1.fc17
jack-audio-connection-kit-1.9.8-9.fc17
jbossws-common-2.0.4-3.fc17
jbossws-spi-2.0.3-2.fc17
mod_security-2.6.6-2.fc17
mod_security_crs-2.2.5-1.fc17
pcp-3.6.3-1.fc17.2
python-httplib2-0.7.4-4.fc17
salt-0.10.1-1.fc17
sugar-pippy-48-1.fc17
wsdl4j-1.6.2-6.fc17
Details about builds:
================================================================================
389-ds-base-1.2.11.6-1.fc17 (FEDORA-2012-9804)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
do not reveal unhashed user password
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 21 2012 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.11.6-1
- Ticket #378 - audit log does not log unhashed password: enabled, by default.
- Ticket #378 - unhashed#user#password visible after changing password
- Ticket #365 - passwords in clear text in the audit log
--------------------------------------------------------------------------------
================================================================================
boost-1.48.0-13.fc17 (FEDORA-2012-9818)
The free peer-reviewed portable C++ source libraries
--------------------------------------------------------------------------------
Update Information:
- This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size. This could have security implications for applications that use Boost pool without sanitizing pool parameters.
- Boost.Locale library now contains backend code, which was left out before by mistake.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 21 2012 Petr Machata <pmachata@xxxxxxxxxx> - 1.48.0-13
- Build Boost.Locale backends
- Resolves: #832265
* Wed Jun 6 2012 Petr Machata <pmachata@xxxxxxxxxx> - 1.48.0-12
- In Boost.Pool, be careful not to overflow allocated chunk size.
- Resolves: #828857
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #832265 - Fails to build when linking with libboost_locale
https://bugzilla.redhat.com/show_bug.cgi?id=832265
[ 2 ] Bug #828857 - boost: ordered_malloc() overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=828857
--------------------------------------------------------------------------------
================================================================================
dnstracer-1.9-6.fc17 (FEDORA-2012-9817)
Trace a DNS record to its start of authority
--------------------------------------------------------------------------------
Update Information:
cleanup spec file
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 21 2012 Matthieu Saulnier <fantom@xxxxxxxxxxxxxxxxx> - 1.9-6
- cleanup spec file
--------------------------------------------------------------------------------
================================================================================
ghc-rpm-macros-0.15.6.1-1.fc17 (FEDORA-2012-9823)
Macros for building packages for GHC
--------------------------------------------------------------------------------
Update Information:
- new cabal-tweak-dep-ver script for editing version boundaries
- minimal backports to allow parsing latest haskell-platform.spec
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 22 2012 Jens Petersen <petersen@xxxxxxxxxx> - 0.15.6.1-1
- cabal-tweak-dep-ver: be careful only to match complete dep name and
do not match beyond ","
* Fri Jun 22 2012 Jens Petersen <petersen@xxxxxxxxxx> - 0.15.6-1
- cabal-tweak-dep-ver: new script to tweak depends version bounds in .cabal
from ghc-rpm-macros-0.95.5
- ghc-dep.sh: only use buildroot package.conf.d if it exists
- ghc-deps.sh: look in buildroot package.conf.d for program deps
- add a meta-package option to ghc_devel_package and use in ghc_devel_requires
- allow ghc_description, ghc_devel_description, ghc_devel_post_postun
to take args
- support meta packages like haskell-platform without base lib files
- add shell variable cabal_configure_extra_options to cabal_configure for
local configuration
- do not provide prof when without_prof set
--------------------------------------------------------------------------------
================================================================================
jack-audio-connection-kit-1.9.8-9.fc17 (FEDORA-2012-9826)
The Jack Audio Connection Kit
--------------------------------------------------------------------------------
Update Information:
Non-optimized build to workaround the compiler bug. Follow at http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53663
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 21 2012 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.9.8-9
- Build with -O0 until RHBZ#827748 is resolved
--------------------------------------------------------------------------------
================================================================================
jbossws-common-2.0.4-3.fc17 (FEDORA-2012-9821)
JBossWS Common
--------------------------------------------------------------------------------
Update Information:
Fix missing Message.proprties files
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
jbossws-spi-2.0.3-2.fc17 (FEDORA-2012-9822)
JBossWS SPI
--------------------------------------------------------------------------------
Update Information:
Make Message.properties available in jar
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
mod_security-2.6.6-2.fc17 (FEDORA-2012-9824)
Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
ModSecurity Multipart Bypasses fixed by this upstream release.
Upgrade to the latest stable upstream release.
