The following Fedora 18 Security updates need testing: Age URL 209 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 56 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 52 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 50 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 48 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18 47 https://admin.fedoraproject.org/updates/FEDORA-2013-17912/chicken-4.8.0.4-4.fc18 17 https://admin.fedoraproject.org/updates/FEDORA-2013-20176/mantis-1.2.15-3.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-20976/drupal7-context-3.1-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-21057/xen-4.2.3-8.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-21018/bip-0.8.9-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-21207/samba-4.0.11-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-21298/drupal6-context-3.3-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-21415/python3-3.3.0-5.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-21354/moodle-2.3.10-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20817/python-djblets-0.7.23-1.fc18,ReviewBoard-1.7.18-1.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 279 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-20797/libbluray-0.4.0-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-20919/sane-backends-1.0.24-6.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-20908/libxfce4ui-4.10.0-9.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-21084/perl-5.16.3-245.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-21375/kernel-3.11.8-100.fc18 The following builds have been pushed to Fedora 18 updates-testing ReviewBoard-1.7.18-1.fc18 drupal7-features-2.0-3.fc18 drupal7-strongarm-2.0-3.fc18 erfa-1.0.1-1.fc18 fedmsg-0.7.2-1.fc18 gofer-0.77-1.fc18 ibus-typing-booster-1.2.6-1.fc18 kernel-3.11.8-100.fc18 lcmaps-1.6.1-6.fc18 lz4-r108-1.fc18 mate-desktop-1.6.2-0.9.git81c245b.fc18 mate-themes-1.6.2-1.fc18 mate-window-manager-1.6.2-6.fc18 moodle-2.3.10-1.fc18 open-vm-tools-9.4.0-1.fc18 php-5.4.22-1.fc18 php-bartlett-PHP-CompatInfo-2.25.0-1.fc18 pypy-2.2.0-1.fc18 python-djblets-0.7.23-1.fc18 python-pkgwat-api-0.12-1.fc18 python3-3.3.0-5.fc18 q4wine-1.1-1.fc18 q4wine-1.1-2.fc18 re2-20131024-1.fc18 sddm-kcm-0-0.1.20131114gitafdda33c.fc18 smb4k-1.0.9-1.fc18 xscreensaver-5.23-1.fc18 youtube-dl-2013.11.13-1.fc18 Details about builds: ================================================================================ ReviewBoard-1.7.18-1.fc18 (FEDORA-2013-20817) Web-based code review tool -------------------------------------------------------------------------------- Update Information: - Fix JavaScript errors - New upstream security release 1.7.17 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/ - Resolves: CVE-2013-4519 - Security Fixes: * Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions. * Added a 'X-Frame-Options' header to prevent clickjacking. - New Features: * Remove the need for SSH keys for GitHub repositories. * Improved validation for GitHub repositories. * Added support for permissions on Local Sites. - Performance Improvements: * Reduced query counts on all pages. * Reduced query counts in the web API when returning empty lists. - Extensibility: * Extensions using the ``configure_extension`` view an now pass in a custom ``template_name`` pointing to a template for the configuration page, if it needs additional customization. * Enabling, disabling or reconfiguring extensions will now invalidate the caches for pages, ensuring that hooks will take affect. * Extension configuration now works properly on subdirectory installs. - Bug Fixes: * Fixed showing private review requests on a submitter page. * The description for submitted or discarded review requests is now shown on the diff viewer. * Discarding, reopening and then closing a review request no longer makes the review request private. * Fixed a naming conflict with older PyCrypto packages, such as the default package on CentOS 6.4. * Users with the 'can_change_status' permission no longer need the 'can_edit_reviewrequest' permission in order to close or reopen review requests. * Switching a repository from using a hosting service to Custom no longer reverts back to the hosting service. * Fixed editing a repository if its associated hosting service can't be loaded (such as if an extension providing that hosting service is disabled). * Many diff validation errors weren't being shown on the New Review Request page, generating 500 errors instead. * Fixed caching issues with the Blocks field on review requests. * Editing JSON text fields in the administration UI now works, validates, and won't result in warnings in the log. * Fixed breakages with looking up URLs internally with Local Sites. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.7.18-1 - New upstream bugfix release 1.7.18 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.18/ - Convert to using UglifyJS2 for javascript minification * Tue Nov 5 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.7.17-1 - New upstream security release 1.7.17 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/ - Resolves: CVE-2013-4519 - Security Fixes: * Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions. * Added a 'X-Frame-Options' header to prevent clickjacking. - New Features: * Remove the need for SSH keys for GitHub repositories. * Improved validation for GitHub repositories. * Added support for permissions on Local Sites. - Performance Improvements: * Reduced query counts on all pages. * Reduced query counts in the web API when returning empty lists. - Extensibility: * Extensions using the ``configure_extension`` view an now pass in a custom ``template_name`` pointing to a template for the configuration page, if it needs additional customization. * Enabling, disabling or reconfiguring extensions will now invalidate the caches for pages, ensuring that hooks will take affect. * Extension configuration now works properly on subdirectory installs. - Bug Fixes: * Fixed showing private review requests on a submitter page. * The description for submitted or discarded review requests is now shown on the diff viewer. * Discarding, reopening and then closing a review request no longer makes the review request private. * Fixed a naming conflict with older PyCrypto packages, such as the default package on CentOS 6.4. * Users with the 'can_change_status' permission no longer need the 'can_edit_reviewrequest' permission in order to close or reopen review requests. * Switching a repository from using a hosting service to Custom no longer reverts back to the hosting service. * Fixed editing a repository if its associated hosting service can't be loaded (such as if an extension providing that hosting service is disabled). * Many diff validation errors weren't being shown on the New Review Request page, generating 500 errors instead. * Fixed caching issues with the Blocks field on review requests. * Editing JSON text fields in the administration UI now works, validates, and won't result in warnings in the log. * Fixed breakages with looking up URLs internally with Local Sites. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027010 - CVE-2013-4519 ReviewBoard: two XSS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1027010 -------------------------------------------------------------------------------- ================================================================================ drupal7-features-2.0-3.fc18 (FEDORA-2013-21374) Provides feature management for Drupal -------------------------------------------------------------------------------- Update Information: - Update to upstream 2.0 release for bug fixes - Upstream changelog for this release: https://drupal.org/node/2114229 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.0-3 - Superfluous commit to make Bodhi happy * Thu Nov 14 2013 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.0-2 - Fixed non-versioned versus versioned doc dir issue * Thu Nov 7 2013 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.0-1 - Update to upstream 2.0 release for bug fixes - Upstream changelog for this release: https://drupal.org/node/2106567 -------------------------------------------------------------------------------- References: [ 1 ] Bug #993734 - drupal7-features possibly affected by F-20 unversioned docdir change https://bugzilla.redhat.com/show_bug.cgi?id=993734 -------------------------------------------------------------------------------- ================================================================================ drupal7-strongarm-2.0-3.fc18 (FEDORA-2013-21410) Strongarm gives a way to override the default variable values -------------------------------------------------------------------------------- Update Information: - Update to upstream 2.0 release for bug fixes - Upstream changelog for this release: https://drupal.org/node/1632574 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.0-3 - Superfluous commit to make Bodhi happy * Thu Nov 14 2013 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.0-2 - Fixed non-versioned versus versioned doc dir issue * Fri Nov 8 2013 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.0-1 - Update to upstream 2.0 release for bug fixes - Upstream changelog for this release: https://drupal.org/node/1632574 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0-0.8.rc1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #993735 - drupal7-strongarm possibly affected by F-20 unversioned docdir change https://bugzilla.redhat.com/show_bug.cgi?id=993735 -------------------------------------------------------------------------------- ================================================================================ erfa-1.0.1-1.fc18 (FEDORA-2013-21379) Essential Routines for Fundamental Astronomy -------------------------------------------------------------------------------- Update Information: Updates the package to the latest upstream version, with minor corrections -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Sergio Pascual <sergiopr at fedoraproject.org> - 1.0.1-1 - New usptream version (1.0.1) * Sat Oct 26 2013 Sergio Pascual <sergiopr at fedoraproject.org> - 1.0.0-1 - New usptream version (1.0.0) -------------------------------------------------------------------------------- ================================================================================ fedmsg-0.7.2-1.fc18 (FEDORA-2013-21386) Tools for Fedora Infrastructure real-time messaging -------------------------------------------------------------------------------- Update Information: Cap timestamp at second level precision to smooth over signature validation on different installations. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Ralph Bean <rbean@xxxxxxxxxx> - 0.7.2-1 - Latest upstream. - Cap message timestamp at the second-level precision. - Automatically listify endpoints. - Code cleaning. -------------------------------------------------------------------------------- ================================================================================ gofer-0.77-1.fc18 (FEDORA-2013-21399) A lightweight, extensible python agent -------------------------------------------------------------------------------- Update Information: Bug fixes and general enhancements. This version used extensively in Pulp. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 30 2013 Jeff Ortel <jortel@xxxxxxxxxx> 0.77-1 - Reduce logging do DEBUG on frequent messaging and RMI processing events. (jortel@xxxxxxxxxx) * Wed Mar 6 2013 Jeff Ortel <jortel@xxxxxxxxxx> 0.76-1 - Add support for cancelling RMI; thread pool rewrite; RMI class restructure. (jortel@xxxxxxxxxx) * Wed Nov 7 2012 Jeff Ortel <jortel@xxxxxxxxxx> 0.75-1 - policy timeout enhancements. (jortel@xxxxxxxxxx) - Fix threadpool leak; change plugin to use simplex pool. (jortel@xxxxxxxxxx) - Move threadpool test to unit/ (jortel@xxxxxxxxxx) - Add simplex/duplex option to ThreadPool. Fixes memory leak. (jortel@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-1.2.6-1.fc18 (FEDORA-2013-21364) A typing booster engine for the IBus platform -------------------------------------------------------------------------------- Update Information: Commit candidate clicked on with the mouse; Change wording of the option to show the total number of candidates -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.2.6-1 - Change wording of the option to show the total number of candidates (Resolves: rhbz#1029748) - Commit candidate clicked on with the mouse (Resolves: rhbz#1029822) - Use direct input also for IBus.InputPurpose.PIN - remove unused und superfluous arguments of constructor of Hunspell class - Add some transliteration options to .conf files which had only native keyboard enabled -------------------------------------------------------------------------------- References: [ 1 ] Bug #1029748 - Bit confusing label in preference windows https://bugzilla.redhat.com/show_bug.cgi?id=1029748 [ 2 ] Bug #1029822 - mouse selection and pagination numbering issue for ibus-typing-booster https://bugzilla.redhat.com/show_bug.cgi?id=1029822 -------------------------------------------------------------------------------- ================================================================================ kernel-3.11.8-100.fc18 (FEDORA-2013-21375) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.11.8 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.11.8-100 - Linux v3.11.8 * Sat Nov 9 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add patch from Daniel Stone to avoid high order allocations in evdev - Add qxl backport fixes from Dave Airlie -------------------------------------------------------------------------------- ================================================================================ lcmaps-1.6.1-6.fc18 (FEDORA-2013-21391) Grid (X.509) and VOMS credentials to local account mapping service -------------------------------------------------------------------------------- Update Information: Grid (X.509) and VOMS credentials to local account mapping service -------------------------------------------------------------------------------- References: [ 1 ] Bug #736717 - Review Request: lcmaps - Grid (X.509) and VOMS credentials to local account mapping https://bugzilla.redhat.com/show_bug.cgi?id=736717 -------------------------------------------------------------------------------- ================================================================================ lz4-r108-1.fc18 (FEDORA-2013-21370) Extremely fast compression algorithm -------------------------------------------------------------------------------- Update Information: lz4-r108 release. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 10 2013 pjp <pjp@xxxxxxxxxxxxxxxxx> - r108-1 - new release r108 -------------------------------------------------------------------------------- ================================================================================ mate-desktop-1.6.2-0.9.git81c245b.fc18 (FEDORA-2013-21416) Shared code for mate-panel, mate-session, mate-file-manager, etc -------------------------------------------------------------------------------- Update Information: - use Menta-Blue as default theme in fedora 20 - change gesettings overrides - let caja starts with mate-session-manager for > f19 - switch to gnome-keyring for > f19 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.2-0.9.git81c245b - use Menta-Blue as default theme in fedora 20, change gesettings overrides * Tue Nov 12 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.2-0.8.git81c245b - let caja starts with mate-session-manager for > f19 - adjust mate-fedora gesettings override file * Sat Oct 19 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.2-0.7.git81c245b - switch to gnome-keyring for > f19 * Fri Oct 18 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.6.2.