The following Fedora 17 Security updates need testing: Age URL 354 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 166 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 94 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 89 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17 86 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17 19 https://admin.fedoraproject.org/updates/FEDORA-2013-10128/ssmtp-2.61-20.fc17 19 https://admin.fedoraproject.org/updates/FEDORA-2013-10121/subversion-1.7.10-1.fc17 11 https://admin.fedoraproject.org/updates/FEDORA-2013-10830/fail2ban-0.8.10-1.fc17 11 https://admin.fedoraproject.org/updates/FEDORA-2013-9123/kernel-3.9.5-101.fc17 8 https://admin.fedoraproject.org/updates/FEDORA-2013-10940/tomcat6-6.0.37-1.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-11234/haproxy-1.4.24-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11397/python-bugzilla-0.9.0-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11413/glpi-0.83.9-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-11649/wordpress-3.5.2-1.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 306 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 114 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-10602/dnsmasq-2.65-6.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11411/deltarpm-3.6-0.12.20110223git.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11397/python-bugzilla-0.9.0-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17 The following builds have been pushed to Fedora 17 updates-testing choqok-1.3.1-0.2.20130624.fc17 dvd+rw-tools-7.1-13.fc17 ehcache-core-2.6.0-2.fc17 gimp-2.8.6-1.fc17 gsi-openssh-5.9p1-12.fc17 ibus-typing-booster-1.1.0-1.fc17 mate-applet-softupd-0.2.8-1.fc17 python-rhsm-1.8.13-1.fc17 subscription-manager-1.8.11-1.fc17 sx-2.15-1.fc17 wordpress-3.5.2-1.fc17 Details about builds: ================================================================================ choqok-1.3.1-0.2.20130624.fc17 (FEDORA-2013-11643) KDE Micro-Blogging Client -------------------------------------------------------------------------------- Update Information: Snapshot release adds support for new twitter 1.1 api -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 24 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.1-0.2.20130624 - 1.3.1 20130624git snapshot - fix/prune %changelog - .spec cosmetics * Fri Jun 21 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.1-0.1.20130621 - 1.3.1 20130621git snapshot (uses new twitter 1.1 api) * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Nov 27 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3-5 - rebuild (qjson) * Fri Nov 23 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3-4 - rebuild (qjson) * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ dvd+rw-tools-7.1-13.fc17 (FEDORA-2013-11642) Toolchain to master DVD+RW/+R media -------------------------------------------------------------------------------- Update Information: Merged from rawhide. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 24 2013 Frantisek Kluknavsky <fkluknav@xxxxxxxxxx> - 7.1-13 - when formating blu-ray as srm+pow, handle it later correctly as srm+pow, not srm (credits Thomas Schmitt) * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 7.1-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Mon Aug 27 2012 Honza Horak <hhorak@xxxxxxxxxx> - 7.1-11 - Spec file cleanup - Print error in case we want to write already written DVD-RW in Sequential Recording mode (bug #810838) - Add man page for dvd+rw-format * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 7.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #868527 - i/o error on K3b https://bugzilla.redhat.com/show_bug.cgi?id=868527 [ 2 ] Bug #858029 - growisofs fails to close the FIRST session with SK=5h/INVALID FIELD IN CDB when burning blu-ray BD-R SL https://bugzilla.redhat.com/show_bug.cgi?id=858029 -------------------------------------------------------------------------------- ================================================================================ ehcache-core-2.6.0-2.fc17 (FEDORA-2013-11622) Easy Hibernate Cache -------------------------------------------------------------------------------- Update Information: disable embedded ehcache-sizeof-agent.jar copy. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 24 2013 gil cattaneo <puntogil@xxxxxxxxx> - 2.6.0-2 - disable embedded ehcache-sizeof-agent.jar copy -------------------------------------------------------------------------------- ================================================================================ gimp-2.8.6-1.fc17 (FEDORA-2013-11636) GNU Image Manipulation Program -------------------------------------------------------------------------------- Update Information: Overview of Changes from GIMP 2.8.4 to GIMP 2.8.6 ================================================= Core: * Fix saving to URIs, it was broken to only allow exporting, and fix save/export of compressed files * Fix brush spacing for drawing in any direction * Increase the maximum size of clipboard brushes and patterns to 1024x1024 * Make sure data objects are saved when only their name was changed GUI: * Don't allow single-window docks to shrink smaller than their requisition * Make sure a single-window's right docks keep their size across sessions * Allow to change the spacing of non-generated brushes again * In single-window mode, make Escape move the focus to the canvas, and beep if the focus is already there * Be smarter about unavailable fonts, and don't crash * Make clicking the single-window's close button quit GIMP * Make view-close (Ctrl+W) only close image windows and tabs, not docks Libgimp: * Add SIGNED_ROUND() which also rounds negative values correctly Plug-ins: * Make GIMP_PLUGIN_DEBUG work again after GLib changed logging * Fix zealous crop for transparent borders Installer: * Add Hungarian translation Data: * Add a default "Color from Gradient" dynamics and tool preset General: * Lots of bug fixes * Lots of translation updates -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 23 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.6-1 - version 2.8.6 -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-5.9p1-12.fc17 (FEDORA-2013-11637) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: Synch with latest openssh package. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 24 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.9p1-12 - Based on openssh-5.9p1-30.fc17 -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-1.1.0-1.fc17 (FEDORA-2013-11620) A typing booster engine for the IBus platform -------------------------------------------------------------------------------- Update Information: Add feature to read a text file for training the user database Don’t output page_size in “/usr/libexec/ibus-engine-typing-booster --xml”; Use ~/.local/share/ibus-typing-booster/ to store user data and log files Fix problem when IBUS_TYPING_BOOSTER_DEBUG_LEVEL is not set Much more intelligent now because it uses the context Push context *after* writing the trigram to the database -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 24 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.1.0-1 - Update to 1.1.0 upstream version - Add a commit=True parameter to check_phrase_and_update_frequency() - Fix that the page_size is shown as 0 in the setup tool if it has not been set before - Do not use AUTOINCREMENT - Make it possible to exit the setup tool by typing Control-C in the terminal - Add feature to read a text file for training the user database - Update German translations and .pot file - Fix error when the hunspell dictionary for an engine is missing * Tue Jun 18 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.0.3-1 - Update to 1.0.3 upstream version - Don’t output page_size in “/usr/libexec/ibus-engine-typing-booster --xml” (Resolves: rhbz#975449 - ibus-daemon prints warnings because “/usr/libexec/ibus-engine-typing-booster --xml” prints the invalid element “page_size”) - Use ~/.local/share/ibus-typing-booster/ to store user data and log files (Resolves: rhbz#949035 - don't use a hidden directory under .local/share) * Fri Jun 14 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.0.2-1 - Update to 1.0.2 upstream version - Push context *after* writing the trigram to the database * Fri Jun 14 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.0.1-1 - Update to 1.0.1 upstream version - Fix problem when IBUS_TYPING_BOOSTER_DEBUG_LEVEL is not set * Thu Jun 13 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.0.0-1 - Update to 1.0.0 upstream version - Remove mudb and use “Write-Ahead Logging” - Introduce an environment variable IBUS_TYPING_BOOSTER_DEBUG_LEVEL for debugging - Speed up converting an old database to the current format - Make prediction more intelligent by using context of up to 2 previous words - Automatically remove whitespace between the last word and a punctuation character ending a sentence -------------------------------------------------------------------------------- References: [ 1 ] Bug #975449 - ibus-daemon prints warnings because “/usr/libexec/ibus-engine-typing-booster --xml” prints the invalid element “page_size” https://bugzilla.redhat.com/show_bug.cgi?id=975449 [ 2 ] Bug #949035 - don't use a hidden directory under .local/share https://bugzilla.redhat.com/show_bug.cgi?id=949035 -------------------------------------------------------------------------------- ================================================================================ mate-applet-softupd-0.2.8-1.fc17 (FEDORA-2013-11625) MATE Software Update Applet -------------------------------------------------------------------------------- Update Information: - new upstream release - fix softupd creates zombie yumex processes #974176 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 24 2013 Patrick Monnerat <pm@xxxxxxxxxxxxx> 0.2.8-1 - New upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #974176 - softupd creates zombie yumex processes https://bugzilla.redhat.com/show_bug.cgi?id=974176 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.8.13-1.fc17 (FEDORA-2013-11632) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: Significant GUI performance improvements. Improved socket detection. Dozens of bugfixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 21 2013 Adrian Likins <alikins@xxxxxxxxxx> 1.8.13-1 - Added autoheal option to updateConsumer (cschevia@xxxxxxxxxx) * Fri May 31 2013 jesus m. rodriguez <jesusr@xxxxxxxxxx> 1.8.12-1 - Update the releasers with a 6.3 (bkearney@xxxxxxxxxx) - 967566: Enhance the ssl bindings to expose the issuer. (bkearney@xxxxxxxxxx) - Update the dist-git releasers (bkearney@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.8.11-1.fc17 (FEDORA-2013-11632) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: Significant GUI performance improvements. Improved socket detection. Dozens of bugfixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 20 2013 jesus m. rodriguez <jesusr@xxxxxxxxxx> 1.8.11-1 - 844532: xen dom0 cpu topology lies, work around it (alikins@xxxxxxxxxx) - 854380: fix overlap filter (ckozak@xxxxxxxxxx) - 915847: Provide option to skip using proxy when connecting to RHSM. - 921222: Fixed tab completion (cschevia@xxxxxxxxxx) - 922871: Call pre_product_id_install hook on product install (mstead@xxxxxxxxxx) - 924766: Show machine type when attaching 'virt only' subscriptions (wpoteat@xxxxxxxxxx) - 927340: added empty warning, block auth unless proxy enabled (ckozak@xxxxxxxxxx) - 928401: Fixed translation issue in redeem dialog (cschevia@xxxxxxxxxx) - 947485: System 'disconnected' if no cache and disconnected (ckozak@xxxxxxxxxx) - 947788: facts plugin can handle no 'facter' (alikins@xxxxxxxxxx) - 966137: stat-cert handles ent cert with no content (alikins@xxxxxxxxxx) - 972883: Add entries to productid.js during migration. (awood@xxxxxxxxxx) - 973938: Flush std out and catch errors to work around the broken pipe from the more command (bkearney@xxxxxxxxxx) - 974123: default behavior is help, no longer status (ckozak@xxxxxxxxxx) - 974587: Allow list --consumed to handle certificates with empty order sections (bkearney@xxxxxxxxxx) (awood@xxxxxxxxxx) - 975164: 975186: fix certlib exception handling (ckozak@xxxxxxxxxx) - Pull PluginManager from dependency injection framework (mstead@xxxxxxxxxx) - Performance enhancements (ckozak@xxxxxxxxxx) - added cp_provider doc strings, modified test fixture (ckozak@xxxxxxxxxx) - Fix expand options so there is no border txt view (alikins@xxxxxxxxxx) - Make PluginManager lazy loading (mstead@xxxxxxxxxx) * Tue Jun 4 2013 jesus m. rodriguez <jesusr@xxxxxxxxxx> 1.8.10-1 - 922825: pre_subscribe conduit now contains more data (mstead@xxxxxxxxxx) - 921222: Fixed subman auto-complete scripts (cschevia@xxxxxxxxxx) - 922806: Fix RHEL 5 firstboot issue with backButton. (dgoodwin@xxxxxxxxxx) - 960465: Subman disconnected when consumer cert is invalid (ckozak@xxxxxxxxxx) - 966747: handle a custom facts file being empty (alikins@xxxxxxxxxx) - 969280: Fix traceback on disconnected sub detach (ckozak@xxxxxxxxxx) - handle s390x's without vm info in sysinfo (alikins@xxxxxxxxxx) * Fri May 31 2013 jesus m. rodriguez <jesusr@xxxxxxxxxx> 1.8.9-1 - 905136: added accessibily name for owner_label (jmolet@xxxxxxxxxx) - 928175: fixed status command after user deletion (ckozak@xxxxxxxxxx) - 950672: Added data for yellow. Added list view. (ckozak@xxxxxxxxxx) - 963796: Unified descriptions (cschevia@xxxxxxxxxx) - 966745: Correct typo in name of configuration value. (awood@xxxxxxxxxx) - 967863: Suggest package to install when mapping file is missing. (awood@xxxxxxxxxx) - 968364: show the issuer for certs in rct. (bkearney@xxxxxxxxxx) - 966262 for rct.8; 959563 for subscription-manager.8 (dlackey@xxxxxxxxxxxxxx) - Extract latest strings from code. (dgoodwin@xxxxxxxxxx) - close file objects deliberately (alikins@xxxxxxxxxx) - Use