The following Fedora 17 Security updates need testing: Age URL 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1341/tinymce-spellchecker-2.0.5-8.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1189/jakarta-commons-httpclient-3.1-12.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1194/axis-1.4-19.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1229/rhncfg-5.10.36-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1244/libexif-0.6.21-2.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1286/python-tw2-jquery-2.0.3-5.fc17 128 https://admin.fedoraproject.org/updates/FEDORA-2012-14650/tor-0.2.2.39-1700.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-1320/dnsmasq-2.65-3.fc17 24 https://admin.fedoraproject.org/updates/FEDORA-2013-0210/vdsm-4.10.0-13.fc17 24 https://admin.fedoraproject.org/updates/FEDORA-2013-0231/ca-certificates-2012.87-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-1466/freetype-2.4.8-4.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-1382/seamonkey-2.15.1-1.fc17 208 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-1387/couchdb-1.2.1-2.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-1421/ettercap-0.7.5-4.fc17.1.20120906gitc796e5 5 https://admin.fedoraproject.org/updates/FEDORA-2013-1422/libssh-0.5.4-1.fc17 20 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 20 https://admin.fedoraproject.org/updates/FEDORA-2012-19606/cups-1.5.4-18.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1204/ndjbdns-1.05.6-1.fc17 49 https://admin.fedoraproject.org/updates/FEDORA-2012-20092/libproxy-0.4.11-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1625/squid-3.2.5-2.fc17 17 https://admin.fedoraproject.org/updates/FEDORA-2013-0696/perl-5.14.3-220.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-1478/Zim-0.59-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-1473/gdal-1.9.1-14.fc17.1,leptonica-1.69-5.fc17,OpenImageIO-1.0.11-2.fc17,libwebp-0.2.1-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1269/xen-4.1.4-3.fc17 9 https://admin.fedoraproject.org/updates/FEDORA-2013-0985/php-symfony2-Yaml-2.1.7-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1626/libvirt-0.9.11.9-1.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 1 https://admin.fedoraproject.org/updates/FEDORA-2013-1580/audit-2.2.2-2.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-1544/policycoreutils-2.1.13-27.2.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-1540/logrotate-3.8.3-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-1466/freetype-2.4.8-4.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-1471/dosfstools-3.0.14-1.fc17 The following builds have been pushed to Fedora 17 updates-testing ibus-table-1.5.0-1.fc17 jemalloc-3.3.0-1.fc17 ksh-20120801-5.fc17 libvirt-0.9.11.9-1.fc17 mingw-angleproject-0-0.3.svn1561.20121214.fc17 mingw-dbus-1.4.24-1.fc17 mingw-headers-2.0.999-0.9.trunk.20121016.fc17 mingw-qt5-qtbase-5.0.0-3.fc17 okular-4.9.5-3.fc17 parallel-20121222-1.fc17 perl-DateTime-Format-Duration-1.03-1.a.fc17 php-twig-Twig-1.12.1-1.fc17 psimedia-1.0.3-11.fc17 python-qpid-0.20-1.fc17 python-simplevisor-0.7-1.fc17 qpid-cpp-0.20-2.fc17 qpid-proton-0.3-3.fc17 rubygem-qpid_messaging-0.20.0-1.fc17 squid-3.2.5-2.fc17 tiled-0.9.0-1.fc17 Details about builds: ================================================================================ ibus-table-1.5.0-1.fc17 (FEDORA-2013-1630) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information: #857967 https://bugzilla.redhat.com/show_bug.cgi?id=857967, see also http://code.google.com/p/ibus/issues/detail?id=1492 “unable to write 晞 with any of the two Wubi input methods” 晞 (wubi code = JQDH) cannot be written. To fix the bug, a rebuild of ibus-table-chinese against this update is needed as well. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 28 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0-1 - update to latest upstream 1.5.0 from Caius ‘kaio’ Chance’s repository - add patches for better simplified/traditional Chinese detection - Resolves: #857967 - simplified/traditional Chinese detection in ibus-table does not work well -------------------------------------------------------------------------------- References: [ 1 ] Bug #857967 - simplified/traditional Chinese detection in ibus-table does not work well https://bugzilla.redhat.com/show_bug.cgi?id=857967 -------------------------------------------------------------------------------- ================================================================================ jemalloc-3.3.0-1.fc17 (FEDORA-2013-1589) General-purpose scalable concurrent malloc implementation -------------------------------------------------------------------------------- Update Information: New upstream release >From the upstream release notes: 3.3.0 (January 23, 2013) This version includes a few minor performance improvements in addition to the listed new features and bug fixes. New features: - Add clipping support to lg_chunk option processing. - Add the --enable-ivsalloc option. - Add the --without-export option. - Add the --disable-zone-allocator option. Bug fixes: - Fix "arenas.extend" mallctl to output the number of arenas. - Fix chunk_recycyle() to unconditionally inform Valgrind that returned memory is undefined. - Fix build break on FreeBSD related to alloca.h -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 25 2013 Ingvar Hagelund <ingvar@xxxxxxxxxxxxxxxxxx> - 3.3.0-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #903589 - jemalloc-3.