The following Fedora 17 Security updates need testing: Age URL 327 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 139 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 68 https://admin.fedoraproject.org/updates/FEDORA-2013-4174/glibc-2.15-59.fc17 67 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 66 https://admin.fedoraproject.org/updates/FEDORA-2013-4296/tomcat6-6.0.36-1.fc17 62 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17 59 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17 47 https://admin.fedoraproject.org/updates/FEDORA-2013-5349/389-ds-base-1.2.11.21-1.fc17 40 https://admin.fedoraproject.org/updates/FEDORA-2013-5967/xorg-x11-server-1.12.4-7.fc17 27 https://admin.fedoraproject.org/updates/FEDORA-2013-7144/xmp-3.4.0-11.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2013-8284/thunderbird-17.0.6-1.fc17 11 https://admin.fedoraproject.org/updates/FEDORA-2013-8411/ruby-1.9.3.429-30.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-8786/spnavcfg-0.2.1-5.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-8789/pmount-0.9.23-4.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-8953/openjpeg-1.4-15.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9170/slock-1.1-3.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9116/transifex-client-0.9-1.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9111/livecd-tools-17.17-1.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9138/xorg-x11-drv-openchrome-0.3.3-1.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-9258/pki-tps-9.0.11-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-9518/mod_security-2.7.3-2.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-9505/socat-1.7.2.2-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-9522/cgit-0.9.2-1.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 279 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 108 https://admin.fedoraproject.org/updates/FEDORA-2013-2163/policycoreutils-2.1.13-27.3.fc17 87 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2013-8311/evolution-data-server-3.4.4-5.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2013-8284/thunderbird-17.0.6-1.fc17 9 https://admin.fedoraproject.org/updates/FEDORA-2013-8581/clutter-1.10.8-2.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-8807/fedora-bookmarks-15-2.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-8916/kwebkitpart-1.3.2-2.fc17,qtwebkit-2.3.1-1.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9123/kernel-3.9.4-100.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9111/livecd-tools-17.17-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-9510/notification-daemon-0.7.6-2.fc17 The following builds have been pushed to Fedora 17 updates-testing babeld-1.3.7-1.fc17 bacula-5.2.13-11.fc17 cgit-0.9.2-1.fc17 im-chooser-1.5.2.2-2.fc17 libmspack-0.4-0.1.alpha.fc17 libstoragemgmt-0.0.20-1.fc17 mariadb-5.5.31-1.fc17 mod_security-2.7.3-2.fc17 notification-daemon-0.7.6-2.fc17 qgit-2.5-1.fc17 qodem-0.3.2-5.fc17 socat-1.7.2.2-1.fc17 sugar-fototoon-15-2.fc17 Details about builds: ================================================================================ babeld-1.3.7-1.fc17 (FEDORA-2013-9513) Ad-hoc network routing daemon -------------------------------------------------------------------------------- Update Information: * Fix a bug that would cause the channel list to remain stuck at its initial value when running with -z3. -------------------------------------------------------------------------------- ChangeLog: * Tue May 28 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 1.3.7-1 - 1.3.7. -------------------------------------------------------------------------------- ================================================================================ bacula-5.2.13-11.fc17 (FEDORA-2013-9515) Cross platform network backup for Linux, Unix, Mac and Windows -------------------------------------------------------------------------------- Update Information: Remove non free code from Bacula -------------------------------------------------------------------------------- ChangeLog: * Tue May 28 2013 Petr Hracek <phracek@xxxxxxxxxx> - 5.2.13-11 - Fix for nonfree code (#967417) -------------------------------------------------------------------------------- References: [ 1 ] Bug #967417 - bacula included non-free code https://bugzilla.redhat.com/show_bug.cgi?id=967417 -------------------------------------------------------------------------------- ================================================================================ cgit-0.9.2-1.fc17 (FEDORA-2013-9522) A fast web interface for git -------------------------------------------------------------------------------- Update Information: A directory traversal vulnerability was discovered in cgit. By default, cgit is not affected. However, if cgit is configured to use a readme file from a filesystem path instead of from the git repo itself then files outside of the