Fedora 18 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 18 Security updates need testing:
 Age  URL
 174  https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18
  22  https://admin.fedoraproject.org/updates/FEDORA-2013-17112/hplip-3.13.9-2.fc18
  21  https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18
  17  https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18
  15  https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18
  13  https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18
  12  https://admin.fedoraproject.org/updates/FEDORA-2013-17912/chicken-4.8.0.4-4.fc18
  12  https://admin.fedoraproject.org/updates/FEDORA-2013-17904/fedmsg-0.7.1-2.fc18
   7  https://admin.fedoraproject.org/updates/FEDORA-2013-18251/polarssl-1.2.9-1.fc18
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-18401/fping-3.5-3.fc18
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-18347/elinks-0.12-0.33.pre6.fc18
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-18373/xen-4.2.3-3.fc18
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-18348/zabbix-2.0.8-3.fc18
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-18606/dropbear-2013.59-1.fc18
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-18647/gnupg-1.4.15-1.fc18
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-18686/mod_fcgid-2.3.9-1.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18802/phpMyAdmin-3.5.8.2-1.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18785/libtar-1.2.11-25.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18822/kernel-3.11.4-101.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18774/icu-49.1.1-12.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18814/gnupg2-2.0.22-1.fc18,libgpg-error-1.11-1.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18911/ReviewBoard-1.7.15-1.fc18,python-djblets-0.7.20-1.fc18


The following Fedora 18 Critical Path updates have yet to be approved:
 Age URL
 244  https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18
   9  https://admin.fedoraproject.org/updates/FEDORA-2013-18050/gdb-7.5.1-43.fc18
   8  https://admin.fedoraproject.org/updates/FEDORA-2013-18164/perl-threads-1.89-1.fc18
   7  https://admin.fedoraproject.org/updates/FEDORA-2013-18276/dnsmasq-2.65-8.fc18
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-18402/keyutils-1.5.8-1.fc18
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-18380/ibus-1.5.4-2.fc18
   3  https://admin.fedoraproject.org/updates/FEDORA-2013-18392/nss-softokn-3.15.2-1.fc18,nss-util-3.15.2-1.fc18,nss-3.15.2-1.fc18,nspr-4.10.1-1.fc18
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-18607/libxklavier-5.4-1.fc18
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-18622/selinux-policy-3.11.1-106.fc18
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-18590/usbmuxd-1.0.8-9.fc18
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-18680/akonadi-1.10.3-1.fc18,qt-4.8.5-10.fc18
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-18383/thunderbird-enigmail-1.6-1.fc18,thunderbird-24.0-3.fc18,thunderbird-lightning-2.6-1.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18822/kernel-3.11.4-101.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18814/gnupg2-2.0.22-1.fc18,libgpg-error-1.11-1.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18774/icu-49.1.1-12.fc18
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-18815/sane-backends-1.0.24-1.fc18


The following builds have been pushed to Fedora 18 updates-testing

    ReviewBoard-1.7.15-1.fc18
    dwm-6.0-7.fc18
    guacamole-client-0.8.3-4.fc18
    ibus-typing-booster-1.2.5-1.fc18
    nodejs-node-static-0.7.1-2.fc18
    perl-PAR-Packer-1.015-1.fc18
    perl-Term-ShellUI-0.92-2.fc18
    python-djblets-0.7.20-1.fc18
    python-flask-restless-0.12.0-1.fc18
    transifex-client-0.9-4.fc18

Details about builds:


================================================================================
 ReviewBoard-1.7.15-1.fc18 (FEDORA-2013-18911)
 Web-based code review tool
--------------------------------------------------------------------------------
Update Information:

Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible).

These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase.

There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.7.15-1
- New upstream security release 1.7.15
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15/
- Resolves: CVE-2013-4410
- Fixes access-control problems with REST API
- Resolves: CVE-2013-4411
- Fixes URL processing allowing unauthorized users to view review lists
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with REST API
        https://bugzilla.redhat.com/show_bug.cgi?id=1016596
  [ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows unauthorized users to view review lists
        https://bugzilla.redhat.com/show_bug.cgi?id=1016599
  [ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=1016601
--------------------------------------------------------------------------------


================================================================================
 dwm-6.0-7.fc18 (FEDORA-2013-18933)
 Dynamic window manager for X
--------------------------------------------------------------------------------
Update Information:

Apply custom patches in the right order.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2013 Petr Šabata <contyk@xxxxxxxxxx> - 6.0-7
- Sort the discovered patches before applying (#1017774)
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 6.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 6.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1017774 - Order in which patches are applied
        https://bugzilla.redhat.com/show_bug.cgi?id=1017774
--------------------------------------------------------------------------------


