The following Fedora 18 Security updates need testing: Age URL 154 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 66 https://admin.fedoraproject.org/updates/FEDORA-2013-13131/livecd-tools-18.17-1.fc18 50 https://admin.fedoraproject.org/updates/FEDORA-2013-14005/zabbix-2.0.6-3.fc18 37 https://admin.fedoraproject.org/updates/FEDORA-2013-14794/filezilla-3.7.3-1.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-16587/wireshark-1.10.2-3.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-16381/lightdm-1.4.3-1.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-16810/proftpd-1.3.4d-4.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-16895/wordpress-3.6.1-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17010/kernel-3.10.12-100.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17047/xulrunner-24.0-2.fc18,firefox-24.0-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-16989/nas-1.9.3-4.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17112/hplip-3.13.9-2.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17016/icedtea-web-1.4.1-0.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17203/systemd-201-2.fc18.8 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17197/polkit-0.107-6.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17305/libvirt-0.10.2.8-1.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 223 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-16214/gdb-7.5.1-42.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-16204/sane-backends-1.0.23-18.fc18 10 https://admin.fedoraproject.org/updates/FEDORA-2013-16335/gstreamer1-plugins-bad-free-1.0.10-1.fc18,gstreamer1-plugins-good-1.0.10-1.fc18,gstreamer1-plugins-base-1.0.10-1.fc18,gstreamer1-1.0.10-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-16676/gnome-abrt-0.3.1-1.fc18,abrt-2.1.7-1.fc18,libreport-2.1.7-1.fc18,satyr-0.9-1.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-16816/gdisk-0.8.7-2.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17047/xulrunner-24.0-2.fc18,firefox-24.0-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17013/device-mapper-persistent-data-0.2.7-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17050/qt-4.8.5-8.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17010/kernel-3.10.12-100.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17321/thunderbird-24.0-2.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17276/freetype-2.4.10-5.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17197/polkit-0.107-6.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17203/systemd-201-2.fc18.8 The following builds have been pushed to Fedora 18 updates-testing ColPack-1.0.9-1.fc18 Mayavi-4.3.0-7.fc18 freetype-2.4.10-5.fc18 gfal-1.16.0-1.fc18 gridftp-ifce-2.3.1-1.fc18 hyperv-daemons-0-0.2.20130826git.fc18 java-1.7.0-openjdk-1.7.0.60-2.4.2.4.fc18 lcg-util-1.16.0-2.fc18 libvirt-0.10.2.8-1.fc18 mongodb-2.4.6-1.fc18 php-tcpdf-6.0.031-1.fc18 pulsecaster-0.1.9-5.fc18 python-bucky-0.2.6-2.fc18 python-libcloud-0.13.2-11.fc18 python-pyface-4.3.0-4.fc18 python-qpid-0.22-3.fc18 qpid-cpp-0.24-1.fc18 qt5-qtquick1-5.1.1-2.fc18 scribus-1.4.3-2.fc18 srm-ifce-1.18.0-1.fc18 thunderbird-24.0-2.fc18 unbound-1.4.21-1.fc18 vile-9.8k-1.fc18 Details about builds: ================================================================================ ColPack-1.0.9-1.fc18 (FEDORA-2013-17287) Algorithms for specialized vertex coloring problems -------------------------------------------------------------------------------- Update Information: ColPack is a package comprising of implementation of algorithms for specialized vertex coloring problems that arise in sparse derivative computation. It is written in an object-oriented fashion heavily using the Standard Template Library (STL). It is designed to be simple, modular, extendable and efficient. This build has openMP-support enabled. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1004760 - Review Request: ColPack - Algorithms for specialized vertex coloring problems https://bugzilla.redhat.com/show_bug.cgi?id=1004760 -------------------------------------------------------------------------------- ================================================================================ Mayavi-4.3.0-7.fc18 (FEDORA-2013-17004) Scientific data 3-dimensional visualizer -------------------------------------------------------------------------------- Update Information: * Add python-pyface-wx and python-pyface-qt packages to handle backend dependencies. * Make Mayavi depend on python-pyface-wx as it doesn't work with the Qt backend. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.3.0-7 - Add patch to fix vtkQt class loading issue (bug #1008392) * Mon Sep 16 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.3.0-6 - Require python-pyface-wx (bug #1008392) * Tue Aug 6 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.3.0-5 - Drop BR on python-setupdocs, no longer used * Fri Aug 2 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed May 22 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.3.0-3 - Use lowercase names in BR -------------------------------------------------------------------------------- ================================================================================ freetype-2.4.10-5.fc18 (FEDORA-2013-17276) A free and portable font rendering engine -------------------------------------------------------------------------------- Update Information: Fix vertical size of emboldened glyphs. See https://bugzilla.gnome.org/show_bug.cgi?id=686709 for additional info. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 20 2013 Marek Kasik <mkasik@xxxxxxxxxx> - 2.4.10-5 - Fix vertical size of emboldened glyphs -------------------------------------------------------------------------------- ================================================================================ gfal-1.16.0-1.fc18 (FEDORA-2013-17311) Grid File access library -------------------------------------------------------------------------------- Update Information: Release 1.16.0 of lcg-util -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 16 2013 Alejandro Alvarez <aalvarez@xxxxxxx> - 1.16.0-1 - Release of gfal 1.16.0 -------------------------------------------------------------------------------- ================================================================================ gridftp-ifce-2.3.1-1.fc18 (FEDORA-2013-17282) GridFTP library for FTS and lcgutil -------------------------------------------------------------------------------- Update Information: Release 2.3.1 of gridftp-ifce -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 20 2013 Adrien Devresse <adevress at cern.ch> - 2.3.1-1 - fix unversionned documentation problem - Release 2.3.1 for EPEL * Thu Mar 14 2013 Michail Salichos <msalicho at cern.ch> - 2.3.1-0 - replace globus wait with cond_timed_wait -------------------------------------------------------------------------------- ================================================================================ hyperv-daemons-0-0.2.20130826git.fc18 (FEDORA-2013-17290) HyperV daemons suite -------------------------------------------------------------------------------- Update Information: Two bugs fixed. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1010268 - hypervkvpd using wrong directory for its tools https://bugzilla.redhat.com/show_bug.cgi?id=1010268 [ 2 ] Bug #1010260 - hypervkvpd WantedBy should be multi-user.target https://bugzilla.redhat.com/show_bug.cgi?id=1010260 -------------------------------------------------------------------------------- ================================================================================ java-1.7.0-openjdk-1.7.0.60-2.4.2.4.fc18 (FEDORA-2013-17304) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: fix build on arches where Zero VM is used Improved buildver/updatever handling. Fixed java -version output Unluckily the leading 60 have to be kept (will be valid in one month) -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 19 2013 Dan Horák <dan[at]danny.cz> - 1.7.0.40-2.4.2.4.f18 - don't apply more patches on ARM * Thu Sep 19 2013 Dan Horák <dan[at]danny.cz> - 1.7.0.40-2.4.2.3.f18 - don't apply the size_t patch on ARM * Thu Sep 19 2013 Dan Horák <dan[at]danny.cz> - 1.7.0.40-2.4.2.2.f18 - fix build on zero arches (Andrew Hughes <gnu.andrew@xxxxxxxxxx) * Wed Sep 11 2013 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.7.0.40-2.4.2.1.f18 - buildver replaced by updatever - buildver reset to 60 - updatever set to 40 - added JDK_BUILD_NUMBER=b`printf "%02d" buildver to make parameters - buildversion included in id - desktop icons extracted to text files -------------------------------------------------------------------------------- References: [ 1 ] Bug #1008988 - build on s390 (32-bit) uses -m64 option https://bugzilla.redhat.com/show_bug.cgi?id=1008988 -------------------------------------------------------------------------------- ================================================================================ lcg-util-1.16.0-2.fc18 (FEDORA-2013-17326) Command line tools for wlcg storage system -------------------------------------------------------------------------------- Update Information: Release 1.16.0 of lcg-util -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 19 2013 Adrien Devresse <adevress at cern.ch> - 1.16.0-2 - Change default doc path to unversionned - Release 1.16.0 of lcg-util -------------------------------------------------------------------------------- ================================================================================ libvirt-0.10.2.8-1.fc18 (FEDORA-2013-17305) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Rebased to version 0.10.2.8 * CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332) * CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667) * CVE-2013-4291: Supplementary groups handling (bz #1006509, bz #1006511) * Fix LXC container creation if selinux disabled (bz #977114) * Fix virsh change-media with block disk type (bz #951192) -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 20 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 0.10.2.8-1 - Rebased to version 0.10.2.8 - CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332) - CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667) - CVE-2013-4291: Supplementary groups handling (bz #1006509, bz #1006511) - Fix LXC container creation if selinux disabled (bz #977114) - Fix virsh change-media with block disk type (bz #951192) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1005332 - CVE-2013-4311 libvirt: insecure calling of polkit