The following Fedora 18 Security updates need testing: Age URL 116 https://admin.fedoraproject.org/updates/FEDORA-2013-0416/fedora-business-cards-1-0.1.beta1.fc18 85 https://admin.fedoraproject.org/updates/FEDORA-2013-2131/rubygem-rdoc-3.12-6.fc18 81 https://admin.fedoraproject.org/updates/FEDORA-2013-2306/rubygem-rack-1.4.0-5.fc18 50 https://admin.fedoraproject.org/updates/FEDORA-2013-3935/puppet-3.1.1-1.fc18 43 https://admin.fedoraproject.org/updates/FEDORA-2013-4243/stunnel-4.55-1.fc18 35 https://admin.fedoraproject.org/updates/FEDORA-2013-4589/tomcat6-6.0.36-2.fc18 30 https://admin.fedoraproject.org/updates/FEDORA-2013-4823/microcode_ctl-2.0-3.fc18 23 https://admin.fedoraproject.org/updates/FEDORA-2013-5472/php-geshi-1.0.8.11-3.fc18 22 https://admin.fedoraproject.org/updates/FEDORA-2013-5548/plexus-archiver-2.3-1.fc18 15 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-6417/owncloud-4.5.10-1.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-6721/openstack-keystone-2012.2.4-2.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-6977/phpMyAdmin-3.5.8.1-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-7135/xmp-3.5.0-3.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-7120/tinc-1.0.21-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-7289/php-sabredav-Sabre_DAV-1.6.5-5.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-7309/gpsd-3.9-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-7369/libtiff-4.0.3-6.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-7426/xen-4.2.2-3.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 202 https://admin.fedoraproject.org/updates/FEDORA-2012-16107/xorg-x11-drv-qxl-0.1.0-1.fc18 200 https://admin.fedoraproject.org/updates/FEDORA-2012-16207/thunderbird-lightning-1.8-1.fc18,thunderbird-16.0.1-2.fc18 84 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 60 https://admin.fedoraproject.org/updates/FEDORA-2013-3458/iproute-3.6.0-7.fc18,iptables-1.4.18-1.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-6207/sendmail-8.14.7-1.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-6297/gcr-3.6.2-4.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-7288/dosfstools-3.0.16-3.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-7235/colord-0.1.34-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-7211/libwacom-0.7.1-2.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-6209/ibus-1.5.2-3.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-7357/abrt-2.1.4-1.fc18,libreport-2.1.4-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-7374/qt-4.8.4-17.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-7369/libtiff-4.0.3-6.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-7131/perl-5.16.3-244.fc18,perl-Digest-1.17-244.fc18,perl-threads-1.86-243.fc18,perl-Version-Requirements-0.101022-243.fc18,perl-Test-Simple-0.98-243.fc18,perl-Carp-1.26-243.fc18,perl-ExtUtils-Manifest-1.61-243.fc18,perl-parent-0.225-243.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-7436/audit-2.3-2.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-7428/libgphoto2-2.5.1.1-4.fc18 The following builds have been pushed to Fedora 18 updates-testing PyQt4-4.10.1-4.fc18 R-wavethresh-4.6.4-1.fc18 audit-2.3-2.fc18 cura-13.04-1.fc18 cxxtools-2.2-1.fc18 icedtea-web-1.4-0.fc18 libgphoto2-2.5.1.1-4.fc18 mingw-angleproject-0-0.4.svn1561.20121214.fc18 mingw-crt-2.0.999-0.17.trunk.20121110.fc18 mingw-qt5-qtbase-5.0.2-1.fc18 mingw-qt5-qtjsbackend-5.0.2-1.fc18 mingw-qt5-qtscript-5.0.2-1.fc18 mingw-qt5-qttools-5.0.2-1.fc18 nodejs-get-1.2.1-2.fc18 pdns-recursor-3.5.1-1.fc18 pgbouncer-1.5.4-1.fc18 sip-4.14.6-1.fc18 xen-4.2.2-3.fc18 Details about builds: ================================================================================ PyQt4-4.10.1-4.fc18 (FEDORA-2013-6830) Python bindings for Qt4 -------------------------------------------------------------------------------- Update Information: New sip/PyQt4 releases, see also: http://www.riverbankcomputing.com/news/sip-4146 http://www.riverbankcomputing.com/news/pyqt-4101 -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.10.1-4 - fix dbus/mainloop hacks (#957867) * Thu May 2 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.10.1-3 - ImportError: cannot import name uic (#958736) * Fri Apr 26 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.10.1-2 - filter private shared objects - %{python_sitelib}/dbus/mainloop/qt.so should be in %python_sitearch (#957260) - .spec cleanup - -assistant subpkg * Mon Apr 22 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.10.1-1 - 4.10.1 * Tue Apr 2 2013 Than Ngo <than@xxxxxxxxxx> - 4.10-3 - adapt rhel patch * Fri Mar 22 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.10-2 - introduce qscintilla, webkit feature macros -------------------------------------------------------------------------------- References: [ 1 ] Bug #923233 - [abrt] ninja-ide-2.1.1-4.fc18: highlighter.py:326:realtime_highlight:AttributeError: 'QTextBlockUserData' object has no attribute 'clear_data' https://bugzilla.redhat.com/show_bug.cgi?id=923233 [ 2 ] Bug #957260 - PyQt4: %{python_sitelib}/dbus/mainloop/qt.so should be in %python_sitearch https://bugzilla.redhat.com/show_bug.cgi?id=957260 -------------------------------------------------------------------------------- ================================================================================ R-wavethresh-4.6.4-1.fc18 (FEDORA-2013-7434) R module, Software to perform wavelet statistics and transforms -------------------------------------------------------------------------------- Update Information: Minor bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2013 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.6.4-1 - update to 4.6.4 * Thu Apr 11 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 4.6.2-1 - update to 4.6.2 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ audit-2.3-2.fc18 (FEDORA-2013-7436) User space tools for 2.6 kernel auditing -------------------------------------------------------------------------------- Update Information: This release improves support for systemd, interpretations of audit events, and fixes man pages. This release also includes support for compiling a master set of rules from /etc/audit/rules.d. For more details, see the audit-2.3 release notes and augenrules man page. This update fixes a lot of small bugs and updates the syscall tables for the 3.7 and 3.8 kernels. It adds more interpretations for arguments of security critical syscalls. -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2013 Steve Grubb <sgrubb@xxxxxxxxxx> 2.3-2 - If no rules exist, copy shipped rules into place * Tue Apr 30 2013 Steve Grubb <sgrubb@xxxxxxxxxx> 2.3-1 - New upstream bugfix release -------------------------------------------------------------------------------- ================================================================================ cura-13.04-1.fc18 (FEDORA-2013-7427) 3D printer control software -------------------------------------------------------------------------------- Update Information: Cure can slice now, alsu updated to the latest version 3D printer control software -------------------------------------------------------------------------------- References: [ 1 ] Bug #901659 - Review Request: cura - 3D printer control software https://bugzilla.redhat.com/show_bug.cgi?id=901659 -------------------------------------------------------------------------------- ================================================================================ cxxtools-2.2-1.fc18 (FEDORA-2013-7435) A collection of general-purpose C++ classes -------------------------------------------------------------------------------- Update Information: * Fri May 3 2013 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 2.2-1 - new release - spec file cleanup -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2013 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 2.2-1 - new release - spec file cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #821220 - cxxtools - A collection of general-purpose C++ classes https://bugzilla.redhat.com/show_bug.cgi?id=821220 -------------------------------------------------------------------------------- ================================================================================ icedtea-web-1.4-0.fc18 (FEDORA-2013-7438) Java browser plug-in and Web Start implementation -------------------------------------------------------------------------------- Update Information: * Numerous improvements and enhancements in core and system of classloaders * Added cs localization * Added de localization * Added pl localization * Splash screen for javaws and plugin * Better error reporting for plugin via Error-splash-screen * All IcedTea-Web dialogues are centered to middle of active screen * Download indicator made compact for more then one jar * User can select its own JVM via itw-settings and deploy.properties. * Added extended applets security settings and dialogue * Security updates - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - CVE-2013-1927, RH884705: fixed gifar vulnerabilit - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings * NetX - PR1027: DownloadService is not supported by IcedTea-Web - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run - PR1292: Javaws does not resolve versioned jar names with periods correctly * Plugin - PR1106: Buffer overflow in plugin table- - PR1166: Embedded JNLP File is not supported in applet tag - PR1217: Add command line arguments for plugins - PR1189: Icedtea-plugin requires code attribute when using jnlp_href - PR1198: JSObject is not passed to javascript correctly - PR1260: IcedTea-Web should not rely on GTK - PR1157: Applets can hang browser after fatal exception - PR580: http://www.horaoficial.cl/ loads improperly * Common - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered - PR955: regression: SweetHome3D fails to run - PR1145: IcedTea-Web can cause ClassCircularityError - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 - PR822: Applets fail to load if jars have different signers - PR1186: System.getProperty("deployment.user.security.trusted.cacerts") is null - PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails - PR1299: WebStart doesn't read socket proxy settings