The following Fedora 18 Security updates need testing: Age URL 1 https://admin.fedoraproject.org/updates/FEDORA-2012-11900/libotr-3.2.1-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2012-11962/phpMyAdmin-3.5.2.2-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2012-11963/glibc-2.16-8.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2012-11981/wireshark-1.8.2-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2012-11988/pcp-3.6.5-1.fc18 The following builds have been pushed to Fedora 18 updates-testing abrt-2.0.11-2.fc18 amanda-3.3.2-1.fc18 bind-dyndb-ldap-1.1.0-0.16.rc1.fc18 boost-1.50.0-4.fc18 bvi-1.3.2-8.fc18 cutecom-0.22.0-4.fc18 dnstracer-1.9-8.fc18 easybashgui-4.0.3-3.fc18 erlang-basho_stats-1.0.2-1.fc18 exif-0.6.21-3.fc18 gearmand-0.33-3.fc18 git-1.7.11.5-1.fc18 ibus-libpinyin-1.4.91-1.fc18 libhbalinux-1.0.14-3.fc18 libkolab-0.3-8.fc18 libpinyin-0.7.1-1.fc18 libreport-2.0.12-5.fc18 lorax-18.14-1.fc18 mate-vfs-1.4.0-10.fc18 mule-2.0.2.20080813-6.fc18 pcl-1.6.0-1.fc18 pcp-3.6.5-1.fc18 pion-net-4.0.9-3.fc18 powertop-2.1-2.fc18 proj-4.8.0-3.fc18 python-tbgrep-0.2.2-1.fc18 rubygem-ttfunk-1.0.3-4.fc18 sysvinit-2.88-8.dsf.fc18 util-linux-2.22-0.1.fc18 wireshark-1.8.2-1.fc18 Details about builds: ================================================================================ abrt-2.0.11-2.fc18 (FEDORA-2012-11984) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: * Not sending sensitive data * Show url to faf report * Fixed bugzilla comment 0 * Fixed bugzilla attachements -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 10 2012 Jakub Filak <jfilak@xxxxxxxxxx> 2.0.11-2 - fix abrt-dbus crash if no element is found in GetInfo() - set sending-sensitive-data option to 'yes' for analyze_RetraceServer event -------------------------------------------------------------------------------- ================================================================================ amanda-3.3.2-1.fc18 (FEDORA-2012-11996) A network-capable tape backup solution -------------------------------------------------------------------------------- Update Information: Latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 15 2012 Lukáš Nykrýn <lnykryn@xxxxxxxxxx> - 3.3.2-1 - upgrade to new upstream release - convert to systemd -------------------------------------------------------------------------------- References: [ 1 ] Bug #737147 - Provide native systemd service file https://bugzilla.redhat.com/show_bug.cgi?id=737147 -------------------------------------------------------------------------------- ================================================================================ bind-dyndb-ldap-1.1.0-0.16.rc1.fc18 (FEDORA-2012-12001) LDAP back-end plug-in for BIND -------------------------------------------------------------------------------- Update Information: Pull in the latest fixes from upstream git repository. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Adam Tkac <atkac redhat com> 1.1.0-0.16.rc1 - update to the latest git -------------------------------------------------------------------------------- ================================================================================ boost-1.50.0-4.fc18 (FEDORA-2012-12000) The free peer-reviewed portable C++ source libraries -------------------------------------------------------------------------------- Update Information: - Override boost_thread-mt.so with a linker script that brings in Boost.System DSO as well. This should take care of a problem that some packages have with detecting boost-thread. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 15 2012 Petr Machata <pmachata@xxxxxxxxxx> - 1.50.0-4 - Override boost_thread-mt.so with a linker script that brings in Boost.System DSO as well. * Wed Aug 8 2012 Petr Machata <pmachata@xxxxxxxxxx> - 1.50.0-3 - boost-python3 shouldn't be under the overall boost umbrella -------------------------------------------------------------------------------- ================================================================================ bvi-1.3.2-8.fc18 (FEDORA-2012-11998) Display-oriented editor for binary files -------------------------------------------------------------------------------- Update Information: Add French translation in spec file -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Matthieu Saulnier <fantom@xxxxxxxxxxxxxxxxx> - 1.3.2-8 - Add French translation in spec file -------------------------------------------------------------------------------- ================================================================================ cutecom-0.22.0-4.fc18 (FEDORA-2012-11982) A graphical serial terminal, like minicom or Hyperterminal on Windows -------------------------------------------------------------------------------- Update Information: Enable xmodem support by adding runtime requirement on lrzsz -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 