https://bugzilla.redhat.com/show_bug.cgi?id=1005332 [ 2 ] Bug #1006173 - CVE-2013-4296 libvirt: invalid free in remoteDispatchDomainMemoryStats https://bugzilla.redhat.com/show_bug.cgi?id=1006173 [ 3 ] Bug #1006509 - CVE-2013-4291 libvirt: supplementary groups not adjusted correctly when parsing label https://bugzilla.redhat.com/show_bug.cgi?id=1006509 -------------------------------------------------------------------------------- ================================================================================ mongodb-2.4.6-1.fc18 (FEDORA-2013-17286) High-performance, schema-free document-oriented database -------------------------------------------------------------------------------- Update Information: Update to 2.4.6, fix several bugs (#971595,979784,972904) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ php-tcpdf-6.0.031-1.fc18 (FEDORA-2013-17291) PHP class for generating PDF documents -------------------------------------------------------------------------------- Update Information: Upstream changelog: 6.0.031 (2013-09-18) - Bug #836 "Optional EOL marker before endstream" was fixed. - Some additional controls were added to avoid "division by zero" error with badly formatted input. 6.0.030 (2013-09-17) - Bug #835 "PDF417 and Cyrilic simbols" was fixed. 6.0.029 (2013-09-15) - Constants K_TCPDF_PARSER_THROW_EXCEPTION_ERROR and K_TCPDF_PARSER_IGNORE_DECODING_ERRORS where removed in favor of a new configuration array in the TCPDF_PARSER class. - The TCPDF_PARSER class can now be configured using the new $cfg parameter. 6.0.028 (2013-09-15) - A debug print_r was removed form tcpdf_parser.php. - TCPDF_FILTERS class now throws an exception in case of error. - TCPDF_PARSER class now throws an exception in case of error unless you define the constant K_TCPDF_PARSER_THROW_EXCEPTION_ERROR to false. - The constant K_TCPDF_PARSER_IGNORE_DECODING_ERRORS can be set to tru eto ignore decoding errors on TCPDF_PARSER. 6.0.027 (2013-09-14) - A bug in tcpdf_parser wen parsing hexadecimal strings was fixed. - A bug in tcpdf_parser wen looking for statxref was fixed. - A bug on RC4 encryption was fixed. 6.0.026 (2013-09-14) - A bug in tcpdf_parser wen decoding streams was fixed. 6.0.025 (2013-09-04) - A pregSplit() bug was fixed. - Improved content loading from URLs. - Improved font path loading. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 19 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 6.0.031-1 - update to 6.0.031 -------------------------------------------------------------------------------- ================================================================================ pulsecaster-0.1.9-5.fc18 (FEDORA-2013-17319) A PulseAudio-based podcast recorder -------------------------------------------------------------------------------- Update Information: This update provides improved translations for a number of languages from upstream. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 20 2013 Paul W. Frields <stickster@xxxxxxxxx> - 0.1.9-5 - Updated translations from upstream * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-bucky-0.2.6-2.fc18 (FEDORA-2013-17288) CollectD and StatsD adapter for Graphite -------------------------------------------------------------------------------- Update Information: Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 19 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.2.6-2 - Update requires (RHBZ#953834) * Tue Sep 17 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.2.6-1 - Update to 0.2.6 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #953834 - missing dependencies python-setuptools collectd https://bugzilla.redhat.com/show_bug.cgi?id=953834 -------------------------------------------------------------------------------- ================================================================================ python-libcloud-0.13.2-11.fc18 (FEDORA-2013-17318) A Python library to address multiple cloud provider APIs -------------------------------------------------------------------------------- Update Information: Some bugfixes from Upstream -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 19 2013 Daniel Bruno <dbruno@xxxxxxxxxxxxxxxxx> - 0.13.2-11 - Some bug fixes from Upstream -------------------------------------------------------------------------------- ================================================================================ python-pyface-4.3.0-4.fc18 (FEDORA-2013-17004) Generic User Interface objects -------------------------------------------------------------------------------- Update Information: * Add python-pyface-wx and python-pyface-qt packages to handle backend dependencies. * Make Mayavi depend on python-pyface-wx as it doesn't work with the Qt backend. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 16 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.3.0-4 - Create dummy backend packages to express dependencies * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-qpid-0.22-3.fc18 (FEDORA-2013-17316) Python client library for AMQP -------------------------------------------------------------------------------- Update Information: Created the python-qpid-common subpackage. Removed the unit tests. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 17 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.22-3 - Added the python-qpid-common subpackage * Tue Sep 17 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.22-2 - Removed the set of unit tests from the installed package. - Resolves: BZ#1008877 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1008877 - python-qpid package contains unittest files https://bugzilla.redhat.com/show_bug.cgi?id=1008877 -------------------------------------------------------------------------------- ================================================================================ qpid-cpp-0.24-1.fc18 (FEDORA-2013-17306) Libraries for Qpid C++ client applications -------------------------------------------------------------------------------- Update Information: Rebased on Qpid 0.24. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 20 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-1 - Rebased on Qpid 0.24. - Relocated qpidd.conf to /etc/qpid - Trimmed old changelog entries due to bogus date complaints. - Added fixes to support ARM as a primary platform. - Build depends on qpid-proton 0.5. - QPID-4938: Stop building ssl and acl support as separate plugin modules on Unix - Cleaner encoding of index for delivery tags - QPID-5122 - QPID-5123: Changes to Fedora 19 packaging of libdb4 prevents legacystore from building - QPID-5016: Legacy store not correctly initialising rmgr - QPID-5126: Fix for building legacy store on ARM platforms -------------------------------------------------------------------------------- ================================================================================ qt5-qtquick1-5.1.1-2.fc18 (FEDORA-2013-17308) A declarative language for describing user interfaces in Qt5 -------------------------------------------------------------------------------- Update Information: A declarative language for describing user interfaces in Qt5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #915907 - Review Request: qt5-qtquick1 - A declarative language for describing user interfaces in Qt5 https://bugzilla.redhat.com/show_bug.cgi?id=915907 -------------------------------------------------------------------------------- ================================================================================ scribus-1.4.3-2.fc18 (FEDORA-2013-17298) DeskTop Publishing application written in Qt -------------------------------------------------------------------------------- Update Information: - fix the shape insertion tool -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 19 2013 Dan Horák <dan[at]danny.cz> - 1.4.3-2 - fix the double patch (#1009979) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009979 - scribus-to-double patch breaks shape insertion tool https://bugzilla.redhat.com/show_bug.cgi?id=1009979 -------------------------------------------------------------------------------- ================================================================================ srm-ifce-1.18.0-1.fc18 (FEDORA-2013-17297) SRM client side library -------------------------------------------------------------------------------- Update Information: Release 1.18.0 for srm-ifce -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 20 2013 Adrien Devresse <adevress at cern.ch> - 1.18.0-1 - Release srm-ifce 1.18.0 * Mon Aug 19 2013 Alejandro Alvarez <aalvarez at cern.ch> - 1.17.0-0 - Release srm-ifce 1.17.0 -------------------------------------------------------------------------------- ================================================================================ thunderbird-24.0-2.fc18 (FEDORA-2013-17321) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Martin Stransky <stransky@xxxxxxxxxx> - 24.0-2 - Added arm build fix * Mon Sep 16 2013 Jan Horak <jhorak@xxxxxxxxxx> - 24.0-1 - Update to 24.0 -------------------------------------------------------------------------------- ================================================================================ unbound-1.4.21-1.fc18 (FEDORA-2013-17310) Validating, recursive, and caching DNS(SEC) resolver -------------------------------------------------------------------------------- Update Information: Various minor bugfixes, new max-udp-size: 3072 option to reduce harm caused by DNS Amplification attacks -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 19 2013 Paul Wouters <pwouters@xxxxxxxxxx> - 1.4.21-1 - Updated to 1.4.21 - Remove unbound-rootkey.service (happens via cron in unbound-libs) - Enabled new max-udp-size: 3072 (so ANY isc.org won't fit) - Removed patched merged in by upstream - Enable statistics-cumulative for munin-plugin - Added outgoing-port-avoid: 0-32767 conformant to SElinux restrictions - Updated unbound.conf -------------------------------------------------------------------------------- ================================================================================ vile-9.8k-1.fc18 (FEDORA-2013-17312) VI Like Emacs -------------------------------------------------------------------------------- Update Information: upgrade to 9.8k -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 11 2013 Mark McKinstry <mmckinst@xxxxxxxxxxx> - 9.8k-1 - upgrade to 9.8k (BZ#983023) -------------------------------------------------------------------------------- References: [ 1 ] Bug #983023 - vile-9.8k is available https://bugzilla.redhat.com/show_bug.cgi?id=983023 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
