The following Fedora 18 Security updates need testing: Age URL 239 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18 85 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18 79 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18 78 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18 21 https://admin.fedoraproject.org/updates/FEDORA-2013-21875/389-ds-base-1.3.0.9-1.fc18 9 https://admin.fedoraproject.org/updates/FEDORA-2013-22771/gimp-2.8.10-4.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-22949/net-snmp-5.7.2-7.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-22929/dcraw-9.19-4.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-22899/ufraw-0.19.2-10.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-22986/munin-2.0.18-2.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-22993/munin-2.0.19-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-23122/firefox-26.0-2.fc18,xulrunner-26.0-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-23140/python-setuptools-0.6.49-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-23068/rubygem-i18n-0.6.0-2.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-23215/php-5.4.23-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-23291/thunderbird-24.2.0-2.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-23299/libreswan-3.7-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-23378/openttd-1.3.3-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-23401/v8-3.14.5.10-3.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 308 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 13 https://admin.fedoraproject.org/updates/FEDORA-2013-22457/libbluray-0.4.0-2.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-22918/opus-1.1-1.fc18 7 https://admin.fedoraproject.org/updates/FEDORA-2013-22917/colord-1.0.5-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-23122/firefox-26.0-2.fc18,xulrunner-26.0-1.fc18 4 https://admin.fedoraproject.org/updates/FEDORA-2013-23140/python-setuptools-0.6.49-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-23224/openssh-6.1p1-11.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-23291/thunderbird-24.2.0-2.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-23312/dracut-029-1.fc18.3 1 https://admin.fedoraproject.org/updates/FEDORA-2013-23306/abrt-2.1.10-1.fc18,libreport-2.1.10-1.fc18,satyr-0.12-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-23297/libfm-1.1.4-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-23381/cryptsetup-1.6.3-1.fc18 The following builds have been pushed to Fedora 18 updates-testing ReviewBoard-1.7.20-1.fc18 certmonger-0.69-1.fc18 cryptsetup-1.6.3-1.fc18 docky-2.2.0-1.fc18 fedora-review-0.5.1-1.fc18 globus-gram-audit-3.2-8.fc18 globus-gram-job-manager-13.53-2.fc18 globus-gram-job-manager-slurm-1.2-2.fc18 globus-scheduler-event-generator-4.7-7.fc18 libburn-1.3.4-1.fc18 libisoburn-1.3.4-1.fc18 libisofs-1.3.4-1.fc18 libuv-0.10.20-1.fc18 nodejs-0.10.23-1.fc18 opensmtpd-5.4.1p1-1.fc18 openttd-1.3.3-1.fc18 php-bartlett-PHP-CompatInfo-2.26.0-1.fc18 pyfits-3.1.3-1.fc18 python-djblets-0.7.27-1.fc18 python-elasticsearch-0.4.3-3.fc18 python-moksha-hub-1.2.2-1.fc18 rpmlint-1.5-6.fc18 rubygem-narray-0.6.0.8-9.fc18 v8-3.14.5.10-3.fc18 Details about builds: ================================================================================ ReviewBoard-1.7.20-1.fc18 (FEDORA-2013-23383) Web-based code review tool -------------------------------------------------------------------------------- Update Information: * Thu Dec 12 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.7.20-1 - New upstream bugfix release 1.7.20 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.20/ - Web API Changes: * When posting a review request and using submit-as, the given username will now be looked up in the auth backend (LDAP, Active Directory, etc.), instead of just the local database. - Bug Fixes: * Accessing file attachments without review UIs through the API no longer causes an HTTP 500 error. * Fields in the administration UI containing JSON will no longer cause errors during save. Furthermore, the JSON is now valid and properly editable. * Usernames with plus signs are now allowed. - Internal Changes * Rewrote the Mercurial support to use the command line tool. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 12 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.7.20-1 - New upstream bugfix release 1.7.20 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.20/ - Web API Changes: * When posting a review request and using submit-as, the given username will now be looked up in the auth backend (LDAP, Active Directory, etc.), instead of just the local database. - Bug Fixes: * Accessing file attachments without review UIs through the API no longer causes an HTTP 500 error. * Fields in the administration UI containing JSON will no longer cause errors during save. Furthermore, the JSON is now valid and properly editable. * Usernames with plus signs are now allowed. - Internal Changes * Rewrote the Mercurial support to use the command line tool. -------------------------------------------------------------------------------- ================================================================================ certmonger-0.69-1.fc18 (FEDORA-2013-23416) Certificate status monitor and PKI enrollment client -------------------------------------------------------------------------------- Update Information: This update fixes crashes in the daemon when there are errors reading some of its data files or errors saving newly-obtained certificates to disk. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 9 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.69-1 - tweak how we decide whether we're on the master or a minion when we're told to use certmaster as a CA - clean up one of the tests so that it doesn't have to work around internal logging producing duplicate messages - when logging errors while setting up to contact xmlrpc servers, explicitly note that the error is client-side - don't abort() due to incorrect locking when an attempt to save an issued certificate to the designated location fails (part of #1032760/#1033333, ticket #22) - when reading an issued certificate from an enrollment helper, ignore noise before or after the certificate itself (more of #1032760/1033333, ticket #22) - run subprocesses in a cleaned-up environment (more of #1032760/1033333, ticket #22) - clear the ca-error that we saved when we had an error talking to the CA if we subsequently succeed in talking to the CA - various other static-analysis fixes * Thu Aug 29 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.68-1 - notice when the OpenSSL RNG isn't seeded - notice when saving certificates or keys fails due to filesystem-related permission denial (#996581) * Tue Aug 6 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.67-3 - pull up a patch from master to adapt self-tests to certutil's diagnostic output having changed (#992050) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.67-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Mar 11 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.67-1 - when saving certificates to NSS databases, try to preserve the trust value assigned to a previously-present certificate with the same nickname and subject, if one is found - when saving certificates to NSS databases, also prune certificates from the database which have both the same nickname and subject as the one we're adding, to avoid tripping up tools that only fetch one certificate by nickname * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.65-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Jan 23 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.66-1 - build as position-independent executables with early binding (#883966) - also don't tag the unit file as a configuration file (internal tooling) * Wed Jan 23 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.65-2 - don't tag the D-Bus session .service file as a configuration file (internal tooling) -------------------------------------------------------------------------------- References: [ 1 ] Bug #995022 - certmonger coredumps when certificates cannot be created due to permissions https://bugzilla.redhat.com/show_bug.cgi?id=995022 [ 2 ] Bug #1043017 - [abrt] certmonger-0.67-1.fc19: strcmp: Process /usr/sbin/certmonger was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1043017 -------------------------------------------------------------------------------- ================================================================================ cryptsetup-1.6.3-1.fc18 (FEDORA-2013-23381) A utility for setting up encrypted disks -------------------------------------------------------------------------------- Update Information: Update to cryptsetup 1.6.3. -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 Milan Broz <gmazyland@xxxxxxxxx> - 1.6.3-1 - Update to cryptsetup 1.6.3. -------------------------------------------------------------------------------- ================================================================================ docky-2.2.0-1.fc18 (FEDORA-2013-23420) Advanced dock application written in Mono -------------------------------------------------------------------------------- Update Information: 2.2.0 "Sneak it in you system" (2013-05-02) =============================================================================== * New Feature Release + new docklets: - NetworkMonitor * update translations CORE: * Accept dropping of every file when no MimeType specified (LP: #986693) * Docky click area larger than visible in panel mode (LP: #730959) * Gconf key to suppress compositing warning. (LP: #754064) * Error building with mono 3 (LP: #1097805) DOCKLETS: * CPU Monitor Docklet doesn't launch System Monitor in KDE (LP: #779181) * Add systemd support for SessionManager -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 19 2013 Christopher Meng <rpm@xxxxxxxx> - 2.2.0-1 - Update to 2.2.0(BZ#958779) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #909443 - Docky crashes regularly - Once per hour. https://bugzilla.redhat.com/show_bug.cgi?id=909443 [ 2 ] Bug #958779 - docky-2.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=958779 -------------------------------------------------------------------------------- ================================================================================ fedora-review-0.5.1-1.fc18 (FEDORA-2013-23402) Review tool for fedora rpm packages -------------------------------------------------------------------------------- Update Information: Update to latest upstream version fixes several bugs and enables split of Java guidelines plugin into separate package. >From upstream NEWS file: 0.5.1 ===== - Added framework for moving plugins out of the fedora-review source tree; the java plugin is now external. This feature is still experimental. - Hide some tests when they are not applicable (#229). - Fix a bug in make_dist (#228). - Added stub plugins for Ocaml and Haskell allowing static linkage (#220, #221). - Add a fonts plugin running repo-fonts-audit (#215). - Enhance systemd config files handling (#214, #193). - Update CheckStaticLibs