Fedora 16 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 16 Security updates need testing:
 Age  URL
  52  https://admin.fedoraproject.org/updates/FEDORA-2012-20157/libproxy-0.4.11-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-1748/sssd-1.8.6-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-1713/libupnp-1.6.18-1.fc16
   9  https://admin.fedoraproject.org/updates/FEDORA-2013-1233/rhncfg-5.10.36-1.fc16
  51  https://admin.fedoraproject.org/updates/FEDORA-2012-20236/rssh-2.3.4-1.fc16
   9  https://admin.fedoraproject.org/updates/FEDORA-2013-1257/libexif-0.6.21-2.fc16
 210  https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16
 130  https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16
   6  https://admin.fedoraproject.org/updates/FEDORA-2013-1485/Zim-0.59-1.fc16
  23  https://admin.fedoraproject.org/updates/FEDORA-2012-19347/cups-1.5.4-12.fc16
   6  https://admin.fedoraproject.org/updates/FEDORA-2013-1494/gdal-1.7.3-15.fc16,OpenImageIO-1.0.11-2.fc16,libwebp-0.2.1-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-1666/android-tools-20130123git98d0789-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-1716/samba-3.6.12-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-1745/rubygem-activesupport-3.0.10-6.fc16
  13  https://admin.fedoraproject.org/updates/FEDORA-2013-0935/samba4-4.0.0-39.alpha16.fc16
   2  https://admin.fedoraproject.org/updates/FEDORA-2013-1642/libvirt-0.9.6.4-1.fc16
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-1735/wordpress-3.5.1-1.fc16


The following Fedora 16 Critical Path updates have yet to be approved:
 Age URL
   6  https://admin.fedoraproject.org/updates/FEDORA-2013-1531/qrencode-3.4.1-1.fc16
   9  https://admin.fedoraproject.org/updates/FEDORA-2013-1257/libexif-0.6.21-2.fc16
 276  https://admin.fedoraproject.org/updates/FEDORA-2012-6994/upower-0.9.16-1.fc16


The following builds have been pushed to Fedora 16 updates-testing

    android-tools-20130123git98d0789-1.fc16
    drupal7-date_ical-2.3-1.fc16
    guacd-0.7.0-3.fc16
    libupnp-1.6.18-1.fc16
    lua-ldoc-1.3.3-1.fc16
    mate-window-manager-1.5.3-3.fc16
    rubygem-activesupport-3.0.10-6.fc16
    samba-3.6.12-1.fc16
    sssd-1.8.6-1.fc16
    wordpress-3.5.1-1.fc16

Details about builds:


================================================================================
 android-tools-20130123git98d0789-1.fc16 (FEDORA-2013-1666)
 Android platform tools(adb, fastboot)
--------------------------------------------------------------------------------
Update Information:

- Update to upstream git commit 98d0789
- Resolves: rhbz 903074 Move udev rule to docs as example
- Resolves: rhbz 879585 Introduce adb.service with PrivateTmp
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 28 2013 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> - 20130123git98d0789-1
- Update to upstream git commit 98d0789
- Resolves: rhbz 903074 Move udev rule to docs as example
- Resolves: rhbz 879585 Introduce adb.service with PrivateTmp
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #879585 - CVE-2012-5564 android-tools (server): Insecure temporary file used for logging [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=879585
  [ 2 ] Bug #903074 - android-tools: please fix or remove (non useful) udev rule
        https://bugzilla.redhat.com/show_bug.cgi?id=903074
--------------------------------------------------------------------------------


================================================================================
 drupal7-date_ical-2.3-1.fc16 (FEDORA-2013-1688)
 Allows creation of an iCal feed in Views
--------------------------------------------------------------------------------
Update Information:

Update to upstream 2.3 release
Update to upstream 2.2 release
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #904736 - drupal7-date_ical-2.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=904736
  [ 2 ] Bug #903583 - drupal7-date_ical-2.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=903583
--------------------------------------------------------------------------------


================================================================================
 guacd-0.7.0-3.fc16 (FEDORA-2013-1694)
 Proxy daemon for Guacamole
--------------------------------------------------------------------------------
Update Information:

Enable guacd user/group for daemon
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Simone Caronni <negativo17@xxxxxxxxx> - 0.7.0-3
- User creations is for all supported distributions.
* Wed Jan 30 2013 Simone Caronni <negativo17@xxxxxxxxx> - 0.7.0-2
- Updated init script according to Fedora template.
  https://fedoraproject.org/wiki/Packaging:SysVInitScript?rd=Packaging/SysVInitScript
- Run daemon as guacd user/group.
- Make sure $HOME is set before starting the daemon or the child crashes.
--------------------------------------------------------------------------------


================================================================================
 libupnp-1.6.18-1.fc16 (FEDORA-2013-1713)
 Universal Plug and Play (UPnP) SDK
--------------------------------------------------------------------------------
Update Information:

linupnp 1.6.18
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 29 2013 Adam Jackson <ajax@xxxxxxxxxx> 1.6.18-1
- libupnp 1.6.18 (#905577)
* Tue Oct 16 2012 Adam Jackson <ajax@xxxxxxxxxx> 1.6.17-1
- libupnp 1.6.17
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.13-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #883790 - CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 libupnp: Multiple stack-based buffer overflows in unique_service_name() by processing specially-crafted SSDP request (VU#922681)
        https://bugzilla.redhat.com/show_bug.cgi?id=883790
--------------------------------------------------------------------------------


