The following Fedora 18 Security updates need testing: Age URL 188 https://admin.fedoraproject.org/updates/FEDORA-2013-0416/fedora-business-cards-1-0.1.beta1.fc18 122 https://admin.fedoraproject.org/updates/FEDORA-2013-3935/puppet-3.1.1-1.fc18 115 https://admin.fedoraproject.org/updates/FEDORA-2013-4243/stunnel-4.55-1.fc18 102 https://admin.fedoraproject.org/updates/FEDORA-2013-4823/microcode_ctl-2.0-3.fc18 87 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 41 https://admin.fedoraproject.org/updates/FEDORA-2013-9962/subversion-1.7.10-1.fc18 22 https://admin.fedoraproject.org/updates/FEDORA-2013-10713/openstack-keystone-2012.2.4-5.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-12193/lldpad-0.9.45-4.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-12653/file-roller-3.6.4-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-12711/seamonkey-2.19-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-12960/openjpa-2.2.0-3.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-11780/nodejs-callsite-1.0.0-2.fc18,nodejs-inherits1-1.0.0-11.fc18,nodejs-cmd-shim-1.1.0-3.fc18,nodejs-editor-0.0.4-2.fc18,nodejs-child-process-close-0.1.1-2.fc18,nodejs-npm-user-validate-0.0.3-1.fc18,nodejs-better-assert-1.0.0-2.fc18,nodejs-normalize-package-data-0.2.0-1.fc18,nodejs-github-url-from-git-1.1.1-2.fc18,nodejs-ctype-0.5.3-3.fc18,nodejs-asn1-0.1.11-3.fc18,nodejs-http-signature-0.10.0-3.fc18,nodejs-ansi-0.2.0-1.fc18,nodejs-aws-sign-0.3.0-1.fc18,nodejs-boom-0.4.2-2.fc18,nodejs-config-chain-1.1.7-1.fc18,nodejs-cookie-jar-0.3.0-1.fc18,nodejs-couch-login-0.1.17-1.fc18,nodejs-cryptiles-0.2.1-1.fc18,nodejs-forever-agent-0.5.0-1.fc18,nodejs-form-data-0.0.10-1.fc18,nodejs-fstream-ignore-0.0.7-1.fc18,nodejs-fstream-npm-0.1.5-1.fc18,nodejs-hawk-0.15.0-1.fc18,nodejs-hoek-0.9.1-1.fc18,nodejs-inherits-2.0.0-3.fc18,nodejs-init-package-json-0.0.10-1.fc18,nodejs-json-stringify-safe-5.0.0-1.fc18,nodejs-npmconf-0.1.1-1.fc18,nodejs-oauth-sign-0.3.0-1.fc18,nodejs-read-installed-0.2.2-1.fc18,nodejs-read-package-json-1.1.0-2.fc18,nodejs-request-2.21.0-1.fc18,nodejs-rimraf-2.2.0-1.fc18,nodejs-slide-1.1.4-1.fc18,nodejs-sntp-0.2.4-1.fc18,nodejs-tunnel-agent-0.3.0-1.fc18,npm-1.3.3-1.fc18,nodejs-tap-0.4.1-6.fc18,nodejs-vows-0.7.0-6.fc18,nodejs-fstream-0.1.23-1.fc18,nodejs-glob-3.2.3-1.fc18,nodejs-graceful-fs-2.0.0-2.fc18,node-gyp-0.10.6-1.fc18,nodejs-lockfile-0.4.0-1.fc18,nodejs-npm-registry-client-0.2.27-1.fc18,nodejs-semver-2.0.10-1.fc18,nodejs-sha-1.0.1-4.fc18,nodejs-npmlog-0.0.4-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-12315/php-5.4.17-2.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13019/libzrtpcpp-2.3.4-1.fc18,ortp-0.20.0-5.fc18,twinkle-1.4.2-19.fc18.1 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 156 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 36 https://admin.fedoraproject.org/updates/FEDORA-2013-10428/NetworkManager-0.9.8.2-1.fc18,network-manager-applet-0.9.8.2-1.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-12193/lldpad-0.9.45-4.fc18 10 https://admin.fedoraproject.org/updates/FEDORA-2013-12374/ppp-2.4.5-30.fc18 10 https://admin.fedoraproject.org/updates/FEDORA-2013-12352/lxpanel-0.5.12-3.fc18 9 https://admin.fedoraproject.org/updates/FEDORA-2013-12449/fuse-2.9.3-1.fc18 9 https://admin.fedoraproject.org/updates/FEDORA-2013-12445/exo-0.10.2-5.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-12570/strigi-0.7.8-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-12897/pam-1.1.6-4.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-12922/device-mapper-persistent-data-0.2.1-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-12915/sane-backends-1.0.23-13.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-12979/squashfs-tools-4.3-0.18.gitaae0aff4.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-12987/kernel-3.9.10-200.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13016/opus-1.0.3-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13024/emacs-24.2-20.fc18 The following builds have been pushed to Fedora 18 updates-testing cacti-0.8.8a-8.fc18 condor-8.1.0-0.2.fc18 emacs-24.2-20.fc18 jpanoramamaker-5.5-0.fc18 labyrinth-0.6-1.fc18 librime-0.9.8-3.fc18 libzrtpcpp-2.3.4-1.fc18 nomacs-1.4.0-1.fc18 openscap-0.9.10-1.fc18 opus-1.0.3-1.fc18 ortp-0.20.0-5.fc18 perl-File-Find-Object-Rule-0.0303-1.fc18 perl-qpid-0.22-3.fc18 php-pecl-zendopcache-7.0.2-2.fc18 quotatool-1.6.2-1.fc18 rubygem-qpid_messaging-0.22.0-2.fc18 tomcat-7.0.42-1.fc18 twinkle-1.4.2-19.fc18.1 wget-1.14-5.fc18 Details about builds: ================================================================================ cacti-0.8.8a-8.fc18 (FEDORA-2013-13026) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: * Remove non-free Javascript files and use a Free jQuery implementation instead. * Move "README.cacti" to "README.fedora". * Improve httpd configuration guidance (cacti.conf). * Adjust package requirements so cacti will now pull in net-snmp-utils. -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 14 2013 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 0.8.8a-8 - Improve security description in cacti's httpd conf (RHBZ #895823) - Use improved treeview replacement patch (RHBZ #888207) - rpmlint