Fedora 16 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 16 Security updates need testing:
 Age  URL
  89  https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16
  14  https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16
   7  https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16
   6  https://admin.fedoraproject.org/updates/FEDORA-2012-15098/openstack-swift-1.4.8-3.fc16
  61  https://admin.fedoraproject.org/updates/FEDORA-2012-11526/dokuwiki-0-0.11.20120125.b.fc16
   3  https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16
  92  https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16
  12  https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16
  18  https://admin.fedoraproject.org/updates/FEDORA-2012-14126/dbus-1.4.10-4.fc16
  10  https://admin.fedoraproject.org/updates/FEDORA-2012-14707/openjpeg-1.4-14.fc16
  17  https://admin.fedoraproject.org/updates/FEDORA-2012-14322/pcp-3.6.8-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-15482/perl-HTML-Template-Pro-0.9509-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-15507/ruby-1.8.7.358-4.fc16


The following Fedora 16 Critical Path updates have yet to be approved:
 Age URL
   0  https://admin.fedoraproject.org/updates/FEDORA-2012-15485/mdadm-3.2.5-10.fc16
   2  https://admin.fedoraproject.org/updates/FEDORA-2012-15325/kernel-3.4.12-1.fc16
   3  https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16
   5  https://admin.fedoraproject.org/updates/FEDORA-2012-15131/mysql-5.5.28-1.fc16
   6  https://admin.fedoraproject.org/updates/FEDORA-2012-15090/nss-3.13.5-2.fc16
   7  https://admin.fedoraproject.org/updates/FEDORA-2012-14958/libfm-1.0.1-1.fc16,pcmanfm-1.0.1-1.fc16
   7  https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16
  13  https://admin.fedoraproject.org/updates/FEDORA-2012-14626/qrencode-3.3.1-4.fc16
The following builds have been pushed to Fedora 16 updates-testing

    fence-agents-3.1.10-1.fc16
    gofer-0.74-1.fc16
    innotop-1.9.0-2.fc16
    jetty-6.1.26-9.fc16
    kde-plasma-networkmanagement-0.9.0.5-1.fc16
    mdadm-3.2.5-10.fc16
    oxygen-gtk2-1.3.1-1.fc16
    oxygen-gtk3-1.1.1-1.fc16
    perl-HTML-Template-Pro-0.9509-1.fc16
    python-odict-1.5.0-4.fc16
    ruby-1.8.7.358-4.fc16

Details about builds:


================================================================================
 fence-agents-3.1.10-1.fc16 (FEDORA-2012-15486)
 Fence Agents for Red Hat Cluster
--------------------------------------------------------------------------------
Update Information:

new upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  5 2012 Marek Grac <mgrac@xxxxxxxxxx> - 3.1.10-1
- new upstream release
--------------------------------------------------------------------------------


================================================================================
 gofer-0.74-1.fc16 (FEDORA-2012-15494)
 A lightweight, extensible python agent
--------------------------------------------------------------------------------
Update Information:

Update to gofer 0.74.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  3 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.74-1
- Make watchdog journal object configurable; watchdog singleton by URL only.
  (jortel@xxxxxxxxxx)
* Thu Sep 13 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.73-1
- Progress reporting enhancements. (jortel@xxxxxxxxxx)
- Add for debugging w/o running as root. (jortel@xxxxxxxxxx)
* Mon Aug 20 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.72-1
- Add unit tests: watchdog test. (jortel@xxxxxxxxxx)
- Add man page for goferd. (jortel@xxxxxxxxxx)
- Replace BlackList with python set. (jortel@xxxxxxxxxx)
- Add progress reporting; watchdog enhancements. (jortel@xxxxxxxxxx)
- remove f15 and add f18 to tito releaser. (jortel@xxxxxxxxxx)
* Tue Jul 31 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.71-1
- Port ruby-gofer to rubygem-qpid. (jortel@xxxxxxxxxx)
- Make /usr/share/gofer/plugins the primary plugin location. Based on fedora
  packaging guidelines referencing FHS standards. (jortel@xxxxxxxxxx)
- Discontinue {_libdir} macro for plugins. (jortel@xxxxxxxxxx)
* Tue Jun 12 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.70-1
- Refit mocks for reparent of Envelope & Options to (object).
  (jortel@xxxxxxxxxx)
* Fri Jun  8 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.69-1
- 829767 - fix simplejons 2.2+ issue (fedora 17). Envelope/Options rebased on
  object rather than dict. (jortel@xxxxxxxxxx)
- Add whiteboard. (jortel@xxxxxxxxxx)
- Fixed 'Undefined variable (s) in XBindings.__bindings(). (jortel@xxxxxxxxxx)
* Thu Apr 26 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.68-1
- Refit watchdog plugin; set journal location; skip directories in journal dir.
  (jortel@xxxxxxxxxx)
- Make the watchdog journal directory configurable. (jortel@xxxxxxxxxx)
- Add Broker.touch() and rename Topic.binding(). (jortel@xxxxxxxxxx)
- Better support for durable topic subscription.  Queue bindings to specified
  exchanges. (jortel@xxxxxxxxxx)
* Fri Mar 16 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.67-1
- Add (trace) attribute to propagated exceptions. (jortel@xxxxxxxxxx)
- Add traceback info to propagated exceptions as: Exception.trace.
  (jortel@xxxxxxxxxx)
- Add support for __getitem__ in container and stub. (jortel@xxxxxxxxxx)
- Refactor to crypto (delegate) interface. (jortel@xxxxxxxxxx)
- Support multiple security decorators. (jortel@xxxxxxxxxx)
- perf: asynchronous ack(); tcp_nodelay. (jortel@xxxxxxxxxx)
- Rename 'delayed/trigger' policy property to match option. (jortel@xxxxxxxxxx)
- Rename 'delayed' option to: 'trigger'. (jortel@xxxxxxxxxx)
- option 'delayed' implies asynchronous RMI. (jortel@xxxxxxxxxx)
- fix for tito compat. (jortel@xxxxxxxxxx)
- bridge: clean debug prints; make gateway a thread. (jortel@xxxxxxxxxx)
- Add tcp bridge (experimental). (jortel@xxxxxxxxxx)
- Add support for delayed trigger asynchronous RMI. (jortel@xxxxxxxxxx)
- Add fedora releaser. (jortel@xxxxxxxxxx)
- support setting producer uuid; HMAC enhancements. (jortel@xxxxxxxxxx)
- rel-eng: rename redhat releaser. (jortel@xxxxxxxxxx)
--------------------------------------------------------------------------------


================================================================================
 innotop-1.9.0-2.fc16 (FEDORA-2012-15497)
 A MySQL and InnoDB monitor program
--------------------------------------------------------------------------------
Update Information:

Update to version 1.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  5 2012 Eduardo Echeverria <echevemaster@xxxxxxxxxxxxxxxxx> 1.9.0-2
- Add BuildRequires
* Fri Sep 21 2012 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> 1.9.0-1
- New Upstream version
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.8.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Jul 10 2012 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 1.8.1-4
- back to original state man3 and man1
* Tue Jul 10 2012 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 1.8.1-3
- remove man3
* Tue Jul 10 2012 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 1.8.1-2
- Change man3 and man1
* Mon Jul  9 2012 Luis Bazán <lbazan@xxxxxxxxxxxxxxxxx> - 1.8.1-1
- New Upstream Version 1.8.1
* Sun Jun 17 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 1.6.0-10
- Perl 5.16 rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 jetty-6.1.26-9.fc16 (FEDORA-2012-15509)
 The Jetty Webserver and Servlet Container
--------------------------------------------------------------------------------
Update Information:

This update fixes a bug that caused jetty user and group to be removed and not recreated during package upgrade and allows default JETTY_PORT to be overridden in jetty.conf.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  5 2012 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 6.1.26-9
- Allow to override the default JETTY_PORT, resolves: rhbz#826551
- Don't delete jetty user on package erase, resolves: rhbz#857708
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #826551 - Allow to override the default JETTY_PORT jetty.conf
        https://bugzilla.redhat.com/show_bug.cgi?id=826551
  [ 2 ] Bug #857708 - missing jetty user
        https://bugzilla.redhat.com/show_bug.cgi?id=857708
--------------------------------------------------------------------------------


================================================================================
 kde-plasma-networkmanagement-0.9.0.5-1.fc16 (FEDORA-2012-15489)
 NetworkManager KDE 4 integration
--------------------------------------------------------------------------------
Update Information:

New stable release 0.9.0.5, for details see http://lamarque-lvs.blogspot.cz/2012/09/plasma-nm-0905.html

--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct  1 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.9.0.5-1
- 0.9.0.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #832893 - Password dialog is missing password field
        https://bugzilla.redhat.com/show_bug.cgi?id=832893
--------------------------------------------------------------------------------


================================================================================
 mdadm-3.2.5-10.fc16 (FEDORA-2012-15485)
 The mdadm program controls Linux md devices (software RAID arrays)
--------------------------------------------------------------------------------
Update Information:

This is an update to the mdadm package.

This update clarifies some issues around licenses in the source code files. There are no code changes compared to the prior release.

