The following Fedora 17 Security updates need testing: Age URL 333 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 146 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 74 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 72 https://admin.fedoraproject.org/updates/FEDORA-2013-4296/tomcat6-6.0.36-1.fc17 69 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17 65 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17 54 https://admin.fedoraproject.org/updates/FEDORA-2013-5349/389-ds-base-1.2.11.21-1.fc17 47 https://admin.fedoraproject.org/updates/FEDORA-2013-5967/xorg-x11-server-1.12.4-7.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2013-8953/openjpeg-1.4-15.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-9111/livecd-tools-17.17-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-9518/mod_security-2.7.3-2.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-9505/socat-1.7.2.2-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-9522/cgit-0.9.2-1.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-9622/mediawiki-1.19.7-1.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-9628/bzr-2.5.1-11.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9771/rubygem-passenger-3.0.21-1.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9774/mingw-gnutls-2.12.23-2.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9799/gnutls-2.12.23-2.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9798/LibRaw-0.14.8-2.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-9836/nrpe-2.14-3.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-9961/perl-Dancer-1.3093-3.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 286 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 94 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2013-8916/kwebkitpart-1.3.2-2.fc17,qtwebkit-2.3.1-1.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-9111/livecd-tools-17.17-1.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-9510/notification-daemon-0.7.6-2.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-9641/polkit-0.104-7.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-9705/perl-threads-1.87-1.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9799/gnutls-2.12.23-2.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-9123/kernel-3.9.4-100.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-9842/ModemManager-0.6.2.0-1.fc17 The following builds have been pushed to Fedora 17 updates-testing compiz-0.8.8-23.fc17 globus-core-8.9-6.fc17 globus-proxy-utils-5.0-6.fc17 globus-simple-ca-3.2-3.fc17 ibus-typing-booster-0.0.32-1.fc17 libdbusmenu-12.10.2-3.fc17 libxdiff-1.0-1.fc17 openvpn-2.3.2-1.fc17 perl-Dancer-1.3093-3.fc17 python-requests-kerberos-0.3-1.fc17 repsnapper-2.2.0-0.2.a4.fc17 Details about builds: ================================================================================ compiz-0.8.8-23.fc17 (FEDORA-2013-9931) OpenGL window and compositing manager -------------------------------------------------------------------------------- Update Information: 1:0.8.8-23 - fix windows-decorator scripts and desktop files 1:0.8.8-22 - add patch to speed up start - remove --sm-disable --ignore-desktop-hints from start scipts - fix build for aarch64 - add xfce subpackage again with start script and desktop file - move matecompat plugin to main package - add requires hicolor-icon-theme - add scripts and desktop files for switch the windows-decorator to - mate subpackage - remove useless compiz_new_add-cursor-theme-support.patch - complete removal of gconf - clean up patches - rename patches and add more descriptions to spec file - remove unnecessary desktop-file-validate checks - update icon-cache scriptlets -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 3 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1:0.8.8-23 - fix windows-decorator scripts and desktop files * Sun May 26 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1:0.8.8-22 - add patch to speed up start - remove --sm-disable --ignore-desktop-hints from start scipts - fix build for aarch64 - add xfce subpackage again with start script and desktop file - move matecompat plugin to main package - add requires hicolor-icon-theme - add scripts and desktop files for switch the windows-decorator to - mate subpackage - remove useless compiz_new_add-cursor-theme-support.patch - complete removal of gconf - clean up patches - rename patches and add more descriptions to spec file - remove unnecessary desktop-file-validate checks - update icon-cache scriptlets -------------------------------------------------------------------------------- ================================================================================ globus-core-8.9-6.fc17 (FEDORA-2013-9966) Globus Toolkit - Globus Core -------------------------------------------------------------------------------- Update Information: Increase default proxy size to 1024 bits. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 3 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 8.9-6 - Add --force-missing to automake call in bootstrap * Sat May 25 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 8.9-5 - Running latex 5 times is sometimes not enough * Tue May 21 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 8.9-4 - Add aarch64 to the list of 64 bit platforms - Fix build configuration for aarch64 and x32 - Don't use AM_CONFIG_HEADER (automake 1.13) * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 8.