The following Fedora 18 Security updates need testing: Age URL 174 https://admin.fedoraproject.org/updates/FEDORA-2013-0416/fedora-business-cards-1-0.1.beta1.fc18 107 https://admin.fedoraproject.org/updates/FEDORA-2013-3935/puppet-3.1.1-1.fc18 101 https://admin.fedoraproject.org/updates/FEDORA-2013-4243/stunnel-4.55-1.fc18 88 https://admin.fedoraproject.org/updates/FEDORA-2013-4823/microcode_ctl-2.0-3.fc18 72 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 31 https://admin.fedoraproject.org/updates/FEDORA-2013-9707/livecd-tools-18.16-2.fc18 27 https://admin.fedoraproject.org/updates/FEDORA-2013-9962/subversion-1.7.10-1.fc18 10 https://admin.fedoraproject.org/updates/FEDORA-2013-11419/python-bugzilla-0.9.0-1.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-10713/openstack-keystone-2012.2.4-5.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-11574/curl-7.27.0-11.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-11630/wordpress-3.5.2-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11768/xen-4.2.2-9.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11396/glpi-0.83.9.1-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-11646/ReviewBoard-1.7.11-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-11874/xen-4.2.2-10.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12108/gegl-0.2.0-11.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12123/ruby-1.9.3.448-31.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-11998/php-pecl-radius-1.2.7-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12032/autotrace-0.31.1-34.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 142 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 22 https://admin.fedoraproject.org/updates/FEDORA-2013-10428/NetworkManager-0.9.8.2-1.fc18,network-manager-applet-0.9.8.2-1.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-11278/make-3.82-14.fc18 10 https://admin.fedoraproject.org/updates/FEDORA-2013-11419/python-bugzilla-0.9.0-1.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-11498/binutils-2.23.51.0.1-10.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-11574/curl-7.27.0-11.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-11629/unzip-6.0-10.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11749/gnome-shell-3.6.3.1-2.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-11757/xorg-x11-drv-synaptics-1.6.4-2.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-11864/gnome-packagekit-3.6.2-2.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12117/lcms2-2.5-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-11995/kernel-3.9.8-200.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-11959/procps-ng-3.3.3-6.20120807git.fc18 The following builds have been pushed to Fedora 18 updates-testing dpkg-1.16.10-6.fc18 dsqlite-1.1.1-1.fc18 f1lt-2.1.1-1.fc18 gegl-0.2.0-11.fc18 ladvd-1.0.4-3.fc18 lcms2-2.5-1.fc18 mate-file-archiver-1.6.0-2.fc18 mate-file-manager-1.6.1-9.fc18 maven-javadoc-plugin-2.9.1-1.fc18.1 mingw-glew-1.9.0-5.fc18 openlmi-providers-0.0.25-2.fc18 php-PHP-CSS-Parser-5.0.6-1.fc18 php-channel-nrk-1.3-1.fc18 php-pecl-apcu-4.0.1-1.fc18 php-pecl-propro-0.1.0-1.fc18 php-pecl-raphf-0.1.0-1.fc18 python-fsmonitor-0.1-1.fc18 python-py-1.4.15-1.fc18 python-rsa-3.1.1-2.fc18 quiterss-0.13.1-1.fc18 rekonq-2.3.2-1.fc18 ruby-1.9.3.448-31.fc18 springframework-security-3.1.4-1.fc18 tweepy-2.0-1.fc18 vanityhash-1.1-1.fc18 Details about builds: ================================================================================ dpkg-1.16.10-6.fc18 (FEDORA-2013-12120) Package maintenance system for Debian Linux -------------------------------------------------------------------------------- Update Information: add support to logrotate and minor spec enhancements. 8 fixes in rpm .spec -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Sérgio Basto <sergio@xxxxxxxxxx> - 1.16.10-6 - add support to logrotate, by Oron Peled, rhbz #979378 - added some new %doc and debian/copyright, by Oron Peled, rhbz #979378 - rpmlint cleanups, by Oron Peled, rhbz #979378 * Sun Jun 30 2013 Sérgio Basto <sergio@xxxxxxxxxx> - 1.16.10-5 - rhbz #979378 - Obsolete the old dpkg-devel.noarch (replaced by dpkg-dev) (Obsoletes: dpkg-devel < 1.16) - Readd to dpkg-perl: Requires: dpkg = <version>-<release> - Patchset Signed-off-by: Oron Peled - [PATCH 1/4] move dpkg.cfg from /etc to /etc/dpkg - [PATCH 2/4] fix some pkgdatadir, pkgconfdir file locations - [PATCH 3/4] move "dpkg-dev.mo" files to dpkg-perl - [PATCH 4/4] minor fix to dpkg-perl ownerships - move from dpkg to dpkg-dev, rhbz #979378 - dpkg-mergechangelogs and its man-pages - dpkg-buildflags and its man-pages - remove man pages dups, also rhbz #979378 dpkg-architecture.1.gz dpkg-buildflags.1.gz dpkg-buildpackage.1.gz dpkg-checkbuilddeps.1.gz dpkg-distaddfile.1.gz dpkg-genchanges.1.gz dpkg-gencontrol.1.gz dpkg-gensymbols.1.gz dpkg-mergechangelogs.1.gz dpkg-name.1.gz dpkg-parsechangelog.1.gz dpkg-scanpackages.1.gz dpkg-scansources.1.gz dpkg-shlibdeps.1.gz dpkg-source.1.gz dpkg-vendor.1.gz -------------------------------------------------------------------------------- References: [ 1 ] Bug #979378 - Upgrade problem from dpkg* < 1.16 to