All users of mdadm are encouraged to upgrade.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  3 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.5-10
- Fix mistake where Fedora 18 systemd macro changes were incorrectly
  pulled into the Fedora 16 and Fedora 17 updates of mdadm.
* Wed Oct  3 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.5-9
- Resolve issue with ambiguous licenses
- Resolves bz862761
* Mon Sep 10 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.5-8
- Switch to using new systemd macros for F18+
- Resolves bz850202
* Thu Aug  2 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.5-7
- Remove bogus rogue patch applied in 3.2.5-5 with justification and
  without following the structure of the mdadm package.
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 18 2012 Karsten Hopp <karsten@xxxxxxxxxx> 3.2.5-5
- include <linux/types.h> in some to avoid type clashes.
  same problem as rhbz #840902
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #862761 - Source file license ambiguities
        https://bugzilla.redhat.com/show_bug.cgi?id=862761
--------------------------------------------------------------------------------


================================================================================
 oxygen-gtk2-1.3.1-1.fc16 (FEDORA-2012-15503)
 Oxygen GTK+2 theme
--------------------------------------------------------------------------------
Update Information:

oxygen-gtk2-v1.3.1,  oxygen-gtk3-v1.1.1

- thread-proof timers used for transitions and animations
- Safer code for Groupbox appearance
- proper rendering of flat GtkEntries
- honor custom color for menu background
- more testing options for the demo application

See https://projects.kde.org/news/170
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  5 2012 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1.3.1-1
- oxygen-gtk2-1.3.1
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #851846 - [abrt] nntpgrab-gui-0.7.2-1.fc17: gtk_widget_compute_expand: Process /usr/bin/nntpgrab_gui was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=851846
--------------------------------------------------------------------------------


================================================================================
 oxygen-gtk3-1.1.1-1.fc16 (FEDORA-2012-15503)
 Oxygen GTK+3 theme
--------------------------------------------------------------------------------
Update Information:

oxygen-gtk2-v1.3.1,  oxygen-gtk3-v1.1.1

- thread-proof timers used for transitions and animations
- Safer code for Groupbox appearance
- proper rendering of flat GtkEntries
- honor custom color for menu background
- more testing options for the demo application

See https://projects.kde.org/news/170
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  5 2012 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1:1.1.1-1
- oxygen-gtk3-1.1.1
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:1.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #851846 - [abrt] nntpgrab-gui-0.7.2-1.fc17: gtk_widget_compute_expand: Process /usr/bin/nntpgrab_gui was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=851846
--------------------------------------------------------------------------------


================================================================================
 perl-HTML-Template-Pro-0.9509-1.fc16 (FEDORA-2012-15482)
 Perl/XS module to use HTML Templates from CGI scripts
--------------------------------------------------------------------------------
Update Information:

This version of HTML::Template::Pro fixes a cross-site scripting (XSS) vulnerability in the module.

http://www.openwall.com/lists/oss-security/2011/12/19/1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct  4 2012 Emmanuel Seyman <emmanuel@xxxxxxxxx> - 0.9509-1
- Update to 0.9509 (CVE-2011-4616, #773453)
- Add default perl filter
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #768822 - CVE-2011-4616 perl-HTML-Template-Pro: XSS issue
        https://bugzilla.redhat.com/show_bug.cgi?id=768822
--------------------------------------------------------------------------------


================================================================================
 python-odict-1.5.0-4.fc16 (FEDORA-2012-15495)
 Ordered dictionary
--------------------------------------------------------------------------------
Update Information:

Version 1.5.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #862853 - Review Request: python-odict - Ordered dictionary
        https://bugzilla.redhat.com/show_bug.cgi?id=862853
--------------------------------------------------------------------------------


================================================================================
 ruby-1.8.7.358-4.fc16 (FEDORA-2012-15507)
 An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:

Some security flaws were found on ruby currently shipped on Fedora 17 where malicious user can bypass safe mechanize by raising exception intentionally and make arbitrary strings tainted. This flaw were now registered as CVE-2012-4464 and CVE-2012-4466.

Note that CVE-2012-4464 is basically the same as CVE-2011-1005, which was supposed to be already fixed on ruby 1.8.x branch but it proved that the fix was incomplete.

This new rpm will fix the above issue.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct  4 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.358-4
- Also backport fix for the left part of CVE-2011-1005 (causing the
  same issue as CVE-2012-4464)
  (Vít Ondruch <vondruch@xxxxxxxxxx>)
* Thu Oct  4 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.358-3
- Backport fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #862907 - CVE-2012-4464 CVE-2012-4466 ruby: various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=862907
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux