The following Fedora 18 Security updates need testing: Age URL 197 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 43 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 40 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 37 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 36 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18 35 https://admin.fedoraproject.org/updates/FEDORA-2013-17912/chicken-4.8.0.4-4.fc18 24 https://admin.fedoraproject.org/updates/FEDORA-2013-18647/gnupg-1.4.15-1.fc18 23 https://admin.fedoraproject.org/updates/FEDORA-2013-18802/phpMyAdmin-3.5.8.2-1.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-19976/mod_nss-1.0.8-24.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-20200/python-backports-ssl_match_hostname-3.4.0.2-1.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-20176/mantis-1.2.15-3.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-20360/spice-0.12.4-3.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20410/poppler-0.20.2-17.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20429/xulrunner-25.0-2.fc18,firefox-25.0-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20544/xen-4.2.3-7.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20545/kernel-3.11.6-101.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 266 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-20150/nss-util-3.15.2-2.fc18,nss-softokn-3.15.2-2.fc18,nss-3.15.2-2.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-20263/openssl-1.0.1e-30.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-20268/sane-backends-1.0.24-4.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-20279/gnome-abrt-0.3.3-1.fc18,abrt-2.1.9-1.fc18,libreport-2.1.9-1.fc18,satyr-0.11-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20434/thunderbird-24.1.0-1.fc18,thunderbird-lightning-2.6.2-2.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20422/bind-9.9.3-7.P2.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20410/poppler-0.20.2-17.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20429/xulrunner-25.0-2.fc18,firefox-25.0-3.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20545/kernel-3.11.6-101.fc18 The following builds have been pushed to Fedora 18 updates-testing anki-2.0.16-1.fc18 ghc-MonadRandom-0.1.12-1.fc18 kernel-3.11.6-101.fc18 mate-applets-1.6.1-6.fc18 python-keyring-3.1-1.fc18 rubygem-ruby-opengl-0.60.1-14.fc18 xen-4.2.3-7.fc18 Details about builds: ================================================================================ anki-2.0.16-1.fc18 (FEDORA-2013-20556) Flashcard program for using space repetition learning -------------------------------------------------------------------------------- Update Information: Update to new bugfix upstream release 2.0.16. Minor bug fixes Please see http://www.ankisrs.net/docs/changes.html for details. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 2.0.16-1 - Update to new upstream version 2.0.16 -------------------------------------------------------------------------------- ================================================================================ ghc-MonadRandom-0.1.12-1.fc18 (FEDORA-2013-20539) Random-number generation monad -------------------------------------------------------------------------------- Update Information: New release -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 0.1.12-1 - Updated to new upstream 0.1.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016212 - ghc-MonadRandom-0.1.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1016212 -------------------------------------------------------------------------------- ================================================================================ kernel-3.11.6-101.fc18 (FEDORA-2013-20545) The Linux kernel -------------------------------------------------------------------------------- Update Information: Various bug and CVE fixes The 3.11.6 stable update contains a number of fixes across the tree. The 3.11.5 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 3.11.6-101 - Revert blocking patches causing systemd to crash on resume (rhbz 1010603) - CVE-2013-4348 net: deadloop path in skb_flow_dissect (rhbz 1007939 1025647) * Thu Oct 31 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxxx> - Fix display regression on Dell XPS 13 machines (rhbz 995782) * Tue Oct 29 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Fix plaintext auth regression in cifs (rhbz 1011621) * Fri Oct 25 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2013-4470 net: memory corruption with UDP_CORK and UFO (rhbz 1023477 1023495) - Add touchpad support for Dell XT2 (rhbz 1023413) * Tue Oct 22 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add patch to fix warning in tcp_fastretrans_alert (rhbz 989251) * Fri Oct 18 2013 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.11.6-100 - Linux v3.11.6 * Thu Oct 17 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add patch to fix BusLogic error (rhbz 1015558) - Fix rt2800usb polling timeouts and throughput issues (rhbz 984696) * Wed Oct 16 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Fix btrfs balance/scrub issue (rhbz 1011714) * Tue Oct 15 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Fix regression in radeon sound (rhbz 1010679) * Mon Oct 14 2013 Kyle McMartin <kyle@xxxxxxxxxx> - Fix crash-driver.patch to properly use page_is_ram. * Mon Oct 14 2013 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.11.5-100 - Linux v3.11.5 * Fri Oct 11 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Fix segfault in cpupower set (rhbz 1000439) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007939 - CVE-2013-4348 kernel: net: deadloop path in skb_flow_dissect() https://bugzilla.redhat.com/show_bug.cgi?id=1007939 [ 2 ] Bug #1023477 - CVE-2013-4470 Kernel: net: memory corruption with UDP_CORK and UFO https://bugzilla.redhat.com/show_bug.cgi?id=1023477 -------------------------------------------------------------------------------- ================================================================================ mate-applets-1.6.1-6.fc18 (FEDORA-2013-20534) MATE Desktop panel applets -------------------------------------------------------------------------------- Update Information: - disable upower BR > f20, until we know to handle upower-1.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-6 - disable upower BR > f20, until we know to handle upower-1.0 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-keyring-3.1-1.fc18 (FEDORA-2013-20537) Python library to access the system keyring service -------------------------------------------------------------------------------- Update Information: Update to version 3.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 22 2013 rtnpro <rtnpro@xxxxxxxxx> - 3.1-1 - Bump to version 3.1 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007354 - Please update this package ASAP https://bugzilla.redhat.com/show_bug.cgi?id=1007354 -------------------------------------------------------------------------------- ================================================================================ rubygem-ruby-opengl-0.60.1-14.fc18 (FEDORA-2013-20553) OpenGL Interface for Ruby -------------------------------------------------------------------------------- Update Information: Current rpm being shipped on Fedora contained some files with license unclear. With this rpm such files are removed. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 0.60.1-14 - Remove files with unclear licenses * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.60.1-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Mar 7 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 0.60.1-12 - F-19: Rebuild for ruby 2.0.0 -------------------------------------------------------------------------------- ================================================================================ xen-4.2.3-7.fc18 (FEDORA-2013-20544) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Lock order reversal between page allocation and grant table locks ocaml xenstored mishandles oversized message replies systemd changes to allow oxenstored to be used instead of xenstored -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.3-7 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] * Tue Oct 29 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.3-6 - ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) * Fri Oct 25 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.3-5 - systemd changes to allow oxenstored to be used instead of xenstored (#1022640) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1017875 - CVE-2013-4416 xen: ocaml xenstored mishandles oversized message replies (XSA-72) https://bugzilla.redhat.com/show_bug.cgi?id=1017875 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test