fnmatch to add wildcard support (bkearney@xxxxxxxxxx) - One more miss from my issuer/errata debacle (bkearney@xxxxxxxxxx) - Extend use of compliance status from cp (ckozak@xxxxxxxxxx) - Add s390 lpar specific socket counting (alikins@xxxxxxxxxx) - be extra paranoid and strip nul from /sys reads (alikins@xxxxxxxxxx) - use new cpu info method by default (alikins@xxxxxxxxxx) - Add a new method for calculating cpu sockets (alikins@xxxxxxxxxx) - Added reasons to Subscription Details (ckozak@xxxxxxxxxx) - Support enable and disable of all repos. (bkearney@xxxxxxxxxx) * Tue May 21 2013 jesus m. rodriguez <jesusr@xxxxxxxxxx> 1.8.8-1 - Fix echo'ing of exit status or exception on exit (alikins@xxxxxxxxxx) - 962905: Fixing errors with quantity spinner. (awood@xxxxxxxxxx) - 961124: Allow rct dump-manifest to be called more than once (bkearney@xxxxxxxxxx) - 921249: Fix Unknown virt status being reported to server. (dgoodwin@xxxxxxxxxx) - 905136: Make the accessability value unique (bkearney@xxxxxxxxxx) - 913635: typo (dlackey@xxxxxxxxxxxxxx) - 889582 (dlackey@xxxxxxxxxxxxxx) - 962520: require python-rhsm 1.8.11 for arches (alikins@xxxxxxxxxx) - 919706: Relax rhn-setup-gnome dependency. (dgoodwin@xxxxxxxxxx) - Add new expiring icon (bkearney@xxxxxxxxxx) - use os.linesep as imported (alikins@xxxxxxxxxx) - cleanup camelCase usage in various files (alikins@xxxxxxxxxx) - adding architecture data (ckozak@xxxxxxxxxx) - Default option is status (ckozak@xxxxxxxxxx) - changed list --status to status (ckozak@xxxxxxxxxx) - adding data to installed prods (ckozak@xxxxxxxxxx) - SORT ALL THE IMPORTS! (alikins@xxxxxxxxxx) - stylish cleanup (alikins@xxxxxxxxxx) - mock.patch ConsumerIdentity instead of monkey patch (alikins@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ sx-2.15-1.fc17 (FEDORA-2013-11644) Tool to extract reports and run plug-ins against those extracted reports -------------------------------------------------------------------------------- Update Information: New upstream release to resolve bugs and add new features enhancements. No backward compatibility issues known. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 20 2013 Shane Bradley <sbradley@xxxxxxxxxx>- 2.15-0.0 - bz955343: There was incorrect labeling on cluster.py when there was no rpms found, instead of being split by HA and RS, they are split by packages and module-packages. - Changed the chkconfig cluster service summary output to display enabled and disabled services. - Modified bonding mode check for clusterevaluator since there is some new supported modes. - A devicemapper parser error when libudev entries were in the files for dmsetup_info and lvs. - Fix all the urls since kcs changed. - Added a catch all exception that will write a debug file if uncaught exception is raised. - Added a check and summary output for transport mode which includes: broadcast, multicast, and updu. - Added code to check all valid values for attributes that can be enabled and disabled for /etc/cluster/cluster.conf. - Fixed parsing of sos_commands/startup/chkconfig_--list for spanish words. -------------------------------------------------------------------------------- References: [ 1 ] Bug #977240 - Update to sx-2.15 https://bugzilla.redhat.com/show_bug.cgi?id=977240 -------------------------------------------------------------------------------- ================================================================================ wordpress-3.5.2-1.fc17 (FEDORA-2013-11649) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening. The security fixes included: - Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site. - Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan. - An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on SWFUpload here.) - Prevention of a denial of service attack, affecting sites using password-protected posts. - An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram. - Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo. - Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 24 2013 Remi Collet <rcollet@xxxxxxxxxx> - 3.5.2-1 - version 3.5.2, various bug and security fixes: CVE-2013-2173 CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 -------------------------------------------------------------------------------- References: [ 1 ] Bug #976784 - CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version https://bugzilla.redhat.com/show_bug.cgi?id=976784 [ 2 ] Bug #973254 - CVE-2013-2173 wordpress: DoS when computing user-input hash for certain password protected blogs https://bugzilla.redhat.com/show_bug.cgi?id=973254 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test