The following Fedora 18 Security updates need testing:
Age URL
160
https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2...
72
https://admin.fedoraproject.org/updates/FEDORA-2013-13131/livecd-tools-18...
56
https://admin.fedoraproject.org/updates/FEDORA-2013-14005/zabbix-2.0.6-3....
43
https://admin.fedoraproject.org/updates/FEDORA-2013-14794/filezilla-3.7.3...
9
https://admin.fedoraproject.org/updates/FEDORA-2013-17016/icedtea-web-1.4...
8
https://admin.fedoraproject.org/updates/FEDORA-2013-17112/hplip-3.13.9-2....
7
https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-...
6
https://admin.fedoraproject.org/updates/FEDORA-2013-17305/libvirt-0.10.2....
5
https://admin.fedoraproject.org/updates/FEDORA-2013-17366/seamonkey-2.21-...
5
https://admin.fedoraproject.org/updates/FEDORA-2013-17375/xpdf-3.03-8.fc18
4
https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17....
3
https://admin.fedoraproject.org/updates/FEDORA-2013-17583/rtkit-0.11-7.fc18
3
https://admin.fedoraproject.org/updates/FEDORA-2013-17443/ReviewBoard-1.7...
1
https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10....
1
https://admin.fedoraproject.org/updates/FEDORA-2013-17649/rubygems-1.8.25...
0
https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3....
0
https://admin.fedoraproject.org/updates/FEDORA-2013-17689/xen-4.2.3-2.fc18
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
230
https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5...
13
https://admin.fedoraproject.org/updates/FEDORA-2013-16676/gnome-abrt-0.3....
11
https://admin.fedoraproject.org/updates/FEDORA-2013-16816/gdisk-0.8.7-2.fc18
9
https://admin.fedoraproject.org/updates/FEDORA-2013-17013/device-mapper-p...
5
https://admin.fedoraproject.org/updates/FEDORA-2013-17371/ibus-1.5.4-1.fc18
4
https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17....
3
https://admin.fedoraproject.org/updates/FEDORA-2013-17583/rtkit-0.11-7.fc18
0
https://admin.fedoraproject.org/updates/FEDORA-2013-17758/selinux-policy-...
The following builds have been pushed to Fedora 18 updates-testing
cherrytree-0.30.5-1.fc18
cloud-init-0.7.2-7.fc18
davfs2-1.4.7-3.fc18
euca2ools-2.1.4-1.fc18
glusterfs-3.4.1-1.fc18
h5py-2.2.0-1.fc18
imapsync-1.567-1.fc18
lshw-B.02.17-1.fc18
mozc-1.11.1522.102-2.fc18
openscad-2013.06-5.fc18
python-boto-2.13.3-1.fc18
qpid-cpp-0.24-3.fc18.1
qupzilla-1.4.4-1.fc18
rubygem-locale-2.0.9-1.fc18
ssmtp-2.64-10.fc18
system-config-kdump-2.0.13-1.fc18
znc-1.2-0.3.beta1.fc18
Details about builds:
================================================================================
cherrytree-0.30.5-1.fc18 (FEDORA-2013-17846)
Hierarchical note taking application
--------------------------------------------------------------------------------
Update Information:
New upstream release, license changed to GPLv3+
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 27 2013 Robin Lee <cheeselee(a)fedoraproject.org> - 0.30.5-1
- Update to 0.30.5, license changed to GPLv3+
- Requires python-enchant
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.29.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1000468 - cherrytree-0.30.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1000468
--------------------------------------------------------------------------------
================================================================================
cloud-init-0.7.2-7.fc18 (FEDORA-2013-17824)
Cloud instance init scripts
--------------------------------------------------------------------------------
Update Information:
This update fixes several bugs and enables the following modules:
* growpart
* migrator
* package-update-upgrade-install
* yum-add-repo
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 0.7.2-7
- Dropped xfsprogs dependency [RH:974329]
* Tue Sep 24 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 0.7.2-6
- Added yum-add-repo module
* Fri Sep 20 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 0.7.2-5
- Fixed puppet agent service name [RH:1008250]
- Let systemd handle console output [RH:977952 LP:1228434]
- Fixed restorecon failure when selinux is disabled [RH:967002 LP:1228441]
- Fixed rsyslog log filtering
- Added missing modules [RH:966888]
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.7.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sat Jun 15 2013 Matthew Miller <mattdm(a)fedoraproject.org> - 0.7.2-3
- switch ec2-user to "fedora" -- see bugzilla #971439. To use another
name, use #cloud-config option "users:" in userdata in cloud metadata
service
- add that user to systemd-journal group
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #881868 - cloud-init: migration to /etc/hostname, /etc/vconsole.conf,
/etc/locale.conf
https://bugzilla.redhat.com/show_bug.cgi?id=881868
[ 2 ] Bug #974329 - make xfstools a soft dependency
https://bugzilla.redhat.com/show_bug.cgi?id=974329
[ 3 ] Bug #1008250 - Cloud-init no longer automatically starts puppet
https://bugzilla.redhat.com/show_bug.cgi?id=1008250
[ 4 ] Bug #977952 - RFE: disable all direct writes to the console
https://bugzilla.redhat.com/show_bug.cgi?id=977952
[ 5 ] Bug #967002 - cloud-init should gracefully degrade when booted with selinux=0
https://bugzilla.redhat.com/show_bug.cgi?id=967002
[ 6 ] Bug #966888 - cloud.cfg is missing the growpart module
https://bugzilla.redhat.com/show_bug.cgi?id=966888
--------------------------------------------------------------------------------