to current GL (#222). - CheckStaticLibs: fix typo causing false positives (bz 1012873). - Added new XML report designed for batch testing( #197). - Fixed a bad bug where deprecations was honored in non-applicable shell tests (498fa464b). - Make paths in licensecheck.txt relative to source dir (ee29d7e). - Handle inconsistent yum caches (bz #1028332). - Fix some EPEL5 glitches (bz #1040353, bz #1040369). - Add command line option to koji-download-scratch (bz #1027616). Update dependency on licensecheck script and fix phpci plugin dependency Update dependency on licensecheck script and fix phpci plugin dependency -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.5.1-1 - Update to latest upstream (0.5.1) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1012873 - static test should check provides static not requires https://bugzilla.redhat.com/show_bug.cgi?id=1012873 [ 2 ] Bug #1028332 - fails during `repoquery -l filesystem`-stage https://bugzilla.redhat.com/show_bug.cgi?id=1028332 [ 3 ] Bug #1040353 - Confusing output with EPEL5 flag https://bugzilla.redhat.com/show_bug.cgi?id=1040353 [ 4 ] Bug #1040369 - fedora-review complains about missing %defattr with -D EPEL5 https://bugzilla.redhat.com/show_bug.cgi?id=1040369 [ 5 ] Bug #1027616 - fedora-review: Allow overriding Koji hub address in koji-download-scratch https://bugzilla.redhat.com/show_bug.cgi?id=1027616 [ 6 ] Bug #971875 - phpci command renamed to phpcompatinfo https://bugzilla.redhat.com/show_bug.cgi?id=971875 [ 7 ] Bug #1016309 - Add dependency on %{_bindir}/licensecheck https://bugzilla.redhat.com/show_bug.cgi?id=1016309 -------------------------------------------------------------------------------- ================================================================================ globus-gram-audit-3.2-8.fc18 (FEDORA-2013-23414) Globus Toolkit - GRAM Jobmanager Auditing -------------------------------------------------------------------------------- Update Information: Directory ownership fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 3.2-8 - Proper ownership of /etc/globus and /var/lib/globus * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sun Jul 28 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 3.2-6 - Implement updated packaging guidelines * Thu Jul 18 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 3.2-5 - Perl 5.18 rebuild * Thu May 23 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 3.2-4 - Specfile clean-up * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ globus-gram-job-manager-13.53-2.fc18 (FEDORA-2013-23414) Globus Toolkit - GRAM Jobmanager -------------------------------------------------------------------------------- Update Information: Directory ownership fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 13.53-2 - Proper ownership of /etc/globus -------------------------------------------------------------------------------- ================================================================================ globus-gram-job-manager-slurm-1.2-2.fc18 (FEDORA-2013-23403) Globus Toolkit - SLURM Job Manager Support -------------------------------------------------------------------------------- Update Information: New package from Globus Toolkit 5.2.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1028165 - Review Request: globus-gram-job-manager-slurm - Globus Toolkit - SLURM Job Manager Support https://bugzilla.redhat.com/show_bug.cgi?id=1028165 -------------------------------------------------------------------------------- ================================================================================ globus-scheduler-event-generator-4.7-7.fc18 (FEDORA-2013-23414) Globus Toolkit - Scheduler Event Generator -------------------------------------------------------------------------------- Update Information: Directory ownership fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 4.7-7 - Proper ownership of /etc/globus/scheduler-event-generator/available -------------------------------------------------------------------------------- ================================================================================ libburn-1.3.4-1.fc18 (FEDORA-2013-23411) Library for reading, mastering and writing optical discs -------------------------------------------------------------------------------- Update Information: Changes towards previous version 1.3.2 ====================================== libburn novelties ----------------- * Bug fix: Drive error reports were ignored during blanking and formatting * Bug fix: Drive LG BH16NS40 stalls on inspection of unformatted DVD+RW * New API call burn_disc_pretend_full_uncond() libisofs novelties ------------------ * Giving sort weight 2 as default to El Torito boot images * Encoding HFS+ names in UTF-16 rather than UCS-2 libisoburn and xorriso novelties -------------------------------- * Bug fix: Command -blank "as_needed" formatted blank BD-R. * Bug fix: -as mkisofs option -log-file put the log file into the image * Bug fix: -cut_out did not add x-permission to r-permission of directory * Bug fix: Command -zisofs did not accept all options emitted by -status -zisofs * Bug fix: -blank force:... failed on appendable or closed media * New command -read_speed * New -close mode "as_needed", new -as cdrecord option --multi_if_possible * New -alter_date types: a-c , m-c , b-c , c -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 14 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.3.4-1 - Update to upstream 1.3.4 (#1043068) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1043071 - libisofs-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043071 [ 2 ] Bug #1043068 - libburn-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043068 [ 3 ] Bug #1043070 - libisoburn-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043070 -------------------------------------------------------------------------------- ================================================================================ libisoburn-1.3.4-1.fc18 (FEDORA-2013-23411) Library to enable creation and expansion of ISO-9660 filesystems -------------------------------------------------------------------------------- Update Information: Changes towards previous version 1.3.2 ====================================== libburn novelties ----------------- * Bug fix: Drive error reports were ignored during blanking and formatting * Bug fix: Drive LG BH16NS40 stalls on inspection of unformatted DVD+RW * New API call burn_disc_pretend_full_uncond() libisofs novelties ------------------ * Giving sort weight 2 as default to El Torito boot images * Encoding HFS+ names in UTF-16 rather than UCS-2 libisoburn and xorriso novelties -------------------------------- * Bug fix: Command -blank "as_needed" formatted blank BD-R. * Bug fix: -as mkisofs option -log-file put the log file into the image * Bug fix: -cut_out did not add x-permission to r-permission of directory * Bug fix: Command -zisofs did not accept all options emitted by -status -zisofs * Bug fix: -blank force:... failed on appendable or closed media * New command -read_speed * New -close mode "as_needed", new -as cdrecord option --multi_if_possible * New -alter_date types: a-c , m-c , b-c , c -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 14 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.3.4-1 - Upgrade to 1.3.4 (#1043070) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1043071 - libisofs-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043071 [ 2 ] Bug #1043068 - libburn-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043068 [ 3 ] Bug #1043070 - libisoburn-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043070 -------------------------------------------------------------------------------- ================================================================================ libisofs-1.3.4-1.fc18 (FEDORA-2013-23411) Library to create ISO 9660 disk images -------------------------------------------------------------------------------- Update Information: Changes towards previous version 1.3.2 ====================================== libburn novelties ----------------- * Bug fix: Drive error reports were ignored during blanking and formatting * Bug fix: Drive LG BH16NS40 stalls on inspection of unformatted DVD+RW * New API call burn_disc_pretend_full_uncond() libisofs novelties ------------------ * Giving sort weight 2 as default to El Torito boot images * Encoding HFS+ names in UTF-16 rather than UCS-2 libisoburn and xorriso novelties -------------------------------- * Bug fix: Command -blank "as_needed" formatted blank BD-R. * Bug fix: -as mkisofs option -log-file put the log file into the image * Bug fix: -cut_out did not add x-permission to r-permission of directory * Bug fix: Command -zisofs did not accept all options emitted by -status -zisofs * Bug fix: -blank force:... failed on appendable or closed media * New command -read_speed * New -close mode "as_needed", new -as cdrecord option --multi_if_possible * New -alter_date types: a-c , m-c , b-c , c -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 14 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.3.4-1 - Upgrade to 1.3.4 (#1043071) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1043071 - libisofs-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043071 [ 2 ] Bug #1043068 - libburn-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043068 [ 3 ] Bug #1043070 - libisoburn-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043070 -------------------------------------------------------------------------------- ================================================================================ libuv-0.10.20-1.fc18 (FEDORA-2013-23422) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: 2013.12.12, node.js Version 0.10.23 (Stable) * build: include postmortem symbols on linux (Timothy J Fontaine) * crypto: Make Decipher._flush() emit errors. (Kai Groner) * dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny) * events: do not accept NaN in setMaxListeners (Fedor Indutny) * events: avoid calling `once` functions twice (Tim Wood) * events: fix TypeError in removeAllListeners (Jeremy Martin) * fs: report correct path when EEXIST (Fedor Indutny) * process: enforce allowed signals for kill (Sam Roberts) * tls: emit 'end' on .receivedShutdown (Fedor Indutny) * tls: fix potential data corruption (Fedor Indutny) * tls: handle `ssl.start()` errors appropriately (Fedor Indutny) * tls: reset NPN callbacks after SNI (Fedor Indutny) 2013.12.13, libuv Version 0.10.20 (Stable) * linux: fix up SO_REUSEPORT back-port (Ben Noordhuis) * fs-event: fix invalid memory access (huxingyi) -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 12 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:0.10.20-1 - new upstream release 0.10.20 https://github.com/joyent/libuv/blob/v0.10.20/ChangeLog -------------------------------------------------------------------------------- ================================================================================ nodejs-0.10.23-1.fc18 (FEDORA-2013-23422) JavaScript runtime -------------------------------------------------------------------------------- Update Information: 