The following Fedora 18 Security updates need testing: Age URL 194 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 40 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 37 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 34 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 33 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18 32 https://admin.fedoraproject.org/updates/FEDORA-2013-17912/chicken-4.8.0.4-4.fc18 21 https://admin.fedoraproject.org/updates/FEDORA-2013-18647/gnupg-1.4.15-1.fc18 20 https://admin.fedoraproject.org/updates/FEDORA-2013-18802/phpMyAdmin-3.5.8.2-1.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-19307/GraphicsMagick-1.3.18-2.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-19648/mysql-5.5.34-1.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-19976/mod_nss-1.0.8-24.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-20200/python-backports-ssl_match_hostname-3.4.0.2-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-20176/mantis-1.2.15-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20354/xen-4.2.3-6.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20360/spice-0.12.4-3.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 263 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-19289/gdisk-0.8.8-1.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-19292/usbmuxd-1.0.8-10.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-19268/qtwebkit-2.3.3-1.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-19456/device-mapper-persistent-data-0.2.8-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-20263/openssl-1.0.1e-30.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-20267/systemd-201-2.fc18.9 1 https://admin.fedoraproject.org/updates/FEDORA-2013-20268/sane-backends-1.0.24-4.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-20279/gnome-abrt-0.3.3-1.fc18,abrt-2.1.9-1.fc18,libreport-2.1.9-1.fc18,satyr-0.11-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-20150/nss-util-3.15.2-2.fc18,nss-softokn-3.15.2-2.fc18,nss-3.15.2-2.fc18 The following builds have been pushed to Fedora 18 updates-testing ansible-1.3.4-1.fc18 lhapdf-5.9.1-1.fc18 libodb-boost-2.2.1-1.fc18 libodb-mysql-2.2.0-1.fc18 libodb-pgsql-2.2.0-1.fc18 libodb-qt-2.2.1-1.fc18 libodb-sqlite-2.2.3-1.fc18 liquibase-3.0.7-4.fc18 mock-1.1.34-1.fc18 printrun-2013.10.19-2.fc18 python3-3.3.0-4.fc18 qwt-6.0.1-5.fc18 spice-0.12.4-3.fc18 wordpress-3.7.1-1.fc18 xen-4.2.3-6.fc18 Details about builds: ================================================================================ ansible-1.3.4-1.fc18 (FEDORA-2013-20366) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Fixed a bug in the copy module, where a filename containing the string "raw" was handled incorrectly Fixed a bug in accelerate mode, where copying a zero-length file out would fail -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 29 2013 Kevin Fenzi <kevin@xxxxxxxxx> 1.3.4-1 - Update to 1.3.4 -------------------------------------------------------------------------------- ================================================================================ lhapdf-5.9.1-1.fc18 (FEDORA-2013-20343) Les Houches Accord PDF Interface -------------------------------------------------------------------------------- Update Information: New version, see changelog for details: http://lhapdf.hepforge.org/svn/tags/lhapdf-v5.9.1/ChangeLog -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 29 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.9.1-1 - Update to version 5.9.1 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5.8.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ libodb-boost-2.2.1-1.fc18 (FEDORA-2013-20372) Boost ODB runtime library from Code Synthesis -------------------------------------------------------------------------------- Update Information: Adding libodb-boost runtime library. -------------------------------------------------------------------------------- References: [ 1 ] Bug #975313 - Review Request: libodb-boost - Boost ODB runtime library https://bugzilla.redhat.com/show_bug.cgi?id=975313 -------------------------------------------------------------------------------- ================================================================================ libodb-mysql-2.2.0-1.fc18 (FEDORA-2013-20367) MySQL ODB runtime library from Code Synthesis -------------------------------------------------------------------------------- Update Information: Adding libodb-mysql runtime library. -------------------------------------------------------------------------------- References: [ 1 ] Bug #975315 - Review Request: libodb-mysql - MySQL ODB runtime library https://bugzilla.redhat.com/show_bug.cgi?id=975315 -------------------------------------------------------------------------------- ================================================================================ libodb-pgsql-2.2.0-1.fc18 (FEDORA-2013-20348) PostgreSQL ODB runtime library from Code Synthesis -------------------------------------------------------------------------------- Update Information: Adding libodb-pogsql runtime library. -------------------------------------------------------------------------------- References: [ 1 ] Bug #975317 - Review Request: libodb-pgsql - PostgreSQL ODB runtime library https://bugzilla.redhat.com/show_bug.cgi?id=975317 -------------------------------------------------------------------------------- ================================================================================ libodb-qt-2.2.1-1.fc18 (FEDORA-2013-20345) Qt ODB runtime library from Code Synthesis -------------------------------------------------------------------------------- Update Information: Added libodb-qt runtime library. -------------------------------------------------------------------------------- References: [ 1 ] Bug #975316 - Review Request: libodb-qt - Qt ODB runtime library https://bugzilla.redhat.com/show_bug.cgi?id=975316 -------------------------------------------------------------------------------- ================================================================================ libodb-sqlite-2.2.3-1.fc18 (FEDORA-2013-20347) SQLite ODB runtime library from Code Synthesis -------------------------------------------------------------------------------- Update Information: Adding libodb-sqlite runtime library. -------------------------------------------------------------------------------- References: [ 1 ] Bug #975318 - Review Request: libodb-sqlite - SQLite ODB runtime library https://bugzilla.redhat.com/show_bug.cgi?id=975318 -------------------------------------------------------------------------------- ================================================================================ liquibase-3.0.7-4.fc18 (FEDORA-2013-20364) Database Refactoring Tool -------------------------------------------------------------------------------- Update Information: Liquibase 3.0.7 features numerous bug fixes and additional extension support. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 28 2013 Alex Wood <awood@xxxxxxxxxx> - 3.0.7-4 - Update to 3.0.7. - Use jpackage-utils to generate launch script. - Split javadoc into separate package. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1023523 - Liquibase package needs an update https://bugzilla.redhat.com/show_bug.cgi?id=1023523 -------------------------------------------------------------------------------- ================================================================================ mock-1.1.34-1.fc18 (FEDORA-2013-20349) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: various bugfixes Removed f17 configs and added f20 configs Removed f17 configs and added f20 configs -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 29 2013 Clark Williams <williams@xxxxxxxxxx> - 1.1.34-1 - fixed specfile to include mass rebuild changelog entry - package_state: drop privs when writing available_packages data [BZ# 916685] - unconditionally update default.cfg on install [BZ# 858822] - attempt to make mock more EL5 friendly [BZ# 949616] - do not ignore missing dependencies [BZ# 955478] - set the group defined in chrootgid [BZ# 953519] - add the --nocheck option to mock [BZ# 1015790] - raise privs before deleting rpm db files in chroot [BZ# 973617] - clean up orphan processes even if chroot not cleaned [BZ# 972868] - do not remove the chroot builddir if not cleaning the chroot [BZ# 483486] - use root object environment in package_state plugin [BZ# 921221] - Pass values of --plugin-option through literal_eval [BZ# 1018359] - add default mode to mount in tmpfs plugin [BZ# 598257] - exit mockbuild.util.logOutput() when child process dies [BZ# 885405] * Wed Aug 21 2013 Clark Williams <williams@xxxxxxxxxx> - 1.1.33-1 - removed f17 configs - added f20 configs - fixed mockchain to use mock config default setup [BZ# 962573] - remove bogus lockfile dir in _setupDirs() [BZ# 894305] * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.32-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #916685 - mock ... foo.src.rpm fails if foo.src.rpm is on nfs filesytem https://bugzilla.redhat.com/show_bug.cgi?id=916685 [ 2 ] Bug #858822 - Mock's default configuration is not updated, becomes outdated over time https://bugzilla.redhat.com/show_bug.cgi?id=858822 [ 3 ] Bug #949616 - Suggested patches to mock 1.1.30 to build and work on EL5 https://bugzilla.redhat.com/show_bug.cgi?id=949616 [ 4 ] Bug #955478 - Unresolved dependencies silently ignored https://bugzilla.redhat.com/show_bug.cgi?id=955478 [ 5 ] Bug #953519 - After changing config_opts['chrootgid'], the process still runs with mock group privileges https://bugzilla.redhat.com/show_bug.cgi?id=953519 [ 6 ] Bug #1015790 - Add --nocheck to mock https://bugzilla.redhat.com/show_bug.cgi?id=1015790 [ 7 ] Bug #973617 - [abrt] mock-1.1.32-1.fc19: backend.py:540:_nuke_rpm_db:OSError: [Errno 13] Permission denied: '/var/lib/mock/fedora-rawhide-x86_64/root/var/lib/rpm/__db.001' https://bugzilla.redhat.com/show_bug.cgi?id=973617 [ 8 ] Bug #972868 - [abrt] mock-1.1.32-1.fc18: shutil.py:252:rmtree:OSError: [Errno 16] Device or resource busy: '/var/lib/mock/epel-6-x86_64/root/dev/shm' https://bugzilla.redhat.com/show_bug.cgi?id=972868 [ 9 ] Bug #483486 - Can't build 'nosrc' srpms using mock (--no-clean does not work) https://bugzilla.redhat.com/show_bug.cgi?id=483486 [ 10 ] Bug #921221 - Activation of package_state in 1.1.29 breaks setups with http proxy servers https://bugzilla.redhat.com/show_bug.cgi?id=921221 [ 11 ] Bug #1018359 - [PATCH] Pass values of --plugin-option through literal_eval https://bugzilla.redhat.com/show_bug.cgi?id=1018359 [ 12 ] Bug #885405 - mock hangs when rpm %check fails (reproducer) https://bugzilla.redhat.com/show_bug.cgi?id=885405 [ 13 ] Bug #962573 - mockchain fails on complicated config files https://bugzilla.redhat.com/show_bug.cgi?id=962573 [ 14 ] Bug #894305 - directory /var/lock/rpm unowned https://bugzilla.redhat.com/show_bug.cgi?id=894305 -------------------------------------------------------------------------------- ================================================================================ printrun-2013.10.19-2.fc18 (FEDORA-2013-20346) RepRap printer interface and tools -------------------------------------------------------------------------------- Update Information: New upstream release that fixes bugs and adds features -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 29 2013 Miro Hrončok <mhroncok@xxxxxxxxxx> - 2013.10.19-2 - Added patch to workaround upstream issue 438 * Sat Oct 19 2013 Miro Hrončok <mhroncok@xxxxxxxxxx> - 2013.10.19-1 - New upstream release - Switch to new versioning, drop commit hashes from version/release - Upstream now has proper entrypoints, so entire %install is redone -------------------------------------------------------------------------------- ================================================================================ python3-3.3.0-4.fc18 (FEDORA-2013-20336) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: This fix makes the Python 3 RPMs contain properly bytecompiled files, so that they aren't regenerated everytime Python starts. There should be no notable changes other than slight speed improvement. This bugfix release also fixes CVE 2013-4238. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 3.3.0-4 - Bytecompile all *.py files properly during build (rhbz#1023607) * Wed Oct 30 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 3.3.0-3 - Added patch for CVE-2013-4238 (rhbz#1024029) * Mon May 20 2013 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 3.3.0-2 - Add patch for CVE-2013-2099 (rhbz#963261). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1023607 - python3-libs is not using the prebuilt .pyc files https://bugzilla.redhat.com/show_bug.cgi?id=1023607 [ 2 ] Bug #1024029 - python 3 version in F18 is lacking security updates https://bugzilla.redhat.com/show_bug.cgi?id=1024029 -------------------------------------------------------------------------------- ================================================================================ qwt-6.0.1-5.fc18 (FEDORA-2013-20362) Qt Widgets for Technical Applications -------------------------------------------------------------------------------- Update Information: Fix a problem related to using non-default install paths. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 29 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 6.0.1-5 - QtDesigner plugin doesn't link to the proper header directory path (#824447) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 6.0.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 6.0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Mon Nov 26 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 6.0.1-2 - qwtbuild.pri: drop CONFIG+=silent -------------------------------------------------------------------------------- References: [ 1 ] Bug #824447 - qwt-devel - QtDesigner plugin doesn't link to the proper header directory path https://bugzilla.redhat.com/show_bug.cgi?id=824447 -------------------------------------------------------------------------------- ================================================================================ spice-0.12.4-3.fc18 (FEDORA-2013-20360) Implements the SPICE protocol -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2013-4282 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.12.4-3 - Add patch fixing CVE-2013-4282 -------------------------------------------------------------------------------- ================================================================================ wordpress-3.7.1-1.fc18 (FEDORA-2013-19978) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: Upstream annoucement: * http://wordpress.org/news/2013/10/basie/ * http://wordpress.org/news/2013/10/wordpress-3-7-1/ Changes: * http://codex.wordpress.org/Version_3.7 * http://codex.wordpress.org/Version_3.7.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Remi Collet <rcollet@xxxxxxxxxx> - 3.7.1-1 - update to 3.7.1 (bugfixes) * Fri Oct 25 2013 Remi Collet <rcollet@xxxxxxxxxx> - 3.7-1 - update to 3.7 - requires ca-certificates for ca-bundle.crt -------------------------------------------------------------------------------- ================================================================================ xen-4.2.3-6.fc18 (FEDORA-2013-20354) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: ocaml xenstored mishandles oversized message replies systemd changes to allow oxenstored to be used instead of xenstored -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 29 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.3-6 - ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) * Fri Oct 25 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.3-5 - systemd changes to allow oxenstored to be used instead of xenstored (#1022640) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1017875 - CVE-2013-4416 xen: ocaml xenstored mishandles oversized message replies (XSA-72) https://bugzilla.redhat.com/show_bug.cgi?id=1017875 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