fixes - trim RPM changelog * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.8a-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Jan 8 2013 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 0.8.8a-6 - Add note to README.fedora about the default MySQL password - Remove reference to "docs/INSTALL" in README.fedora (RHBZ #893122) - Add dependency on net-snmp-utils (RHBZ #893150) * Fri Jan 4 2013 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 0.8.8a-5 - Install our README file as README.fedora * Fri Jan 4 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.8.8a-4 - remove non-free treeview bits (replace with jquery future code from 0.8.9 trunk) -------------------------------------------------------------------------------- References: [ 1 ] Bug #893122 - documentation file: README.cacti points to missing file: docs/INSTALL https://bugzilla.redhat.com/show_bug.cgi?id=893122 [ 2 ] Bug #888207 - Cacti included non-free Java Scripts files. https://bugzilla.redhat.com/show_bug.cgi?id=888207 [ 3 ] Bug #893150 - missing Requires: net-snmp-utils https://bugzilla.redhat.com/show_bug.cgi?id=893150 [ 4 ] Bug #895823 - [RFE] improve httpd config guidance https://bugzilla.redhat.com/show_bug.cgi?id=895823 -------------------------------------------------------------------------------- ================================================================================ condor-8.1.0-0.2.fc18 (FEDORA-2013-13036) Condor: High Throughput Computing -------------------------------------------------------------------------------- Update Information: Update and minor fixes around init scripts Updated build dependencies. -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 22 2013 <tstclair@xxxxxxxxxx> - 8.1.0-0.2 - Fix for aviary hadoop field swap * Wed Jun 19 2013 <tstclair@xxxxxxxxxx> - 8.1.0-0.1 - Update to latest uw/master * Fri Mar 15 2013 <tstclair@xxxxxxxxxx> - 7.9.5-0.2 - Update build dependencies * Thu Feb 28 2013 <tstclair@xxxxxxxxxx> - 7.9.5-0.1 - Fast forward to 7.9.5 pre-release * Thu Feb 14 2013 Brian Bockelman <bbockelm@xxxxxxxxxxx> - 7.9.5-0.1.4e2a2ef.git - Re-sync with master. - Use upstream python bindings. * Sun Feb 10 2013 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> - 7.9.1-0.1.5 - Rebuild for Boost-1.53.0 * Sat Feb 9 2013 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> - 7.9.1-0.1.4 - Rebuild for Boost-1.53.0 * Sat Feb 2 2013 Brian Bockelman <bbockelm@xxxxxxxxxxx> - 7.9.4-0.4.d028b17.git - Re-sync with master. * Wed Jan 2 2013 Brian Bockelman <bbockelm@xxxxxxxxxxx> - 7.9.4-0.1.dce3324.git - Add support for python bindings. * Thu Dec 6 2012 Brian Bockelman <bbockelm@xxxxxxxxxxx> - 7.9.3-0.6.ce12f50.git - Fix compile for CREAM. * Thu Dec 6 2012 Brian Bockelman <bbockelm@xxxxxxxxxxx> - 7.9.3-0.5.ce12f50.git - Merge code which has improved blahp file cleanup. * Tue Oct 30 2012 Brian Bockelman <bbockelm@xxxxxxxxxxx> - 7.9.2-0.2.b714b0e.git - Re-up to the latest master. - Add support for syslog. * Thu Oct 11 2012 Brian Bockelman <bbockelm@xxxxxxxxxxx> - 7.9.1-0.14.b135441.git - Re-up to the latest master. - Split out a separate package for BOSCO. * Tue Sep 25 2012 Brian Bockelman <bbockelm@xxxxxxxxxxx> - 7.9.1-0.13.c7df613.git - Rebuild to re-enable blahp. * Mon Sep 24 2012 Brian Bockelman <bbockelm@xxxxxxxxxxx> - 7.9.1-0.12.c7df613.git - Update to capture the latest security fixes. - CGAHP scalability fixes have been upstreamed. -------------------------------------------------------------------------------- ================================================================================ emacs-24.2-20.fc18 (FEDORA-2013-13024) GNU Emacs text editor -------------------------------------------------------------------------------- Update Information: This is a working fix for bug 970924 (the rpm-goto-add-change-log-entry command). -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 14 2013 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 1:24.2-20 - Really fix #970924 -------------------------------------------------------------------------------- References: [ 1 ] Bug #970924 - rpm-goto-add-change-log-entry is not working as expected https://bugzilla.redhat.com/show_bug.cgi?id=970924 -------------------------------------------------------------------------------- ================================================================================ jpanoramamaker-5.5-0.fc18 (FEDORA-2013-13032) Tool for stitching photos to panorama in linear curved space -------------------------------------------------------------------------------- Update Information: Udpated to altest upstream Minor fixes: - fixed classpath - fixed loading of more then 9 files in time -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 15 2013 Jiri Vanek <jvanek@xxxxxxxxxx> - 5.5-0 - folowing changes in jutils, version for classpath setup fixed - unlimited number of arguments now supported upstreamed -------------------------------------------------------------------------------- ================================================================================ labyrinth-0.6-1.fc18 (FEDORA-2013-12993) A light weight mind mapping tool -------------------------------------------------------------------------------- Update