The following Fedora 18 Security updates need testing:
Age URL
81
https://admin.fedoraproject.org/updates/FEDORA-2013-0416/fedora-business-...
50
https://admin.fedoraproject.org/updates/FEDORA-2013-2131/rubygem-rdoc-3.1...
46
https://admin.fedoraproject.org/updates/FEDORA-2013-2306/rubygem-rack-1.4...
14
https://admin.fedoraproject.org/updates/FEDORA-2013-3891/php-5.4.13-1.fc18
14
https://admin.fedoraproject.org/updates/FEDORA-2013-3935/puppet-3.1.1-1.fc18
9
https://admin.fedoraproject.org/updates/FEDORA-2013-4050/squid-3.2.9-1.fc18
8
https://admin.fedoraproject.org/updates/FEDORA-2013-4243/stunnel-4.55-1.fc18
8
https://admin.fedoraproject.org/updates/FEDORA-2012-20578/nodejs-0.10.1-1...
6
https://admin.fedoraproject.org/updates/FEDORA-2013-4319/mantis-1.2.14-1....
4
https://admin.fedoraproject.org/updates/FEDORA-2013-4403/mingw-openssl-1....
4
https://admin.fedoraproject.org/updates/FEDORA-2013-4387/moodle-2.3.6-1.fc18
3
https://admin.fedoraproject.org/updates/FEDORA-2013-4447/py-bcrypt-0.3-1....
3
https://admin.fedoraproject.org/updates/FEDORA-2013-4507/libxslt-1.1.28-1...
1
https://admin.fedoraproject.org/updates/FEDORA-2013-4525/bind-9.9.2-10.P2...
1
https://admin.fedoraproject.org/updates/FEDORA-2013-4564/roundcubemail-0....
1
https://admin.fedoraproject.org/updates/FEDORA-2013-4539/mongodb-2.2.3-4....
1
https://admin.fedoraproject.org/updates/FEDORA-2013-4532/drupal7-rules-2....
1
https://admin.fedoraproject.org/updates/FEDORA-2013-4537/libarchive-3.0.4...
1
https://admin.fedoraproject.org/updates/FEDORA-2013-4566/asterisk-11.2.2-...
1
https://admin.fedoraproject.org/updates/FEDORA-2013-4541/httpd-2.4.4-2.fc18
0
https://admin.fedoraproject.org/updates/FEDORA-2013-4460/freeipa-3.1.3-3....
0
https://admin.fedoraproject.org/updates/FEDORA-2013-4590/openstack-keysto...
0
https://admin.fedoraproject.org/updates/FEDORA-2013-4578/389-ds-base-1.3....
0
https://admin.fedoraproject.org/updates/FEDORA-2013-4592/mingw-libarchive...
0
https://admin.fedoraproject.org/updates/FEDORA-2013-4571/libuser-0.58-3.fc18
0
https://admin.fedoraproject.org/updates/FEDORA-2013-4593/ngircd-20.2-1.fc18
0
https://admin.fedoraproject.org/updates/FEDORA-2013-4589/tomcat6-6.0.36-2...
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
167
https://admin.fedoraproject.org/updates/FEDORA-2012-16107/xorg-x11-drv-qx...
165
https://admin.fedoraproject.org/updates/FEDORA-2012-16207/thunderbird-lig...
79
https://admin.fedoraproject.org/updates/FEDORA-2013-0541/mdadm-3.2.6-11.fc18
49
https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5...
38
https://admin.fedoraproject.org/updates/FEDORA-2013-2726/pulseaudio-2.1-7...
24
https://admin.fedoraproject.org/updates/FEDORA-2013-3458/iproute-3.6.0-7....
11
https://admin.fedoraproject.org/updates/FEDORA-2013-4006/dnsmasq-2.65-5.fc18
8
https://admin.fedoraproject.org/updates/FEDORA-2013-4251/selinux-policy-3...
8
https://admin.fedoraproject.org/updates/FEDORA-2013-4219/audit-2.2.3-2.fc18
8
https://admin.fedoraproject.org/updates/FEDORA-2013-4159/docbook-style-xs...
8
https://admin.fedoraproject.org/updates/FEDORA-2013-4221/python-slip-0.4....
6
https://admin.fedoraproject.org/updates/FEDORA-2013-4295/libnotify-0.7.5-...
4
https://admin.fedoraproject.org/updates/FEDORA-2013-4406/yum-3.4.3-53.fc18
3
https://admin.fedoraproject.org/updates/FEDORA-2013-4507/libxslt-1.1.28-1...