================================================================================
 lua-ldoc-1.3.3-1.fc16 (FEDORA-2013-1768)
 Lua documentation generator
--------------------------------------------------------------------------------
Update Information:

LDoc is a second-generation documentation tool that can be used as a replacement for LuaDoc. It is mostly compatible with LuaDoc, except that certain workarounds are no longer needed. For instance, it is not so married to the idea that Lua modules should be defined using the module function.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #891996 - Review Request: lua-ldoc - Lua documentation generator
        https://bugzilla.redhat.com/show_bug.cgi?id=891996
--------------------------------------------------------------------------------


================================================================================
 mate-window-manager-1.5.3-3.fc16 (FEDORA-2013-1669)
 MATE Desktop window manager
--------------------------------------------------------------------------------
Update Information:

update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 29 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.3-3
- Add some configure flags
* Fri Jan 18 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.3-2
- Sort BR's
- Remove unneeded obsoletes tag
* Mon Jan 14 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.3-1
- Update to latest upstream release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #896357 - [abrt] mate-window-manager-1.5.2-10.fc18: meta_bug: Process /usr/bin/marco was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=896357
--------------------------------------------------------------------------------


================================================================================
 rubygem-activesupport-3.0.10-6.fc16 (FEDORA-2013-1745)
 Support and utility classes used by the Rails framework
--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2013-0333.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 29 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 1:3.0.10-6
- Fix for CVE-2013-0333.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #903440 - CVE-2013-0333 rubygem-activesupport: json to yaml parsing
        https://bugzilla.redhat.com/show_bug.cgi?id=903440
--------------------------------------------------------------------------------


================================================================================
 samba-3.6.12-1.fc16 (FEDORA-2013-1716)
 Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:

Update to 3.6.12 which fixes CVE-2013-0213 and CVE-2013-0214.
Update to 3.6.10.
Fix printing upgrade code.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 31 2013 - Andreas Schneider <asn@xxxxxxxxxx> - 2:3.6.12-1
- Update to 3.6.12
- Fixes CVE-2013-0213 and CVE-2013-0214.
- resolves: #905700
- resolves: #906002
- resolves: #905704
* Mon Dec 10 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.10-94
- Update to 3.6.10
* Fri Nov  9 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.9-93
- Update to 3.6.9
* Fri Oct 26 2012 - Andreas Schneider <asn@xxxxxxxxxx> -2:3.6.8-92
- Fix pam_winbind segfault in pam_sm_authenticate().
- resolves: #870493
* Mon Sep 17 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.8-91
- Update to 3.6.8
* Mon Aug 20 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.7-90
- Update to 3.6.7
* Thu Jul 19 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.6-89
- Fix printing tdb upgrade for 3.6.6
- resolves: #841609
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #905700 - CVE-2013-0213 samba: clickjacking vulnerability in SWAT
        https://bugzilla.redhat.com/show_bug.cgi?id=905700
  [ 2 ] Bug #905704 - CVE-2013-0214 samba: cross-site request forgery vulnerability in SWAT
        https://bugzilla.redhat.com/show_bug.cgi?id=905704
--------------------------------------------------------------------------------


================================================================================
 sssd-1.8.6-1.fc16 (FEDORA-2013-1748)
 System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:

A rebase to the latest LTM upstream relase that fixes CVE-2013-0220 and CVE-2013-0219
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 29 2013 Jakub Hrozek <jhrozek@xxxxxxxxxx> - 1.8.6-1
- New upstream release 1.8.6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #884254 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees
        https://bugzilla.redhat.com/show_bug.cgi?id=884254
  [ 2 ] Bug #884601 - CVE-2013-0220 sssd: Out-of-bounds read flaws in autofs and ssh services responders
        https://bugzilla.redhat.com/show_bug.cgi?id=884601
--------------------------------------------------------------------------------


================================================================================
 wordpress-3.5.1-1.fc16 (FEDORA-2013-1735)
 Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include:

* Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or user APIs.

WordPress 3.5.1 also addresses the following security issues:

* A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
* Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
* A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Remi Collet <rcollet@xxxxxxxxxx> - 3.5.1-1
- version 3.5.1, various bug and security fixes:
  CVE-2013-0235, CVE-2013-0236 and CVE-2013-0237
- drop -f option from rm to break build if
  upstream archive content change
- protect akismet content (from upstream .htaccess)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #904120 - CVE-2013-0235 wordpress: Server-side request forgery and remote port scanning using pingbacks
        https://bugzilla.redhat.com/show_bug.cgi?id=904120
  [ 2 ] Bug #904121 - wordpress: XSS flaws via shortcodes and HTTP POST content
        https://bugzilla.redhat.com/show_bug.cgi?id=904121
  [ 3 ] Bug #904122 - wordpress: XSS in the external Plupload library
        https://bugzilla.redhat.com/show_bug.cgi?id=904122
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux