Fedora 16 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Feb 1 17:44:01 UTC 2013
The following Fedora 16 Security updates need testing:
Age URL
52 https://admin.fedoraproject.org/updates/FEDORA-2012-20157/libproxy-0.4.11-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2013-1748/sssd-1.8.6-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2013-1713/libupnp-1.6.18-1.fc16
9 https://admin.fedoraproject.org/updates/FEDORA-2013-1233/rhncfg-5.10.36-1.fc16
51 https://admin.fedoraproject.org/updates/FEDORA-2012-20236/rssh-2.3.4-1.fc16
9 https://admin.fedoraproject.org/updates/FEDORA-2013-1257/libexif-0.6.21-2.fc16
210 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16
130 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16
6 https://admin.fedoraproject.org/updates/FEDORA-2013-1485/Zim-0.59-1.fc16
23 https://admin.fedoraproject.org/updates/FEDORA-2012-19347/cups-1.5.4-12.fc16
6 https://admin.fedoraproject.org/updates/FEDORA-2013-1494/gdal-1.7.3-15.fc16,OpenImageIO-1.0.11-2.fc16,libwebp-0.2.1-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2013-1666/android-tools-20130123git98d0789-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2013-1716/samba-3.6.12-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2013-1745/rubygem-activesupport-3.0.10-6.fc16
13 https://admin.fedoraproject.org/updates/FEDORA-2013-0935/samba4-4.0.0-39.alpha16.fc16
2 https://admin.fedoraproject.org/updates/FEDORA-2013-1642/libvirt-0.9.6.4-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2013-1735/wordpress-3.5.1-1.fc16
The following Fedora 16 Critical Path updates have yet to be approved:
Age URL
6 https://admin.fedoraproject.org/updates/FEDORA-2013-1531/qrencode-3.4.1-1.fc16
9 https://admin.fedoraproject.org/updates/FEDORA-2013-1257/libexif-0.6.21-2.fc16
276 https://admin.fedoraproject.org/updates/FEDORA-2012-6994/upower-0.9.16-1.fc16
The following builds have been pushed to Fedora 16 updates-testing
android-tools-20130123git98d0789-1.fc16
drupal7-date_ical-2.3-1.fc16
guacd-0.7.0-3.fc16
libupnp-1.6.18-1.fc16
lua-ldoc-1.3.3-1.fc16
mate-window-manager-1.5.3-3.fc16
rubygem-activesupport-3.0.10-6.fc16
samba-3.6.12-1.fc16
sssd-1.8.6-1.fc16
wordpress-3.5.1-1.fc16
Details about builds:
================================================================================
android-tools-20130123git98d0789-1.fc16 (FEDORA-2013-1666)
Android platform tools(adb, fastboot)
--------------------------------------------------------------------------------
Update Information:
- Update to upstream git commit 98d0789
- Resolves: rhbz 903074 Move udev rule to docs as example
- Resolves: rhbz 879585 Introduce adb.service with PrivateTmp
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 28 2013 Ivan Afonichev <ivan.afonichev at gmail.com> - 20130123git98d0789-1
- Update to upstream git commit 98d0789
- Resolves: rhbz 903074 Move udev rule to docs as example
- Resolves: rhbz 879585 Introduce adb.service with PrivateTmp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #879585 - CVE-2012-5564 android-tools (server): Insecure temporary file used for logging [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=879585
[ 2 ] Bug #903074 - android-tools: please fix or remove (non useful) udev rule
https://bugzilla.redhat.com/show_bug.cgi?id=903074
--------------------------------------------------------------------------------
================================================================================
drupal7-date_ical-2.3-1.fc16 (FEDORA-2013-1688)
Allows creation of an iCal feed in Views
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.3 release
Update to upstream 2.2 release
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #904736 - drupal7-date_ical-2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=904736
[ 2 ] Bug #903583 - drupal7-date_ical-2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=903583
--------------------------------------------------------------------------------
================================================================================
guacd-0.7.0-3.fc16 (FEDORA-2013-1694)
Proxy daemon for Guacamole
--------------------------------------------------------------------------------
Update Information:
Enable guacd user/group for daemon
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Simone Caronni <negativo17 at gmail.com> - 0.7.0-3
- User creations is for all supported distributions.
* Wed Jan 30 2013 Simone Caronni <negativo17 at gmail.com> - 0.7.0-2
- Updated init script according to Fedora template.
https://fedoraproject.org/wiki/Packaging:SysVInitScript?rd=Packaging/SysVInitScript
- Run daemon as guacd user/group.
- Make sure $HOME is set before starting the daemon or the child crashes.
