The following Fedora 18 Security updates need testing: Age URL 186 https://admin.fedoraproject.org/updates/FEDORA-2013-0416/fedora-business-cards-1-0.1.beta1.fc18 120 https://admin.fedoraproject.org/updates/FEDORA-2013-3935/puppet-3.1.1-1.fc18 113 https://admin.fedoraproject.org/updates/FEDORA-2013-4243/stunnel-4.55-1.fc18 100 https://admin.fedoraproject.org/updates/FEDORA-2013-4823/microcode_ctl-2.0-3.fc18 85 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 43 https://admin.fedoraproject.org/updates/FEDORA-2013-9707/livecd-tools-18.16-2.fc18 39 https://admin.fedoraproject.org/updates/FEDORA-2013-9962/subversion-1.7.10-1.fc18 20 https://admin.fedoraproject.org/updates/FEDORA-2013-10713/openstack-keystone-2012.2.4-5.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-12193/lldpad-0.9.45-4.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-12424/gallery3-3.0.9-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-12394/ansible-1.2.2-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-12541/nagstamon-0.9.9-9.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-12653/file-roller-3.6.4-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-12711/seamonkey-2.19-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12960/openjpa-2.2.0-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12315/php-5.4.17-2.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 154 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 35 https://admin.fedoraproject.org/updates/FEDORA-2013-10428/NetworkManager-0.9.8.2-1.fc18,network-manager-applet-0.9.8.2-1.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-11959/procps-ng-3.3.3-6.20120807git.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-12117/lcms2-2.5-1.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-12193/lldpad-0.9.45-4.fc18 10 https://admin.fedoraproject.org/updates/FEDORA-2013-12263/samba-4.0.7-1.fc18,sssd-1.9.5-2.fc18,libtdb-1.2.12-1.fc18,libldb-1.1.16-1.fc18 9 https://admin.fedoraproject.org/updates/FEDORA-2013-12352/lxpanel-0.5.12-3.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-12374/ppp-2.4.5-30.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-12449/fuse-2.9.3-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-12445/exo-0.10.2-5.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-12570/strigi-0.7.8-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-12922/device-mapper-persistent-data-0.2.1-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-12915/sane-backends-1.0.23-13.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-12897/pam-1.1.6-4.fc18 The following builds have been pushed to Fedora 18 updates-testing claws-mail-3.9.2-3.fc18 ghc-utf8-light-0.4.0.1-1.fc18 glusterfs-3.3.2-1.fc18 gogoc-1.2-26.fc18 gogui-1.4.8-1.fc18 moodle-2.3.8-2.fc18 ninja-ide-2.3-1.fc18 nodejs-resolve-0.4.0-2.fc18 nodejs-temporary-0.0.5-1.fc18 openjpa-2.2.0-3.fc18 php-5.4.17-2.fc18 pidgin-sipe-1.16.1-1.fc18 python-doit-0.22.0-1.fc18 Details about builds: ================================================================================ claws-mail-3.9.2-3.fc18 (FEDORA-2013-12949) Email client and news reader based on GTK+ -------------------------------------------------------------------------------- Update Information: Just some bug-fixes: * Claws Mail could crash easily upon creating/editing accounts (bug 981889). * The Fancy HTML mail plugin could crash when using "Save Image As" (bug 979700). * Require pinentry-gtk instead of the virtual pinentry-gui, because pinentry-qt fails silently (bug 981923). * Added a README.Fedora that mentions setting $TMPDIR when using Claws Mail together with Firefox (bug 956380). -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 3.9.2-3 - for Fedora based builds, require pinentry-gtk instead of the virtual pinentry-gui, because pinentry-qt fails silently (#981923) - fix crash in Plugins/Fancy "Save Image As" (#979700) - in %prep section create a README.Fedora %doc file which mentions setting $TMPDIR when using Claws Mail together with Firefox (#956380) * Mon Jul 8 2013 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 3.9.2-2 - fix double-free crash in "Preferences for new account" (#981889) * Mon Jun 17 2013 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 3.9.2-1 - version upgrade -------------------------------------------------------------------------------- References: [ 1 ] Bug #981889 - [abrt] claws-mail-3.9.2-1.fc19: g_malloc: malloc(): smallbin double linked list corrupted https://bugzilla.redhat.com/show_bug.cgi?id=981889 [ 2 ] Bug #979700 - [abrt] claws-mail-3.9.1-2.fc18: gdk_window_set_geometry_hints: Process /usr/bin/claws-mail was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=979700 -------------------------------------------------------------------------------- ================================================================================ ghc-utf8-light-0.4.0.1-1.fc18 (FEDORA-2013-12953) Lightweight UTF8 handling -------------------------------------------------------------------------------- Update Information: New package, ghc-utf8-light. -------------------------------------------------------------------------------- References: [ 1 ] Bug #982185 - Review Request: ghc-utf8-light - Lightweight UTF8 