The following Fedora 16 Security updates need testing: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2013-0723/thunderbird-17.0.2-1.fc16 32 https://admin.fedoraproject.org/updates/FEDORA-2012-20156/389-ds-base-1.2.10.24-1.fc16 32 https://admin.fedoraproject.org/updates/FEDORA-2012-20157/libproxy-0.4.11-1.fc16 112 https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2013-0468/proftpd-1.3.4b-4.fc16 31 https://admin.fedoraproject.org/updates/FEDORA-2012-20236/rssh-2.3.4-1.fc16 190 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 110 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2013-0225/pl-5.10.2-9.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2013-0244/rubygem-activerecord-3.0.10-4.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-0640/moin-1.9.6-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-0633/perl-5.14.3-205.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2013-0477/gnupg-1.4.13-2.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-19347/cups-1.5.4-12.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2013-0222/gnupg2-2.0.19-7.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2013-0269/drupal7-context-3.0-0.3.beta6.fc16 10 https://admin.fedoraproject.org/updates/FEDORA-2013-0061/php-ZendFramework-1.12.1-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2013-0270/qt-4.8.4-6.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-0686/rubygem-actionpack-3.0.10-10.fc16,rubygem-activerecord-3.0.10-5.fc16,rubygem-activesupport-3.0.10-5.fc16,rubygem-activemodel-3.0.10-2.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2013-0633/perl-5.14.3-205.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-0723/thunderbird-17.0.2-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-0632/perl-5.14.3-204.fc16 The following builds have been pushed to Fedora 16 updates-testing duff-0.5.2-5.fc16 fritzing-0.7.11b-2.fc16 gfal-1.14.0-1.fc16 gfal2-2.1.1-0.fc16 html-xml-utils-6.3-1.fc16 jreen-1.1.1-1.fc16 kernel-3.6.11-4.fc16 lua-lgi-0.6.2-5.fc16 mate-control-center-1.5.2-2.fc16 mate-window-manager-1.5.2-11.fc16 moin-1.9.6-1.fc16 munin-2.0.10-1.fc16 nagios-plugins-openmanage-3.7.9-1.fc16 opendkim-2.7.4-1.fc16 perl-5.14.3-204.fc16 perl-5.14.3-205.fc16 php-horde-Horde-Cli-2.0.2-1.fc16 php-horde-Horde-Date-2.0.2-1.fc16 php-horde-Horde-Exception-2.0.2-1.fc16 php-horde-Horde-Nls-2.0.2-1.fc16 php-horde-Horde-Util-2.0.3-1.fc16 php-voms-admin-0.6.7-1.fc16 pylint-0.26.0-1.fc16 python-boto-2.5.2-3.fc16 python-fedora-0.3.30-1.fc16 python-logilab-astng-0.24.1-1.fc16 python-logilab-common-0.58.3-1.fc16 rubygem-actionpack-3.0.10-10.fc16 rubygem-activemodel-3.0.10-2.fc16 rubygem-activerecord-3.0.10-5.fc16 rubygem-activesupport-3.0.10-5.fc16 shellinabox-2.14-19.git88822c1f.fc16 srm-ifce-1.14.0-1.fc16 thunderbird-17.0.2-1.fc16 wordpress-3.5-3.fc16 zathura-djvu-0.2.1-2.fc16 Details about builds: ================================================================================ duff-0.5.2-5.fc16 (FEDORA-2013-0644) Quickly find duplicate files -------------------------------------------------------------------------------- Update Information: duff 0.5.2 - Fix issues with dirs. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 25 2012 Eduardo Echeverria <echevemaster@xxxxxxxxx> - 0.5.2-5 - Added %{datadir}/duff to spec - Remove non-existent tests -------------------------------------------------------------------------------- References: [ 1 ] Bug #857639 - Review Request: duff - Quickly find duplicate files https://bugzilla.redhat.com/show_bug.cgi?id=857639 -------------------------------------------------------------------------------- ================================================================================ fritzing-0.7.11b-2.fc16 (FEDORA-2013-0623) Electronic Design Automation software; from prototype to product -------------------------------------------------------------------------------- Update Information: This release fixes a **startup crash** that seems to have appeared with a recent update of qt. It also backports a fix from upstream (see bug tracker link below) that corrects problems due to a pre-generated parts sqlite database not being available. Upstream bug tracker links for included patches: * No parts.db available: http://code.google.com/p/fritzing/issues/detail?id=2358 * Relative paths in new panelizer off by one: http://code.google.com/p/fritzing/issues/detail?id=2365 * Remove auto-update functionality: http://code.google.com/p/fritzing/issues/detail?id=2366 * Don't use packaged libraries: http://code.google.com/p/fritzing/issues/detail?id=2367 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 8 2013 Ed Marshall <esm@xxxxxxxxx> - 0.7.11b-2 - Backport upstream patch for gracefully handling missing parts database. * Mon Jan 7 2013 Ed Marshall <esm@xxxxxxxxx> - 0.7.11b-1 - Updated to 0.7.11b release. * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.5b-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jul 