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ globus-proxy-utils-5.0-6.fc17 (FEDORA-2013-9966) Globus Toolkit - Globus GSI Proxy Utility Programs -------------------------------------------------------------------------------- Update Information: Increase default proxy size to 1024 bits. -------------------------------------------------------------------------------- ChangeLog: * Tue May 21 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.0-6 - Add aarch64 to the list of 64 bit platforms - Use 1024 bits as default for generated proxies * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Dec 6 2012 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.0-4 - Specfile clean-up * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ globus-simple-ca-3.2-3.fc17 (FEDORA-2013-9966) Globus Toolkit - Simple CA Utility -------------------------------------------------------------------------------- Update Information: Increase default proxy size to 1024 bits. -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 3.2-3 - Don't use \t in echo * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-0.0.32-1.fc17 (FEDORA-2013-9932) A typing booster engine for the IBus platform -------------------------------------------------------------------------------- Update Information: Rewrite the code for moving and editing within the preëdit Typing characters which are not explicitly listed as “valid_input_chars” in .conf files in ibus-typing-booster get inserted in a weird position Do not use lang_chars for matching in the hunspell dictionaries, return immediately if input contains a “/” -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 2 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 0.0.32-1 - Update to 0.0.32 upstream version - Resolves: rhbz#969847 - Editing in the preëdit of ibus-typing-booster behaves weird, especially with transliteration - Fix behaviour of Control+Number - When committing by typing TAB, update frequency data in user database - When committing by tying RETURN or ENTER, update frequency data in user database - Do not try to match very long words in the hunspell dictionaries - Rewrite the code for moving and editing within the preëdit (rhbz#969847) - Fix encoding error when changing values with the setup tool - Add ko_KR.conf and ko_KR.svg - Use normalization forms NFD or NFKD internally and NFC externally - Remove old way of using libtranslit via ctypes - Get rid of “freq” column in databases - Remove too simpleminded auto-capitalization * Wed May 29 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 0.0.31-1 - Update to 0.0.31 upstream version - Resolves: rhbz#968209 - Typing characters which are not explicitly listed as “valid_input_chars” in .conf files in ibus-typing-booster get inserted in a weird position - Remove lots of unused and/or useless code - Simplify some code - Fix the problem that after “page down” the first “arrow down” does not move down in the lookup table - Never use “-” or “=” as page up and page down keys - Print more useful debug output when an exception happens - Replace unencodable characters when asking pyhunspell for suggestions - Get dictionary encoding from .aff file - Get rid of the the variable “valid_input_chars” (rhbz#968209) - Remove option “valid_input_chars” from .conf files and template.txt - Replace keysym2unichr(key.code) with IBus.keyval_to_unicode(key.code) * Sun May 26 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 0.0.30-1 - Update to 0.0.30 upstream version - simplify database structure and code - The Swedish hunspell dictionary is in UTF-8, not ISO-8859-1 - SQL LIKE should behave case sensitively - Do not throw away the input phrase in hunspell_suggest.suggest() - Merge candidates which have the same resulting phrase in select_words() - Remove phrases always from the user database when typing Alt+Number - Sync memory user database “mudb” to disk user database “user_db” on focus out - Delete all records from mudb after syncing to user_db - Do not prevent phrases of length < 4 to be added to the frequency database - Resolves: #966947 - When typing a/ with the da_DK ibus-typing-booster, one gets weird matches like a/ACJSTVW - Do not use lang_chars for matching in the hunspell dictionaries, return immediately if input contains a “/” (Resolves: #966947) - Remove lang_chars variable - Use re.escape() to escape the string typed by the user correctly for use in a regular expression - When removing a phrase with Alt+Number, remove it independent of the input_phrase -------------------------------------------------------------------------------- References: [ 1 ] Bug #969847 - Editing in the preëdit of ibus-typing-booster behaves weird, especially with transliteration https://bugzilla.redhat.com/show_bug.cgi?id=969847 [ 2 ] Bug #968209 - Typing characters which are not explicitly listed as “valid_input_chars” in .conf files in ibus-typing-booster get inserted in a weird position https://bugzilla.redhat.com/show_bug.cgi?id=968209 [ 3 ] Bug #966947 - When typing a/ with the da_DK ibus-typing-booster, one gets weird matches like a/ACJSTVW https://bugzilla.redhat.com/show_bug.cgi?id=966947 -------------------------------------------------------------------------------- ================================================================================ libdbusmenu-12.10.2-3.fc17 (FEDORA-2013-9945) A library that pulling out some code out of indicator-applet -------------------------------------------------------------------------------- Update Information: Fix BR valgrind-devel in selected archs. libdbusmenu 12.10.2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #962029 - Review Request: libdbusmenu - A library that pulling out some code out of indicator-applet https://bugzilla.redhat.com/show_bug.cgi?id=962029 -------------------------------------------------------------------------------- ================================================================================ libxdiff-1.0-1.fc17 (FEDORA-2013-9946) Basic functionality to create difference/patches in binary and text -------------------------------------------------------------------------------- Update Information: New package: libxdiff - Basic functionality to create difference/patches in binary and text -------------------------------------------------------------------------------- References: [ 1 ] Bug #969111 - Review Request: libxdiff - Basic functionality to create difference/patches in binary and text https://bugzilla.redhat.com/show_bug.cgi?id=969111 -------------------------------------------------------------------------------- ================================================================================ openvpn-2.3.2-1.fc17 (FEDORA-2013-9933) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information: 2013.05.31 -- Version 2.3.2 Only print script warnings when a script is used. Remove stray mention of script-security system. Move settings of user script into set_user_script function Move checking of script file access into set_user_script Provide more accurate warning message Fix NULL-pointer crash in route_list_add_vpn_gateway(). Fix problem with UDP tunneling due to mishandled pktinfo structures. Always push basic set of peer info values to server. make 'explicit-exit-notify' pullable again Fix proto tcp6 for server & non-P2MP modes Fix Windows script execution when called from script hooks Fixed tls-cipher translation bug in openssl-build Fixed usage of stale define USE_SSL to ENABLE_SSL Fix segfault when enabling pf plug-ins Properly enable PKCS11. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 3 2013 Jon Ciesla <limburgher@xxxxxxxxx> 2.3.2-1 - 2.3.2, BZ 970089. * Thu May 16 2013 Jon Ciesla <limburgher@xxxxxxxxx> 2.3.1-4 - chmod -x .service, BZ 963914. * Thu May 16 2013 Jon Ciesla <limburgher@xxxxxxxxx> 2.3.1-3 - Enable --enable-pkcs11, BZ 963868. -------------------------------------------------------------------------------- References: [ 1 ] Bug #970089 - openvpn-2.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=970089 [ 2 ] Bug #969503 - PKCS11 disabled on purpose? https://bugzilla.redhat.com/show_bug.cgi?id=969503 -------------------------------------------------------------------------------- ================================================================================ perl-Dancer-1.3093-3.fc17 (FEDORA-2013-9961) Lightweight yet powerful web application framework -------------------------------------------------------------------------------- Update Information: This release fixes CR-LF injection into Cookie HTTP header (CVE-2012-5572). -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 3 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1.3093-3 - Fix CVE-2012-5572 (cookie name CR-LF injection) (bug #880330) -------------------------------------------------------------------------------- References: [ 1 ] Bug #880329 - CVE-2012-5572 perl-Dancer: Newline injection due to improper CRLF escaping in cookie() and cookies() methods https://bugzilla.redhat.com/show_bug.cgi?id=880329 -------------------------------------------------------------------------------- ================================================================================ python-requests-kerberos-0.3-1.fc17 (FEDORA-2013-9943) A Kerberos authentication handler for python-requests -------------------------------------------------------------------------------- Update Information: Requests is an HTTP library, written in Python, for human beings. This library adds optional Kerberos/GSSAPI authentication support and supports mutual authentication. -------------------------------------------------------------------------------- References: [ 1 ] Bug #962612 - Review Request: python-requests-kerberos - A Kerberos authentication handler for python-requests https://bugzilla.redhat.com/show_bug.cgi?id=962612 -------------------------------------------------------------------------------- ================================================================================ repsnapper-2.2.0-0.2.a4.fc17 (FEDORA-2013-9965) RepRap control software -------------------------------------------------------------------------------- Update Information: New upstream tag release, fixing weird font issue on GNOME -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 3 2013 Miro Hrončok <mhroncok@xxxxxxxxxx> - 2.2.0-0.2.a2 - Tag 2.2.0a4 - Fixed the font bug (#969624) -------------------------------------------------------------------------------- References: [ 1 ] Bug #969624 - [abrt] repsnapper-2.2.0-0.1.a2.fc18: gobj: Process /usr/bin/repsnapper was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=969624 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test