================================================================================
davfs2-1.4.7-3.fc18 (FEDORA-2013-17853)
A filesystem driver for WebDAV
--------------------------------------------------------------------------------
Update Information:
* Upstream bugfix release
* Fix insecure use of system()
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 19 2013 Will Woods <wwoods(a)redhat.com> - 1.4.7-3
- CVE-2013-4362: Fix possibly insecure use of system()
* Fri Sep 13 2013 Paul Howarth <paul(a)city-fan.org> - 1.4.7-2
- Add support for building with neon 0.30.0 (#992110)
- Use -fno-strict-aliasing
* Tue Feb 26 2013 Erik Logtenberg <erik(a)logtenberg.eu> - 1.4.7-1
- New upstream release
- The check for somebody else's home directory is gone. So you should
be able to mount in /media/foo even if / is the home of some daemon.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1008313 - CVE-2013-4362 davfs2: insecure use of system()
https://bugzilla.redhat.com/show_bug.cgi?id=1008313
--------------------------------------------------------------------------------
================================================================================
euca2ools-2.1.4-1.fc18 (FEDORA-2013-17822)
Eucalyptus/AWS-compatible command line tools
--------------------------------------------------------------------------------
Update Information:
This update fixes several bugs in boto and euca2ools, and also adds support for the latest
AWS features to boto.
IMPORTANT: python-boto-2.13.3-1 is not compatible with euca2ools-2.1.3-2, so if you
update python-boto without also updating euca2ools, euca-register will fail. To resolve
this issue, update to euca2ools-2.1.4-1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.1.4-1
- Upstream update (2.1.4)
- Fixed eustore-install-image breakage from 2.1.3-2 [RH:1001433]
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.1.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jun 21 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.1.3-2
- Disabled SSL cert validation to make things work with boto 2.6+
- Fixed eustore account name checking [TOOLS-282]
- Fixed eustore registering images with the wrong type [TOOLS-184]
- Fixed euare-userlistpolicies -v --delegate [TOOLS-281]
- Fixed euca-get-console-output crash on no output
- Added euca-register --virtualization type (note that it requires special privs)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1011682 - Propagate At Launch flag not being properly parsed with autoscaling
tags
https://bugzilla.redhat.com/show_bug.cgi?id=1011682
[ 2 ] Bug #740984 - cacerts.txt missing from the package
https://bugzilla.redhat.com/show_bug.cgi?id=740984
[ 3 ] Bug #974288 - ImportError: No module named filechunkio
https://bugzilla.redhat.com/show_bug.cgi?id=974288
[ 4 ] Bug #1001433 - Error running eustore-install-image on CentOS 6.4
https://bugzilla.redhat.com/show_bug.cgi?id=1001433
--------------------------------------------------------------------------------
================================================================================
glusterfs-3.4.1-1.fc18 (FEDORA-2013-17816)
Cluster File System
--------------------------------------------------------------------------------
Update Information:
GlusterFS 3.4.1 GA; glusterfs-3.4.1-1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 27 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.1-1
- GlusterFS 3.4.1 GA, glusterfs-3.4.1-1
* Thu Sep 26 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.1-0.2rc1
- scratch build for community
* Wed Sep 11 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.1-0.1qa1
- scratch build for community
* Fri Sep 6 2013 Niels de Vos <devos(a)fedoraproject.org>
- fix "warning: File listed twice: .../glusterd.info" while building
--------------------------------------------------------------------------------
================================================================================
h5py-2.2.0-1.fc18 (FEDORA-2013-17851)
A Python interface to the HDF5 library
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release h5py 2.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2013 Terje Rosten <terje.rosten(a)ntnu.no> - 2.2.0-1
- 2.2.0
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.1.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
imapsync-1.567-1.fc18 (FEDORA-2013-17811)
Tool to migrate email between IMAP servers
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.567
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2013 Nick Bebout <nb(a)fedoraproject.org> - 1.567-1
- Upgrade to 1.567
--------------------------------------------------------------------------------
================================================================================
lshw-B.02.17-1.fc18 (FEDORA-2013-17833)
Hardware lister
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release lshw B.02.17.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2013 Terje Rosten <terje.rosten(a)ntnu.no> - B.02.17-1
- B.02.17
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
B.02.16-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mozc-1.11.1522.102-2.fc18 (FEDORA-2013-17809)
A Japanese Input Method Editor (IME) designed for multi-platform
--------------------------------------------------------------------------------
Update Information:
Update ibus cache at %post/%postun
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 27 2013 Akira TAGOH <tagoh(a)redhat.com> - 1.11.1522.102-2
- Update ibus cache at %post/%postun.
