The following Fedora 17 Security updates need testing: Age URL 4 https://admin.fedoraproject.org/updates/FEDORA-2012-16442/drupal7-7.16-1.fc17 106 https://admin.fedoraproject.org/updates/FEDORA-2012-10391/bcfg2-1.2.3-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2012-16440/Django-1.4.2-1.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2012-16485/xlockmore-5.40-3.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2012-15874/drupal7-feeds-2.0-0.5.alpha6.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2012-15754/phpMyAdmin-3.5.3-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2012-16614/dokuwiki-0-0.14.20121013.fc17 29 https://admin.fedoraproject.org/updates/FEDORA-2012-14650/tor-0.2.2.39-1700.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2012-15842/seamonkey-2.13.1-1.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2012-16048/cobbler-2.4.0-beta2.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2012-16674/viewvc-1.1.15-3.fc17 27 https://admin.fedoraproject.org/updates/FEDORA-2012-14717/openjpeg-1.4-14.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2012-16662/net-snmp-5.7.1-5.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2012-16680/optipng-0.7.4-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2012-16669/kernel-3.6.3-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2012-16163/ssmtp-2.61-19.fc17 33 https://admin.fedoraproject.org/updates/FEDORA-2012-14347/pcp-3.6.8-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2012-16148/python-django-horizon-2012.1.3-1.fc17 109 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2012-16147/icecast-2.3.3-1.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2012-16669/kernel-3.6.3-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2012-16629/libdrm-2.4.39-1.fc17,xorg-x11-drv-intel-2.20.10-2.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2012-16487/mdadm-3.2.5-14.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2012-16429/perl-5.14.3-217.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2012-16363/xcb-proto-1.8-1.fc17,libxcb-1.9-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2012-16238/ntfs-3g-2012.1.15-5.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2012-15978/openldap-2.4.33-2.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2012-15849/python-nss-0.13-0.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2012-15729/pyxdg-0.23-1.fc17 8 https://admin.fedoraproject.org/updates/FEDORA-2012-16091/kde-settings-4.8-22.fc17 61 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 The following builds have been pushed to Fedora 17 updates-testing abi-compliance-checker-1.98.4-1.fc17 ansible-0.8-1.fc17 emacs-24.1-6.fc17 jline2-2.5-7.fc17 kernel-3.6.3-1.fc17 libesedb-20120102-3.fc17 logwatch-7.4.0-18.20120619svn110.fc17 mate-panel-1.4.0-12.fc17 nagios-plugins-lcgdm-0.9.4-1.fc17 net-snmp-5.7.1-5.fc17 onesixtyone-0.3.2-8.fc17 openscap-0.9.1-1.fc17 optipng-0.7.4-1.fc17 php-channel-theseer-1.3-1.fc17 php-zmq-0.6.0-7.20120613git516bd6f.fc17 roundcubemail-0.8.2-1.fc17 tuned-2.0.1-4.fc17 viewvc-1.1.15-3.fc17 wireshark-1.6.11-1.fc17 xautomation-1.07-1.fc17 Details about builds: ================================================================================ abi-compliance-checker-1.98.4-1.fc17 (FEDORA-2012-16661) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 21 2012 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.98.4-1 - Update to latest upstream release. * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.98.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jul 3 2012 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.98.2-1 - Update to latest upstream release. * Tue Jun 19 2012 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.98.1-1 - Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #832644 - abi-compliance-checker-1.98.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=832644 -------------------------------------------------------------------------------- ================================================================================ ansible-0.8-1.fc17 (FEDORA-2012-16670) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Release of 0.8 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 19 2012 Michael DeHaan <michael.dehaan@xxxxxxxxx> - 0.8-0 - Release of 0.8 -------------------------------------------------------------------------------- ================================================================================ emacs-24.1-6.fc17 (FEDORA-2012-16677) GNU Emacs text editor -------------------------------------------------------------------------------- Update Information: Change xorg-x11-fonts-misc dependency to dejavu-sans-mono-fonts -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Karel Klíč <kklic@xxxxxxxxxx> - 1:24.1-6 - Rebuild * Mon Oct 22 2012 Karel Klíč <kklic@xxxxxxxxxx> - 1:24.1-5 - Change xorg-x11-fonts-misc dependency to dejavu-sans-mono-fonts, rhbz#732422 -------------------------------------------------------------------------------- References: [ 1 ] Bug #732422 - emacs doesn't start without font installed https://bugzilla.redhat.com/show_bug.cgi?id=732422 -------------------------------------------------------------------------------- ================================================================================ jline2-2.5-7.fc17 (FEDORA-2012-16667) JLine is a Java library for handling console input -------------------------------------------------------------------------------- Update Information: Fixed OSGi manifest -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 19 2012 Severin Gehwolf <sgehwolf@xxxxxxxxxx> 2.5-7 - Fix OSGi Import-Package header so as to not import non existing org.fusesource.jansi.internal package. * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #868291 - Broken OSGi Import-Package header https://bugzilla.redhat.com/show_bug.cgi?id=868291 -------------------------------------------------------------------------------- ================================================================================ kernel-3.6.3-1.fc17 (FEDORA-2012-16669) The Linux kernel -------------------------------------------------------------------------------- Update Information: Update to Linux 3.6.3. Various fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - 3.6.3-1 - CVE-2012-0957: uts: stack memory leak in UNAME26 (rhbz 862877 864824) - Fix rt2x00 usb reset resume (rhbz 856863) - Linux v3.6.3 * Mon Oct 22 2012 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - Cleanup ARM patches - Add highbank sata patch - add patch to revert ARM misaligned access check to stop kernel OOPS * Sun Oct 21 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Don't enable UDL per Dave Airlie * Thu Oct 18 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Patch to have mac80211 connect with HT20 if HT40 is not allowed (rhbz 866013) - Enable VFIO (rhbz 867152) - Apply patch from Stanislaw Gruszka to fix mac80211 issue (rhbz 862168) - Apply patch to fix iwlwifi crash (rhbz 770484) * Wed Oct 17 2012 Josh Boyer <jwboyer@xxxxxxxxxx> - Enable TCM_VHOST module (rhbz 866984) -------------------------------------------------------------------------------- References: [ 1 ] Bug #862877 - CVE-2012-0957 kernel: uts: stack memory leak in UNAME26 https://bugzilla.redhat.com/show_bug.cgi?id=862877 -------------------------------------------------------------------------------- ================================================================================ libesedb-20120102-3.fc17 (FEDORA-2012-16663) Library to access the Extensible Storage Engine (ESE) Database File (EDB) format -------------------------------------------------------------------------------- Update Information: Adding new package to Fedora. Description: Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc. -------------------------------------------------------------------------------- References: [ 1 ] Bug #822718 - Review Request: libesedb - Library to access the Extensible Storage Engine (ESE) Database File (EDB) format https://bugzilla.redhat.com/show_bug.cgi?id=822718 -------------------------------------------------------------------------------- ================================================================================ logwatch-7.4.0-18.20120619svn110.fc17 (FEDORA-2012-16681) A log file analysis program -------------------------------------------------------------------------------- Update Information: Fix misparsing userhelper log entries that contain additional slashes -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Jan Synáček <jsynacek@xxxxxxxxxx> - 7.4.0-18.20120619svn110 - Add secure-userhelper patch: Fix misparsing userhelper log entries (rhbz#867290) -------------------------------------------------------------------------------- References: [ 1 ] Bug #867290 - Logwatch is misparsing userhelper log entries for hddtemp that specify a device using a name that includes a slash https://bugzilla.redhat.com/show_bug.cgi?id=867290 -------------------------------------------------------------------------------- ================================================================================ mate-panel-1.4.0-12.fc17 (FEDORA-2012-16678) MATE Desktop panel applets -------------------------------------------------------------------------------- Update Information: add requires mate-session-manager -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1.4.0-12 - Remove un-needed %check section * Mon Oct 22 2012 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1.4.0-11 - add requires mate-session-manager - change style for build requirements -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-lcgdm-0.9.4-1.fc17 (FEDORA-2012-16666) Nagios probes to be run remotely against DPM / LFC nodes -------------------------------------------------------------------------------- Update Information: Update for new upstream release. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Ricardo Rocha <ricardo.rocha@xxxxxxx> - 0.9.4-1 - Update for new upstream release * Tue Oct 16 2012 Ricardo Rocha <ricardo.rocha@xxxxxxx> - 0.9.3-1 - Update for new upstream release * Wed Sep 12 2012 Ricardo Rocha <ricardo.rocha@xxxxxxx> - 0.9.2-1 - Added runtime dep on python ldap for dpm-head package -------------------------------------------------------------------------------- ================================================================================ net-snmp-5.7.1-5.fc17 (FEDORA-2012-16662) A collection of SNMP protocol tools and libraries -------------------------------------------------------------------------------- Update Information: This update fixes: * Array index error, leading to out-of heap-based buffer read (CVE-2012-2141) * Size values in hrStorageTable and hrFSTable. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Jan Safranek <jsafrane@xxxxxxxxxx> - 1:5.7.1-5 - fixed units in hrStorageTable and hrFSTable (#789441) - fixed CVE-2012-2141: Array index error, leading to out-of heap-based buffer read -------------------------------------------------------------------------------- References: [ 1 ] Bug #816549 - Array index error, leading to out-of heap-based buffer read (snmpd crash) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=816549 [ 2 ] Bug #789441 - net-snmp reports incorrect used disk space for large filesystems https://bugzilla.redhat.com/show_bug.cgi?id=789441 -------------------------------------------------------------------------------- ================================================================================ onesixtyone-0.3.2-8.fc17 (FEDORA-2012-16668) An efficient SNMP scanner -------------------------------------------------------------------------------- Update Information: Re-adding the onesixtyone package to the distribution after it was orphaned. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 20 2011 Michal Ambroz <rebus at, seznam.cz> - 0.3.2-8 - Ressurect the package for F16/17 -------------------------------------------------------------------------------- References: [ 1 ] Bug #845403 - Review Request: onesixtyone - An efficient SNMP scanner - unretire https://bugzilla.redhat.com/show_bug.cgi?id=845403 -------------------------------------------------------------------------------- ================================================================================ openscap-0.9.1-1.fc17 (FEDORA-2012-16683) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: This is an update to the openscap-0.9.1 release: the http in the check-content-ref/@hrefhref support, the cpedict support, obsoleted the oscap_reporter, send start and finish messages to the syslog, the XCCDF multi-check evaluation support, "oscap oval validate-xml" autodetect a document type, bug fixes -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Petr Lautrbach <plautrba@xxxxxxxxxx> 0.9.1-1 - upgrade * Tue Sep 25 2012 Peter Vrabec <pvrabec@xxxxxxxxxx> 0.9.0-1 - upgrade -------------------------------------------------------------------------------- ================================================================================ optipng-0.7.4-1.fc17 (FEDORA-2012-16680) PNG optimizer and converter -------------------------------------------------------------------------------- Update Information: Update to version 0.7.4. http://optipng.sourceforge.net/history.txt -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Ville Skyttä <ville.skytta@xxxxxx> - 0.7.4-1 - Update to 0.7.4. -------------------------------------------------------------------------------- ================================================================================ php-channel-theseer-1.3-1.fc17 (FEDORA-2012-16679) Adds theseer channel to PEAR -------------------------------------------------------------------------------- Update Information: This package adds the pear.netpirates.net (theseer) channel which allows PEAR packages from this channel to be installed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #866370 - Review Request: php-channel-theseer - Adds theseer channel to PEAR https://bugzilla.redhat.com/show_bug.cgi?id=866370 -------------------------------------------------------------------------------- ================================================================================ php-zmq-0.6.0-7.20120613git516bd6f.fc17 (FEDORA-2012-16665) PHP 0MQ/zmq/zeromq extension -------------------------------------------------------------------------------- Update Information: Rebuild against zeromq3. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Ralph Bean <rbean@xxxxxxxxxx> - 0.6.0-7.20120613git516bd6f - Rebuilt against zeromq3. * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6.0-6.20120613git516bd6f - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ roundcubemail-0.8.2-1.fc17 (FEDORA-2012-16671) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: Latest upstream, better support for patch for CVE-2012-4668 et. al. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 10 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 0.8.2-1 - Latest upstream. * Thu Aug 30 2012 Adam Williamson <awilliam@xxxxxxxxxx> - 0.8.1-2 - correct stray parenthesis in strict patch -------------------------------------------------------------------------------- ================================================================================ tuned-2.0.1-4.fc17 (FEDORA-2012-16682) A dynamic adaptive system tuning daemon -------------------------------------------------------------------------------- Update Information: This is an update that fixed dependencies and powertop2tuned script. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.0.1-4 - Added missing dependencies Resolves: rhbz#811196 - Fixed powertop2tuned profile generation Resolves: rhbz#859672 -------------------------------------------------------------------------------- References: [ 1 ] Bug #811196 - tuned should require python-decorator https://bugzilla.redhat.com/show_bug.cgi?id=811196 [ 2 ] Bug #859672 - powertop2tuned doesnt create profile https://bugzilla.redhat.com/show_bug.cgi?id=859672 -------------------------------------------------------------------------------- ================================================================================ viewvc-1.1.15-3.fc17 (FEDORA-2012-16674) Browser interface for CVS and SVN version control repositories -------------------------------------------------------------------------------- Update Information: Patch CVE-2012-4533. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 1.1.15-3 - patch CVE-2012-4533, bug #868606 * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #868606 - CVE-2012-4533 viewvc 1.1.5 lib/viewvc.py XSS https://bugzilla.redhat.com/show_bug.cgi?id=868606 -------------------------------------------------------------------------------- ================================================================================ wireshark-1.6.11-1.fc17 (FEDORA-2012-16676) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: upgrade to 1.6.11 see http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Peter Hatina <phatina@xxxxxxxxxx> - 1.6.11-1 - upgrade to 1.6.11 - see http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html -------------------------------------------------------------------------------- ================================================================================ xautomation-1.07-1.fc17 (FEDORA-2012-16660) Tools to automate tasks in X, even detecting on screen images -------------------------------------------------------------------------------- Update Information: Add xinput2 device selection support thanks to Victor Beumker. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2012 Mohamed El Morabity <melmorabity@xxxxxxxxxxxxxxxxx> - 1.07-1 - Update to 1.07 -------------------------------------------------------------------------------- References: [ 1 ] Bug #866162 - xautomation-1.07 is available https://bugzilla.redhat.com/show_bug.cgi?id=866162 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test