The following Fedora 17 Security updates need testing: Age URL 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1734/libupnp-1.6.18-1.fc17 17 https://admin.fedoraproject.org/updates/FEDORA-2013-1286/python-tw2-jquery-2.0.3-5.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1320/dnsmasq-2.65-4.fc17 35 https://admin.fedoraproject.org/updates/FEDORA-2013-0210/vdsm-4.10.0-13.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2143/rubygem-rdoc-3.12-5.fc17 35 https://admin.fedoraproject.org/updates/FEDORA-2013-0231/ca-certificates-2012.87-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2152/postgresql-9.1.8-1.fc17 14 https://admin.fedoraproject.org/updates/FEDORA-2013-1466/freetype-2.4.8-4.fc17 31 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 31 https://admin.fedoraproject.org/updates/FEDORA-2012-19606/cups-1.5.4-18.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2177/roundcubemail-0.8.5-1.fc17 60 https://admin.fedoraproject.org/updates/FEDORA-2012-20092/libproxy-0.4.11-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-1997/qt-4.8.4-11.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1836/perl-5.14.3-221.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1667/samba4-4.0.0-60alpha18.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1718/samba-3.6.12-1.fc17.1 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1661/httpd-2.2.23-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2202/gnome-online-accounts-3.4.2-3.fc17 218 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2002/xen-4.1.4-4.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2023/tor-0.2.3.25-1700 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1804/coreutils-8.15-10.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1826/sssd-1.8.6-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2128/mingw-gnutls-2.12.20-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2206/openssh-5.9p1-29.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2163/policycoreutils-2.1.13-27.3.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2202/gnome-online-accounts-3.4.2-3.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2206/openssh-5.9p1-29.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2124/abrt-2.1.1-1.fc17,libreport-2.1.1-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2024/xulrunner-18.0.2-1.fc17,firefox-18.0.2-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-1997/qt-4.8.4-11.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2028/nss-util-3.14.2-2.fc17,nss-3.14.2-2.fc17,nss-softokn-3.14.2-3.fc17,nspr-4.9.5-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2065/abrt-2.1.0-1.fc17,libreport-2.1.0-2.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-1965/kernel-3.7.6-102.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-1926/xorg-x11-drv-evdev-2.7.3-5.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-1946/fedora-logos-17.0.3-3.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-1931/util-linux-2.21.2-4.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-1881/phonon-backend-gstreamer-4.6.3-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1841/sane-backends-1.0.23-7.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1836/perl-5.14.3-221.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1865/xorg-x11-drv-synaptics-1.6.3-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1789/bash-4.2.39-3.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1791/ModemManager-0.6.0.0-3.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1804/coreutils-8.15-10.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1712/mtdev-1.1.3-1.fc17 11 https://admin.fedoraproject.org/updates/FEDORA-2013-1580/audit-2.2.2-2.