2013.12.12, node.js Version 0.10.23 (Stable) * build: include postmortem symbols on linux (Timothy J Fontaine) * crypto: Make Decipher._flush() emit errors. (Kai Groner) * dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny) * events: do not accept NaN in setMaxListeners (Fedor Indutny) * events: avoid calling `once` functions twice (Tim Wood) * events: fix TypeError in removeAllListeners (Jeremy Martin) * fs: report correct path when EEXIST (Fedor Indutny) * process: enforce allowed signals for kill (Sam Roberts) * tls: emit 'end' on .receivedShutdown (Fedor Indutny) * tls: fix potential data corruption (Fedor Indutny) * tls: handle `ssl.start()` errors appropriately (Fedor Indutny) * tls: reset NPN callbacks after SNI (Fedor Indutny) 2013.12.13, libuv Version 0.10.20 (Stable) * linux: fix up SO_REUSEPORT back-port (Ben Noordhuis) * fs-event: fix invalid memory access (huxingyi) -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 12 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.23-1 - new upstream release 0.10.23 http://blog.nodejs.org/2013/12/11/node-v0-10-23-stable/ -------------------------------------------------------------------------------- ================================================================================ opensmtpd-5.4.1p1-1.fc18 (FEDORA-2013-23429) Free implementation of the server-side SMTP protocol as defined by RFC 5321 -------------------------------------------------------------------------------- Update Information: OpenSMTPD package initial submission -------------------------------------------------------------------------------- References: [ 1 ] Bug #1021719 - Review Request: opensmtpd - Minimalistic but powerful smtp server https://bugzilla.redhat.com/show_bug.cgi?id=1021719 -------------------------------------------------------------------------------- ================================================================================ openttd-1.3.3-1.fc18 (FEDORA-2013-23378) Transport system simulation game -------------------------------------------------------------------------------- Update Information: Fixes CVE-2013-6411: DoS using forcefully crashed aircrafts -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 12 2013 Felix Kaechele <felix@xxxxxxxxxx> - 1.3.3-1 - update to 1.3.3 - fixes CVE-2013-6411 * Sat Sep 21 2013 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1.3.2-3 - another try at a rebuild to fix BZ#989786 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035991 - CVE-2013-6411 openttd: DoS using forcefully crashed aircrafts https://bugzilla.redhat.com/show_bug.cgi?id=1035991 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-CompatInfo-2.26.0-1.fc18 (FEDORA-2013-23408) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information: Version 2.26.0 (2013-12-13) Additions and changes: * add both support to PHP 5.4.23 and 5.5.7 * add new riak reference 1.0.0 * update yaml reference to 1.1.1 * update zip reference to 1.12.3 * update memcached reference to 2.2.0b1 (GH-112 by Remi Collet) * update http reference to 2.0.3 (GH-110 by Remi Collet) Bug fixes: * fix notice error when matching internal function arguments and signature used in implementation (thanks to Remi Collet to noticed me) * fix notice error on list reference report when filter reference option is active * GH-111: missing cli_get_process_title and cli_set_process_title (by Remi Collet) -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.26.0-1 - Update to 2.26.0 (stable) -------------------------------------------------------------------------------- ================================================================================ pyfits-3.1.3-1.fc18 (FEDORA-2013-23395) Python interface to FITS -------------------------------------------------------------------------------- Update Information: new upstream release, with bugfixes (see http://www.stsci.edu/institute/software_hardware/pyfits/release) -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 Sergio Pascual <sergiopr@xxxxxxxxxxxxxxxxx> - 3.1.3-1 - New upstream 3.1.3 (bugfixes) * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-djblets-0.7.27-1.fc18 (FEDORA-2013-23383) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information: * Thu Dec 12 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.7.20-1 - New upstream bugfix release 1.7.20 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.20/ - Web API Changes: * When posting a review request and using submit-as, the given username will now be looked up in the auth backend (LDAP, Active Directory, etc.), instead of just the local database. - Bug Fixes: * Accessing file attachments without review UIs through the API no longer causes an HTTP 500 error. * Fields in the administration UI containing JSON will no longer cause errors during save. Furthermore, the JSON is now valid and properly editable. * Usernames with plus signs are now allowed. - Internal Changes * Rewrote the Mercurial support to use the command line tool. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 12 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.7.27-1 - New upstream release 0.7.27 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.25.NEWS * djblets.auth: * Added some human-readable labels for RegistrationForm. * RegistrationForm subclasses that make use of fields that normalize to non-strings no longer fail to save. * djblets.webapi: * Usernames with plus signs in them are now matched in the API. - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.26.NEWS * djblets.util.fields: * Fixed JSONField in the administration UI. * djblets.webapi: * Added support for web API authentication backends. - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.27.NEWS * Fixed a regression with the new webapi auth backend support -------------------------------------------------------------------------------- ================================================================================ python-elasticsearch-0.4.3-3.fc18 (FEDORA-2013-23379) Client for Elasticsearch -------------------------------------------------------------------------------- Update Information: First release of python-elasticsearch -------------------------------------------------------------------------------- ================================================================================ python-moksha-hub-1.2.2-1.fc18 (FEDORA-2013-23385) Hub components for Moksha -------------------------------------------------------------------------------- Update Information: Fix memory leak in the websocket server. -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.2-1 - Latest upstream fixing a memory leak in the websocket server. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rpmlint-1.5-6.fc18 (FEDORA-2013-23413) Tool for checking common errors in RPM packages -------------------------------------------------------------------------------- Update Information: Fix bug with packages containing unicode in their name. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 12 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.5-6 - fix unicode naming bug (bz 1036310) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1036310 - [abrt] rpmlint-1.5-5.fc19: TagsCheck.py:490:spell_check:UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 11: ordinal not in range(128) https://bugzilla.redhat.com/show_bug.cgi?id=1036310 -------------------------------------------------------------------------------- ================================================================================ rubygem-narray-0.6.0.8-9.fc18 (FEDORA-2013-23426) N-dimensional Numerical Array class for Ruby -------------------------------------------------------------------------------- Update Information: fixed the way ruby(abi) is required - dropped the symlinks in %{ruby_vendorarchdir}, except for <= el6 - fixed directory ownerships on <= el6 - use BuildRequires: rubygems-devel on el6, too several improvements for RHEL <= 6 and added needed bits for RHEL <= 5\nadded needed Provides added conditional for Requires: ruby(release) or ruby(abi) on older dists Fedora <= 18 && RHEL <= 6 need Requires: ruby(abi) adapted Requires: ruby(abi) = 1.9.1 for Fedora 18, only fixed symlinks in %{ruby_vendorarchdir} -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.6.0.8-9 - fixed the way ruby(abi) is required - dropped the symlinks in %{ruby_vendorarchdir}, except for <= el6 - fixed directory ownerships on <= el6 - use BuildRequires: rubygems-devel on el6, too * Tue Dec 10 2013 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.6.0.8-8 - fixed symlinks in %{ruby_vendorarchdir} * Tue Dec 10 2013 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.6.0.8-7 - adapted Requires: ruby(abi) = 1.9.1 for Fedora 18, only * Tue Dec 10 2013 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.6.0.8-6 - several improvements for RHEL <= 6 and added needed bits for RHEL <= 5 - added needed Provides * Mon Nov 25 2013 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.6.0.8-5 - Fedora <= 18 && RHEL <= 6 need Requires: ruby(abi) * Mon Nov 25 2013 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.6.0.8-4 - added conditional for Requires: ruby(release) or ruby(abi) on older dists -------------------------------------------------------------------------------- References: [ 1 ] Bug #1040936 - rubygem-narray has dependency for invalid version of ryby(abi) https://bugzilla.redhat.com/show_bug.cgi?id=1040936 -------------------------------------------------------------------------------- ================================================================================ v8-3.14.5.10-3.fc18 (FEDORA-2013-23401) JavaScript Engine -------------------------------------------------------------------------------- Update Information: This update resolves multiple security vulnerabilities in the V8 JavaScript just-in-time compiler. -- Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6640 to the following vulnerability: Name: CVE-2013-6640 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640 Assigned: 20131105 Reference: http://code.google.com/p/v8/source/detail?r=17801 Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html Reference: https://code.google.com/p/chromium/issues/detail?id=319860 The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. -- Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6639 to the following vulnerability: Name: CVE-2013-6639 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639 Assigned: 20131105 Reference: http://code.google.com/p/v8/source/detail?r=17801 Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html Reference: https://code.google.com/p/chromium/issues/detail?id=319835 The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 13 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:3.14.5.10-3 - backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1039888 - CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen-dehoist.cc https://bugzilla.redhat.com/show_bug.cgi?id=1039888 [ 2 ] Bug #1039889 - CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen-dehoist.cc https://bugzilla.redhat.com/show_bug.cgi?id=1039889 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