15 2012 Rich Mattes <richmattes@xxxxxxxxx> - 0.22.0-4 - Add support for xmodem via lrzsz package (rhbz#848449) -------------------------------------------------------------------------------- ================================================================================ dnstracer-1.9-8.fc18 (FEDORA-2012-11994) Trace a DNS record to its start of authority -------------------------------------------------------------------------------- Update Information: Add French translation in spec file -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Matthieu Saulnier <fantom@xxxxxxxxxxxxxxxxx> - 1.9-8 - Add French translation in spec file -------------------------------------------------------------------------------- ================================================================================ easybashgui-4.0.3-3.fc18 (FEDORA-2012-11985) Bash function library -------------------------------------------------------------------------------- Update Information: Add French translation in spec file -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Matthieu Saulnier <fantom@xxxxxxxxxxxxxxxxx> - 4.0.3-3 - Add French translation in spec file -------------------------------------------------------------------------------- ================================================================================ erlang-basho_stats-1.0.2-1.fc18 (FEDORA-2012-12005) Basic Erlang statistics library -------------------------------------------------------------------------------- Update Information: * Ver. 1.0.2 (fully API/ABI compatible with 1.0.1) -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.0.2-1 - Ver. 1.0.2 -------------------------------------------------------------------------------- ================================================================================ exif-0.6.21-3.fc18 (FEDORA-2012-12004) Utility to show EXIF information hidden in JPEG files -------------------------------------------------------------------------------- Update Information: Add French translation in spec file -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Matthieu Saulnier <fantom@xxxxxxxxxxxxxxxxx> - 0.6.21-3 - Add French translation in spec file -------------------------------------------------------------------------------- ================================================================================ gearmand-0.33-3.fc18 (FEDORA-2012-12002) A distributed job system -------------------------------------------------------------------------------- Update Information: Rebuilt for boost update. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 15 2012 BJ Dierkes <wdierkes@xxxxxxxxxxxxx> - 0.33-3 - Rebuilt for latest boost. - BuildRequires: boost-thread - Added -lboost_system to LDFLAGS to work around boost issue related to boost-thread. -------------------------------------------------------------------------------- ================================================================================ git-1.7.11.5-1.fc18 (FEDORA-2012-11999) Fast Version Control System -------------------------------------------------------------------------------- Update Information: This is an upstream bugfix release. Refer to the release notes for details: https://raw.github.com/git/git/master/Documentation/RelNotes/1.7.11.5.txt Additionally, there is now a git-p4 package which provides tools for working with Perforce depots. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 15 2012 Todd Zullinger <tmz@xxxxxxxxx> - 1.7.11.5-1 - Update to 1.7.11.5 - Add git-p4 subpackage (#844008) -------------------------------------------------------------------------------- References: [ 1 ] Bug #844008 - git p4 support is disabled when NO_PYTHON is enabled https://bugzilla.redhat.com/show_bug.cgi?id=844008 -------------------------------------------------------------------------------- ================================================================================ ibus-libpinyin-1.4.91-1.fc18 (FEDORA-2012-11997) Intelligent Pinyin engine based on libpinyin for IBus -------------------------------------------------------------------------------- Update Information: ibus-libpinyin with libpinyin updates -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Peng Wu <pwu@xxxxxxxxxx> - 1.4.91-1 - Update to 1.4.91 -------------------------------------------------------------------------------- ================================================================================ libhbalinux-1.0.14-3.fc18 (FEDORA-2012-11987) FC-HBAAPI implementation using scsi_transport_fc interfaces -------------------------------------------------------------------------------- Update Information: Include the unversioned library in the devel subpackage. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Petr Šabata <contyk@xxxxxxxxxx> - 1.0.14-3 - Include the unversioned library in the devel subpackage. -------------------------------------------------------------------------------- ================================================================================ libkolab-0.3-8.fc18 (FEDORA-2012-11991) Kolab Object Handling Library -------------------------------------------------------------------------------- Update Information: Rebuild against new boost. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 14 2012 Christoph Wickert <cwickert@xxxxxxxxxxxxxxxxx> - 0.3-8 - Rebuild for new boost -------------------------------------------------------------------------------- References: [ 1 ] Bug #847689 - repoclosure failure on 18 Alpha TC2 DVDs (libkolab) https://bugzilla.redhat.com/show_bug.cgi?id=847689 -------------------------------------------------------------------------------- ================================================================================ libpinyin-0.7.1-1.fc18 (FEDORA-2012-11997) Library to deal with pinyin -------------------------------------------------------------------------------- Update Information: ibus-libpinyin with libpinyin updates -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 15 2012 Peng Wu <pwu@xxxxxxxxxx> - 0.7.1-1 - Update to 0.7.1 -------------------------------------------------------------------------------- ================================================================================ libreport-2.0.12-5.fc18 (FEDORA-2012-11984) Generic library for reporting various problems -------------------------------------------------------------------------------- Update Information: * Not sending sensitive data * Show url to faf report * Fixed bugzilla comment 0 * Fixed bugzilla attachements -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 15 2012 Jakub Filak <jfilak@xxxxxxxxxx> 2.0.12-5 - rhbz#741255: don't autodetect executable for sealert reports - show message from the server for known uReports - trac#678: reporter-bugzilla: do not attach empty files - Resolves: #741255 * Tue Aug 14 2012 Jakub Filak <jfilak@xxxxxxxxxx> 2.0.12-4 - rhbz#846389: generate koops description according to rhbz std template - trac#556: skip not provided bz bug description template fields - report-gtk: don't log THANKYOU message - added internal_libreport.h into POTFILES.in rhbz#801255 - updated po files - Resolves: #801255, #846389 * Fri Aug 10 2012 Jakub Filak <jfilak@xxxxxxxxxx> 2.0.12-3 - wizard: small changes to message texts and one function name - trac#623: dd_opendir() fails if time file doesn't contain valid time stamp - trac#660: report-cli asks for premission to send sensitive data - trac#660: report-gtk asks for permission to send sensitive data - trac#660: report-gtk: introduce generic ask_yes_no() function for options - trac#660: add support for sendining-sensitive-data event option - Do not check for analyzer == "Kerneloops" when appending "TAINTED" msg - fix leaks in list_possible_events() -------------------------------------------------------------------------------- ================================================================================ lorax-18.14-1.fc18 (FEDORA-2012-11979) Tool for creating the anaconda install images -------------------------------------------------------------------------------- Update Information: turn off tmpfs and include some needed libs that were removed to save speace. A stack of fixes for F18. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Brian C. Lane <bcl@xxxxxxxxxx> 18.14-1 - remove cleanup of some essential libraries (bcl@xxxxxxxxxx) - Mask the tmp.mount service to avoid tmpfs (jkeating@xxxxxxxxxx) * Wed Aug 15 2012 Brian C. Lane <bcl@xxxxxxxxxx> 18.13-1 - Add a command line option to override the ARM platform. (dmarlin@xxxxxxxxxx) - Don't remove krb5-libs (#848227) (mgracik@xxxxxxxxxx) - Add grub2-efi support and Secure Boot shim support. (pjones@xxxxxxxxxx) - Fix GPT code to allocate space for /2/ tables. (pjones@xxxxxxxxxx) - Add platforms to the treeinfo for Beaker support. (dmarlin@xxxxxxxxxx) - add logging to lorax (bcl@xxxxxxxxxx) - move live templates into their own subdir of share (bcl@xxxxxxxxxx) - clean up command execution (bcl@xxxxxxxxxx) - livemedia-creator: cleanup logging a bit (bcl@xxxxxxxxxx) -------------------------------------------------------------------------------- References: [ 1 ] Bug #848227 - anaconda fails to initialize in F18 Alpha TC1 because it uses libgssapi_krb5.so.2, which lorax purges during compose https://bugzilla.redhat.com/show_bug.cgi?id=848227 [ 2 ] Bug #848682 - anaconda boots into a black screen https://bugzilla.redhat.com/show_bug.cgi?id=848682 -------------------------------------------------------------------------------- ================================================================================ mate-vfs-1.4.0-10.fc18 (FEDORA-2012-11992) The MATE virtual file-system libraries -------------------------------------------------------------------------------- Update Information: fedora first release -------------------------------------------------------------------------------- References: [ 1 ] Bug #844164 - Review Request: mate-vfs - The MATE virtual file-system libraries https://bugzilla.redhat.com/show_bug.cgi?id=844164 -------------------------------------------------------------------------------- ================================================================================ mule-2.0.2.20080813-6.fc18 (FEDORA-2012-11983) Mule Enterprise Service Bus Java libraries -------------------------------------------------------------------------------- Update Information: Backported changes from mule 3.3 development to make mule compatible with spring 3.1 -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 11 2012 Andy Grimm <agrimm@xxxxxxxxx> - 2.0.2.20080813-6 - Patch for Spring 3.1 * Thu Aug 9 2012 Andy Grimm <agrimm@xxxxxxxxx> - 2.0.2.20080813-5 - Enable management module * Tue Aug 7 2012 Andy Grimm <agrimm@xxxxxxxxx> - 2.0.2.20080813-4 - Enable stax-utils classes, which had been patched out -------------------------------------------------------------------------------- ================================================================================ pcl-1.6.0-1.fc18 (FEDORA-2012-11980) Library for point cloud processing -------------------------------------------------------------------------------- Update Information: Update to upstream release 1.6.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 6 2012 Rich Mattes <richmattes@xxxxxxxxx> - 1.6.0-1 - Update to release 1.6.0 -------------------------------------------------------------------------------- ================================================================================ pcp-3.6.5-1.fc18 (FEDORA-2012-11988) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information: Security and bugfix update. Security flaws fixed include CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 and CVE-2012-3421 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Mark Goodwin <mgoodwin@xxxxxxxxxx> - 3.6.5-1 - Update to latest PCP sources, see installed CHANGELOG for details. - Fix security flaws: CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 and CVE-2012-3421 (BZ 848629) -------------------------------------------------------------------------------- References: [ 1 ] Bug #841698 - CVE-2012-3418 pcp: multiple integer and heap-based buffer overflow flaws https://bugzilla.redhat.com/show_bug.cgi?id=841698 [ 2 ] Bug #841702 - CVE-2012-3419 pcp: privileged information diclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=841702 [ 3 ] Bug #841704 - CVE-2012-3420 pcp: two memory leaks can lead to pcmd crash or trigger OOM killer https://bugzilla.redhat.com/show_bug.cgi?id=841704 [ 4 ] Bug #841706 - CVE-2012-3421 pcp: event-driven programming flaw blocks pmcd from responding to other legitimate requests https://bugzilla.redhat.com/show_bug.cgi?id=841706 -------------------------------------------------------------------------------- ================================================================================ pion-net-4.0.9-3.fc18 (FEDORA-2012-11989) C++ library for building lightweight HTTP interfaces -------------------------------------------------------------------------------- Update Information: rebuild with new boost -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Jan Vcelak <jvcelak@xxxxxxxxxx> 4.0.9-3 - rebuild with new boost library -------------------------------------------------------------------------------- References: [ 1 ] Bug #847693 - repoclosure failure on 18 Alpha TC2 DVDs (pion-net) https://bugzilla.redhat.com/show_bug.cgi?id=847693 -------------------------------------------------------------------------------- ================================================================================ powertop-2.1-2.fc18 (FEDORA-2012-11986) Power consumption monitor -------------------------------------------------------------------------------- Update Information: This is a new version of powertop that fixes several bugs and brings new features, for original announcement see: https://01.org/powertop/blogs/ceferron/2012/powertop-v2.1-release -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.1-2 - Removed left over object files * Thu Aug 16 2012 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.1-1 - New version - Removed patches (all upstreamed): show-watts-only-if-discharging, valid-html-output, factor-out-powertop-init, catch-fstream-errors -------------------------------------------------------------------------------- ================================================================================ proj-4.8.0-3.fc18 (FEDORA-2012-12003) Cartographic projection software (PROJ.4) -------------------------------------------------------------------------------- Update Information: Install projects.h. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Devrim GÜNDÜZ <devrim@xxxxxxxxxx> 4.8.0-3 - Install projects.h manually, per #830496. -------------------------------------------------------------------------------- References: [ 1 ] Bug #830496 - Install projects.h in Proj 4.8 https://bugzilla.redhat.com/show_bug.cgi?id=830496 -------------------------------------------------------------------------------- ================================================================================ python-tbgrep-0.2.2-1.fc18 (FEDORA-2012-11990) Extract Python Tracebacks from text -------------------------------------------------------------------------------- Update Information: Initial import (#847571) -------------------------------------------------------------------------------- ================================================================================ rubygem-ttfunk-1.0.3-4.fc18 (FEDORA-2012-11995) Font Metrics Parser for Prawn -------------------------------------------------------------------------------- Update Information: new package -------------------------------------------------------------------------------- References: [ 1 ] Bug #845805 - Review Request: rubygem-ttfunk - Font Metrics Parser for Prawn https://bugzilla.redhat.com/show_bug.cgi?id=845805 -------------------------------------------------------------------------------- ================================================================================ sysvinit-2.88-8.dsf.fc18 (FEDORA-2012-11993) Programs which control basic system processes -------------------------------------------------------------------------------- Update Information: This is new util-linux upstream update -- merges sulogin and utmpdump from sysvinit into util-linux. The both packages have to be updated together. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 1 2012 Petr Lautrbach <plautrba@xxxxxxxxxx> 2.88-8.dsf - disable utmpdump and sulogin, now available in util-linux -------------------------------------------------------------------------------- ================================================================================ util-linux-2.22-0.1.fc18 (FEDORA-2012-11993) A collection of basic system utilities -------------------------------------------------------------------------------- Update Information: This is new util-linux upstream update -- merges sulogin and utmpdump from sysvinit into util-linux. The both packages have to be updated together. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Karel Zak <kzak@xxxxxxxxxx> 2.22-0.1 - upgrade to the release 2.22-rc2 ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.22/v2.22-ReleaseNotes - add sulogin, utmpdump, lslocks, wdctl -------------------------------------------------------------------------------- ================================================================================ wireshark-1.8.2-1.fc18 (FEDORA-2012-11981) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: Upgrade to wireshark 1.8.2 The following vulnerabilities have been fixed. wnpa-sec-2012-13:The DCP ETSI dissector could trigger a zero division. wnpa-sec-2012-14: The MongoDB dissector could go into a large loop. wnpa-sec-2012-15: The XTP dissector could go into an infinite loop. wnpa-sec-2012-16: The ERF dissector could overflow a buffer. wnpa-sec-2012-17: AFP dissector could go into a large loop. wnpa-sec-2012-18: RTPS2 dissector could overflow a buffer. wnpa-sec-2012-19: GSM RLC MAC dissector could overflow a buffer. wnpa-sec-2012-20: CIP dissector could exhaust system memory. wnpa-sec-2012-21: STUN dissector could crash. wnpa-sec-2012-22: EtherCAT Mailbox dissector could abort. wnpa-sec-2012-23: CTDB dissector could go into a large loop. wnpa-sec-2012-24: pcap-ng file parser could trigger a zero division. wnpa-sec-2012-25: Ixia IxVeriWave file parser could overflow a buffer. See http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html for details. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 Jan Safranek <jsafrane@xxxxxxxxxx> - 1.8.2-1 - upgrade to 1.8.2 - see http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #848544 - CVE-2012-4287 wireshark: DoS via excessive CPU consumption in MondoDB dissector (wnpa-sec-2012-14) https://bugzilla.redhat.com/show_bug.cgi?id=848544 [ 2 ] Bug #848554 - CVE-2012-4294 CVE-2012-4295 wireshark: buffer overflow in ERF dissector (wnpa-sec-2012-16) https://bugzilla.redhat.com/show_bug.cgi?id=848554 [ 3 ] Bug #848584 - CVE-2012-4286 wireshark: crash due to zero division in pcnap-ng file parser (wnpa-sec-2012-24) https://bugzilla.redhat.com/show_bug.cgi?id=848584 [ 4 ] Bug #848588 - CVE-2012-4298 wireshark: buffer overflow in Ixia IxVeriWave file parser (wnpa-sec-2012-25) https://bugzilla.redhat.com/show_bug.cgi?id=848588 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
