The following Fedora 17 Security updates need testing: Age URL 273 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 85 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 55 https://admin.fedoraproject.org/updates/FEDORA-2013-2143/rubygem-rdoc-3.12-5.fc17 51 https://admin.fedoraproject.org/updates/FEDORA-2013-2315/rubygem-rack-1.4.0-4.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-4174/glibc-2.15-59.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2013-4296/tomcat6-6.0.36-1.fc17 8 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4533/bind-9.9.2-7.P2.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4536/roundcubemail-0.8.6-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4531/mongodb-2.2.3-4.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4522/libarchive-3.0.4-3.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4516/drupal7-rules-2.3-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4528/asterisk-10.12.2-1.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-4598/389-ds-base-1.2.11.20-1.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-4576/mingw-libarchive-3.0.4-4.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-4619/polarssl-1.1.6-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4827/haproxy-1.4.23-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4834/mod_security-2.7.3-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4818/clamav-0.97.7-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4802/xulrunner-20.0-1.fc17,firefox-20.0-1.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 225 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 54 https://admin.fedoraproject.org/updates/FEDORA-2013-2163/policycoreutils-2.1.13-27.3.fc17 33 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 14 https://admin.fedoraproject.org/updates/FEDORA-2013-4140/audit-2.2.3-2.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-4216/xorg-x11-drv-intel-2.21.5-1.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-4174/glibc-2.15-59.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2013-4308/libnotify-0.7.5-5.fc17 8 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4522/libarchive-3.0.4-3.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4730/koji-1.8.0-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4802/xulrunner-20.0-1.fc17,firefox-20.0-1.fc17 The following builds have been pushed to Fedora 17 updates-testing anki-2.0.8-2.fc17 bitlbee-3.2-3.fc17 c++-gtk-utils-2.0.16-2.fc17 clamav-0.97.7-1.fc17 firefox-20.0-1.fc17 haproxy-1.4.23-1.fc17 jd-2.8.6-0.6.svn4107_trunk.fc17 kde-plasma-alsa-volume-0.42.2-1.fc17 mod_security-2.7.3-1.fc17 perl-WWW-GoodData-1.9-1.fc17 spring-94.1-1.fc17 springlobby-0.169-1.fc17 transmission-2.77-2.fc17 xulrunner-20.0-1.fc17 Details about builds: ================================================================================ anki-2.0.8-2.fc17 (FEDORA-2013-4830) Flashcard program for using space repetition learning -------------------------------------------------------------------------------- Update Information: This update fixes the selection of the filter in the browser view: https://anki.lighthouseapp.com/projects/100923/tickets/729-browser-filter-tree-doesnt-filter -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 1 2013 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 2.0.8-2 - Add patch to fix filter selection in browser view: https://anki.lighthouseapp.com/projects/100923/tickets/729-browser-filter-tree-doesnt-filter -------------------------------------------------------------------------------- ================================================================================ bitlbee-3.2-3.fc17 (FEDORA-2013-4821) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information: Add upstream patch to avoid double-free crash (#922447) -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 2 2013 Matěj Cepl <mcepl@xxxxxxxxxx> - 3.2-3 - Add upstream patch to avoid double-free crash (#922447) * Thu Mar 14 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.2-2 - Add accidentially lost OTR support for RHEL 5 and 6 (#919912) -------------------------------------------------------------------------------- References: [ 1 ] Bug #922447 - bitlbee crashes on disconnection due to a memory problem https://bugzilla.redhat.com/show_bug.cgi?id=922447 -------------------------------------------------------------------------------- ================================================================================ c++-gtk-utils-2.0.16-2.fc17 (FEDORA-2013-4799) A library for GTK+ programming with C++ -------------------------------------------------------------------------------- Update Information: Enable aarch64 support (bz 925145). -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 28 2013 Frederik Holden <frederik+fedora@xxxxxx> - 2.0.16-2 - Temporary fix for bz 925145 (aarch64 support) until new upstream release. - Changed the build step so it doesn't unnecessarily ./configure twice. -------------------------------------------------------------------------------- References: [ 1 ] Bug #925145 - c++-gtk-utils: Does not support aarch64 in f19 and rawhide https://bugzilla.redhat.com/show_bug.cgi?id=925145 -------------------------------------------------------------------------------- ================================================================================ clamav-0.97.7-1.fc17 (FEDORA-2013-4818) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information: Update to 0.97.7 which fixes several potential security issues -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 23 2013 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 0.97.7-1 - Update to 0.97.7 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.97.6-1901 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #922848 - clamav: Multiple potential security issues fixed in 0.97.7 version https://bugzilla.redhat.com/show_bug.cgi?id=922848 -------------------------------------------------------------------------------- ================================================================================ firefox-20.0-1.fc17 (FEDORA-2013-4802) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: Firefox release notes: - http://www.mozilla.org/en-US/firefox/20.0/releasenotes/ Thunderbird release notes: - https://www.mozilla.org/en-US/thunderbird/17.0.5/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 1 2013 Martin Stransky <stransky@xxxxxxxxxx> - 20.0-1 - Updated to 20.0 * Mon Mar 18 2013 Martin Stransky <stransky@xxxxxxxxxx> - 19.0.2-2 - Added fix for mozbz#239254 - local cache dir -------------------------------------------------------------------------------- ================================================================================ haproxy-1.4.23-1.fc17 (FEDORA-2013-4827) HA-Proxy is a TCP/HTTP reverse proxy for high availability environments -------------------------------------------------------------------------------- Update Information: Update to upstream stable release 1.4.23. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 2 2013 Ryan O'Hara <rohara@xxxxxxxxxx> - 1.4.23-1 - Update to 1.4.23 (CVE-2013-1912, #947697) - Drop supplementary groups after setuid/setgid (#894626) -------------------------------------------------------------------------------- References: [ 1 ] Bug #947581 - CVE-2013-1912 haproxy: rewrite rules flaw can lead to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=947581 -------------------------------------------------------------------------------- ================================================================================ jd-2.8.6-0.6.svn4107_trunk.fc17 (FEDORA-2013-4811) A 2ch browser -------------------------------------------------------------------------------- Update Information: Update to the latest trunk, including new youtube thumbnail support -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 2 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - Update to the latest trunk -------------------------------------------------------------------------------- ================================================================================ kde-plasma-alsa-volume-0.42.2-1.fc17 (FEDORA-2013-4813) ALSA Volume Control plasmoid -------------------------------------------------------------------------------- Update Information: some fixes & improvements; -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 2 2013 Fl@sh <kaperang07@xxxxxxxxx> - 0.42.2-1 - version update -------------------------------------------------------------------------------- ================================================================================ mod_security-2.7.3-1.fc17 (FEDORA-2013-4834) Security module for the Apache HTTP Server -------------------------------------------------------------------------------- Update Information: Update to 2.7.3. Upstream changelog: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 30 2013 Athmane Madjoudj <athmane@xxxxxxxxxxxxxxxxx> 2.7.3-1 - Update to 2.7.3 * Fri Jan 25 2013 Athmane Madjoudj <athmane@xxxxxxxxxxxxxxxxx> 2.7.2-1 - Update to 2.7.2 - Update source url in the spec. * Thu Nov 22 2012 Athmane Madjoudj <athmane@xxxxxxxxxxxxxxxxx> 2.7.1-5 - Use conditional for loading mod_unique_id (rhbz #879264) - Fix syntax errors on httpd 2.4.x by using IncludeOptional (rhbz #879264, comment #2) * Mon Nov 19 2012 Peter Vrabec <pvrabec@xxxxxxxxxx> 2.7.1-4 - mlogc subpackage is not provided on RHEL7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #947842 - CVE-2013-1915 mod_security: Vulnerable to XXE attacks https://bugzilla.redhat.com/show_bug.cgi?id=947842 -------------------------------------------------------------------------------- ================================================================================ perl-WWW-GoodData-1.9-1.fc17 (FEDORA-2013-4828) Client library for GoodData REST-ful API -------------------------------------------------------------------------------- Update Information: Update to 1.9 to fix for API changes. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 3 2013 Lubomir Rintel (GoodData) <lubo.rintel@xxxxxxxxxxxx> 1.9-1 - Rebase * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Oct 11 2012 Lubomir Rintel (GoodData) <lubo.rintel@xxxxxxxxxxxx> 1.7-2 - Fix the auth handler for clients that use stock LWP::UserAgent * Wed Aug 22 2012 Lubomir Rintel (GoodData) <lubo.rintel@xxxxxxxxxxxx> 1.7-1 - Rebase * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jun 16 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 1.6-2 - Perl 5.16 rebuild -------------------------------------------------------------------------------- ================================================================================ spring-94.1-1.fc17 (FEDORA-2013-4822) Multiplayer, 3D realtime strategy combat game -------------------------------------------------------------------------------- Update Information: - Version 94.1, major spring/springlobby upstream release. - Drop the E323AI UTC time patch. - Fix #921690. - Update the DSO, assimp-remove patches. - pr-downloader still disabled due to excessive DSO issues. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 1 2013 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 94.1-1 - Version 94.1, major spring/springlobby upstream release. - Drop the E323AI UTC time patch. - Update the DSO, assimp-remove patches. - pr-downloader still disabled due to excessive DSO issues. * Sat Feb 9 2013 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> - 91.0-3 - Rebuild for Boost-1.53.0 * Thu Dec 13 2012 Adam Jackson <ajax@xxxxxxxxxx> - 91.0-2 - Rebuild for glew 1.9.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #921690 - spring 93.1 is available - new version https://bugzilla.redhat.com/show_bug.cgi?id=921690 -------------------------------------------------------------------------------- ================================================================================ springlobby-0.169-1.fc17 (FEDORA-2013-4824) A lobby client for the spring RTS game engine -------------------------------------------------------------------------------- Update Information: - Version 0.169, major spring/springlobby upstream release. - Fix #921690. - GTK2 patch dropped. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 1 2013 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 0.169-1 - Version 0.169, major spring/springlobby upstream release. - Fix #921690. - GTK2 patch dropped. * Sun Feb 24 2013 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.147-4 - Rebuild for rb_libtorrent soname bump - Clean up spec to follow current guidelines * Sat Feb 9 2013 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> - 0.147-3 - Rebuild for Boost-1.53.0 * Sun Feb 3 2013 Kevin Fenzi <kevin@xxxxxxxxx> - 0.147-2 - Rebuild for broken deps in rawhide -------------------------------------------------------------------------------- References: [ 1 ] Bug #921690 - spring 93.1 is available - new version https://bugzilla.redhat.com/show_bug.cgi?id=921690 -------------------------------------------------------------------------------- ================================================================================ transmission-2.77-2.fc17 (FEDORA-2013-4825) A lightweight GTK+ BitTorrent client -------------------------------------------------------------------------------- Update Information: revert use of systemd macros -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 2 2013 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxx> - 2.77-2 - fix use of systemd macros. resolves rhbz#947627 -------------------------------------------------------------------------------- References: [ 1 ] Bug #947627 - transmission-2.77-1.fc17.x86_64 spews errors from Fedora 18+ specific %systemd_post macro https://bugzilla.redhat.com/show_bug.cgi?id=947627 -------------------------------------------------------------------------------- ================================================================================ xulrunner-20.0-1.fc17 (FEDORA-2013-4802) XUL Runtime for Gecko Applications -------------------------------------------------------------------------------- Update Information: Firefox release notes: - http://www.mozilla.org/en-US/firefox/20.0/releasenotes/ Thunderbird release notes: - https://www.mozilla.org/en-US/thunderbird/17.0.5/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 19 2013 Martin Stransky <stransky@xxxxxxxxxx> - 20.0-1 - Update to latest upstream (20.0) * Tue Mar 19 2013 Martin Stransky <stransky@xxxxxxxxxx> - 19.0.2-4 - Added fix for rhbz#913284 - Firefox segfaults in mozilla::gfx::AlphaBoxBlur::BoxBlur_C() on PPC64 * Tue Mar 19 2013 Martin Stransky <stransky@xxxxxxxxxx> - 19.0.2-3 - Added fix for mozbz#826171/rhbz#922904 - strndup implementation in memory/build/mozmemory_wrap.c is broken -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