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=903589 -------------------------------------------------------------------------------- ================================================================================ ksh-20120801-5.fc17 (FEDORA-2013-1637) The Original ATT Korn Shell -------------------------------------------------------------------------------- Update Information: - ksh could not enter directories with path containing /.something - file name autocomplete prevented following numeric input -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 25 2013 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-5 - ksh could not enter directories with path containing /.something (#889748) - file name autocomplete prevented following numeric input (#889745) * Thu Nov 22 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-4 - bind Home, End, Delete,... key correctly for emacs mode - do not crash when executed from deleted directory -------------------------------------------------------------------------------- References: [ 1 ] Bug #889748 - KSH - change to hidden directory via parent doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=889748 [ 2 ] Bug #889745 - KSH - autocomplete stops numeric input https://bugzilla.redhat.com/show_bug.cgi?id=889745 -------------------------------------------------------------------------------- ================================================================================ libvirt-0.9.11.9-1.fc17 (FEDORA-2013-1626) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Rebased to version 0.9.11.9 * CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz #905173) -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 28 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 0.9.11.9-1 - Rebased to version 0.9.11.9 - CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz -------------------------------------------------------------------------------- References: [ 1 ] Bug #893450 - CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() https://bugzilla.redhat.com/show_bug.cgi?id=893450 -------------------------------------------------------------------------------- ================================================================================ mingw-angleproject-0-0.3.svn1561.20121214.fc17 (FEDORA-2013-1607) Almost Native Graphics Layer Engine -------------------------------------------------------------------------------- Update Information: Initial import of mingw-qt5-qtbase -------------------------------------------------------------------------------- References: [ 1 ] Bug #891011 - Review Request: mingw-angleproject - Almost Native Graphics Layer Engine https://bugzilla.redhat.com/show_bug.cgi?id=891011 [ 2 ] Bug #858058 - Review Request: mingw-qt5-qtbase - Qt5 for Windows - QtBase component https://bugzilla.redhat.com/show_bug.cgi?id=858058 -------------------------------------------------------------------------------- ================================================================================ mingw-dbus-1.4.24-1.fc17 (FEDORA-2013-1607) MinGW Windows port of D-Bus -------------------------------------------------------------------------------- Update Information: Initial import of mingw-qt5-qtbase -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 28 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 1.4.24-1 - Update to 1.4.24 - Fixes C++11 compatibility (required by mingw-qt5-qtbase) -------------------------------------------------------------------------------- References: [ 1 ] Bug #891011 - Review Request: mingw-angleproject - Almost Native Graphics Layer Engine https://bugzilla.redhat.com/show_bug.cgi?id=891011 [ 2 ] Bug #858058 - Review Request: mingw-qt5-qtbase - Qt5 for Windows - QtBase component https://bugzilla.redhat.com/show_bug.cgi?id=858058 -------------------------------------------------------------------------------- ================================================================================ mingw-headers-2.0.999-0.9.trunk.20121016.fc17 (FEDORA-2013-1607) Win32/Win64 header files -------------------------------------------------------------------------------- Update Information: Initial import of mingw-qt5-qtbase -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 28 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 2.0.999-0.9.trunk.20121016 - Backport upstream commit 5451 as it is needed to build mingw-qt5-qtbase -------------------------------------------------------------------------------- References: [ 1 ] Bug #891011 - Review Request: mingw-angleproject - Almost Native Graphics Layer Engine https://bugzilla.redhat.com/show_bug.cgi?id=891011 [ 2 ] Bug #858058 - Review Request: mingw-qt5-qtbase - Qt5 for Windows - QtBase component https://bugzilla.redhat.com/show_bug.cgi?id=858058 -------------------------------------------------------------------------------- ================================================================================ mingw-qt5-qtbase-5.0.0-3.fc17 (FEDORA-2013-1607) Qt5 for Windows - QtBase component -------------------------------------------------------------------------------- Update Information: Initial import of mingw-qt5-qtbase -------------------------------------------------------------------------------- References: [ 1 ] Bug #891011 - Review Request: mingw-angleproject - Almost Native Graphics Layer Engine https://bugzilla.redhat.com/show_bug.cgi?id=891011 [ 2 ] Bug #858058 - Review Request: mingw-qt5-qtbase - Qt5 for Windows - QtBase component https://bugzilla.redhat.com/show_bug.cgi?id=858058 -------------------------------------------------------------------------------- ================================================================================ okular-4.9.5-3.fc17 (FEDORA-2013-1350) A document viewer -------------------------------------------------------------------------------- Update Information: file/url path encoding fix. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 28 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.9.5-3 - really apply encoding patch/fix (#747976) * Tue Jan 22 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.9.5-2 - filename encoding fix (#747976, kde#313700) -------------------------------------------------------------------------------- References: [ 1 ] Bug #747976 - Okular can't read synctex files from utf8 directories https://bugzilla.redhat.com/show_bug.cgi?id=747976 -------------------------------------------------------------------------------- ================================================================================ parallel-20121222-1.fc17 (FEDORA-2013-1622) Shell tool for executing jobs in parallel -------------------------------------------------------------------------------- Update Information: Update to newest version. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 16 2013 Golo Fuchert <packages@xxxxxxxxxx> - 20121222-1 - Updated to newest version 20121222 (due to #895971) * Wed Mar 21 2012 Golo Fuchert <packages@xxxxxxxxxx> - 20120222-1 - Updated to newest version 20120222 - renamed manpage sql to parallel-sql (naming conflict, bug 797823) -------------------------------------------------------------------------------- References: [ 1 ] Bug #895971 - Running niceload updatedb doesn't work on Fedora https://bugzilla.redhat.com/show_bug.cgi?id=895971 -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-Format-Duration-1.03-1.a.fc17 (FEDORA-2013-1606) Format and parse DateTime::Durations -------------------------------------------------------------------------------- Update Information: Parser and formatter for DateTime::Duration objects and other duration representations. -------------------------------------------------------------------------------- References: [ 1 ] Bug #887981 - Review Request: perl-DateTime-Format-Duration - Format and parse DateTime::Durations https://bugzilla.redhat.com/show_bug.cgi?id=887981 -------------------------------------------------------------------------------- ================================================================================ php-twig-Twig-1.12.1-1.fc17 (FEDORA-2013-1645) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information: 1.12.1 (2013-01-15) * added support for object instances as the second argument of the constant function * relaxed globals management to avoid a BC break * added support for {{ some_string[:2] }} See: http://blog.twig.sensiolabs.org/post/40619021918/twig-1-12-1-released Full changelog: https://github.com/fabpot/Twig/blob/v1.12.1/CHANGELOG 1.12.0 (2012-01-08) * added verbatim as an alias for the raw tag to avoid confusion with the raw filter * fixed registration of tests and functions as anonymous functions * fixed globals management 1.12.0-RC1 (2012-12-29) * added an include function (does the same as the include tag but in a more flexible way) * added the ability to use any PHP callable to define filters, functions, and tests * added a syntax error when using a loop variable that is not defined * added the ability to set default values for macro arguments * added support for named arguments for filters, tests, and functions * moved filters/functions/tests syntax errors to the parser * added support for extended ternary operator syntaxes Full changelog: https://github.com/fabpot/Twig/blob/v1.12.0/CHANGELOG See: * http://blog.twig.sensiolabs.org/post/40011861424/twig-1-12-0-released * http://blog.twig.sensiolabs.org/post/39237503408/twig-1-12-0-rc1-released -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 18 2013 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> 1.12.1-1 - Updated to upstream version 1.12.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #895917 - php-twig-Twig-1.12.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=895917 [ 2 ] Bug #893710 - php-twig-Twig-1.12.