The following Fedora 18 Security updates need testing: Age URL 169 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 16 https://admin.fedoraproject.org/updates/FEDORA-2013-17112/hplip-3.13.9-2.fc18 15 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-17366/seamonkey-2.21-1.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-17583/rtkit-0.11-7.fc18 9 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-17912/chicken-4.8.0.4-4.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-17904/fedmsg-0.7.1-2.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-18049/php-pecl-xhprof-0.9.4-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-18251/polarssl-1.2.9-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18401/fping-3.5-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18347/elinks-0.12-0.33.pre6.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18373/xen-4.2.3-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18364/kernel-3.10.14-100.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18348/zabbix-2.0.8-3.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 238 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-17583/rtkit-0.11-7.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-18164/perl-threads-1.89-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-18050/gdb-7.5.1-43.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-18276/dnsmasq-2.65-8.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18383/thunderbird-24.0-3.fc18,thunderbird-lightning-2.6-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18364/kernel-3.10.14-100.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18350/icu-49.1.1-11.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18392/nspr-4.10.1-1.fc18,nss-3.15.2-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18402/keyutils-1.5.8-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18380/ibus-1.5.4-2.fc18 The following builds have been pushed to Fedora 18 updates-testing drumkv1-0.3.5-2.fc18 elinks-0.12-0.33.pre6.fc18 firewalld-0.3.6.2-1.fc18 fping-3.5-3.fc18 ghc-vector-binary-instances-0.2.1.0-2.fc18 guitarix-0.28.2-3.fc18 ibus-1.5.4-2.fc18 icu-49.1.1-11.fc18 kernel-3.10.14-100.fc18 keyutils-1.5.8-1.fc18 log4c-1.2.4-1.fc18 lv2-x42-plugins-0.1.1-0.1.20130615git7153e34.fc18 mate-desktop-1.6.2-0.2.git81c245b.fc18 mirall-1.4.1-1.fc18 nodejs-mongodb-1.3.19-1.fc18 nspr-4.10.1-1.fc18 nss-3.15.2-1.fc18 owncloud-csync-0.90.2-1.fc18 phoronix-test-suite-4.8.3-1.fc18 pytest-2.3.5-3.fc18 python-ansi2html-1.0.2-1.fc18 python-falcon-0.1.7-1.fc18 python-yapsy-1.10.2-3.fc18 qt5-qtquickcontrols-5.1.1-2.fc18 rubygem-unf-0.1.2-1.fc18 samplv1-0.3.5-1.fc18 synthv1-0.3.5-1.fc18 thunderbird-24.0-3.fc18 thunderbird-lightning-2.6-1.fc18 tzdata-2013g-1.fc18 wallaby-0.16.3-2.fc18 wallaby-0.16.3-3.fc18 xen-4.2.3-3.fc18 zabbix-2.0.8-3.fc18 Details about builds: ================================================================================ drumkv1-0.3.5-2.fc18 (FEDORA-2013-18130) An old-school drum-kit sampler -------------------------------------------------------------------------------- Update Information: This is a minor update to 0.3.5 of the V1 audio plugin suite. Refer to changelog for details. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Dan Horák <dan[at]danny.cz> 0.3.5-2 - update also src_lv2ui.pro for all 64-bit arches * Tue Oct 1 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.3.5-1 - Update to 0.3.5 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ elinks-0.12-0.33.pre6.fc18 (FEDORA-2013-18347) A text-mode Web browser -------------------------------------------------------------------------------- Update Information: - verify server certificate hostname with nss_compat_ossl (#881411) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Kamil Dudka <kdudka@xxxxxxxxxx> - 0.12-0.33.pre6 - update to latest upstream pre-release - drop unneeded patches - fix autoconf warnings - explicitly disable using OpenSSL and GnuTLS - verify server certificate hostname with nss_compat_ossl (#881411) -------------------------------------------------------------------------------- References: [ 1 ] Bug #881399 - elinks/links: does not properly verify SSL certificates https://bugzilla.redhat.com/show_bug.cgi?id=881399 -------------------------------------------------------------------------------- ================================================================================ firewalld-0.3.6.2-1.fc18 (FEDORA-2013-18352) A firewall daemon with D-BUS interface providing a dynamic firewall -------------------------------------------------------------------------------- Update Information: This is a new upstream version with big amount of new features. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Jiri Popelka <jpopelka@xxxxxxxxxx> - 0.3.6.2-1 - 0.3.6.2 -------------------------------------------------------------------------------- ================================================================================ fping-3.5-3.fc18 (FEDORA-2013-18401) Scriptable, parallelized ping-like utility -------------------------------------------------------------------------------- Update Information: Enable security hardened build. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 13 2013 Charles R. Anderson <cra@xxxxxxx> - 3.5-3 - enable _hardened_build for -fPIE (rhbz#983602) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #983602 - no hardened build https://bugzilla.redhat.com/show_bug.cgi?id=983602 -------------------------------------------------------------------------------- ================================================================================ ghc-vector-binary-instances-0.2.1.0-2.fc18 (FEDORA-2013-18362) Binary and Serialize instances for vector -------------------------------------------------------------------------------- Update Information: Binary and Serialize vector instances -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007152 - Review Request: ghc-vector-binary-instances - Binary and Serialize instances for vector https://bugzilla.redhat.com/show_bug.cgi?id=1007152 -------------------------------------------------------------------------------- ================================================================================ guitarix-0.28.2-3.fc18 (FEDORA-2013-18356) Mono amplifier to JACK -------------------------------------------------------------------------------- Update Information: This update of guitarix 0.28.2 provides a number of bugfixes and enhancements -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.28.2-3 - Add missing avahi-gobject-devel * Fri Oct 4 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.28.2-2 - Add gperf BR * Sun Sep 29 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.28.2-1 - Update to 0.28.2 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.27.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sat Jul 27 2013 pmachata@xxxxxxxxxx - 0.27.1-2 - Rebuild for boost 1.54.0 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.4-2.fc18 (FEDORA-2013-18380) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: ibus-chewing can change the orientation with ibus-setup. password chars are hid in gnome-shell password dialog with ibus-anthy. This update fixes IME state per window and showing ibus icon on ibus-setup. ibus-wayland is available in f20 or later. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.4-2 - Added ibus-HEAD.patch to sync upstream. * Fri Sep 20 2013 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.4-1 - Bumped to 1.5.4 - Added ibus.conf.5 - Added ibus-xkb-1.5.0.tar.gz for po files. - Added ibus-xx-f19-password.patch for back compatibility. - Added ibus-wayland in f20 or later. * Fri Jul 26 2013 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.3-1 - Bumped to 1.5.3 - Deleted ibus-xx-g-s-disable-preedit.patch as EOL. - Deleted ibus-gjs as EOL. - Removed imsettings-gnome, im-chooser, libgnomekbd dependencies. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1012781 - Please use lookup table orientation of ibus-setup when ime doesn't specified it. https://bugzilla.redhat.com/show_bug.cgi?id=1012781 [ 2 ] Bug #1013948 - Even for engines which do already check IBus.InputPurpose.PASSWORD, sometimes the engine is enabled in the password entry field of the lock screen of gnome3 https://bugzilla.redhat.com/show_bug.cgi?id=1013948 [ 3 ] Bug #847726 - ibus uses same input method for each application https://bugzilla.redhat.com/show_bug.cgi?id=847726 [ 4 ] Bug #988780 - incorrect-fsf-address for many source files https://bugzilla.redhat.com/show_bug.cgi?id=988780 [ 5 ] Bug #1004135 - ibus: cannot enter ASCII text into gnome applications when using ssh https://bugzilla.redhat.com/show_bug.cgi?id=1004135 -------------------------------------------------------------------------------- ================================================================================ icu-49.1.1-11.fc18 (FEDORA-2013-18350) International Components for Unicode -------------------------------------------------------------------------------- Update Information: added %{?