The following Fedora 16 Security updates need testing: Age URL 89 https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16 14 https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2012-15098/openstack-swift-1.4.8-3.fc16 61 https://admin.fedoraproject.org/updates/FEDORA-2012-11526/dokuwiki-0-0.11.20120125.b.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16 92 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 12 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 18 https://admin.fedoraproject.org/updates/FEDORA-2012-14126/dbus-1.4.10-4.fc16 10 https://admin.fedoraproject.org/updates/FEDORA-2012-14707/openjpeg-1.4-14.fc16 17 https://admin.fedoraproject.org/updates/FEDORA-2012-14322/pcp-3.6.8-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15482/perl-HTML-Template-Pro-0.9509-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15507/ruby-1.8.7.358-4.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15485/mdadm-3.2.5-10.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2012-15325/kernel-3.4.12-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16 5 https://admin.fedoraproject.org/updates/FEDORA-2012-15131/mysql-5.5.28-1.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2012-15090/nss-3.13.5-2.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-14958/libfm-1.0.1-1.fc16,pcmanfm-1.0.1-1.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16 13 https://admin.fedoraproject.org/updates/FEDORA-2012-14626/qrencode-3.3.1-4.fc16 The following builds have been pushed to Fedora 16 updates-testing fence-agents-3.1.10-1.fc16 gofer-0.74-1.fc16 innotop-1.9.0-2.fc16 jetty-6.1.26-9.fc16 kde-plasma-networkmanagement-0.9.0.5-1.fc16 mdadm-3.2.5-10.fc16 oxygen-gtk2-1.3.1-1.fc16 oxygen-gtk3-1.1.1-1.fc16 perl-HTML-Template-Pro-0.9509-1.fc16 python-odict-1.5.0-4.fc16 ruby-1.8.7.358-4.fc16 Details about builds: ================================================================================ fence-agents-3.1.10-1.fc16 (FEDORA-2012-15486) Fence Agents for Red Hat Cluster -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Marek Grac <mgrac@xxxxxxxxxx> - 3.1.10-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ gofer-0.74-1.fc16 (FEDORA-2012-15494) A lightweight, extensible python agent -------------------------------------------------------------------------------- Update Information: Update to gofer 0.74. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.74-1 - Make watchdog journal object configurable; watchdog singleton by URL only. (jortel@xxxxxxxxxx) * Thu Sep 13 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.73-1 - Progress reporting enhancements. (jortel@xxxxxxxxxx) - Add for debugging w/o running as root. (jortel@xxxxxxxxxx) * Mon Aug 20 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.72-1 - Add unit tests: watchdog test. (jortel@xxxxxxxxxx) - Add man page for goferd. (jortel@xxxxxxxxxx) - Replace BlackList with python set. (jortel@xxxxxxxxxx) - Add progress reporting; watchdog enhancements. (jortel@xxxxxxxxxx) - remove f15 and add f18 to tito releaser. (jortel@xxxxxxxxxx) * Tue Jul 31 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.71-1 - Port ruby-gofer to rubygem-qpid. (jortel@xxxxxxxxxx) - Make /usr/share/gofer/plugins the primary plugin location. Based on fedora packaging guidelines referencing FHS standards. (jortel@xxxxxxxxxx) - Discontinue {_libdir} macro for plugins. (jortel@xxxxxxxxxx) * Tue Jun 12 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.70-1 - Refit mocks for reparent of Envelope & Options to (object). (jortel@xxxxxxxxxx) * Fri Jun 8 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.69-1 - 829767 - fix simplejons 2.2+ issue (fedora 17). Envelope/Options rebased on object rather than dict. (jortel@xxxxxxxxxx) - Add whiteboard. (jortel@xxxxxxxxxx) - Fixed 'Undefined variable (s) in XBindings.__bindings(). (jortel@xxxxxxxxxx) * Thu Apr 26 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.68-1 - Refit watchdog plugin; set journal location; skip directories in journal dir. (jortel@xxxxxxxxxx) - Make the watchdog journal directory configurable. (jortel@xxxxxxxxxx) - Add Broker.touch() and rename Topic.binding(). (jortel@xxxxxxxxxx) - Better support for durable topic subscription. Queue bindings to specified exchanges. (jortel@xxxxxxxxxx) * Fri Mar 16 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.67-1 - Add (trace) attribute to propagated exceptions. (jortel@xxxxxxxxxx) - Add traceback info to propagated exceptions as: Exception.trace. (jortel@xxxxxxxxxx) - Add support for __getitem__ in container and stub. (jortel@xxxxxxxxxx) - Refactor to crypto (delegate) interface. (jortel@xxxxxxxxxx) - Support multiple security decorators. (jortel@xxxxxxxxxx) - perf: asynchronous ack(); tcp_nodelay. (jortel@xxxxxxxxxx) - Rename 'delayed/trigger' policy property to match option. (jortel@xxxxxxxxxx) - Rename 'delayed' option to: 'trigger'. (jortel@xxxxxxxxxx) - option 'delayed' implies asynchronous RMI. (jortel@xxxxxxxxxx) - fix for tito compat. (jortel@xxxxxxxxxx) - bridge: clean debug prints; make gateway a thread. (jortel@xxxxxxxxxx) - Add tcp bridge (experimental). (jortel@xxxxxxxxxx) - Add support for delayed trigger asynchronous RMI. (jortel@xxxxxxxxxx) - Add fedora releaser. (jortel@xxxxxxxxxx) - support setting producer uuid; HMAC enhancements. (jortel@xxxxxxxxxx) - rel-eng: rename redhat releaser. (jortel@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ innotop-1.9.0-2.fc16 (FEDORA-2012-15497) A MySQL and InnoDB monitor program -------------------------------------------------------------------------------- Update Information: Update to version 1.9.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Eduardo Echeverria <echevemaster@xxxxxxxxxxxxxxxxx> 1.9.0-2 - Add BuildRequires * Fri Sep 21 2012 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> 1.9.0-1 - New Upstream version * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.8.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jul 10 2012 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 1.8.1-4 - back to original state man3 and man1 * Tue Jul 10 2012 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 1.8.1-3 - remove man3 * Tue Jul 10 2012 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 1.8.1-2 - Change man3 and man1 * Mon Jul 9 2012 Luis Bazán <lbazan@xxxxxxxxxxxxxxxxx> - 1.8.1-1 - New Upstream Version 1.8.1 * Sun Jun 17 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 1.6.0-10 - Perl 5.16 rebuild * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ jetty-6.1.26-9.fc16 (FEDORA-2012-15509) The Jetty Webserver and Servlet Container -------------------------------------------------------------------------------- Update Information: This update fixes a bug that caused jetty user and group to be removed and not recreated during package upgrade and allows default JETTY_PORT to be overridden in jetty.conf. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 6.1.26-9 - Allow to override the default JETTY_PORT, resolves: rhbz#826551 - Don't delete jetty user on package erase, resolves: rhbz#857708 -------------------------------------------------------------------------------- References: [ 1 ] Bug #826551 - Allow to override the default JETTY_PORT jetty.conf https://bugzilla.redhat.com/show_bug.cgi?id=826551 [ 2 ] Bug #857708 - missing jetty user https://bugzilla.redhat.com/show_bug.cgi?id=857708 -------------------------------------------------------------------------------- ================================================================================ kde-plasma-networkmanagement-0.9.0.5-1.fc16 (FEDORA-2012-15489) NetworkManager KDE 4 integration -------------------------------------------------------------------------------- Update Information: New stable release 0.9.0.5, for details see http://lamarque-lvs.blogspot.cz/2012/09/plasma-nm-0905.html -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 1 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.9.0.5-1 - 0.9.0.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #832893 - Password dialog is missing password field https://bugzilla.redhat.com/show_bug.cgi?id=832893 -------------------------------------------------------------------------------- ================================================================================ mdadm-3.2.5-10.fc16 (FEDORA-2012-15485) The mdadm program controls Linux md devices (software RAID arrays) -------------------------------------------------------------------------------- Update Information: This is an update to the mdadm package. This update clarifies some issues around licenses in the source code files. There are no code changes compared to the prior release. All users of mdadm are encouraged to upgrade. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.5-10 - Fix mistake where Fedora 18 systemd macro changes were incorrectly pulled into the Fedora 16 and Fedora 17 updates of mdadm. * Wed Oct 3 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.5-9 - Resolve issue with ambiguous licenses - Resolves bz862761 * Mon Sep 10 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.5-8 - Switch to using new systemd macros for F18+ - Resolves bz850202 * Thu Aug 2 2012 Jes Sorensen <Jes.Sorensen@xxxxxxxxxx> - 3.2.5-7 - Remove bogus rogue patch applied in 3.2.5-5 with justification and without following the structure of the mdadm package. * Fri Jul 27 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed Jul 18 2012 Karsten Hopp <karsten@xxxxxxxxxx> 3.2.5-5 - include <linux/types.h> in some to avoid type clashes. same problem as rhbz #840902 -------------------------------------------------------------------------------- References: [ 1 ] Bug #862761 - Source file license ambiguities https://bugzilla.redhat.com/show_bug.cgi?id=862761 -------------------------------------------------------------------------------- ================================================================================ oxygen-gtk2-1.3.1-1.fc16 (FEDORA-2012-15503) Oxygen GTK+2 theme -------------------------------------------------------------------------------- Update Information: oxygen-gtk2-v1.3.1, oxygen-gtk3-v1.1.1 - thread-proof timers used for transitions and animations - Safer code for Groupbox appearance - proper rendering of flat GtkEntries - honor custom color for menu background - more testing options for the demo application See https://projects.kde.org/news/170 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1.3.1-1 - oxygen-gtk2-1.3.1 * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #851846 - [abrt] nntpgrab-gui-0.7.2-1.fc17: gtk_widget_compute_expand: Process /usr/bin/nntpgrab_gui was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=851846 -------------------------------------------------------------------------------- ================================================================================ oxygen-gtk3-1.1.1-1.fc16 (FEDORA-2012-15503) Oxygen GTK+3 theme -------------------------------------------------------------------------------- Update Information: oxygen-gtk2-v1.3.1, oxygen-gtk3-v1.1.1 - thread-proof timers used for transitions and animations - Safer code for Groupbox appearance - proper rendering of flat GtkEntries - honor custom color for menu background - more testing options for the demo application See https://projects.kde.org/news/170 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1:1.1.1-1 - oxygen-gtk3-1.1.1 * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:1.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #851846 - [abrt] nntpgrab-gui-0.7.2-1.fc17: gtk_widget_compute_expand: Process /usr/bin/nntpgrab_gui was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=851846 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-Template-Pro-0.9509-1.fc16 (FEDORA-2012-15482) Perl/XS module to use HTML Templates from CGI scripts -------------------------------------------------------------------------------- Update Information: This version of HTML::Template::Pro fixes a cross-site scripting (XSS) vulnerability in the module. http://www.openwall.com/lists/oss-security/2011/12/19/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 4 2012 Emmanuel Seyman <emmanuel@xxxxxxxxx> - 0.9509-1 - Update to 0.9509 (CVE-2011-4616, #773453) - Add default perl filter -------------------------------------------------------------------------------- References: [ 1 ] Bug #768822 - CVE-2011-4616 perl-HTML-Template-Pro: XSS issue https://bugzilla.redhat.com/show_bug.cgi?id=768822 -------------------------------------------------------------------------------- ================================================================================ python-odict-1.5.0-4.fc16 (FEDORA-2012-15495) Ordered dictionary -------------------------------------------------------------------------------- Update Information: Version 1.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #862853 - Review Request: python-odict - Ordered dictionary https://bugzilla.redhat.com/show_bug.cgi?id=862853 -------------------------------------------------------------------------------- ================================================================================ ruby-1.8.7.358-4.fc16 (FEDORA-2012-15507) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information: Some security flaws were found on ruby currently shipped on Fedora 17 where malicious user can bypass safe mechanize by raising exception intentionally and make arbitrary strings tainted. This flaw were now registered as CVE-2012-4464 and CVE-2012-4466. Note that CVE-2012-4464 is basically the same as CVE-2011-1005, which was supposed to be already fixed on ruby 1.8.x branch but it proved that the fix was incomplete. This new rpm will fix the above issue. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 4 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.358-4 - Also backport fix for the left part of CVE-2011-1005 (causing the same issue as CVE-2012-4464) (Vít Ondruch <vondruch@xxxxxxxxxx>) * Thu Oct 4 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.7.358-3 - Backport fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch -------------------------------------------------------------------------------- References: [ 1 ] Bug #862907 - CVE-2012-4464 CVE-2012-4466 ruby: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=862907 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test