The following Fedora 17 Security updates need testing: Age URL 301 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 113 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 83 https://admin.fedoraproject.org/updates/FEDORA-2013-2143/rubygem-rdoc-3.12-5.fc17 79 https://admin.fedoraproject.org/updates/FEDORA-2013-2315/rubygem-rack-1.4.0-4.fc17 42 https://admin.fedoraproject.org/updates/FEDORA-2013-4174/glibc-2.15-59.fc17 41 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 40 https://admin.fedoraproject.org/updates/FEDORA-2013-4296/tomcat6-6.0.36-1.fc17 36 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17 33 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17 21 https://admin.fedoraproject.org/updates/FEDORA-2013-5440/php-geshi-1.0.8.11-3.fc17 21 https://admin.fedoraproject.org/updates/FEDORA-2013-5349/389-ds-base-1.2.11.21-1.fc17 20 https://admin.fedoraproject.org/updates/FEDORA-2013-5546/plexus-archiver-2.3-1.fc17 14 https://admin.fedoraproject.org/updates/FEDORA-2013-5967/xorg-x11-server-1.12.4-7.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-6723/xen-4.1.5-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-6727/python-pip-1.3.1-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-6720/curl-7.24.0-8.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-7000/phpMyAdmin-3.5.8.1-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-7144/xmp-3.4.0-11.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-7128/tinc-1.0.21-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-7285/php-sabredav-Sabre_DAV-1.6.5-5.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-7305/gpsd-3.9-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-6999/kernel-3.8.11-100.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 253 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 82 https://admin.fedoraproject.org/updates/FEDORA-2013-2163/policycoreutils-2.1.13-27.3.fc17 61 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 42 https://admin.fedoraproject.org/updates/FEDORA-2013-4140/audit-2.2.3-2.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-6278/nss-3.14.3-2.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-6636/kde-settings-4.8-25.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-6720/curl-7.24.0-8.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-6750/xorg-x11-drv-synaptics-1.6.3-3.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-7291/dosfstools-3.0.16-3.fc17 The following builds have been pushed to Fedora 17 updates-testing PyQt4-4.10.1-3.fc17 dosfstools-3.0.16-3.fc17 gnome-chemistry-utils-0.14.2-2.fc17 gnumeric-1.12.2-1.fc17 goffice-0.10.2-1.fc17 gpsd-3.9-1.fc17 julius-voxforge-2013.03.01-1.fc17 kernel-3.8.11-100.fc17 php-sabredav-Sabre_DAV-1.6.5-5.fc17 sip-4.14.6-1.fc17 tw-0.9.16-2.fc17 Details about builds: ================================================================================ PyQt4-4.10.1-3.fc17 (FEDORA-2013-6827) Python bindings for Qt4 -------------------------------------------------------------------------------- Update Information: New sip/PyQt4 releases, see also: http://www.riverbankcomputing.com/news/sip-4146 http://www.riverbankcomputing.com/news/pyqt-4101 -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.10.1-3 - ImportError: cannot import name uic (#958736) * Fri Apr 26 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.10.1-2 - filter private shared objects - %{python_sitelib}/dbus/mainloop/qt.so should be in %python_sitearch (#957260) - .spec cleanup - -assistant subpkg * Mon Apr 22 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.10.1-1 - 4.10.1 * Tue Apr 2 2013 Than Ngo <than@xxxxxxxxxx> - 4.10-3 - adapt rhel patch * Fri Mar 22 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.10-2 - introduce qscintilla, webkit feature macros -------------------------------------------------------------------------------- References: [ 1 ] Bug #923233 - [abrt] ninja-ide-2.1.1-4.fc18: highlighter.py:326:realtime_highlight:AttributeError: 'QTextBlockUserData' object has no attribute 'clear_data' https://bugzilla.redhat.com/show_bug.cgi?id=923233 [ 2 ] Bug #957260 - PyQt4: %{python_sitelib}/dbus/mainloop/qt.so should be in %python_sitearch https://bugzilla.redhat.com/show_bug.cgi?id=957260 -------------------------------------------------------------------------------- ================================================================================ dosfstools-3.0.16-3.fc17 (FEDORA-2013-7291) Utilities for making and checking MS-DOS FAT filesystems on Linux -------------------------------------------------------------------------------- Update Information: This is an update that fixes dosfslabel. -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2013 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 3.0.16-3 - Fixed dosfslabel (by fix-label patch) Resolves: rhbz#948055 -------------------------------------------------------------------------------- References: [ 1 ] Bug #948055 - [abrt] dosfstools-3.0.16-2.fc17: _IO_str_chk_overflow: Process /usr/sbin/dosfslabel