The following Fedora 17 Security updates need testing: Age URL 5 https://admin.fedoraproject.org/updates/FEDORA-2013-2589/pigz-2.2.5-1.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-2754/nss-pam-ldapd-0.7.16-3.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2766/mate-settings-daemon-1.5.4-3.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2789/yum-3.4.3-31.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2763/git-1.7.11.7-3.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2793/openssl-1.0.0k-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2874/Django-1.4.5-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2872/drupal7-7.20-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2845/bugzilla-4.0.10-1.fc17 30 https://admin.fedoraproject.org/updates/FEDORA-2013-1286/python-tw2-jquery-2.0.3-5.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-2315/rubygem-rack-1.4.0-4.fc17 48 https://admin.fedoraproject.org/updates/FEDORA-2013-0210/vdsm-4.10.0-13.fc17 14 https://admin.fedoraproject.org/updates/FEDORA-2013-2143/rubygem-rdoc-3.12-5.fc17 48 https://admin.fedoraproject.org/updates/FEDORA-2013-0231/ca-certificates-2012.87-1.fc17 44 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 44 https://admin.fedoraproject.org/updates/FEDORA-2012-19606/cups-1.5.4-18.fc17 73 https://admin.fedoraproject.org/updates/FEDORA-2012-20092/libproxy-0.4.11-1.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-2202/gnome-online-accounts-3.4.2-3.fc17 232 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 14 https://admin.fedoraproject.org/updates/FEDORA-2013-2023/tor-0.2.3.25-1700 21 https://admin.fedoraproject.org/updates/FEDORA-2013-1804/coreutils-8.15-10.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-2206/openssh-5.9p1-29.fc17 8 https://admin.fedoraproject.org/updates/FEDORA-2013-2450/pixman-0.28.0-1.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2858/orc-0.4.17-2.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2789/yum-3.4.3-31.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2793/openssl-1.0.0k-1.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-2709/perl-5.14.3-222.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-2582/python-bugzilla-0.8.0-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-2564/systemd-44-24.fc17 8 https://admin.fedoraproject.org/updates/FEDORA-2013-2428/libgtop2-2.28.4-3.fc17 8 https://admin.fedoraproject.org/updates/FEDORA-2013-2450/pixman-0.28.0-1.fc17 9 https://admin.fedoraproject.org/updates/FEDORA-2013-2368/lxpanel-0.5.12-1.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-2298/libdrm-2.4.42-1.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-2304/taglib-1.8-3.20121215git.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-2163/policycoreutils-2.1.13-27.3.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-2202/gnome-online-accounts-3.4.2-3.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-2206/openssh-5.9p1-29.fc17 14 https://admin.fedoraproject.org/updates/FEDORA-2013-2065/abrt-2.1.0-1.fc17,libreport-2.1.0-2.fc17 184 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 The following builds have been pushed to Fedora 17 updates-testing Django-1.4.5-1.fc17 RepetierHost-0.84-1.fc17 bugzilla-4.0.10-1.fc17 drupal7-7.20-1.fc17 fedora-review-0.4.0-4.fc17 imapsync-1.525-1.fc17 latex2rtf-2.3.2-1.fc17 openprops-0.6-4.fc17 orc-0.4.17-2.fc17 php-5.4.12-1.fc17 python-django-extensions-1.0.3-2.fc17 sks-1.1.4-1.fc17 tomcat-7.0.37-1.fc17 wordpress-plugin-bad-behavior-2.2.13-1.fc17 Details about builds: ================================================================================ Django-1.4.5-1.fc17 (FEDORA-2013-2874) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: update fix CVE-2013-0305, CVE-2013-0306 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 21 2013 Matthias Runge <mrunge@xxxxxxxxxx> - 1.4.5-1 - update fix CVE-2013-0305, CVE-2013-0306 -------------------------------------------------------------------------------- References: [ 1 ] Bug #913037 - Django: Host header poisoning hardening https://bugzilla.redhat.com/show_bug.cgi?id=913037 [ 2 ] Bug #913039 - Django: XML entity attacks https://bugzilla.redhat.com/show_bug.cgi?id=913039 [ 3 ] Bug #913041 - CVE-2013-0305 Django: Data leakage via admin history log https://bugzilla.redhat.com/show_bug.cgi?id=913041 [ 4 ] Bug #913042 - CVE-2013-0306 Django: Formset denial-of-service https://bugzilla.redhat.com/show_bug.cgi?id=913042 -------------------------------------------------------------------------------- ================================================================================ RepetierHost-0.84-1.fc17 (FEDORA-2013-2868) 3D printer control software -------------------------------------------------------------------------------- Update Information: New release fixind bugs and adding translations -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 20 2013 Miro Hrončok <mhroncok@xxxxxxxxxx> - 0.84-1 - New version -------------------------------------------------------------------------------- ================================================================================ bugzilla-4.0.10-1.fc17 (FEDORA-2013-2845) Bug tracking system -------------------------------------------------------------------------------- Update Information: This update fixes security issues that have been discovered in Bugzilla: * When viewing a bug report, a bug ID containing random code is not correctly sanitized in the HTML page if the specified page format is invalid. This can lead to XSS. * When running a query in debug mode, it is possible to determine if a given confidential field value (such as a product name) exists. Bugzilla 4.1 and newer are not affected by this issue. See the security advisory for more details: http://www.bugzilla.org/security/3.6.12/ -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 20 2013 Emmanuel Seyman <emmanuel@xxxxxxxxx> - 4.0.10-1 - Update to 4.0.10 (CVE-2013-0785, CVE-2013-0786) -------------------------------------------------------------------------------- ================================================================================ drupal7-7.20-1.fc17 (FEDORA-2013-2872) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: New upstream 7.20, resolves SA-CORE-2013-002. Release notes upstream: http://drupal.org/drupal-7.20-release-notes -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 21 2013 Paul W. Frields <stickster@xxxxxxxxx> - 7.20-1 - 7.20, SA-CORE-2013-002 (#913403) * Fri Jan 25 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 7.19-2 - README update for cron_key, BZ 902234. -------------------------------------------------------------------------------- References: [ 1 ] Bug #913403 - drupal7-7.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=913403 -------------------------------------------------------------------------------- ================================================================================ fedora-review-0.4.0-4.fc17 (FEDORA-2013-2839) Review tool for fedora rpm packages -------------------------------------------------------------------------------- Update Information: This bugfix fixes a bug with mock initialization Update to 0.4.0 and incorporate patch from Ralf Bean fixing fedora-create-review. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. This fixes problems with large docs check and incorrect handling of some package names. A small addition is also REVIEW_NO_MOCKGROUP_TEST which turns off verification of mock configuration that can be useful in certain non-standard configurations. Update to 0.4.0 and incorporate patch from Ralf Bean fixing fedora-create-review. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. This fixes problems with large docs check and incorrect handling of some package names. A small addition is also REVIEW_NO_MOCKGROUP_TEST which turns off verification of mock configuration that can be useful in certain non-standard configurations. Update to 0.4.0 and incorporate patch from Ralf Bean fixing fedora-create-review. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. - The deprecated JSON api has been removed. - Patch-naming check not mandated by GL is removed (#179). - New checks: * Bundled gnulib check (#53). * Run phpci static analyzer on php packages (#63). * Various scriptlet checks (#152). * Tmpfiles.d check (#156). * Bundled fonts check (#155). * Improper %_sourcedir usage test (#154). * Test that sources could be downloaded from SourceX: tag (#198) - Improved report layout (#135). - Improved console output, notably invisible yellow text fixed. (#185). - The report has got a fixed name 'review.txt'. - It's now possible to create a python plugin with some tests which becomes part of an existing group e. g., a plugin with one new php test (#182). - Improved handling of mock build failures (#79). - Make used buildroot more visible (#147). - New Guidelines update (#161). - Various internal refactoring and clean-ups: #134, #140, #145, #172 and a lot of commits... - Improved unit tests, notably for plugins. Unit tests are now packaged (#146, #163, many commits). - Roughly 20 other bugs fixed. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 19 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.4.0-4 - Fix rhbz912182 - Reorganize patches a bit * Fri Feb 8 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.4.0-3 - Fix rhbz908830 and rhbz908830 - Add patch for REVIEW_NO_MOCKGROUP_TEST environment variable - Remove old patch * Mon Feb 4 2013 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 0.4.0-2 - Add Patch0 (0001-Fix-syntax-error.patch) from Ralph Bean fixing fedora-create-review * Mon Jan 28 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.4.0-1 - Updating to upstream 0.4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #912182 - ERROR: chroot /var/lib/mock/fedora-rawhide-x86_64/root/ not initialized! https://bugzilla.redhat.com/show_bug.cgi?id=912182 [ 2 ] Bug #889087 - Unreadable colors in terminal with white background https://bugzilla.redhat.com/show_bug.cgi?id=889087 [ 3 ] Bug #881337 - AttributeError: 'GemCheckRequiresRubygems' object has no attribute 'spec_packages' https://bugzilla.redhat.com/show_bug.cgi?id=881337 [ 4 ] Bug #872898 - other Fatal error: Exception down the road https://bugzilla.redhat.com/show_bug.cgi?id=872898 [ 5 ] Bug #845651 - AttributeError: 'Source' object has no attribute 'filename' https://bugzilla.redhat.com/show_bug.cgi?id=845651 [ 6 ] Bug #908830 - check-large-docs.sh doesn't properly skip -doc subpackages https://bugzilla.redhat.com/show_bug.cgi?id=908830 -------------------------------------------------------------------------------- ================================================================================ imapsync-1.525-1.fc17 (FEDORA-2013-2870) Tool to migrate email between IMAP servers -------------------------------------------------------------------------------- Update Information: Upgrade to 1.525 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 20 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.525-1 - Upgrade to 1.525 -------------------------------------------------------------------------------- ================================================================================ latex2rtf-2.3.2-1.fc17 (FEDORA-2013-2848) LaTeX to RTF converter that handles equations, figures, and cross-references -------------------------------------------------------------------------------- Update Information: Update to newest stable release. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 15 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 2.3.2-1 - Update to 2.3.2. * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #911531 - latex2rtf-2.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=911531 -------------------------------------------------------------------------------- ================================================================================ openprops-0.6-4.fc17 (FEDORA-2013-2869) An improved java.util.Properties from OpenJDK -------------------------------------------------------------------------------- Update Information: OpenProps is a tiny Java library which reads and writes .properties files using the same code as java.util.Properties from the OpenJDK, but enhanced so that it preserves the order of entries within the file, and it also preserves comments in the file. This means that a Properties editor or a file converter written to use OpenProps won't have to lose comments or mess up the order of entries. By using OpenJDK code, OpenProps should handle all the old corner-cases in exactly the same way Java does. The handling of whitespace and comments is tested by a number of JUnit tests. But please let me know if you find a bug! Note the following differences from java.util.Properties: 1. preserves comments and the order of entries in the file 2. storeToXml doesn't use the Sun DTD (or any DTD) because it adds attributes for comments. 3. equals() and hashCode() won't work the same way as with java.util.Properties, because they are no longer inherited from Hashtable. All you get is identity equality/hashcode. Also note that any header comment in the .properties file will be interpreted as a comment attached to the first message. -------------------------------------------------------------------------------- References: [ 1 ] Bug #908168 - Review Request: openprops - A fork of java.util.Properties from OpenJDK https://bugzilla.redhat.com/show_bug.cgi?id=908168 -------------------------------------------------------------------------------- ================================================================================ orc-0.4.17-2.fc17 (FEDORA-2013-2858) The Oil Run-time Compiler -------------------------------------------------------------------------------- Update Information: Update to 0.4.17 with compatability and bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 20 2013 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.4.17-2 - Fix typo rhbz#817944 * Wed Feb 20 2013 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.4.17-1 - Update to latest upstream release - Removed obsolete patches * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.16-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sat Jan 19 2013 Daniel Drake <dsd@xxxxxxxxxx> - 0.4.16-7 - Fix fallback path when register allocation fails - Fixes gstreamer-1.0 crash on OLPC XO-1.75 * Fri Jul 27 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.16-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #913017 - orc-0.4.