The following Fedora 18 Security updates need testing:
Age URL
3
https://admin.fedoraproject.org/updates/FEDORA-2012-16375/drupal7-7.16-1....
3
https://admin.fedoraproject.org/updates/FEDORA-2012-16383/libproxy-0.4.10...
12
https://admin.fedoraproject.org/updates/FEDORA-2012-15716/libxslt-1.1.27-...
3
https://admin.fedoraproject.org/updates/FEDORA-2012-16406/python-django-1...
2
https://admin.fedoraproject.org/updates/FEDORA-2012-16454/xlockmore-5.40-...
2
https://admin.fedoraproject.org/updates/FEDORA-2012-16448/dracut-024-5.gi...
0
https://admin.fedoraproject.org/updates/FEDORA-2012-16550/dokuwiki-0-0.14...
9
https://admin.fedoraproject.org/updates/FEDORA-2012-15996/cobbler-2.4.0-b...
9
https://admin.fedoraproject.org/updates/FEDORA-2012-15987/thunderbird-16....
17
https://admin.fedoraproject.org/updates/FEDORA-2012-15342/freeradius-2.2....
7
https://admin.fedoraproject.org/updates/FEDORA-2012-16073/ssmtp-2.64-5.fc18
6
https://admin.fedoraproject.org/updates/FEDORA-2012-16130/icecast-2.3.3-1...
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
0
https://admin.fedoraproject.org/updates/FEDORA-2012-16576/dconf-0.14.0-2....
0
https://admin.fedoraproject.org/updates/FEDORA-2012-16567/GConf2-3.2.5-3....
0
https://admin.fedoraproject.org/updates/FEDORA-2012-16551/qt-4.8.3-4.fc18
0
https://admin.fedoraproject.org/updates/FEDORA-2012-16537/gnome-shell-3.6...
0
https://admin.fedoraproject.org/updates/FEDORA-2012-16564/gmime-2.6.11-1....
1
https://admin.fedoraproject.org/updates/FEDORA-2012-16528/anaconda-18.19-...
1
https://admin.fedoraproject.org/updates/FEDORA-2012-16510/xorg-x11-drv-in...
1
https://admin.fedoraproject.org/updates/FEDORA-2012-16533/gnome-settings-...
1
https://admin.fedoraproject.org/updates/FEDORA-2012-16527/desktop-file-ut...
1
https://admin.fedoraproject.org/updates/FEDORA-2012-16517/mdadm-3.2.5-14....
2
https://admin.fedoraproject.org/updates/FEDORA-2012-16477/clutter-gtk-1.4...
2
https://admin.fedoraproject.org/updates/FEDORA-2012-16481/gnome-session-3...
2
https://admin.fedoraproject.org/updates/FEDORA-2012-16479/gnome-menus-3.6...
3
https://admin.fedoraproject.org/updates/FEDORA-2012-16403/libjpeg-turbo-1...
3
https://admin.fedoraproject.org/updates/FEDORA-2012-16399/firstboot-18.5-...
3
https://admin.fedoraproject.org/updates/FEDORA-2012-16392/ncurses-5.9-7.2...
3
https://admin.fedoraproject.org/updates/FEDORA-2012-16405/perl-5.16.1-233...
3
https://admin.fedoraproject.org/updates/FEDORA-2012-16379/iw-3.7-1.fc18
3
https://admin.fedoraproject.org/updates/FEDORA-2012-16383/libproxy-0.4.10...
4
https://admin.fedoraproject.org/updates/FEDORA-2012-16321/pm-utils-1.4.1-...
4
https://admin.fedoraproject.org/updates/FEDORA-2012-16288/parted-3.1-8.fc18
4
https://admin.fedoraproject.org/updates/FEDORA-2012-16294/libxcb-1.9-1.fc18
4
https://admin.fedoraproject.org/updates/FEDORA-2012-16284/libselinux-2.1....
5
https://admin.fedoraproject.org/updates/FEDORA-2012-16207/thunderbird-lig...