3
https://admin.fedoraproject.org/updates/FEDORA-2013-4493/perl-5.16.3-241....
3
https://admin.fedoraproject.org/updates/FEDORA-2013-4485/bind-dyndb-ldap-...
3
https://admin.fedoraproject.org/updates/FEDORA-2013-4429/redland-1.0.15-3...
3
https://admin.fedoraproject.org/updates/FEDORA-2013-4425/libosinfo-0.2.6-...
1
https://admin.fedoraproject.org/updates/FEDORA-2013-4537/libarchive-3.0.4...
1
https://admin.fedoraproject.org/updates/FEDORA-2013-4549/network-manager-...
0
https://admin.fedoraproject.org/updates/FEDORA-2013-4571/libuser-0.58-3.fc18
0
https://admin.fedoraproject.org/updates/FEDORA-2013-4573/emacs-24.2-15.fc18
The following builds have been pushed to Fedora 18 updates-testing
389-ds-base-1.3.0.5-1.fc18
SimplyHTML-0.16.7-1.fc18
cqrlog-1.5.4-1.fc18
emacs-24.2-15.fc18
freeipa-3.1.3-3.fc18
gnome-abrt-0.2.10-1.fc18
java-1.7.0-openjdk-1.7.0.17-2.3.8.3.fc18
libuser-0.58-3.fc18
megaglest-3.7.1-6.fc18
mingw-libarchive-3.0.4-4.fc18
mingw-qt5-qtbase-5.0.1-4.fc18
mingw-qt5-qtjsbackend-5.0.1-1.fc18
mingw-qt5-qtscript-5.0.1-1.fc18
mingw-qt5-qttools-5.0.1-1.fc18
nfsometer-1.5-1.fc18
ngircd-20.2-1.fc18
openstack-keystone-2012.2.3-5.fc18
python-matplotlib-1.2.0-10.fc18
python-rhsm-1.8.8-1.fc18
qpdfview-0.4.1-1.fc18
subscription-manager-1.8.5-1.fc18
tomcat6-6.0.36-2.fc18
tudu-0.8.2-1.fc18
yum-langpacks-0.3.1-1.fc18
Details about builds:
================================================================================
389-ds-base-1.3.0.5-1.fc18 (FEDORA-2013-4578)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
This release fixes 7 critical bugs including one security bug.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 28 2013 Noriko Hosoi <nhosoi(a)redhat.com> - 1.3.0.5-1
- bump version to 1.3.0.5
- Ticket 47308 - unintended information exposure when anonymous access is set to rootdse
- Ticket 628 - crash in aci evaluation
- Ticket 627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so
- Ticket 634 - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config
update only at the start up
- Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC
- Ticket 623 - cleanAllRUV task fails to cleanup config upon completion
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #928105 - CVE-2013-1897 389-ds: unintended information exposure when rootdse
is enabled
https://bugzilla.redhat.com/show_bug.cgi?id=928105
--------------------------------------------------------------------------------
================================================================================
SimplyHTML-0.16.7-1.fc18 (FEDORA-2013-4585)
Application and a java component for rich text processing
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2013 Johannes Lips <hannes(a)fedoraproject.org> 0.16.7-1
- update to latest upstream version
--------------------------------------------------------------------------------
================================================================================
cqrlog-1.5.4-1.fc18 (FEDORA-2013-4579)
An amateur radio contact logging program
--------------------------------------------------------------------------------
Update Information:
* Upgrade to version 1.5.4
* fixed problem with MASTER.SCP
* added support for Super Check Partial (Window -> Super Check Partial)
* added Tune function (for WinKeyerUSB and cwdaemon), hotkey CTRL+T
* added Repair table function to database connection window (Utils button)
* improved export for QSL labels printing (labels are sorted by dxcc, you can choose what
fields will be be printed)
* updated membership tables
* fixed program crash when editing DX cluster info
* CW keys window doesn't show caption for F9 and F10 keys
* ADIF export ignored delimitter in TX_PWR (0.5 was exported as 05)
* CQRLOG killed rigctld even when autostart was disabled
* double click to spots listed with SH/DX didn't work
* QSO list window showed filter is enabled after reopen (filter was disabled)