handling https://bugzilla.redhat.com/show_bug.cgi?id=982185 -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.3.2-1.fc18 (FEDORA-2013-12946) Cluster File System -------------------------------------------------------------------------------- Update Information: GlusterFS-3.3.2 GA, glusterfs-3.3.2-1 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.2.2-1 - GlusterFS-3.3.2 GA * Fri Jul 12 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.0-1 - GlusterFS 3.4.0 GA * Mon Jul 8 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.0-0.9.beta4 - add Obsolete: glusterfs-swift where we use openstack-swift - prerelease 3.4.0beta4 for oVirt/vdsm dependencies in Fedora19 * Fri Jul 5 2013 Niels de Vos <devos@xxxxxxxxxxxxxxxxx> - include xlators/mount/api.so in the glusterfs-api package * Wed Jul 3 2013 Niels de Vos <devos@xxxxxxxxxxxxxxxxx> - correct AutoRequires filtering on recent Fedora (#972465) * Fri Jun 28 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.0-0.8.beta4 - prerelease 3.4.0beta4 for oVirt/vdsm dependencies in Fedora19 * Thu Jun 27 2013 Niels de Vos <devos@xxxxxxxxxxxxxxxxx> - correct trimming the ChangeLog, keep the recent messages (#963027) - remove the umount.glusterfs helper (#640620) * Wed Jun 26 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.0-0.7.beta3 - prerelease 3.4.0beta3 for oVirt/vdsm dependencies in Fedora19 - libgfapi and xlator/mount/api dependency fix * Tue Jun 11 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.0-0.6.beta3 - prerelease 3.4.0beta3 for oVirt/vdsm dependencies in Fedora19 * Wed May 29 2013 Niels de Vos <devos@xxxxxxxxxxxxxxxxx> - automatically load the fuse module on EL5 - there is no need to require the unused /usr/bin/fusermount - fix building on EL5 * Mon May 27 2013 Niels de Vos <devos@xxxxxxxxxxxxxxxxx> - include glusterfs-api.pc in the -devel subpackage * Fri May 24 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.0-0.5.beta2 - prerelease 3.4.0beta2 for oVirt/vdsm dependencies in Fedora19 -------------------------------------------------------------------------------- ================================================================================ gogoc-1.2-26.fc18 (FEDORA-2013-12973) IPv6 TSP client for gogo6 -------------------------------------------------------------------------------- Update Information: Adjust output scraping to match current ifconfig -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Juan Orti Alcaine <jorti@xxxxxxxxxxxxxxxxx> - 1.2-26 - Adjust output scraping to match current ifconfig. Closes bug #983052, thanks to Frank Dana * Tue May 28 2013 Juan Orti Alcaine <jorti@xxxxxxxxxxxxxxxxx> - 1.2-25 - Add startup options via environment variable in service unit file -------------------------------------------------------------------------------- References: [ 1 ] Bug #983052 - [PATCH] gogoc linux.sh template scrapes ifconfig output improperly https://bugzilla.redhat.com/show_bug.cgi?id=983052 -------------------------------------------------------------------------------- ================================================================================ gogui-1.4.8-1.fc18 (FEDORA-2013-12978) Graphical user interface to programs that play the board game Go -------------------------------------------------------------------------------- Update Information: Merge 1.4.8 changes -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 11 2013 Christophe Burgun <jouty@xxxxxxxxxxxxxxxxx> 1.4.8-1 - Update gogui version -------------------------------------------------------------------------------- ================================================================================ moodle-2.3.8-2.fc18 (FEDORA-2013-12950) A Course Management System -------------------------------------------------------------------------------- Update Information: Latest upstream release for this branch. Correct unbundling of php-pear-HTML-Quickform. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 2.3.8-2 - Include two non-upstream additions to HTML-Quickform. * Fri Jul 12 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 2.3.8-1 - 2.3.8. -------------------------------------------------------------------------------- ================================================================================ ninja-ide-2.3-1.fc18 (FEDORA-2013-12957) Ninja IDE for Python development -------------------------------------------------------------------------------- Update Information: Update to 2.3 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Nikos Roussos <comzeradd@xxxxxxxxxxxxxxxxx> - 2.3-1 - Update to 2.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #971353 - [abrt] ninja-ide-2.2-1.fc18: preferences.py:1886:showEvent:IOError: [Errno 2] No such file or directory: u'/home/carik/.ninja_ide/addins/theme/Default.qss' https://bugzilla.redhat.com/show_bug.cgi?id=971353 -------------------------------------------------------------------------------- ================================================================================ nodejs-resolve-0.4.0-2.fc18 (FEDORA-2013-12958) Resolve like require.resolve() on behalf of files asynchronously/synchronously -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #977134 - Review Request: nodejs-resolve - Resolve like require.resolve() on behalf of files asynchronously/synchronously https://bugzilla.redhat.com/show_bug.cgi?id=977134 -------------------------------------------------------------------------------- ================================================================================ nodejs-temporary-0.0.5-1.fc18 (FEDORA-2013-12970) An easy way to create temporary files and directories -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #977135 - Review Request: nodejs-temporary - An easy way to create temporary files and directories https://bugzilla.redhat.com/show_bug.cgi?id=977135 -------------------------------------------------------------------------------- ================================================================================ openjpa-2.2.0-3.fc18 (FEDORA-2013-12960) Java Persistence 2.0 API -------------------------------------------------------------------------------- Update Information: fix for CVE-2013-1768 rhbz#984034,984040 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 gil cattaneo <puntogil@xxxxxxxxx> 2.2.0-3 - fix for CVE-2013-1768 rhbz#984034,984040 -------------------------------------------------------------------------------- References: [ 1 ] Bug #984034 - CVE-2013-1768 openjpa: Remote arbitrary code execution by creating a serialized object and leveraging improperly secured server programs https://bugzilla.redhat.com/show_bug.cgi?id=984034 -------------------------------------------------------------------------------- ================================================================================ php-5.4.17-2.fc18 (FEDORA-2013-12315) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 04 Jul 2013, PHP 5.4.17 Core: - Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence) - Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence) - Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence) - Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas, Jonathan Oddy) - Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol) - Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). (Michael M Slusarz) DateTime: - Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol) FPM: - Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi) - Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan) PDO: - Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). (Laruence) PDO_DBlib: - Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). (Stanley Sufficool) - Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley Sufficool) - Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes). (Stanley Sufficool) PDO_firebird: - Fixed bug #64037 (Firebird return wrong value for numeric field). (Matheus Degiovani, Matteo) - Fixed bug #62024 (Cannot insert second row with null using parametrized query). (patch by james@xxxxxxxxxx, Matheus Degiovani, Matteo) PDO_mysql: - Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR). (Antony, Daniel Beardsley) PDO_pgsql: - Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi) pgsql: - Fixed bug #64609 (pg_convert enum type support). (Matteo) Readline: - Implement FR #55694 (Expose additional readline variable to prevent default filename completion). (Hartmel) SPL: - Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems). (Laruence) Backported from 5.4.18 CGI: - Fixed Bug #65143 (Missing php-cgi man page). (Remi) Phar: - Fixed Bug #65142 (Missing phar man page). (Remi) XML: - Fixed bug #65236 (heap corruption in xml parser). CVE-2013-4113 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Remi Collet <rcollet@xxxxxxxxxx> - 5.4.17-2 - add security fix for CVE-2013-4113 - add missing ASL 1.0 license * Wed Jul 3 2013 Remi Collet <rcollet@xxxxxxxxxx> 5.4.17-1 - update to 5.4.17 - add missing man pages (phar, php-cgi) -------------------------------------------------------------------------------- References: [ 1 ] Bug #983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML https://bugzilla.redhat.com/show_bug.cgi?id=983689 -------------------------------------------------------------------------------- ================================================================================ pidgin-sipe-1.16.1-1.fc18 (FEDORA-2013-12951) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information: New upstream release: * fixes call failure when host has multiple IP addresses * fixes buddy list handling after moving to Lync 2013 * fixes crashes in new HTTP stack -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Stefan Becker <chemobejk@xxxxxxxxx> - 1.16.1-1 - update to 1.16.1: bug fix release - fixes call failure when host has multiple IP addresses - fixes buddy list handling after moving to Lync 2013 - fixes crashes in new HTTP stack -------------------------------------------------------------------------------- ================================================================================ python-doit-0.22.0-1.fc18 (FEDORA-2013-12975) Automation Tool -------------------------------------------------------------------------------- Update Information: New stable release with several bugs fixed. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 0.22.0-1 - update to 0.22 - force removal of the distrute_setup.py to use the system version -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