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-1540/logrotate-3.8.3-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1725/libnl3-3.2.21-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1320/dnsmasq-2.65-4.fc17 20 https://admin.fedoraproject.org/updates/FEDORA-2013-1140/xorg-x11-drv-intel-2.20.18-1.fc17 170 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 The following builds have been pushed to Fedora 17 updates-testing abi-compliance-checker-1.98.8-1.fc17 fedora-review-0.4.0-3.fc17 fontforge-20120731b-4.fc17 gambas3-3.4.0-1.fc17 gnome-online-accounts-3.4.2-3.fc17 jtidy-1.0-0.13.20100930svn1125.fc17 lcgdm-dav-0.12.1-1.fc17 mysql-utilities-1.2.0-1.fc17 openssh-5.9p1-29.fc17 ovirt-guest-agent-1.0.6-4.fc17 perl-Perl-Stripper-0.04-1.fc17 policycoreutils-2.1.13-27.3.fc17 python-fedmsg-meta-fedora-infrastructure-0.1.0-1.fc17 python-rhsm-1.8.2-1.fc17 roundcubemail-0.8.5-1.fc17 subscription-manager-1.8.2-1.fc17 xfce-theme-manager-0.2.4-1.fc17 Details about builds: ================================================================================ abi-compliance-checker-1.98.8-1.fc17 (FEDORA-2013-2164) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.98.8-1 - Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #909136 - abi-compliance-checker-1.98.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=909136 -------------------------------------------------------------------------------- ================================================================================ fedora-review-0.4.0-3.fc17 (FEDORA-2013-2184) Review tool for fedora rpm packages -------------------------------------------------------------------------------- Update Information: This fixes problems with large docs check and incorrect handling of some package names. A small addition is also REVIEW_NO_MOCKGROUP_TEST which turns off verification of mock configuration that can be useful in certain non-standard configurations. Update to 0.4.0 and incorporate patch from Ralf Bean fixing fedora-create-review. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.4.0-3 - Fix rhbz908830 and rhbz908830 - Add patch for REVIEW_NO_MOCKGROUP_TEST environment variable - Remove old patch * Mon Feb 4 2013 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 0.4.0-2 - Add Patch0 (0001-Fix-syntax-error.patch) from Ralph Bean fixing fedora-create-review * Mon Jan 28 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.4.0-1 - Updating to upstream 0.4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #908830 - check-large-docs.sh doesn't properly skip -doc subpackages https://bugzilla.redhat.com/show_bug.cgi?id=908830 [ 2 ] Bug #889087 - Unreadable colors in terminal with white background https://bugzilla.redhat.com/show_bug.cgi?id=889087 [ 3 ] Bug #881337 - AttributeError: 'GemCheckRequiresRubygems' object has no attribute 'spec_packages' https://bugzilla.redhat.com/show_bug.cgi?id=881337 [ 4 ] Bug #872898 - other Fatal error: Exception down the road https://bugzilla.redhat.com/show_bug.cgi?id=872898 [ 5 ] Bug #845651 - AttributeError: 'Source' object has no attribute 'filename' https://bugzilla.redhat.com/show_bug.cgi?id=845651 -------------------------------------------------------------------------------- ================================================================================ fontforge-20120731b-4.fc17 (FEDORA-2013-2215) Outline and bitmap font editor -------------------------------------------------------------------------------- Update Information: Fixes for some crashes that occur while extracting fonts from PDFs. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 7 2013 Paul Flo Williams <paul@xxxxxxxxxxxxx> - 20120731b-4 - Patch for bug #902089, out-of-bounds errors while reading PDFs * Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 20120731b-3 - rebuild due to "jpeg8-ABI" feature drop * Tue Nov 27 2012 Kevin Fenzi <kevin@xxxxxxxxx> 20120731b-2 - Cosmetic cleanups for bug 880472 -------------------------------------------------------------------------------- References: [ 1 ] Bug #902089 - [abrt] fontforge-20120731b-2.fc18: pcFree: Process /usr/bin/fontforge was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=902089 -------------------------------------------------------------------------------- ================================================================================ gambas3-3.4.0-1.fc17 (FEDORA-2013-2200) IDE based on a basic interpreter with object extensions -------------------------------------------------------------------------------- Update Information: Update to 3.4.0 This new release fixes about 240 bugs and adds about 270 new features. For full details, see: http://gambasdoc.org/help/doc/release/3.4.