* login to eQSL with password containing special character didn't work
* when QSO passed over the midnight, the qso was saved with wrong date
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2013 Eric "Sparks" Christensen - 1.5.4-1
- Upgrade to version 1.5.4
- fixed problem with MASTER.SCP
- added support for Super Check Partial (Window -> Super Check Partial)
- added Tune function (for WinKeyerUSB and cwdaemon), hotkey CTRL+T
- added Repair table function to database connection window (Utils button)
- improved export for QSL labels printing (labels are sorted by dxcc, you can choose what
fields will be be printed)
- updated membership tables
- fixed program crash when editing DX cluster info
- CW keys window doesn't show caption for F9 and F10 keys
- ADIF export ignored delimitter in TX_PWR (0.5 was exported as 05)
- CQRLOG killed rigctld even when autostart was disabled
- double click to spots listed with SH/DX didn't work
- QSO list window showed filter is enabled after reopen (filter was disabled)
- login to eQSL with password containing special character didn't work
- when QSO passed over the midnight, the qso was saved with wrong date
* Thu Feb 28 2013 Eric "Sparks" Christensen - 1.5.2-6
- Fixed OpenSSL requirements
--------------------------------------------------------------------------------
================================================================================
emacs-24.2-15.fc18 (FEDORA-2013-4573)
GNU Emacs text editor
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 28 2013 Petr Hracek <phracek(a)redhat.com> - 1:24.2-15
- Fix for emacs bug 112144, style_changed_cb (#922519)
- Fix for emacs bug 112131, bell does not work (#526719)
* Tue Mar 26 2013 Petr Hracek <phracek(a)redhat.com> - 1:24.2-14
- fixing distribution flags to rhel instead of el6:1
* Mon Mar 18 2013 Petr Hracek <phracek(a)redhat.com> - 1:24.2-13
- solved problem with distribution flag in case of rhel
* Mon Mar 18 2013 Petr Hracek <phracek(a)redhat.com> - 1:24.2-12
- solved problem with distribution flag in case of rhel
* Fri Mar 8 2013 Ralf Corsépius <corsepiu(a)fedoraproject.org> - 1:24.2-11
- Remove %config from %{_sysconfdir}/rpm/macros.*
(
https://fedorahosted.org/fpc/ticket/259).
- Fix broken spec-file changelog entry.
* Wed Mar 6 2013 Tomáš Mráz <tmraz(a)redhat.com> - 1:24.2-10
- Rebuild with new gnutls
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #922519 - [abrt] emacs-24.2-6.fc18: style_changed_cb: Process
/usr/bin/emacs-24.2 was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=922519
--------------------------------------------------------------------------------
================================================================================
freeipa-3.1.3-3.fc18 (FEDORA-2013-4460)
The Identity, Policy and Audit system
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.1.3.
Add fix for CVE-2013-0336 389-ds-base: DoS when connecting with a missing username/dn
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2013 Martin Kosek <mkosek(a)redhat.com> - 3.1.3-3
- DoS when connecting with a missing username/dn (#928387)
* Thu Mar 28 2013 Martin Kosek <mkosek(a)redhat.com> - 3.1.3-2
- Avoid running ipa-ldap-updater twice
* Tue Mar 26 2013 Martin Kosek <mkosek(a)redhat.com> - 3.1.3-1
- Update to upstream 3.1.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #913751 - CVE-2013-0336 389-ds-base: DoS when connecting with a missing
username/dn
https://bugzilla.redhat.com/show_bug.cgi?id=913751
--------------------------------------------------------------------------------
================================================================================
gnome-abrt-0.2.10-1.fc18 (FEDORA-2013-4586)
A utility for viewing problems that have occurred with the system
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes problems with errors handling and adds a dialog for reporting
problems with ABRT.
