The following Fedora 18 Security updates need testing: Age URL 181 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 28 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 24 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 22 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 20 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18 19 https://admin.fedoraproject.org/updates/FEDORA-2013-17912/chicken-4.8.0.4-4.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-18401/fping-3.5-3.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-18647/gnupg-1.4.15-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-18802/phpMyAdmin-3.5.8.2-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-18774/icu-49.1.1-12.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-18814/gnupg2-2.0.22-1.fc18,libgpg-error-1.11-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-19053/xen-4.2.3-4.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-19307/GraphicsMagick-1.3.18-2.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-19354/salt-0.17.1-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-19271/scipy-0.12.1-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18911/ReviewBoard-1.7.16-2.fc18,python-djblets-0.7.21-1.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 251 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-18402/keyutils-1.5.8-1.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-18380/ibus-1.5.4-2.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-18607/libxklavier-5.4-1.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-18622/selinux-policy-3.11.1-106.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-18680/akonadi-1.10.3-1.fc18,qt-4.8.5-10.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-18814/gnupg2-2.0.22-1.fc18,libgpg-error-1.11-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-18774/icu-49.1.1-12.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-19021/taglib-1.9.1-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-19026/python-markupsafe-0.18-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-19289/gdisk-0.8.8-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-19249/sane-backends-1.0.24-2.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-19292/usbmuxd-1.0.8-10.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-19376/openssl-1.0.1e-28.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-19232/gnome-abrt-0.3.2-1.fc18,abrt-2.1.8-1.fc18,libreport-2.1.8-2.fc18,satyr-0.10-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-19268/qtwebkit-2.3.3-1.fc18 The following builds have been pushed to Fedora 18 updates-testing Cython-0.19.2-1.fc18 Cython-0.19.2-2.fc18 GraphicsMagick-1.3.18-2.fc18 R-qtl-1.28.19-1.fc18 ReviewBoard-1.7.16-2.fc18 abrt-2.1.8-1.fc18 code-editor-2.8.1-3.fc18 cppcheck-1.62-1.fc18 dovecot-2.1.17-1.fc18 fedfs-utils-0.9.4-1.fc18 fedora-review-0.5.0-2.fc18 fedora-review-0.5.0-3.fc18 firewalld-0.3.7-1.fc18 gdisk-0.8.8-1.fc18 ghc-pipes-4.0.0-2.fc18 gnome-abrt-0.3.2-1.fc18 gumbo-parser-1.0-0.2.20131001gitd90ea2b.fc18 kde-plasma-alsa-volume-0.51.1-1.fc18 kernel-3.11.5-100.fc18 kobo-0.4.1-1.fc18 libchewing-0.3.5-1.fc18 libndp-1.2-1.fc18 libodb-2.2.3-1.fc18 libreport-2.1.8-2.fc18 maradns-2.0.07c-2.fc18 mariadb-5.5.33a-1.fc18 mate-desktop-1.6.2-0.5.git81c245b.fc18 mate-dialogs-1.6.1-1.fc18 mate-power-manager-1.6.3-0.2.gitbc54d96.fc18 nomacs-1.6.0-1.fc18 odb-2.2.2-1.fc18 openssl-1.0.1e-28.fc18 perl-HTML-Parser-3.71-1.fc18 perl-Term-Clui-1.68-3.fc18 php-5.4.21-1.fc18 postgresql-9.2.5-1.fc18 python-djblets-0.7.21-1.fc18 python-stem-1.1.0-1.fc18 python-velruse-1.0.3-6.fc18 qtwebkit-2.3.3-1.fc18 salt-0.17.1-1.fc18 sane-backends-1.0.24-2.fc18 satyr-0.10-1.fc18 scipy-0.12.1-1.fc18 sddm-0.2.0-0.14.20130914git50ca5b20.fc18 usbmuxd-1.0.8-10.fc18 voms-api-java-2.0.10-4.fc18 vrq-1.0.96-5.fc18 wannier90-2.0.0-1.fc18 Details about builds: ================================================================================ Cython-0.19.2-1.fc18 (FEDORA-2013-19374) A language for writing Python extension modules -------------------------------------------------------------------------------- Update Information: see: https://github.com/cython/cython/blob/master/CHANGES.rst -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 13 2013 nbecker <ndbecker2@xxxxxxxxx> - 0.19-2 - Update to 0.19.2 * Fri Aug 2 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.19-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ Cython-0.19.2-2.fc18 (FEDORA-2013-19277) A language for writing Python extension modules -------------------------------------------------------------------------------- Update Information: see: https://github.com/cython/cython/blob/master/CHANGES.rst -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 17 2013 nbecker <ndbecker2@xxxxxxxxx> - 0.19.2-2 - Fix BR 1019498 * Sun Oct 13 2013 nbecker <ndbecker2@xxxxxxxxx> - 0.19-2 - Update to 0.19.2 * Fri Aug 2 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.19-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1019498 - SPEC uses a non-standard variable which breaks builds in older environments (ie, EL5) -> ${buildroot} https://bugzilla.redhat.com/show_bug.cgi?id=1019498 -------------------------------------------------------------------------------- ================================================================================ GraphicsMagick-1.3.18-2.fc18 (FEDORA-2013-19307) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: Update to the latest GraphicsMagick release, includes an important security-related fix for exporting (some) 8-bit images. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 26 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.18-2 - GraphicsMagick needs to recognize aarch64 as 64bit arch (#978351) * Mon Mar 11 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.3.18-1 - 1.3.18 (#920064) - add %rhel conditionals * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.17-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 1.3.17-3 - rebuild due to "jpeg8-ABI" feature drop * Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 1.3.17-2 - rebuild against new libjpeg -------------------------------------------------------------------------------- References: [ 1 ] Bug #1019085 - graphicsmagick: 8-bit RGBA images export DoS vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1019085 -------------------------------------------------------------------------------- ================================================================================ R-qtl-1.28.19-1.fc18 (FEDORA-2013-19286) Tools for analyzing QTL experiments -------------------------------------------------------------------------------- Update Information: Update to version 1.28. See http://rqtl.org/STATUS.txt for details. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1.28.19-1 - Update to 1.28.19 * Fri Aug 2 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.27.