The following Fedora 18 Security updates need testing: Age URL 223 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 69 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 66 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18 64 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 62 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-21875/389-ds-base-1.3.0.9-1.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-21874/mediawiki-1.19.9-1.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-22011/monitorix-3.3.1-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22312/xen-4.2.3-10.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22315/ruby-1.9.3.484-32.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22313/subversion-1.7.14-1.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 292 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-21783/unzip-6.0-11.fc18 8 https://admin.fedoraproject.org/updates/FEDORA-2013-21776/soprano-2.9.4-2.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-21825/gvfs-1.14.2-5.fc18 5 https://admin.fedoraproject.org/updates/FEDORA-2013-21847/sane-backends-1.0.24-7.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22215/taglib-1.9.1-2.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22253/kde-settings-4.9-22.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22299/fedora-bookmarks-15-4.fc18 The following builds have been pushed to Fedora 18 updates-testing acpica-tools-20131115-1.fc18 cmake-fedora-1.1.6-1.fc18 fedora-bookmarks-15-4.fc18 gccxml-0.9.0-0.18.20130919.gitb040a463.fc18 lcmaps-1.6.1-7.fc18 portreserve-0.0.5-9.fc18 python-ase-3.8.1.3440-7.fc18 ruby-1.9.3.484-32.fc18 subversion-1.7.14-1.fc18 tito-0.4.18-1.fc18 xen-4.2.3-10.fc18 Details about builds: ================================================================================ acpica-tools-20131115-1.fc18 (FEDORA-2013-22308) ACPICA tools for the development and debug of ACPI tables -------------------------------------------------------------------------------- Update Information: Update to latest upstream, improving compliance with ACPI 5.0 specification. Corrects a testing script so that it runs properly on s390x. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 25 2013 Al Stone <ahs3@xxxxxxxxxx> - 20131115-1 - Update to latest upstream. Closes BZ#1031255. - Add a little code to workaround build problems that can occur (the tests will fail) when a build starts before midnight, but ends after midnight - Remove patch to include Makefile.config that was missing from tarball. * Wed Oct 9 2013 Al Stone <ahs3@xxxxxxxxxx> - 20130927-1 - Update to latest upstream. Closes BZ#1013090. - Add temporary patch to include Makefile.config being missing from tarball. * Fri Sep 13 2013 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 20130823-5 - correct iasl obs_ver * Tue Sep 10 2013 Dean Nelson <dnelson@xxxxxxxxxx> - 20130823-4 - Fix run-misc-tests.sh script to properly set the number of BITS to 64 when run on a s390x system. * Tue Sep 10 2013 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 20130823-3 - correct pmtools obs_ver -------------------------------------------------------------------------------- References: [ 1 ] Bug #1031255 - acpica-tools-20131115 is available https://bugzilla.redhat.com/show_bug.cgi?id=1031255 -------------------------------------------------------------------------------- ================================================================================ cmake-fedora-1.1.6-1.fc18 (FEDORA-2013-22327) CMake helper modules for fedora developers -------------------------------------------------------------------------------- Update Information: - Enhancement: + Fedora version will now automatically updated. + New macros: - VARIABLE_PARSE_ARGN: Parse the arguments. + New scripts: cmake-fedora-koji: Koji utilities. cmake-fedora-fedpkg: Fedpkg utilities. + Changed scripts: koji-build-scratch: fedora_1, fedora_2, epel_1, epel_2 can now be used as build scopes. + BODHI_UPDATE_TYPE is no longer required. + No need to manual edit project.spec.in + ADD_CUSTOM_TARGET_COMMAND now allow "ALL" - Bug Fixes: Resolves: Bug 879141 - Excessive quotation mark for target tag_pre Resolves: Bug 992069 - cmake-fedora: FTBFS in rawhide - Changed Modules + ManageUpload: - New macros: + MANAGE_UPLOAD_TARGET - Changed macros: + MANAGE_UPLOAD_SCP: parameter fileAlias replaced with targetName + MANAGE_UPLOAD_SFTP: parameter fileAlias replaced with targetName + MANAGE_UPLOAD_FEDORAHOSTED: parameter fileAlias replaced with targetName + MANAGE_UPLOAD_SOURCEFORGE: parameter fileAlias replaced with targetName - Removed macros: + MANAGE_UPLOAD_MAKE_TARGET + MANAGE_UPLOAD_CMD - Removed Directory: + <PRJ_DOC_DIR>/examples: as the examples can be found in <CMAKE_ROOT>/Templates/fedora - Removed Variables: + FEDORA_AUTO_KARMA - Removed Macros: + MANAGE_UPLOAD_MAKE_TARGET + MANAGE_UPLOAD_CMD - Removed Targets: + bodhi_new: Submit the package to bodhi + fedpkg_<tag>_build: Build for tag + fedpkg_<tag>_commit: Import, commit and push -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 26 2013 Ding-Yi Chen <dchen at redhat.com> - 1.1.6-1 - Enhancement: + Fedora version will now automatically updated. + New macros: - VARIABLE_PARSE_ARGN: Parse the arguments. + New scripts: cmake-fedora-koji: Koji utilities. cmake-fedora-fedpkg: Fedpkg utilities. + Changed scripts: koji-build-scratch: fedora_1, fedora_2, epel_1, epel_2 can now be used as build scopes. + BODHI_UPDATE_TYPE is no longer required. + No need to manual edit project.spec.in + ADD_CUSTOM_TARGET_COMMAND now allow "ALL" - Bug Fixes: Resolves: Bug 879141 - Excessive quotation mark for target tag_pre Resolves: Bug 992069 - cmake-fedora: FTBFS in rawhide - Changed Modules + ManageUpload: - New macros: + MANAGE_UPLOAD_TARGET - Changed macros: + MANAGE_UPLOAD_SCP: parameter fileAlias replaced with targetName + MANAGE_UPLOAD_SFTP: parameter fileAlias replaced with targetName + MANAGE_UPLOAD_FEDORAHOSTED: parameter fileAlias replaced with targetName + MANAGE_UPLOAD_SOURCEFORGE: parameter fileAlias replaced with targetName - Removed macros: + MANAGE_UPLOAD_MAKE_TARGET + MANAGE_UPLOAD_CMD - Removed Directory: + <PRJ_DOC_DIR>/examples: as the examples can be found in <CMAKE_ROOT>/Templates/fedora - Removed Variables: + FEDORA_AUTO_KARMA - Removed Macros: + MANAGE_UPLOAD_MAKE_TARGET + MANAGE_UPLOAD_CMD - Removed Targets: + bodhi_new: Submit the package to bodhi + fedpkg_<tag>_build: Build for tag + fedpkg_<tag>_commit: Import, commit and push * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Nov 22 2012 Ding-Yi Chen <dchen at redhat.com> - 1.0.5-1 - Fedora 18 support. - Source tarball filename is changed back to name-version-Source.tar.gz to avoid confusion between source generate by cmake-fedora (which contains ChangeLog and projectName.pot) and tarball generation service from hosting site (which does not contain generated files) - koji-build-scratch: rawhide build target does not always have suffix -candidate. - README updated. - TODO updated. -------------------------------------------------------------------------------- ================================================================================ fedora-bookmarks-15-4.fc18 (FEDORA-2013-22299) Fedora bookmarks -------------------------------------------------------------------------------- Update Information: Fixed release notes. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 27 2013 Martin Stransky <stransky@xxxxxxxxxx> - 15-4 - Updated bookmarks (rhbz#1030577) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 15-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1030577 - Firefox installed with bad bookmark for release notes https://bugzilla.redhat.com/show_bug.cgi?id=1030577 -------------------------------------------------------------------------------- ================================================================================ gccxml-0.9.0-0.18.20130919.gitb040a463.fc18 (FEDORA-2013-22303) XML output extension to GCC -------------------------------------------------------------------------------- Update Information: Minor fix in gcc 4.8 support files. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 27 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 0.9.0-0.18.20130919.gitb040a463 - Updated git snapshot * Thu Aug 8 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 0.9.0-0.17.20130506.git567213ac - Use _pkgdocdir * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.0-0.16.20130506.git567213ac - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ lcmaps-1.6.1-7.fc18 (FEDORA-2013-22305) Grid (X.509) and VOMS credentials to local account mapping service -------------------------------------------------------------------------------- Update Information: Removes the arch-dependent element from a generated documentation file. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 25 2013 Dennis van Dok <dennisvd@xxxxxxxxx> 1.6.1-7 - Patch the example DB file so it doesn't contain an architecture-specific path. Fixes bug #1034019. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1034019 - lcmaps multi-lib conflicts https://bugzilla.redhat.com/show_bug.cgi?id=1034019 -------------------------------------------------------------------------------- ================================================================================ portreserve-0.0.5-9.fc18 (FEDORA-2013-22330) TCP port reservation utility -------------------------------------------------------------------------------- Update Information: This update fixes start-up problems when no configuration is present. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 26 2013 Tim Waugh <twaugh@xxxxxxxxxx> - 0.0.5-9 - Avoid a race during start-up if there are no configured ports (bug #901988). - Moved tmpfiles configuration file to correct location. - Don't use %ghost in manifest for state directory, in order to make sure it is ready to use after installation. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.0.5-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.0.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Aug 21 2012 Tim Waugh <twaugh@xxxxxxxxxx> 0.0.5-6 - Use macroized systemd scriptlets (bug #850275). -------------------------------------------------------------------------------- References: [ 1 ] Bug #901988 - portreserve systemd service claims "FAILED" during boot while /sbin/portreserve exited successfully https://bugzilla.redhat.com/show_bug.cgi?id=901988 -------------------------------------------------------------------------------- ================================================================================ python-ase-3.8.1.3440-7.fc18 (FEDORA-2013-22301) Atomic Simulation Environment -------------------------------------------------------------------------------- Update Information: New upstream version fixes the conflict with the_silver_searcher -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 22 2013 Marcin Dulak <Marcin.Dulak@xxxxxxxxx> - 3.8.1.3440-7 - new upstream version, old patches removed -------------------------------------------------------------------------------- References: [ 1 ] Bug #1010479 - Binary name conflict with python-ase and the_silver_searcher https://bugzilla.redhat.com/show_bug.cgi?id=1010479 -------------------------------------------------------------------------------- ================================================================================ ruby-1.9.3.484-32.fc18 (FEDORA-2013-22315) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information: An overflow in floating point number parsing was found in Ruby currently being shipped on Fedora 19. This vulnerability has been assigned the CVE identifier CVE-2013-4164. This new rpm should fix this issue. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 25 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.9.3.484-32 - Update to 1.9.3 p484 - Fix heap overflow in floating point parsing (CVE-2013-4164) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1033546 - CVE-2013-4164 ruby: heap overflow in floating point parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1033546 -------------------------------------------------------------------------------- ================================================================================ subversion-1.7.14-1.fc18 (FEDORA-2013-22313) A Modern Concurrent Version Control System -------------------------------------------------------------------------------- Update Information: This update includes the latest stable release of Apache Subversion 1.7, version 1.7.14. Two security fixes are included: mod_dontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured by mod_dontdothat. (CVE-2013-4505) When SVNAutoversioning is enabled via "SVNAutoversioning on" commits can be made by single HTTP requests such as MKCOL and PUT. If Subversion is built with assertions enabled any such requests that have non-canonical URLs, such as URLs with a trailing /, may trigger an assert. An assert will cause the Apache process to abort. (CVE-2013-4558) Other bug fixes included in this update are as follows: Client- and server-side bugfixes: * fix assertion on urls of the form 'file://./' Client-side bugfixes: * upgrade: fix an assertion when used with pre-1.3 wcs * fix externals that point at redirected locations * diff: fix incorrect calculation of changes in some cases * diff: fix errors with added/deleted targets Server-side bugfixes: * mod_dav_svn: Prevent crashes with some 3rd party modules * fix OOM on concurrent requests at threaded server start * fsfs: limit commit time of files with deep change histories -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 26 2013 Joe Orton <jorton@xxxxxxxxxx> - 1.7.14-1 - update to 1.7.14 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1033431 - CVE-2013-4558 subversion: mod_dav_svn assertion when handling certain requests with autoversioning enabled https://bugzilla.redhat.com/show_bug.cgi?id=1033431 [ 2 ] Bug #1033995 - CVE-2013-4505 subversion: mod_dontdothat does not block requests from certain clients https://bugzilla.redhat.com/show_bug.cgi?id=1033995 -------------------------------------------------------------------------------- ================================================================================ tito-0.4.18-1.fc18 (FEDORA-2013-22296) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: New support for writing out a templated version file during tagging. New Copr build system and OBS releasers. Fixed bug with old versions of packages still being left in the yum repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 Devan Goodwin <dgoodwin@xxxxxxxx> 0.4.18-1 - Merge the FiledVersionTagger into the base VersionTagger. (dgoodwin@xxxxxxxxxx) - add Copr releaser (msuchy@xxxxxxxxxx) - Fix broken asciidoc. (dgoodwin@xxxxxxxxxx) - Fix old versions in yum repodata. (dgoodwin@xxxxxxxxxx) - adding the FiledVersionTagger class that we are using internally (vbatts@xxxxxxxxxx) - tito report man page missing options (admiller@xxxxxxxxxx) - Implement OBS releaser (msuchy@xxxxxxxxxx) * Fri Aug 2 2013 Devan Goodwin <dgoodwin@xxxxxxxx> 0.4.17-1 - Fix permissions after a Fedora/Brew build. (dgoodwin@xxxxxxxxxx) - Comment out old nightly releaser. (dgoodwin@xxxxxxxxxx) - add newline to sys.stderr.write (msuchy@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ xen-4.2.3-10.fc18 (FEDORA-2013-22312) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Lock order reversal between page_alloc_lock and mm_rwlock, Hypercalls exposed to privilege rings 1 and 2 of HVM guests, Insufficient TLB flushing in VT-d (iommu) code -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 26 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.3-10 - Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923) * Thu Nov 21 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.3-9 - Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1029120 - CVE-2013-4553 kernel: xen: lock order reversal between page_alloc_lock and mm_rwlock https://bugzilla.redhat.com/show_bug.cgi?id=1029120 [ 2 ] Bug #1029111 - CVE-2013-4554 kernel: xen: hypercalls exposed to privilege rings 1 and 2 of HVM guests https://bugzilla.redhat.com/show_bug.cgi?id=1029111 [ 3 ] Bug #1033138 - CVE-2013-6375 xen: Insufficient TLB flushing in VT-d (iommu) code https://bugzilla.redhat.com/show_bug.cgi?id=1033138 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