--------------------------------------------------------------------------------
================================================================================
libupnp-1.6.18-1.fc16 (FEDORA-2013-1713)
Universal Plug and Play (UPnP) SDK
--------------------------------------------------------------------------------
Update Information:
linupnp 1.6.18
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 29 2013 Adam Jackson <ajax at redhat.com> 1.6.18-1
- libupnp 1.6.18 (#905577)
* Tue Oct 16 2012 Adam Jackson <ajax at redhat.com> 1.6.17-1
- libupnp 1.6.17
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.13-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #883790 - CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 libupnp: Multiple stack-based buffer overflows in unique_service_name() by processing specially-crafted SSDP request (VU#922681)
https://bugzilla.redhat.com/show_bug.cgi?id=883790
--------------------------------------------------------------------------------
================================================================================
lua-ldoc-1.3.3-1.fc16 (FEDORA-2013-1768)
Lua documentation generator
--------------------------------------------------------------------------------
Update Information:
LDoc is a second-generation documentation tool that can be used as a replacement for LuaDoc. It is mostly compatible with LuaDoc, except that certain workarounds are no longer needed. For instance, it is not so married to the idea that Lua modules should be defined using the module function.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #891996 - Review Request: lua-ldoc - Lua documentation generator
https://bugzilla.redhat.com/show_bug.cgi?id=891996
--------------------------------------------------------------------------------
================================================================================
mate-window-manager-1.5.3-3.fc16 (FEDORA-2013-1669)
MATE Desktop window manager
--------------------------------------------------------------------------------
Update Information:
update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 29 2013 Dan Mashal <dan.mashal at fedoraproject.org> - 1.5.3-3
- Add some configure flags
* Fri Jan 18 2013 Dan Mashal <dan.mashal at fedoraproject.org> - 1.5.3-2
- Sort BR's
- Remove unneeded obsoletes tag
* Mon Jan 14 2013 Dan Mashal <dan.mashal at fedoraproject.org> - 1.5.3-1
- Update to latest upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896357 - [abrt] mate-window-manager-1.5.2-10.fc18: meta_bug: Process /usr/bin/marco was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=896357
--------------------------------------------------------------------------------
================================================================================
rubygem-activesupport-3.0.10-6.fc16 (FEDORA-2013-1745)
Support and utility classes used by the Rails framework
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2013-0333.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 29 2013 Vít Ondruch <vondruch at redhat.com> - 1:3.0.10-6
- Fix for CVE-2013-0333.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #903440 - CVE-2013-0333 rubygem-activesupport: json to yaml parsing
https://bugzilla.redhat.com/show_bug.cgi?id=903440
--------------------------------------------------------------------------------
================================================================================
samba-3.6.12-1.fc16 (FEDORA-2013-1716)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
Update to 3.6.12 which fixes CVE-2013-0213 and CVE-2013-0214.
Update to 3.6.10.
Fix printing upgrade code.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 31 2013 - Andreas Schneider <asn at redhat.com> - 2:3.6.12-1
- Update to 3.6.12
- Fixes CVE-2013-0213 and CVE-2013-0214.
- resolves: #905700
- resolves: #906002
- resolves: #905704
* Mon Dec 10 2012 Guenther Deschner <gdeschner at redhat.com> - 2:3.6.10-94
- Update to 3.6.10
* Fri Nov 9 2012 Guenther Deschner <gdeschner at redhat.com> - 2:3.6.9-93
- Update to 3.6.9
* Fri Oct 26 2012 - Andreas Schneider <asn at redhat.com> -2:3.6.8-92
- Fix pam_winbind segfault in pam_sm_authenticate().
- resolves: #870493
* Mon Sep 17 2012 Guenther Deschner <gdeschner at redhat.com> - 2:3.6.8-91
- Update to 3.6.8
* Mon Aug 20 2012 Guenther Deschner <gdeschner at redhat.com> - 2:3.6.7-90
- Update to 3.6.7
* Thu Jul 19 2012 Guenther Deschner <gdeschner at redhat.com> - 2:3.6.6-89
- Fix printing tdb upgrade for 3.6.6
- resolves: #841609
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #905700 - CVE-2013-0213 samba: clickjacking vulnerability in SWAT
https://bugzilla.redhat.com/show_bug.cgi?id=905700
[ 2 ] Bug #905704 - CVE-2013-0214 samba: cross-site request forgery vulnerability in SWAT
https://bugzilla.redhat.com/show_bug.cgi?id=905704
--------------------------------------------------------------------------------
================================================================================
sssd-1.8.6-1.fc16 (FEDORA-2013-1748)
System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:
A rebase to the latest LTM upstream relase that fixes CVE-2013-0220 and CVE-2013-0219
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 29 2013 Jakub Hrozek <jhrozek at redhat.com> - 1.8.6-1
- New upstream release 1.8.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #884254 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees
https://bugzilla.redhat.com/show_bug.cgi?id=884254
[ 2 ] Bug #884601 - CVE-2013-0220 sssd: Out-of-bounds read flaws in autofs and ssh services responders
https://bugzilla.redhat.com/show_bug.cgi?id=884601
--------------------------------------------------------------------------------
================================================================================
wordpress-3.5.1-1.fc16 (FEDORA-2013-1735)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include:
* Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or user APIs.
WordPress 3.5.1 also addresses the following security issues:
* A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
* Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
* A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 30 2013 Remi Collet <rcollet at redhat.com> - 3.5.1-1
- version 3.5.1, various bug and security fixes:
CVE-2013-0235, CVE-2013-0236 and CVE-2013-0237
- drop -f option from rm to break build if
upstream archive content change
- protect akismet content (from upstream .htaccess)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #904120 - CVE-2013-0235 wordpress: Server-side request forgery and remote port scanning using pingbacks
https://bugzilla.redhat.com/show_bug.cgi?id=904120
[ 2 ] Bug #904121 - wordpress: XSS flaws via shortcodes and HTTP POST content
https://bugzilla.redhat.com/show_bug.cgi?id=904121
[ 3 ] Bug #904122 - wordpress: XSS in the external Plupload library
https://bugzilla.redhat.com/show_bug.cgi?id=904122
--------------------------------------------------------------------------------
More information about the test
mailing list