The following Fedora 17 Security updates need testing: Age URL 361 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 173 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 101 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 96 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17 93 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17 25 https://admin.fedoraproject.org/updates/FEDORA-2013-10128/ssmtp-2.61-20.fc17 25 https://admin.fedoraproject.org/updates/FEDORA-2013-10121/subversion-1.7.10-1.fc17 15 https://admin.fedoraproject.org/updates/FEDORA-2013-10940/tomcat6-6.0.37-1.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-11397/python-bugzilla-0.9.0-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17 6 https://admin.fedoraproject.org/updates/FEDORA-2013-11649/wordpress-3.5.2-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11413/glpi-0.83.9.1-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11785/xen-4.1.5-8.fc17 3 https://admin.fedoraproject.org/updates/FEDORA-2013-11871/xen-4.1.5-9.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-11992/php-pecl-radius-1.2.7-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12062/ruby-1.9.3.448-31.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12075/gegl-0.2.0-11.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 313 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17 121 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-11411/deltarpm-3.6-0.12.20110223git.fc17 10 https://admin.fedoraproject.org/updates/FEDORA-2013-11397/python-bugzilla-0.9.0-1.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17 The following builds have been pushed to Fedora 17 updates-testing cups-1.5.4-22.fc17 gegl-0.2.0-11.fc17 mate-control-center-1.6.0-2.fc17 mate-file-archiver-1.6.0-2.fc17 mate-file-manager-1.6.1-9.fc17 python-fsmonitor-0.1-1.fc17 quiterss-0.13.1-1.fc17 rekonq-2.3.2-1.fc17 ruby-1.9.3.448-31.fc17 tweepy-2.0-1.fc17 vanityhash-1.1-1.fc17 Details about builds: ================================================================================ cups-1.5.4-22.fc17 (FEDORA-2013-12076) Common Unix Printing System -------------------------------------------------------------------------------- Update Information: This update fixes some issues with the move of some options from cupsd.conf to cups-files.conf, and prevents a crash in the dnssd backend. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.5.4-22 - dnssd backend: don't crash if avahi gives a callback with no TXT record (bug #927040). * Tue Mar 5 2013 Tim Waugh <twaugh@xxxxxxxxxx> 1:1.5.4-21 - Documentation fixes from STR #4223 (bug #915981). * Fri Jan 18 2013 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.5.4-20 - Add quirk rule for Canon MP210 (#847923). * Mon Jan 14 2013 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.5.4-19 - Fix unowned directories (#894531). -------------------------------------------------------------------------------- References: [ 1 ] Bug #882379 - cups RPM moves LogFilePerm from cupsd.conf to cups-files.conf and breaks cups https://bugzilla.redhat.com/show_bug.cgi?id=882379 [ 2 ] Bug #915981 - cups-files.conf html help files missing, many config entries undocumented https://bugzilla.redhat.com/show_bug.cgi?id=915981 [ 3 ] Bug #927040 - [abrt] cups-1.5.4-20.fc18: avahi_string_list_get_pair: Process /usr/lib/cups/backend/dnssd was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=927040 -------------------------------------------------------------------------------- ================================================================================ gegl-0.2.0-11.fc17 (FEDORA-2013-12075) A graph based image processing framework -------------------------------------------------------------------------------- Update Information: This update contains the following changes: * Fix buffer overflow in and add plausibility checks to the ppm-load operation. * Fix multi-lib issue where content of generated documentation could differ between architectures. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Nils Philippsen <nils@xxxxxxxxxx> - 0.2.0-11 - replace lua-5.2 patch by upstream commit - fix buffer overflow in and add plausibility checks to ppm-load op (CVE-2012-4433) - fix multi-lib issue in generated documentation * Wed May 15 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.2.0-10 - rebuild for lua 5.2 - disable check suite (so broken) * Sun Mar 10 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.2.0-9 - rebuild (OpenEXR) * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 0.2.0-7 - rebuild due to "jpeg8-ABI" feature drop * Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 0.2.0-6 - rebuild against new libjpeg * Fri Oct 19 2012 Nils Philippsen <nils@xxxxxxxxxx> - 0.2.0-5 - don't catch "make check" errors but skip known problematic tests * Fri Oct 19 2012 Nils Philippsen <nils@xxxxxxxxxx> - 0.2.0-4 - don't require lensfun-devel for building without workshop ops * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed May 2 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.2.0-2 - rebuild (exiv2) -------------------------------------------------------------------------------- References: [ 1 ] Bug #856300 - CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers https://bugzilla.redhat.com/show_bug.cgi?id=856300 -------------------------------------------------------------------------------- ================================================================================ mate-control-center-1.6.0-2.fc17 (FEDORA-2013-12101) MATE Desktop control-center -------------------------------------------------------------------------------- Update Information: add runtime require gsettings-desktop-schemas to have proxy support from gnome gsettings schema -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 29 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.0.2 - add runtime require gsettings-desktop-schemas to have proxy support - from gnome gsettings schema - remove needless mate-control-center.convert file - remove unused-direct-shlib-dependency to avoid rpmlint warnings - cleanup BR's -------------------------------------------------------------------------------- ================================================================================ mate-file-archiver-1.6.0-2.fc17 (FEDORA-2013-12127) MATE Desktop file archiver -------------------------------------------------------------------------------- Update Information: - https://github.com/mate-desktop/mate-file-archiver/issues/19, - fix add folder to an existing archive -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 30 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.0-2 - https://github.com/mate-desktop/mate-file-archiver/issues/19, - fix add folder to existing archive - remove BR gsettings-desktop-schemas - remove BR glib2-devel - remove needless gsettings convert file * Wed Apr 3 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.6.0-1 - Update to latest 1.6.0 stable release. -------------------------------------------------------------------------------- ================================================================================ mate-file-manager-1.6.1-9.fc17 (FEDORA-2013-12061) File manager for MATE -------------------------------------------------------------------------------- Update Information: - set autostart to false in caja-autostart, fix rhbz #969663 - add mate-file-manager_fix-radio-buttons.patch to fix rhbz #964357 - fix single-click 'behavior' for open files and folders - remove gsettings convert file - add AutostartCondition to caja-autostart.desktop -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-9 - set autostart to false in caja-autostart, fix rhbz #969663 - and #978598 * Sun Jun 30 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-8 - add mate-file-manager_fix-radio-buttons.patch to fix rhbz #964357 - clean up BR's - add runtime require hicolor-icon-theme - revert 1.6.1-7 changes * Thu Jun 20 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.6.1-7 - Try caja without the autostart file (886029) * Sat Jun 15 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-6 - remove gsettings convert file -------------------------------------------------------------------------------- ================================================================================ python-fsmonitor-0.1-1.fc17 (FEDORA-2013-12097) Filesystem Monitoring for Python -------------------------------------------------------------------------------- Update Information: python-fsmonitor 0.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #979847 - python-fsmonitor - Filesystem Monitoring for Python https://bugzilla.redhat.com/show_bug.cgi?id=979847 -------------------------------------------------------------------------------- ================================================================================ quiterss-0.13.1-1.fc17 (FEDORA-2013-12065) RSS/Atom aggregator -------------------------------------------------------------------------------- Update Information: Vesion bump. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 TI_Eugene <ti.eugene@xxxxxxxxx> - 0.13.1-1 - Version bump -------------------------------------------------------------------------------- ================================================================================ rekonq-2.3.2-1.fc17 (FEDORA-2013-12128) KDE browser based on QtWebkit -------------------------------------------------------------------------------- Update Information: Rekonq 2.3.2 release -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Jan Grulich <jgrulich@xxxxxxxxxx> 2.3.2-1 - 2.3.2 -------------------------------------------------------------------------------- ================================================================================ ruby-1.9.3.448-31.fc17 (FEDORA-2013-12062) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information: A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority. This vulnerability has been assigned the CVE identifier CVE-2013-4073. This new update should solve this issue. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.9.3.448-31 - Update to 1.9.3 p448 - Fix hostname check bypassing vulnerability in SSL client (CVE-2013-4073) -------------------------------------------------------------------------------- References: [ 1 ] Bug #979295 - ruby: CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=979295 -------------------------------------------------------------------------------- ================================================================================ tweepy-2.0-1.fc17 (FEDORA-2013-12112) Twitter library for python -------------------------------------------------------------------------------- Update Information: Update tweepy to version 2.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 28 2013 rtnpro <rtnpro@xxxxxxxxx> 2.0-1 - Update to tweepy v2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #675104 - Review Request: tweepy - Twitter library for python https://bugzilla.redhat.com/show_bug.cgi?id=675104 -------------------------------------------------------------------------------- ================================================================================ vanityhash-1.1-1.fc17 (FEDORA-2013-12066) Hexadecimal hash fragment creation tool -------------------------------------------------------------------------------- Update Information: Hexadecimal hash fragment creation tool. -------------------------------------------------------------------------------- References: [ 1 ] Bug #979370 - Review Request: vanityhash - Hexadecimal hash fragment creation tool https://bugzilla.redhat.com/show_bug.cgi?id=979370 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