from firefox correctly -------------------------------------------------------------------------------- ChangeLog: * Sat May 4 2013 Jiri Vanek <jvanek@xxxxxxxxxx> 1.4-0 - Updated to 1.4 - See announcement for detail - http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-May/023195.html - added check -------------------------------------------------------------------------------- ================================================================================ libgphoto2-2.5.1.1-4.fc18 (FEDORA-2013-7428) Library for accessing digital cameras -------------------------------------------------------------------------------- Update Information: - Fix crash when dealing with PTP devices without a memory card (rhbz#915688) - Fix PTP devices not working in USB-3 ports (rhbz#819918) - Cleanup spec-file -------------------------------------------------------------------------------- ChangeLog: * Sat May 4 2013 Hans de Goede <hdegoede@xxxxxxxxxx> - 2.5.1.1-4 - Fix crash when dealing with PTP devices without a memory card (rhbz#915688) * Thu May 2 2013 Hans de Goede <hdegoede@xxxxxxxxxx> - 2.5.1.1-3 - Fix PTP devices not working in USB-3 ports (rhbz#819918) - Cleanup spec-file * Tue Apr 23 2013 Tim Waugh <twaugh@xxxxxxxxxx> 2.5.1.1-2 - Use _udevrulesdir macro. -------------------------------------------------------------------------------- References: [ 1 ] Bug #915688 - [abrt] gphoto2-2.5.0-2.fc18: dtoh32ap: Process /usr/bin/gphoto2 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=915688 [ 2 ] Bug #819918 - Canon EOS DSLRs not working on USB 3 ports (ep 0x81, 0x2 - rounding interval to 32768 microframes, ep desc says 0 microframes) https://bugzilla.redhat.com/show_bug.cgi?id=819918 -------------------------------------------------------------------------------- ================================================================================ mingw-angleproject-0-0.4.svn1561.20121214.fc18 (FEDORA-2013-7425) Almost Native Graphics Layer Engine -------------------------------------------------------------------------------- Update Information: Fix compatibility issue regarding vsprintf_s on Windows XP -------------------------------------------------------------------------------- ChangeLog: * Sat May 4 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 0-0.4.svn1561.20121214 - Rebuild against latest mingw-crt (fixes Windows XP compatibility issue, RHBZ #917323) - Added another workaround due to the fact that the gyp build system doesn't properly support cross-compilation Fixes FTBFS against latest gyp -------------------------------------------------------------------------------- References: [ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows https://bugzilla.redhat.com/show_bug.cgi?id=917323 -------------------------------------------------------------------------------- ================================================================================ mingw-crt-2.0.999-0.17.trunk.20121110.fc18 (FEDORA-2013-7425) MinGW Windows cross-compiler runtime -------------------------------------------------------------------------------- Update Information: Fix compatibility issue regarding vsprintf_s on Windows XP -------------------------------------------------------------------------------- ChangeLog: * Sat May 4 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 2.0.999-0.17.trunk.20121110 - Added Windows XP compatibility wrapper for the vsprintf_s function (RHBZ #917323) -------------------------------------------------------------------------------- References: [ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows https://bugzilla.redhat.com/show_bug.cgi?id=917323 -------------------------------------------------------------------------------- ================================================================================ mingw-qt5-qtbase-5.0.2-1.fc18 (FEDORA-2013-7431) Qt5 for Windows - QtBase component -------------------------------------------------------------------------------- Update Information: Update to Qt 5.0.2 and disabled DirectWrite support (as it is unavailable on Windows XP) -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 13 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 5.0.2-1 - Update to 5.0.2 - Remove DirectWrite support for now as the necessary API isn't available on Windows XP (as mentioned in RHBZ #917323) -------------------------------------------------------------------------------- References: [ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows https://bugzilla.redhat.com/show_bug.cgi?id=917323 -------------------------------------------------------------------------------- ================================================================================ mingw-qt5-qtjsbackend-5.0.2-1.fc18 (FEDORA-2013-7431) Qt5 for Windows - QtJsBackend component -------------------------------------------------------------------------------- Update Information: Update to Qt 5.0.2 and disabled DirectWrite support (as it is unavailable on Windows XP) -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 5.0.2-1 - Update to 5.