The following Fedora 17 Security updates need testing: Age URL 315 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 127 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 56 https://admin.fedoraproject.org/updates/FEDORA-2013-4174/glibc-2.15-59.fc17 55 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 54 https://admin.fedoraproject.org/updates/FEDORA-2013-4296/tomcat6-6.0.36-1.fc17 50 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17 47 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17 35 https://admin.fedoraproject.org/updates/FEDORA-2013-5349/389-ds-base-1.2.11.21-1.fc17 29 https://admin.fedoraproject.org/updates/FEDORA-2013-5967/xorg-x11-server-1.12.4-7.fc17 15 https://admin.fedoraproject.org/updates/FEDORA-2013-7144/xmp-3.4.0-11.fc17 14 https://admin.fedoraproject.org/updates/FEDORA-2013-7305/gpsd-3.9-1.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-7361/libtiff-3.9.7-2.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-7701/mediawiki-1.19.6-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-7797/curl-7.24.0-9.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-7999/tomcat-7.0.40-1.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-8065/gallery3-3.0.7-1.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-8219/krb5-1.10.2-12.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-8221/python-virtualenv-1.9.1-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-8284/thunderbird-17.0.6-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-8411/ruby-1.9.3.429-30.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-8377/varnish-3.0.3-5.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-8398/xulrunner-21.0-3.fc17,firefox-21.0-3.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 267 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 96 https://admin.fedoraproject.org/updates/FEDORA-2013-2163/policycoreutils-2.1.13-27.3.fc17 75 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-7362/abrt-2.1.4-1.fc17,libreport-2.1.4-1.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-7364/qt-4.8.4-17.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-7361/libtiff-3.9.7-2.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-7797/curl-7.24.0-9.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-7689/soprano-2.9.2-1.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-7695/analitza-4.10.3-1.fc17,ark-4.10.3-1.fc17,audiocd-kio-4.10.3-1.fc17,blinken-4.10.3-1.fc17,bomber-4.10.3-1.fc17,bovo-4.10.3-1.fc17,cantor-4.10.3-1.fc17,dragon-4.10.3-1.fc17,filelight-4.10.3-1.fc17,granatier-4.10.3-1.fc17,gwenview-4.10.3-1.fc17,iris-1.0.0-0.14.20110904svn812.fc17,jovie-4.10.3-1.fc17,juk-4.10.3-1.fc17,kaccessible-4.10.3-1.fc17,kactivities-4.10.3-1.fc17,kajongg-4.10.3-1.fc17,kalgebra-4.10.3-1.fc17,kalzium-4.10.3-1.fc17,kamera-4.10.3-1.fc17,kanagram-4.10.3-1.fc17,kapman-4.10.3-1.fc17,kate-4.10.3-1.fc17,katomic-4.10.3-1.fc17,kblackbox-4.10.3-1.fc17,kblocks-4.10.3-1.fc17,kbounce-4.10.3-1.fc17,kbreakout-4.10.3-1.fc17,kbruch-4.10.3-1.fc17,kcalc-4.10.3-1.fc17,kcharselect-4.10.3-1.fc17,kcolorchooser-4.10.3-1.fc17,kdeaccessibility-4.10.3-1.fc17,kdeadmin-4.10.3-1.fc17,kdeartwork-4.10.3-1.fc17,kde-baseapps-4.10.3-1.fc17,kde-base-artwork-4.10.3-1.fc17,kdebindings-4.10.3-1.fc17,kdeedu-4.10.3-1.fc17,kdegames-4.10.3-1.fc17,kdegraphics-4.10.3-1.fc17,kdegraphics-mobipocket-4.10.3-1.fc17,kdegraphics-strigi-analyzer-4.10.3-1.fc17,kdegraphics-thumbnailers-4.10.3-1.fc17,kde-l10n-4.10.3-1.fc17,kdelibs-4.10.3-2.fc17,kdemultimedia-4.10.3-1.fc17,kdenetwork-4.10.3-1.fc17,kdepim-4.10.3-2.fc17,kdepimlibs-4.10.3-1.fc17,kdepim-runtime-4.10.3-2.fc17,kdeplasma-addons-4.10.3-1.fc17,kde-print-manager-4.10.3-1.fc17,kde-runtime-4.10.3-1.fc17,kdesdk-4.10.3-1.fc17,kdetoys-4.10.3-1.fc17,kdeutils-4.10.3-1.fc17,kde-wallpapers-4.10.3-1.fc17,kde-workspace-4.10.3-1.fc17,kdf-4.10.3-1.fc17,kdiamond-4.10.3-1.fc17,kfloppy-4.10.3-1.fc17,kfourinline-4.10.3-1.fc17,kgamma-4.10.3-1.fc17,kgeography-4.10.3-1.fc17,kgoldrunner-4.10.3-1.fc17,kgpg-4.10.3-1.fc17,khangman-4.10.3-1.fc17,kig-4.10.3-1.fc17,kigo-4.10.3-1.fc17,killbots-4.10.3-1.fc17,kimono-4.10.3-1.fc17,kiriki-4.10.3-1.fc17,kiten-4.10.3-1.fc17,kjumpingcube-4.10.3-1.fc17,klettres-4.10.3-1.fc17,klickety-4.10.3-1.fc17,klines-4.10.3-1.fc17,kmag-4.10.3-1.fc17,kmahjongg-4.10.3-1.fc17,kmines-4.10.3-1.fc17,kmix-4.10.3-1.fc17,kmousetool-4.10.3-1 .fc17,kmouth-4.10.3-1.fc17,kmplot-4.10.3-1.fc17,knavalbattle-4.10.3-1.fc17,knetwalk-4.10.3-1.fc17,kolf-4.10.3-1.fc17,kollision-4.10.3-1.fc17,kolourpaint-4.10.3-1.fc17,konquest-4.10.3-1.fc17,konsole-4.10.3-1.fc17,kpat-4.10.3-1.fc17,kremotecontrol-4.10.3-1.fc17,kreversi-4.10.3-1.fc17,kross-interpreters-4.10.3-1.fc17,kruler-4.10.3-1.fc17,ksaneplugin-4.10.3-1.fc17,kscd-4.10.3-1.fc17,kshisen-4.10.3-1.fc17,ksirk-4.10.3-1.fc17,ksnakeduel-4.10.3-1.fc17,ksnapshot-4.10.3-1.fc17,kspaceduel-4.10.3-1.fc17,ksquares-4.10.3-1.fc17,kstars-4.10.3-1.fc17,ksudoku-4.10.3-1.fc17,ktimer-4.10.3-1.fc17,ktouch-4.10.3-1.fc17,ktuberling-4.10.3-1.fc17,kturtle-4.10.3-1.fc17,kubrick-4.10.3-1.fc17,kwallet-4.10.3-1.fc17,kwordquiz-4.10.3-1.fc17,libkcddb-4.10.3-1.fc17,libkcompactdisc-4.10.3-1.fc17,libkdcraw-4.10.3-1.fc17,libkdeedu-4.10.3-1.fc17,libkdegames-4.10.3-1.fc17,libkexiv2-4.10.3-1.fc17,libkipi-4.10.3-1.fc17,libkmahjongg-4.10.3-1.fc17,libksane-4.10.3-1.fc17,lskat-4.10.3-1.fc17,marble-4.10.3-1.fc17,nepomuk-core-4.10.3-1.fc17,nepomuk-widgets-4.10.3-1.fc17,okular-4.10.3-1.fc17,oxygen-icon-theme-4.10.3-1.fc17,pairs-4.10.3-1.fc17,palapeli-4.10.3-1.fc17,parley-4.10.3-1.fc17,picmi-4.10.3-1.fc17,pykde4-4.10.3-1.fc17,qyoto-4.10.3-1.fc17,rocs-4.10.3-1.fc17,ruby-korundum-4.10.3-1.fc17,ruby-qt-4.10.3-1.fc17,smokegen-4.10.3-1.fc17,smokekde-4.10.3-1.fc17,smokeqt-4.10.3-1.fc17,step-4.10.3-1.fc17,superkaramba-4.10.3-1.fc17,svgpart-4.10.3-1.fc17,sweeper-4.10.3-1.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-8056/pcre-8.21-7.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-8052/ncurses-5.9-11.20130511.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-8069/lxpanel-0.5.12-2.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-8311/evolution-data-server-3.4.4-5.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-8284/thunderbird-17.0.6-1.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-8224/kernel-3.8.13-100.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-8398/xulrunner-21.0-3.fc17,firefox-21.0-3.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-8394/xorg-x11-drv-synaptics-1.6.3-4.fc17 The following builds have been pushed to Fedora 17 updates-testing bacula-5.2.13-10.fc17 ctstream-7-1.fc17 erlang-erlsyslog-0.6.1-1.fc17 firefox-21.0-3.fc17 libvisio-0.0.27-1.fc17 perl-Plack-Middleware-Deflater-0.08-2.fc17 perl-Spreadsheet-XLSX-0.13-3.fc17 python-concurrentloghandler-0.8.4-9.fc17 ruby-1.9.3.429-30.fc17 varnish-3.0.3-5.fc17 xen-4.1.5-3.fc17 xorg-x11-drv-synaptics-1.6.3-4.fc17 xulrunner-21.0-3.fc17 Details about builds: ================================================================================ bacula-5.2.13-10.fc17 (FEDORA-2013-8401) Cross platform network backup for Linux, Unix, Mac and Windows -------------------------------------------------------------------------------- Update Information: Fix aarch64 build, add bpluginfo command. -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2013 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.13-10 - Add aarch64 patch (#925072). - Add bpluginfo commmand. -------------------------------------------------------------------------------- ================================================================================ ctstream-7-1.fc17 (FEDORA-2013-8388) Get URLs of Czech Television video streams -------------------------------------------------------------------------------- Update Information: Output stream as binary data. -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 7-1 - Version 7 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #963561 - ctstream-7 is available https://bugzilla.redhat.com/show_bug.cgi?id=963561 -------------------------------------------------------------------------------- ================================================================================ erlang-erlsyslog-0.6.1-1.fc17 (FEDORA-2013-8376) Syslog facility for Erlang -------------------------------------------------------------------------------- Update Information: - Fix for dynamic verbosity change -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 0.6.1-1 - Fix for dynamic verbosity change * Thu May 16 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 0.6-1 - Ver. 0.6 - Fixed driver locking on Erlang R16B - Allow dynamically change verbosity level (don't print info or warning messages) * Fri Apr 26 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 0.5-1 - Ver. 0.5 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ firefox-21.0-3.fc17 (FEDORA-2013-8398) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: Update to latest upstream (21.0) -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2013 Martin Stransky <stransky@xxxxxxxxxx> - 21.0-3 - Fixed extension compatibility dialog (rhbz#963422) * Wed May 15 2013 Martin Stransky <stransky@xxxxxxxxxx> - 21.0-2 - Keep compatibility with old preference dir * Tue May 14 2013 Martin Stransky <stransky@xxxxxxxxxx> - 21.0-1 - Updated to latest upstream (21.0) * Thu May 9 2013 Martin Stransky <stransky@xxxxxxxxxx> - 20.0-5 - Removed firstrun page (rhbz#864793) - Made zip/unzip quiet in langpacks processing * Thu Apr 18 2013 Martin Stransky <stransky@xxxxxxxxxx> - 20.0-4 - Updated xulrunner check * Thu Apr 18 2013 Martin Stransky <stransky@xxxxxxxxxx> - 20.0-3 - Added a workaround for rhbz#907424 - textarea redrawn wrongly during edit * Thu Apr 18 2013 Jan Horak <jhorak@xxxxxxxxxx> - 20.0-2 - Updated manual page -------------------------------------------------------------------------------- ================================================================================ libvisio-0.0.27-1.fc17 (FEDORA-2013-8379) A library providing ability to interpret and import visio diagrams -------------------------------------------------------------------------------- Update Information: This update fixes some potential bugs. -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2013 David Tardon <dtardon@xxxxxxxxxx> - 0.0.27-1 - new release -------------------------------------------------------------------------------- ================================================================================ perl-Plack-Middleware-Deflater-0.08-2.fc17 (FEDORA-2013-8393) Compress response body with Gzip or Deflate -------------------------------------------------------------------------------- Update Information: Plack::Middleware::Deflater is a middleware to encode your response body in gzip or deflate, based on Accept-Encoding HTTP request header. It would save the bandwidth a little bit but should increase the Plack server load, so ideally you should handle this on the front end reverse proxy servers. -------------------------------------------------------------------------------- References: [ 1 ] Bug #959188 - Review Request: perl-Plack-Middleware-Deflater - Compress response body with Gzip or Deflate https://bugzilla.redhat.com/show_bug.cgi?id=959188 -------------------------------------------------------------------------------- ================================================================================ perl-Spreadsheet-XLSX-0.13-3.fc17 (FEDORA-2013-8412) Perl extension for reading Microsoft Excel 2007 files -------------------------------------------------------------------------------- Update Information: The Spreadsheet::XLSX module is a emulation of Spreadsheet::ParseExcel for Excel 2007 (.xlsx) file format in a quick and dirty way. It supports styles and many of the Excel's quirks, but not all. It populates the classes from Spreadsheet::ParseExcel for interoperability; including workbook, worksheet and cell. -------------------------------------------------------------------------------- References: [ 1 ] Bug #952796 - Review Request: perl-Spreadsheet-XLSX - Perl extension for reading Microsoft Excel 2007 files https://bugzilla.redhat.com/show_bug.cgi?id=952796 -------------------------------------------------------------------------------- ================================================================================ python-concurrentloghandler-0.8.4-9.fc17 (FEDORA-2013-8402) Concurrent logging handler (drop-in replacement for RotatingFileHandler) -------------------------------------------------------------------------------- Update Information: Suppress exceptions from flush in release. RHBZ#858922 -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2013 Dan Callaghan <dcallagh@xxxxxxxxxx> - 0.8.4-9 - RHBZ#952929: ensure stream lock is closed - RHBZ#858922: suppress exceptions in release * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #858922 - release should catch IOError during flush https://bugzilla.redhat.com/show_bug.cgi?id=858922 -------------------------------------------------------------------------------- ================================================================================ ruby-1.9.3.429-30.fc17 (FEDORA-2013-8411) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information: A vulnerability was found in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. This vulnerability has been assigned the CVE identifier CVE-2013-2065. This rpm will fix this issue. -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.9.3.429-30 - Update to 1.9.3 p429 - Fix object taint bypassing in DL and Fiddle (CVE-2013-2065) -------------------------------------------------------------------------------- References: [ 1 ] Bug #962862 - CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=962862 -------------------------------------------------------------------------------- ================================================================================ varnish-3.0.3-5.fc17 (FEDORA-2013-8377) High-performance HTTP accelerator -------------------------------------------------------------------------------- Update Information: * Added macro _hardened_build to enforce compiling with PIE * Moved ldconfig in postun script to a shell line * Corrected some bogus dates in the changelog -------------------------------------------------------------------------------- ChangeLog: * Wed May 15 2013 Ingvar Hagelund <ingvar@xxxxxxxxxxxxxxxxxx> 3.0.3-5 - Added macro _hardened_build to enforce compiling with PIE, closes #955156 - moved ldconfig in postun script to a shell line, since the following lines may expand to more shell commands on fedora >=18 - Corrected some bogus dates in the changelog * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #955156 - varnish package should be built with PIE flags https://bugzilla.redhat.com/show_bug.cgi?id=955156 -------------------------------------------------------------------------------- ================================================================================ xen-4.1.5-3.fc17 (FEDORA-2013-8397) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: xen-devel should require libuuid-devel, pygrub menu items can include too much text -------------------------------------------------------------------------------- ChangeLog: * Wed May 15 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.1.5-3 - xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524) -------------------------------------------------------------------------------- References: [ 1 ] Bug #962833 - xen-devel should require libuuid-devel https://bugzilla.redhat.com/show_bug.cgi?id=962833 [ 2 ] Bug #958524 - pygrub can't cope with extra double or single quotes in menuentry statements https://bugzilla.redhat.com/show_bug.cgi?id=958524 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-synaptics-1.6.3-4.fc17 (FEDORA-2013-8394) Xorg X11 Synaptics touchpad input driver -------------------------------------------------------------------------------- Update Information: Fix unresolved symbol error when clickpad code is triggered -------------------------------------------------------------------------------- ChangeLog: * Thu May 16 2013 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 1.6.3-4 - Make sure BUG_RETURN_VAL is defined (#962721) -------------------------------------------------------------------------------- References: [ 1 ] Bug #962721 - Xorg killed when clicking using hard button on touchpad xorg-x11-drv-synaptics-1.6.3-3.fc17.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=962721 -------------------------------------------------------------------------------- ================================================================================ xulrunner-21.0-3.fc17 (FEDORA-2013-8398) XUL Runtime for Gecko Applications -------------------------------------------------------------------------------- Update Information: Update to latest upstream (21.0) -------------------------------------------------------------------------------- ChangeLog: * Mon May 13 2013 Martin Stransky <stransky@xxxxxxxxxx> - 21.0-3 - New upstream tarball (build 4) * Mon May 13 2013 Martin Stransky <stransky@xxxxxxxxxx> - 21.0-2 - Updated requested NSS/NSPR versions * Sun May 12 2013 Martin Stransky <stransky@xxxxxxxxxx> - 21.0-1 - Update to latest upstream (21.0) * Fri Apr 5 2013 Martin Stransky <stransky@xxxxxxxxxx> - 20.0-4 - Updated rhbz-911314.patch for xulrunner 20 * Wed Apr 3 2013 Martin Stransky <stransky@xxxxxxxxxx> - 20.0-3 - A workaround for Bug 928353 - firefox i686 crashes for a number of web pages -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