was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=948055 -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.2-2.fc17 (FEDORA-2013-7296) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: Latest releases of goffice and gnumeric: * http://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.2.shtml -------------------------------------------------------------------------------- ChangeLog: * Wed May 1 2013 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.14.2-2 - Rebuilt for gnumeric-1.12.2 -------------------------------------------------------------------------------- ================================================================================ gnumeric-1.12.2-1.fc17 (FEDORA-2013-7296) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information: Latest releases of goffice and gnumeric: * http://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.2.shtml -------------------------------------------------------------------------------- ChangeLog: * Wed May 1 2013 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 1:1.12.2-1 - Updated to 1.12.2 - Added a patch to build with libgsf-1.14.24 -------------------------------------------------------------------------------- ================================================================================ goffice-0.10.2-1.fc17 (FEDORA-2013-7296) G Office support libraries -------------------------------------------------------------------------------- Update Information: Latest releases of goffice and gnumeric: * http://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.2.shtml -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 29 2013 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.10.2-1 - Updated to 0.10.2 -------------------------------------------------------------------------------- ================================================================================ gpsd-3.9-1.fc17 (FEDORA-2013-7305) Service daemon for mediating access to a GPS -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream release, which fixes a denial of service flaw found in the way AIS driver packet parser processed certain malformed packets. -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2013 Miroslav Lichvar <mlichvar@xxxxxxxxxx> - 3.9-1 - update to 3.9 (#958717) -------------------------------------------------------------------------------- References: [ 1 ] Bug #958717 - gpsd: DoS (packet parser crash) in the AIS driver when processing malformed packet https://bugzilla.redhat.com/show_bug.cgi?id=958717 -------------------------------------------------------------------------------- ================================================================================ julius-voxforge-2013.03.01-1.fc17 (FEDORA-2013-7293) VoxForge Acoustic Model files for Julius -------------------------------------------------------------------------------- Update Information: New package: VoxForge Acoustic Model files for Julius -------------------------------------------------------------------------------- References: [ 1 ] Bug #957238 - Review Request: julius-voxforge - VoxForge Acoustic Model files for Julius https://bugzilla.redhat.com/show_bug.cgi?id=957238 -------------------------------------------------------------------------------- ================================================================================ kernel-3.8.11-100.fc17 (FEDORA-2013-6999) The Linux kernel -------------------------------------------------------------------------------- Update Information: Update to latest upstream stable release, Linux v3.8.11. A variety of fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Wed May 1 2013 Justin M. Forbes <jforbes@xxxxxxxxxx> - 3.8.11-100 - Linux v3.8.11 * Mon Apr 29 2013 Justin M. Forbes <jforbes@xxxxxxxxxx> - 3.8.10-100 - Linux v3.8.10 * Wed Apr 24 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - 3.8.8-102 - CVE-2013-3228 irda: missing msg_namelen update in irda_recvmsg_dgram (rhbz 956069 956071) - CVE-2013-3230 l2tp: info leak in l2tp_ip6_recvmsg (rhbz 956088 956089) - CVE-2013-3231 llc: Fix missing msg_namelen update in llc_ui_recvmsg (rhbz 956094 956104) - CVE-2013-3232 netrom: information leak via msg_name in nr_recvmsg (rhbz 956110 956113) - CVE-2013-3233 NFC: llcp: info leaks via msg_name in llcp_sock_recvmsg (rhbz 956125 956129) - CVE-2013-3234 rose: info leak via msg_name in rose_recvmsg (rhbz 956135 956139) - CVE-2013-3076 crypto: algif suppress sending src addr info in recvmsg (rhbz 956162 956168) * Tue Apr 23 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - CVE-2013-3223 ax25: information leak via msg_name in ax25_recvmsg (rhbz 955662 955666) - CVE-2013-3225 Bluetooth: RFCOMM missing msg_namelen update in rfcomm_sock_recvmsg (rhbz 955649 955658) - CVE-2013-1979 net: incorrect SCM_CREDENTIALS passing (rhbz 955629 955647) - CVE-2013-3224 Bluetooth: possible info leak in bt_sock_recvmsg (rhbz 955599 955607) * Mon Apr 22 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - CVE-2013-3222 atm: update msg_namelen in vcc_recvmsg (rhbz 955216 