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=913017 -------------------------------------------------------------------------------- ================================================================================ php-5.4.12-1.fc17 (FEDORA-2013-2875) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: RPM changes: * enable tokyocabinet support in dba extension Upstream changelog - 21 Feb 2012, PHP 5.4.12 Core: * Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes) * Fixed bug #64011 (get_html_translation_table() output incomplete with HTML_ENTITIES and ISO-8859-1). (Gustavo) * Fixed bug #63982 (isset() inconsistently produces a fatal error on protected property). (Stas) * Fixed bug #63943 (Bad warning text from strpos() on empty needle). (Laruence) * Fixed bug #63899 (Use after scope error in zend_compile). (Laruence) * Fixed bug #63893 (Poor efficiency of strtr() using array with keys of very different length). (Gustavo) * Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry) * Fixed bug #63462 (Magic methods called twice for unset protected properties). (Stas) * Fixed bug #62524 (fopen follows redirects for non-3xx statuses). (Wes Mason) * Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars) Date: * Fixed bug #63699 (Performance improvements for various ext/date functions). (Lars, original patch by njaguar at gmail dot com) * Fixed bug #55397: Comparsion of incomplete DateTime causes SIGSEGV. (Derick) SOAP: * Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry) * Disabled external entities loading (CVE-2013-1643). (Dmitry) sqlite3: * Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API). (srgoogleguy, Lars) PDO_sqlite: * Fixed bug #63916 (PDO::PARAM_INT casts to 32bit int internally even on 64bit builds in pdo_sqlite). (srgoogleguy, Lars) -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 20 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.4.12-1 - update to 5.4.12 - security fixes for CVE-2013-1635 and CVE-2013-1643 - enable tokyocabinet dba handler - upstream patch (5.4.13) to fix dval to lval conversion https://bugs.php.net/64142 - upstream patch (5.4.13) for 2 failed tests - fix buit-in web server on ppc64 (fdset usage) https://bugs.php.net/64128 -------------------------------------------------------------------------------- ================================================================================ python-django-extensions-1.0.3-2.fc17 (FEDORA-2013-2840) Extensions for Django -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #907538 - Review Request: python-django-extensions - extensions for Django https://bugzilla.redhat.com/show_bug.cgi?id=907538 -------------------------------------------------------------------------------- ================================================================================ sks-1.1.4-1.fc17 (FEDORA-2013-2865) Synchronizing Key Server -------------------------------------------------------------------------------- Update Information: Upgrade to 1.1.4 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 20 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.1.4-1 - Upgrade to 1.1.4 * Wed Feb 20 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.1.3-5 - Fix broken build * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Fri Jul 27 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ tomcat-7.0.37-1.fc17 (FEDORA-2013-2876) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API -------------------------------------------------------------------------------- Update Information: Updated to 7.0.37 - Updated to 7.0.35 - systemd SuccessExitStatus=143 for proper stop exit code processing - Updated to 7.0.35 - ecj >= 4.2.1 now required - Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 20 2013 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> 0:7.0.37-1 - Updated to 7.0.37 * Mon Feb 4 2013 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> 0:7.0.35-1 - Updated to 7.0.35 * Mon Dec 24 2012 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> 0:7.0.34-1 - Updated to 7.0.34 - ecj >= 4.2.1 now required - Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME -------------------------------------------------------------------------------- References: [ 1 ] Bug #912648 - tomcat-7.0.37 is available https://bugzilla.redhat.com/show_bug.cgi?id=912648 [ 2 ] Bug #895932 - tomcat-7.0.35 is available https://bugzilla.redhat.com/show_bug.cgi?id=895932 [ 3 ] Bug #889395 - Tomcat adds colon to the beginning of the classpath; problem with automount https://bugzilla.redhat.com/show_bug.cgi?id=889395 -------------------------------------------------------------------------------- ================================================================================ wordpress-plugin-bad-behavior-2.2.13-1.fc17 (FEDORA-2013-2847) Bad Behavior plugin for WordPress -------------------------------------------------------------------------------- Update Information: Upgrade to 2.2.13 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 20 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 2.2.13-1 - Upgrade to 2.2.13 * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.42-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.42-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #903859 - Plugin is out of date https://bugzilla.redhat.com/show_bug.cgi?id=903859 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