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 7 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.4.0-1 - update to 3.4.0 * Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 3.3.4-4 - rebuild due to "jpeg8-ABI" feature drop * Thu Dec 13 2012 Adam Jackson <ajax@xxxxxxxxxx> - 3.3.4-3 - Rebuild for glew 1.9.0 -------------------------------------------------------------------------------- ================================================================================ gnome-online-accounts-3.4.2-3.fc17 (FEDORA-2013-2202) Provide online accounts information -------------------------------------------------------------------------------- Update Information: Backport fix for RH #908000 (CVE-2013-0240) -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 3.4.2-3 - Backport fix for RH #908000 (CVE-2013-0240) * Mon Oct 15 2012 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 3.4.2-2 - Backport fix for RH #863419 -------------------------------------------------------------------------------- References: [ 1 ] Bug #894352 - gnome-online-accounts: Does not check SSL certificates when creating Windows Live or Facebook accounts https://bugzilla.redhat.com/show_bug.cgi?id=894352 -------------------------------------------------------------------------------- ================================================================================ jtidy-1.0-0.13.20100930svn1125.fc17 (FEDORA-2013-2176) HTML syntax checker and pretty printer -------------------------------------------------------------------------------- Update Information: This update adds missing Requires: xml-commons-apis. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 6 2013 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2:1.0-0.13.20100930svn1125 - Add missing BR and R: xml-commons-apis - Resolves: rhbz#908421 * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2:1.0-0.12.20100930svn1125 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #908421 - jtidy: Missing dependencies on xml-commons-apis https://bugzilla.redhat.com/show_bug.cgi?id=908421 -------------------------------------------------------------------------------- ================================================================================ lcgdm-dav-0.12.1-1.fc17 (FEDORA-2013-2211) HTTP/DAV front end to the DPM/LFC services -------------------------------------------------------------------------------- Update Information: - fix for a frequent segfault Update for new upstream release Update for new upstream release Update for new upstream release Update for new upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Ricardo Rocha <ricardo.rocha@xxxxxxx> - 0.12.1-1 - Update for new upstream release (patch for segfault) * Wed Feb 6 2013 Ricardo Rocha <ricardo.rocha@xxxxxxx> - 0.12.0-1 - Update for new upstream release * Tue Jan 29 2013 Ricardo Rocha <ricardo.rocha@xxxxxxx> - 0.11.0-2 - Added patch for apache 2.4 api change -------------------------------------------------------------------------------- ================================================================================ mysql-utilities-1.2.0-1.fc17 (FEDORA-2013-2207) MySQL Utilities -------------------------------------------------------------------------------- Update Information: Release 1.2.0 (Released January 26, 2013) * BUG#13956819: MySQL Utilities requires changes for RPM packaging * WL#6256: Change password handling * WL#6262: Audit log parser Release 1.1.2 (Released January 17, 2013) * BUG#13931340: mysqluserclone should dump all users * BUG#14712211: mysqluc fails to look for the utilities for a given utildir * BUG#15867353: Add GTID handling to mysqldbcopy, mysqldbexport * BUG#16010766: gtid enabled utilities need to check version of the server * BUG#16016887: mysqldiskusage reports missing binlog * BUG#16020953: --timeout option in mysqlfailover throws error * BUG#16023646: mysqldbcopy cannot copy world_innodb sample database * BUG#16023781: switchover can fail to complete if there are errors in slaves * BUG#16035934: unused --server option in mysqldbcompare * BUG#16037123: mysqlrplshow fails to report connection errors * BUG#16072863: gtid-enabled utilities need better error handling * BUG#14158371: mysqlserverinfo reports server offline on authentication error -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.2.0-1 - update to 1.2.0 - new commands: mysqlauditadmin and mysqlauditgrep -------------------------------------------------------------------------------- ================================================================================ openssh-5.9p1-29.fc17 (FEDORA-2013-2206) An open source implementation of SSH protocol versions 1 and 2 -------------------------------------------------------------------------------- Update Information: This update changes default of MaxStartups to 10:30:100 to start doing random early drop at 10 connections up to 100 connections - CVE-2010-5107 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Petr Lautrbach <plautrba@xxxxxxxxxx> 5.9p1-29 + 0.9.3-1 - change default value of MaxStartups - CVE-2010-5107 (#908707) -------------------------------------------------------------------------------- References: [ 1 ] Bug #908707 - CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks https://bugzilla.redhat.com/show_bug.cgi?id=908707 -------------------------------------------------------------------------------- ================================================================================ ovirt-guest-agent-1.0.6-4.fc17 (FEDORA-2013-2181) The oVirt Guest Agent -------------------------------------------------------------------------------- Update Information: This is the oVirt managment agent running inside the guest. The agent interfaces with the oVirt manager, supplying heart-beat info as well as runtime data from within the guest itself. The agent also accepts control commands to be run executed within the OS (like: shutdown and restart). -------------------------------------------------------------------------------- References: [ 1 ] Bug #889546 - Review Request: ovirt-guest-agent - oVirt Guest Agent https://bugzilla.redhat.com/show_bug.cgi?id=889546 -------------------------------------------------------------------------------- ================================================================================ perl-Perl-Stripper-0.04-1.fc17 (FEDORA-2013-2185) Yet another PPI-based Perl source code stripper -------------------------------------------------------------------------------- Update Information: Yet another PPI-based Perl source code stripper -------------------------------------------------------------------------------- References: [ 1 ] Bug #908788 - Review Request: perl-Perl-Stripper - Yet another PPI-based Perl source code stripper https://bugzilla.redhat.com/show_bug.cgi?id=908788 -------------------------------------------------------------------------------- ================================================================================ policycoreutils-2.1.13-27.3.fc17 (FEDORA-2013-2163) SELinux policy core utilities -------------------------------------------------------------------------------- Update Information: Remove boolean_name sub code Fix problem in post install Make auditallow -b work on all systems. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 24 2013 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-27.2 - Fix post install scripts to not use systemd macros * Wed Nov 7 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-27.1 - Fix audit2allow -b to work in all timezones * Wed Nov 7 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-27 - Only report restorecon warning for missing default label, if not running recusively - Update translations * Mon Nov 5 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-26 - Fix semanage booleans -l, move more boolean_dict handling into sepolicy - Update translations - Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name - Fix kill function call should indicate signal_perms not kill capability - Error out cleanly in system-config-selinux, if it can not contact XServer * Mon Nov 5 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-25 - Remove run_init, no longer needed with systemd. - Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch) * Sat Nov 3 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-24 - Fix manpage to generate proper man pages for alternate policy, basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as I pull the policy, policy.xml and file_contexts and file_contexts.homedir * Thu Nov 1 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-23 - Fix some build problems in sepolicy manpage and sepolicy transition * Tue Oct 30 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-22 - Add alias man pages to sepolicy manpage * Mon Oct 29 