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=893710 -------------------------------------------------------------------------------- ================================================================================ psimedia-1.0.3-11.fc17 (FEDORA-2013-1635) Audio and video RTP services for Psi-like IM clients -------------------------------------------------------------------------------- Update Information: - dropped Requires: psi - owned %{_libdir}/psi and %{_libdir}/psi/plugins dirs - backported psi-plus-psimedia fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 24 2013 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1.0.3-11 - drop Requires: psi - own %{_libdir}/psi and %{_libdir}/psi/plugins - backport psi-plus-psimedia fixes * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-qpid-0.20-1.fc17 (FEDORA-2013-1638) Python client library for AMQP -------------------------------------------------------------------------------- Update Information: Rebased on Qpid 0.20. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 28 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.20-1 - Rebased on Qpid 0.20 release. -------------------------------------------------------------------------------- ================================================================================ python-simplevisor-0.7-1.fc17 (FEDORA-2013-1602) Python simple daemons supervisor -------------------------------------------------------------------------------- Update Information: Updating to latest upstream 0.7. -------------------------------------------------------------------------------- ================================================================================ qpid-cpp-0.20-2.fc17 (FEDORA-2013-1609) Libraries for Qpid C++ client applications -------------------------------------------------------------------------------- Update Information: Fixed a memory leak the Perl language bindings. Rebased on Qpid 0.20. Fixes for ARM platform. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 28 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.20-2 - Fixed memory leak in Perl bindings typemap. - Resolves: BZ#885149 * Wed Jan 23 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.20-1 - Rebased Qpid on release 0.20. - Rebased Store on SVN revision 4521. - Fixed builds on ARM system by disabling RDMA support. - Added a check in the store for ARM architecture. - Resolves: BZ#820282 -------------------------------------------------------------------------------- References: [ 1 ] Bug #885149 - Memory leaks when capacity > 0 https://bugzilla.redhat.com/show_bug.cgi?id=885149 [ 2 ] Bug #820282 - qpid-cpp Fails To Build From Source on Fedora 17 (and Rawhide) for ARM architectures https://bugzilla.redhat.com/show_bug.cgi?id=820282 -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.3-3.fc17 (FEDORA-2013-1624) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Proper fix for BZ#901526. Fixes building proton-c on non-x86 platforms. Rebased on Proton 0.3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #901526 - build on non-x86 fails with "error: 'scanned' may be used uninitialized" https://bugzilla.redhat.com/show_bug.cgi?id=901526 -------------------------------------------------------------------------------- ================================================================================ rubygem-qpid_messaging-0.20.0-1.fc17 (FEDORA-2013-1633) Ruby bindings for the Qpid messaging framework -------------------------------------------------------------------------------- Update Information: Rebased on qpid_messaging 0.20.0. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 28 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.20.0-1 - Rebased on qpid_messaging 0.20.0. -------------------------------------------------------------------------------- ================================================================================ squid-3.2.5-2.fc17 (FEDORA-2013-1625) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: This is security update that fixes multiple memory leaks in cachemgr tool. (CVE-2013-0189) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 24 2013 Michal Luscon <mluscon@xxxxxxxxxx> - 7:3.2.5-2 - CVE-2013-0189: Incomplete fix for the CVE-2012-5643 -------------------------------------------------------------------------------- References: [ 1 ] Bug #895976 - CVE-2013-0189 squid: Incomplete fix for the CVE-2012-5643 issue [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=895976 -------------------------------------------------------------------------------- ================================================================================ tiled-0.9.0-1.fc17 (FEDORA-2013-1618) Tiled Map Editor -------------------------------------------------------------------------------- Update Information: New upstream release 0.9.0. It brings in a lot of bugfixes but also a couple of new useful features. -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 12 2013 Erik Schilling <ablu.erikschilling@xxxxxxxxxxxxxx> 0.9.0-1 - New upstream release 0.9.0 - Dropped now obsolete patches and files -------------------------------------------------------------------------------- References: [ 1 ] Bug #875494 - [abrt] tiled-0.8.1-3.fc17: width: Process /usr/bin/tiled was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=875494 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