This is an update which in most improves stability and introduces:
* Truncate long texts with ellipsis
* Add a popopup menu for list of problems
* Don't allow reporting if the problem is not reportable
* Suggest reporting a bug if it wasn't reported yet
* Allow only a single instance of gnome-abrt
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 27 2013 Jakub Filak <jfilak(a)redhat.com> 0.2.10-1
- Add the report dialog to the menu
- Add 'Report problem with ABRT' dialog
- Add VERSION and PACKAGE attributes to gnome_abrt module
- Rename attribute in errors.InvalidProblem
- Use IOChannel approach in order to make signal handling synchronous
- Add all python Requires to BuildRequires because of pylint
- Replace GNU style make pattern rules by implicit rules
- Remove left-over RELEASE varible from configure.ac
- Recover from DBus errors while sending command line
- Catch more exceptions and handle them correctly
- Add pylint check and fix problems uncoverend by pylint
- Filter out empyt strings from splitted cmdline
- Fix sytanx error
- Change the label "No oopses" to "No problems detected"
- Get rid of scrollbar around the text on the bottom of window in default size
- Fix appearance of scrolled widgets to no longer have white background
- Remove leftover shebang from non-executable script
- Resolves: #92486, #927434, #928796, #928772
* Mon Mar 18 2013 Jakub Filak <jfilak(a)redhat.com> 0.2.9-1
- Truncate long texts with ellipsis instead of auto-adjusting of window width
- Add a popopup menu for list of problems
- Use executable's basename as an application name instead of the full path
- Remove invalid problems from GUI tree view list
- Remove invalid problems from the dbus cache
- Robustize the processing of newly occurred problems
- Remove a left-over usage of the window member in OopsApplication
- Handle reaching inotify max watches better
- Update translation
- Don't allow reporting if the problem is not reportable
- Suggest reporting a bug if it wasn't reported yet
- Simplify the glade file and add a widget for messages
- Refactorize the function rendering a problem data
- A workaround for the bug in remote GtkApplications
- Allow only a single instance of gnome-abrt
- Fix bugs in main window in handler of configuration updates
- Resolves: #910317, #918771, #922649, #922652
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #927434 - gnome-abrt calls gtk functions from unix signal handler
https://bugzilla.redhat.com/show_bug.cgi?id=927434
[ 2 ] Bug #924856 - gnome-abrt crashes if cmdline item contains extra whitespace
https://bugzilla.redhat.com/show_bug.cgi?id=924856
[ 3 ] Bug #928772 - the secondary gnome-abrt instance fails if sending command line
arguments over dbus returns an error
https://bugzilla.redhat.com/show_bug.cgi?id=928772
[ 4 ] Bug #910317 - Suggest reporting a bug if it wasn't reported yet
https://bugzilla.redhat.com/show_bug.cgi?id=910317
[ 5 ] Bug #918771 - gnome-abrt dies if it reaches inotify max watches
https://bugzilla.redhat.com/show_bug.cgi?id=918771
[ 6 ] Bug #922649 - gnome-abrt doesn't recover from errors caused by accessing of
invalid problems
https://bugzilla.redhat.com/show_bug.cgi?id=922649
[ 7 ] Bug #922652 - Interface enhancement
https://bugzilla.redhat.com/show_bug.cgi?id=922652
[ 8 ] Bug #928769 - gnome-abrt abrt fails if invalid problem is selected
https://bugzilla.redhat.com/show_bug.cgi?id=928769
--------------------------------------------------------------------------------
================================================================================
java-1.7.0-openjdk-1.7.0.17-2.3.8.3.fc18 (FEDORA-2013-4595)
OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:
- added manual deletion of classes.jsa
- ghost classes.jsa restricted to jitarches and to full path
- zlib in BuildReq restricted for 1.2.3-7 or higher
- see
https://bugzilla.redhat.com/show_bug.cgi?id=904231
- Removed a -icedtea tag from the version
- package have less and less connections to icedtea7
- Added and applied patch500 java-1.7.0-openjdk-fixZeroAllocFailure.patch
- to fix not-jit arches build
- is already in upstreamed icedtea 2.1
- Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb
- Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1
- see
https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details
- Removed all fonconfig files. Fonts are now handled differently in JDK
and those files are redundant. This is going to be usptreamed.
- see
https://bugzilla.redhat.com/show_bug.cgi?id=902227 for details
- logging.properties marked as config(noreplace)
- see
https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details
- classes.jsa marked as ghost
- see
https://bugzilla.redhat.com/show_bug.cgi?id=918172 for details
- nss.cfg was marked as config(noreplace)
- see
https://bugzilla.redhat.com/show_bug.cgi?id=913821 for details
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 26 2013 Jiri Vanek <jvanek(a)redhat.com> - 1.7.0.9-2.3.8.3.fc18
- added manual deletion of classes.jsa
- ghost classes.jsa restricted to jitarches and to full path
- zlib in BuildReq restricted for 1.2.3-7 or higher
- see
https://bugzilla.redhat.com/show_bug.cgi?id=904231
- Removed a -icedtea tag from the version
- package have less and less connections to icedtea7
- Added link to nss as noreplace bug to previous changelog item
* Mon Mar 25 2013 Jiri Vanek <jvanek(a)redhat.com> - 1.7.0.9-2.3.8.1.fc18
- Bumped release
- Added and applied patch500 java-1.7.0-openjdk-fixZeroAllocFailure.patch
- to fix not-jit arches build
- is already in upstreamed icedtea 2.1
- Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb
- Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1
- see
https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details
- Removed all fonconfig files. Fonts are now handled differently in JDK
and those files are redundant. This is going to be usptreamed.