dpkg* >= 1.16 https://bugzilla.redhat.com/show_bug.cgi?id=979378 -------------------------------------------------------------------------------- ================================================================================ dsqlite-1.1.1-1.fc18 (FEDORA-2013-12133) High level library around SQLite for D language -------------------------------------------------------------------------------- Update Information: Merge 1.1.1 changes and fix typo -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 28 2013 Christophe Burgun <jouty@xxxxxxxxxxxxxxxxx> 1.1.1-1 - Update dsqlite version - Change Source0 Url - Fix prep section with right name - Fix so files * Sun Feb 17 2013 Christophe Burgun <jouty@xxxxxxxxxxxxxxxxx> 1.0-5 - Fix summary and description - Fix -l fr -------------------------------------------------------------------------------- ================================================================================ f1lt-2.1.1-1.fc18 (FEDORA-2013-12107) Unofficial Formula 1 live timing application -------------------------------------------------------------------------------- Update Information: Update to 2.1.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 30 2013 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> 2.1.1-1 - Update to 2.1.1 * Sun Jun 9 2013 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> 2.1.0-1 - Update to 2.1.0 -------------------------------------------------------------------------------- ================================================================================ gegl-0.2.0-11.fc18 (FEDORA-2013-12108) A graph based image processing framework -------------------------------------------------------------------------------- Update Information: This update contains the following changes: * Fix buffer overflow in and add plausibility checks to the ppm-load operation. * Fix multi-lib issue where content of generated documentation could differ between architectures. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Nils Philippsen <nils@xxxxxxxxxx> - 0.2.0-11 - replace lua-5.2 patch by upstream commit - fix buffer overflow in and add plausibility checks to ppm-load op (CVE-2012-4433) - fix multi-lib issue in generated documentation * Wed May 15 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.2.0-10 - rebuild for lua 5.2 - disable check suite (so broken) * Sun Mar 10 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.2.0-9 - rebuild (OpenEXR) * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 0.2.0-7 - rebuild due to "jpeg8-ABI" feature drop * Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 0.2.0-6 - rebuild against new libjpeg * Fri Oct 19 2012 Nils Philippsen <nils@xxxxxxxxxx> - 0.2.0-5 - don't catch "make check" errors but skip known problematic tests * Fri Oct 19 2012 Nils Philippsen <nils@xxxxxxxxxx> - 0.2.0-4 - don't require lensfun-devel for building without workshop ops * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #856300 - CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers https://bugzilla.redhat.com/show_bug.cgi?id=856300 -------------------------------------------------------------------------------- ================================================================================ ladvd-1.0.4-3.fc18 (FEDORA-2013-12137) CDP/LLDP sender for UNIX -------------------------------------------------------------------------------- Update Information: Fixes SELinux AVC about /etc/passwd access. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 1.0.4-3 - selinux policy: allow /etc/passwd read ti find out about unpriviledged user (#975959) -------------------------------------------------------------------------------- References: [ 1 ] Bug #975959 - SELinux is preventing /usr/sbin/ladvd from 'read' accesses on the file /etc/passwd. https://bugzilla.redhat.com/show_bug.cgi?id=975959 -------------------------------------------------------------------------------- ================================================================================ lcms2-2.5-1.fc18 (FEDORA-2013-12117) Color Management Engine -------------------------------------------------------------------------------- Update Information: - Update to new upstream version. - Added a reference for Mac MLU tag - Added a way to read the profile creator from header - Added error descriptions on cmsSmoothToneCurve - Added identity curves support for write V2 LUT - Added new cmsPlugInTHR() and fixed some race conditions - Added TIFF Lab16 handling on tifficc - Fixed a bug on big endian platforms not supporting uint64 or long long. - Fixed a multithead bug on optimization - Fixed devicelink generation for 8 bits - Fixed some 64 bit warnings on size_t to uint32 conversions - Rendering intent used when creating the transform is now propagated to profile - RGB profiles store only one copy of the curve to save space - Transform2Devicelink now keeps white point when guessing deviceclass is enabled - Update black point detection algorithm to reflect ICC changes - User defined parametric curves can now be saved in ICC profiles -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Richard Hughes <richard@xxxxxxxxxxx> 2.5-1 - Update to new upstream