Upgraded mod_security package.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 22 2012 Peter Vrabec <pvrabec@xxxxxxxxxx> - 2.6.6-2
- mlogc subpackage is not provided on RHEL
* Thu Jun 21 2012 Peter Vrabec <pvrabec@xxxxxxxxxx> - 2.6.6-1
- upgrade
* Mon May 7 2012 Joe Orton <jorton@xxxxxxxxxx> - 2.6.5-3
- packaging fixes
* Fri Apr 27 2012 Peter Vrabec <pvrabec@xxxxxxxxxx> 2.6.5-2
- fix license tag
* Thu Apr 5 2012 Peter Vrabec <pvrabec@xxxxxxxxxx> 2.6.5-1
- upgrade & move rules into new package mod_security_crs
* Fri Feb 10 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 2.5.13-3
- Rebuild against PCRE 8.30
- Do not install non-existing files
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.5.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue May 3 2011 Michael Fleming <mfleming+rpm@xxxxxxxxxxxxxxxxxxx> - 2.5.13-1
- Newer upstream version
--------------------------------------------------------------------------------
================================================================================
mod_security_crs-2.2.5-1.fc17 (FEDORA-2012-9813)
ModSecurity Rules
--------------------------------------------------------------------------------
Update Information:
ModSecurity Core Rule Set Multipart Bypasses fixed by this upstream release.
Updated spec file.
ModSecurity Rules
--------------------------------------------------------------------------------
================================================================================
pcp-3.6.3-1.fc17.2 (FEDORA-2012-9814)
System-level performance monitoring and performance management
--------------------------------------------------------------------------------
Update Information:
Remove pcp-import-sheet2pcp subpackage due to missing dependencies and fix build for s390x.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 21 2012 Mark Goodwin <mgoodwin@xxxxxxxxxx>
- remove pcp-import-sheet2pcp subpackage due to missing deps (BZ 830923) - 3.6.3-1.2
* Fri May 18 2012 Dan Horák <dan[at]danny.cz> - 3.6.3-1.1
- fix build on s390x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #754678 - f16 pcp-import-sheet2pcp requires perl(Spreadsheet::Read)
https://bugzilla.redhat.com/show_bug.cgi?id=754678
--------------------------------------------------------------------------------
================================================================================
python-httplib2-0.7.4-4.fc17 (FEDORA-2012-9805)
A comprehensive HTTP client library
--------------------------------------------------------------------------------
Update Information:
Fixed:
+ Bug 804879 - python-httplib2 0.7.0 should switch to use system cacerts
+ Bug 832344 - Certification validation fails due to multiple 'dns' entries in subjectAltName (which is also google issue 208)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 22 2012 Ding-Yi Chen <dchen at redhat.com> - 0.7.4-4
- Unify the spec file between EPEL and Fedora.
* Thu Jun 21 2012 Ding-Yi Chen <dchen at redhat.com> - 0.7.4-3
- Applied patch suggested by richardfearn@xxxxxxxxx regarding issue 208
- Fixed: Bug 832344 - Certification validation fails due to multiple 'dns' entries in subjectAltName
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #804879 - python-httplib2 0.7.0 should switch to use system cacerts
https://bugzilla.redhat.com/show_bug.cgi?id=804879
[ 2 ] Bug #832344 - Certification validation fails due to multiple 'dns' entries in subjectAltName
https://bugzilla.redhat.com/show_bug.cgi?id=832344
--------------------------------------------------------------------------------
================================================================================
salt-0.10.1-1.fc17 (FEDORA-2012-9811)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2012 Clint Savage <herlo1@xxxxxxxxx> - 0.10.1-1
- Moved to upstream release 0.10.1
--------------------------------------------------------------------------------
================================================================================
sugar-pippy-48-1.fc17 (FEDORA-2012-9807)
Pippy for Sugar
--------------------------------------------------------------------------------
Update Information:
Improve translations and fix some translations bugs
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2012 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 48-1
- Release 48
--------------------------------------------------------------------------------
================================================================================
wsdl4j-1.6.2-6.fc17 (FEDORA-2012-9809)
Web Services Description Language Toolkit for Java
--------------------------------------------------------------------------------
Update Information:
- Fix file encoding for wsdl4j-MANIFEST.MF
- Update Bundle-Version in OSGi manifest
- Fix installation of jars in specfile
- Clean up specfile - remove javadoc dir version; remove clean section
- Do not include versioned javadoc
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2012 Alexander Kurtakov <akurtako@xxxxxxxxxx> 0:1.6.2-6
- Do not include versioned javadoc.
* Fri Jun 15 2012 Gerard Ryan <galileo@xxxxxxxxxxxxxxxxx> - 0:1.6.2-5
- Fix file encoding for wsdl4j-MANIFEST.MF
- Update Bundle-Version in OSGi manifest
- Fix installation of jars in specfile
- Clean up specfile - remove javadoc dir version; remove clean section
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