- see
https://bugzilla.redhat.com/show_bug.cgi?id=902227 for details
- logging.properties marked as config(noreplace)
- see
https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details
- classes.jsa marked as ghost
- see
https://bugzilla.redhat.com/show_bug.cgi?id=918172 for details
- nss.cfg was marked as config(noreplace)
--------------------------------------------------------------------------------
================================================================================
libuser-0.58-3.fc18 (FEDORA-2013-4571)
A user and group account administration library
--------------------------------------------------------------------------------
Update Information:
This update fixes a TOCTOU race condition when copying and removing directory trees.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 15 2013 Hercinger Viktor <hercinger.viktor(a)gmail.com> - 0.58-3
- Fixed TOCTOU race condition when copying, removing or creating directory trees
Resolves: #928846, CVE-2012-5630, CVE-2012-5644
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #884685 - CVE-2012-5630 libuser: TOCTOU race conditions by copying and
removing directory trees
https://bugzilla.redhat.com/show_bug.cgi?id=884685
[ 2 ] Bug #885724 - CVE-2012-5644 libuser: (Complete) Information disclosure when moving
user's home directory
https://bugzilla.redhat.com/show_bug.cgi?id=885724
--------------------------------------------------------------------------------
================================================================================
megaglest-3.7.1-6.fc18 (FEDORA-2013-4575)
Open Source 3d real time strategy game
--------------------------------------------------------------------------------
Update Information:
Correct crash with NULL unit in selection (#924874)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2013 pcpa <paulo.cesar.pereira.de.andrade(a)gmail.com> - 3.7.1-4
- Correct crash with NULL unit in selection (#924874)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.7.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Jan 21 2013 Adam Tkac <atkac redhat com> - 3.7.1-4
- rebuild due to "jpeg8-ABI" feature drop
* Wed Jan 16 2013 pcpa <paulo.cesar.pereira.de.andrade(a)gmail.com> - 3.7.1-3
- Add patch suggested by upstream for better color picking selection mode.
* Thu Dec 13 2012 Adam Jackson <ajax(a)redhat.com> - 3.7.1-2
- Rebuild for glew 1.9.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #924874 - [abrt] megaglest-3.7.1-1.fc17:
Glest::Game::ExceptionHandler::handleRuntimeError: Process /usr/bin/megaglest was killed
by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=924874
--------------------------------------------------------------------------------
================================================================================
mingw-libarchive-3.0.4-4.fc18 (FEDORA-2013-4592)
MinGW package for handling streaming archive formats
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2013 Michael Cronenworth <mike(a)cchtml.com> - 3.0.4-4
- Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #902998 - CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems
https://bugzilla.redhat.com/show_bug.cgi?id=902998
--------------------------------------------------------------------------------
================================================================================
mingw-qt5-qtbase-5.0.1-4.fc18 (FEDORA-2013-4499)
Qt5 for Windows - QtBase component
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 28 2013 Erik van Pienbroek <epienbro(a)fedoraproject.org> - 5.0.1-4
- Have the -qmake packages require mingw{32,64}-qt5-qttools-lrelease
and update the reference to it in the mkspecs profiles
* Tue Mar 26 2013 Erik van Pienbroek <epienbro(a)fedoraproject.org> - 5.0.1-3
- Make sure the .pc files of the Qt5 modules are installed correctly
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #858068 - Review Request: mingw-qt5-qtjsbackend - Qt5 for Windows -
QtJsBackend component
https://bugzilla.redhat.com/show_bug.cgi?id=858068
[ 2 ] Bug #858076 - Review Request: mingw-qt5-qtscript - Qt5 for Windows - QtScript
component
https://bugzilla.redhat.com/show_bug.cgi?id=858076
[ 3 ] Bug #858080 - Review Request: mingw-qt5-qttools - Qt5 for Windows - QtTools
component
https://bugzilla.redhat.com/show_bug.cgi?id=858080
--------------------------------------------------------------------------------
================================================================================
mingw-qt5-qtjsbackend-5.0.1-1.fc18 (FEDORA-2013-4499)
Qt5 for Windows - QtJsBackend component
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #858068 - Review Request: mingw-qt5-qtjsbackend - Qt5 for Windows -
QtJsBackend component
https://bugzilla.redhat.com/show_bug.cgi?id=858068
[ 2 ] Bug #858076 - Review Request: mingw-qt5-qtscript - Qt5 for Windows - QtScript
component
https://bugzilla.redhat.com/show_bug.cgi?id=858076
