The following Fedora 17 Security updates need testing: Age URL 247 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 63 https://admin.fedoraproject.org/updates/FEDORA-2013-0210/vdsm-4.10.0-13.fc17 63 https://admin.fedoraproject.org/updates/FEDORA-2013-0231/ca-certificates-2012.87-1.fc17 59 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 36 https://admin.fedoraproject.org/updates/FEDORA-2013-1804/coreutils-8.15-10.fc17 29 https://admin.fedoraproject.org/updates/FEDORA-2013-2143/rubygem-rdoc-3.12-5.fc17 29 https://admin.fedoraproject.org/updates/FEDORA-2013-2023/tor-0.2.3.25-1700 25 https://admin.fedoraproject.org/updates/FEDORA-2013-2315/rubygem-rack-1.4.0-4.fc17 16 https://admin.fedoraproject.org/updates/FEDORA-2013-2789/yum-3.4.3-31.fc17 15 https://admin.fedoraproject.org/updates/FEDORA-2013-2874/Django-1.4.5-1.fc17 15 https://admin.fedoraproject.org/updates/FEDORA-2013-2845/bugzilla-4.0.10-1.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-2984/libtasn1-2.14-1.fc17,gnutls-2.12.23-1.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-3079/nss-3.14.3-1.fc17,nss-softokn-3.14.3-1.fc17,nss-util-3.14.3-1.fc17,nspr-4.9.5-2.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-3270/sudo-1.8.6p7-1.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-3382/zfs-fuse-0.7.0-3.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-3437/euca2ools-2.1.3-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-3227/mediawiki-1.19.4-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-3438/mingw-gnutls-2.12.23-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-3439/telepathy-gabble-0.16.5-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-3443/perl-5.14.3-223.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-3457/poppler-0.18.4-4.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-3116/krb5-1.10.2-9.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-3538/icu-4.8.1.1-5.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-3638/kernel-3.8.2-105.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 199 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 29 https://admin.fedoraproject.org/updates/FEDORA-2013-2065/abrt-2.1.0-1.fc17,libreport-2.1.0-2.fc17 28 https://admin.fedoraproject.org/updates/FEDORA-2013-2163/policycoreutils-2.1.13-27.3.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-2984/libtasn1-2.14-1.fc17,gnutls-2.12.23-1.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-3119/python-pycurl-7.19.0-11.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-3079/nss-3.14.3-1.fc17,nss-softokn-3.14.3-1.fc17,nss-util-3.14.3-1.fc17,nspr-4.9.5-2.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-3276/createrepo-0.9.9-12.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-3270/sudo-1.8.6p7-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-3360/qt-4.8.4-14.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-3466/selinux-policy-3.10.0-168.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-3443/perl-5.14.3-223.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-3435/python-bugzilla-0.8.0-2.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-3494/iproute-3.3.0-6.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-3554/dosfstools-3.0.16-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-3595/perl-Net-HTTP-6.05-2.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-3607/perl-libwww-perl-6.03-3.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-3598/xorg-x11-drv-intel-2.21.3-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-3638/kernel-3.8.2-105.fc17 The following builds have been pushed to Fedora 17 updates-testing kernel-3.8.2-105.fc17 nordugrid-arc-2.0.1-4.fc17 oz-0.10.0-1.fc17 php-Pimple-1.0.2-1.fc17 php-channel-dropbox-php-1.3-3.fc17 php-dropbox-php-Dropbox-1.0.0-4.fc17 pidgin-sipe-1.15.0-1.fc17 python-collada-0.4-3.fc17 python-rhsm-1.8.7-1.fc17 python-virtualenvwrapper-3.6.1-1.fc17 root-5.32.04-2.fc17 screengrab-0.9.96-2.fc17 squid-3.2.8-2.fc17 xrootd-3.3.1-1.fc17 Details about builds: ================================================================================ kernel-3.8.2-105.fc17 (FEDORA-2013-3638) The Linux kernel -------------------------------------------------------------------------------- Update Information: Rebase to 3.8.2. Numerous bugfixes and security fixes. Update to stable kernel 3.7.10 contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 8 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - 3.8.2-105 - Add patch to fix 32-bit turbostat build with older glibc-headers * Fri Mar 8 2013 Justin M. Forbes <jforbes@xxxxxxxxxx> - Revert "write backlight harder" until better solution is found (rhbz 917353) * Fri Mar 8 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - CVE-2013-1828 sctp: SCTP_GET_ASSOC_STATS stack buffer overflow (rhbz 919315 919316) * Fri Mar 8 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - Have kernel provide kernel-highbank for upgrade to unified - Update mvebu configs - Drop unused ARM patches * Thu Mar 7 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - Fix DMI regression (rhbz 916444) - Fix logitech-dj HID bug from Benjamin Tissoires (rhbz 840391) - CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021) * Wed Mar 6 2013 Justin M. Forbes <jforbes@xxxxxxxxxx> - Remove Ricoh multifunction DMAR patch as it's no longer needed (rhbz 880051) - Fix destroy_conntrack GPF (rhbz 859346) * Wed Mar 6 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - crypto: info leaks in report API (rhbz 918512 918521) * Tue Mar 5 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - Update ARM configs for 3.8. Fix beagle (OMAP), update vexpress * Tue Mar 5 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - CVE-2013-1819 xfs: _xfs_buf_find oops on blocks beyond the filesystem end (rhbz 918009,918070) - Backport 4 fixes for efivarfs (rhbz 917984) * Mon Mar 4 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - Fix issues in nx crypto driver from Kent Yoder (rhbz 916544) * Mon Mar 4 2013 Justin M. Forbes <jforbes@xxxxxxxxxx> - Add audit-libs-devel to perf build-deps to enable trace command. (rhbz 892893) * Mon Mar 4 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - Linux v3.8.2 * Fri Mar 1 2013 Justin M. Forbes <jforbes@xxxxxxxxxx> - 3.8.1-101 - Linux v3.8.1 - Drop SPARC64 support - Silence "tty is NULL" trace. * Fri Mar 1 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - Add patches to fix sunrpc panic (rhbz 904870) * Wed Feb 27 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - Update ARM config to enable SPI and a few other cleanups * Wed Feb 27 2013 Justin M. Forbes <jforbes@xxxxxxxxxx> - 3.7.10-101 - Linux v3.7.10 * Tue Feb 26 2013 Justin M. Forbes <jforbes@xxxxxxxxxx> - Avoid recursion in put_user_ns, potential overflow * Tue Feb 26 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - CVE-2013-1767 tmpfs: fix use-after-free of mempolicy obj (rhbz 915592,915716) - Fix vmalloc_fault oops during lazy MMU (rhbz 914737) * Mon Feb 25 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - Honor dmesg_restrict for /dev/kmsg (rhbz 903192) -------------------------------------------------------------------------------- References: [ 1 ] Bug #918009 - CVE-2013-1819 kernel: xfs: _xfs_buf_find oops on blocks beyond the filesystem end https://bugzilla.redhat.com/show_bug.cgi?id=918009 [ 2 ] Bug #916646 - CVE-2013-1792 Kernel: keys: race condition in install_user_keyrings() https://bugzilla.redhat.com/show_bug.cgi?id=916646 [ 3 ] Bug #918512 - CVE-2013-1825 kernel: crypto: info leaks in report API https://bugzilla.redhat.com/show_bug.cgi?id=918512 [ 4 ] Bug #919315 - CVE-2013-1828 kernel: sctp: SCTP_GET_ASSOC_STATS stack buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=919315 [ 5 ] Bug #915592 - CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object https://bugzilla.redhat.com/show_bug.cgi?id=915592 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-2.0.1-4.fc17 (FEDORA-2013-3619) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: Update to xrootd 3.3.1. http://xrootd.cern.ch/cgi-bin/cgit.cgi/xrootd/tree/docs/ReleaseNotes.txt?id=v3.3.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 8 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.0.1-4 - Rebuild for xrootd 3.3 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ oz-0.10.0-1.fc17 (FEDORA-2013-3631) Library and utilities for automated guest OS installs -------------------------------------------------------------------------------- Update Information: Update to Oz 0.10.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 9 2013 Chris Lalancette <clalancette@xxxxxxxxx> - 0.10.0-1 - Update to release 0.10.0 -------------------------------------------------------------------------------- ================================================================================ php-Pimple-1.0.2-1.fc17 (FEDORA-2013-3640) A simple Dependency Injection Container for PHP -------------------------------------------------------------------------------- Update Information: Version 1.0.2 v1.0.1 to v1.0.2 change log: https://github.com/fabpot/Pimple/compare/v1.0.1...v1.0.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 8 2013 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> 1.0.2-1 - Updated to upstream version 1.0.2 - Updates per new Fedora packaging guidelines for Git repos - Removed tests * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #919558 - php-Pimple-1.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=919558 -------------------------------------------------------------------------------- ================================================================================ php-channel-dropbox-php-1.3-3.fc17 (FEDORA-2013-3616) Adds the Dropbox-PHP channel to PEAR -------------------------------------------------------------------------------- Update Information: Library for integrating dropbox with PHP -------------------------------------------------------------------------------- ================================================================================ php-dropbox-php-Dropbox-1.0.0-4.fc17 (FEDORA-2013-3616) Library for integrating dropbox with PHP -------------------------------------------------------------------------------- Update Information: Library for integrating dropbox with PHP -------------------------------------------------------------------------------- ================================================================================ pidgin-sipe-1.15.0-1.fc17 (FEDORA-2013-3634) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information: New upstream release: * added support for Kerberos & Negotiate authentication in HTTP connections * added support for DNS A record search in server auto-discovery * added setting to suppress calendar information publishing * unified Single Sign-On (SSO) handling in all places * if SSO has been selected then Login & Password will be **ignored**! * please make sure to check the settings of existing accounts after updating -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 9 2013 Stefan Becker <chemobejk@xxxxxxxxx> - 1.15.0-1 - update to 1.15.0: - added support for Kerberos & Negotiate authentication in HTTP connections - added support for DNS A record search in server auto-discovery - added setting to suppress calendar information publishing - unified Single Sign-On (SSO) handling in all places -------------------------------------------------------------------------------- ================================================================================ python-collada-0.4-3.fc17 (FEDORA-2013-3612) A python module for creating, editing and loading COLLADA -------------------------------------------------------------------------------- Update Information: New package python-collada successfully built for Fedora and EPEL. -------------------------------------------------------------------------------- References: [ 1 ] Bug #903732 - Review Request: python-collada - A python module for creating, editing and loading COLLADA https://bugzilla.redhat.com/show_bug.cgi?id=903732 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.8.7-1.fc17 (FEDORA-2013-3639) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: Switched to leveraging server side API calls rather than local code for determining entitlement status. Addition of new plugin framework. Numerous bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 7 2013 Devan Goodwin <dgoodwin@xxxxxxxx> 1.8.7-1 - 912776: Improve error message (wpoteat@xxxxxxxxxx) - Add a method to get compliance status for a consumer. (awood@xxxxxxxxxx) * Mon Mar 4 2013 William Poteat <wpoteat@xxxxxxxxxx> 1.8.6-1 - Add a get_int method to RhsmConfigParser (alikins@xxxxxxxxxx) * Tue Feb 19 2013 Alex Wood <awood@xxxxxxxxxx> 1.8.5-1 - 908671: Adding pool id to entitlement certificate. (awood@xxxxxxxxxx) * Tue Feb 19 2013 Alex Wood <awood@xxxxxxxxxx> - 908671: Adding pool id to entitlement certificate. (awood@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ python-virtualenvwrapper-3.6.1-1.fc17 (FEDORA-2013-3622) Enhancements to virtualenv -------------------------------------------------------------------------------- Update Information: Latest upstream Latest upstream. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 8 2013 Ralph Bean <rbean@xxxxxxxxxx> - 3.6.1-1 - Latest upstream * Mon Feb 25 2013 Ralph Bean <rbean@xxxxxxxxxx> - 3.6-1 - Latest upstream * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #849415 - python-virtualenvwrapper-3.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=849415 -------------------------------------------------------------------------------- ================================================================================ root-5.32.04-2.fc17 (FEDORA-2013-3619) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: Update to xrootd 3.3.1. http://xrootd.cern.ch/cgi-bin/cgit.cgi/xrootd/tree/docs/ReleaseNotes.txt?id=v3.3.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 8 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.32.04-2 - Rebuild for xrootd 3.3 - Backport gfal fixes -------------------------------------------------------------------------------- ================================================================================ screengrab-0.9.96-2.fc17 (FEDORA-2013-3617) Screen grabber -------------------------------------------------------------------------------- Update Information: This is a crossplatform application designed to quickly get screenshots ScreenGrab created using the Qt Framework. -------------------------------------------------------------------------------- References: [ 1 ] Bug #919044 - Review Request: screengrab - Qt-based screen grabber https://bugzilla.redhat.com/show_bug.cgi?id=919044 -------------------------------------------------------------------------------- ================================================================================ squid-3.2.8-2.fc17 (FEDORA-2013-3623) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: This update provides latest upstream version of Squid cache software and fixes problems with NCSA authentication. Run "squid -k parse" for audit your configuration files. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 9 2013 Michal Luscon <mluscon@xxxxxxxxxx> - 7:3.2.8-2 - Resolved: #896127 - basic_ncsa_auth does not work * Fri Mar 8 2013 Michal Luscon <mluscon@xxxxxxxxxx> - 7:3.2.8-1 - Update to latest upstream version 3.2.8 -------------------------------------------------------------------------------- ================================================================================ xrootd-3.3.1-1.fc17 (FEDORA-2013-3619) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: Update to xrootd 3.3.1. http://xrootd.cern.ch/cgi-bin/cgit.cgi/xrootd/tree/docs/ReleaseNotes.txt?id=v3.3.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 6 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1:3.3.1-1 - Update to version 3.3.1 - Remove the java package - no longer part of upstream sources - Drop patches fixed upstream: xrootd-cryptoload.patch, xrootd-init.patch and xrootd-perl.patch - Drop obsolete patch: xrootd-java.patch - Add private-devel package for deprecated header files * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:3.2.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jan 17 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1:3.2.7-1 - Update to version 3.2.7 - Split libs package into libs, client-libs and server-libs - Split devel package into devel, client-devel and server-devel * Fri Oct 12 2012 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1:3.2.5-1 - Update to version 3.2.5 * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:3.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed Jul 11 2012 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1:3.2.2-1 - Update to version 3.2.2 * Mon Jun 11 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 1:3.2.1-2 - Perl 5.16 rebuild * Thu May 17 2012 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1:3.2.1-1 - Update to version 3.2.1 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