_isa} to Requires for multi-arch systems -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Eike Rathke <erack@xxxxxxxxxx> - 49.1.1-11 - added (x86-64) to Requires for multi-arch systems -------------------------------------------------------------------------------- ================================================================================ kernel-3.10.14-100.fc18 (FEDORA-2013-18364) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.10.14 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> 3.10.14-100 - Linux v3.10.14 * Thu Oct 3 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2013-4387 ipv6: panic when UFO=On for an interface (rhbz 1011927 1015166) * Mon Sep 30 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Drop VC_MUTE patch (rhbz 859485) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1011927 - CVE-2013-4387 Kernel: net: IPv6: panic when UFO=On for an interface https://bugzilla.redhat.com/show_bug.cgi?id=1011927 -------------------------------------------------------------------------------- ================================================================================ keyutils-1.5.8-1.fc18 (FEDORA-2013-18402) Linux Key Management Utilities -------------------------------------------------------------------------------- Update Information: The new library symbols should be in a new library minor version. Add support for getting per-UID persistent keyrings (if supported by kernel) and add support for specifying key-by-name rather than key-by-ID on command line Add provisional support for persistent keyrings Add support for getting per-UID persistent keyrings (if supported by kernel) and add support for specifying key-by-name rather than key-by-ID on command line Add provisional support for persistent keyrings Add support for getting per-UID persistent keyrings (if supported by kernel) and add support for specifying key-by-name rather than key-by-ID on command line Add provisional support for persistent keyrings -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 David Howells <dhowells@xxxxxxxxxx> - 1.5.8-1 - New lib symbols should go in a new library minor version. * Wed Oct 2 2013 David Howells <dhowells@xxxxxxxxxx> - 1.5.7-1 - Provide a utility function to find a key by type and name. - Allow keyctl commands to take a type+name arg instead of a key-id arg. - Add per-UID get_persistent keyring function. -------------------------------------------------------------------------------- ================================================================================ log4c-1.2.4-1.fc18 (FEDORA-2013-18360) Library for logging application messages -------------------------------------------------------------------------------- Update Information: This release provides new layouts using local time and various maintenance work and improvements. Public API functions with format strings are marked by GNU C format attribute. New log4c-doc subpackage has been added. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 3 2013 František Dvořák <valtri@xxxxxxxxxx> - 1.2.4-1 - Release log4c 1.2.4 - Add -doc subpackage * Sun Jul 28 2013 Ville Skyttä <ville.skytta@xxxxxx> - 1.2.3-2 - Simplify install of docs. -------------------------------------------------------------------------------- ================================================================================ lv2-x42-plugins-0.1.1-0.1.20130615git7153e34.fc18 (FEDORA-2013-18342) A number of LV2 plugins -------------------------------------------------------------------------------- Update Information: x42-plugins is a collection of LV2 plugins including a MIDI-filter, fader, convolver and no delay -------------------------------------------------------------------------------- References: [ 1 ] Bug #1003768 - Review Request: lv2-x42-plugins - a collection of LV2 audio plugins https://bugzilla.redhat.com/show_bug.cgi?id=1003768 -------------------------------------------------------------------------------- ================================================================================ mate-desktop-1.6.2-0.2.git81c245b.fc18 (FEDORA-2013-18397) Shared code for mate-panel, mate-session, mate-file-manager, etc -------------------------------------------------------------------------------- Update Information: Fix obsoletes tag -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.6.2-0.2.git81c245b - Get rid of obsoletes tag as we no longer need it. (#1015335) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1015335 - mate-desktop obsoletes itself https://bugzilla.redhat.com/show_bug.cgi?id=1015335 -------------------------------------------------------------------------------- ================================================================================ mirall-1.4.1-1.fc18 (FEDORA-2013-18344) The ownCloud Client -------------------------------------------------------------------------------- Update Information: Update to 1.4.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 <jmarrero@xxxxxxxxxxxxxxxxx> 1.4.1-1 - Update to version 1.4.1 * Wed Sep 4 2013 <jmarrero@xxxxxxxxxxxxxxxxx> 1.4.0-2 - Add qtwebkit-devel dependency * Wed Sep 4 2013 <jmarrero@xxxxxxxxxxxxxxxxx> 1.4.0-1 - Update to version 1.4.0 - Update URL * Sun Aug 18 2013 <jmarrero@xxxxxxxxxxxxxxxxx> 1.4.0beta2-1 - Update to testing version 1.4.0beta2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1005538 - mirall-1.4.0-2 not built with $RPM_OPT_FLAGS https://bugzilla.redhat.com/show_bug.cgi?id=1005538 [ 2 ] Bug #1010740 - [abrt] mirall-1.4.0-2.fc19: __strlen_sse2: Process /usr/bin/owncloud was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1010740 [ 3 ] Bug #1015723 - Bump to 1.4.