version. - Added a reference for Mac MLU tag - Added a way to read the profile creator from header - Added error descriptions on cmsSmoothToneCurve - Added identity curves support for write V2 LUT - Added new cmsPlugInTHR() and fixed some race conditions - Added TIFF Lab16 handling on tifficc - Fixed a bug on big endian platforms not supporting uint64 or long long. - Fixed a multithead bug on optimization - Fixed devicelink generation for 8 bits - Fixed some 64 bit warnings on size_t to uint32 conversions - Rendering intent used when creating the transform is now propagated to profile - RGB profiles store only one copy of the curve to save space - Transform2Devicelink now keeps white point when guessing deviceclass is enabled - Update black point detection algorithm to reflect ICC changes - User defined parametric curves can now be saved in ICC profiles -------------------------------------------------------------------------------- ================================================================================ mate-file-archiver-1.6.0-2.fc18 (FEDORA-2013-12068) MATE Desktop file archiver -------------------------------------------------------------------------------- Update Information: - https://github.com/mate-desktop/mate-file-archiver/issues/19, - fix add folder to an existing archive -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 30 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.0-2 - https://github.com/mate-desktop/mate-file-archiver/issues/19, - fix add folder to existing archive - remove BR gsettings-desktop-schemas - remove BR glib2-devel - remove needless gsettings convert file -------------------------------------------------------------------------------- ================================================================================ mate-file-manager-1.6.1-9.fc18 (FEDORA-2013-12090) File manager for MATE -------------------------------------------------------------------------------- Update Information: - set autostart to false in caja-autostart, fix rhbz #969663 - add mate-file-manager_fix-radio-buttons.patch to fix rhbz #964357 - fix single-click 'behavior' for open files and folders - add AutostartCondition to caja-autostart.desktop -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-9 - set autostart to false in caja-autostart, fix rhbz #969663 - and #978598 * Sun Jun 30 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-8 - add mate-file-manager_fix-radio-buttons.patch to fix rhbz #964357 - clean up BR's - add runtime require hicolor-icon-theme - revert 1.6.1-7 changes * Thu Jun 20 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.6.1-7 - Try caja without the autostart file (886029) -------------------------------------------------------------------------------- References: [ 1 ] Bug #978598 - High CPU usage with MATE desktop https://bugzilla.redhat.com/show_bug.cgi?id=978598 -------------------------------------------------------------------------------- ================================================================================ maven-javadoc-plugin-2.9.1-1.fc18.1 (FEDORA-2013-12132) Maven Javadoc Plugin -------------------------------------------------------------------------------- Update Information: Update to latest upstream, fixes rhbz #979577, works around CVE-2013-1571 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 30 2013 Mat Booth <fedora@xxxxxxxxxxxxxx> - 2.9.1-1.1 - Fix build deps for F18 * Sun Jun 30 2013 Mat Booth <fedora@xxxxxxxxxxxxxx> - 2.9.1-1 - Update to latest upstream, fixes rhbz #979577, works around CVE-2013-1571 - Remove dep on jakarta-commons-httpclient * Wed Apr 10 2013 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.9-6 - Remove test dependencies from POM * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Feb 6 2013 Java SIG <java-devel@xxxxxxxxxxxxxxxxxxxxxxx> - 2.9-4 - Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild - Replace maven BuildRequires with maven-local * Tue Jan 8 2013 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.9-3 - Add missing requires - Resolves: rhbz#893166 * Mon Nov 26 2012 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 2.9-2 - Add LICENSE and NOTICE files to packages (#879605) - Add dependency exclusion to make enforcer happy -------------------------------------------------------------------------------- References: [ 1 ] Bug #979577 - maven-javadoc-plugin-2.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=979577 -------------------------------------------------------------------------------- ================================================================================ mingw-glew-1.9.0-5.fc18 (FEDORA-2013-12084) MinGW Windows GLEW library -------------------------------------------------------------------------------- Update Information: Rebuild with fix for FTBFS on i686 hosts. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 30 2013 Sandro Mani <manisandro@xxxxxxxxx> - 1.9.0-5 - Don't strip glew.exe visualinfo.exe on install -------------------------------------------------------------------------------- ================================================================================ openlmi-providers-0.0.25-2.fc18 (FEDORA-2013-12109) Set of basic CIM providers -------------------------------------------------------------------------------- Update Information: Again add registration of 05_LMI_Qualifiers.mof -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 28 2013 Roman Rakus <rrakus@xxxxxxxxxx> - 0.0.25-2 - Againg add registration of 05_LMI_Qualifiers.mof -------------------------------------------------------------------------------- References: [ 1 ] Bug #973233 - sfcbd process SEGV on openlmi lmiusers request https://bugzilla.redhat.com/show_bug.cgi?id=973233 -------------------------------------------------------------------------------- ================================================================================ php-PHP-CSS-Parser-5.0.6-1.fc18 (FEDORA-2013-12119) A Parser for CSS Files -------------------------------------------------------------------------------- Update Information: PHP CSS Parser: a Parser for CSS Files written in PHP. Allows extraction of CSS files into a data structure, manipulation of said structure and output as (optimized) CSS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #969436 - Review Request: php-PHP-CSS-Parser - A Parser for CSS Files https://bugzilla.redhat.com/show_bug.cgi?id=969436 -------------------------------------------------------------------------------- ================================================================================ php-channel-nrk-1.3-1.fc18 (FEDORA-2013-12088) Adds pear.nrk.io channel to PEAR -------------------------------------------------------------------------------- Update Information: This package adds the pear.nrk.io channel which allows PEAR packages from this channel to be installed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #970927 - Review Request: php-channel-nrk - Adds pear.nrk.io channel to PEAR https://bugzilla.redhat.com/show_bug.cgi?id=970927 -------------------------------------------------------------------------------- ================================================================================ php-pecl-apcu-4.0.1-1.fc18 (FEDORA-2013-12102) APC User Cache -------------------------------------------------------------------------------- Update Information: APCu is userland caching: APC stripped of opcode caching in preparation for the deployment of Zend OPcache as the primary solution to opcode caching in future versions of PHP. APCu has a revised and simplified codebase, by the time the PECL release is available, every part of APCu being used will have received review and where necessary or appropriate, changes. Simplifying and documenting the API of APCu completely removes the barrier to maintenance and development of APCu in the future, and additionally allows us to make optimizations not possible previously because of APC's inherent complexity. APCu only supports userland caching (and dumping) of variables, providing an upgrade path for the future. When O+ takes over, many will be tempted to use 3rd party solutions to userland caching, possibly even distributed solutions; this would be a grave error. The tried and tested APC codebase provides far superior support for local storage of PHP variables. -------------------------------------------------------------------------------- References: [ 1 ] Bug #928196 - Review Request: php-pecl-apcu - APC User Cache https://bugzilla.redhat.com/show_bug.cgi?id=928196 -------------------------------------------------------------------------------- ================================================================================ php-pecl-propro-0.1.0-1.fc18 (FEDORA-2013-12114) Property proxy -------------------------------------------------------------------------------- Update Information: A reusable split-off of pecl_http's property proxy API. -------------------------------------------------------------------------------- References: [ 1 ] Bug #974818 - Review Request: php-pecl-propro - Property proxy https://bugzilla.redhat.com/show_bug.cgi?id=974818 -------------------------------------------------------------------------------- ================================================================================ php-pecl-raphf-0.1.0-1.fc18 (FEDORA-2013-12087) Resource and persistent handles factory -------------------------------------------------------------------------------- Update Information: A reusable split-off of pecl_http's persistent handle and resource factory API. -------------------------------------------------------------------------------- References: [ 1 ] Bug #974819 - Review Request: php-pecl-raphf - Resource and persistent handles factory https://bugzilla.redhat.com/show_bug.cgi?id=974819 -------------------------------------------------------------------------------- ================================================================================ python-fsmonitor-0.1-1.fc18 (FEDORA-2013-12081) Filesystem Monitoring for Python -------------------------------------------------------------------------------- Update Information: python-fsmonitor 0.