3 2012 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 0.7.5b-1 - Updated to 0.7.5b release. - Update patches - Cleanup and modernise spec -------------------------------------------------------------------------------- References: [ 1 ] Bug #852568 - [abrt] fritzing-0.7.5b-1.fc17: Process /usr/bin/Fritzing was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=852568 [ 2 ] Bug #892556 - fritzing-0.7.11b is available https://bugzilla.redhat.com/show_bug.cgi?id=892556 -------------------------------------------------------------------------------- ================================================================================ gfal-1.14.0-1.fc16 (FEDORA-2013-0650) Grid File access library -------------------------------------------------------------------------------- Update Information: Update 1.14.0-1 for fix of LCGUTIL-82 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 8 2013 Adrien Devresse <adevress at cern.ch> - 1.14.0-1 - fix for LCGUTIL-82 * Thu Nov 29 2012 Adrien Devresse <adevress at cern.ch> - 1.14.0 - correction of a warning message in lcg-util LCGUTIL-47 - change default srm timeout to 3600 seconds LCGUTIL-180 * Thu Sep 13 2012 Adrien Devresse <adevress at cern.ch> - 1.13.9-0 - fix the emi wn conflict between 32bits version and 64bits version -------------------------------------------------------------------------------- ================================================================================ gfal2-2.1.1-0.fc16 (FEDORA-2013-0662) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information: Update 2.1.1 of GFAL 2.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Adrien Devresse <adevress at cern.ch> - 2.1.1-0 - fix a minor memory issue with the gfal_transfer stack - fix a wrong error report problem with srm third party copy * Wed Dec 5 2012 Adrien Devresse <adevress at cern.ch> - 2.1.0-2 - fix an issue this surl to turl resolution for SRM third party copy * Fri Nov 30 2012 Adrien Devresse <adevress at cern.ch> - 2.1.0-0 - One-globus session system for gsiftp plugin ( FTS 3.0 need ) - correct a major issue with the gass attribute system in gsiftp plugin - change the lfc set/get env var for a one compatible with set/get opt - add set/nb streams option for gsiftp - add the mkdir rec function for SRM transfer - correct an issue with opendir and srm_ls ( ENOTDIR error silent ) - correct a memory leak in the cache system - correct timeout support for gsiftp transfer - implement tcp buffer size support for gsiftp layer - apply a correction on the SRM over-write logic, related to a BeStMan errcode problem on File Not Found with srmRm ( EOS ) - apply a fix on the transfer gsiftp timeout ( protection against multiple cancel ) - fix for SRM filesize problem ( defined to 0, workaround ) related to globus 426 error bad filesize - secure the callback system for globus gass timeout - base implementation of the http plugin - improve reliability of the bdii resolution - add a fallback mechanism in case of bdii bad resolution - correct several race conditions in the bdii layer - add thread safe support for set/get variables in liblfc - correct a deadlock problem with globus and gisftp plugin - implement the mkdir_rec logic for general purpose - implement the parent folder creation logic with gridftp - add support for lfc://host/path URL style for the lfc plugin - switch off_t to 64bits size by default ( _FILE_OFFSET_BITS=64) - provide a "nobdii" like option - provide the choice of turl protocol resolution for srm plugin -------------------------------------------------------------------------------- ================================================================================ html-xml-utils-6.3-1.fc16 (FEDORA-2013-0617) A number of simple utilities for manipulating HTML and XML files -------------------------------------------------------------------------------- Update Information: -See http://www.w3.org/Tools/HTML-XML-utils/ChangeLog for changes. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Miloš Jakubíček <xjakub@xxxxxxxxxx> - 6.3-1 - Update to 6.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #893911 - html-xml-utils-6.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=893911 -------------------------------------------------------------------------------- ================================================================================ jreen-1.1.1-1.fc16 (FEDORA-2013-0683) Qt XMPP Library -------------------------------------------------------------------------------- Update Information: New upstream bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 8 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.1.1-1 - jreen-1.1.1 * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ kernel-3.6.11-4.fc16 (FEDORA-2013-0651) The Linux kernel -------------------------------------------------------------------------------- Update Information: Bugfixes for a few issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 