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Apr 17 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.27.10-2 - rebuild for R3 -------------------------------------------------------------------------------- ================================================================================ ReviewBoard-1.7.16-2.fc18 (FEDORA-2013-18911) Web-based code review tool -------------------------------------------------------------------------------- Update Information: Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible). These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase. There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs. -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk@xxxxxxxxx> - 1.7.16-2 - Update Djblets version * Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> - 1.7.15-2 - New upstream bugfix release 1.7.16 - Fixes a breakage when accessing the Review Group Users resource - Fixes pagination in dashboard and similar pages * Thu Oct 10 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.7.15-1 - New upstream security release 1.7.15 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15/ - Resolves: CVE-2013-4410 - Fixes access-control problems with REST API - Resolves: CVE-2013-4411 - Fixes URL processing allowing unauthorized users to view review lists -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with REST API https://bugzilla.redhat.com/show_bug.cgi?id=1016596 [ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows unauthorized users to view review lists https://bugzilla.redhat.com/show_bug.cgi?id=1016599 [ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1016601 -------------------------------------------------------------------------------- ================================================================================ abrt-2.1.8-1.fc18 (FEDORA-2013-19232) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: This update includes a new upstream release which fixes the bugs listed. You can find other changes in the upstream description at: - https://github.com/abrt/satyr/blob/master/NEWS - https://github.com/abrt/abrt/commit/7dcfd2a024d2d65695e20d0cefd257d091272f66#diff-1e807c90d5bf1222db586f4a8f0a6de1R804 - https://github.com/abrt/libreport/commit/a75dcd1d30c99b751ba38eed1714d89053595687#diff-71a31a3e297ea003eaf1b3a5ac3e9457R575 - https://github.com/abrt/gnome-abrt/commit/7280edf171e1952132ba91e12f6f3f3030de9e85#diff-c3189e78ca44c8f42b1bd5a965e340c2R103 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Jakub Filak <jfilak@xxxxxxxxxx> 2.1.8-1 - Disassemble only instruction rage memory if backtrace is too big - Include floating-point registers in the backtrace - spec: make addon-ccpp dependent on libreport-python - polkit: replace deprecated functions with their subtitues - retrace-client: query CCpp exploitable information from Retrace server; closes #703 - GUI config: add support for Private ticket option - a-a-ureport: handle os errors gracefully rhbz#998428 rhbz#998197 - add prefix from configure to the path of debuginfo installer - closes #701 - spec: added deps on abrt-python - closes rhbz#1008182 - spec: remove abrt-dedup-client; closes #702 - remove abrt-dedup-client; related to #702 - abrt-*-client: simplify formatting of locale-related headers -------------------------------------------------------------------------------- References: [ 1 ] Bug #960724 - gnome-abrt randomly freezes https://bugzilla.redhat.com/show_bug.cgi?id=960724 [ 2 ] Bug #977029 - new bugs shown as both reported and unreported https://bugzilla.redhat.com/show_bug.cgi?id=977029 -------------------------------------------------------------------------------- ================================================================================ code-editor-2.8.1-3.fc18 (FEDORA-2013-19257) Lightweight and cross-platform text and code editor based on Qt Creator -------------------------------------------------------------------------------- Update Information: Fix a crash on codestylesettings when closing the editor A new CodeEditor update based on Qt Creator v2.8.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2013 Ilyes Gouta <ilyes.gouta@xxxxxxxxx> - 2.8.1-3 - Rebased on origin-2.8 7165378 - Fix a crash on codestylesettings when closing the editor * Tue Oct 1 2013 Dan Horák <dan[at]danny.cz> - 2.8.1-2 - use system botan (see also #912367) * Sun Sep 29 2013 Ilyes Gouta <ilyes.gouta@xxxxxxxxx> - 2.8.1-1 - Rebased on Qt Creator v2.8.1 (a1fbcf7) - Fixed previous spec versions 2 and 8 release dates * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.1-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.1-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ cppcheck-1.62-1.fc18 (FEDORA-2013-19298) Tool for static C/C++ code analysis -------------------------------------------------------------------------------- Update Information: Update to 1.62. See changes at http://sourceforge.net/p/cppcheck/news/2013/10/cppcheck-162/ -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 13 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.62-1 - Update to 1.62. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1018584 - cppcheck-1.62 is available https://bugzilla.redhat.com/show_bug.cgi?id=1018584 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.1.17-1.fc18 (FEDORA-2013-19279) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: - dovecot updated to 2.1.17, pigeonhole 0.3.6 - Case-insensitive unicode character comparisons weren't all working as they should. - maildir: Fixed handling over 26 keywords in a mailbox. - auth: Don't crash in non-PLAIN/LOGIN auth mechanism if master user login is attempted without any master passdbs configured. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 17 2013 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.1.17-1 - dovecot updated to 2.1.17, pigeonhole 0.3.6 - Case-insensitive unicode character comparisons weren't all working as they should. - maildir: Fixed handling over 26 keywords in a mailbox. - auth: Don't crash in non-PLAIN/LOGIN auth mechanism if master user login is attempted without any master passdbs configured. * Tue Apr 9 2013 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.1.16-2 - make sure dovecot executables are hardened -------------------------------------------------------------------------------- References: [ 1 ] Bug #1019253 - ECDHE: now supported in Fedora's OpenSSL https://bugzilla.redhat.com/show_bug.cgi?id=1019253 -------------------------------------------------------------------------------- ================================================================================ fedfs-utils-0.9.4-1.fc18 (FEDORA-2013-19370) Utilities for mounting and managing FedFS -------------------------------------------------------------------------------- Update