Fedora 16 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat Oct 6 03:52:23 UTC 2012
The following Fedora 16 Security updates need testing:
Age URL
89 https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16
14 https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16
7 https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16
6 https://admin.fedoraproject.org/updates/FEDORA-2012-15098/openstack-swift-1.4.8-3.fc16
61 https://admin.fedoraproject.org/updates/FEDORA-2012-11526/dokuwiki-0-0.11.20120125.b.fc16
3 https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16
92 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16
12 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16
18 https://admin.fedoraproject.org/updates/FEDORA-2012-14126/dbus-1.4.10-4.fc16
10 https://admin.fedoraproject.org/updates/FEDORA-2012-14707/openjpeg-1.4-14.fc16
17 https://admin.fedoraproject.org/updates/FEDORA-2012-14322/pcp-3.6.8-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-15482/perl-HTML-Template-Pro-0.9509-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-15507/ruby-1.8.7.358-4.fc16
The following Fedora 16 Critical Path updates have yet to be approved:
Age URL
0 https://admin.fedoraproject.org/updates/FEDORA-2012-15485/mdadm-3.2.5-10.fc16
2 https://admin.fedoraproject.org/updates/FEDORA-2012-15325/kernel-3.4.12-1.fc16
3 https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16
5 https://admin.fedoraproject.org/updates/FEDORA-2012-15131/mysql-5.5.28-1.fc16
6 https://admin.fedoraproject.org/updates/FEDORA-2012-15090/nss-3.13.5-2.fc16
7 https://admin.fedoraproject.org/updates/FEDORA-2012-14958/libfm-1.0.1-1.fc16,pcmanfm-1.0.1-1.fc16
7 https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16
13 https://admin.fedoraproject.org/updates/FEDORA-2012-14626/qrencode-3.3.1-4.fc16
The following builds have been pushed to Fedora 16 updates-testing
fence-agents-3.1.10-1.fc16
gofer-0.74-1.fc16
innotop-1.9.0-2.fc16
jetty-6.1.26-9.fc16
kde-plasma-networkmanagement-0.9.0.5-1.fc16
mdadm-3.2.5-10.fc16
oxygen-gtk2-1.3.1-1.fc16
oxygen-gtk3-1.1.1-1.fc16
perl-HTML-Template-Pro-0.9509-1.fc16
python-odict-1.5.0-4.fc16
ruby-1.8.7.358-4.fc16
Details about builds:
================================================================================
fence-agents-3.1.10-1.fc16 (FEDORA-2012-15486)
Fence Agents for Red Hat Cluster
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2012 Marek Grac <mgrac at redhat.com> - 3.1.10-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
gofer-0.74-1.fc16 (FEDORA-2012-15494)
A lightweight, extensible python agent
--------------------------------------------------------------------------------
Update Information:
Update to gofer 0.74.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 3 2012 Jeff Ortel <jortel at redhat.com> 0.74-1
- Make watchdog journal object configurable; watchdog singleton by URL only.
(jortel at redhat.com)
* Thu Sep 13 2012 Jeff Ortel <jortel at redhat.com> 0.73-1
- Progress reporting enhancements. (jortel at redhat.com)
- Add for debugging w/o running as root. (jortel at redhat.com)
* Mon Aug 20 2012 Jeff Ortel <jortel at redhat.com> 0.72-1
- Add unit tests: watchdog test. (jortel at redhat.com)
- Add man page for goferd. (jortel at redhat.com)
- Replace BlackList with python set. (jortel at redhat.com)
- Add progress reporting; watchdog enhancements. (jortel at redhat.com)
- remove f15 and add f18 to tito releaser. (jortel at redhat.com)
* Tue Jul 31 2012 Jeff Ortel <jortel at redhat.com> 0.71-1
- Port ruby-gofer to rubygem-qpid. (jortel at redhat.com)
- Make /usr/share/gofer/plugins the primary plugin location. Based on fedora
packaging guidelines referencing FHS standards. (jortel at redhat.com)
- Discontinue {_libdir} macro for plugins. (jortel at redhat.com)
* Tue Jun 12 2012 Jeff Ortel <jortel at redhat.com> 0.70-1
- Refit mocks for reparent of Envelope & Options to (object).
(jortel at redhat.com)
* Fri Jun 8 2012 Jeff Ortel <jortel at redhat.com> 0.69-1
- 829767 - fix simplejons 2.2+ issue (fedora 17). Envelope/Options rebased on
object rather than dict. (jortel at redhat.com)
- Add whiteboard. (jortel at redhat.com)
- Fixed 'Undefined variable (s) in XBindings.__bindings(). (jortel at redhat.com)
* Thu Apr 26 2012 Jeff Ortel <jortel at redhat.com> 0.68-1
- Refit watchdog plugin; set journal location; skip directories in journal dir.
(jortel at redhat.com)
- Make the watchdog journal directory configurable. (jortel at redhat.com)
- Add Broker.touch() and rename Topic.binding(). (jortel at redhat.com)
- Better support for durable topic subscription. Queue bindings to specified
exchanges. (jortel at redhat.com)
* Fri Mar 16 2012 Jeff Ortel <jortel at redhat.com> 0.67-1
- Add (trace) attribute to propagated exceptions. (jortel at redhat.com)
- Add traceback info to propagated exceptions as: Exception.trace.
(jortel at redhat.com)
- Add support for __getitem__ in container and stub. (jortel at redhat.com)
- Refactor to crypto (delegate) interface. (jortel at redhat.com)
- Support multiple security decorators. (jortel at redhat.com)
- perf: asynchronous ack(); tcp_nodelay. (jortel at redhat.com)
- Rename 'delayed/trigger' policy property to match option. (jortel at redhat.com)
- Rename 'delayed' option to: 'trigger'. (jortel at redhat.com)
- option 'delayed' implies asynchronous RMI. (jortel at redhat.com)
- fix for tito compat. (jortel at redhat.com)
- bridge: clean debug prints; make gateway a thread. (jortel at redhat.com)
- Add tcp bridge (experimental). (jortel at redhat.com)
- Add support for delayed trigger asynchronous RMI. (jortel at redhat.com)
- Add fedora releaser. (jortel at redhat.com)
- support setting producer uuid; HMAC enhancements. (jortel at redhat.com)
- rel-eng: rename redhat releaser. (jortel at redhat.com)
--------------------------------------------------------------------------------
================================================================================
innotop-1.9.0-2.fc16 (FEDORA-2012-15497)
A MySQL and InnoDB monitor program
--------------------------------------------------------------------------------
Update Information:
Update to version 1.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2012 Eduardo Echeverria <echevemaster at fedoraproject.org> 1.9.0-2
- Add BuildRequires
* Fri Sep 21 2012 Luis Bazan <lbazan at fedoraproject.org> 1.9.0-1
- New Upstream version
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Jul 10 2012 Luis Bazan <lbazan at fedoraproject.org> - 1.8.1-4
- back to original state man3 and man1
* Tue Jul 10 2012 Luis Bazan <lbazan at fedoraproject.org> - 1.8.1-3
- remove man3
* Tue Jul 10 2012 Luis Bazan <lbazan at fedoraproject.org> - 1.8.1-2
- Change man3 and man1
* Mon Jul 9 2012 Luis Bazán <lbazan at fedoraproject.org> - 1.8.1-1
- New Upstream Version 1.8.1
* Sun Jun 17 2012 Petr Pisar <ppisar at redhat.com> - 1.6.0-10
- Perl 5.16 rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
jetty-6.1.26-9.fc16 (FEDORA-2012-15509)
The Jetty Webserver and Servlet Container
--------------------------------------------------------------------------------
Update Information:
This update fixes a bug that caused jetty user and group to be removed and not recreated during package upgrade and allows default JETTY_PORT to be overridden in jetty.conf.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2012 Mikolaj Izdebski <mizdebsk at redhat.com> - 6.1.26-9
- Allow to override the default JETTY_PORT, resolves: rhbz#826551
- Don't delete jetty user on package erase, resolves: rhbz#857708
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #826551 - Allow to override the default JETTY_PORT jetty.conf
https://bugzilla.redhat.com/show_bug.cgi?id=826551
[ 2 ] Bug #857708 - missing jetty user
https://bugzilla.redhat.com/show_bug.cgi?id=857708
--------------------------------------------------------------------------------
================================================================================
kde-plasma-networkmanagement-0.9.0.5-1.fc16 (FEDORA-2012-15489)
NetworkManager KDE 4 integration
--------------------------------------------------------------------------------
Update Information:
New stable release 0.9.0.5, for details see http://lamarque-lvs.blogspot.cz/2012/09/plasma-nm-0905.html
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 1 2012 Rex Dieter <rdieter at fedoraproject.org> 0.9.0.5-1
- 0.9.0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #832893 - Password dialog is missing password field
https://bugzilla.redhat.com/show_bug.cgi?id=832893
--------------------------------------------------------------------------------
================================================================================
mdadm-3.2.5-10.fc16 (FEDORA-2012-15485)
The mdadm program controls Linux md devices (software RAID arrays)
--------------------------------------------------------------------------------
Update Information:
This is an update to the mdadm package.
This update clarifies some issues around licenses in the source code files. There are no code changes compared to the prior release.
All users of mdadm are encouraged to upgrade.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 3 2012 Jes Sorensen <Jes.Sorensen at redhat.com> - 3.2.5-10
- Fix mistake where Fedora 18 systemd macro changes were incorrectly
pulled into the Fedora 16 and Fedora 17 updates of mdadm.
* Wed Oct 3 2012 Jes Sorensen <Jes.Sorensen at redhat.com> - 3.2.5-9
- Resolve issue with ambiguous licenses
- Resolves bz862761
* Mon Sep 10 2012 Jes Sorensen <Jes.Sorensen at redhat.com> - 3.2.5-8
- Switch to using new systemd macros for F18+
- Resolves bz850202
* Thu Aug 2 2012 Jes Sorensen <Jes.Sorensen at redhat.com> - 3.2.5-7
- Remove bogus rogue patch applied in 3.2.5-5 with justification and
without following the structure of the mdadm package.
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.2.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 18 2012 Karsten Hopp <karsten at redhat.com> 3.2.5-5
- include <linux/types.h> in some to avoid type clashes.
same problem as rhbz #840902
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #862761 - Source file license ambiguities
https://bugzilla.redhat.com/show_bug.cgi?id=862761
--------------------------------------------------------------------------------
================================================================================
oxygen-gtk2-1.3.1-1.fc16 (FEDORA-2012-15503)
Oxygen GTK+2 theme
--------------------------------------------------------------------------------
Update Information:
oxygen-gtk2-v1.3.1, oxygen-gtk3-v1.1.1
- thread-proof timers used for transitions and animations
- Safer code for Groupbox appearance
- proper rendering of flat GtkEntries
- honor custom color for menu background
- more testing options for the demo application
See https://projects.kde.org/news/170
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2012 Alexey Kurov <nucleo at fedoraproject.org> - 1.3.1-1
- oxygen-gtk2-1.3.1
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #851846 - [abrt] nntpgrab-gui-0.7.2-1.fc17: gtk_widget_compute_expand: Process /usr/bin/nntpgrab_gui was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=851846
--------------------------------------------------------------------------------
================================================================================
oxygen-gtk3-1.1.1-1.fc16 (FEDORA-2012-15503)
Oxygen GTK+3 theme
--------------------------------------------------------------------------------
Update Information:
oxygen-gtk2-v1.3.1, oxygen-gtk3-v1.1.1
- thread-proof timers used for transitions and animations
- Safer code for Groupbox appearance
- proper rendering of flat GtkEntries
- honor custom color for menu background
- more testing options for the demo application
See https://projects.kde.org/news/170
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2012 Alexey Kurov <nucleo at fedoraproject.org> - 1:1.1.1-1
- oxygen-gtk3-1.1.1
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:1.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #851846 - [abrt] nntpgrab-gui-0.7.2-1.fc17: gtk_widget_compute_expand: Process /usr/bin/nntpgrab_gui was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=851846
--------------------------------------------------------------------------------
================================================================================
perl-HTML-Template-Pro-0.9509-1.fc16 (FEDORA-2012-15482)
Perl/XS module to use HTML Templates from CGI scripts
--------------------------------------------------------------------------------
Update Information:
This version of HTML::Template::Pro fixes a cross-site scripting (XSS) vulnerability in the module.
http://www.openwall.com/lists/oss-security/2011/12/19/1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Emmanuel Seyman <emmanuel at seyman.fr> - 0.9509-1
- Update to 0.9509 (CVE-2011-4616, #773453)
- Add default perl filter
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #768822 - CVE-2011-4616 perl-HTML-Template-Pro: XSS issue
https://bugzilla.redhat.com/show_bug.cgi?id=768822
--------------------------------------------------------------------------------
================================================================================
python-odict-1.5.0-4.fc16 (FEDORA-2012-15495)
Ordered dictionary
--------------------------------------------------------------------------------
Update Information:
Version 1.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #862853 - Review Request: python-odict - Ordered dictionary
https://bugzilla.redhat.com/show_bug.cgi?id=862853
--------------------------------------------------------------------------------
================================================================================
ruby-1.8.7.358-4.fc16 (FEDORA-2012-15507)
An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:
Some security flaws were found on ruby currently shipped on Fedora 17 where malicious user can bypass safe mechanize by raising exception intentionally and make arbitrary strings tainted. This flaw were now registered as CVE-2012-4464 and CVE-2012-4466.
Note that CVE-2012-4464 is basically the same as CVE-2011-1005, which was supposed to be already fixed on ruby 1.8.x branch but it proved that the fix was incomplete.
This new rpm will fix the above issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Mamoru Tasaka <mtasaka at fedoraproject.org> - 1.8.7.358-4
- Also backport fix for the left part of CVE-2011-1005 (causing the
same issue as CVE-2012-4464)
(Vít Ondruch <vondruch at redhat.com>)
* Thu Oct 4 2012 Mamoru Tasaka <mtasaka at fedoraproject.org> - 1.8.7.358-3
- Backport fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #862907 - CVE-2012-4464 CVE-2012-4466 ruby: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=862907
--------------------------------------------------------------------------------
More information about the test
mailing list