-0.6.git81c245b - Fix typo -------------------------------------------------------------------------------- ================================================================================ mate-themes-1.6.2-1.fc18 (FEDORA-2013-21413) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: - update to 1.6.2 release - syncronize view of panel menus -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.2-1 - update to 1.6.2 release - syncronize view of panel menus -------------------------------------------------------------------------------- ================================================================================ mate-window-manager-1.6.2-6.fc18 (FEDORA-2013-21365) MATE Desktop window manager -------------------------------------------------------------------------------- Update Information: - start with side-by-side-tiling and windows-snapping-top-screen support for f20 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.2-6 - start with side-by-side-tiling and windows-snapping-top-screen support for f20 -------------------------------------------------------------------------------- ================================================================================ moodle-2.3.10-1.fc18 (FEDORA-2013-21354) A Course Management System -------------------------------------------------------------------------------- Update Information: Latest upstreams, multiple security fixes. Name: CVE-2013-6780 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6780 Assigned: 20131112 Reference: https://yuilibrary.com/support/20131111-vulnerability/ Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. Name: CVE-2013-3630 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630 [Open">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630">Open URL] Assigned: 20130521 Reference: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one [Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one">Open URL] Reference: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats [Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats">Open URL] Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 2.3.10-1 - 2.3.10, BZ 1025655,6, 1030084,5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1025655 - CVE-2013-3630 moodle: authenticated remote command execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1025655 [ 2 ] Bug #1025656 - CVE-2013-3630 moodle: authenticated remote command execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1025656 [ 3 ] Bug #1030084 - CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=1030084 [ 4 ] Bug #1030085 - CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [fedora-18] https://bugzilla.redhat.com/show_bug.cgi?id=1030085 -------------------------------------------------------------------------------- ================================================================================ open-vm-tools-9.4.0-1.fc18 (FEDORA-2013-21394) Open VMware Tools for virtual machines hosted on VMware -------------------------------------------------------------------------------- Update Information: New stable version 9.4.0 from upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.0-1 - Package new upstream version open-vm-tools-9.4.0-1280544. - Added CUSTOM_PROCPS_NAME=procps and -Wno-deprecated-declarations for version 9.4.0. -------------------------------------------------------------------------------- ================================================================================ php-5.4.22-1.fc18 (FEDORA-2013-21366) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 14 Nov 2013, PHP 5.4.22 Core: - Fixed bug #65911 (scope resolution operator - strange behavior with $this). (Bob Weinand) CLI server: - Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding). (Felipe) Exif: - Fixed crash on unknown encoding. (Draal) FTP: - Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter) ODBC - Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo) Sockets: - Fixed bug #65808 (the socket_connect() won't work with IPv6 address). (Mike) Standard: - Fixed bug #64760 (var_export() does not use full precision for floating-point numbers) (Yasuo) XMLReader: - Fixed bug #51936 (Crash with clone XMLReader). (Mike) - Fixed bug #64230 (XMLReader does not suppress errors). (Mike) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.4.22-1 - update to 5.4.22 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-CompatInfo-2.25.0-1.fc18 (FEDORA-2013-21419) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information: Version 2.25.0 (2013-11-14) Additions and changes: * add both support to PHP 5.4.22 and 5.5.6 * update mongo reference to 1.4.5 * update varnish reference to 1.1.1 * add new jsmin reference (0.1.1) * fixed the test skeleton template now unit test suites used shared fixtures Bug fixes: * GH-105: detect PHP-5.4 feature : Short array syntax declaration * GH-106: detect PHP-5.4 feature : Short array syntax on function call -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.25.0-1 - Update to 2.25.0 -------------------------------------------------------------------------------- ================================================================================ pypy-2.2.0-1.fc18 (FEDORA-2013-21372) Python implementation with a Just-In-Time compiler -------------------------------------------------------------------------------- Update Information: Update to 2.2.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 2.2.0-1 - Updated to 2.2.0 * Thu Aug 15 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 2.1-1 - Updated to 2.1.0 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jun 24 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 2.0.2-4 - Patch1 fix * Mon Jun 24 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 2.0.2-3 - Yet another Sources fix * Mon Jun 24 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 2.0.2-2 - Fixed Source URL * Mon Jun 24 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 2.0.2-1 - 2.0.2, patch 8 does not seem necessary anymore * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0-0.2.b1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Dec 11 2012 David Malcolm <dmalcolm@xxxxxxxxxx> - 2.0-0.1.b1 - 2.0b1 (drop upstreamed patch 9) -------------------------------------------------------------------------------- ================================================================================ python-djblets-0.7.23-1.fc18 (FEDORA-2013-20817) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information: - Fix JavaScript errors - New upstream security release 1.7.17 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/ - Resolves: CVE-2013-4519 - Security Fixes: * Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions. * Added a 'X-Frame-Options' header to prevent clickjacking. - New Features: * Remove the need for SSH keys for GitHub repositories. * Improved validation for GitHub repositories. * Added support for permissions on Local Sites. - Performance Improvements: * Reduced query counts on all pages. * Reduced query counts in the web API when returning empty lists. - Extensibility: * Extensions using the ``configure_extension`` view an now pass in a custom ``template_name`` pointing to a template for the configuration page, if it needs additional customization. * Enabling, disabling or reconfiguring extensions will now invalidate the caches for pages, ensuring that hooks will take affect. * Extension configuration now works properly on subdirectory installs. - Bug Fixes: * Fixed showing private review requests on a submitter page. * The description for submitted or discarded review requests is now shown on the diff viewer. * Discarding, reopening and then closing a review request no longer makes the review request private. * Fixed a naming conflict with older PyCrypto packages, such as the default package on CentOS 6.4. * Users with the 'can_change_status' permission no longer need the 'can_edit_reviewrequest' permission in order to close or reopen review requests. * Switching a repository from using a hosting service to Custom no longer reverts back to the hosting service. * Fixed editing a repository if its associated hosting service can't be loaded (such as if an extension providing that hosting service is disabled). * Many diff validation errors weren't being shown on the New Review Request page, generating 500 errors instead. * Fixed caching issues with the Blocks field on review requests. * Editing JSON text fields in the administration UI now works, validates, and won't result in warnings in the log. * Fixed breakages with looking up URLs internally with Local Sites. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 5 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.7.23-1 - New upstream release 0.7.23 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS * djblets.webapi: * Added a has_list_access_permissions function, which is used to determine access to a list resource. - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.22.NEWS * djblets.extensions: * AJAX_SERIAL is updated when extensions are enabled/disabled or their configuration changes, allowing templates using AJAX_SERIAL as part of their cache to invalidate. * djblets.siteconfig: * Reduced query counts for installs using siteconfig. * djblets.webapi: * Reduced query counts when returning payloads for list resources with no entries. * Common attribute lookups on WebAPIResource are now cached. - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.23.NEWS * djblets.extensions: * Fix URL errors when configuring extensions with a custom SITE_ROOT. * djblets.util.fields: * JSONFields can now be safely edited through the administration UI, complete with validation. * jquery.gravy: * Fixed hiding the pencil icons on an inlineEditor when disabled. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027010 - CVE-2013-4519 ReviewBoard: two XSS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1027010 -------------------------------------------------------------------------------- ================================================================================ python-pkgwat-api-0.12-1.fc18 (FEDORA-2013-21360) Python API for querying the fedora packages webapp -------------------------------------------------------------------------------- Update Information: Latest upstream with a unicode/encoding bugfix. Obsolete/Provide the misnamed python3-python-pkgwat-api. Handle exception when stripping xml tags. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Ralph Bean <rbean@xxxxxxxxxx> - 0.12-1 - Fix unicode issues when stripping html from responses. * Sun Nov 3 2013 Ralph Bean <rbean@xxxxxxxxxx> - 0.10-2 - Add obsoletes/provides on python3-python-pkgwat-api * Tue Oct 22 2013 Ralph Bean <rbean@xxxxxxxxxx> - 0.10-1 - Latest upstream with some bugfixes. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1030564 - [abrt] pkgwat-0.9-1.fc20: utils.py:36:strip_tags:UnicodeEncodeError: 'ascii' codec can't encode character u'\xe4' in position 11: ordinal not in range(128) https://bugzilla.redhat.com/show_bug.cgi?id=1030564 -------------------------------------------------------------------------------- ================================================================================ python3-3.3.0-5.fc18 (FEDORA-2013-21415) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Fix for rhbz#1023742 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 11 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 3.3.0-5 - Changed behavior of ssl.match_hostname() to follow RFC 6125 (rhbz#1023742) -------------------------------------------------------------------------------- ================================================================================ q4wine-1.1-1.fc18 (FEDORA-2013-21359) Qt4 GUI for wine -------------------------------------------------------------------------------- Update Information: Update to 1.1 version. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Dmitrij S. Kryzhevich <krege@xxxxxxx> - 1.1-2 - Fix setup macros parameters. * Thu Nov 14 2013 Dmitrij S. Kryzhevich <krege@xxxxxxx> - 1.1-2 - Update to 1.1 release. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0-2.r3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ q4wine-1.1-2.fc18 (FEDORA-2013-21407) Qt4 GUI for wine -------------------------------------------------------------------------------- Update Information: Fix release version -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Dmitrij S. Kryzhevich <krege@xxxxxxx> - 1.1-2 - Fix setup macros parameters. * Thu Nov 14 2013 Dmitrij S. Kryzhevich <krege@xxxxxxx> - 1.1-2 - Update to 1.1 release. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0-2.r3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ re2-20131024-1.fc18 (FEDORA-2013-21380) C++ fast alternative to backtracking RE engines -------------------------------------------------------------------------------- Update Information: Update to 20131024, fix missing symbols. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 11 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 20131024-1 - update to 20131024 - fix symbols export to stop test from failing * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 20130115-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027123 - Chromium: missing symbols https://bugzilla.redhat.com/show_bug.cgi?id=1027123 -------------------------------------------------------------------------------- ================================================================================ sddm-kcm-0-0.1.20131114gitafdda33c.fc18 (FEDORA-2013-21392) SDDM KDE configuration module -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- ================================================================================ smb4k-1.0.9-1.fc18 (FEDORA-2013-21369) The SMB/CIFS Share Browser for KDE -------------------------------------------------------------------------------- Update Information: Update to 1.0.9, bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 9 2013 Sérgio Basto <sergio@xxxxxxxxxx> - 1.0.9-2 - Update 1.0.9, bugfix release. * Sat Oct 26 2013 Sérgio Basto <sergio@xxxxxxxxxx> - 1.0.8-1 - Update to 1.0.8, bugfix release. - Fix some dates. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xscreensaver-5.23-1.fc18 (FEDORA-2013-21403) X screen saver and locker -------------------------------------------------------------------------------- Update Information: New version 5.23 is released. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 13 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.23-1 - Update to 5.23 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:5.22-1.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2013.11.13-1.fc18 (FEDORA-2013-21367) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: New version. New version. New version. New version. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.11.13-1 - Update to new release. * Tue Nov 12 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.11.11-1 - Update to new release. * Fri Nov 8 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.11.07-1 - Update to new release(BZ#1027822). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027822 - youtube-dl-2013.11.07 is available https://bugzilla.redhat.com/show_bug.cgi?id=1027822 [ 2 ] Bug #1026034 - youtube-dl-2013.11.02 is available https://bugzilla.redhat.com/show_bug.cgi?id=1026034 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test