5
https://admin.fedoraproject.org/updates/FEDORA-2012-16209/xulrunner-16.0....
5
https://admin.fedoraproject.org/updates/FEDORA-2012-16215/ntfs-3g-2012.1....
5
https://admin.fedoraproject.org/updates/FEDORA-2012-16198/pam-1.1.6-3.fc18
5
https://admin.fedoraproject.org/updates/FEDORA-2012-16194/metacity-2.34.1...
6
https://admin.fedoraproject.org/updates/FEDORA-2012-16136/ilmbase-1.0.3-4...
6
https://admin.fedoraproject.org/updates/FEDORA-2012-16134/pyOpenSSL-0.13-...
6
https://admin.fedoraproject.org/updates/FEDORA-2012-16119/xorg-x11-drv-at...
6
https://admin.fedoraproject.org/updates/FEDORA-2012-16107/xorg-x11-drv-qx...
7
https://admin.fedoraproject.org/updates/FEDORA-2012-16061/libosinfo-0.2.1...
9
https://admin.fedoraproject.org/updates/FEDORA-2012-15987/thunderbird-16....
9
https://admin.fedoraproject.org/updates/FEDORA-2012-15993/lorax-18.21-1.fc18
9
https://admin.fedoraproject.org/updates/FEDORA-2012-16010/gtkhtml3-4.6.0-...
9
https://admin.fedoraproject.org/updates/FEDORA-2012-15910/openldap-2.4.33...
11
https://admin.fedoraproject.org/updates/FEDORA-2012-15785/python-nss-0.13...
11
https://admin.fedoraproject.org/updates/FEDORA-2012-15776/kde-workspace-4...
3
https://admin.fedoraproject.org/updates/FEDORA-2012-15666/policycoreutils...
18
https://admin.fedoraproject.org/updates/FEDORA-2012-15303/udisks2-2.0.0-1...
7
https://admin.fedoraproject.org/updates/FEDORA-2012-15008/kde-settings-4....
The following builds have been pushed to Fedora 18 updates-testing
GConf2-3.2.5-3.fc18
GMT-4.5.8-1.fc18
ccrypt-1.10-1.fc18
cinnamon-1.6.3-1.fc18
dconf-0.14.0-2.fc18
eclipse-emf-query-1.6.0-1.fc18
eclipse-emf-transaction-1.6.0-1.fc18
eclipse-emf-validation-1.6.0-1.fc18
isorelax-0-0.9.release20050331.fc18
josm-0-0.36.5531svn.fc18
laditools-1.0.1-5.fc18
mozilla-https-everywhere-3.0.2-1.fc18
nemo-1.0.5-2.fc18
non-session-manager-1.0.0-0.2.gitae6b78cf.fc18
perl-Catalyst-Runtime-5.90017-1.fc18
rinputd-1.0.5-1.fc18
semantik-0.8.3-1.fc18
svgsalamander-0.1.10-1.fc18
tomboy-1.12.1-1.fc18
Details about builds:
================================================================================
GConf2-3.2.5-3.fc18 (FEDORA-2012-16567)
A process-transparent configuration system
--------------------------------------------------------------------------------
Update Information:
This update fixes some crashers with GConf using apps.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 24 2012 Ray Strode <rstrode(a)redhat.com> 3.2.5-3
- More crasher workarounds
Resolves: #858348
* Thu Sep 13 2012 Ray Strode <rstrode(a)redhat.com> 3.2.5-2
- Work around crasher bug
Resolves: #755992
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #755992 - [abrt] gnome-terminal-3.2.1-2.fc16: __GI_raise: Process
/usr/bin/gnome-terminal was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=755992
[ 2 ] Bug #756245 - Configuration server couldn't be contacted: D-BUS error: The
GConf daemon is currently shutting down.
https://bugzilla.redhat.com/show_bug.cgi?id=756245
[ 3 ] Bug #858348 - [abrt] GConf2-3.2.5-2.fc17: gconf_main: Process
/usr/libexec/gconfd-2 was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=858348
--------------------------------------------------------------------------------
================================================================================
GMT-4.5.8-1.fc18 (FEDORA-2012-16566)
Generic Mapping Tools
--------------------------------------------------------------------------------
Update Information:
Build latest version for F-18
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
ccrypt-1.10-1.fc18 (FEDORA-2012-16579)
Secure encryption and decryption of files and streams
--------------------------------------------------------------------------------
Update Information:
* Sun Oct 21 2012 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.10-1
- Updated to new upstream version 1.10
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 21 2012 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.10-1
- Updated to new upstream version 1.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #868607 - ccrypt 1.10 available
https://bugzilla.redhat.com/show_bug.cgi?id=868607
--------------------------------------------------------------------------------
================================================================================
cinnamon-1.6.3-1.fc18 (FEDORA-2012-16572)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
update to 1.6.3
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 20 2012 Leigh Scott <leigh123linux(a)googlemail.com> - 1.6.3-1
- update to 1.6.3 release
- add license for cinnamon-menu-editor
- remove -OO from cinnamon-menu-editor script
- drop upstream patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #868496 - nemo and nautilus fight each other for desktop icon display
https://bugzilla.redhat.com/show_bug.cgi?id=868496
--------------------------------------------------------------------------------
================================================================================
dconf-0.14.0-2.fc18 (FEDORA-2012-16576)
A configuration system
--------------------------------------------------------------------------------
Update Information:
This update fixes a memory leak in the dconf daemon.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 21 2012 Matthias Clasen <mclasen(a)redhat.com> - 0.14.0-2
- Fix a memory leak
--------------------------------------------------------------------------------
================================================================================
eclipse-emf-query-1.6.0-1.fc18 (FEDORA-2012-16577)
Specify and execute queries against EMF models
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS and packaging bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 21 2012 Mat Booth <fedora(a)matbooth.co.uk> - 1.6.0-1
- Update to latest version.
- Adapt to newer packaging guidelines.
- Fix FTBFS bug 843211.
- Include emf from new location during pdebuild.
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #843211 - eclipse-emf-query package has not built for multiple Fedora
releases
https://bugzilla.redhat.com/show_bug.cgi?id=843211
[ 2 ] Bug #843212 - eclipse-emf-transaction package has not built for multiple Fedora
releases
https://bugzilla.redhat.com/show_bug.cgi?id=843212
[ 3 ] Bug #843213 - eclipse-emf-validation package has not built for multiple Fedora
releases
https://bugzilla.redhat.com/show_bug.cgi?id=843213
--------------------------------------------------------------------------------
================================================================================
eclipse-emf-transaction-1.6.0-1.fc18 (FEDORA-2012-16577)
A model management layer for managing EMF resources
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS and packaging bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 15 2012 Mat Booth <fedora(a)matbooth.co.uk> - 1.6.0-1
- Update to latest version.
- Adapt to newer packaging guidelines.
- Fix FTBFS bug 843212.
- Include emf from new location during pdebuild.
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #843211 - eclipse-emf-query package has not built for multiple Fedora
releases
https://bugzilla.redhat.com/show_bug.cgi?id=843211
[ 2 ] Bug #843212 - eclipse-emf-transaction package has not built for multiple Fedora
releases
https://bugzilla.redhat.com/show_bug.cgi?id=843212
[ 3 ] Bug #843213 - eclipse-emf-validation package has not built for multiple Fedora
releases
https://bugzilla.redhat.com/show_bug.cgi?id=843213
--------------------------------------------------------------------------------
================================================================================
eclipse-emf-validation-1.6.0-1.fc18 (FEDORA-2012-16577)
Verify the integrity of EMF models
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS and packaging bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 20 2012 Mat Booth <fedora(a)matbooth.co.uk> - 1.6.0-1
- Update to latest version.
- Adapt to newer packaging guidelines.
- Fix FTBFS bug 843213.
- Include emf from new location during pdebuild.
