The following Fedora 18 Security updates need testing: Age URL 159 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 71 https://admin.fedoraproject.org/updates/FEDORA-2013-13131/livecd-tools-18.17-1.fc18 55 https://admin.fedoraproject.org/updates/FEDORA-2013-14005/zabbix-2.0.6-3.fc18 42 https://admin.fedoraproject.org/updates/FEDORA-2013-14794/filezilla-3.7.3-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-17047/xulrunner-24.0-2.fc18,firefox-24.0-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-17112/hplip-3.13.9-2.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-17016/icedtea-web-1.4.1-0.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-17305/libvirt-0.10.2.8-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-17366/seamonkey-2.21-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-17375/xpdf-3.03-8.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17443/ReviewBoard-1.7.14-1.fc18,python-djblets-0.7.18-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-17583/rtkit-0.11-7.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17649/rubygems-1.8.25-8.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 228 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-16676/gnome-abrt-0.3.1-1.fc18,abrt-2.1.7-1.fc18,libreport-2.1.7-1.fc18,satyr-0.9-1.fc18 10 https://admin.fedoraproject.org/updates/FEDORA-2013-16816/gdisk-0.8.7-2.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-17013/device-mapper-persistent-data-0.2.7-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-17371/ibus-1.5.4-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-17583/rtkit-0.11-7.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17624/selinux-policy-3.11.1-104.fc18 The following builds have been pushed to Fedora 18 updates-testing graphite-web-0.9.12-3.fc18 libuv-0.10.17-1.fc18 mfiler4-1.2.6-1.fc18 munin-2.0.17-6.fc18 nodejs-0.10.19-1.fc18 python-bucky-0.2.6-3.fc18 python-carbon-0.9.12-2.fc18 qt5-qtbase-5.1.1-5.fc18 rubygems-1.8.25-8.fc18 selinux-policy-3.11.1-104.fc18 telepathy-gabble-0.16.7-1.fc18 wireshark-1.10.2-4.fc18 xyzsh-1.5.1-1.fc18 Details about builds: ================================================================================ graphite-web-0.9.12-3.fc18 (FEDORA-2013-17597) A Django webapp for enterprise scalable realtime graphing -------------------------------------------------------------------------------- Update Information: Tested against ami-05355a6c. Don't ship js/ext/resources/*.swf (RHBZ#1000253) Don't ship js/ext/resources/*.swf (RHBZ#1000253) Don't ship js/ext/resources/*.swf (RHBZ#1000253) Don't ship js/ext/resources/*.swf (RHBZ#1000253) -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.9.12-3 - Reorder Requires conditionals to fix amzn1 issues (RHBZ#1007300) - Ensure python-whisper is also updated * Tue Sep 17 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.9.12-2 - Don't ship js/ext/resources/*.swf (RHBZ#1000253) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007300 - Installation on AWS (CentOS) fails https://bugzilla.redhat.com/show_bug.cgi?id=1007300 [ 2 ] Bug #1000253 - graphite-web contains bundled Flash files https://bugzilla.redhat.com/show_bug.cgi?id=1000253 -------------------------------------------------------------------------------- ================================================================================ libuv-0.10.17-1.fc18 (FEDORA-2013-17654) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: 2013.09.24, node.js Version 0.10.19 (Stable) * readline: handle input starting with control chars (Eric Schrock) * configure: add mips-float-abi (soft, hard) option (Andrei Sedoi) * stream: objectMode transforms allow falsey values (isaacs) * tls: prevent duplicate values returned from read (Nathan Rajlich) * tls: NPN protocols are now local to connections (Fedor Indutny) 2013.09.25, libuv Version 0.10.17 (Stable) * build: remove GCC_WARN_ABOUT_MISSING_NEWLINE (Ben Noordhuis) * darwin: fix 10.6 build error in fsevents.c (Ben Noordhuis) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:0.10.17-1 - new upstream release 0.10.17 https://github.com/joyent/libuv/blob/v0.10.17/ChangeLog -------------------------------------------------------------------------------- ================================================================================ mfiler4-1.2.6-1.fc18 (FEDORA-2013-17621) 2 pane file manager with a embedded shell -------------------------------------------------------------------------------- Update Information: New version 1.2.6 is released. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.6-1 - 1.2.6 -------------------------------------------------------------------------------- ================================================================================ munin-2.0.17-6.fc18 (FEDORA-2013-17634) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information: BZ# 989080 Add a missing requirement on crontabs to spec file BZ# 993985: munin possibly affected by F-20 unversioned docdir change Move Net::IP plugins to a subpackage for dep handling -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 D. Johnson <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.17-6 - Move Net::IP plugins to a subpackage for dep handling * Fri Aug 16 2013 D. Johnson <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.17-5 - BZ# 993985: munin possibly affected by F-20 unversioned docdir change * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.17-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Aug 1 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 2.0.17-3 - Perl 5.18 rebuild * Sat Jul 27 2013 Jóhann B. Guðmundsson <johannbg@xxxxxxxxxxxxxxxxx> - 2.0.17-2 - BZ# 989080 Add a missing requirement on crontabs to spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #989080 - Add a missing requirement on crontabs for the cron job to the spec file https://bugzilla.redhat.com/show_bug.cgi?id=989080 [ 2 ] Bug #993985 - munin possibly affected by F-20 unversioned docdir change https://bugzilla.redhat.com/show_bug.cgi?id=993985 -------------------------------------------------------------------------------- ================================================================================ nodejs-0.10.19-1.fc18 (FEDORA-2013-17654) JavaScript runtime -------------------------------------------------------------------------------- Update Information: 2013.09.24, node.js Version 0.10.19 (Stable) * readline: handle input starting with control chars (Eric Schrock) * configure: add mips-float-abi (soft, hard) option (Andrei Sedoi) * stream: objectMode transforms allow falsey values (isaacs) * tls: prevent duplicate values returned from read (Nathan Rajlich) * tls: NPN protocols are now local to connections (Fedor Indutny) 2013.09.25, libuv Version 0.10.17 (Stable) * build: remove GCC_WARN_ABOUT_MISSING_NEWLINE (Ben Noordhuis) * darwin: fix 10.6 build error in fsevents.c (Ben Noordhuis) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.19-1 - new upstream release 0.10.19 http://blog.nodejs.org/2013/09/24/node-v0-10-19-stable/ -------------------------------------------------------------------------------- ================================================================================ python-bucky-0.2.6-3.fc18 (FEDORA-2013-17652) CollectD and StatsD adapter for Graphite -------------------------------------------------------------------------------- Update Information: Update requires (RHBZ#953834), adding python-setuptools Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.2.6-3 - Update requires (RHBZ#953834), adding python-setuptools * Thu Sep 19 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.2.6-2 - Update requires (RHBZ#953834) * Tue Sep 17 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.2.6-1 - Update to 0.2.6 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #953834 - missing dependencies python-setuptools collectd https://bugzilla.redhat.com/show_bug.cgi?id=953834 -------------------------------------------------------------------------------- ================================================================================ python-carbon-0.9.12-2.fc18 (FEDORA-2013-17606) Back-end data caching and persistence daemon for Graphite -------------------------------------------------------------------------------- Update Information: Add strict python-whisper Requires (RHBZ#1010432), Don't cleanup user and user data on package remove (RHBZ#1010430) -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.9.12-2 - Add strict python-whisper Requires (RHBZ#1010432) - Don't cleanup user and user data on package remove (RHBZ#1010430) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1010432 - python-carbon-0.9.12 should require python-whisper >= 0.9.12 https://bugzilla.redhat.com/show_bug.cgi?id=1010432 [ 2 ] Bug #1010430 - python-carbon deletes user-created data on uninstall; shouldn't per packaging guidelines https://bugzilla.redhat.com/show_bug.cgi?id=1010430 -------------------------------------------------------------------------------- ================================================================================ qt5-qtbase-5.1.1-5.fc18 (FEDORA-2013-17626) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information: fix big endian builds -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2013 Dan Horák <dan[at]danny.cz> - 5.1.1-5 - fix big endian builds * Wed Sep 11 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.1.1-4 - macros.qt5: use newer location, use unexpanded macros * Sat Sep 7 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.1.1-3 - ExcludeArch: ppc64 ppc (#1005482) * Fri Sep 6 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.1.1-2 - BR: pkgconfig(libudev) pkgconfig(xkbcommon) pkgconfig(xcb-xkb) -------------------------------------------------------------------------------- ================================================================================ rubygems-1.8.25-8.fc18 (FEDORA-2013-17649) The Ruby standard for packaging ruby libraries -------------------------------------------------------------------------------- Update Information: Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as CVE-2013-4363. A packaging bug was found that a directory was not properly owned. This new rpm will fix this issue. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.8.25-8 - Patch for CVE-2013-4363 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.11.1-104.fc18 (FEDORA-2013-17624) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.10.1-104 - Add back selinux-policy-{minimum,mls} pkgs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1004075 - SELinux is preventing /usr/bin/htop from using the 'getsched' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=1004075 [ 2 ] Bug #1009273 - SELinux is preventing /usr/sbin/nginx from 'append' accesses on the file /srv/www/etcspl/logs/error.log. https://bugzilla.redhat.com/show_bug.cgi?id=1009273 [ 3 ] Bug #1011108 - cannot update to selinux-policy-3.11.1-103.fc18 https://bugzilla.redhat.com/show_bug.cgi?id=1011108 -------------------------------------------------------------------------------- ================================================================================ telepathy-gabble-0.16.7-1.fc18 (FEDORA-2013-17592) A Jabber/XMPP connection manager -------------------------------------------------------------------------------- Update Information: Latest stable relese that improves interoperability with Facebook's XMPP server. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 0.16.7-1 - Update to 0.16.7. -------------------------------------------------------------------------------- ================================================================================ wireshark-1.10.2-4.fc18 (FEDORA-2013-17635) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: dumpcap now stores temporary capture files in /var/tmp * Convert automake/pkgconfig files into patches (better upstream integration) * Restored category in the *.desktop file * Install another one necessary header file - frame_data_sequence.h * Add basic OpenFlow dissector * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Enhance desktop integration (*.desktop and MIME-related files) * Add basic OpenFlow dissector * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Enhance desktop integration (*.desktop and MIME-related files) * Add basic OpenFlow dissector * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Ver. 1.10.2 * Various security fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.2-4 - move default temporary directory to /var/tmp * Thu Sep 12 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10.2-3 - Fix building on Fedora 18 (no perl-podlators) * Thu Sep 12 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10.2-2 - Add an OpenFlow dissector * Wed Sep 11 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10-2-1 - Ver. 1.10.2 - Actually remove the console helper * Mon Sep 9 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10.1-1 - Ver. 1.10.1 - Backported rtpproxy dissector module * Wed Sep 4 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.0-11 - fix missing ws_symbol_export.h * Wed Sep 4 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.0-10 - fix tap iostat overflow * Wed Sep 4 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.0-9 - fix sctp bytes graph crash * Wed Sep 4 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.0-8 - fix string overrun in plugins/profinet * Tue Sep 3 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.0-7 - fix BuildRequires - libgcrypt-devel * Tue Sep 3 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.0-6 - fix build parameter -fstack-protector-all * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.10.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jun 24 2013 Peter Hatina <phatina@xxxxxxxxxx> 1.10.0-4 - fix pod2man build error * Mon Jun 24 2013 Peter Hatina <phatina@xxxxxxxxxx> 1.10.0-3 - fix bogus date -------------------------------------------------------------------------------- References: [ 1 ] Bug #990155 - CVE-2013-4920 wireshark: DoS (application crash) in the P1 dissector (wnpa-sec-2013-42) https://bugzilla.redhat.com/show_bug.cgi?id=990155 [ 2 ] Bug #990156 - CVE-2013-4921 wireshark: Off-by-one (application crash) in the Radiotap dissector (wnpa-sec-2013-43) https://bugzilla.redhat.com/show_bug.cgi?id=990156 [ 3 ] Bug #990157 - CVE-2013-4922 wireshark: Double-free in the DCOM ISystemActivator dissector (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990157 [ 4 ] Bug #990160 - CVE-2013-4923 wireshark: Memory leak (DoS, memory consumption) in the DCOM ISystemActivator dissector (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990160 [ 5 ] Bug #990163 - CVE-2013-4924 wireshark: Assertion failure in the DCOM ISystemActivator dissector (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990163 [ 6 ] Bug #990164 - CVE-2013-4925 wireshark: Integer signedness error in the DCOM ISystemActivator dissector (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990164 [ 7 ] Bug #990165 - CVE-2013-4926 wireshark: DoS in the DCOM ISystemActivator dissector due improper remaining data to process presence check (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990165 [ 8 ] Bug #990166 - CVE-2013-4927 wireshark: Integer signedness error in the Bluetooth SDP dissector (wnpa-sec-2013-45) https://bugzilla.redhat.com/show_bug.cgi?id=990166 [ 9 ] Bug #972679 - CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32) https://bugzilla.redhat.com/show_bug.cgi?id=972679 [ 10 ] Bug #972680 - CVE-2013-4075 wireshark: DoS (crash) in the GMR-1 BCCH dissector (wnpa-sec-2013-33) https://bugzilla.redhat.com/show_bug.cgi?id=972680 [ 11 ] Bug #972681 - CVE-2013-4076 wireshark: Invalid free in the PPP dissector (wnpa-sec-2013-34) https://bugzilla.redhat.com/show_bug.cgi?id=972681 [ 12 ] Bug #972682 - CVE-2013-4077 wireshark: Array index error in the NBAP dissector (wnpa-sec-2013-35) https://bugzilla.redhat.com/show_bug.cgi?id=972682 [ 13 ] Bug #972683 - CVE-2013-4078 wireshark: DoS (infinite loop) in the RDP dissector (wnpa-sec-2013-36) https://bugzilla.redhat.com/show_bug.cgi?id=972683 [ 14 ] Bug #972684 - CVE-2013-4079 wireshark: DoS (infinite loop, application hang) in the GSM CBCH dissector (wnpa-sec-2013-37) https://bugzilla.redhat.com/show_bug.cgi?id=972684 [ 15 ] Bug #972685 - CVE-2013-4080 wireshark: DoS (infinite loop, CPU & memory consumption) in the Assa Abloy R3 dissector (wnpa-sec-2013-38) https://bugzilla.redhat.com/show_bug.cgi?id=972685 [ 16 ] Bug #972686 - CVE-2013-4081 wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39) https://bugzilla.redhat.com/show_bug.cgi?id=972686 [ 17 ] Bug #972687 - CVE-2013-4082 wireshark: Heap-based buffer overflow in the Ixia IxVeriWave file parser (wnpa-sec-2013-40) https://bugzilla.redhat.com/show_bug.cgi?id=972687 [ 18 ] Bug #972688 - CVE-2013-4083 wireshark: Invalid free in the DCP ETSI dissector (wnpa-sec-2013-41) https://bugzilla.redhat.com/show_bug.cgi?id=972688 [ 19 ] Bug #990167 - CVE-2013-4928 wireshark: Integer signedness error in the Bluetooth OBEX dissector (wnpa-sec-2013-46) https://bugzilla.redhat.com/show_bug.cgi?id=990167 [ 20 ] Bug #990168 - CVE-2013-4929 wireshark: DoS (infinite loop) in the DIS dissector (wnpa-sec-2013-47) https://bugzilla.redhat.com/show_bug.cgi?id=990168 [ 21 ] Bug #990169 - CVE-2013-4930 wireshark: Assertion failure in the DVB-CI dissector (wnpa-sec-2013-48) https://bugzilla.redhat.com/show_bug.cgi?id=990169 [ 22 ] Bug #990170 - CVE-2013-4931 wireshark: DoS (infinite loop) in the GSM RR dissector (wnpa-sec-2013-49) https://bugzilla.redhat.com/show_bug.cgi?id=990170 [ 23 ] Bug #990172 - CVE-2013-4932 wireshark: Multiple array index errors in the GSM A Common dissector (wnpa-sec-2013-50) https://bugzilla.redhat.com/show_bug.cgi?id=990172 [ 24 ] Bug #990175 - CVE-2013-4933 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) https://bugzilla.redhat.com/show_bug.cgi?id=990175 [ 25 ] Bug #990178 - CVE-2013-4934 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) (A different flaw than CVE-2013-4933) https://bugzilla.redhat.com/show_bug.cgi?id=990178 [ 26 ] Bug #990179 - CVE-2013-4935 wireshark: DoS (application crash) in the ASN.1 PER dissector (wnpa-sec-2013-52) https://bugzilla.redhat.com/show_bug.cgi?id=990179 [ 27 ] Bug #965111 - wireshark: DoS (infinite loop) in the MySQL dissector (wnpa-sec-2013-30, upstream #8458) https://bugzilla.redhat.com/show_bug.cgi?id=965111 [ 28 ] Bug #965190 - CVE-2013-3559 wireshark: DoS (crash) in the DCP ETSI dissector (wnpa-sec-2013-27, upstream #8231, #8540, #8541) https://bugzilla.redhat.com/show_bug.cgi?id=965190 [ 29 ] Bug #965192 - CVE-2013-3558 wireshark: DoS (crash) in the PPP CCP dissector (wnpa-sec-2013-26, upstream #8638) https://bugzilla.redhat.com/show_bug.cgi?id=965192 [ 30 ] Bug #965193 - CVE-2013-3557 wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599) https://bugzilla.redhat.com/show_bug.cgi?id=965193 [ 31 ] Bug #965194 - CVE-2013-3555 wireshark: DoS (crash) in the GTPv2 dissector (wnpa-sec-2013-24, upstream #8493) https://bugzilla.redhat.com/show_bug.cgi?id=965194 [ 32 ] Bug #965195 - wireshark: DoS (excessive CPU consumption) in the RELOAD dissector (wnpa-sec-2013-23, upstream #8362, #8546) https://bugzilla.redhat.com/show_bug.cgi?id=965195 [ 33 ] Bug #965110 - wireshark: DoS (large loop) in the ETCH dissector (wnpa-sec-2013-31, upstream #8464) https://bugzilla.redhat.com/show_bug.cgi?id=965110 [ 34 ] Bug #965112 - CVE-2013-3562 wireshark: DoS (stack overflow, crash) in the Websocket dissector (wnpa-sec-2013-29, upstream #8448, #8499) https://bugzilla.redhat.com/show_bug.cgi?id=965112 [ 35 ] Bug #965186 - CVE-2013-3560 wireshark: DoS (crash) in the MPEG DSM-CC dissector (wnpa-sec-2013-28, upstream #8481) https://bugzilla.redhat.com/show_bug.cgi?id=965186 -------------------------------------------------------------------------------- ================================================================================ xyzsh-1.5.1-1.fc18 (FEDORA-2013-17641) Interactive shell and text processing tool -------------------------------------------------------------------------------- Update Information: New version 1.5.1 is released. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.5.1-1 - 1.5.1 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
