The following Fedora 18 Security updates need testing: Age URL 2 https://admin.fedoraproject.org/updates/FEDORA-2012-11900/libotr-3.2.1-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2012-11962/phpMyAdmin-3.5.2.2-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2012-11963/glibc-2.16-8.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2012-11981/wireshark-1.8.2-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2012-11988/pcp-3.6.5-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2012-12174/postgresql-9.1.5-1.fc18 The following builds have been pushed to Fedora 18 updates-testing autodir-0.99.9-14.fc18 directory-project-27-1.fc18 ghc-MonadCatchIO-mtl-0.3.0.5-1.fc18 graphviz-2.28.0-23.fc18 mcrypt-2.6.8-7.fc18 mozilla-https-everywhere-2.2.1-1.fc18 perl-Email-Simple-2.102-1.fc18 postgresql-9.1.5-1.fc18 qpid-cpp-0.16-8.fc18 roboptim-trajectory-0.5-5.fc18 rubygem-nokogiri-1.5.5-2.fc18 xml-commons-apis-1.4.01-8.fc18 xml-commons-resolver-1.2-10.fc18 yum-3.4.3-32.fc18 Details about builds: ================================================================================ autodir-0.99.9-14.fc18 (FEDORA-2012-12180) Creates user directories on demand -------------------------------------------------------------------------------- Update Information: Fix FTBFS. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.99.9-14 - fix ftbfs (setpriority needs explicit headers in modern glibc) * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.99.9-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ directory-project-27-1.fc18 (FEDORA-2012-12176) Apache Directory Project Root pom -------------------------------------------------------------------------------- Update Information: Initial import. -------------------------------------------------------------------------------- References: [ 1 ] Bug #823959 - Review Request: directory-project - Apache Directory Project Root pom https://bugzilla.redhat.com/show_bug.cgi?id=823959 -------------------------------------------------------------------------------- ================================================================================ ghc-MonadCatchIO-mtl-0.3.0.5-1.fc18 (FEDORA-2012-12167) Monad-transformer for Control.Exception -------------------------------------------------------------------------------- Update Information: Updated to 0.3.0.5 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 0.3.0.5-1 - Updated to 0.3.0.5 - spec file template generated by cabal2spec-0.25.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #849142 - ghc-MonadCatchIO-mtl-0.3.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=849142 -------------------------------------------------------------------------------- ================================================================================ graphviz-2.28.0-23.fc18 (FEDORA-2012-12171) Graph Visualization Tools -------------------------------------------------------------------------------- Update Information: This is an update that fixes several bugs, namely post/postun plugins installation handling, several (not all) 387 FP arithmetic problems, removes unnecessary implicit dependencies and more, for details see changelog. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.28.0-23 - Silenced 'dot -c' errors/warnings in post/postun - Do not remove dot config in plugins post/postun * Fri Aug 17 2012 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.28.0-22 - dot_builtins no longer installed (lowers implicit deps) - Fixed post/postuns for plugins - Removed -ffast-math, added -ffloat-store (on i386) to fix arithmetic on i386 -------------------------------------------------------------------------------- ================================================================================ mcrypt-2.6.8-7.fc18 (FEDORA-2012-12169) Replacement for crypt() -------------------------------------------------------------------------------- Update Information: Fix typos in manpage. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.6.8-7 - fix typos in manpage -------------------------------------------------------------------------------- References: [ 1 ] Bug #592518 - Manual entry spelling errors https://bugzilla.redhat.com/show_bug.cgi?id=592518 -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-2.2.1-1.fc18 (FEDORA-2012-12177) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: Update to upstream 2.2.1. This one should actually work. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 2.2.1-1 - Update to upstream 2.2.1. Hopefully this one will actually work. * Fri Aug 17 2012 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 2.1-5 - Add appManaged flag to prevent update in user profile directories - prompted by release of badly broken 2.2 upstream * Fri Aug 17 2012 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 2.2-2 - Prevent ruleset bugs from crashing the UI -- https://trac.torproject.org/projects/tor/ticket/6280 - Fix the enable/disable button in Firefox 14 -- https://trac.torproject.org/projects/tor/ticket/6212 - Fix a nasty bug in the optional "Search www.google.com" ruleset: -- https://gitweb.torproject.org/https-everywhere.git/commitdiff/50ca41a1e189ef8383781f803e51ec7a06688a3b - Disable buggy/broken: ZDNet, Globe and Mail, Blip.tv, Governo Portugês, -- Alton Towers, McAfee :( :( :( - Fixes: Yandex, Wikipedia, PirateParty, JBoss, Gentoo - Hopefully the last 2.x release before 3.0 stable -------------------------------------------------------------------------------- ================================================================================ perl-Email-Simple-2.102-1.fc18 (FEDORA-2012-12173) Simple parsing of RFC2822 message format and headers -------------------------------------------------------------------------------- Update Information: Update to 2.102, fix missing Requires: perl(Email::Date::Format) -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.102-1 - update to 2.102 - add explicit Requires: perl(Email::Date::Format) -------------------------------------------------------------------------------- References: [ 1 ] Bug #848997 - Missing requirement on perl(Email::Date::Format) https://bugzilla.redhat.com/show_bug.cgi?id=848997 -------------------------------------------------------------------------------- ================================================================================ postgresql-9.1.5-1.fc18 (FEDORA-2012-12174) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: Update to PostgreSQL 9.1.5, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-5.html including the fixes for CVE-2012-3488, CVE-2012-3489 Configure postmaster to create Unix-domain sockets in both /var/run/postgresql and /tmp; the former is now the default place for libpq to contact the postmaster. This works around problems with clients running in a PrivateTmp context. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Tom Lane <tgl@xxxxxxxxxx> 9.1.5-1 - Update to PostgreSQL 9.1.5, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-5.html including the fixes for CVE-2012-3488, CVE-2012-3489 -------------------------------------------------------------------------------- References: [ 1 ] Bug #849172 - CVE-2012-3488 postgresql (xml2 contrib module): XXE by applying XSL stylesheet to the document https://bugzilla.redhat.com/show_bug.cgi?id=849172 [ 2 ] Bug #849173 - CVE-2012-3489 postgresql: File disclosure through XXE in xmlparse by DTD validation https://bugzilla.redhat.com/show_bug.cgi?id=849173 -------------------------------------------------------------------------------- ================================================================================ qpid-cpp-0.16-8.fc18 (FEDORA-2012-12168) Libraries for Qpid C++ client applications -------------------------------------------------------------------------------- Update Information: Adds the qpid-cpp-server-daemon package. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.16-8 - Added the qpid-cpp-server-daemon subpackage. * This package delivers the SysVInit scripts needed by qpidd. -------------------------------------------------------------------------------- ================================================================================ roboptim-trajectory-0.5-5.fc18 (FEDORA-2012-12178) The RobOptim trajectory C++ library -------------------------------------------------------------------------------- Update Information: Fix FTBFS -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rubygem-nokogiri-1.5.5-2.fc18 (FEDORA-2012-12172) An HTML, XML, SAX, and Reader parser -------------------------------------------------------------------------------- Update Information: Rebuilt againts libxml2 2.9. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Vít Ondruch <vondruch@xxxxxxxxxx> - 1.5.5-2 - Rebuilt againts libxml2 2.9. -------------------------------------------------------------------------------- ================================================================================ xml-commons-apis-1.4.01-8.fc18 (FEDORA-2012-12175) APIs for DOM, SAX, and JAXP -------------------------------------------------------------------------------- Update Information: The previous version of xml-commons-resolver had an enforced requirement on osgi(system.bundle). This has been removed. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Andy Grimm <agrimm@xxxxxxxxx> - 1.4.01-8 - Remove osgi(system.bundle) requirement from manifest -------------------------------------------------------------------------------- ================================================================================ xml-commons-resolver-1.2-10.fc18 (FEDORA-2012-12170) Resolver subproject of xml-commons -------------------------------------------------------------------------------- Update Information: The previous version of xml-commons-resolver had an enforced requirement on osgi(system.bundle). This has been removed. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 17 2012 Andy Grimm <agrimm@xxxxxxxxx> - 0:1.2-10 - Remove osgi(system.bundle) requirement -------------------------------------------------------------------------------- ================================================================================ yum-3.4.3-32.fc18 (FEDORA-2012-12179) RPM package installer/updater/manager -------------------------------------------------------------------------------- Update Information: Add environment groups. Misc. fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 16 2012 James Antill <james at fedoraproject.org> - 3.4.3-32 - update to latest HEAD. - Some fixes for new environment groups. - Fix "yum upgrade" download verification. BZ 848811. * Fri Aug 10 2012 James Antill <james at fedoraproject.org> - 3.4.3-31 - update to latest HEAD. - Big update, mostly for "environment groups". -------------------------------------------------------------------------------- References: [ 1 ] Bug #848065 - --distro param truncates tag string https://bugzilla.redhat.com/show_bug.cgi?id=848065 [ 2 ] Bug #615763 - yum ignores posttrans or kills error messages on posttrans?? https://bugzilla.redhat.com/show_bug.cgi?id=615763 [ 3 ] Bug #845765 - Yum update fails "ValueError: invalid literal for int() with base 10: '-->'" https://bugzilla.redhat.com/show_bug.cgi?id=845765 [ 4 ] Bug #815568 - yum-security does not work with yum makecache and yum -C https://bugzilla.redhat.com/show_bug.cgi?id=815568 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