8 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - 3.6.11-4 - Add patch to fix shutdown on some machines (rhbz 890547) * Fri Jan 4 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - Fix oops on aoe module removal (rhbz 853064) * Wed Jan 2 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - Fix autofs issue in 3.6 (rhbz 874372) -------------------------------------------------------------------------------- References: [ 1 ] Bug #890547 - The system restarts when doing a shutdown https://bugzilla.redhat.com/show_bug.cgi?id=890547 [ 2 ] Bug #853064 - List_del corruption when removing the module AOE https://bugzilla.redhat.com/show_bug.cgi?id=853064 [ 3 ] Bug #874372 - kernel-3.6... updates break autofs (and consequently shutdown/reboot) https://bugzilla.redhat.com/show_bug.cgi?id=874372 -------------------------------------------------------------------------------- ================================================================================ lua-lgi-0.6.2-5.fc16 (FEDORA-2013-0680) Lua bindings to GObject libraries -------------------------------------------------------------------------------- Update Information: LGI is gobject-introspection based dynamic Lua binding to GObject based libraries. It allows using GObject-based libraries directly from Lua. -------------------------------------------------------------------------------- References: [ 1 ] Bug #889901 - Review Request: lua-lgi - Lua bindings to GObject libraries https://bugzilla.redhat.com/show_bug.cgi?id=889901 -------------------------------------------------------------------------------- ================================================================================ mate-control-center-1.5.2-2.fc16 (FEDORA-2013-0629) MATE Desktop control-center -------------------------------------------------------------------------------- Update Information: Various bugfixes for gsettings/window prefs. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 11 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.2-2 - Switch back to old BR scheme. - Drop unneeded BR's - Add upstream patch to fix tielbar actions * Fri Dec 21 2012 Nelson Marques <nmarques@xxxxxxxxxxxxxxxxx> - 1.5.2-1 - Update to version 1.5.2 so we can receive mate-panel 1.5.3 - Remove dropped BRs: MateCORBA-2.0 - Split out libslab (now distributed) - Minor rework for readibility and ordered BuildRequires -------------------------------------------------------------------------------- References: [ 1 ] Bug #889789 - Changing the Titlebar Action has no effect https://bugzilla.redhat.com/show_bug.cgi?id=889789 -------------------------------------------------------------------------------- ================================================================================ mate-window-manager-1.5.2-11.fc16 (FEDORA-2013-0672) MATE Desktop window manager -------------------------------------------------------------------------------- Update Information: Various bugfixes for gsettings/window prefs. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 11 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.2-11 - Convert back to old BR format - Drop unneeded BRs - Own directories that are supposed to be owned (marco-1) - Fix missing "X-Mate" category. - Add gsettings data convert file for users upgrading from 1.4 - Fix update of gsettings enum preferences * Mon Dec 10 2012 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.2-10 - Rebuild for ARM -------------------------------------------------------------------------------- References: [ 1 ] Bug #889789 - Changing the Titlebar Action has no effect https://bugzilla.redhat.com/show_bug.cgi?id=889789 -------------------------------------------------------------------------------- ================================================================================ moin-1.9.6-1.fc16 (FEDORA-2013-0640) MoinMoin is a WikiEngine to collaborate on easily editable web pages -------------------------------------------------------------------------------- Update Information: Update to 1.9.6. Fixes CVE-2012-6495 For full changes, see: http://hg.moinmo.in/moin/1.9/raw-file/1.9.6/docs/CHANGES -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Kevin Fenzi <kevin@xxxxxxxxx> 1.9.6-1 - Update to 1.9.6. Fixes CVE-2012-6495 - Fix changelog dates. -------------------------------------------------------------------------------- References: [ 1 ] Bug #890902 - CVE-2012-6081 moinmoin: remote code execution vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=890902 [ 2 ] Bug #890903 - CVE-2012-6082 moinmoin: Wiki (XSS in rss link) https://bugzilla.redhat.com/show_bug.cgi?id=890903 [ 3 ] Bug #890904 - CVE-2012-6080 moinmoin: Path traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=890904 -------------------------------------------------------------------------------- ================================================================================ munin-2.0.10-1.fc16 (FEDORA-2013-0663) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information: Update to 2.0.10 plus minor bug fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 9 2013 D. Johnson <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.10-1 - Update to 2.0.10 - BZ# 891940,892377 Only stop/restart services provided by sub-package, not deps. - BZ# 881689 Fix config file so that it no longer references the build host - BZ# 877116 Patch using '&' in the URLs instead of '&' in HTMLConfig * Fri Dec 21 2012 D. Johnson <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.9-4 - Use Makefile.config-dist instead of sed. - BZ# 890246,890247 "su" directive is not used in epel5/6 logrotate -------------------------------------------------------------------------------- References: [ 1 ] Bug #891940 - Cannot uninstall munin-node due to preun assumptions https://bugzilla.redhat.com/show_bug.cgi?id=891940 [ 2 ] Bug #892377 - munin 2.0.8+ has a broken package ownership that prevents uninstall https://bugzilla.redhat.com/show_bug.cgi?id=892377 [ 3 ] Bug #881689 - munin.conf contains reference to fedora project hostname https://bugzilla.redhat.com/show_bug.cgi?id=881689 [ 4 ] Bug #877116 - munin error with XHTML validation - graph detail pages don't display properly https://bugzilla.redhat.com/show_bug.cgi?id=877116 [ 5 ] Bug #890246 - munin has an incorrect entry in its logrotate files https://bugzilla.redhat.com/show_bug.cgi?id=890246 [ 6 ] Bug #890247 - munin has an incorrect entry in its logrotate files https://bugzilla.redhat.com/show_bug.cgi?id=890247 -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-openmanage-3.7.9-1.fc16 (FEDORA-2013-0699) Nagios plugin to monitor hardware health on Dell servers -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Trond Hasle Amundsen <t.h.amundsen@xxxxxxxxxxx> - 3.7.9-1 - Upstream release 3.7.9 -------------------------------------------------------------------------------- ================================================================================ opendkim-2.7.4-1.fc16 (FEDORA-2013-0628) A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail -------------------------------------------------------------------------------- Update Information: This is a collection of minor bug fixes. Upgrade is required only if there is something in the release that fixes a pain point you're having at your site. -Fix bug #SF3596147: Allow arbitrarily long configuration file lines. Based on a patch from Daniel Black. - Fix bug #SF3596229: Fix logging of signature errors, which logged the domain name twice instead of the domain name and the selector. Patch from Daniel Black. - Safely handle incoming Authentication-Results fields with large number of tokens. Problem noted by Motohiro Ishiyama and John Wood. - Avoid mixing up status codes when processing conf_logresults, leading to confusing log entries. Problem reported by John Wood. - Fix ADSP logging. Problem noted by Claus Assmann. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 8 2013 Steve Jenkins <steve stevejenkins com> 2.7.4-1 - Updated to use newer upstream 2.7.4 source code - Added AutoRestart and AutoRestartRate directives to default configuration - Changed default SigningTable directive to include refile: for wildcard support -------------------------------------------------------------------------------- ================================================================================ perl-5.14.3-204.fc16 (FEDORA-2013-0632) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information: App::Cpan(3pm) manual page was included in two subpackages by mistake. This release keeps the file in perl-CPAN package only. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 4:5.14.3-204 - Do not package App::Cpan(3pm) to perl-Test-Harness (bug #893768) -------------------------------------------------------------------------------- References: [ 1 ] Bug #893768 - /usr/share/man/man3/App::Cpan.3pm.gz is duplicated between perl-CPAN and perl-Test-Harness https://bugzilla.redhat.com/show_bug.cgi?id=893768 -------------------------------------------------------------------------------- ================================================================================ perl-5.14.3-205.fc16 (FEDORA-2013-0633) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information: Fix Locale::Maketext vulnerability allowing to cross-call functions from message catalogs (CVE-2012-6329). -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 11 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 4:5.14.3-205 - Fix CVE-2012-6329 (misparsing of maketext strings) (bug #884354) * Thu Jan 10 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 4:5.14.3-204 - Do not package App::Cpan(3pm) to perl-Test-Harness (bug #893768) -------------------------------------------------------------------------------- References: [ 1 ] Bug #884354 - CVE-2012-6329 perl: possible arbitrary code execution via Locale::Maketext https://bugzilla.redhat.com/show_bug.cgi?id=884354 