--------------------------------------------------------------------------------
================================================================================
openscad-2013.06-5.fc18 (FEDORA-2013-17786)
The Programmers Solid 3D CAD Modeller
--------------------------------------------------------------------------------
Update Information:
Fix upstream issue 482
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 27 2013 Miro Hrončok <mhroncok(a)redhat.com> - 2013.06-5
- Require Python for tests
* Fri Sep 27 2013 Miro Hrončok <mhroncok(a)redhat.com> - 2013.06-4
- Patch to solve upstream bug #482
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2013.06-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata(a)redhat.com> - 2013.06-2
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
python-boto-2.13.3-1.fc18 (FEDORA-2013-17822)
A simple lightweight interface to Amazon Web Services
--------------------------------------------------------------------------------
Update Information:
This update fixes several bugs in boto and euca2ools, and also adds support for the latest
AWS features to boto.
IMPORTANT: python-boto-2.13.3-1 is not compatible with euca2ools-2.1.3-2, so if you
update python-boto without also updating euca2ools, euca-register will fail. To resolve
this issue, update to euca2ools-2.1.4-1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.13.3-1
- Updated to 2.13.3
- Note that this version changes register_image's virtualization_type parameter
- Fixed auto-scaling PropagateAtLaunch parsing (#1011682)
* Mon Jul 29 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.9.9-2
- Re-fixed autoscaling policy parsing (boto #1538)
* Thu Jul 25 2013 Orion Poplawski <orion(a)cora.nwra.com> - 2.9.9-1
- Update to 2.9.9
* Fri Jun 21 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.9.6-2
- Rebuilt after merge
* Fri Jun 21 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.9.6-1
- Updated to 2.9.6
- Fixed autoscaling policy parsing (boto #1538)
* Thu May 9 2013 Orion Poplawski <orion(a)cora.nwra.com> - 2.9.2-1
- Update to 2.9.2 (bug #948714)
- Spec cleanup
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.6.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Jan 8 2013 Garrett Holmstrom <gholms(a)fedoraproject.org> - 2.5.2-3
- Fixed parsing of current/previous instance state data (boto #881)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1011682 - Propagate At Launch flag not being properly parsed with autoscaling
tags
https://bugzilla.redhat.com/show_bug.cgi?id=1011682
[ 2 ] Bug #740984 - cacerts.txt missing from the package
https://bugzilla.redhat.com/show_bug.cgi?id=740984
[ 3 ] Bug #974288 - ImportError: No module named filechunkio
https://bugzilla.redhat.com/show_bug.cgi?id=974288
[ 4 ] Bug #1001433 - Error running eustore-install-image on CentOS 6.4
https://bugzilla.redhat.com/show_bug.cgi?id=1001433
--------------------------------------------------------------------------------
================================================================================
qpid-cpp-0.24-3.fc18.1 (FEDORA-2013-17820)
Libraries for Qpid C++ client applications
--------------------------------------------------------------------------------
Update Information:
Maintains, for now, the old /etc/qpidd.conf file.
Added provides for obsoleted ssl packages.
Rebased on Qpid 0.24.
Fixed the inter-package dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2013 Darryl L. Pierce <dpierce(a)redhat.com> - 0.24-3.1
- Provide a symlink from /etc/qpid/qpidd.conf to /etc/qpidd.conf:
- * this will be removed with the 0.26 release
- * for upgrades any existing file is preserved for now
- Resolves: BZ#1012001
* Mon Sep 23 2013 Darryl L. Pierce <dpierce(a)redhat.com> - 0.24-3
- Fixed dependencies on python-qmf to be python-qpid-qmf.