* in F18 https://bugzilla.redhat.com/show_bug.cgi?id=1015723 -------------------------------------------------------------------------------- ================================================================================ nodejs-mongodb-1.3.19-1.fc18 (FEDORA-2013-18365) A node driver for MongoDB -------------------------------------------------------------------------------- Update Information: Newpackage -------------------------------------------------------------------------------- ================================================================================ nspr-4.10.1-1.fc18 (FEDORA-2013-18392) Netscape Portable Runtime -------------------------------------------------------------------------------- Update Information: This update rebases nss, nss-softokn, and nss-util to nss-3.15.2 and the nspr to nspr-4.10.1. This release includes security-relevant fixes (CVE-2013-1739). Detailed upstream release notes are available at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes For a full list of bugs resolved in the upstream release see https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238cd -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 26 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 4.10.1-1 - Update to NSPR_4_10_1_RTM * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.10.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ nss-3.15.2-1.fc18 (FEDORA-2013-18392) Network Security Services -------------------------------------------------------------------------------- Update Information: This update rebases nss, nss-softokn, and nss-util to nss-3.15.2 and the nspr to nspr-4.10.1. This release includes security-relevant fixes (CVE-2013-1739). Detailed upstream release notes are available at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes For a full list of bugs resolved in the upstream release see https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238cd -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 26 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.2-1 - Update to NSS_3_15_2_RTM - Update iquote.patch on account of modified prototype on cert.h installed by nss-devel - Keep the nss-ssl-cbc-random-iv-off-by-default.patch enabled -------------------------------------------------------------------------------- ================================================================================ owncloud-csync-0.90.2-1.fc18 (FEDORA-2013-18344) A user level bidirectional client only file synchronizer -------------------------------------------------------------------------------- Update Information: Update to 1.4.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 <jmarrero@xxxxxxxxxxxxxxxxx> 0.90.2-1 - Update to version 0.90.2 * Wed Sep 4 2013 <jmarrero@xxxxxxxxxxxxxxxxx> 0.90.0-1 - Update to version 0.90.0 - Remove versioning from documentation documents * Sun Aug 18 2013 <jmarrero@xxxxxxxxxxxxxxxxx> 0.82.0-1 - Update to version 0.82.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1005538 - mirall-1.4.0-2 not built with $RPM_OPT_FLAGS https://bugzilla.redhat.com/show_bug.cgi?id=1005538 [ 2 ] Bug #1010740 - [abrt] mirall-1.4.0-2.fc19: __strlen_sse2: Process /usr/bin/owncloud was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1010740 [ 3 ] Bug #1015723 - Bump to 1.4.* in F18 https://bugzilla.redhat.com/show_bug.cgi?id=1015723 -------------------------------------------------------------------------------- ================================================================================ phoronix-test-suite-4.8.3-1.fc18 (FEDORA-2013-18396) An Automated, Open-Source Testing Framework -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Markus Mayer <lotharlutz@xxxxxx> - 4.8.3-1 - new upstream -------------------------------------------------------------------------------- ================================================================================ pytest-2.3.5-3.fc18 (FEDORA-2013-18399) Simple powerful testing with Python -------------------------------------------------------------------------------- Update Information: Update to 2.3.5. See http://pytest.org/latest/changelog.html for the full list of changes. Minor packaging updates. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 13 2013 Thomas Moschny <thomas.moschny@xxxxxx> - 2.3.5-3 - Disable tests using pexpect for now, fails on F19. * Wed Jun 12 2013 Thomas Moschny <thomas.moschny@xxxxxx> - 2.3.5-2 - Use python-sphinx for rhel > 6 (rhbz#973318). - Update BR to use python-pexpect instead of pexpect. * Sat May 25 2013 Thomas Moschny <thomas.moschny@xxxxxx> - 2.3.5-1 - Update to 2.3.5. - Docutils needed now to build README.html. - Add some BR optionally used by the testsuite. * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-ansi2html-1.0.2-1.fc18 (FEDORA-2013-18370) Python module that converts text with ANSI color to HTML -------------------------------------------------------------------------------- Update Information: Latest upstream, notably with manpages. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.0.2-1 - Latest upstream. - Manpages now included. * Thu Sep 26 2013 Ralph Bean <rbean@xxxxxxxxxx> - 0.10.0-3 - Latest upstream with a superior internal state model thanks to Sebastian Pipping. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Mar 26 2013 Ralph Bean <rbean@xxxxxxxxxx> - 0.9.4-2 - Removed python3 rhel conditional. -------------------------------------------------------------------------------- ================================================================================ python-falcon-0.1.7-1.fc18 (FEDORA-2013-18355) A supersonic micro-framework for building cloud APIs -------------------------------------------------------------------------------- Update Information: A supersonic micro-framework for building cloud APIs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009750 - Review Request: python-falcon - High-performance cloud API framework https://bugzilla.redhat.com/show_bug.cgi?id=1009750 -------------------------------------------------------------------------------- ================================================================================ python-yapsy-1.10.2-3.fc18 (FEDORA-2013-18391) A simple plugin system for Python applications -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Pete Travis <immanetize@xxxxxxxxxxxxxxxxx> 1.10.2-3 - Turning on python3 boolean so python3 subpackage actually builds - Correct build and install sections to properly create python3 subpackage - Remove ill-conceived patches - Add python3-yapsy-doc subpackage, as upstream procides py3 sources for docs -------------------------------------------------------------------------------- ================================================================================ qt5-qtquickcontrols-5.1.1-2.fc18 (FEDORA-2013-18343) Qt5 - module with set of QtQuick controls -------------------------------------------------------------------------------- Update Information: Qt5 QtQuickControls module -------------------------------------------------------------------------------- References: [ 1 ] Bug #1008527 - Review Request: qt5-qtquickcontrols - Qt5 - module with set of QtQuick controls https://bugzilla.redhat.com/show_bug.cgi?id=1008527 -------------------------------------------------------------------------------- ================================================================================ rubygem-unf-0.1.2-1.fc18 (FEDORA-2013-18346) Wrapper library to bring Unicode Normalization Form support to Ruby/JRuby -------------------------------------------------------------------------------- Update Information: This is a new package. -------------------------------------------------------------------------------- ================================================================================ samplv1-0.3.5-1.fc18 (FEDORA-2013-18130) A polyphonic sampler synthesizer with stereo fx -------------------------------------------------------------------------------- Update Information: This is a minor update to 0.3.5 of the V1 audio plugin suite. Refer to changelog for details. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 1 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.3.5-1 - Update to 0.3.5 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ synthv1-0.3.5-1.fc18 (FEDORA-2013-18130) A 4-oscillator subtractive polyphonic synthesizer -------------------------------------------------------------------------------- Update Information: This is a minor update to 0.3.5 of the V1 audio plugin suite. Refer to changelog for details. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 1 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.3.5-1 - Update to 0.3.5 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ thunderbird-24.0-3.fc18 (FEDORA-2013-18383) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: For changes see: http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Jan Horak <jhorak@xxxxxxxxxx> - 24.0-3 - Update to 24.0 * Mon Sep 23 2013 Jan Horak <jhorak@xxxxxxxxxx> - 17.0.9-1 - Update to 17.0.9 ESR -------------------------------------------------------------------------------- ================================================================================ thunderbird-lightning-2.6-1.fc18 (FEDORA-2013-18383) The calendar extension to Thunderbird -------------------------------------------------------------------------------- Update Information: For changes see: http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 20 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.6-1 - Drop alarm patch - Drop -fpermissive - Update to 2.6 - Exclude arm architecture * Sat Aug 17 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.9.1-5 - Fix up gdata lightning version dependency * Fri Aug 16 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.9.1-4 - Split Google data provider into a sub-package (bug #554113) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ tzdata-2013g-1.fc18 (FEDORA-2013-18395) Timezone data -------------------------------------------------------------------------------- Update Information: Rebase to latest version. Includes update to handle Morocco change to end-of-DST from September to October. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 3 2013 Patsy Franklin <pfrankli@xxxxxxxxxx> 2013g-1 - Morocco moved end of DST from September to October. Rebase to pick up the Morocco DST change. -------------------------------------------------------------------------------- ================================================================================ wallaby-0.16.3-2.fc18 (FEDORA-2013-18387) HTCondor pool configuration service with QMF interface -------------------------------------------------------------------------------- Update Information: Fixes broken dependencies. Updated to upstream version 0.16.3 with numerous fixes and enhancements. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 willb <willb@redhat> - 0.16.3-2 - Fixes broken dependency on ruby-qmf * Mon Jan 7 2013 willb <willb@redhat> - 0.16.3-1 - Fixes edge cases reported in BZ 802821 * Fri Jan 4 2013 willb <willb@redhat> - 0.16.2-1 - Fixes BZs 850205, 885787, 872663, 881366 - specfile descriptions updated to reflect upstream naming changes * Fri Oct 12 2012 willb <willb@redhat> - 0.16.1-2 - Fixes BZs 820419, 825963, 802799, and 801632 (tool support and internal bugs) - Fixes BZ 864091 (cosmetic issue: READ vs READ_ONLY role in list-users) - Fixes BZ 864421 (cosmetic issue: authentication for snapshot commands) - Store#storeinit now requires WRITE access - This package now uses the designated Wallaby UID on EL6 (available since RHBA-2012:0778-1) - Test suite fixes * Fri Oct 5 2012 willb <willb@redhat> - 0.16.1-1 - Fixes BZs 786801, 796406, 802821, 850205, 851217, and incorporates all fixes from the 0.16.0 series. * Fri Oct 5 2012 willb <willb@redhat> - 0.16.0-9 - Fixes BZ 861055 * Thu Oct 4 2012 willb <willb@redhat> - 0.16.0-8 - Packaging fixes * Thu Oct 4 2012 willb <willb@redhat> - 0.16.0-7 - 0.16.0-6 built without an updated changelog * Thu Oct 4 2012 willb <willb@redhat> - 0.16.0-6 - Fixes for database migration errors coming from 0.12.5-10 (but not earlier releases); BZ 861081 - Fixes for spurious error messages in agent failure cases related to the secret file - Fixes for various API methods with incorrect or confusing permissions * Tue Sep 25 2012 willb <willb@redhat> - 0.16.0-5 - Addresses more issues uncovered in authentication support (incorporates the "arno" patchset and revisions) - Fixes for spurious test-suite failures * Tue Sep 18 2012 willb <willb@redhat> - 0.16.0-4 - Addresses issues uncovered while testing authentication support (incorporates the "arno" patchset) * Thu Sep 6 2012 willb <willb@redhat> - 0.16.0-3 - Minor fixes to client library crashing bugs exposed by authorization support * Wed Aug 15 2012 willb <willb@redhat> - 0.16.0-2 - Added default value for WALLABY_USERDB_NAME to supplied environment file - Minor fixes to authorization issues uncovered in development -------------------------------------------------------------------------------- ================================================================================ wallaby-0.16.3-3.fc18 (FEDORA-2013-18390) HTCondor pool configuration service with QMF interface -------------------------------------------------------------------------------- Update Information: Fixes broken deps. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 willb <willb@redhat> - 0.16.3-3 - Fixes broken dependency on ruby-qmf (for real this time) * Fri Oct 4 2013 willb <willb@redhat> - 0.16.3-2 - Fixes broken dependency on ruby-qmf * Mon Jan 7 2013 willb <willb@redhat> - 0.16.3-1 - Fixes edge cases reported in BZ 802821 * Fri Jan 4 2013 willb <willb@redhat> - 0.16.2-1 - Fixes BZs 850205, 885787, 872663, 881366 - specfile descriptions updated to reflect upstream naming changes * Fri Oct 12 2012 willb <willb@redhat> - 0.16.1-2 - Fixes BZs 820419, 825963, 802799, and 801632 (tool support and internal bugs) - Fixes BZ 864091 (cosmetic issue: READ vs READ_ONLY role in list-users) - Fixes BZ 864421 (cosmetic issue: authentication for snapshot commands) - Store#storeinit now requires WRITE access - This package now uses the designated Wallaby UID on EL6 (available since RHBA-2012:0778-1) - Test suite fixes * Fri Oct 5 2012 willb <willb@redhat> - 0.16.1-1 - Fixes BZs 786801, 796406, 802821, 850205, 851217, and incorporates all fixes from the 0.16.0 series. * Fri Oct 5 2012 willb <willb@redhat> - 0.16.0-9 - Fixes BZ 861055 * Thu Oct 4 2012 willb <willb@redhat> - 0.16.0-8 - Packaging fixes * Thu Oct 4 2012 willb <willb@redhat> - 0.16.0-7 - 0.16.0-6 built without an updated changelog * Thu Oct 4 2012 willb <willb@redhat> - 0.16.0-6 - Fixes for database migration errors coming from 0.12.5-10 (but not earlier releases); BZ 861081 - Fixes for spurious error messages in agent failure cases related to the secret file - Fixes for various API methods with incorrect or confusing permissions * Tue Sep 25 2012 willb <willb@redhat> - 0.16.0-5 - Addresses more issues uncovered in authentication support (incorporates the "arno" patchset and revisions) - Fixes for spurious test-suite failures * Tue Sep 18 2012 willb <willb@redhat> - 0.16.0-4 - Addresses issues uncovered while testing authentication support (incorporates the "arno" patchset) * Thu Sep 6 2012 willb <willb@redhat> - 0.16.0-3 - Minor fixes to client library crashing bugs exposed by authorization support * Wed Aug 15 2012 willb <willb@redhat> - 0.16.0-2 - Added default value for WALLABY_USERDB_NAME to supplied environment file - Minor fixes to authorization issues uncovered in development -------------------------------------------------------------------------------- ================================================================================ xen-4.2.3-3.fc18 (FEDORA-2013-18373) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Two security fixes CVE-2013-4355 CVE-2013-4361, Set "Domain-0" label in xenstored.service systemd file -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 2 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.3-3 - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009598 - CVE-2013-4355 Kernel: Xen: Xsa-63: information leak via I/O instruction emulation https://bugzilla.redhat.com/show_bug.cgi?id=1009598 [ 2 ] Bug #1009817 - CVE-2013-4361 Kernel: Xen: Xsa-66: information leak through fbld instruction emulation https://bugzilla.redhat.com/show_bug.cgi?id=1009817 -------------------------------------------------------------------------------- ================================================================================ zabbix-2.0.8-3.fc18 (FEDORA-2013-18348) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: - New upstream version 2.0.8 - Patch for CVE-2013-5743 (SQL injection vulnerability, ZBX-7091) - Patch for ZBX-6922 (Failing host XML import) - SQL speed-up patch for graphs (ZBX-6804) - Require php-ldap and ZBX-6992 (Service SQL) - Create and configure a spooling directory for fping files outside of /tmp - Update README to reflect that and add a SELinux section - Drop PrivateTmp from systemd unit files This update solves a security issue involving the use of libcurl in the code used to access the eztexting service. It potentially allows for man-in-the-middle attacks. The issue was described as CVE-2012-6086. Please refer to https://support.zabbix.com/browse/ZBX-5924 for details! -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 3 2013 Volker Fröhlich <volker27@xxxxxx> - 2.0.8-3 - Add SQL speed-up patch (ZBX-6804) - Add SQL injection vulnerability patch (ZBX-7091, CVE-2013-5743) - Add patch for failing XML host import (ZBX-6922) * Fri Sep 13 2013 Volker Fröhlich <volker27@xxxxxx> - 2.0.8-2 - Add php-ldap as a requirement for the frontend - Add patch for ZBX-6992 * Fri Aug 23 2013 Volker Fröhlich <volker27@xxxxxx> - 2.0.8-1 - New upstream release - Create and configure a spooling directory for fping files outside of /tmp - Update README to reflect that and add a SELinux section - Drop PrivateTmp from systemd unit files - Drop patch for ZBX-6526 (solved upstream) - Drop patch for CVE-2012-6086 (solved upstream) - Correct path for the flash applet when removing - Truncate changelog * Tue Jul 30 2013 Volker Fröhlich <volker27@xxxxxx> - 2.0.6-3 - Backport fix for CVE-2012-6086 -------------------------------------------------------------------------------- References: [ 1 ] Bug #983096 - Zabbix WEB doesn't work due to deprecated mysql_connect() https://bugzilla.redhat.com/show_bug.cgi?id=983096 [ 2 ] Bug #892687 - CVE-2012-6086 zabbix: Improper use of cURL API might lead to improper SSL certificate verification (MiTM) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=892687 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