================================================================================
 guacamole-client-0.8.3-4.fc18 (FEDORA-2013-18932)
 Server-side Java components that form the Guacamole application
--------------------------------------------------------------------------------
Update Information:

Put more strict permissions on config files, fix slf4j symlinks.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2013 Simone Caronni <negativo17@xxxxxxxxx> - 0.8.3-4
- Tighten permissions on user-mapping.xml.
- Fix slf4j symlinks (thanks Alexander Hoff).
--------------------------------------------------------------------------------


================================================================================
 ibus-typing-booster-1.2.5-1.fc18 (FEDORA-2013-18934)
 A typing booster engine for the IBus platform
--------------------------------------------------------------------------------
Update Information:

Add an option to display help for input methods; Some code cleanup
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.2.5-1
- Add feature to display input method description to setup tool (Resolves: rhbz#1001581)
- Remove the options “m17n_mim_name” and “other_ime” from the .conf files
- remove tab_enable option from config files
* Tue Oct  1 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.2.4-3
- Resolves: rhbz#1013992 ibus-typing-booster needs to have ibus write-cache --system in %post and %postun
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1001581 - Help text not available
        https://bugzilla.redhat.com/show_bug.cgi?id=1001581
--------------------------------------------------------------------------------


================================================================================
 nodejs-node-static-0.7.1-2.fc18 (FEDORA-2013-18908)
 Simple, compliant file streaming module for node
--------------------------------------------------------------------------------
Update Information:

Newpackage
--------------------------------------------------------------------------------


================================================================================
 perl-PAR-Packer-1.015-1.fc18 (FEDORA-2013-18919)
 PAR Packager
--------------------------------------------------------------------------------
Update Information:

A new bugfix release of PAR::Packer is availeble. See upstream changelog for details -- http://cpansearch.perl.org/src/RSCHUPP/PAR-Packer-1.015/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2013 Petr Šabata <contyk@xxxxxxxxxx> - 1.015-1
- 1.015 bugfix bump
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.014-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Aug  2 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1.014-3
- Perl 5.18 rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.014-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jan  2 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1.014-1
- 1.014 bump
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1017576 - perl-PAR-Packer-1.015 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1017576
--------------------------------------------------------------------------------


================================================================================
 perl-Term-ShellUI-0.92-2.fc18 (FEDORA-2013-18930)
 Perl module to implement a full-featured shell-like command line environment
--------------------------------------------------------------------------------
Update Information:

Initial push
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1002319 - Review Request:  perl-Term-ShellUI - Fully-featured shell-like command line environment
        https://bugzilla.redhat.com/show_bug.cgi?id=1002319
--------------------------------------------------------------------------------


================================================================================
 python-djblets-0.7.20-1.fc18 (FEDORA-2013-18911)
 A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:

Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible).

These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase.

There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.7.20-1
- New upstream bugfix release 0.7.20
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.20.NEWS
- Fixed regression with pagination on the datagrid
* Thu Oct 10 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.7.19-1
- New upstream security release 0.7.19
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.19.NEWS
- Resolves: CVE-2013-4409
- Resolves unsanitized eval() vulnerability
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with REST API
        https://bugzilla.redhat.com/show_bug.cgi?id=1016596
  [ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows unauthorized users to view review lists
        https://bugzilla.redhat.com/show_bug.cgi?id=1016599
  [ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=1016601
--------------------------------------------------------------------------------


================================================================================
 python-flask-restless-0.12.0-1.fc18 (FEDORA-2013-18928)
 Flask-Restless provides simple generation of ReSTful APIs
--------------------------------------------------------------------------------
Update Information:

New release.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2013 Yohan Graterol <yohangraterol92@xxxxxxxxx> - 0.12.0-1
- New release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #995283 - python-flask-restless - Provides simple generation of ReSTful APIs
        https://bugzilla.redhat.com/show_bug.cgi?id=995283
--------------------------------------------------------------------------------


================================================================================
 transifex-client-0.9-4.fc18 (FEDORA-2013-18916)
 Command line tool for Transifex translation management
--------------------------------------------------------------------------------
Update Information:

Command line tool for Transifex translation management

--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2013 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 0.9-4
- Fix BZ #1002546
* Mon Aug 26 2013 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 0.9-3
- remove dependency
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1002546 - Missing Dependency: python-setuptools.noarch
        https://bugzilla.redhat.com/show_bug.cgi?id=1002546
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux