The following Fedora 17 Security updates need testing: Age URL 377 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17 189 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17 117 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 112 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17 109 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17 42 https://admin.fedoraproject.org/updates/FEDORA-2013-10121/subversion-1.7.10-1.fc17 32 https://admin.fedoraproject.org/updates/FEDORA-2013-10940/tomcat6-6.0.37-1.fc17 24 https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17 7 https://admin.fedoraproject.org/updates/FEDORA-2013-12745/seamonkey-2.19-1.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-12354/php-5.4.17-2.fc17 4 https://admin.fedoraproject.org/updates/FEDORA-2013-12967/openjpa-2.2.0-3.fc17 2 https://admin.fedoraproject.org/updates/FEDORA-2013-13018/libzrtpcpp-2.3.4-1.fc17,ortp-0.20.0-5.fc17,twinkle-1.4.2-19.fc17.1 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13180/icu-4.8.1.1-6.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13202/fdupes-1.51-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13213/python-pip-1.3.1-4.fc17 The following Fedora 17 Critical Path updates have yet to be approved: Age URL 137 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-13129/livecd-tools-17.18-1.fc17 1 https://admin.fedoraproject.org/updates/FEDORA-2013-13082/selinux-policy-3.10.0-171.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13149/qtwebkit-2.3.2-1.fc17 The following builds have been pushed to Fedora 17 updates-testing fdupes-1.51-1.fc17 icu-4.8.1.1-6.fc17 java-dirq-1.4-1.fc17 libstoragemgmt-0.0.21-1.fc17 python-pip-1.3.1-4.fc17 qtwebkit-2.3.2-1.fc17 Details about builds: ================================================================================ fdupes-1.51-1.fc17 (FEDORA-2013-13202) Finds duplicate files in a given set of directories -------------------------------------------------------------------------------- Update Information: Upstream * Added support for 64-bit file offsets on 32-bit systems. * Using tty for interactive input instead of regular stdin. This is to allow feeding filenames via stdin in future versions of fdupes without breaking interactive deletion feature. * Fixed some typos in --help. * Turned C++ style comments into C style comments. * Update to latest upstream release. Package * Added patch to fix security bugs BZ#865591 & 865592. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 16 2013 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.51-1 - Update to latest upstream release. - Fixes security bugs BZ#865591 & 865592. * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.50-0.7.PR2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.50-0.6.PR2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #865591 - fdupes: possible file linking of files with different owner/group/permissions https://bugzilla.redhat.com/show_bug.cgi?id=865591 -------------------------------------------------------------------------------- ================================================================================ icu-4.8.1.1-6.fc17 (FEDORA-2013-13180) International Components for Unicode -------------------------------------------------------------------------------- Update Information: Resolves various flaws in Layout Engine font processing. Supports aarch64 as 64-bit platform in icu-config.sh wrapper. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 17 2013 Eike Rathke <erack@xxxxxxxxxx> - 4.8.1.1-6 - Resolves: rhbz#966141 various flaws in Layout Engine font processing - Resolves: rhbz#966077 aarch64 support for icu-config.sh wrapper -------------------------------------------------------------------------------- References: [ 1 ] Bug #952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031) https://bugzilla.redhat.com/show_bug.cgi?id=952656 [ 2 ] Bug #952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986) https://bugzilla.redhat.com/show_bug.cgi?id=952708 [ 3 ] Bug #952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987) https://bugzilla.redhat.com/show_bug.cgi?id=952709 [ 4 ] Bug #952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994) https://bugzilla.redhat.com/show_bug.cgi?id=952711 -------------------------------------------------------------------------------- ================================================================================ java-dirq-1.4-1.fc17 (FEDORA-2013-13219) Directory based queue -------------------------------------------------------------------------------- Update Information: Update to upstream version. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 16 2013 Massimo Paladin <massimo.paladin@xxxxxxxxx> - 1.4-1 - Updating to latest version. -------------------------------------------------------------------------------- ================================================================================ libstoragemgmt-0.0.21-1.fc17 (FEDORA-2013-13153) Storage array management library -------------------------------------------------------------------------------- Update Information: New upstream release. New upstream release. Upstream update. Upstream update. New upstream release. Upstream update. Upstream update. New upstream release. Upstream update. Upstream update. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 16 2013 Tony Asleson <tasleson@xxxxxxxxxx> 0.0.21-1 - New upstream release - Put plug-ins in separate sub packages - Don't include IBM plug-in on RHEL > 6, missing paramiko * Tue May 28 2013 Tony Asleson <tasleson@xxxxxxxxxx> - 0.0.20-1 - New upstream release - Separate package for python libraries - Make timestamps match on version.py in library - Add python-paramiko requirement for IBM plug-in * Mon Apr 22 2013 Tony Asleson <tasleson@xxxxxxxxxx> - 0.0.19-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ python-pip-1.3.1-4.fc17 (FEDORA-2013-13213) A tool for installing and managing Python packages -------------------------------------------------------------------------------- Update Information: Fix potential DOS with specially crafted malicious SSL certs. Backing out rename of pip binary to fix #958377 and updating package summary to match upstream's description. Backing out rename of pip binary to fix #958377 and updating package summary to match upstream's description. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 16 2013 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.3.1-4 - Fix for CVE 2013-2099 * Thu May 23 2013 Tim Flink <tflink@xxxxxxxxxxxxxxxxx> - 1.3.1-3 - undo python2 executable rename to python-pip. fixes #958377 - fix summary to match upstream * Mon May 6 2013 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 1.3.1-2 - Fix main package Summary, it's for Python 2, not 3 (#877401) -------------------------------------------------------------------------------- References: [ 1 ] Bug #963260 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns https://bugzilla.redhat.com/show_bug.cgi?id=963260 -------------------------------------------------------------------------------- ================================================================================ qtwebkit-2.3.2-1.fc17 (FEDORA-2013-13149) Qt WebKit bindings -------------------------------------------------------------------------------- Update Information: New upstream bugfix release, see also http://blogs.kde.org/2013/07/17/qtwebkit-232-and-qtwebkit-qt-51 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 11 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.3.2-1 - qtwebkit-2.3.2 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