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Cli-2.0.2-1.fc16 (FEDORA-2013-0714) Horde Command Line Interface API -------------------------------------------------------------------------------- Update Information: Update to latest versions -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 11 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 2.0.2-1 - Update to 2.0.2 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Date-2.0.2-1.fc16 (FEDORA-2013-0714) Horde Date package -------------------------------------------------------------------------------- Update Information: Update to latest versions -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 11 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 2.0.2-1 - Update to 2.0.2 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Exception-2.0.2-1.fc16 (FEDORA-2013-0714) Horde Exception Handler -------------------------------------------------------------------------------- Update Information: Update to latest versions -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 11 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 2.0.2-1 - Update to 2.0.2 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Nls-2.0.2-1.fc16 (FEDORA-2013-0714) Native Language Support (NLS) -------------------------------------------------------------------------------- Update Information: Update to latest versions -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 11 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 2.0.2-1 - Update to 2.0.2 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Util-2.0.3-1.fc16 (FEDORA-2013-0714) Horde Utility Libraries -------------------------------------------------------------------------------- Update Information: Update to latest versions -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 11 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 2.0.3-1 - update to 2.0.3 -------------------------------------------------------------------------------- ================================================================================ php-voms-admin-0.6.7-1.fc16 (FEDORA-2013-0719) Web based interface to control VOMS parameters written in PHP -------------------------------------------------------------------------------- Update Information: New upstream release. Adds support for Apache 2.4 configuration changes. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 8 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 0.6.7-1 - Update to released version 0.6.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #871454 - Broken configuration for httpd 2.4 https://bugzilla.redhat.com/show_bug.cgi?id=871454 -------------------------------------------------------------------------------- ================================================================================ pylint-0.26.0-1.fc16 (FEDORA-2013-0626) Analyzes Python code looking for bugs and signs of poor quality -------------------------------------------------------------------------------- Update Information: New upstream versions. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Brian C. Lane <bcl@xxxxxxxxxx> 0.26.0-1 - Upstream 0.26.0 - Add python3-pylint and python3-pylint-gui subpackages. Not ready to turn it on yet due to this upstream bug: http://www.logilab.org/ticket/110213 * Fri Aug 3 2012 Brian C. Lane <bcl@xxxxxxxxxx> 0.25.2-1 - Upstream 0.25.2 * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.25.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-boto-2.5.2-3.fc16 (FEDORA-2013-0703) A simple lightweight interface to Amazon Web Services -------------------------------------------------------------------------------- Update Information: This update fixes boto issue 881, which made the instance objects returned by start_instances, stop_instances, and terminate_instances end up with incorrect previous and current states. https://github.com/boto/boto/issues/881 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 8 2013 Garrett Holmstrom <gholms@xxxxxxxxxxxxxxxxx> - 2.5.2-3 - Fixed parsing of current/previous instance state data (boto #881) * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.5.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.3.30-1.fc16 (FEDORA-2013-0616) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: * Added a lookup_email parameter to fedora.client.AccountSystem.gravatar_url() to allow generating gravaar urls without looking up email addresses in fas. * Fixed a bug in fedora.tg.utils.tg_absolute_url() where it was still appending the csrf_token. * Add an auth adapter for flask web apps to authenticate to FAS * New minimum version of python: requires python-2.5 or higher * Fix localization of login templates (laxathom) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.30-1 - Make TG's loginForm and CSRF's text translated from tg-apps (laxathom). - Fix a bug in fedora.tg.utils.tg_absolute_url - Add a lookup email parameter to gravatar lookups - Add an auth provider for flask * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.29-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-logilab-astng-0.24.1-1.fc16 (FEDORA-2013-0626) Python Abstract Syntax Tree New Generation -------------------------------------------------------------------------------- Update Information: New upstream versions. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Brian C. Lane <bcl@xxxxxxxxxx> 0.24.1-1 - Upstream v0.24.1 - Add python3-logilab-astng subpackage to spec. Not ready to turn it on yet due to this upstream bug: http://www.logilab.org/ticket/110213 -------------------------------------------------------------------------------- ================================================================================ python-logilab-common-0.58.3-1.fc16 (FEDORA-2013-0626) Common libraries for Logilab projects -------------------------------------------------------------------------------- Update Information: New upstream versions. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Brian C. Lane <bcl@xxxxxxxxxx> 0.58.3-1 - Upstream 0.58.3 - Add python3-logilab-common subpackage to spec. Not ready to turn it on yet due to this upstream bug: http://www.logilab.org/ticket/110213 -------------------------------------------------------------------------------- ================================================================================ rubygem-actionpack-3.0.10-10.fc16 (FEDORA-2013-0686) Web-flow and rendering framework putting the VC in MVC -------------------------------------------------------------------------------- Update Information: Fix for CVE-2013-0155 and CVE-2013-0156. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 1:3.0.10-6 - Fix for CVE-2013-0155. -------------------------------------------------------------------------------- References: [ 1 ] Bug #892866 - CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails https://bugzilla.redhat.com/show_bug.cgi?id=892866 [ 2 ] Bug #892870 - CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack https://bugzilla.redhat.com/show_bug.cgi?id=892870 -------------------------------------------------------------------------------- ================================================================================ rubygem-activemodel-3.0.10-2.fc16 (FEDORA-2013-0686) A toolkit for building modeling frameworks -------------------------------------------------------------------------------- Update Information: Fix for CVE-2013-0155 and CVE-2013-0156. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 3.0.10-2 - Fixing issues introduced by CVE-2013-0155 and CVE-2013-0156. -------------------------------------------------------------------------------- References: [ 1 ] Bug #892866 - CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails https://bugzilla.redhat.com/show_bug.cgi?id=892866 [ 2 ] Bug #892870 - CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack https://bugzilla.redhat.com/show_bug.cgi?id=892870 -------------------------------------------------------------------------------- ================================================================================ rubygem-activerecord-3.0.10-5.fc16 (FEDORA-2013-0686) Implements the ActiveRecord pattern for ORM -------------------------------------------------------------------------------- Update Information: Fix for CVE-2013-0155 and CVE-2013-0156. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 1:3.0.10-5 - Fix for CVE-2013-0155. * Fri Jan 4 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 1:3.0.10-4 - Fix for CVE-2012-6496. -------------------------------------------------------------------------------- References: [ 1 ] Bug #892866 - CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails https://bugzilla.redhat.com/show_bug.cgi?id=892866 [ 2 ] Bug #892870 - CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack https://bugzilla.redhat.com/show_bug.cgi?id=892870 -------------------------------------------------------------------------------- ================================================================================ rubygem-activesupport-3.0.10-5.fc16 (FEDORA-2013-0686) Support and utility classes used by the Rails framework -------------------------------------------------------------------------------- Update Information: Fix for CVE-2013-0155 and CVE-2013-0156. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 1:3.0.10-5 - Fix for CVE-2013-0156. -------------------------------------------------------------------------------- References: [ 1 ] Bug #892866 - CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails https://bugzilla.redhat.com/show_bug.cgi?id=892866 [ 2 ] Bug #892870 - CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack https://bugzilla.redhat.com/show_bug.cgi?id=892870 -------------------------------------------------------------------------------- ================================================================================ shellinabox-2.14-19.git88822c1f.fc16 (FEDORA-2013-0642) Web based AJAX terminal emulator -------------------------------------------------------------------------------- Update Information: Bug fix build -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 9 2013 Simone Caronni <negativo17@xxxxxxxxx> - 2.14-19.git88822c1f - Fix SysV init scripts. * Wed Jan 9 2013 Simone Caronni <negativo17@xxxxxxxxx> - 2.14-18.git88822c1f - Updated init script according to Fedora template (#893129) https://fedoraproject.org/wiki/Packaging:SysVInitScript?rd=Packaging/SysVInitScript -------------------------------------------------------------------------------- References: [ 1 ] Bug #893129 - condrestart mode fails in init script /etc/rc.d/init.d/shellinaboxd https://bugzilla.redhat.com/show_bug.cgi?id=893129 -------------------------------------------------------------------------------- ================================================================================ srm-ifce-1.14.0-1.fc16 (FEDORA-2013-0647) SRM client side library -------------------------------------------------------------------------------- Update Information: Update 1.14.0-1 for fix of LCGUTIL-82 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 8 2013 Adrien Devresse <adevress at cern.ch> - 1.14.0-1 - correct two timeout bug LCGUTIL-78 and LCGUTIL-82 * Thu Nov 29 2012 Adrien Devresse <adevress at cern.ch> - 1.14.0-0 - correct misleading namespace in PrepareToGetRequestStatus - correct a timeout issue related to exponential backoff system in put/get - improve reliability of the exponential backoff wait system - big big code cleaning - re-factory of the context system with backward compatibility - fix the srm timeout issue - fix the srm put done issue for long transfer -------------------------------------------------------------------------------- ================================================================================ thunderbird-17.0.2-1.fc16 (FEDORA-2013-0723) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: - Security fixes can be found here: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird17.0.2 - An issue that caused occasional corruption in local folders after filtering is now fixed (815012) - An issue that caused deletion of drafts saved in IMAP folders whilst in offline mode is now fixed (805626) More info about release: - http://www.mozilla.org/en-US/thunderbird/16.0.2/releasenotes/ - Vulnerability outlined here: https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/ - Vulnerability outlined here: https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/ -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 10 2013 Jan Horak <jhorak@xxxxxxxxxx> - 17.0.2-1 - Update to 17.0.2 -------------------------------------------------------------------------------- ================================================================================ wordpress-3.5-3.fc16 (FEDORA-2013-0611) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: Fix symlink to php-simplepie -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 2 2013 Remi Collet <rcollet@xxxxxxxxxx> - 3.5-3 - fix links to system PHPMailer library * Sun Dec 16 2012 Remi Collet <rcollet@xxxxxxxxxx> - 3.5-2 - fix use of system Simplepie - give access from local (httpd 2.4) * Wed Dec 12 2012 Matěj Cepl <mcepl@xxxxxxxxxx> - 3.5-1 - New upstream release. * Tue Dec 4 2012 Matěj Cepl <mcepl@xxxxxxxxxx> - 3.5-0.5.RC3 - New upstream release candidate. * Fri Nov 30 2012 Matěj Cepl <mcepl@xxxxxxxxxx> - 3.5-0.5.RC2 - New upstream release candidate. * Sat Nov 24 2012 Matěj Cepl <mcepl@xxxxxxxxxx> - 3.5-0.5.RC1 - New upstream release candidate. * Tue Nov 13 2012 Matěj Cepl <mcepl@xxxxxxxxxx> - 3.5-0.4.beta3 - New upstream beta3 version * Mon Oct 29 2012 Remi Collet <rcollet@xxxxxxxxxx> - 3.5-0.3.beta2 - use system PHPMailer - requires needed php extensions * Sat Oct 13 2012 Matěj Cepl <mcepl@xxxxxxxxxx> - 3.5-0.2.beta2 - New upstream beta2 version * Thu Oct 4 2012 Matěj Cepl <mcepl@xxxxxxxxxx> - 3.5-0.2.beta1 - New upstream beta1 version - Don’t even bother with removing gettext.php ... it is not used anymore -------------------------------------------------------------------------------- References: [ 1 ] Bug #891764 - php-simplepie 1.3.1 breaks wordpress https://bugzilla.redhat.com/show_bug.cgi?id=891764 -------------------------------------------------------------------------------- ================================================================================ zathura-djvu-0.2.1-2.fc16 (FEDORA-2013-0690) DjVu support for zathura -------------------------------------------------------------------------------- Update Information: DjVu plugin for Zathura. -------------------------------------------------------------------------------- References: [ 1 ] Bug #891125 - Review Request: zathura-djvu - DjVu support for zathura https://bugzilla.redhat.com/show_bug.cgi?id=891125 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