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #843211 - eclipse-emf-query package has not built for multiple Fedora
releases
https://bugzilla.redhat.com/show_bug.cgi?id=843211
[ 2 ] Bug #843212 - eclipse-emf-transaction package has not built for multiple Fedora
releases
https://bugzilla.redhat.com/show_bug.cgi?id=843212
[ 3 ] Bug #843213 - eclipse-emf-validation package has not built for multiple Fedora
releases
https://bugzilla.redhat.com/show_bug.cgi?id=843213
--------------------------------------------------------------------------------
================================================================================
isorelax-0-0.9.release20050331.fc18 (FEDORA-2012-16571)
Public interfaces for RELAX Core
--------------------------------------------------------------------------------
Update Information:
Fix license.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 21 2012 Mat Booth <fedora(a)matbooth.co.uk> - 1:0-0.9.release20050331
- A portion of /org/iso_relax/verifier/VerifierFactory.java is licenced under ASL 1.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #858339 - isorelax: Incorrect license tag
https://bugzilla.redhat.com/show_bug.cgi?id=858339
--------------------------------------------------------------------------------
================================================================================
josm-0-0.36.5531svn.fc18 (FEDORA-2012-16578)
An editor for OpenStreetMap (OSM)
--------------------------------------------------------------------------------
Update Information:
Add new libs in launch script classpath
remove code copy from source and include as lib
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 21 2012 Cédric OLIVIER <cedric.olivier(a)free.fr> 0-0.36.5531svn
- Add new libs in launch script classpath
* Fri Oct 19 2012 Cédric OLIVIER <cedric.olivier(a)free.fr> 0-0.35.5531svn
- Suppress bad code copy in source and include it as lib.
--------------------------------------------------------------------------------
================================================================================
laditools-1.0.1-5.fc18 (FEDORA-2012-16580)
Set of tools to control and monitor LADI system
--------------------------------------------------------------------------------
Update Information:
Laditools is a collection of tools for JACK and Linux audio applications.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #865691 - Review Request: laditools - a collection of linux audio tools
https://bugzilla.redhat.com/show_bug.cgi?id=865691
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-3.0.2-1.fc18 (FEDORA-2012-16569)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
* Some fixes that should have shipped in 3.0.1, but actually didn't:
European Southern Observatory, Indeed, LibriVox
* New fixes:
Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer
(fix / reenable), Optical Society, IMDB, Facebook, EzineArticles,
Broadband Reports, Apache, Akamai (exclude Zynga content to prevent
breakage of some Zynga games), Costco
- Since version 2.x:
- 1,455 new active rulesets
- UI improvements:
-- right-click to view ruleset source in the config window
-- translate some untranslated menus
-- better icons in a few places (breaking/redirecting rules,
context button)
- Numerous improvements to the SSL Observatory internals, including cached
submissions on hostile networks, better Tor and Convergence integration,
and a new setting to control self-signed cert submission
- New translations: Basque, Czech, Danish, French, Greek, Hungarian,
Italian, Korean, Malaysian, Polish, Slovak, Turkish,
Traditional Chinese
- Relative to 3.0development.8:
- Only promote the Decentralized SSL Observatory to 5% of non-Tor users
- Update the SSL Observatory whitelist of common cert chains
- Fixes, mostly in the CDN/media playback department:
Akamai/CNN,
GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
Nokia,
Widgetbox.com, Squarespace
https://trac.torproject.org/projects/tor/ticket/4199
https://trac.torproject.org/projects/tor/ticket/6871
https://trac.torproject.org/projects/tor/ticket/6992
https://trac.torproject.org/projects/tor/ticket/7000
https://trac.torproject.org/projects/tor/ticket/7020
https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/00132...
