The following Fedora 18 Security updates need testing: Age URL 81 https://admin.fedoraproject.org/updates/FEDORA-2013-0416/fedora-business-cards-1-0.1.beta1.fc18 50 https://admin.fedoraproject.org/updates/FEDORA-2013-2131/rubygem-rdoc-3.12-6.fc18 46 https://admin.fedoraproject.org/updates/FEDORA-2013-2306/rubygem-rack-1.4.0-5.fc18 14 https://admin.fedoraproject.org/updates/FEDORA-2013-3891/php-5.4.13-1.fc18 14 https://admin.fedoraproject.org/updates/FEDORA-2013-3935/puppet-3.1.1-1.fc18 9 https://admin.fedoraproject.org/updates/FEDORA-2013-4050/squid-3.2.9-1.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-4243/stunnel-4.55-1.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2012-20578/nodejs-0.10.1-1.fc18,libuv-0.10.0-2.git5462dab.fc18,v8-3.14.5.8-1.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4319/mantis-1.2.14-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-4403/mingw-openssl-1.0.1e-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-4387/moodle-2.3.6-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-4447/py-bcrypt-0.3-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-4507/libxslt-1.1.28-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4525/bind-9.9.2-10.P2.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4564/roundcubemail-0.8.6-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4539/mongodb-2.2.3-4.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4532/drupal7-rules-2.3-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4537/libarchive-3.0.4-4.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4566/asterisk-11.2.2-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4541/httpd-2.4.4-2.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4460/freeipa-3.1.3-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4590/openstack-keystone-2012.2.3-5.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4578/389-ds-base-1.3.0.5-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4592/mingw-libarchive-3.0.4-4.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4571/libuser-0.58-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4593/ngircd-20.2-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4589/tomcat6-6.0.36-2.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 167 https://admin.fedoraproject.org/updates/FEDORA-2012-16107/xorg-x11-drv-qxl-0.1.0-1.fc18 165 https://admin.fedoraproject.org/updates/FEDORA-2012-16207/thunderbird-lightning-1.8-1.fc18,thunderbird-16.0.1-2.fc18 79 https://admin.fedoraproject.org/updates/FEDORA-2013-0541/mdadm-3.2.6-11.fc18 49 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 38 https://admin.fedoraproject.org/updates/FEDORA-2013-2726/pulseaudio-2.1-7.fc18 24 https://admin.fedoraproject.org/updates/FEDORA-2013-3458/iproute-3.6.0-7.fc18,iptables-1.4.18-1.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-4006/dnsmasq-2.65-5.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-4251/selinux-policy-3.11.1-87.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-4219/audit-2.2.3-2.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-4159/docbook-style-xsl-1.78.1-1.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-4221/python-slip-0.4.0-1.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4295/libnotify-0.7.5-5.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-4406/yum-3.4.3-53.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-4507/libxslt-1.1.28-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-4493/perl-5.16.3-241.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-4485/bind-dyndb-ldap-2.6-1.fc18,bind-9.9.2-9.P1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-4429/redland-1.0.15-3.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-4425/libosinfo-0.2.6-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4537/libarchive-3.0.4-4.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4549/network-manager-applet-0.9.8.1-1.git20130327.fc18,NetworkManager-0.9.8.1-1.git20130327.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4571/libuser-0.58-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4573/emacs-24.2-15.fc18 The following builds have been pushed to Fedora 18 updates-testing 389-ds-base-1.3.0.5-1.fc18 SimplyHTML-0.16.7-1.fc18 cqrlog-1.5.4-1.fc18 emacs-24.2-15.fc18 freeipa-3.1.3-3.fc18 gnome-abrt-0.2.10-1.fc18 java-1.7.0-openjdk-1.7.0.17-2.3.8.3.fc18 libuser-0.58-3.fc18 megaglest-3.7.1-6.fc18 mingw-libarchive-3.0.4-4.fc18 mingw-qt5-qtbase-5.0.1-4.fc18 mingw-qt5-qtjsbackend-5.0.1-1.fc18 mingw-qt5-qtscript-5.0.1-1.fc18 mingw-qt5-qttools-5.0.1-1.fc18 nfsometer-1.5-1.fc18 ngircd-20.2-1.fc18 openstack-keystone-2012.2.3-5.fc18 python-matplotlib-1.2.0-10.fc18 python-rhsm-1.8.8-1.fc18 qpdfview-0.4.1-1.fc18 subscription-manager-1.8.5-1.fc18 tomcat6-6.0.36-2.fc18 tudu-0.8.2-1.fc18 yum-langpacks-0.3.1-1.fc18 Details about builds: ================================================================================ 389-ds-base-1.3.0.5-1.fc18 (FEDORA-2013-4578) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: This release fixes 7 critical bugs including one security bug. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 28 2013 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.0.5-1 - bump version to 1.3.0.5 - Ticket 47308 - unintended information exposure when anonymous access is set to rootdse - Ticket 628 - crash in aci evaluation - Ticket 627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so - Ticket 634 - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up - Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC - Ticket 623 - cleanAllRUV task fails to cleanup config upon completion -------------------------------------------------------------------------------- References: [ 1 ] Bug #928105 - CVE-2013-1897 389-ds: unintended information exposure when rootdse is enabled https://bugzilla.redhat.com/show_bug.cgi?id=928105 -------------------------------------------------------------------------------- ================================================================================ SimplyHTML-0.16.7-1.fc18 (FEDORA-2013-4585) Application and a java component for rich text processing -------------------------------------------------------------------------------- Update Information: - update to latest upstream version -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 29 2013 Johannes Lips <hannes@xxxxxxxxxxxxxxxxx> 0.16.7-1 - update to latest upstream version -------------------------------------------------------------------------------- ================================================================================ cqrlog-1.5.4-1.fc18 (FEDORA-2013-4579) An amateur radio contact logging program -------------------------------------------------------------------------------- Update Information: * Upgrade to version 1.5.4 * fixed problem with MASTER.SCP * added support for Super Check Partial (Window -> Super Check Partial) * added Tune function (for WinKeyerUSB and cwdaemon), hotkey CTRL+T * added Repair table function to database connection window (Utils button) * improved export for QSL labels printing (labels are sorted by dxcc, you can choose what fields will be be printed) * updated membership tables * fixed program crash when editing DX cluster info * CW keys window doesn't show caption for F9 and F10 keys * ADIF export ignored delimitter in TX_PWR (0.5 was exported as 05) * CQRLOG killed rigctld even when autostart was disabled * double click to spots listed with SH/DX didn't work * QSO list window showed filter is enabled after reopen (filter was disabled) * login to eQSL with password containing special character didn't work * when QSO passed over the midnight, the qso was saved with wrong date -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 29 2013 Eric "Sparks" Christensen - 1.5.4-1 - Upgrade to version 1.5.4 - fixed problem with MASTER.SCP - added support for Super Check Partial (Window -> Super Check Partial) - added Tune function (for WinKeyerUSB and cwdaemon), hotkey CTRL+T - added Repair table function to database connection window (Utils button) - improved export for QSL labels printing (labels are sorted by dxcc, you can choose what fields will be be printed) - updated membership tables - fixed program crash when editing DX cluster info - CW keys window doesn't show caption for F9 and F10 keys - ADIF export ignored delimitter in TX_PWR (0.5 was exported as 05) - CQRLOG killed rigctld even when autostart was disabled - double click to spots listed with SH/DX didn't work - QSO list window showed filter is enabled after reopen (filter was disabled) - login to eQSL with password containing special character didn't work - when QSO passed over the midnight, the qso was saved with wrong date * Thu Feb 28 2013 Eric "Sparks" Christensen - 1.5.2-6 - Fixed OpenSSL requirements -------------------------------------------------------------------------------- ================================================================================ emacs-24.2-15.fc18 (FEDORA-2013-4573) GNU Emacs text editor -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 28 2013 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.2-15 - Fix for emacs bug 112144, style_changed_cb (#922519) - Fix for emacs bug 112131, bell does not work (#526719) * Tue Mar 26 2013 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.2-14 - fixing distribution flags to rhel instead of el6:1 * Mon Mar 18 2013 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.2-13 - solved problem with distribution flag in case of rhel * Mon Mar 18 2013 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.2-12 - solved problem with distribution flag in case of rhel * Fri Mar 8 2013 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1:24.2-11 - Remove %config from %{_sysconfdir}/rpm/macros.* (https://fedorahosted.org/fpc/ticket/259). - Fix broken spec-file changelog entry. * Wed Mar 6 2013 Tomáš Mráz <tmraz@xxxxxxxxxx> - 1:24.2-10 - Rebuild with new gnutls -------------------------------------------------------------------------------- References: [ 1 ] Bug #922519 - [abrt] emacs-24.2-6.fc18: style_changed_cb: Process /usr/bin/emacs-24.2 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=922519 -------------------------------------------------------------------------------- ================================================================================ freeipa-3.1.3-3.fc18 (FEDORA-2013-4460) The Identity, Policy and Audit system -------------------------------------------------------------------------------- Update Information: Update to upstream 3.1.3. Add fix for CVE-2013-0336 389-ds-base: DoS when connecting with a missing username/dn -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 29 2013 Martin Kosek <mkosek@xxxxxxxxxx> - 3.1.3-3 - DoS when connecting with a missing username/dn (#928387) * Thu Mar 28 2013 Martin Kosek <mkosek@xxxxxxxxxx> - 3.1.3-2 - Avoid running ipa-ldap-updater twice * Tue Mar 26 2013 Martin Kosek <mkosek@xxxxxxxxxx> - 3.1.3-1 - Update to upstream 3.1.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #913751 - CVE-2013-0336 389-ds-base: DoS when connecting with a missing username/dn https://bugzilla.redhat.com/show_bug.cgi?id=913751 -------------------------------------------------------------------------------- ================================================================================ gnome-abrt-0.2.10-1.fc18 (FEDORA-2013-4586) A utility for viewing problems that have occurred with the system -------------------------------------------------------------------------------- Update Information: This is an update that fixes problems with errors handling and adds a dialog for reporting problems with ABRT. This is an update which in most improves stability and introduces: * Truncate long texts with ellipsis * Add a popopup menu for list of problems * Don't allow reporting if the problem is not reportable * Suggest reporting a bug if it wasn't reported yet * Allow only a single instance of gnome-abrt -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 27 2013 Jakub Filak <jfilak@xxxxxxxxxx> 0.2.10-1 - Add the report dialog to the menu - Add 'Report problem with ABRT' dialog - Add VERSION and PACKAGE attributes to gnome_abrt module - Rename attribute in errors.InvalidProblem - Use IOChannel approach in order to make signal handling synchronous - Add all python Requires to BuildRequires because of pylint - Replace GNU style make pattern rules by implicit rules - Remove left-over RELEASE varible from configure.ac - Recover from DBus errors while sending command line - Catch more exceptions and handle them correctly - Add pylint check and fix problems uncoverend by pylint - Filter out empyt strings from splitted cmdline - Fix sytanx error - Change the label "No oopses" to "No problems detected" - Get rid of scrollbar around the text on the bottom of window in default size - Fix appearance of scrolled widgets to no longer have white background - Remove leftover shebang from non-executable script - Resolves: #92486, #927434, #928796, #928772 * Mon Mar 18 2013 Jakub Filak <jfilak@xxxxxxxxxx> 0.2.9-1 - Truncate long texts with ellipsis instead of auto-adjusting of window width - Add a popopup menu for list of problems - Use executable's basename as an application name instead of the full path - Remove invalid problems from GUI tree view list - Remove invalid problems from the dbus cache - Robustize the processing of newly occurred problems - Remove a left-over usage of the window member in OopsApplication - Handle reaching inotify max watches better - Update translation - Don't allow reporting if the problem is not reportable - Suggest reporting a bug if it wasn't reported yet - Simplify the glade file and add a widget for messages - Refactorize the function rendering a problem data - A workaround for the bug in remote GtkApplications - Allow only a single instance of gnome-abrt - Fix bugs in main window in handler of configuration updates - Resolves: #910317, #918771, #922649, #922652 -------------------------------------------------------------------------------- References: [ 1 ] Bug #927434 - gnome-abrt calls gtk functions from unix signal handler https://bugzilla.redhat.com/show_bug.cgi?id=927434 [ 2 ] Bug #924856 - gnome-abrt crashes if cmdline item contains extra whitespace https://bugzilla.redhat.com/show_bug.cgi?id=924856 [ 3 ] Bug #928772 - the secondary gnome-abrt instance fails if sending command line arguments over dbus returns an error https://bugzilla.redhat.com/show_bug.cgi?id=928772 [ 4 ] Bug #910317 - Suggest reporting a bug if it wasn't reported yet https://bugzilla.redhat.com/show_bug.cgi?id=910317 [ 5 ] Bug #918771 - gnome-abrt dies if it reaches inotify max watches https://bugzilla.redhat.com/show_bug.cgi?id=918771 [ 6 ] Bug #922649 - gnome-abrt doesn't recover from errors caused by accessing of invalid problems https://bugzilla.redhat.com/show_bug.cgi?id=922649 [ 7 ] Bug #922652 - Interface enhancement https://bugzilla.redhat.com/show_bug.cgi?id=922652 [ 8 ] Bug #928769 - gnome-abrt abrt fails if invalid problem is selected https://bugzilla.redhat.com/show_bug.cgi?id=928769 -------------------------------------------------------------------------------- ================================================================================ java-1.7.0-openjdk-1.7.0.17-2.3.8.3.fc18 (FEDORA-2013-4595) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: - added manual deletion of classes.jsa - ghost classes.jsa restricted to jitarches and to full path - zlib in BuildReq restricted for 1.2.3-7 or higher - see https://bugzilla.redhat.com/show_bug.cgi?id=904231 - Removed a -icedtea tag from the version - package have less and less connections to icedtea7 - Added and applied patch500 java-1.7.0-openjdk-fixZeroAllocFailure.patch - to fix not-jit arches build - is already in upstreamed icedtea 2.1 - Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb - Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1 - see https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details - Removed all fonconfig files. Fonts are now handled differently in JDK and those files are redundant. This is going to be usptreamed. - see https://bugzilla.redhat.com/show_bug.cgi?id=902227 for details - logging.properties marked as config(noreplace) - see https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details - classes.jsa marked as ghost - see https://bugzilla.redhat.com/show_bug.cgi?id=918172 for details - nss.cfg was marked as config(noreplace) - see https://bugzilla.redhat.com/show_bug.cgi?id=913821 for details -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 26 2013 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.7.0.9-2.3.8.3.fc18 - added manual deletion of classes.jsa - ghost classes.jsa restricted to jitarches and to full path - zlib in BuildReq restricted for 1.2.3-7 or higher - see https://bugzilla.redhat.com/show_bug.cgi?id=904231 - Removed a -icedtea tag from the version - package have less and less connections to icedtea7 - Added link to nss as noreplace bug to previous changelog item * Mon Mar 25 2013 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.7.0.9-2.3.8.1.fc18 - Bumped release - Added and applied patch500 java-1.7.0-openjdk-fixZeroAllocFailure.patch - to fix not-jit arches build - is already in upstreamed icedtea 2.1 - Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb - Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1 - see https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details - Removed all fonconfig files. Fonts are now handled differently in JDK and those files are redundant. This is going to be usptreamed. - see https://bugzilla.redhat.com/show_bug.cgi?id=902227 for details - logging.properties marked as config(noreplace) - see https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details - classes.jsa marked as ghost - see https://bugzilla.redhat.com/show_bug.cgi?id=918172 for details - nss.cfg was marked as config(noreplace) -------------------------------------------------------------------------------- ================================================================================ libuser-0.58-3.fc18 (FEDORA-2013-4571) A user and group account administration library -------------------------------------------------------------------------------- Update Information: This update fixes a TOCTOU race condition when copying and removing directory trees. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 15 2013 Hercinger Viktor <hercinger.viktor@xxxxxxxxx> - 0.58-3 - Fixed TOCTOU race condition when copying, removing or creating directory trees Resolves: #928846, CVE-2012-5630, CVE-2012-5644 -------------------------------------------------------------------------------- References: [ 1 ] Bug #884685 - CVE-2012-5630 libuser: TOCTOU race conditions by copying and removing directory trees https://bugzilla.redhat.com/show_bug.cgi?id=884685 [ 2 ] Bug #885724 - CVE-2012-5644 libuser: (Complete) Information disclosure when moving user's home directory https://bugzilla.redhat.com/show_bug.cgi?id=885724 -------------------------------------------------------------------------------- ================================================================================ megaglest-3.7.1-6.fc18 (FEDORA-2013-4575) Open Source 3d real time strategy game -------------------------------------------------------------------------------- Update Information: Correct crash with NULL unit in selection (#924874) -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 29 2013 pcpa <paulo.cesar.pereira.de.andrade@xxxxxxxxx> - 3.7.1-4 - Correct crash with NULL unit in selection (#924874) * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.7.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Mon Jan 21 2013 Adam Tkac <atkac redhat com> - 3.7.1-4 - rebuild due to "jpeg8-ABI" feature drop * Wed Jan 16 2013 pcpa <paulo.cesar.pereira.de.andrade@xxxxxxxxx> - 3.7.1-3 - Add patch suggested by upstream for better color picking selection mode. * Thu Dec 13 2012 Adam Jackson <ajax@xxxxxxxxxx> - 3.7.1-2 - Rebuild for glew 1.9.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #924874 - [abrt] megaglest-3.7.1-1.fc17: Glest::Game::ExceptionHandler::handleRuntimeError: Process /usr/bin/megaglest was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=924874 -------------------------------------------------------------------------------- ================================================================================ mingw-libarchive-3.0.4-4.fc18 (FEDORA-2013-4592) MinGW package for handling streaming archive formats -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 29 2013 Michael Cronenworth <mike@xxxxxxxxxx> - 3.0.4-4 - Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105) -------------------------------------------------------------------------------- References: [ 1 ] Bug #902998 - CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems https://bugzilla.redhat.com/show_bug.cgi?id=902998 -------------------------------------------------------------------------------- ================================================================================ mingw-qt5-qtbase-5.0.1-4.fc18 (FEDORA-2013-4499) Qt5 for Windows - QtBase component -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 28 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 5.0.1-4 - Have the -qmake packages require mingw{32,64}-qt5-qttools-lrelease and update the reference to it in the mkspecs profiles * Tue Mar 26 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 5.0.1-3 - Make sure the .pc files of the Qt5 modules are installed correctly -------------------------------------------------------------------------------- References: [ 1 ] Bug #858068 - Review Request: mingw-qt5-qtjsbackend - Qt5 for Windows - QtJsBackend component https://bugzilla.redhat.com/show_bug.cgi?id=858068 [ 2 ] Bug #858076 - Review Request: mingw-qt5-qtscript - Qt5 for Windows - QtScript component https://bugzilla.redhat.com/show_bug.cgi?id=858076 [ 3 ] Bug #858080 - Review Request: mingw-qt5-qttools - Qt5 for Windows - QtTools component https://bugzilla.redhat.com/show_bug.cgi?id=858080 -------------------------------------------------------------------------------- ================================================================================ mingw-qt5-qtjsbackend-5.0.1-1.fc18 (FEDORA-2013-4499) Qt5 for Windows - QtJsBackend component -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #858068 - Review Request: mingw-qt5-qtjsbackend - Qt5 for Windows - QtJsBackend component https://bugzilla.redhat.com/show_bug.cgi?id=858068 [ 2 ] Bug #858076 - Review Request: mingw-qt5-qtscript - Qt5 for Windows - QtScript component https://bugzilla.redhat.com/show_bug.cgi?id=858076 [ 3 ] Bug #858080 - Review Request: mingw-qt5-qttools - Qt5 for Windows - QtTools component https://bugzilla.redhat.com/show_bug.cgi?id=858080 -------------------------------------------------------------------------------- ================================================================================ mingw-qt5-qtscript-5.0.1-1.fc18 (FEDORA-2013-4499) Qt5 for Windows - QtScript component -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #858068 - Review Request: mingw-qt5-qtjsbackend - Qt5 for Windows - QtJsBackend component https://bugzilla.redhat.com/show_bug.cgi?id=858068 [ 2 ] Bug #858076 - Review Request: mingw-qt5-qtscript - Qt5 for Windows - QtScript component https://bugzilla.redhat.com/show_bug.cgi?id=858076 [ 3 ] Bug #858080 - Review Request: mingw-qt5-qttools - Qt5 for Windows - QtTools component https://bugzilla.redhat.com/show_bug.cgi?id=858080 -------------------------------------------------------------------------------- ================================================================================ mingw-qt5-qttools-5.0.1-1.fc18 (FEDORA-2013-4499) Qt5 for Windows - QtTools component -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #858068 - Review Request: mingw-qt5-qtjsbackend - Qt5 for Windows - QtJsBackend component https://bugzilla.redhat.com/show_bug.cgi?id=858068 [ 2 ] Bug #858076 - Review Request: mingw-qt5-qtscript - Qt5 for Windows - QtScript component https://bugzilla.redhat.com/show_bug.cgi?id=858076 [ 3 ] Bug #858080 - Review Request: mingw-qt5-qttools - Qt5 for Windows - QtTools component https://bugzilla.redhat.com/show_bug.cgi?id=858080 -------------------------------------------------------------------------------- ================================================================================ nfsometer-1.5-1.fc18 (FEDORA-2013-4572) NFS Performance Framework Tool -------------------------------------------------------------------------------- Update Information: Updated to the latest upstream release: 1.5 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 26 2013 Weston Andros Adamson <dros@xxxxxxxxxx> 1.5-1 - Updated to the latest upstream release: 1.5 * Tue Jan 15 2013 Steve Dickson <steved@xxxxxxxxxx> 1.3-1 - Updated to the latest upstream release: 1.3 -------------------------------------------------------------------------------- ================================================================================ ngircd-20.2-1.fc18 (FEDORA-2013-4593) Next Generation IRC Daemon -------------------------------------------------------------------------------- Update Information: Update to 20.2, which fixes a crash issue. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 29 2013 Kevin Fenzi <kevin@xxxxxxxxx> 20.2-1 - Update to 20.2. - Fix for CVE-2013-1747 * Thu Mar 7 2013 Tomáš Mráz <tmraz@xxxxxxxxxx> 20.1-2 - Rebuilt with new GnuTLS -------------------------------------------------------------------------------- References: [ 1 ] Bug #929168 - CVE-2013-1747 ngircd: DoS (assertion failure, crash) via a KICK command for a user who is not on the associated channel https://bugzilla.redhat.com/show_bug.cgi?id=929168 -------------------------------------------------------------------------------- ================================================================================ openstack-keystone-2012.2.3-5.fc18 (FEDORA-2013-4590) OpenStack Identity Service -------------------------------------------------------------------------------- Update Information: Fix online revocation check for PKI tokens CVE-2013-1865 Add openssl dependency for PKI tokens -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 29 2013 Alan Pevec <apevec@xxxxxxxxxx> 2012.2.3-5 - Fix online revocation check for PKI tokens CVE-2013-1865 * Mon Mar 11 2013 Alan Pevec <apevec@xxxxxxxxxx> 2012.2.3-4 - openssl is required for PKI tokens rhbz#918757 -------------------------------------------------------------------------------- References: [ 1 ] Bug #922230 - CVE-2013-1865 OpenStack keystone: online validation of Keystone PKI tokens bypasses revocation check https://bugzilla.redhat.com/show_bug.cgi?id=922230 -------------------------------------------------------------------------------- ================================================================================ python-matplotlib-1.2.0-10.fc18 (FEDORA-2013-4600) Python 2D plotting library -------------------------------------------------------------------------------- Update Information: Use stix fonts avoid problems with missing cm fonts (#908717). Correct type mismatch in python3 font_manager (#912843, #928326) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 28 2013 pcpa <paulo.cesar.pereira.de.andrade@xxxxxxxxx> - 1.2.0-10 - Use stix fonts avoid problems with missing cm fonts (#908717) - Correct type mismatch in python3 font_manager (#912843, #928326) * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #908717 - mathtext fonts missing? https://bugzilla.redhat.com/show_bug.cgi?id=908717 [ 2 ] Bug #912843 - run time Type error while calling show() to plot any graph, due to type mismatch in font_manager.py https://bugzilla.redhat.com/show_bug.cgi?id=912843 [ 3 ] Bug #928326 - fontconfig problem with python3-matplotlib https://bugzilla.redhat.com/show_bug.cgi?id=928326 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.8.8-1.fc18 (FEDORA-2013-4597) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: Caching of entitlement status for temporary disconnected use case. Changes for management of installed product certs. Several bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 27 2013 Devan Goodwin <dgoodwin@xxxxxxxx> 1.8.8-1 - no 'json' module in rhel5, use simplejson instead (alikins@xxxxxxxxxx) - Adding plugin directory config option. (awood@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ qpdfview-0.4.1-1.fc18 (FEDORA-2013-4587) Tabbed PDF Viewer -------------------------------------------------------------------------------- Update Information: Qt-based PDF viewer. -------------------------------------------------------------------------------- References: [ 1 ] Bug #926062 - Review Request: qpdfview - Qt-based PDF viewer https://bugzilla.redhat.com/show_bug.cgi?id=926062 -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.8.5-1.fc18 (FEDORA-2013-4597) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: Caching of entitlement status for temporary disconnected use case. Changes for management of installed product certs. Several bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 27 2013 Devan Goodwin <dgoodwin@xxxxxxxx> 1.8.5-1 - 927875: Fix GUI bug if there is an expired certificate. (dgoodwin@xxxxxxxxxx) - 922806: Use dependency injection with firstboot module. (awood@xxxxxxxxxx) - 919512: Remove proxy options from config command. (awood@xxxxxxxxxx) - 921126: latest string updates from zanata (alikins@xxxxxxxxxx) - 919255: Remove extraneous print statement. (awood@xxxxxxxxxx) - 919584: Fix unicode error in RHEL 5. (awood@xxxxxxxxxx) - Implement entitlement/product status caching. (dgoodwin@xxxxxxxxxx) - 921245: Update installed products tab after registration. (awood@xxxxxxxxxx) - 893993: some refactoring, show_autosubscribe_output returns 0 or 1 (ckozak@xxxxxxxxxx) - 859197: add special case for products that provide 'rhel-' tags (alikins@xxxxxxxxxx) - productid db now supports multiple repos per product id (alikins@xxxxxxxxxx) - let ProductData support multiple repos per product (alikins@xxxxxxxxxx) - 893993: attach --auto now prints the proper text when no products are installed (ckozak@xxxxxxxxxx) - 918746: Switched or ordering for disabling repos. Will now print all repository validation errors (ckozak@xxxxxxxxxx) - 914717: rct cat-manifest fails to report Contract from the embedded entitlement cert (wpoteat@xxxxxxxxxx) - More convenient dep injection. (dgoodwin@xxxxxxxxxx) - Try to handle the really old dbus-python on rhel5 (alikins@xxxxxxxxxx) - add missing conf file for all_slots plugin (alikins@xxxxxxxxxx) - 919700: Reload consumer identity after force subscribing. (dgoodwin@xxxxxxxxxx) - utils.parseDate is now isodate.parse_date (alikins@xxxxxxxxxx) - Remove ent/prod dir arguments to CLI commands. (dgoodwin@xxxxxxxxxx) - PluginsCommand does not need network cli options (alikins@xxxxxxxxxx) - Fix pluginDir config value in default config file (alikins@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ tomcat6-6.0.36-2.fc18 (FEDORA-2013-4589) Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API -------------------------------------------------------------------------------- Update Information: rhbz 701038 - tomcat user shell /sbin/nologin regression rhbz 868171 - tomcat6-6.0.36 is available. tomcat6-6.0.36 was made available in tomcat6-6.0.36-1.fc18. The bz is noted here so it can be closed. rhbz 876987 - tomcat6 logrotate should specify "su root tomcat" rhbz 678630 - tomcat6 servlet-2.5-api missing R:jpackage-utils rhbz 680447 - Location of TOMCAT_LOG Updated to tc 6.0.36 which includes the CVE's referenced in the bzs (883690:CVE-2012-4531, 883675:CVE-2012-4431, 873703:CVE-2012-5885, 5886 ,5887, 3439, 883702:CVE-2012-3546, CVE-2012-2733) The update includes apache-tomcat bz 54615 "tomcat6 does not compile against ecj 4.x". Patching 54615 was necessary for a successful build. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 18 2013 David Knox <dknox@xxxxxxxxxx> 0:6.0.36-2 - Resolves: rhbz 680447 was incompletely patched. The default - location of TOMCAT_LOG was incorrect - Resolves: rhbz 701038 tomcat user shell needs to use nologin - in systemv init script - Resolves: rhbz 868171 tomcat 6.0.36 is available - Resolves: rhbz 876987 logrotate must specify su root tomcat - Resolves: rhbz 678630 servlet-api missing Requires jpackage-utils * Wed Mar 13 2013 David Knox <dknox@xxxxxxxxxx> 0:6.0.36-1 - Rebase on tc 6.0.36. - Resolves: apache-tomcat bz 54615 tomcat6 does not compile against - ecj 4.x -------------------------------------------------------------------------------- References: [ 1 ] Bug #701038 - tomcat user shell /sbin/nologin regression in F15 https://bugzilla.redhat.com/show_bug.cgi?id=701038 [ 2 ] Bug #868171 - tomcat6-6.0.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=868171 [ 3 ] Bug #876987 - tomcat6 logrotate should specify "su root tomcat" https://bugzilla.redhat.com/show_bug.cgi?id=876987 [ 4 ] Bug #678630 - tomcat6-servlet-2.5-api is missing various requires https://bugzilla.redhat.com/show_bug.cgi?id=678630 [ 5 ] Bug #680447 - initscript sources global tomcat6 config and instance config in wrong order https://bugzilla.redhat.com/show_bug.cgi?id=680447 [ 6 ] Bug #883675 - CVE-2012-4431 Tomcat/JBoss Web - Bypass of CSRF prevention filter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=883675 [ 7 ] Bug #883702 - CVE-2012-3546 Tomcat/JBoss Web - Bypass of security constraints [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=883702 [ 8 ] Bug #883690 - CVE-2012-4534 Tomcat - Denial Of Service when using NIO+SSL+sendfile [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=883690 [ 9 ] Bug #873703 - CVE-2012-5885 CVE-2012-5886 CVE-2012-5587 CVE-2012-2733 tomcat6 various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=873703 -------------------------------------------------------------------------------- ================================================================================ tudu-0.8.2-1.fc18 (FEDORA-2013-4582) A simple, command line interface to do list application -------------------------------------------------------------------------------- Update Information: * Updated to version 0.8.2 * Adds a configuration variable 'tudu_file' to set the path to the XML file. * Improves the category editor. * Doesn't check configuration files when invoked with '-h' and '-v'. * Fixes a segfault on the scroll help page when the resolution is high. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 28 2013 Eric "Sparks" Christensen <sparks@xxxxxxxxxxxxxxxxx> - 0.8.2-1 - Updated to version 0.8.2 - Adds a configuration variable 'tudu_file' to set the path to the XML file. - Improves the category editor. - Doesn't check configuration files when invoked with '-h' and '-v'. - Fixes a segfault on the scroll help page when the resolution is high. * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #828280 - tudu-0.8.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=828280 -------------------------------------------------------------------------------- ================================================================================ yum-langpacks-0.3.1-1.fc18 (FEDORA-2013-4584) Langpacks plugin for yum -------------------------------------------------------------------------------- Update Information: New upstream release 0.3.1 which fixed a bug -> "yum langinstall hi_IN" command to work without root user access. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 29 2013 Jens Petersen <petersen@xxxxxxxxxx> - 0.3.1-1 - update to 0.3.1 - have to be root also to run langinstall (Parag Nemade, #928833) * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #928833 - yum langinstall still installs packages without root permission https://bugzilla.redhat.com/show_bug.cgi?id=928833 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