* Mon Sep 23 2013 Darryl L. Pierce <dpierce(a)redhat.com> - 0.24-2
- Add arch checks for all requires to block potential multilib errors on upgrade.
- Added virtual provides for both obsoleted -ssl packages.
- Resolves: BZ#1010999
* Fri Sep 20 2013 Darryl L. Pierce <dpierce(a)redhat.com> - 0.24-1
- Rebased on Qpid 0.24.
- Relocated qpidd.conf to /etc/qpid
- Trimmed old changelog entries due to bogus date complaints.
- Added fixes to support ARM as a primary platform.
- Build depends on qpid-proton 0.5.
- QPID-4938: Stop building ssl and acl support as separate plugin modules on Unix
- Cleaner encoding of index for delivery tags - QPID-5122
- QPID-5123: Changes to Fedora 19 packaging of libdb4 prevents legacystore from building
- QPID-5016: Legacy store not correctly initialising rmgr
- QPID-5126: Fix for building legacy store on ARM platforms
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1012001 - all openstack services: unable to connect to AMQP server (after
upgrading to qpid 0.24)
https://bugzilla.redhat.com/show_bug.cgi?id=1012001
[ 2 ] Bug #1010999 - Protected multilib versions: qpid-cpp-client-0.22-2.fc19.i686 !=
qpid-cpp-client-0.24-1.fc19.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1010999
--------------------------------------------------------------------------------
================================================================================
qupzilla-1.4.4-1.fc18 (FEDORA-2013-17861)
Modern web browser
--------------------------------------------------------------------------------
Update Information:
This update fixes two crashes, some minor usability issues and changes the default search
engine to
duckduckgo.com. Please refer to
http://blog.qupzilla.com/2013/09/qupzilla-144-released.html for a complete list of
changes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 27 2013 Christoph Wickert <cwickert(a)fedoraproject.org> - 1.4.4-1
- Update to 1.4.4
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #962147 - [abrt] qupzilla-1.4.1-1.fc18: testAttribute: Process
/usr/bin/qupzilla was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=962147
--------------------------------------------------------------------------------
================================================================================
rubygem-locale-2.0.9-1.fc18 (FEDORA-2013-17785)
Pure ruby library which provides basic APIs for localization
--------------------------------------------------------------------------------
Update Information:
New version 2.0.9 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2013 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 2.0.9-1
- 2.0.9
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0.8-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 27 2013 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 2.0.8-3
- F-19: Rebuild for ruby 2.0.0
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ssmtp-2.64-10.fc18 (FEDORA-2013-17802)
Extremely simple MTA to get mail off the system to a Mailhub
--------------------------------------------------------------------------------
Update Information:
Adds to the default config the option to load the CA certificates bundle.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2013 Manuel "lonely wolf" Wolfshant <wolfy(a)fedoraproject.org>
- 2.64-10
- Force loading of the CA bundle via the config file; should fix #1004998
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1004998 - SSL not working
https://bugzilla.redhat.com/show_bug.cgi?id=1004998
--------------------------------------------------------------------------------
================================================================================
system-config-kdump-2.0.13-1.fc18 (FEDORA-2013-17797)
A graphical interface for configuring kernel crash dumping
--------------------------------------------------------------------------------
Update Information:
This update adds support for EFI grub installations and fixes several bugs - most notably,
kdump service is not started if there is no kernel memory reserved for the crash kernel.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 27 2013 Martin Milata <mmilata(a)redhat.com> - 2.0.13-1
- Update to 2.0.13
* Wed Jul 10 2013 Martin Milata <mmilata(a)redhat.com> - 2.0.12-1
- Update to 2.0.12
- Add EFI support for grub
- Don't start kdump if there's no reserved memory
- Change default action and filter level to same values as is used in
kdump.conf by default
- Fix couple of UI glitches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #971228 - crashkernel must be already in place for apply button to work.
https://bugzilla.redhat.com/show_bug.cgi?id=971228
[ 2 ] Bug #983017 - s-c-kdump and grubby not functioning on UEFI box
https://bugzilla.redhat.com/show_bug.cgi?id=983017
--------------------------------------------------------------------------------
================================================================================
znc-1.2-0.3.beta1.fc18 (FEDORA-2013-17796)
An advanced IRC bouncer
--------------------------------------------------------------------------------
Update Information:
Update to 1.2-beta1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2013 Nick Bebout <nb(a)fedoraproject.org> - 1.2-0.3.beta1
- Upgrade to 1.2-beta1
* Sat Aug 3 2013 Petr Pisar <ppisar(a)redhat.com> - 1.2-0.2.alpha1
- Perl 5.18 rebuild
--------------------------------------------------------------------------------