955228) -------------------------------------------------------------------------------- References: [ 1 ] Bug #956069 - CVE-2013-3228 Kernel: irda: missing msg_namelen update in irda_recvmsg_dgram https://bugzilla.redhat.com/show_bug.cgi?id=956069 [ 2 ] Bug #956088 - CVE-2013-3230 Kernel: l2tp: info leak in l2tp_ip6_recvmsg https://bugzilla.redhat.com/show_bug.cgi?id=956088 [ 3 ] Bug #956094 - CVE-2013-3231 Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg https://bugzilla.redhat.com/show_bug.cgi?id=956094 [ 4 ] Bug #956110 - CVE-2013-3232 Kernel: netrom: information leak via msg_name in nr_recvmsg https://bugzilla.redhat.com/show_bug.cgi?id=956110 [ 5 ] Bug #956125 - CVE-2013-3233 Kernel: NFC: llcp: info leaks via msg_name in llcp_sock_recvmsg https://bugzilla.redhat.com/show_bug.cgi?id=956125 [ 6 ] Bug #956135 - CVE-2013-3234 Kernel: rose: info leak via msg_name in rose_recvmsg https://bugzilla.redhat.com/show_bug.cgi?id=956135 [ 7 ] Bug #956162 - CVE-2013-3076 Kernel: crypto: algif - suppress sending source address information in recvmsg https://bugzilla.redhat.com/show_bug.cgi?id=956162 [ 8 ] Bug #955662 - CVE-2013-3223 Kernel: ax25: information leak via msg_name in ax25_recvmsg() https://bugzilla.redhat.com/show_bug.cgi?id=955662 [ 9 ] Bug #955649 - CVE-2013-3225 Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg https://bugzilla.redhat.com/show_bug.cgi?id=955649 [ 10 ] Bug #955629 - CVE-2013-1979 kernel: net: incorrect SCM_CREDENTIALS passing https://bugzilla.redhat.com/show_bug.cgi?id=955629 [ 11 ] Bug #955599 - CVE-2013-3224 Kernel: Bluetooth: possible info leak in bt_sock_recvmsg() https://bugzilla.redhat.com/show_bug.cgi?id=955599 [ 12 ] Bug #955216 - CVE-2013-3222 Kernel: atm: update msg_namelen in vcc_recvmsg() https://bugzilla.redhat.com/show_bug.cgi?id=955216 -------------------------------------------------------------------------------- ================================================================================ php-sabredav-Sabre_DAV-1.6.5-5.fc17 (FEDORA-2013-7285) Sabre_DAV is a WebDAV framework for PHP -------------------------------------------------------------------------------- Update Information: Fixes archives/files problem This update patches the problem in the browser plugin for sabredav. This update patches the problem in the browser plugin for sabredav. This update patches the problem in the browser plugin for sabredav. This update patches the problem in the browser plugin for sabredav. -------------------------------------------------------------------------------- ChangeLog: * Wed May 1 2013 Joseph Marrero <jmarrero@xxxxxxxxxxxxxxxxx> - 1.6.5-5 - Fix problem with checksum whitout braking the files installed * Sun Apr 28 2013 Joseph Marrero <jmarrero@xxxxxxxxxxxxxxxxx> - 1.6.5-4 - added security patch that fixes bugs 951568 951569 951562 - added --ignore-erros flag to pear install macro to accept the patch * Sat Mar 2 2013 Joseph Marrero <jmarrero@xxxxxxxxxxxxxxxxx> - 1.6.5-3 - Fix cleanup in rhel6 and f19 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #951562 - CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML Browser plug-in https://bugzilla.redhat.com/show_bug.cgi?id=951562 -------------------------------------------------------------------------------- ================================================================================ sip-4.14.6-1.fc17 (FEDORA-2013-6827) SIP - Python/C++ Bindings Generator -------------------------------------------------------------------------------- Update Information: New sip/PyQt4 releases, see also: http://www.riverbankcomputing.com/news/sip-4146 http://www.riverbankcomputing.com/news/pyqt-4101 -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 21 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.14.6-1 - sip-4.14.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #923233 - [abrt] ninja-ide-2.1.1-4.fc18: highlighter.py:326:realtime_highlight:AttributeError: 'QTextBlockUserData' object has no attribute 'clear_data' https://bugzilla.redhat.com/show_bug.cgi?id=923233 [ 2 ] Bug #957260 - PyQt4: %{python_sitelib}/dbus/mainloop/qt.so should be in %python_sitearch https://bugzilla.redhat.com/show_bug.cgi?id=957260 -------------------------------------------------------------------------------- ================================================================================ tw-0.9.16-2.fc17 (FEDORA-2013-7302) Translate words into different languages -------------------------------------------------------------------------------- Update Information: Makes aspell, espeak, mythes optional for build, mythes real usable synonyms tool, fixes spec, synonyms utf handling, mythes example on documentation. -------------------------------------------------------------------------------- ChangeLog: * Wed May 1 2013 Juan Manuel Borges Caño <juanmabcmail@xxxxxxxxx> - 0.9.16-2 * Add espeak to BuildRequires. * Sun Apr 28 2013 Juan Manuel Borges Caño <juanmabcmail@xxxxxxxxx> - 0.9.16-1 * Update to mainstream. * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
