The following Fedora 18 Security updates need testing: Age URL 208 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 54 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 51 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 48 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 47 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18 46 https://admin.fedoraproject.org/updates/FEDORA-2013-17912/chicken-4.8.0.4-4.fc18 15 https://admin.fedoraproject.org/updates/FEDORA-2013-20176/mantis-1.2.15-3.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-20410/poppler-0.20.2-17.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-20976/drupal7-context-3.1-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-21057/xen-4.2.3-8.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-21018/bip-0.8.9-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-21207/samba-4.0.11-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-21298/drupal6-context-3.3-1.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 277 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 12 https://admin.fedoraproject.org/updates/FEDORA-2013-20422/bind-9.9.3-7.P2.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-20797/libbluray-0.4.0-1.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-20919/sane-backends-1.0.24-6.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-20908/libxfce4ui-4.10.0-9.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-21084/perl-5.16.3-245.fc18 The following builds have been pushed to Fedora 18 updates-testing QMsgBox-0-1.20130830git94677dc.fc18 acpid-2.0.20-2.fc18 bugwarrior-0.6.3-1.fc18 dkms-2.2.0.3-20.fc18 drupal6-context-3.3-1.fc18 gramps-3.4.6-1.fc18 libteam-1.9-1.fc18 libuv-0.10.19-1.fc18 nodejs-0.10.22-1.fc18 perl-Twiggy-0.1024-1.fc18 vimpal-1.3.0-1.fc18 Details about builds: ================================================================================ QMsgBox-0-1.20130830git94677dc.fc18 (FEDORA-2013-21280) Solves a problem that prevents qt message icons from being displayed -------------------------------------------------------------------------------- Update Information: First release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1002994 - Review Request: QMsgBox - Solves a problem that prevents qt message icons from being displayed https://bugzilla.redhat.com/show_bug.cgi?id=1002994 -------------------------------------------------------------------------------- ================================================================================ acpid-2.0.20-2.fc18 (FEDORA-2013-21258) ACPI Event Daemon -------------------------------------------------------------------------------- Update Information: This is an upadte that fixes loginctl and adds support for cinnamon and mate. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.0.20-2 - Fixed loginctl and added support for cinnamon and mate (patch by Leigh Scott) Resolves: rhbz#1029868 * Mon Sep 16 2013 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.0.20-1 - New version Resolves: rhbz#1008344 - Fixed bogus date in changelog (best effort) * Wed Aug 14 2013 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.0.19-6 - Added systemd build requires Resolves: rhbz#995158 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1029868 - systemd-loginctl: command not found... https://bugzilla.redhat.com/show_bug.cgi?id=1029868 -------------------------------------------------------------------------------- ================================================================================ bugwarrior-0.6.3-1.fc18 (FEDORA-2013-21237) Sync github, bitbucket, and trac issues with taskwarrior -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1025369 - Review Request: bugwarrior - Sync github, bitbucket, and trac issues with taskwarrior https://bugzilla.redhat.com/show_bug.cgi?id=1025369 -------------------------------------------------------------------------------- ================================================================================ dkms-2.2.0.3-20.fc18 (FEDORA-2013-21254) Dynamic Kernel Module Support Framework -------------------------------------------------------------------------------- Update Information: Fix man page formatting and integrate new functionality from the ZFS On Linux team. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Simone Caronni <negativo17@xxxxxxxxx> - 2.2.0.3-20 - Exclude build dependency logic for RHEL/CentOS 5. * Wed Nov 6 2013 Simone Caronni <negativo17@xxxxxxxxx> - 2.2.0.3-19 - Add macros to the top of the man page to fix displaying on el5/el6 (#986660). Thanks to Darik Horn for the fix. * Mon Nov 4 2013 Simone Caronni <negativo17@xxxxxxxxx> - 2.2.0.3-18 - Add ZFS On Linux patches for additional functionality/bugfixes (#1023598). Thanks to Darik Horn and Brian Behlendorf. -------------------------------------------------------------------------------- References: [ 1 ] Bug #986660 - bad man page https://bugzilla.redhat.com/show_bug.cgi?id=986660 [ 2 ] Bug #1023598 - dkms does not handle module dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1023598 -------------------------------------------------------------------------------- ================================================================================ drupal6-context-3.3-1.fc18 (FEDORA-2013-21298) Context Module for Drupal6 -------------------------------------------------------------------------------- Update Information: CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in a path used for AJAX operations when running in a configuration without a json_decode function provided by PHP or the PECL JSON library. The vulnerability is This vulnerability is only exploitable on a server running a PHP version prior to 5.2 that does not have the json library installed. Second issue is that the module uses Drupal's token scheme to restrict access to the json rendering of a block. This control mechanism is insufficient as Drupal's token scheme is designed to provide security between two different sessions (or a session and a non authenticated user) and is not designed to provide security within a session. The vulnerability is mitigated by needing blocks that have sensitive information. The suggested fix is to update Drupal6-context to 6.x-3.2 and Drupal7-context to 7.x-3.0. References: http://seclists.org/fulldisclosure/2013/Oct/118 https://drupal.org/node/2113317 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 3.3-1 - Update to latest, SA-CONTRIB-2013-079, BZ 1020780, - BZ 1020783, BZ 1020256. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1020780 - drupal6-context: drupal-context: multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1020780 [ 2 ] Bug #1020783 - drupal6-context: drupal-context: multiple vulnerabilities [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1020783 [ 3 ] Bug #1020256 - drupal6-context-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1020256 -------------------------------------------------------------------------------- ================================================================================ gramps-3.4.6-1.fc18 (FEDORA-2013-21271) Genealogical Research and Analysis Management Programming System -------------------------------------------------------------------------------- Update Information: Latest upstream bugfix release. Changes: http://gramps-project.org/2013/10/gramps-3-4-6-released/ -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 3.4.6-1 - Latest upstream. * Thu May 30 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 3.4.5-2 - Add Requires for pyicu. * Thu May 30 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 3.4.5-1 - The .We have also developed a tomato which can eject itself when - an accident is imminent., a maintenance and bug fix release. - The important change: - Problem after upgrading to 3.4.4 from 3.3.1 - - Other changes are on reports: - - Ability to keep custom filename on output - Book report: Sub reports forget/overwrite their settings when - trying to re-configure them - End of Line Report options window . changing Output Format cause - change active tab to .report options. - Various updated translations: de, es, fr, nb, nl, pl, sk * Tue Mar 26 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 3.4.3-1 - Version 3.4.3 has been released, the ““Whenever life gets you down, Mrs. - Brown”“, a maintenance (“bug fix”) release. - * Sorting of names, places etc. uses the International Components for - * Unicode (ICU) libraries which resolves many bugs particularly on MS - * Windows, and ensures that sorting is the same for all platforms. - * Addon checking and download works again. - * A large number of fixes to Narrative Web. In particular, media objects attached to events and sources are now output. - * Many other bug fixes. - * Various updated translations: da, de, es, fr, it, nb, nl, pt_BR, pt_PT, sv, uk. * Tue Feb 12 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 3.4.2-3 - Drop desktop vendor tag. -------------------------------------------------------------------------------- ================================================================================ libteam-1.9-1.fc18 (FEDORA-2013-21283) Library for controlling team network device -------------------------------------------------------------------------------- Update Information: - Update to 1.9 - libteamdctl: remove false lib dependencies - teamdctl: use new port config get function - libteamdctl: introduce support for port config get - libteamdctl: cache reply strings into list - teamd: introduce PortConfigDump control method - teamd: make teamd_get_port_by_ifname ifname argument const - Minor improvements to style and language. - do not install example binaries - minor man page(s) correction(s) and lintianisation - teamdctl: print error message if ifindex cannot be obtained - fix cflags path in pc files -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 12 2013 Jiri Pirko <jpirko@xxxxxxxxxx> - 1.9-1 - Update to 1.9 - libteamdctl: remove false lib dependencies - teamdctl: use new port config get function - libteamdctl: introduce support for port config get - libteamdctl: cache reply strings into list - teamd: introduce PortConfigDump control method - teamd: make teamd_get_port_by_ifname ifname argument const - Minor improvements to style and language. - do not install example binaries - minor man page(s) correction(s) and lintianisation - teamdctl: print error message if ifindex cannot be obtained - fix cflags path in pc files -------------------------------------------------------------------------------- ================================================================================ libuv-0.10.19-1.fc18 (FEDORA-2013-21274) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: This release contains the fix for the infamous Walmart memory leak, Node core is no longer leaking 4 bytes for every closed handle. Thanks to Josh Clulow, Dave Pacheco, Bryan Cantrill, and Robert Mustacchi who contributed invaluable feedback and guidance while working through this. As well as Trevor Norris who contributed an excellent reduced case that manifested on the unstable branch and lead directly to the root cause. Great team effort! 2013.11.12, node.js Version 0.10.22 (Stable) * child_process: don't assert on stale file descriptor events (Fedor Indutny) * darwin: Fix "Not Responding" in Mavericks activity monitor (Fedor Indutny) * debugger: Fix bug in sb() with unnamed script (Maxim Bogushevich) * repl: do not insert duplicates into completions (Maciej Małecki) * src: Fix memory leak on closed handles (Timothy J Fontaine) * tls: prevent stalls by using read(0) (Fedor Indutny) 2013.11.13, libuv Version 0.10.19 (Stable) * unix: update events from pevents between polls (Fedor Indutny) * fsevents: support japaneese characters in path (Chris Bank) * linux: don't turn on SO_REUSEPORT socket option (Ben Noordhuis) * linux: handle EPOLLHUP without EPOLLIN/EPOLLOUT (Ben Noordhuis) * unix: fix reopened fd bug (Fedor Indutny) * core: fix fake watcher list and count preservation (Fedor Indutny) -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 12 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:0.10.19-1 - new upstream release 0.10.19 https://github.com/joyent/libuv/blob/v0.10.19/ChangeLog -------------------------------------------------------------------------------- ================================================================================ nodejs-0.10.22-1.fc18 (FEDORA-2013-21274) JavaScript runtime -------------------------------------------------------------------------------- Update Information: This release contains the fix for the infamous Walmart memory leak, Node core is no longer leaking 4 bytes for every closed handle. Thanks to Josh Clulow, Dave Pacheco, Bryan Cantrill, and Robert Mustacchi who contributed invaluable feedback and guidance while working through this. As well as Trevor Norris who contributed an excellent reduced case that manifested on the unstable branch and lead directly to the root cause. Great team effort! 2013.11.12, node.js Version 0.10.22 (Stable) * child_process: don't assert on stale file descriptor events (Fedor Indutny) * darwin: Fix "Not Responding" in Mavericks activity monitor (Fedor Indutny) * debugger: Fix bug in sb() with unnamed script (Maxim Bogushevich) * repl: do not insert duplicates into completions (Maciej Małecki) * src: Fix memory leak on closed handles (Timothy J Fontaine) * tls: prevent stalls by using read(0) (Fedor Indutny) 2013.11.13, libuv Version 0.10.19 (Stable) * unix: update events from pevents between polls (Fedor Indutny) * fsevents: support japaneese characters in path (Chris Bank) * linux: don't turn on SO_REUSEPORT socket option (Ben Noordhuis) * linux: handle EPOLLHUP without EPOLLIN/EPOLLOUT (Ben Noordhuis) * unix: fix reopened fd bug (Fedor Indutny) * core: fix fake watcher list and count preservation (Fedor Indutny) -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 12 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.22-1 - new upstream release 0.10.22 http://blog.nodejs.org/2013/11/12/node-v0-10-22-stable/ -------------------------------------------------------------------------------- ================================================================================ perl-Twiggy-0.1024-1.fc18 (FEDORA-2013-21236) AnyEvent HTTP server for PSGI (like Thin) -------------------------------------------------------------------------------- Update Information: Fix a bug where exit_guard is not correctly decremented when writing header failed -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Robin Lee <cheeselee@xxxxxxxxxxxxxxxxx> - 0.1024-1 - Update to 0.1024 * Fri Aug 9 2013 Robin Lee <cheeselee@xxxxxxxxxxxxxxxxx> - 0.1023-1 - Update to 0.1023 * Mon Aug 5 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 0.1021-5 - Perl 5.18 rebuild * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1021-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ vimpal-1.3.0-1.fc18 (FEDORA-2013-21253) Separate application providing a file tree for VIM -------------------------------------------------------------------------------- Update Information: Bumped to new upstream release 1.3.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 12 2013 Eduardo Echeverria <echevemaster@xxxxxxxxx> - 1.3.0-1 - Bumped to the new upstream version 1.3.0 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