Information: Update to upstream fedfs-utils 0.9.4 to address bugs -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2013 Chuck Lever <chuck.lever@xxxxxxxxxx> - 0.9.4-1 - update to fedfs-utils 0.9.4 - "make install_strip" works now, so use it -------------------------------------------------------------------------------- ================================================================================ fedora-review-0.5.0-2.fc18 (FEDORA-2013-19344) Review tool for fedora rpm packages -------------------------------------------------------------------------------- Update Information: Update dependency on licensecheck script and fix phpci plugin dependency -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.5.0-2 - Fix requires for licensecheck (#1016309) - Remove separate php plugin subpackage (#971875) -------------------------------------------------------------------------------- References: [ 1 ] Bug #971875 - phpci command renamed to phpcompatinfo https://bugzilla.redhat.com/show_bug.cgi?id=971875 [ 2 ] Bug #1016309 - Add dependency on %{_bindir}/licensecheck https://bugzilla.redhat.com/show_bug.cgi?id=1016309 -------------------------------------------------------------------------------- ================================================================================ fedora-review-0.5.0-3.fc18 (FEDORA-2013-19250) Review tool for fedora rpm packages -------------------------------------------------------------------------------- Update Information: Update dependency on licensecheck script and fix phpci plugin dependency Update dependency on licensecheck script and fix phpci plugin dependency -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.5.0-3 - Really use phpcompatinfo instead of phpci * Mon Oct 14 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.5.0-2 - Fix requires for licensecheck (#1016309) - Remove separate php plugin subpackage (#971875) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016309 - Add dependency on %{_bindir}/licensecheck https://bugzilla.redhat.com/show_bug.cgi?id=1016309 [ 2 ] Bug #971875 - phpci command renamed to phpcompatinfo https://bugzilla.redhat.com/show_bug.cgi?id=971875 -------------------------------------------------------------------------------- ================================================================================ firewalld-0.3.7-1.fc18 (FEDORA-2013-18352) A firewall daemon with D-BUS interface providing a dynamic firewall -------------------------------------------------------------------------------- Update Information: This is a new upstream version with big amount of new features. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 17 2013 Jiri Popelka <jpopelka@xxxxxxxxxx> - 0.3.7-1 - Don't fail on missing ip[6]tables/ebtables table. (RHBZ#967376) - bash-completion: --permanent --direct options - firewall/core/fw.py: fix checking for iptables & ip6tables (RHBZ#1017087) - firewall-cmd: use client's exception_handler instead of catching exceptions ourselves - FirewallClientZoneSettings: fix {add|remove|query}RichRule() - Extend amanda-client service with 10080/tcp (RHBZ#1016867) - Simplify Rich_Rule()_lexer() by using functions.splitArgs() - Fix encoding problems in exception handling (RHBZ#1015941) * Fri Oct 4 2013 Jiri Popelka <jpopelka@xxxxxxxxxx> - 0.3.6.2-1 - 0.3.6.2 -------------------------------------------------------------------------------- ================================================================================ gdisk-0.8.8-1.fc18 (FEDORA-2013-19289) An fdisk-like partitioning tool for GPT disks -------------------------------------------------------------------------------- Update Information: Update to latest upstream release gdisk 0.8.8. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 17 2013 Terje Rosten <terje.rosten@xxxxxxx> - 0.8.8-1 - 0.8.8 -------------------------------------------------------------------------------- ================================================================================ ghc-pipes-4.0.0-2.fc18 (FEDORA-2013-19341) Compositional pipelines -------------------------------------------------------------------------------- Update Information: Compositional pipelines (http://www.haskell.org/haskellwiki/Pipes) -------------------------------------------------------------------------------- References: [ 1 ] Bug #989416 - Review Request: ghc-pipes - Compositional pipelines https://bugzilla.redhat.com/show_bug.cgi?id=989416 -------------------------------------------------------------------------------- ================================================================================ gnome-abrt-0.3.2-1.fc18 (FEDORA-2013-19232) A utility for viewing problems that have occurred with the system -------------------------------------------------------------------------------- Update Information: This update includes a new upstream release which fixes the bugs listed. You can find other changes in the upstream description at: - https://github.com/abrt/satyr/blob/master/NEWS - https://github.com/abrt/abrt/commit/7dcfd2a024d2d65695e20d0cefd257d091272f66#diff-1e807c90d5bf1222db586f4a8f0a6de1R804 - https://github.com/abrt/libreport/commit/a75dcd1d30c99b751ba38eed1714d89053595687#diff-71a31a3e297ea003eaf1b3a5ac3e9457R575 - https://github.com/abrt/gnome-abrt/commit/7280edf171e1952132ba91e12f6f3f3030de9e85#diff-c3189e78ca44c8f42b1bd5a965e340c2R103 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Jakub Filak <jfilak@xxxxxxxxxx> 0.3.2-1 - Fix a bug in SIGCHLD handler causing 100% CPU usage - Show "yes" in Reported field only if no URL is available - Load only the most recent reported to value - Check if Application has valid name in filter fn - Fix issues found by new pylint - Resolves: #977029 -------------------------------------------------------------------------------- References: [ 1 ] Bug #960724 - gnome-abrt randomly freezes https://bugzilla.redhat.com/show_bug.cgi?id=960724 [ 2 ] Bug #977029 - new bugs shown as both reported and unreported https://bugzilla.redhat.com/show_bug.cgi?id=977029 -------------------------------------------------------------------------------- ================================================================================ gumbo-parser-1.0-0.2.20131001gitd90ea2b.fc18 (FEDORA-2013-19261) A HTML5 parser -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #997780 - Review Request: gumbo-parser - A HTML5 parser library https://bugzilla.redhat.com/show_bug.cgi?id=997780 -------------------------------------------------------------------------------- ================================================================================ kde-plasma-alsa-volume-0.51.1-1.fc18 (FEDORA-2013-19366) ALSA Volume Control plasmoid -------------------------------------------------------------------------------- Update Information: added