[ 3 ] Bug #858080 - Review Request: mingw-qt5-qttools - Qt5 for Windows - QtTools
component
https://bugzilla.redhat.com/show_bug.cgi?id=858080
--------------------------------------------------------------------------------
================================================================================
mingw-qt5-qtscript-5.0.1-1.fc18 (FEDORA-2013-4499)
Qt5 for Windows - QtScript component
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #858068 - Review Request: mingw-qt5-qtjsbackend - Qt5 for Windows -
QtJsBackend component
https://bugzilla.redhat.com/show_bug.cgi?id=858068
[ 2 ] Bug #858076 - Review Request: mingw-qt5-qtscript - Qt5 for Windows - QtScript
component
https://bugzilla.redhat.com/show_bug.cgi?id=858076
[ 3 ] Bug #858080 - Review Request: mingw-qt5-qttools - Qt5 for Windows - QtTools
component
https://bugzilla.redhat.com/show_bug.cgi?id=858080
--------------------------------------------------------------------------------
================================================================================
mingw-qt5-qttools-5.0.1-1.fc18 (FEDORA-2013-4499)
Qt5 for Windows - QtTools component
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #858068 - Review Request: mingw-qt5-qtjsbackend - Qt5 for Windows -
QtJsBackend component
https://bugzilla.redhat.com/show_bug.cgi?id=858068
[ 2 ] Bug #858076 - Review Request: mingw-qt5-qtscript - Qt5 for Windows - QtScript
component
https://bugzilla.redhat.com/show_bug.cgi?id=858076
[ 3 ] Bug #858080 - Review Request: mingw-qt5-qttools - Qt5 for Windows - QtTools
component
https://bugzilla.redhat.com/show_bug.cgi?id=858080
--------------------------------------------------------------------------------
================================================================================
nfsometer-1.5-1.fc18 (FEDORA-2013-4572)
NFS Performance Framework Tool
--------------------------------------------------------------------------------
Update Information:
Updated to the latest upstream release: 1.5
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 26 2013 Weston Andros Adamson <dros(a)netapp.com> 1.5-1
- Updated to the latest upstream release: 1.5
* Tue Jan 15 2013 Steve Dickson <steved(a)redhat.com> 1.3-1
- Updated to the latest upstream release: 1.3
--------------------------------------------------------------------------------
================================================================================
ngircd-20.2-1.fc18 (FEDORA-2013-4593)
Next Generation IRC Daemon
--------------------------------------------------------------------------------
Update Information:
Update to 20.2, which fixes a crash issue.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2013 Kevin Fenzi <kevin(a)scrye.com> 20.2-1
- Update to 20.2.
- Fix for CVE-2013-1747
* Thu Mar 7 2013 Tomáš Mráz <tmraz(a)redhat.com> 20.1-2
- Rebuilt with new GnuTLS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #929168 - CVE-2013-1747 ngircd: DoS (assertion failure, crash) via a KICK
command for a user who is not on the associated channel
https://bugzilla.redhat.com/show_bug.cgi?id=929168
--------------------------------------------------------------------------------
================================================================================
openstack-keystone-2012.2.3-5.fc18 (FEDORA-2013-4590)
OpenStack Identity Service
--------------------------------------------------------------------------------
Update Information:
Fix online revocation check for PKI tokens
CVE-2013-1865
Add openssl dependency for PKI tokens
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2013 Alan Pevec <apevec(a)redhat.com> 2012.2.3-5
- Fix online revocation check for PKI tokens CVE-2013-1865
* Mon Mar 11 2013 Alan Pevec <apevec(a)redhat.com> 2012.2.3-4
- openssl is required for PKI tokens rhbz#918757
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #922230 - CVE-2013-1865 OpenStack keystone: online validation of Keystone PKI
tokens bypasses revocation check
https://bugzilla.redhat.com/show_bug.cgi?id=922230
--------------------------------------------------------------------------------
================================================================================
python-matplotlib-1.2.0-10.fc18 (FEDORA-2013-4600)
Python 2D plotting library
--------------------------------------------------------------------------------
Update Information:
Use stix fonts avoid problems with missing cm fonts (#908717). Correct type mismatch in
python3 font_manager (#912843, #928326)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 28 2013 pcpa <paulo.cesar.pereira.de.andrade(a)gmail.com> - 1.2.0-10
- Use stix fonts avoid problems with missing cm fonts (#908717)
- Correct type mismatch in python3 font_manager (#912843, #928326)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.2.0-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #908717 - mathtext fonts missing?
https://bugzilla.redhat.com/show_bug.cgi?id=908717
[ 2 ] Bug #912843 - run time Type error while calling show() to plot any graph, due to
type mismatch in font_manager.py
https://bugzilla.redhat.com/show_bug.cgi?id=912843
[ 3 ] Bug #928326 - fontconfig problem with python3-matplotlib
https://bugzilla.redhat.com/show_bug.cgi?id=928326
--------------------------------------------------------------------------------
================================================================================
python-rhsm-1.8.8-1.fc18 (FEDORA-2013-4597)
A Python library to communicate with a Red Hat Unified Entitlement Platform
--------------------------------------------------------------------------------
Update Information:
Caching of entitlement status for temporary disconnected use case. Changes for management
of installed product certs. Several bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 27 2013 Devan Goodwin <dgoodwin(a)rm-rf.ca> 1.8.8-1
- no 'json' module in rhel5, use simplejson instead (alikins(a)redhat.com)
- Adding plugin directory config option. (awood(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
qpdfview-0.4.1-1.fc18 (FEDORA-2013-4587)
Tabbed PDF Viewer
--------------------------------------------------------------------------------
Update Information:
Qt-based PDF viewer.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #926062 - Review Request: qpdfview - Qt-based PDF viewer
https://bugzilla.redhat.com/show_bug.cgi?id=926062
--------------------------------------------------------------------------------
================================================================================
subscription-manager-1.8.5-1.fc18 (FEDORA-2013-4597)
Tools and libraries for subscription and repository management
--------------------------------------------------------------------------------
Update Information:
Caching of entitlement status for temporary disconnected use case. Changes for management
of installed product certs. Several bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 27 2013 Devan Goodwin <dgoodwin(a)rm-rf.ca> 1.8.5-1
- 927875: Fix GUI bug if there is an expired certificate. (dgoodwin(a)redhat.com)
- 922806: Use dependency injection with firstboot module. (awood(a)redhat.com)
- 919512: Remove proxy options from config command. (awood(a)redhat.com)
- 921126: latest string updates from zanata (alikins(a)redhat.com)
- 919255: Remove extraneous print statement. (awood(a)redhat.com)
- 919584: Fix unicode error in RHEL 5. (awood(a)redhat.com)
- Implement entitlement/product status caching. (dgoodwin(a)redhat.com)
- 921245: Update installed products tab after registration. (awood(a)redhat.com)
- 893993: some refactoring, show_autosubscribe_output returns 0 or 1
(ckozak(a)redhat.com)
- 859197: add special case for products that provide 'rhel-' tags
(alikins(a)redhat.com)
- productid db now supports multiple repos per product id (alikins(a)redhat.com)
- let ProductData support multiple repos per product (alikins(a)redhat.com)
- 893993: attach --auto now prints the proper text when no products are
installed (ckozak(a)redhat.com)
- 918746: Switched or ordering for disabling repos. Will now print all
repository validation errors (ckozak(a)redhat.com)
- 914717: rct cat-manifest fails to report Contract from the embedded
entitlement cert (wpoteat(a)redhat.com)
- More convenient dep injection. (dgoodwin(a)redhat.com)
- Try to handle the really old dbus-python on rhel5 (alikins(a)redhat.com)
- add missing conf file for all_slots plugin (alikins(a)redhat.com)
- 919700: Reload consumer identity after force subscribing.