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-21 - Redesign sepolicy to only read the policy file once, not for every call * Mon Oct 29 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-20 - Fixes to sepolicy transition, allow it to list all transitions from a domain * Sat Oct 27 2012 Dan Walsh <dwalsh@xxxxxxxxxx> - 2.1.12-19 - Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network -------------------------------------------------------------------------------- References: [ 1 ] Bug #908773 - python: seobject - Cannot modify selinux bool https://bugzilla.redhat.com/show_bug.cgi?id=908773 [ 2 ] Bug #866296 - semanage: not possible to feed multiple commands from stdin https://bugzilla.redhat.com/show_bug.cgi?id=866296 [ 3 ] Bug #889508 - Non-fatal POSTIN scriptlet failure in rpm package policycoreutils-restorecond-2.1.13-27.1.fc17.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=889508 [ 4 ] Bug #855483 - allow2audit doesn't parse boot date correctly in all locales https://bugzilla.redhat.com/show_bug.cgi?id=855483 -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.1.0-1.fc17 (FEDORA-2013-2170) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: Fix to KojiProcessor.__name__ Processors for koji and planet messages.. Changes to git/scm messages. pkgdb messages. Fixes to git/scm messages. Koji usernames and links; fas legacy compat -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.8.2-1.fc17 (FEDORA-2013-2193) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: Add support for disabling package reporting, various cosmetic bug fixes. Dozens of bug fixes, new rct commands for examining manifests. Dozens of bug fixes, new rct commands for examining manifests. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 31 2013 Bryan Kearney <bkearney@xxxxxxxxxx> 1.8.2-1 - Add a default value for the report_package_profile setting (bkearney@xxxxxxxxxx) - Remove F16 releasers, add F18. (dgoodwin@xxxxxxxxxx) * Thu Jan 24 2013 Devan Goodwin <dgoodwin@xxxxxxxx> 1.8.1-1 - Do not retrieve the value unless the match is valid (bkearney@xxxxxxxxxx) - Only look for a single item as it is quicker and all we care about is zero or not zero (bkearney@xxxxxxxxxx) - Several small tweaks: (bkearney@xxxxxxxxxx) - Store off the len of the oid to save recalculating it more that once (bkearney@xxxxxxxxxx) - certificate.match will now only accept oids. (bkearney@xxxxxxxxxx) - Remove the use of exceptions to denote a return value of false. (bkearney@xxxxxxxxxx) - The email.utils module was named email.Utils in RHEL5 (bkearney@xxxxxxxxxx) - Make stylish issues resolved (bkearney@xxxxxxxxxx) - 772936: Warn the user when clock skew is detected. (bkearney@xxxxxxxxxx) - Improve logging for rhsmcertd scenarios (wpoteat@xxxxxxxxxx) - 845622: If an identity certificate has expired, there should be a friendly error message (wpoteat@xxxxxxxxxx) - Add international text to test automatic JSON encoding. (awood@xxxxxxxxxx) - 880070: Adding unicode encoding hook for simplejson. (awood@xxxxxxxxxx) - 848836: Remove trailing / from the handler in UEPConnection (bkearney@xxxxxxxxxx) - 884259: If LANG is unset, do not attempt to send up a default locale in redeem call (bkearney@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ roundcubemail-0.8.5-1.fc17 (FEDORA-2013-2177) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: A cross-site scripting (XSS) flaws were round in the way Round Cube Webmail, a browser-based multilingual IMAP client, performed sanitization of 'data' and 'vbscript' URLs. A remote attacker could provide a specially-crafted URL that, when opened would lead to arbitrary JavaScript, VisualBasic script or HTML code execution in the context of Round Cube Webmail's user session. Upstream ticket: [1] http://trac.roundcube.net/ticket/1488850 Further details: [2] http://trac.roundcube.net/attachment/ticket/1488850/RoundCube2XSS.pdf Upstream patch: [3] https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba References: [4] http://sourceforge.net/news/?group_id=139281&id=310213 [5] http://www.openwall.com/lists/oss-security/2013/02/07/11 [6] http://www.openwall.com/lists/oss-security/2013/02/08/1 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 0.8.5-1 - Latest upstream. * Mon Nov 19 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 