The following Fedora 18 Security updates need testing: Age URL 14 https://admin.fedoraproject.org/updates/FEDORA-2012-20117/v8-3.13.7.5-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2012-20746/drupal6-6.27-1.fc18,drupal7-7.18-1.fc18 14 https://admin.fedoraproject.org/updates/FEDORA-2012-20179/python-django-1.4.3-1.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2012-20572/freeciv-2.3.3-1.fc18 14 https://admin.fedoraproject.org/updates/FEDORA-2012-20125/webkitgtk-1.10.2-1.fc18,webkitgtk3-1.10.2-1.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2012-20661/exempi-2.2.0-4.fc18 15 https://admin.fedoraproject.org/updates/FEDORA-2012-20032/libvirt-0.10.2.2-1.fc18 18 https://admin.fedoraproject.org/updates/FEDORA-2012-19879/libproxy-0.4.11-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2012-20904/php-symfony2-HttpKernel-2.1.6-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2012-20923/ndjbdns-1.05.5-1.fc18 46 https://admin.fedoraproject.org/updates/FEDORA-2012-17834/cumin-0.1.5522-4.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2012-20943/BackupPC-3.2.1-10.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2012-20589/fail2ban-0.8.8-1.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2012-20936/sendmail-8.14.6-1.fc18 The following builds have been pushed to Fedora 18 updates-testing BackupPC-3.2.1-10.fc18 airrac-1.00.0-1.fc18 conntrack-tools-1.4.0-1.fc18 czmq-1.3.2-1.fc18 erlang-R15B-03.2.fc18 ghc-concrete-typerep-0.1.0.1-4.fc18 mailgraph-1.14-15.fc18 rmol-1.00.0-1.fc18 rubygem-mg-0.0.8-5.1.fc18 sendmail-8.14.6-1.fc18 tomcat-7.0.34-1.fc18 travelccm-1.00.1-1.fc18 Details about builds: ================================================================================ BackupPC-3.2.1-10.fc18 (FEDORA-2012-20943) High-performance backup system -------------------------------------------------------------------------------- Update Information: - cleanup build macros for Fedora - fix deprecated qw messages (partial fix for bz #755076) - CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm (bz #795017, #795018, #795019) - Broken configuration for httpd 2.4 (bz #871353) -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 24 2012 Bernard Johnson <bjohnson@xxxxxxxxxxxx> 3.2.1-10 - cleanup build macros for Fedora - fix deprecated qw messages (partial fix for bz #755076) - CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm (bz #795017, #795018, #795019) - Broken configuration for httpd 2.4 (bz #871353) * Thu Dec 6 2012 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 3.2.1-9 - Fix FTBFS on F-18+ * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #755076 - BackupPC uses syntax deprecated in Perl 5.14 https://bugzilla.redhat.com/show_bug.cgi?id=755076 [ 2 ] Bug #795017 - CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=795017 [ 3 ] Bug #795018 - CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=795018 [ 4 ] Bug #795019 - CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=795019 [ 5 ] Bug #871353 - Broken configuration for httpd 2.4 https://bugzilla.redhat.com/show_bug.cgi?id=871353 -------------------------------------------------------------------------------- ================================================================================ airrac-1.00.0-1.fc18 (FEDORA-2012-20937) C++ Simulated Revenue Accounting (RAC) System Library -------------------------------------------------------------------------------- Update Information: Upstream update -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 25 2012 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> - 1.00.0-1 - Upstream update -------------------------------------------------------------------------------- ================================================================================ conntrack-tools-1.4.0-1.fc18 (FEDORA-2012-20944) Manipulate netfilter connection tracking table and run High Availability -------------------------------------------------------------------------------- Update Information: New major upstream update. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 26 2012 Paul P. Komkoff Jr <i@xxxxxxxxxx> - 1.4.0-1 - new upstream version * Tue Jul 24 2012 Paul P. Komkoff Jr <i@xxxxxxxxxx> - 1.2.1 - new upstream version -------------------------------------------------------------------------------- References: [ 1 ] Bug #693668 - conntrack-tools-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=693668 -------------------------------------------------------------------------------- ================================================================================ czmq-1.3.2-1.fc18 (FEDORA-2012-20935) High-level C binding for 0MQ (ZeroMQ) -------------------------------------------------------------------------------- Update Information: First Fedora build -------------------------------------------------------------------------------- References: [ 1 ] Bug #889351 - Review Request: czmq - High-level C binding for 0MQ (ZeroMQ) https://bugzilla.redhat.com/show_bug.cgi?id=889351 -------------------------------------------------------------------------------- ================================================================================ erlang-R15B-03.2.fc18 (FEDORA-2012-20938) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: * Run make clean before build (to remove pre-built files) * Ver. R15B03 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 25 2012 Peter Lemenkov <lemenkov@xxxxxxxxx> - R15B-03.2 - Run make clean before build (to remove pre-built files) * Fri Dec 21 2012 Peter Lemenkov <lemenkov@xxxxxxxxx> - R15B-03.1 - Ver. R15B03 (actually R15B03-1) -------------------------------------------------------------------------------- References: [ 1 ] Bug #881606 - erlang-15B03 is available https://bugzilla.redhat.com/show_bug.cgi?id=881606 -------------------------------------------------------------------------------- ================================================================================ ghc-concrete-typerep-0.1.0.1-4.fc18 (FEDORA-2012-20945) Binary and Hashable instances for TypeRep -------------------------------------------------------------------------------- Update Information: ghc-concrete-typerep provides Binary and Hashable instances for TypeRep. -------------------------------------------------------------------------------- References: [ 1 ] Bug #855588 - Review Request: ghc-concrete-typerep - Provides Binary and Hashable instances for TypeRep. https://bugzilla.redhat.com/show_bug.cgi?id=855588 -------------------------------------------------------------------------------- ================================================================================ mailgraph-1.14-15.fc18 (FEDORA-2012-20940) A RRDtool frontend for Mail statistics -------------------------------------------------------------------------------- Update Information: updated for httpd 2.4 configuration (bz #871415) -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 24 2012 Bernard Johnson <bjohnson@xxxxxxxxxxxx> - 1.14-15 - updated for httpd 2.4 configuration (bz #871415) -------------------------------------------------------------------------------- References: [ 1 ] Bug #871415 - Broken configuration for httpd 2.4 https://bugzilla.redhat.com/show_bug.cgi?id=871415 -------------------------------------------------------------------------------- ================================================================================ rmol-1.00.0-1.fc18 (FEDORA-2012-20942) C++ library of Revenue Management and Optimisation classes and functions -------------------------------------------------------------------------------- Update Information: Upstream update -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 25 2012 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> 1.00.0-1 - Upstream update -------------------------------------------------------------------------------- ================================================================================ rubygem-mg-0.0.8-5.1.fc18 (FEDORA-2012-20941) Minimalist way to build and publish gems using Rake. Also build tarballs -------------------------------------------------------------------------------- Update Information: Updated the specfile to match current Ruby packaging guidelines. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 25 2012 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.0.8-5.1 - Removed Group fields. - Refactored the specfile to match current Ruby packaging guidelines. -------------------------------------------------------------------------------- ================================================================================ sendmail-8.14.6-1.fc18 (FEDORA-2012-20936) A widely used Mail Transport Agent (MTA) -------------------------------------------------------------------------------- Update Information: Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.14.6. * Fix a regression introduced in 8.14.5: if a server offers two AUTH lines, the MTA would not read them after STARTTLS has been used and hence SMTP AUTH for the client side would fail. Problem noted by Lena. * Do not cache hostnames internally in a non case sensitive way as that may cause addresses to change from lower case to upper case or vice versa. These header modifications can cause problems with milters that rely on receiving headers in the same way as they are being sent out such as a DKIM signing milter. * If MaxQueueChildren is set then it was possible that new queue runners could not be started anymore because an internal counter was subject to a race condition. * If a milter decreases the timeout it waits for a communication with the MTA, the MTA might experience a write() timeout. In some situations, the resulting error might have been ignored. Problem noted by Werner Wiethege. Note: decreasing the communication timeout in a milter should not be done without considering the potential problems. * smfi_setsymlist() now properly sets the list of macros for the milter which invoked it, instead of a global list for all milters. Problem reported by David Shrimpton of the University of Queensland. * If Timeout.resolver.retrans is set to a value larger than 20, then resolver.retry was temporarily set to 0 for gethostbyaddr() lookups. Now it is set to 1 instead. Patch from Peter. * If sendmail could not lock the statistics file due to a system error, and sendmail later sends a DSN for a mail that triggered such an error, then sendmail tried to access memory that was freed before (causing a crash on some systems). Problem reported by Ryan Stone. * Do not log negative values for size= nor pri= to avoid confusing log parsers, instead limit the values to LONG_MAX. * Account for an API change in newer versions of Cyrus-SASL. Patch from Hajimu UMEMOTO from FreeBSD. * Do not try to resolve link-local addresses for IPv4 (just as it is done for IPv6). Patch from John Beck of Oracle. * Improve logging of client and server STARTTLS connection failures that may be due to incompatible cipher lists by including the reason for the failure in a single log line. Suggested by James Carey of Boeing. * Portability: Add support for Darwin 11.x and 12.x (Mac OS X 10.7 and 10.8). Add support for SunOS 5.12 (aka Solaris 12). Patch from John Beck of Oracle. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 24 2012 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 8.14.6-1 - Upgrade to 8.14.6 -------------------------------------------------------------------------------- ================================================================================ tomcat-7.0.34-1.fc18 (FEDORA-2012-20939) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API -------------------------------------------------------------------------------- Update Information: - Updated to 7.0.34 - ecj >= 4.2.1 now required - Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 24 2012 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> 0:7.0.34-1 - Updated to 7.0.34 - ecj >= 4.2.1 now required - Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME * Fri Dec 7 2012 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> 0:7.0.33-2 - Resolves: rhbz 883806 refix logdir ownership * Sun Dec 2 2012 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> 0:7.0.33-1 - Updated to 7.0.33 - Resolves: rhbz 873620 need chkconfig for update-alternatives -------------------------------------------------------------------------------- References: [ 1 ] Bug #886013 - tomcat-7.0.34 is available https://bugzilla.redhat.com/show_bug.cgi?id=886013 [ 2 ] Bug #889395 - Tomcat adds colon to the beginning of the classpath; problem with automount https://bugzilla.redhat.com/show_bug.cgi?id=889395 -------------------------------------------------------------------------------- ================================================================================ travelccm-1.00.1-1.fc18 (FEDORA-2012-20934) C++ Travel Customer Choice Model (CCM) Library -------------------------------------------------------------------------------- Update Information: Upstream update -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 23 2012 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> - 1.00.1-1 - Upstream update -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test