Information: Un-retired package! -------------------------------------------------------------------------------- References: [ 1 ] Bug #982255 - Re-Review Request: labyrinth - A light weight mind mapping tool https://bugzilla.redhat.com/show_bug.cgi?id=982255 -------------------------------------------------------------------------------- ================================================================================ librime-0.9.8-3.fc18 (FEDORA-2013-13008) Rime Input Method Engine Library -------------------------------------------------------------------------------- Update Information: Fixes arm build -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 15 2013 Peng Wu <pwu@xxxxxxxxxx> - 0.9.8-3 - Fixes arm build -------------------------------------------------------------------------------- ================================================================================ libzrtpcpp-2.3.4-1.fc18 (FEDORA-2013-13019) ZRTP support library for the GNU ccRTP stack -------------------------------------------------------------------------------- Update Information: Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 3 2013 Kevin Fenzi <kevin@xxxxxxxxx> 2.3.4-1 - Update to 2.3.4 - Fixes CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Nov 21 2012 Kevin Fenzi <kevin@xxxxxxxxx> 2.3.2-1 - Update to 2.3.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #980904 - CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 libzrtpcpp various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=980904 -------------------------------------------------------------------------------- ================================================================================ nomacs-1.4.0-1.fc18 (FEDORA-2013-13023) Lightweight image viewer -------------------------------------------------------------------------------- Update Information: Version bump. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 15 2013 TI_Eugene <ti.eugene@xxxxxxxxx> 1.4.0-1 - Version bump. - BR libtiff-devel added -------------------------------------------------------------------------------- ================================================================================ openscap-0.9.10-1.fc18 (FEDORA-2013-13013) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: This is a new openscap release, see https://git.fedorahosted.org/cgit/openscap.git/tree/NEWS?id=91a5412b314219bc3d85a7f812a86acb8b0996f0 -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 15 2013 Petr Lautrbach <plautrba@xxxxxxxxxx> 0.9.10-1 - upgrade -------------------------------------------------------------------------------- ================================================================================ opus-1.0.3-1.fc18 (FEDORA-2013-13016) An audio codec for use in low-delay speech and audio communication -------------------------------------------------------------------------------- Update Information: Opus 1.0.3 includes a backport of the new 1.1 surround API. Aside from that, it includes fixes for a few minor glitches during mode switching, some minor fixed-point fixes, and fixes a regression in the FEC code introduced in 1.0.2. -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 14 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.0.3-1 - 1.0.3 release * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jan 10 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.0.2-2 - Enable extra custom modes API -------------------------------------------------------------------------------- ================================================================================ ortp-0.20.0-5.fc18 (FEDORA-2013-13019) A C library implementing the RTP protocol (RFC3550) -------------------------------------------------------------------------------- Update Information: Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 23 2013 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1:0.20.0-5 - autoreconf in %prep (#926292) * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:0.20.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #980904 - CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 libzrtpcpp various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=980904 -------------------------------------------------------------------------------- ================================================================================ perl-File-Find-Object-Rule-0.0303-1.fc18 (FEDORA-2013-13031) Alternative interface to File::Find::Object -------------------------------------------------------------------------------- Update Information: New RPM. -------------------------------------------------------------------------------- References: [ 1 ] Bug #979674 - Review Request: perl-File-Find-Object-Rule - Alternative interface to File::Find::Object https://bugzilla.redhat.com/show_bug.cgi?id=979674 -------------------------------------------------------------------------------- ================================================================================ perl-qpid-0.22-3.fc18 (FEDORA-2013-13004) Perl bindings for the Qpid messaging framework -------------------------------------------------------------------------------- Update Information: Fixed dependencies on