repository can be read. Refer to the discussion on oss-security for further details: http://www.openwall.com/lists/oss-security/2013/05/25/3 -------------------------------------------------------------------------------- ChangeLog: * Mon May 27 2013 Todd Zullinger <tmz@xxxxxxxxx> - 0.9.2-1 - Update to 0.9.2, fixes CVE-2013-2117 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Nov 21 2012 Kevin Fenzi <kevin@xxxxxxxxx> 0.9.1-3 - Fixed ldflags. Fixes bug 878611 -------------------------------------------------------------------------------- References: [ 1 ] Bug #967346 - CVE-2013-2117 cgit: directory traversal https://bugzilla.redhat.com/show_bug.cgi?id=967346 -------------------------------------------------------------------------------- ================================================================================ im-chooser-1.5.2.2-2.fc17 (FEDORA-2013-9487) Desktop Input Method configuration tool -------------------------------------------------------------------------------- Update Information: Fix a crash issue -------------------------------------------------------------------------------- ChangeLog: * Tue May 28 2013 Akira TAGOH <tagoh@xxxxxxxxxx> - 1.5.2.2-2 - Fix a crash issue. (#859624) -------------------------------------------------------------------------------- References: [ 1 ] Bug #859624 - [abrt] im-chooser-1.5.2.2-1.fc17: Process /usr/bin/im-chooser was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=859624 -------------------------------------------------------------------------------- ================================================================================ libmspack-0.4-0.1.alpha.fc17 (FEDORA-2013-9516) Library for CAB and related files compression and decompression -------------------------------------------------------------------------------- Update Information: update to version 0.4 - add support for decompressing a new file format, the Exchange Offline Address Book (OAB) -------------------------------------------------------------------------------- ChangeLog: * Tue May 28 2013 Dan Horák <dan[at]danny.cz> - 0.4-0.1.alpha - updated to 0.4alpha * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3-0.4.alpha - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3-0.3.alpha - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ libstoragemgmt-0.0.20-1.fc17 (FEDORA-2013-9502) Storage array management library -------------------------------------------------------------------------------- Update Information: New upstream release. Upstream update. Upstream update. -------------------------------------------------------------------------------- ChangeLog: * Tue May 28 2013 Tony Asleson <tasleson@xxxxxxxxxx> - 0.0.20-1 - New upstream release - Separate package for python libraries - Make timestamps match on version.py in library - Add python-paramiko requirement for IBM plug-in * Mon Apr 22 2013 Tony Asleson <tasleson@xxxxxxxxxx> - 0.0.19-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ mariadb-5.5.31-1.fc17 (FEDORA-2013-9511) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information: This is an update to the new upstream release 5.5.31, which fixes issues described at https://kb.askmonty.org/en/mariadb-5531-changelog/. Since this update, MariaDB will use /var/tmp as temporary directory and conflicting mytop utility was removed. -------------------------------------------------------------------------------- ChangeLog: * Fri May 24 2013 Honza Horak <hhorak@xxxxxxxxxx> 5.5.31-1 - Rebase to 5.5.31 https://kb.askmonty.org/en/mariadb-5531-changelog/ - Preserve time-stamps in case of installed files - Use /var/tmp instead of /tmp, since the later is using tmpfs, which can cause problems Resolves: #962087 - Fix test suite requirements * Sun May 5 2013 Honza Horak <hhorak@xxxxxxxxxx> 5.5.30-2 - Remove mytop utility, which is packaged separately - Resolve multilib conflicts in mysql/private/config.h * Fri Mar 22 2013 Honza Horak <hhorak@xxxxxxxxxx> 5.5.30-1 - Rebase to 5.5.30 https://kb.askmonty.org/en/mariadb-5530-changelog/ * Wed Mar 13 2013 Honza Horak <hhorak@xxxxxxxxxx> 5.5.29-9 - Let mariadb-embedded-devel conflict with MySQL-embedded-devel - Adjust mariadb-sortbuffer.patch to correspond with upstream patch * Mon Mar 4 2013 Honza Horak <hhorak@xxxxxxxxxx> 5.5.29-8 - Mask expected warnings about setrlimit in test suite * Thu Feb 28 2013 Honza Horak <hhorak@xxxxxxxxxx> 5.5.29-7 - Use configured prefix value instead of guessing basedir in mysql_config Resolves: #916189 - Export dynamic columns and non-blocking API functions documented by upstream * Wed Feb 27 2013 Honza Horak <hhorak@xxxxxxxxxx> 5.5.29-6 - Fix sort_buffer_length option type * Wed Feb 13 2013 Honza Horak <hhorak@xxxxxxxxxx> 5.5.29-5 - Suppress warnings in tests and skip tests also on ppc64p7 -------------------------------------------------------------------------------- ================================================================================ mod_security-2.7.3-2.fc17 (FEDORA-2013-9518) Security module for the Apache HTTP Server -------------------------------------------------------------------------------- Update Information: Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) and a possible memory leak. -------------------------------------------------------------------------------- ChangeLog: * Tue May 28 2013 Athmane Madjoudj <athmane@xxxxxxxxxxxxxxxxx> 2.7.3-2 - Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615) - Fix a possible memory leak. -------------------------------------------------------------------------------- References: [ 1 ] Bug #967615 - mod_security: NULL pointer dereference (DoS, crash) when forceRequestBodyVariable action triggered and unknown Content-Type was used https://bugzilla.redhat.com/show_bug.cgi?id=967615 -------------------------------------------------------------------------------- ================================================================================ notification-daemon-0.7.6-2.fc17 (FEDORA-2013-9510) Desktop Notification Daemon -------------------------------------------------------------------------------- Update Information: NEW in 0.7.6: ============== - Fix a wrong loop condition - Translation updates (Marathi) -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Sep 4 2012 Richard Hughes <hughsient@xxxxxxxxx> - 0.7.6-1 - Update to 0.7.6 * Fri Jul 27 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jun 7 2012 Richard Hughes <hughsient@xxxxxxxxx> - 0.7.5-1 - Update to 0.7.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #829269 - Notification daemon ignore timeout settings in notify-send https://bugzilla.redhat.com/show_bug.cgi?id=829269 -------------------------------------------------------------------------------- ================================================================================ qgit-2.5-1.fc17 (FEDORA-2013-9512) GUI browser for git repositories -------------------------------------------------------------------------------- Update Information: update to new upstream version 2.5 - Chris OBryan fixed the sorting of the tree-view with non-latin locales - Tim Blechmann contributed a better support for dark GUI color schemes - the annoying bug of off-sync line numbers in the annotation file view is now gone -------------------------------------------------------------------------------- ChangeLog: * Mon May 27 2013 Dan Horák <dan[at]danny.cz> - 2.5-1 - update to 2.5 * Fri Feb 22 2013 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 2.4-6 - iremove --vendor from desktop-file-install https://fedorahosted.org/fesco/ticket/1077 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.4-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ qodem-0.3.2-5.fc17 (FEDORA-2013-9496) Terminal emulator and communications package -------------------------------------------------------------------------------- Update Information: Add autoreconf to permit building for aarch64. -------------------------------------------------------------------------------- ChangeLog: * Sun May 26 2013 Richard Shaw <hobbes1069@xxxxxxxxx> - 0.3.2-5 - Add autoreconf to permit building for aarch64. * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #926412 - qodem: Does not support aarch64 in f19 and rawhide https://bugzilla.redhat.com/show_bug.cgi?id=926412 -------------------------------------------------------------------------------- ================================================================================ socat-1.7.2.2-1.fc17 (FEDORA-2013-9505) Bidirectional data relay between two data channels ('netcat++') -------------------------------------------------------------------------------- Update Information: Fix for CVE-2013-3571: Denial of service due to file descriptor leak -------------------------------------------------------------------------------- ChangeLog: * Mon May 27 2013 Paul Wouters <pwouters@xxxxxxxxxx> - 1.7.2.2-1 - Updated to 1.7.2.2 for CVE-2013-3571, rhbz#967539 -------------------------------------------------------------------------------- References: [ 1 ] Bug #967345 - CVE-2013-3571 socat: Denial of service due to file descriptor leak https://bugzilla.redhat.com/show_bug.cgi?id=967345 -------------------------------------------------------------------------------- ================================================================================ sugar-fototoon-15-2.fc17 (FEDORA-2013-9517) An activity used to create cartoons -------------------------------------------------------------------------------- Update Information: Version 15 release -------------------------------------------------------------------------------- ChangeLog: * Mon May 27 2013 Kalpa Welivitigoda <callkalpa@xxxxxxxxx> - 15-2 - rectified the error of uploading the source with a different extension * Mon May 27 2013 Kalpa Welivitigoda <callkalpa@xxxxxxxxx> - 15-1 - Release version 15 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