(dgoodwin(a)redhat.com)
- utils.parseDate is now isodate.parse_date (alikins(a)redhat.com)
- Remove ent/prod dir arguments to CLI commands. (dgoodwin(a)redhat.com)
- PluginsCommand does not need network cli options (alikins(a)redhat.com)
- Fix pluginDir config value in default config file (alikins(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
tomcat6-6.0.36-2.fc18 (FEDORA-2013-4589)
Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API
--------------------------------------------------------------------------------
Update Information:
rhbz 701038 - tomcat user shell /sbin/nologin regression
rhbz 868171 - tomcat6-6.0.36 is available. tomcat6-6.0.36 was made available in
tomcat6-6.0.36-1.fc18. The bz is noted here so it can be closed.
rhbz 876987 - tomcat6 logrotate should specify "su root tomcat"
rhbz 678630 - tomcat6 servlet-2.5-api missing R:jpackage-utils
rhbz 680447 - Location of TOMCAT_LOG
Updated to tc 6.0.36 which includes the CVE's referenced in the bzs
(883690:CVE-2012-4531, 883675:CVE-2012-4431, 873703:CVE-2012-5885, 5886 ,5887, 3439,
883702:CVE-2012-3546, CVE-2012-2733) The update includes apache-tomcat bz 54615
"tomcat6 does not compile against ecj 4.x". Patching 54615 was necessary for a
successful build.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 18 2013 David Knox <dknox(a)redhat.com> 0:6.0.36-2
- Resolves: rhbz 680447 was incompletely patched. The default
- location of TOMCAT_LOG was incorrect
- Resolves: rhbz 701038 tomcat user shell needs to use nologin
- in systemv init script
- Resolves: rhbz 868171 tomcat 6.0.36 is available
- Resolves: rhbz 876987 logrotate must specify su root tomcat
- Resolves: rhbz 678630 servlet-api missing Requires jpackage-utils
* Wed Mar 13 2013 David Knox <dknox(a)redhat.com> 0:6.0.36-1
- Rebase on tc 6.0.36.
- Resolves: apache-tomcat bz 54615 tomcat6 does not compile against
- ecj 4.x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #701038 - tomcat user shell /sbin/nologin regression in F15
https://bugzilla.redhat.com/show_bug.cgi?id=701038
[ 2 ] Bug #868171 - tomcat6-6.0.36 is available
https://bugzilla.redhat.com/show_bug.cgi?id=868171
[ 3 ] Bug #876987 - tomcat6 logrotate should specify "su root tomcat"
https://bugzilla.redhat.com/show_bug.cgi?id=876987
[ 4 ] Bug #678630 - tomcat6-servlet-2.5-api is missing various requires
https://bugzilla.redhat.com/show_bug.cgi?id=678630
[ 5 ] Bug #680447 - initscript sources global tomcat6 config and instance config in
wrong order
https://bugzilla.redhat.com/show_bug.cgi?id=680447
[ 6 ] Bug #883675 - CVE-2012-4431 Tomcat/JBoss Web - Bypass of CSRF prevention filter
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=883675
[ 7 ] Bug #883702 - CVE-2012-3546 Tomcat/JBoss Web - Bypass of security constraints
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=883702
[ 8 ] Bug #883690 - CVE-2012-4534 Tomcat - Denial Of Service when using NIO+SSL+sendfile
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=883690
[ 9 ] Bug #873703 - CVE-2012-5885 CVE-2012-5886 CVE-2012-5587 CVE-2012-2733 tomcat6
various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=873703
--------------------------------------------------------------------------------
================================================================================
tudu-0.8.2-1.fc18 (FEDORA-2013-4582)
A simple, command line interface to do list application
--------------------------------------------------------------------------------
Update Information:
* Updated to version 0.8.2
* Adds a configuration variable 'tudu_file' to set the path to the XML file.
* Improves the category editor.
* Doesn't check configuration files when invoked with '-h' and '-v'.
* Fixes a segfault on the scroll help page when the resolution is high.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 28 2013 Eric "Sparks" Christensen <sparks(a)fedoraproject.org> -
0.8.2-1
- Updated to version 0.8.2
- Adds a configuration variable 'tudu_file' to set the path to the XML file.
- Improves the category editor.
- Doesn't check configuration files when invoked with '-h' and '-v'.
- Fixes a segfault on the scroll help page when the resolution is high.
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #828280 - tudu-0.8.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=828280
--------------------------------------------------------------------------------
================================================================================
yum-langpacks-0.3.1-1.fc18 (FEDORA-2013-4584)
Langpacks plugin for yum
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.3.1 which fixed a bug -> "yum langinstall hi_IN"
command to work without root user access.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2013 Jens Petersen <petersen(a)redhat.com> - 0.3.1-1
- update to 0.3.1
- have to be root also to run langinstall (Parag Nemade, #928833)
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.3.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #928833 - yum langinstall still installs packages without root permission
https://bugzilla.redhat.com/show_bug.cgi?id=928833
--------------------------------------------------------------------------------