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #979847 - python-fsmonitor - Filesystem Monitoring for Python https://bugzilla.redhat.com/show_bug.cgi?id=979847 -------------------------------------------------------------------------------- ================================================================================ python-py-1.4.15-1.fc18 (FEDORA-2013-12100) Library with cross-python path, ini-parsing, io, code, log facilities -------------------------------------------------------------------------------- Update Information: Update to the latest stable version. >From the upstream changelog: * majorly speed up some common calling patterns with LocalPath.listdir()/join/check/stat functions considerably. * fix an edge case with fnmatch where a glob style pattern appeared in an absolute path. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 30 2013 Thomas Moschny <thomas.moschny@xxxxxx> - 1.4.15-1 - Update to 1.4.15. - Disable failing Subversion checks for now. * Wed Jun 12 2013 Thomas Moschny <thomas.moschny@xxxxxx> - 1.4.14-2 - Use python-sphinx for rhel > 6 (rhbz#973321). - Update URL. - Fix changelog entry with an incorrect date (rhbz#973325). -------------------------------------------------------------------------------- ================================================================================ python-rsa-3.1.1-2.fc18 (FEDORA-2013-12074) Pure-Python RSA implementation -------------------------------------------------------------------------------- Update Information: python-rsa 3.1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #965095 - python-rsa - Pure-Python RSA implementation https://bugzilla.redhat.com/show_bug.cgi?id=965095 -------------------------------------------------------------------------------- ================================================================================ quiterss-0.13.1-1.fc18 (FEDORA-2013-12116) RSS/Atom aggregator -------------------------------------------------------------------------------- Update Information: Version bump. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 TI_Eugene <ti.eugene@xxxxxxxxx> - 0.13.1-1 - Version bump -------------------------------------------------------------------------------- ================================================================================ rekonq-2.3.2-1.fc18 (FEDORA-2013-12130) KDE browser based on QtWebkit -------------------------------------------------------------------------------- Update Information: Rekonq 2.3.2 release -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Jan Grulich <jgrulich@xxxxxxxxxx> 2.3.2-1 - 2.3.2 -------------------------------------------------------------------------------- ================================================================================ ruby-1.9.3.448-31.fc18 (FEDORA-2013-12123) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information: A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority. This vulnerability has been assigned the CVE identifier CVE-2013-4073. This new update should solve this issue. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.9.3.448-31 - Update to 1.9.3 p448 - Fix hostname check bypassing vulnerability in SSL client (CVE-2013-4073) -------------------------------------------------------------------------------- References: [ 1 ] Bug #979295 - ruby: CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=979295 -------------------------------------------------------------------------------- ================================================================================ springframework-security-3.1.4-1.fc18 (FEDORA-2013-12071) Modular Java/J2EE application security framework -------------------------------------------------------------------------------- Update Information: Initial import (#882477). -------------------------------------------------------------------------------- References: [ 1 ] Bug #882477 - Review Request: springframework-security - Modular Java/J2EE application security framework https://bugzilla.redhat.com/show_bug.cgi?id=882477 -------------------------------------------------------------------------------- ================================================================================ tweepy-2.0-1.fc18 (FEDORA-2013-12093) Twitter library for python -------------------------------------------------------------------------------- Update Information: Update tweepy to version 2.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 28 2013 rtnpro <rtnpro@xxxxxxxxx> 2.0-1 - Update to tweepy v2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #675104 - Review Request: tweepy - Twitter library for python https://bugzilla.redhat.com/show_bug.cgi?id=675104 -------------------------------------------------------------------------------- ================================================================================ vanityhash-1.1-1.fc18 (FEDORA-2013-12096) Hexadecimal hash fragment creation tool -------------------------------------------------------------------------------- Update Information: Hexadecimal hash fragment creation tool. -------------------------------------------------------------------------------- References: [ 1 ] Bug #979370 - Review Request: vanityhash - Hexadecimal hash fragment creation tool https://bugzilla.redhat.com/show_bug.cgi?id=979370 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test