shared libraries from qpid-cpp. Makefile.PL generates the Swig bindings. QPID-4939 -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 15 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.22-3 - Updated build to fix dependency issues on qpid-cpp. * Tue Jun 25 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.22-2 - Perl Makefile.PL now generates the Swig bindings source. - Resolves: QPID-4939 -------------------------------------------------------------------------------- ================================================================================ php-pecl-zendopcache-7.0.2-2.fc18 (FEDORA-2013-13017) The Zend OPcache -------------------------------------------------------------------------------- Update Information: Fix ZTS configuration: the /etc/php-zts.d/opcache now have opcache.blacklist_filename=/etc/php-zts.d/opcache*.blacklist and /etc/php-zts.d/opcache-default.blacklist is provided -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 15 2013 Remi Collet <rcollet@xxxxxxxxxx> - 7.0.2-2 - fix ZTS configuration - Adapt for SCL -------------------------------------------------------------------------------- ================================================================================ quotatool-1.6.2-1.fc18 (FEDORA-2013-13009) Command-line utility for filesystem quotas -------------------------------------------------------------------------------- Update Information: New RPM. -------------------------------------------------------------------------------- References: [ 1 ] Bug #981839 - Review Request: quotatool - Command-line utility for filesystem quotas https://bugzilla.redhat.com/show_bug.cgi?id=981839 -------------------------------------------------------------------------------- ================================================================================ rubygem-qpid_messaging-0.22.0-2.fc18 (FEDORA-2013-13042) Ruby bindings for the Qpid messaging framework -------------------------------------------------------------------------------- Update Information: Fixed the dependency on shared libraries in qpid-cpp. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 15 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.22-2 - Updated build to fix dependency issues on qpid-cpp. -------------------------------------------------------------------------------- ================================================================================ tomcat-7.0.42-1.fc18 (FEDORA-2013-12996) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API -------------------------------------------------------------------------------- Update Information: update to 7.0.42 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 11 2013 Dmitry Tikhonov <squall.sama@xxxxxxxxx> 0:7.0.42-1 - Updated to 7.0.42 -------------------------------------------------------------------------------- References: [ 1 ] Bug #973077 - tomcat-7.0.42 is available https://bugzilla.redhat.com/show_bug.cgi?id=973077 -------------------------------------------------------------------------------- ================================================================================ twinkle-1.4.2-19.fc18.1 (FEDORA-2013-13019) A SIP Soft Phone -------------------------------------------------------------------------------- Update Information: Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223. -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 14 2013 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1.4.2-19.1 - Rebuild for libzrtpcpp (#980904) -------------------------------------------------------------------------------- References: [ 1 ] Bug #980904 - CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 libzrtpcpp various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=980904 -------------------------------------------------------------------------------- ================================================================================ wget-1.14-5.fc18 (FEDORA-2013-13011) A utility for retrieving files using the HTTP or FTP protocols -------------------------------------------------------------------------------- Update Information: - Fix several bugs -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Tomas Hozza <thozza@xxxxxxxxxx> - 1.14-5 - Fix deadcode and possible use of NULL in vprintf (#913153) - Add documentation for --regex-type and --preserve-permissions - Fix --preserve-permissions to work as documented (and expected) - Fix bug when authenticating using user:password@url syntax (#912358) * Wed Jul 10 2013 Tomas Hozza <thozza@xxxxxxxxxx> - 1.14-4 - Fix double free of iri->orig_url (#981778) -------------------------------------------------------------------------------- References: [ 1 ] Bug #981778 - *** glibc detected *** wget: double free or corruption (!prev): 0x0979df90 *** https://bugzilla.redhat.com/show_bug.cgi?id=981778 [ 2 ] Bug #912358 - wget syntax to login to protected site using http://username:password@server/ stopped working https://bugzilla.redhat.com/show_bug.cgi?id=912358 [ 3 ] Bug #913153 - [abrt] wget-1.14-3.fc18: _IO_vfprintf_internal: Process /usr/bin/wget was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=913153 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test