The following Fedora 18 Security updates need testing: Age URL 195 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 41 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 38 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 35 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 34 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18 33 https://admin.fedoraproject.org/updates/FEDORA-2013-17912/chicken-4.8.0.4-4.fc18 22 https://admin.fedoraproject.org/updates/FEDORA-2013-18647/gnupg-1.4.15-1.fc18 21 https://admin.fedoraproject.org/updates/FEDORA-2013-18802/phpMyAdmin-3.5.8.2-1.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-19307/GraphicsMagick-1.3.18-2.fc18 9 https://admin.fedoraproject.org/updates/FEDORA-2013-19648/mysql-5.5.34-1.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-19976/mod_nss-1.0.8-24.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-20200/python-backports-ssl_match_hostname-3.4.0.2-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-20176/mantis-1.2.15-3.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-20354/xen-4.2.3-6.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-20360/spice-0.12.4-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20410/poppler-0.20.2-17.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20429/xulrunner-25.0-2.fc18,firefox-25.0-3.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 264 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-19289/gdisk-0.8.8-1.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-19292/usbmuxd-1.0.8-10.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-19268/qtwebkit-2.3.3-1.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-19456/device-mapper-persistent-data-0.2.8-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-20150/nss-util-3.15.2-2.fc18,nss-softokn-3.15.2-2.fc18,nss-3.15.2-2.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20263/openssl-1.0.1e-30.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20268/sane-backends-1.0.24-4.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20279/gnome-abrt-0.3.3-1.fc18,abrt-2.1.9-1.fc18,libreport-2.1.9-1.fc18,satyr-0.11-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20434/thunderbird-24.1.0-1.fc18,thunderbird-lightning-2.6.2-2.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20422/bind-9.9.3-7.P2.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20410/poppler-0.20.2-17.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20429/xulrunner-25.0-2.fc18,firefox-25.0-3.fc18 The following builds have been pushed to Fedora 18 updates-testing alpine-2.10-4.fc18 bind-9.9.3-7.P2.fc18 ctstream-9-1.fc18 firefox-25.0-3.fc18 kdevelop-4.5.2-1.fc18 kdevelop-php-1.5.2-1.fc18 kdevplatform-1.5.2-1.fc18 libetonyek-0.0.0-1.fc18 libxdg-basedir-1.2.0-5.fc18 orthanc-0.7.1-1.fc18 perl-Types-Serialiser-0.03-2.fc18 poppler-0.20.2-17.fc18 python-offtrac-0.1.0-1.fc18 thunderbird-24.1.0-1.fc18 thunderbird-lightning-2.6.2-2.fc18 tzdata-2013h-1.fc18 xulrunner-25.0-2.fc18 youtube-dl-2013.10.30-1.fc18 Details about builds: ================================================================================ alpine-2.10-4.fc18 (FEDORA-2013-20442) powerful, easy to use console email client -------------------------------------------------------------------------------- Update Information: new 2.10 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.10-4 - re-add README.fedora * Sat Aug 3 2013 Dennis Gilmore <dennis@xxxxxxxx> - 2.10-3 - remove refrences to non existant README.fedora file * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri Mar 15 2013 Paul Wouters <pwouters@xxxxxxxxxx> - 2.10-1 - Build from new upstream for 2.10, fixes rhbz#838359 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.03-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #838359 - alpine crashes when suspending in password prompt mode https://bugzilla.redhat.com/show_bug.cgi?id=838359 -------------------------------------------------------------------------------- ================================================================================ bind-9.9.3-7.P2.fc18 (FEDORA-2013-20422) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: One bug fixed. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-7.P2 - Correct the upstream patch for #794940 * Wed Oct 30 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-6.P2 - Use upstream version of patch for previously fixed #794940 * Fri Oct 18 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-5.P2 - Fix race condition on send buffers in dighost.c (#794940) -------------------------------------------------------------------------------- References: [ 1 ] Bug #794940 - 'host' dies with SEGV. https://bugzilla.redhat.com/show_bug.cgi?id=794940 -------------------------------------------------------------------------------- ================================================================================ ctstream-9-1.fc18 (FEDORA-2013-20431) Get URLs of Czech Television video streams -------------------------------------------------------------------------------- Update Information: This release fixes locating JSON structure. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 9-1 - Version 9 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1024821 - ctstream-9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1024821 -------------------------------------------------------------------------------- ================================================================================ firefox-25.0-3.fc18 (FEDORA-2013-20429) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: Upstream update to Firefox 25 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Martin Stransky <stransky@xxxxxxxxxx> - 25.0-3 - Update to 25.0 Build 3 * Thu Oct 24 2013 Martin Stransky <stransky@xxxxxxxxxx> - 25.0-2 - Fixed xulrunner dependency * Thu Oct 24 2013 Martin Stransky <stransky@xxxxxxxxxx> - 25.0-1 - Update to 25.0 Build 2 * Thu Oct 17 2013 Martin Stransky <stransky@xxxxxxxxxx> - 24.0-2 - Fixed rhbz#1005611 - BEAST workaround not enabled in Firefox -------------------------------------------------------------------------------- ================================================================================ kdevelop-4.5.2-1.fc18 (FEDORA-2013-20413) Integrated Development Environment for C++/C -------------------------------------------------------------------------------- Update Information: KDevelop 4.5.2 release. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Jan Grulich <jgrulich@xxxxxxxxxx> - 9:4.5.2-1 - Update to 4.5.2 * Wed Aug 7 2013 Jan Grulich <jgrulich@xxxxxxxxxx> - 9:4.5.1-4 - Not necessary to require the latest version of okteta * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 9:4.5.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Jul 30 2013 Petr Machata <pmachata@xxxxxxxxxx> - 9:4.5.1-2 - Rebuild for boost 1.54.0 -------------------------------------------------------------------------------- ================================================================================ kdevelop-php-1.5.2-1.fc18 (FEDORA-2013-20413) Php language and documentation plugins for KDevelop -------------------------------------------------------------------------------- Update Information: KDevelop 4.5.2 release. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Jan Grulich <jgrulich@xxxxxxxxxx> - 1.5.2-1 - Update to 1.5.2 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ kdevplatform-1.5.2-1.fc18 (FEDORA-2013-20413) Libraries for use by KDE development tools -------------------------------------------------------------------------------- Update Information: KDevelop 4.5.2 release. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Jan Grulich <jgrulich@xxxxxxxxxx> - 1.5.2-1 - Update to 1.5.2 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Jul 30 2013 Petr Machata <pmachata@xxxxxxxxxx> - 1.5.1-2 - Rebuild for boost 1.54.0 -------------------------------------------------------------------------------- ================================================================================ libetonyek-0.0.0-1.fc18 (FEDORA-2013-20439) A library for import of Apple Keynote presentations -------------------------------------------------------------------------------- Update Information: A new package. -------------------------------------------------------------------------------- ================================================================================ libxdg-basedir-1.2.0-5.fc18 (FEDORA-2013-20424) Implementation of the XDG Base Directory Specifications -------------------------------------------------------------------------------- Update Information: Small patch that frees cache->runtimeDirectory in xdgFreeData() -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 1.2.0-5 - Patch for memory leak, BZ 1018527. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1018527 - memory leak in libxdg-basedir 1.2.0 (xdgFreeData() does not free cache->runtimeDirectory) https://bugzilla.redhat.com/show_bug.cgi?id=1018527 -------------------------------------------------------------------------------- ================================================================================ orthanc-0.7.1-1.fc18 (FEDORA-2013-20433) RESTful DICOM server for healthcare and medical research -------------------------------------------------------------------------------- Update Information: New upstream version of Orthanc and packaging of Orthanc Client -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Sebastien Jodogne <s.jodogne@xxxxxxxxx> 0.7.1-1 - New upstream version - Fix for big endian architectures (bug #985748) - Packaging of the Orthanc Client library -------------------------------------------------------------------------------- References: [ 1 ] Bug #985748 - 2 tests failing on big endian platforms https://bugzilla.redhat.com/show_bug.cgi?id=985748 -------------------------------------------------------------------------------- ================================================================================ perl-Types-Serialiser-0.03-2.fc18 (FEDORA-2013-20441) Simple data types for common serialization formats -------------------------------------------------------------------------------- Update Information: This is the first Fedora / EPEL release of perl-Types-Serialiser. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1024913 - Review Request: perl-Types-Serialiser - Simple data types for common serialization formats https://bugzilla.redhat.com/show_bug.cgi?id=1024913 -------------------------------------------------------------------------------- ================================================================================ poppler-0.20.2-17.fc18 (FEDORA-2013-20410) PDF rendering library -------------------------------------------------------------------------------- Update Information: This update fixes several security issues of pdfseparate. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Marek Kasik <mkasik@xxxxxxxxxx> 0.20.2-17 - Fixes CVE-2013-4473 (Limit length of output to pathName buffer) - Fixes CVE-2013-4474 (Check file pattern) - Resolves: #1024765 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1024753 - CVE-2013-4473 poppler: stack-based buffer overflow in pdfseparate utility https://bugzilla.redhat.com/show_bug.cgi?id=1024753 [ 2 ] Bug #1024762 - CVE-2013-4474 poppler: format string flaw in pdfseparate utility https://bugzilla.redhat.com/show_bug.cgi?id=1024762 -------------------------------------------------------------------------------- ================================================================================ python-offtrac-0.1.0-1.fc18 (FEDORA-2013-20437) Trac xmlrpc library -------------------------------------------------------------------------------- Update Information: Latest upstream with python3 support. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Ralph Bean <rbean@xxxxxxxxxx> - 0.1.0-1 - Python3 support * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.0.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1024819 - python-offtrac: Support Python 3 https://bugzilla.redhat.com/show_bug.cgi?id=1024819 -------------------------------------------------------------------------------- ================================================================================ thunderbird-24.1.0-1.fc18 (FEDORA-2013-20434) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: For changes see: http://www.mozilla.org/en-US/thunderbird/24.1.0/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Jan Horak <jhorak@xxxxxxxxxx> - 24.1.0-1 - Update to 24.1.0 * Thu Oct 17 2013 Martin Stransky <stransky@xxxxxxxxxx> - 24.0-4 - Fixed rhbz#1005611 - BEAST workaround not enabled in Firefox * Wed Sep 25 2013 Jan Horak <jhorak@xxxxxxxxxx> - 24.0-3 - Update to 24.0 * Mon Sep 23 2013 Jan Horak <jhorak@xxxxxxxxxx> - 17.0.9-1 - Update to 17.0.9 ESR -------------------------------------------------------------------------------- ================================================================================ thunderbird-lightning-2.6.2-2.fc18 (FEDORA-2013-20434) The calendar extension to Thunderbird -------------------------------------------------------------------------------- Update Information: For changes see: http://www.mozilla.org/en-US/thunderbird/24.1.0/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Jan Horak <jhorak@xxxxxxxxxx> - 2.6.2-2 - Update to 2.6.2 * Fri Sep 20 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.6-1 - Drop alarm patch - Drop -fpermissive - Update to 2.6 - Exclude arm architecture * Sat Aug 17 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.9.1-5 - Fix up gdata lightning version dependency * Fri Aug 16 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.9.1-4 - Split Google data provider into a sub-package (bug #554113) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ tzdata-2013h-1.fc18 (FEDORA-2013-20435) Timezone data -------------------------------------------------------------------------------- Update Information: tzdata-2013h update -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Patsy Franklin <pfrankli@xxxxxxxxxx> 2013h-1 - Rebase to 2013h - Lybia switched to using UTC+2 without DST - Western Sahara (Africa/ElAaiun) uses Morocco's DST rules - Acres and Amazon swithc to UTC-4 and UTC-5 on 2013-11-10 - Add entries for DST transition in Morocco in the year 2038 -------------------------------------------------------------------------------- ================================================================================ xulrunner-25.0-2.fc18 (FEDORA-2013-20429) XUL Runtime for Gecko Applications -------------------------------------------------------------------------------- Update Information: Upstream update to Firefox 25 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Martin Stransky <stransky@xxxxxxxxxx> - 25.0-2 - Update to 25.0 Build 3 * Wed Oct 23 2013 Martin Stransky <stransky@xxxxxxxxxx> - 25.0-1 - Update to 25.0 Build 2 * Tue Oct 15 2013 Karsten Hopp <karsten@xxxxxxxxxx> 24.0-3 - drop PPC-only rhbz-911314.patch, fixed upstream -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2013.10.30-1.fc18 (FEDORA-2013-20445) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: New RPM. New version. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.10.30-1 - Update to new release(BZ#1024948). * Mon Oct 28 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.10.28-1 - Update to new release(BZ#1022706). * Wed Oct 23 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.10.23-1 - Update to new release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1024948 - youtube-dl-2013.10.30 is available https://bugzilla.redhat.com/show_bug.cgi?id=1024948 [ 2 ] Bug #1022706 - youtube-dl-2013.10.28 is available https://bugzilla.redhat.com/show_bug.cgi?id=1022706 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test