- Disable buggy: Web.de,
AJC.com, Feross, Bestofmedia
- Remove a lot of off-by-default rulesets from the code, since they have
some costs in terms of startup speed and RAM usage
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 21 2012 Russell Golden <niveusluna(a)niveusluna.org - 3.0.2-1
- Some fixes that should have shipped in 3.0.1, but actually didn't:
European Southern Observatory, Indeed, LibriVox
- New fixes:
Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer
(fix / reenable), Optical Society, IMDB, Facebook, EzineArticles,
Broadband Reports, Apache, Akamai (exclude Zynga content to prevent
breakage of some Zynga games), Costco
--------------------------------------------------------------------------------
================================================================================
nemo-1.0.5-2.fc18 (FEDORA-2012-16572)
File manager for Cinnamon
--------------------------------------------------------------------------------
Update Information:
update to 1.6.3
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 21 2012 Leigh Scott <leigh123linux(a)googlemail.com> - 1.0.5-2
- drop requires gksu-pokit
* Sat Oct 20 2012 Leigh Scott <leigh123linux(a)googlemail.com> - 1.0.5-1
- update to 1.0.5 release
- revert last commit
* Thu Oct 18 2012 Leigh Scott <leigh123linux(a)googlemail.com> - 1.0.3-3
- patch open as root and add requires gksu-pokit
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #868496 - nemo and nautilus fight each other for desktop icon display
https://bugzilla.redhat.com/show_bug.cgi?id=868496
--------------------------------------------------------------------------------
================================================================================
non-session-manager-1.0.0-0.2.gitae6b78cf.fc18 (FEDORA-2012-16568)
A session manager for JACK
--------------------------------------------------------------------------------
Update Information:
Non-session-manager is a session manager for JACK audio applications.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #865995 - Review Request: non-session-manager - a session manager for Linux
Audio
https://bugzilla.redhat.com/show_bug.cgi?id=865995
--------------------------------------------------------------------------------
================================================================================
perl-Catalyst-Runtime-5.90017-1.fc18 (FEDORA-2012-16573)
Catalyst Framework Runtime
--------------------------------------------------------------------------------
Update Information:
This update to the latest upstream version includes:
* Refactor request and response class construction to add methods that roles can hook to
feed extra parameters into the constructor of request or response classes.
* prepare_parameters is no longer an attribute builder. It is now a method that calls the
correct underlying functionality
* Fix uri_for to handle a stringifiable object
* Fix model/view/controller methods to handle stringifiable objects
* Fix RT#78377 - IIS7 ignores response body for 3xx requests, which causes (a different)
response to be broken when using keepalive. Fixed by applying Middleware which removes the
response body and content length that Catalyst supplies with redirects.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 20 2012 Iain Arnell <iarnell(a)gmail.com> 5.90017-1
- update to latest upstream version
--------------------------------------------------------------------------------
================================================================================
rinputd-1.0.5-1.fc18 (FEDORA-2012-16575)
A server for receiving input events over the network
--------------------------------------------------------------------------------
Update Information:
Update to new version to fix FTBFS
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 20 2012 Peter Robinson <pbrobinson(a)fedoraproject.org> 1.0.5-1
- Update to 1.0.5
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
semantik-0.8.3-1.fc18 (FEDORA-2012-16570)
Mind-mapping tool
--------------------------------------------------------------------------------
Update Information:
- semantik-0.8.3
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 21 2012 Gregor Tätzner <brummbq(a)fedoraproject.org> - 0.8.3-1
- semantik-0.8.3
* Tue Oct 9 2012 Gregor Tätzner <brummbq(a)fedoraproject.org> - 0.8.2-1
- semantik-0.8.2
- dropped all patches
--------------------------------------------------------------------------------
================================================================================
svgsalamander-0.1.10-1.fc18 (FEDORA-2012-16574)
An SVG engine for Java
--------------------------------------------------------------------------------
Update Information:
Update to 0.1.10
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 18 2012 Cédric OLIVIER <cedric.olivier(a)free.fr> 0.1.10-1
- Update to release 0.1.10
--------------------------------------------------------------------------------
================================================================================
tomboy-1.12.1-1.fc18 (FEDORA-2012-16581)
Note-taking application
--------------------------------------------------------------------------------
Update Information:
Update to the latest release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 18 2012 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.12.1-1
- Update to 0.12.1.
--------------------------------------------------------------------------------