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows https://bugzilla.redhat.com/show_bug.cgi?id=917323 -------------------------------------------------------------------------------- ================================================================================ mingw-qt5-qtscript-5.0.2-1.fc18 (FEDORA-2013-7431) Qt5 for Windows - QtScript component -------------------------------------------------------------------------------- Update Information: Update to Qt 5.0.2 and disabled DirectWrite support (as it is unavailable on Windows XP) -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 5.0.2-1 - Update to 5.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows https://bugzilla.redhat.com/show_bug.cgi?id=917323 -------------------------------------------------------------------------------- ================================================================================ mingw-qt5-qttools-5.0.2-1.fc18 (FEDORA-2013-7431) Qt5 for Windows - QtTools component -------------------------------------------------------------------------------- Update Information: Update to Qt 5.0.2 and disabled DirectWrite support (as it is unavailable on Windows XP) -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 30 2013 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 5.0.2-1 - Update to 5.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows https://bugzilla.redhat.com/show_bug.cgi?id=917323 -------------------------------------------------------------------------------- ================================================================================ nodejs-get-1.2.1-2.fc18 (FEDORA-2013-7423) A slightly higher-level HTTP client for node -------------------------------------------------------------------------------- Update Information: A slightly higher-level HTTP client for Node.js -------------------------------------------------------------------------------- References: [ 1 ] Bug #957929 - Review Request: nodejs-get - A slightly higher-level HTTP client for node https://bugzilla.redhat.com/show_bug.cgi?id=957929 -------------------------------------------------------------------------------- ================================================================================ pdns-recursor-3.5.1-1.fc18 (FEDORA-2013-7424) Modern, advanced and high performance recursing/non authoritative name server -------------------------------------------------------------------------------- Update Information: - Update to 3.5.1 -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2013 Morten Stevens <mstevens@xxxxxxxxxxxxxxx> - 3.5.1-1 - Update to 3.5.1 -------------------------------------------------------------------------------- ================================================================================ pgbouncer-1.5.4-1.fc18 (FEDORA-2013-7433) Lightweight connection pooler for PostgreSQL -------------------------------------------------------------------------------- Update Information: - Update to 1.5.4, per changes described at: http://pgfoundry.org/frs/shownotes.php?release_id=2000 -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2013 Devrim GÜNDÜZ <devrim@xxxxxxxxxx> - 1.5.4-1 - Update to 1.5.4, per changes described at: http://pgfoundry.org/frs/shownotes.php?release_id=2000 -------------------------------------------------------------------------------- ================================================================================ sip-4.14.6-1.fc18 (FEDORA-2013-6830) SIP - Python/C++ Bindings Generator -------------------------------------------------------------------------------- Update Information: New sip/PyQt4 releases, see also: http://www.riverbankcomputing.com/news/sip-4146 http://www.riverbankcomputing.com/news/pyqt-4101 -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 21 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.14.6-1 - sip-4.14.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #923233 - [abrt] ninja-ide-2.1.1-4.fc18: highlighter.py:326:realtime_highlight:AttributeError: 'QTextBlockUserData' object has no attribute 'clear_data' https://bugzilla.redhat.com/show_bug.cgi?id=923233 [ 2 ] Bug #957260 - PyQt4: %{python_sitelib}/dbus/mainloop/qt.so should be in %python_sitearch https://bugzilla.redhat.com/show_bug.cgi?id=957260 -------------------------------------------------------------------------------- ================================================================================ xen-4.2.2-3.fc18 (FEDORA-2013-7426) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918], malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.2-3 - PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919) * Fri Apr 26 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.2-2 - fix further man page issues to allow building on F19 and F20 -------------------------------------------------------------------------------- References: [ 1 ] Bug #956163 - CVE-2013-1918 kernel: xen: Several long latency operations are not preemptible https://bugzilla.redhat.com/show_bug.cgi?id=956163 [ 2 ] Bug #956309 - CVE-2013-1952 kernel: xen: VT-d interrupt remapping source validation flaw for bridges https://bugzilla.redhat.com/show_bug.cgi?id=956309 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