slider's sensitivity; -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 30 2013 Fl@sh <kaperang07@xxxxxxxxx> - 0.51.1-1 - version update * Fri Sep 27 2013 Fl@sh <kaperang07@xxxxxxxxx> - 0.51.0-1 - version update -------------------------------------------------------------------------------- ================================================================================ kernel-3.11.5-100.fc18 (FEDORA-2013-19280) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.11.5 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2013 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.11.5-100 - Linux v3.11.5 * Fri Oct 11 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Fix segfault in cpupower set (rhbz 1000439) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000439 - [abrt] ____strtol_l_internal: Process /usr/bin/cpupower was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1000439 [ 2 ] Bug #1011245 - WARNING: at fs/btrfs/inode.c https://bugzilla.redhat.com/show_bug.cgi?id=1011245 -------------------------------------------------------------------------------- ================================================================================ kobo-0.4.1-1.fc18 (FEDORA-2013-19252) Python modules for tools development -------------------------------------------------------------------------------- Update Information: Bump version to 0.4.1. Completely remove Django support on el5 and el6. New upstream release New upstream release Completely remove Django support on el5 and el6. New upstream release New upstream release New upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2013 Daniel Mach <dmach@xxxxxxxxxx> - 0.4.1-1 - Return 'nosrc' arch when RPMTAG_NOPATCH RPM header is set. (Daniel Mach) - Fix 'ImproperlyConfigured: The SECRET_KEY setting must not be empty.' exception in test_types.py. (Daniel Mach) - Fix setup script to install additional package data. (Daniel Mach) - Fix reading RPMTAG_NOSOURCE and RPMTAG_NOPATCH headers from 'nosrc' RPMs. (Daniel Mach) * Mon Jul 29 2013 Daniel Mach <dmach@xxxxxxxxxx> - 0.4.0-2 - Drop admin subpackage on rhel <= 5 - Drop admin, django and hub subpackages on epel 6 * Thu Jul 25 2013 Daniel Mach <dmach@xxxxxxxxxx> - 0.4.0-1 - Drop django and hub subpackages on rhel <= 5 - Set filename to be real name of a downloaded file. (Tomas Tomecek) - Fix logwatcher to scroll to latest logs. (Tomas Tomecek) - Remove obsolete function kobo.django.views.generic._object_list(). (Tomas Kopecek) - Updated README for 0.4.0 release (Tomas Kopecek) - Revamp setup.py and related files. (Daniel Mach) - LongnameUser table has auth_user db table name for easier upgrade. (Tomas Kopecek) - Add checksum_type to SimpleRpmWrapper. (Tomas Kopecek) - Add kobo.threads.run_in_threads() helper. (Tomas Kopecek) - Django 1.5 rebase. (Tomas Kopecek) - Remove unnecessary slots from pkgset.FileCache. (Daniel Mach) -------------------------------------------------------------------------------- References: [ 1 ] Bug #997735 - Error in packaging default.conf https://bugzilla.redhat.com/show_bug.cgi?id=997735 [ 2 ] Bug #990016 - "make bkradd" is failing as kobo-client does not provide default.conf https://bugzilla.redhat.com/show_bug.cgi?id=990016 -------------------------------------------------------------------------------- ================================================================================ libchewing-0.3.5-1.fc18 (FEDORA-2013-19306) Intelligent phonetic input method library for Traditional Chinese -------------------------------------------------------------------------------- Update Information: Upstream update to 0.3.5. Changelog: Improve CMake rules Visual Studio build included Dictionary improvements Remove duplicated phrases, fix Bopomofo representation tool tweaks travis-ci support (https://travis-ci.org/chewing/libchewing) drone.io support (https://drone.io/github.com/chewing/libchewing) coveralls.io support (https://coveralls.io/r/chewing/libchewing) editorconfig support (http://editorconfig.org/) Add new chewing_set_logger API Prevent unaligned memory access Reduce maxChiSymbolLen to 39 to avoid overflow Do not store user phrase when its length is 1 Check chiSymbolBufLen in chewing_handle_Numlock() Set isSymbol to 0 in SetChoiceInfo Fix 'j', 'k' in select mode cannot handle symbol selecting Do not call GetCharNext() when GetCharFirst() fails Successful stories: . FreeArray utilizes libchewing for selecting phrases of Array input method Fixing the spec to match the current Fedora packaging Guildlines. No functionality changes. Fixing the spec to match the current Fedora packaging Guildlines. No functionality changes. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2013 Ding-Yi Chen <dchen at redhat dot com> - 0.3.5-1 - Upstream update to 0.3.5 * Mon Jul 29 2013 Parag Nemade <pnemade at redhat dot com> - 0.3.4-4 - spec file cleanup to follow packaging guidelines -------------------------------------------------------------------------------- References: [ 1 ] Bug #989405 - some spec fixes needed for package cleanup https://bugzilla.redhat.com/show_bug.cgi?id=989405 [ 2 ] Bug #882489 - libchewing: SetAvailInfo should NOT produce NULL phoneSeq https://bugzilla.redhat.com/show_bug.cgi?id=882489 -------------------------------------------------------------------------------- ================================================================================ libndp-1.2-1.fc18 (FEDORA-2013-19369) Library for Neighbor Discovery Protocol -------------------------------------------------------------------------------- Update Information: - Update to 1.2 - libndp: silently ignore packets with optlen 0 - libndp: fix processing for larger options - libndp: do not fail on receiving non-ndp packets -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2013 Jiri Pirko <jpirko@xxxxxxxxxx> - 1.2-1 - Update to 1.2 - libndp: silently ignore packets with optlen 0 - libndp: fix processing for larger options - libndp: do not fail on receiving non-ndp packets * Fri Oct 4 2013 Jiri Pirko <jpirko@xxxxxxxxxx> - 1.1-1 - Update to 1.1 * Fri Sep 13 2013 Dan Williams <dcbw@xxxxxxxxxx> - 1.0-2 - Fix .pc file includes path - Fix ndptool -v argument -------------------------------------------------------------------------------- ================================================================================ libodb-2.2.3-1.fc18 (FEDORA-2013-19352) Common ODB runtime library from Code Synthesis -------------------------------------------------------------------------------- Update Information: - Initial build -------------------------------------------------------------------------------- References: [ 1 ] Bug #975312 - Review Request: libodb - Common ODB runtime library https://bugzilla.redhat.com/show_bug.cgi?id=975312 -------------------------------------------------------------------------------- ================================================================================ libreport-2.1.8-2.fc18 (FEDORA-2013-19232) Generic library for reporting various problems -------------------------------------------------------------------------------- Update Information: This update includes a new upstream release which fixes the bugs listed. You can find other changes in the upstream description at: - https://github.com/abrt/satyr/blob/master/NEWS - https://github.com/abrt/abrt/commit/7dcfd2a024d2d65695e20d0cefd257d091272f66#diff-1e807c90d5bf1222db586f4a8f0a6de1R804 - https://github.com/abrt/libreport/commit/a75dcd1d30c99b751ba38eed1714d89053595687#diff-71a31a3e297ea003eaf1b3a5ac3e9457R575 - https://github.com/abrt/gnome-abrt/commit/7280edf171e1952132ba91e12f6f3f3030de9e85#diff-c3189e78ca44c8f42b1bd5a965e340c2R103 -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 13 2013 Jakub Filak <jfilak@xxxxxxxxxx> 2.1.8-2 - fix search item unit test * Fri Oct 4 2013 Jakub Filak <jfilak@xxxxxxxxxx> 2.1.8-1 - disable rhel/fedora workflows for anaconda - added whitelist for sensitive data - rhbz#1009730 rhbz#896246 - ureport: always add BTHASH link to a report - reprot-gtk: underline tab titles with sensitive information - introduce FILENAME_EXPLOITABLE; related to abrt/abrt#703 -------------------------------------------------------------------------------- References: [ 1 ] Bug #960724 - gnome-abrt randomly freezes https://bugzilla.redhat.com/show_bug.cgi?id=960724 [ 2 ] Bug #977029 - new bugs shown as both reported and unreported https://bugzilla.redhat.com/show_bug.cgi?id=977029 -------------------------------------------------------------------------------- ================================================================================ maradns-2.0.07c-2.fc18 (FEDORA-2013-19325) Authoritative and recursive DNS server made with security in mind -------------------------------------------------------------------------------- Update Information: Improved MaraDNS' authoritative handling of IPv6 and fix an obscure name resolution problem. Also fixes problem with MaraDNS starting too early with respect to network configuration. Improved MaraDNS' authoritative handling of IPv6 and fix an obscure name resolution problem. -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 13 2013 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 2.0.07c-2 - refresh systemd patch, introduce additional deps on network-online (#1015282) * Sat Sep 21 2013 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 2.0.07c-1 - new upstream version -------------------------------------------------------------------------------- ================================================================================ mariadb-5.5.33a-1.fc18 (FEDORA-2013-19381) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information: This is an update to the new upstream release 5.5.33a, which fixes issues described at https://kb.askmonty.org/en/mariadb-5533a-changelog/ and https://kb.askmonty.org/en/mariadb-5533-changelog/. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 10 2013 Honza Horak <hhorak@xxxxxxxxxx> 1:5.5.33a-1 - Rebase to 5.5.33a https://kb.askmonty.org/en/mariadb-5533-changelog/ https://kb.askmonty.org/en/mariadb-5533a-changelog/ - Enable outfile_loaddata test - Disable tokudb_innodb_xa_crash test -------------------------------------------------------------------------------- ================================================================================ mate-desktop-1.6.2-0.5.git81c245b.fc18 (FEDORA-2013-19371) Shared code for mate-panel, mate-session, mate-file-manager, etc -------------------------------------------------------------------------------- Update Information: - remove gsettings overrides from last update -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.2-0.5.git81c245b - remove gsettings overrides from last update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1019534 - mate-desktop background fails in workspaces https://bugzilla.redhat.com/show_bug.cgi?id=1019534 -------------------------------------------------------------------------------- ================================================================================ mate-dialogs-1.6.1-1.fc18 (FEDORA-2013-19339) Displays dialog boxes from shell scripts -------------------------------------------------------------------------------- Update Information: - update to 1.6.1 release - gdialogs is removed -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 16 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-1 - update to 1.6.1 release - gdialogs is removed - use modern 'make install' macro - remove needless BR rarian-compat - remove --with-gnome from find language - remove NOCONFIGURE=1 ./autogen.sh - remove non-supported --disable-static configure flag * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mate-power-manager-1.6.3-0.2.gitbc54d96.fc18 (FEDORA-2013-19360) MATE power management service -------------------------------------------------------------------------------- Update Information: - fix mouse click on brightness applet, rhbz (#1018915) - update to latest snapshot - add DBUS interface to kbdbacklight control patch, rhbz (#964678) -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.3-0.2.gitbc54d96 - fix mouse click on brightness applet, rhbz (#1018915) * Sun Oct 13 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.3-0.1.gitbc54d96 - update to latest snapshot - removed upstreamed patches, already in snapshot - add DBUS interface to kbdbacklight control patch, rhbz (#964678) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1018915 - Brightness applet not clickable with mouse https://bugzilla.redhat.com/show_bug.cgi?id=1018915 [ 2 ] Bug #964678 - [Patch] mate-power-manager complete dbus interface for keyboard backlight https://bugzilla.redhat.com/show_bug.cgi?id=964678 -------------------------------------------------------------------------------- ================================================================================ nomacs-1.6.0-1.fc18 (FEDORA-2013-19237) Lightweight image viewer -------------------------------------------------------------------------------- Update Information: Version bump. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 16 2013 TI_Eugene <ti.eugene@xxxxxxxxx> 1.6.0-1 - Version bump. -------------------------------------------------------------------------------- ================================================================================ odb-2.2.2-1.fc18 (FEDORA-2013-19314) Object-relational mapping (ORM) system for C++ -------------------------------------------------------------------------------- Update Information: - Initial build -------------------------------------------------------------------------------- References: [ 1 ] Bug #975310 - Review Request: odb - C++ Object-Relational Mapping https://bugzilla.redhat.com/show_bug.cgi?id=975310 -------------------------------------------------------------------------------- ================================================================================ openssl-1.0.1e-28.fc18 (FEDORA-2013-19376) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: resolve bugzilla 319901 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 16 2013 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1e-28 - only ECC NIST Suite B curves support - drop -fips subpackage * Mon Oct 14 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.1e-27 - resolve bugzilla 319901 (phew! only took 6 years & 9 days) * Fri Sep 27 2013 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1e-26 - make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode * Mon Sep 23 2013 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1e-25 - avoid dlopening libssl.so from libcrypto (#1010357) * Fri Sep 20 2013 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1e-24 - fix small memory leak in FIPS aes selftest * Thu Sep 19 2013 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1e-23 - fix segfault in openssl speed hmac in the FIPS mode * Thu Sep 12 2013 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1e-22 - document the nextprotoneg option in manual pages original patch by Hubert Kario * Tue Sep 10 2013 Kyle McMartin <kyle@xxxxxxxxxx> 1.0.1e-21 - [arm] use elf auxv to figure out armcap.c instead of playing silly games with SIGILL handlers. (#1006474) * Wed Sep 4 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-20 - try to avoid some races when updating the -fips subpackage * Mon Sep 2 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-19 - use version-release in .hmac suffix to avoid overwrite during upgrade * Thu Aug 29 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-18 - allow deinitialization of the FIPS mode * Thu Aug 29 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-17 - always perform the FIPS selftests in library constructor if FIPS module is installed * Tue Aug 27 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-16 - add -fips subpackage that contains the FIPS module files * Fri Aug 16 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-15 - fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes * Sat Aug 3 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1:1.0.1e-14 - Perl 5.18 rebuild * Fri Jul 26 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-13 - additional manual page fix - use symbol versioning also for the textual version * Thu Jul 25 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-12 - additional manual page fixes * Fri Jul 19 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-11 - use _prefix macro * Wed Jul 17 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1:1.0.1e-10 - Perl 5.18 rebuild * Thu Jul 11 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-9 - add openssl.cnf.5 manpage symlink to config.5 * Wed Jul 10 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-8 - add relro linking flag * Wed Jul 10 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-7 - add support for the -trusted_first option for certificate chain verification * Fri May 3 2013 Tomas Mraz <tmraz@xxxxxxxxxx> 1.0.1e-6 - fix build of manual pages with current pod2man (#959439) * Sun Apr 21 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.0.1e-5 - Enable ARM optimised build -------------------------------------------------------------------------------- References: [ 1 ] Bug #319901 - missing ec and ecparam commands in openssl package https://bugzilla.redhat.com/show_bug.cgi?id=319901 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-Parser-3.71-1.fc18 (FEDORA-2013-19358) Perl module for parsing HTML -------------------------------------------------------------------------------- Update Information: Update to the latest version -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2013 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 3.71-1 - 3.71 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1018509 - HTML::Parser dies with "X-Died: Illegal field name 'X-Meta-Twitter:card'" https://bugzilla.redhat.com/show_bug.cgi?id=1018509 -------------------------------------------------------------------------------- ================================================================================ perl-Term-Clui-1.68-3.fc18 (FEDORA-2013-19333) Perl module offering a Command-Line User Interface -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- ================================================================================ php-5.4.21-1.fc18 (FEDORA-2013-19241) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 17 Oct 2013, PHP 5.4.21 Core: * Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita) CLI server: * Fixed bug #65633 (built-in server treat some http headers as case-sensitive). (Adam) Datetime: * Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message). (Boro Sitnikovski) DBA extension: * Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write). (Adam) Filter: * Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn) * Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names). (Syra) IMAP: * Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap). (ryotakatsuki at gmail dot com) Standard: * Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http). (Mike) Build system: * Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())). (Mike) -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 17 2013 Remi Collet <rcollet@xxxxxxxxxx> - 5.4.21-1 - update to 5.4.21 -------------------------------------------------------------------------------- ================================================================================ postgresql-9.2.5-1.fc18 (FEDORA-2013-19316) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.2.5 minor version per release notes: http://www.postgresql.org/docs/9.2/static/release-9-2-5.html This update brings several bugfixes and is mostly about pg_upgrade. For more info see the attached bugs. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 17 2013 Jozef Mlich <jmlich@xxxxxxxxxx> - 9.2.5-1 - update to 9.2.5 minor version per release notes: http://www.postgresql.org/docs/9.2/static/release-9-2-5.html * Thu Aug 15 2013 Pavel Raiskup <praiskup@xxxxxxxxxx> - 9.2.4-2 - postgresql-setup: don't create whole path to server's data to make sure that the parent directory has correct permissions (#972425) (pick from fc20) - backport fix for manual pages (#948933) (pick from fc20) - fix README.rpm-dist for the bug (#969050) (pick from fc20) - upgrade: stop old server if perm. problem occur (#896161) (pick from fc20) -------------------------------------------------------------------------------- References: [ 1 ] Bug #972425 - postgresql-setup initdb does not work if umask=0077 and /var/lib/pgsql is removed https://bugzilla.redhat.com/show_bug.cgi?id=972425 [ 2 ] Bug #969050 - Misleading documentation, README.rpm-dist https://bugzilla.redhat.com/show_bug.cgi?id=969050 [ 3 ] Bug #896161 - Upgrading PostgreSQL from 9.1 to 9.2 with pg_upgrade/postgreql-setup fails - invalid status retrieved https://bugzilla.redhat.com/show_bug.cgi?id=896161 -------------------------------------------------------------------------------- ================================================================================ python-djblets-0.7.21-1.fc18 (FEDORA-2013-18911) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information: Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible). These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase. There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs. -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk@xxxxxxxxx> - 0.7.21-1 - New upstream bugfix release 0.7.21 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS - Added a has_list_access_permissions function, which is used to determine access to a list resource. * Fri Oct 11 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.7.20-1 - New upstream bugfix release 0.7.20 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.20.NEWS - Fixed regression with pagination on the datagrid * Thu Oct 10 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.7.19-1 - New upstream security release 0.7.19 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.19.NEWS - Resolves: CVE-2013-4409 - Resolves unsanitized eval() vulnerability -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with REST API https://bugzilla.redhat.com/show_bug.cgi?id=1016596 [ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows unauthorized users to view review lists https://bugzilla.redhat.com/show_bug.cgi?id=1016599 [ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1016601 -------------------------------------------------------------------------------- ================================================================================ python-stem-1.1.0-1.fc18 (FEDORA-2013-19335) Python controller library for Tor -------------------------------------------------------------------------------- Update Information: Update to upstream version 1.1.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2013 Juan Orti Alcaine <jorti@xxxxxxxxxxxxxxxxx> - 1.1.0-1 - Version 1.1.0 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-velruse-1.0.3-6.fc18 (FEDORA-2013-19362) Simplify third-party authentication for web applications -------------------------------------------------------------------------------- Update Information: Apply patch introducing new extension point for openid. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 17 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.0.3-6 - Apply patch introducing an new extension point * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ qtwebkit-2.3.3-1.fc18 (FEDORA-2013-19268) Qt WebKit bindings -------------------------------------------------------------------------------- Update Information: New stable bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 3 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.3.3-1 - qtwebkit-2.3.3 - include some post 2.3.3 commits/fixes * Thu Sep 12 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.3.2-3 - SIGSEGV - ~NonSharedCharacterBreakIterator (#1006539, webkit#101337) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ salt-0.17.1-1.fc18 (FEDORA-2013-19354) A parallel remote execution system -------------------------------------------------------------------------------- Update Information: Updated to bugfix release 0.17.1. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 17 2013 Erik Johnson <erik@xxxxxxxxxxxxx> - 0.17.1-1 - Update to bugfix release 0.17.1 * Thu Sep 26 2013 Erik Johnson <erik@xxxxxxxxxxxxx> - 0.17.0-1 - Update to feature release 0.17.0 * Wed Sep 11 2013 David Anderson <dave@xxxxxxxxxx> - Change sourcing order of init functions and salt default file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1020306 - CVE-2013-4439 salt: saltstack minion identity usurpation https://bugzilla.redhat.com/show_bug.cgi?id=1020306 -------------------------------------------------------------------------------- ================================================================================ sane-backends-1.0.24-2.fc18 (FEDORA-2013-19249) Scanner access software -------------------------------------------------------------------------------- Update Information: New upstream version with these changes: * Significant enhancements to pixma, genesys, kodakaio, fujitsu, canon_dr. * Minor updates, bugfixes or scanners added in several backends. * 51 new scanner models supported. * USB support improvements. * Documentation updates. * Bugfixes. Additionally, this update configures USB devices through udev hwdb instead of individual rules which should speed up device recognition. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 16 2013 Nils Philippsen <nils@xxxxxxxxxx> - 1.0.24-2 - update udev hwdb on installation/removal * Wed Oct 9 2013 Nils Philippsen <nils@xxxxxxxxxx> - 1.0.24-1 - version 1.0.24 - use (hopefully stable) Alioth download URL - update udev patch, remove obsolete patches - use udev hwdb instead of huge rulesets -------------------------------------------------------------------------------- ================================================================================ satyr-0.10-1.fc18 (FEDORA-2013-19232) Tools to create anonymous, machine-friendly problem reports -------------------------------------------------------------------------------- Update Information: This update includes a new upstream release which fixes the bugs listed. You can find other changes in the upstream description at: - https://github.com/abrt/satyr/blob/master/NEWS - https://github.com/abrt/abrt/commit/7dcfd2a024d2d65695e20d0cefd257d091272f66#diff-1e807c90d5bf1222db586f4a8f0a6de1R804 - https://github.com/abrt/libreport/commit/a75dcd1d30c99b751ba38eed1714d89053595687#diff-71a31a3e297ea003eaf1b3a5ac3e9457R575 - https://github.com/abrt/gnome-abrt/commit/7280edf171e1952132ba91e12f6f3f3030de9e85#diff-c3189e78ca44c8f42b1bd5a965e340c2R103 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 3 2013 Jakub Filak <jfilak@xxxxxxxxxx> 0.10-1 - New upstream version - Fix a segmentation fault in sr_rpm_package_uniq() - Respect kernel flavor when parsing package name - Parse backtrace without Thread header - Fix koops json output if there are no modules - Add support for multiple koops stacks -------------------------------------------------------------------------------- References: [ 1 ] Bug #960724 - gnome-abrt randomly freezes https://bugzilla.redhat.com/show_bug.cgi?id=960724 [ 2 ] Bug #977029 - new bugs shown as both reported and unreported https://bugzilla.redhat.com/show_bug.cgi?id=977029 -------------------------------------------------------------------------------- ================================================================================ scipy-0.12.1-1.fc18 (FEDORA-2013-19271) Scipy: Scientific Tools for Python -------------------------------------------------------------------------------- Update Information: Update to 0.12.1, fixes CVE-2013-4251: insecure /tmp usage by scipy.weave. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0.12.1-1 - Update to 0.12.1 - fixes CVE-2013-4251 (bug 101351) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.12.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed May 15 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0.12.0-3 - Remove old ufsparse references, use suitesparse - Spec cleanup - Tue Jul 30 2013 Tomas Tomecek <ttomecek@xxxxxxxxxx>: - Fix rpmlint warnings - License update - Add patch to use build_dir argument in build_extension -------------------------------------------------------------------------------- References: [ 1 ] Bug #916690 - CVE-2013-4251 scipy: weave /tmp and current directory issues https://bugzilla.redhat.com/show_bug.cgi?id=916690 -------------------------------------------------------------------------------- ================================================================================ sddm-0.2.0-0.14.20130914git50ca5b20.fc18 (FEDORA-2013-19245) QML based X11 desktop manager -------------------------------------------------------------------------------- Update Information: Improved session selection, and use basic fedora (non-userlist) theme by default. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.2.0-0.14.20130914git50ca5b20 - sddm.conf: CurrentTheme=fedora * Mon Oct 14 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.2.0-0.13.20130914git50ca5b20 - include standard theme/config here, Obsoletes: kde-settings-sddm - sddm.conf: SessionCommand=/etc/X11/xinit/Xsession * Mon Oct 14 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.2.0-0.12.20130914git50ca5b20 - -themes: Obsoletes: sddm ... for upgrade path * Mon Oct 14 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.2.0-0.11.20130914git50ca5b20 - -themes subpkg * Sat Sep 21 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.2.0-0.10.20130914git50ca5b20 - use %_qt4_importdir, %systemd_requires macros - own %_datadir/apps/sddm - fix Release - drop explicit Requires: pam (let rpm autodeps handle it) * Mon Sep 16 2013 Martin Briza <mbriza@xxxxxxxxxx> - 0.2.0-0.9.20130914git50ca5b20 - Requires: kde-settings-sddm * Mon Sep 16 2013 Martin Briza <mbriza@xxxxxxxxxx> - 0.2.0-0.8.20130914git50ca5b20 - Moved the config to the kde-settings-sddm package * Sat Sep 14 2013 Martin Briza <mbriza@xxxxxxxxxx> - 0.2.0-0.7.20130914git50ca5b20 - Removed the nonfree font from the package, replaced with "Sans" - Temporarily set my own repository as the origin to avoid having the font in the srpm - Changing the source also brings us a few new commits and removes Patch1 for PAM * Mon Sep 9 2013 Martin Briza <mbriza@xxxxxxxxxx> - 0.2.0-0.6.20130821gite707e229 - Added the patch, forgot to apply it, now it's okay * Mon Sep 9 2013 Martin Briza <mbriza@xxxxxxxxxx> - 0.2.0-0.5.20130821gite707e229 - Set a better order of the X sessions selection and hidden the Custom one (#1004902) -------------------------------------------------------------------------------- ================================================================================ usbmuxd-1.0.8-10.fc18 (FEDORA-2013-19292) Daemon for communicating with Apple's iOS devices -------------------------------------------------------------------------------- Update Information: Fix pre/post scripts Fixes rpm scriptlets -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 10 2013 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.0.8-10 - Add BR: systemd for systemd.macros (RHBZ #1017493). * Tue Oct 8 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.0.8-9 - Fix rpm scripts * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.8-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.8-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Mon Nov 19 2012 Bastien Nocera <bnocera@xxxxxxxxxx> 1.0.8-6 - Fix source URL -------------------------------------------------------------------------------- References: [ 1 ] Bug #972641 - Job control error while libimobiledevice package erase https://bugzilla.redhat.com/show_bug.cgi?id=972641 -------------------------------------------------------------------------------- ================================================================================ voms-api-java-2.0.10-4.fc18 (FEDORA-2013-19380) Virtual Organization Membership Service Java API -------------------------------------------------------------------------------- Update Information: Disable tests that fail due to expired CRL in sources. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.0.10-4 - Disable CRL tests (the CRL in the sources has expired) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ vrq-1.0.96-5.fc18 (FEDORA-2013-19359) Verilog tool framework with plugins for manipulating source code -------------------------------------------------------------------------------- Update Information: Fix versioned docdirs -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2013 Shakthi Kannan <shakthimaan@xxxxxxxxxxxxxxxxx> - 1.0.96-5 - Fix bz #992864 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.96-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sat Feb 23 2013 Ville Skyttä <ville.skytta@xxxxxx> - 1.0.96-3 - Build with system zlib and bzip2 instead of bundled copies. - Fix bogus dates in %changelog. * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.96-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #992864 - vrq: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=992864 -------------------------------------------------------------------------------- ================================================================================ wannier90-2.0.0-1.fc18 (FEDORA-2013-19364) Maximally-localised Wannier functions -------------------------------------------------------------------------------- Update Information: Update to version 2.0.0. See changelog at http://www.wannier.org/doc/CHANGE.log -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 2.0.0-1 - Update to 2.0.0. * Mon Sep 23 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.2-9 - Rebuild against new ATLAS. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Mar 6 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.2-7 - Fix FTBFS in rawhide. * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1019173 - wannier90-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1019173 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test