The following Fedora 18 Security updates need testing: Age URL 40 https://admin.fedoraproject.org/updates/FEDORA-2013-21875/389-ds-base-1.3.0.9-1.fc18 27 https://admin.fedoraproject.org/updates/FEDORA-2013-22949/net-snmp-5.7.2-7.fc18 14 https://admin.fedoraproject.org/updates/FEDORA-2013-23662/rubygem-actionpack-3.2.8-4.fc18 14 https://admin.fedoraproject.org/updates/FEDORA-2013-23663/ibus-chewing-1.4.4-1.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-23988/varnish-3.0.5-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-24142/asterisk-11.7.0-1.fc18 3 https://admin.fedoraproject.org/updates/FEDORA-2013-24155/libsrtp-1.4.4-9.20101004cvs.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0025/goffice-0.10.9-1.fc18,gnumeric-1.12.9-1.fc18,gnome-chemistry-utils-0.14.5-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0085/rubygem-will_paginate-3.0.2-5.fc18 The following Fedora 18 Critical Path updates have yet to be approved: Age URL 327 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-23882/libbluray-0.5.0-2.fc18 The following builds have been pushed to Fedora 18 updates-testing certmonger-0.70-1.fc18 homerun-1.1.0-1.fc18 lz4-r110-1.fc18 mate-keyring-1.6.1-1.fc18 meld-1.8.3-1.fc18 numpy-1.7.2-7.fc18 php-drush-drush-6.2.0-2.fc18 python-djblets-0.7.28-1.fc18 rubygem-will_paginate-3.0.2-5.fc18 Details about builds: ================================================================================ certmonger-0.70-1.fc18 (FEDORA-2013-23416) Certificate status monitor and PKI enrollment client -------------------------------------------------------------------------------- Update Information: This update fixes crashes in the daemon when there are errors reading some of its data files or errors saving newly-obtained certificates to disk. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.70-1 - add a --with-homedir option to configure, and use it, since subprocesses which we run and which use NSS may attempt to write to $HOME/.pki, and 0.69's strategy of setting that to "/" was rightly hitting SELinux policy denials (#1047798) * Fri Dec 27 2013 Daniel Mach <dmach@xxxxxxxxxx> - 0.69-2 - Mass rebuild 2013-12-27 * Mon Dec 9 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.69-1 - tweak how we decide whether we're on the master or a minion when we're told to use certmaster as a CA - clean up one of the tests so that it doesn't have to work around internal logging producing duplicate messages - when logging errors while setting up to contact xmlrpc servers, explicitly note that the error is client-side - don't abort() due to incorrect locking when an attempt to save an issued certificate to the designated location fails (part of #1032760/#1033333, ticket #22) - when reading an issued certificate from an enrollment helper, ignore noise before or after the certificate itself (more of #1032760/1033333, ticket #22) - run subprocesses in a cleaned-up environment (more of #1032760/1033333, ticket #22) - clear the ca-error that we saved when we had an error talking to the CA if we subsequently succeed in talking to the CA - various other static-analysis fixes * Thu Aug 29 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.68-1 - notice when the OpenSSL RNG isn't seeded - notice when saving certificates or keys fails due to filesystem-related permission denial (#996581) * Tue Aug 6 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.67-3 - pull up a patch from master to adapt self-tests to certutil's diagnostic output having changed (#992050) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.67-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Mar 11 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.67-1 - when saving certificates to NSS databases, try to preserve the trust value assigned to a previously-present certificate with the same nickname and subject, if one is found - when saving certificates to NSS databases, also prune certificates from the database which have both the same nickname and subject as the one we're adding, to avoid tripping up tools that only fetch one certificate by nickname * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.65-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Jan 23 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.66-1 - build as position-independent executables with early binding (#883966) - also don't tag the unit file as a configuration file (internal tooling) * Wed Jan 23 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.65-2 - don't tag the D-Bus session .service file as a configuration file (internal tooling) -------------------------------------------------------------------------------- References: [ 1 ] Bug #995022 - certmonger coredumps when certificates cannot be created due to permissions https://bugzilla.redhat.com/show_bug.cgi?id=995022 [ 2 ] Bug #1043017 - [abrt] certmonger-0.67-1.fc19: strcmp: Process /usr/sbin/certmonger was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1043017 -------------------------------------------------------------------------------- ================================================================================ homerun-1.1.0-1.fc18 (FEDORA-2014-0082) KDE Application Launcher -------------------------------------------------------------------------------- Update Information: Update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2014 Joseph Marrero <jmarrero@xxxxxxxxxxxxxxxxx> 1.1.0-1 - update to latest upstream version * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ lz4-r110-1.fc18 (FEDORA-2014-0079) Extremely fast compression algorithm -------------------------------------------------------------------------------- Update Information: Fixed issues: #99 -> https://code.google.com/p/lz4/issues/detail?id=99 #100 -> https://code.google.com/p/lz4/issues/detail?id=100 lz4-r108 release. lz4-r108 release. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2014 pjp <pjp@xxxxxxxxxxxxxxxxx> - r110-1 - new release r110 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047435 - This package hasn't been built for rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1047435 -------------------------------------------------------------------------------- ================================================================================ mate-keyring-1.6.1-1.fc18 (FEDORA-2014-0072) Framework for managing passwords and other secrets -------------------------------------------------------------------------------- Update Information: - update to 1.6.1 release -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-1 - update to 1.6.1 release -------------------------------------------------------------------------------- ================================================================================ meld-1.8.3-1.fc18 (FEDORA-2014-0101) Visual diff and merge tool -------------------------------------------------------------------------------- Update Information: This update brings the new minor version 1.8.3 of Meld to your home. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 1 2014 Dominic Hopf <dmaphy@xxxxxxxxxxxxxxxxx> - 1.8.3-1 - New upstream release: Meld 1.8.3 -------------------------------------------------------------------------------- ================================================================================ numpy-1.7.2-7.fc18 (FEDORA-2014-0053) A fast multidimensional array facility for Python -------------------------------------------------------------------------------- Update Information: This is a bugfix only release. More than 42 issues were fixed, the most important issues are listed in the release notes: https://github.com/numpy/numpy/blob/v1.7.2/doc/release/1.7.2-notes.rst -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 1 2014 Orion Poplawski <orion@xxxxxxxx> - 1:1.7.2-1 - Update to 1.7.2 - Drop library-ext patch applied upstream * Wed Nov 27 2013 Orion Poplawski <orion@xxxxxxxx> - 1:1.7.1-7 - Build sphinx docs (bug #1034357) - Ship doc module (bug #1034357) - Move f2py documentation to f2py package (bug #1027394) * Mon Oct 14 2013 Tomas Tomecek <ttomecek@xxxxxxxxxx> - 1:1.7.1-6 - fix name of shared library extensions (rhbz#1018783) * Tue Aug 27 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 1:1.7.1-5 - URL Fix, BZ 1001337 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:1.7.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Jul 30 2013 Tomas Tomecek <ttomecek@xxxxxxxxxx> - 1:1.7.1-3 - Fix rpmlint warnings - Update License - Apply patch: change shebang of f2py to use binary directly * Sun Jun 2 2013 Orion Poplawski <orion@xxxxxxxx> - 1:1.7.1-2 - Specfile cleanup (bug #969854) -------------------------------------------------------------------------------- ================================================================================ php-drush-drush-6.2.0-2.fc18 (FEDORA-2014-0050) Command line shell and Unix scripting interface for Drupal -------------------------------------------------------------------------------- Update Information: Fixes dependency issue (BZ #1047971) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> 6.2.0-2 - Fix Fedora 18 dependency issue (BZ #1047971) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047971 - Failed dependency for php-symfony-yaml https://bugzilla.redhat.com/show_bug.cgi?id=1047971 -------------------------------------------------------------------------------- ================================================================================ python-djblets-0.7.28-1.fc18 (FEDORA-2014-0106) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information: Fix error 500 issue in ReviewBoard when errors occur in registration (such as attempting to register a name already in use). -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2014 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.7.28-1 - New upstream release 0.7.28 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.28.NEWS * djblets.auth: * Fixed HTTP 500 errors when failing to save the registration form -------------------------------------------------------------------------------- ================================================================================ rubygem-will_paginate-3.0.2-5.fc18 (FEDORA-2014-0085) Most awesome pagination solution for Rails -------------------------------------------------------------------------------- Update Information: Fix XSS vulnerabilities (CVE-2013-6459). -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2014 Vít Ondruch <vondruch@xxxxxxxxxx> - 3.0.2-5 - Fix XSS vulnerabilities (CVE-2013-6459). - Disable Sequel test, since Sequel 4.x does not seem to be supported by will_paginate yet. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1046642 - CVE-2013-6459 rubygem-will_paginate: XSS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1046642 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