0.8.4-1 - Latest upstream. * Mon Oct 29 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 0.8.2-3 - fix configuration for httpd 2.4 (#871123) * Sun Oct 28 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 0.8.2-2 - add fix for latest MDB2 (#870933) -------------------------------------------------------------------------------- References: [ 1 ] Bug #909304 - CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=909304 [ 2 ] Bug #909306 - CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=909306 -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.8.2-1.fc17 (FEDORA-2013-2193) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: Add support for disabling package reporting, various cosmetic bug fixes. Dozens of bug fixes, new rct commands for examining manifests. Dozens of bug fixes, new rct commands for examining manifests. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Bryan Kearney <bkearney@xxxxxxxxxx> 1.8.2-1 - Update tito for RHEL 7.0 (bkearney@xxxxxxxxxx) - Small cleanups for test_migrate (alikins@xxxxxxxxxx) - Write repofile once instead of during every iteration. (awood@xxxxxxxxxx) - Add unit test for migration script. (awood@xxxxxxxxxx) - Adding more tests for the migration script. (awood@xxxxxxxxxx) - Bump the required version of python-rhsm to pick up the new config file defaults (bkearney@xxxxxxxxxx) - Modify migration script tests to run on Fedora. (awood@xxxxxxxxxx) - Give users the ability to disable package reporting (bkearney@xxxxxxxxxx) - 891377: Note in deprecated string that auto-attach-interval is a command option (bkearney@xxxxxxxxxx) - 901612: Yum plugin warnings should go to stderr, not stdout (bkearney@xxxxxxxxxx) - 903298: Replace use of 'Register to' with 'Register with' (bkearney@xxxxxxxxxx) - Rewrite of the migration script featuring unit tests. (awood@xxxxxxxxxx) - Remove F16 and old cvs releasers, add F18. (dgoodwin@xxxxxxxxxx) * Thu Jan 24 2013 Devan Goodwin <dgoodwin@xxxxxxxx> 1.8.1-1 - Add two manifest commands to rct. (bkearney@xxxxxxxxxx) - latest translations from zanata (alikins@xxxxxxxxxx) - 895447: The count of subscriptions removed is zero for certs that have been imported. (wpoteat@xxxxxxxxxx) - 895462: Message for subscription-manager repos --list for disabled repo needs to be modified (wpoteat@xxxxxxxxxx) - 885964: After registration, recreate the UEP connection using the identity cert. (awood@xxxxxxxxxx) - 869306: Add org ID to facts dialog. (awood@xxxxxxxxxx) - 888853: Put output into proper columns regardless of the output language. (awood@xxxxxxxxxx) - Update python-rhsm requires version (wpoteat@xxxxxxxxxx) - 888052: Add all binaries to the makefile path for gettext string extraction (bkearney@xxxxxxxxxx) - 851303: additional term updates (dlackey@xxxxxxxxxxxxxx) - 844411: Add an --insecure option to subscription-manager. (awood@xxxxxxxxxx) - 891621: Users can incorrectly enter activation keys when registering to hosted. (awood@xxxxxxxxxx) - 889573: Only persist serverurl and baseurl when registering. (awood@xxxxxxxxxx) - 889204: Encode the unicode string to utf-8 to avoid syslog errors (bkearney@xxxxxxxxxx) - 889621: String substitution inside gettext causes message translations to never be found (bkearney@xxxxxxxxxx) - 890296: Unicode characters with a - are causing printing issues for rct printing (bkearney@xxxxxxxxxx) - 878269 (dlackey@xxxxxxxxxxxxxx) - 784056: Raise a running instance of the GUI to the forefront. (awood@xxxxxxxxxx) - 888968: Improve the gui message formatting for SLA selection (bkearney@xxxxxxxxxx) - 873601: Return a non zero code if subscription manager is run with an incorrect command name (bkearney@xxxxxxxxxx) - 839779: Improve messaging when autosubscribe does not work because of SLA (bkearney@xxxxxxxxxx) - 867603: Add quantity to confirm subscriptions dialog. (awood@xxxxxxxxxx) - 888790: Rebuild UEP connection after registering with activation keys. (awood@xxxxxxxxxx) - 886280; 878257; 878264; 878269 (dlackey@xxxxxxxxxxxxxx) - 814378: disable linkify if we are running as firstboot (alikins@xxxxxxxxxx) - 886887: Take the user back to the activation key page if he enters an invalid key. (awood@xxxxxxxxxx) - 863572: Make forward/back insensitive when registering (alikins@xxxxxxxxxx) - 825950: updating SAM registration procedure; other term edits and updated screenshot (dlackey@xxxxxxxxxxxxxx) - 885964: Do not make a getOwner call when not necessary. (awood@xxxxxxxxxx) - Ask for the org in environments and service-level modules. (awood@xxxxxxxxxx) - 886992: Fix for bad fix for 886604, wrong path for yum repos (alikins@xxxxxxxxxx) - matt reid's edits to rct; bz886280; bz878257; bz878269; bz878264 (dlackey@xxxxxxxxxxxxxx) - 841496: Do not use hyphens in bash completion files as these are invalid for identifiers in the sh shell. (bkearney@xxxxxxxxxx) - Improve logging for rhsmcertd scenarios (wpoteat@xxxxxxxxxx) - 878609: Do not use public url redirectors, instead use a redhat.com address (bkearney@xxxxxxxxxx) - 886604: Fix incorrect path in repos.d check (alikins@xxxxxxxxxx) - 727092: Read in the org key during registration if none is given. (awood@xxxxxxxxxx) - 845622: If an identity certificate has expired, there should be a friendly error message (wpoteat@xxxxxxxxxx) - 883123: Have the migration code use the name and the label for org and environment lookup. (bkearney@xxxxxxxxxx) - 886110: help blurb for --auto-attach formatted poorly (alikins@xxxxxxxxxx) - 880070: require latest python-rhsm to handle unicode issues (alikins@xxxxxxxxxx) - 798788: Results from subscription-manager facts --update after a server-side consumer was deleted. (wpoteat@xxxxxxxxxx) - 878634: Improve the consistency of capitalization of URL, ID, HTTP, and CPU (bkearney@xxxxxxxxxx) - 878657: Make consistent use of the term unregister instead of un-register (bkearney@xxxxxxxxxx) - 883735: load branding module slightly differently (jesusr@xxxxxxxxxx) - Stylish fix. (dgoodwin@xxxxxxxxxx) - 878664: Add bash completion script for rct (bkearney@xxxxxxxxxx) - 880764: Command line options which can be specified more than once should use the same help text (bkearney@xxxxxxxxxx) - 867070: Adjust default sizing of subscriptions pane in Installed Products tab. (awood@xxxxxxxxxx) - 873791: Expected exit codes from unsubscribe with multiple serial numbers (wpoteat@xxxxxxxxxx) - 800323: Set default output stream encoding to UTF-8. (awood@xxxxxxxxxx) - 862852: Fix double separator in redeem dialog. (dgoodwin@xxxxxxxxxx) - Display "None" if environments value is empty on consumer. (awood@xxxxxxxxxx) - 872351: Display environment in GUI facts dialog and CLI identity command. (awood@xxxxxxxxxx) - 881091: Remove punctuation in the help message (bkearney@xxxxxxxxxx) - Revert "878986: refactor to use curses/textwrap for format" (alikins@xxxxxxxxxx) - 877579: Fix -1 quantity to consume for unlimited pools. (dgoodwin@xxxxxxxxxx) - 881117: Add at-spi locator to redemption dialog. (awood@xxxxxxxxxx) - 881952: Warn and continue if encountering a failure during system deletion. (awood@xxxxxxxxxx) - 878820: Fix console error when yum.repos.d does not exist. (dgoodwin@xxxxxxxxxx) - 839772: Display "Not Set" instead of "" in SLA and release preferences. (awood@xxxxxxxxxx) - rev zanata branch version to 1.8.X (alikins@xxxxxxxxxx) - 878986: refactor to use curses/textwrap for format (alikins@xxxxxxxxxx) - 878986: Default to no line breaking if no stty is available (bkearney@xxxxxxxxxx) - 878588: Move the requires on usermode from subscription-manager-gui to subscription-manager (bkearney@xxxxxxxxxx) - 878648: Make the help usage formatting consistent for the rct and subscription manager commands (bkearney@xxxxxxxxxx) - 869046: Remove stray 'print' (jbowes@xxxxxxxxxx) - 864207: Autosubscribe should not run when all products are already subscribed. (wpoteat@xxxxxxxxxx) - 854702: Place the asterisk indicating editability into the quantity cell. (awood@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ xfce-theme-manager-0.2.4-1.fc17 (FEDORA-2013-2214) A theme manager for Xfce -------------------------------------------------------------------------------- Update Information: xfce-theme-manager updated to version 0.2.4. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 2 2013 Eduardo Echeverria <echevemaster@xxxxxxxxx> - 0.2.4-1 - Update to version 0.2.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #876043 - Review Request: xfce-theme-manager - A theme manager for Xfce https://bugzilla.redhat.com/show_bug.cgi?id=876043 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
