Fedora 18 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Dec 20 02:08:57 UTC 2013
The following Fedora 18 Security updates need testing:
Age URL
26 https://admin.fedoraproject.org/updates/FEDORA-2013-21875/389-ds-base-1.3.0.9-1.fc18
12 https://admin.fedoraproject.org/updates/FEDORA-2013-22949/net-snmp-5.7.2-7.fc18
9 https://admin.fedoraproject.org/updates/FEDORA-2013-23122/firefox-26.0-2.fc18,xulrunner-26.0-1.fc18
9 https://admin.fedoraproject.org/updates/FEDORA-2013-23140/python-setuptools-0.6.49-1.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2013-23291/thunderbird-24.2.0-2.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2013-23299/libreswan-3.7-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-23378/openttd-1.3.3-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-23401/v8-3.14.5.10-3.fc18
3 https://admin.fedoraproject.org/updates/FEDORA-2013-23466/xen-4.2.3-12.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-23504/quagga-0.99.21-6.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23591/seamonkey-2.23-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23646/perl-Proc-Daemon-0.14-9.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23575/ca-certificates-2013.1.95-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23662/rubygem-actionpack-3.2.8-4.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23663/ibus-chewing-1.4.4-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23678/gnupg-1.4.16-2.fc18
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
313 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18
12 https://admin.fedoraproject.org/updates/FEDORA-2013-22918/opus-1.1-1.fc18
12 https://admin.fedoraproject.org/updates/FEDORA-2013-22917/colord-1.0.5-1.fc18
9 https://admin.fedoraproject.org/updates/FEDORA-2013-23122/firefox-26.0-2.fc18,xulrunner-26.0-1.fc18
9 https://admin.fedoraproject.org/updates/FEDORA-2013-23140/python-setuptools-0.6.49-1.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2013-23291/thunderbird-24.2.0-2.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2013-23312/dracut-029-1.fc18.3
6 https://admin.fedoraproject.org/updates/FEDORA-2013-23306/abrt-2.1.10-1.fc18,libreport-2.1.10-1.fc18,satyr-0.12-1.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2013-23297/libfm-1.1.4-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-23381/cryptsetup-1.6.3-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23598/fedora-release-18-6
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23575/ca-certificates-2013.1.95-1.fc18
The following builds have been pushed to Fedora 18 updates-testing
caja-actions-1.6.2-2.fc18
fedora-release-18-6
g2clib-1.4.0-3.fc18
ghc-numbers-3000.2.0.0-1.fc18
gnupg-1.4.16-2.fc18
ibus-chewing-1.4.4-1.fc18
opendkim-2.9.0-2.fc18
perl-Proc-Daemon-0.14-9.fc18
python-caja-1.4.0-4.fc18
rubygem-actionpack-3.2.8-4.fc18
seamonkey-2.23-1.fc18
tuxcut-5.1-1.fc18
tzdata-2013i-1.fc18
vrq-1.0.97-1.fc18
youtube-dl-2013.12.17.2-1.fc18
Details about builds:
================================================================================
caja-actions-1.6.2-2.fc18 (FEDORA-2013-23649)
Caja extension for customizing the context menu
--------------------------------------------------------------------------------
Update Information:
- update for rename caja in f21
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.6.2-2
- update for rename caja in f21
--------------------------------------------------------------------------------
================================================================================
fedora-release-18-6 (FEDORA-2013-23598)
Fedora release files
--------------------------------------------------------------------------------
Update Information:
- fix up urls
- reenable 7d metadat cache expiry for fedora repo
- add f20 gpgkeys and update symlinks
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Dennis Gilmore <dennis at ausil.us> - 18-6
- actually commit all the changes
* Wed Dec 18 2013 Dennis Gilmore <dennis at ausil.us> - 18-5
- add to git the archmap file
* Wed Dec 18 2013 Dennis Gilmore <dennis at ausil.us> - 18-4
- fix up urls
* Wed Dec 18 2013 Dennis Gilmore <dennis at ausil.us> - 18-3
- reenable 7d metadat cache expiry for fedora repo
* Wed Dec 18 2013 Dennis Gilmore <dennis at ausil.us> - 18-2
- add f20 gpgkeys and update symlinks
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1040689 - GPG keys for F19 and F20 needed for upgrades
https://bugzilla.redhat.com/show_bug.cgi?id=1040689
--------------------------------------------------------------------------------
================================================================================
g2clib-1.4.0-3.fc18 (FEDORA-2013-23640)
GRIB2 encoder/decoder and search/indexing routines in C
--------------------------------------------------------------------------------
Update Information:
- Update to 1.4.0
- Add patch to fix possible segfault after calling simunpack with 0 values to unpack
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 10 2013 Orion Poplawski <orion at cora.nwra.com> - 1.4.0-3
- Update to 1.4.0
- Rebase templates patch
- Add patch to fix possible segfault after calling simunpack with 0 values to
unpack
--------------------------------------------------------------------------------
================================================================================
ghc-numbers-3000.2.0.0-1.fc18 (FEDORA-2013-23651)
Instances of numerical classes for numbers
--------------------------------------------------------------------------------
Update Information:
Updated to 3000.2.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 3000.2.0.0-1
- new upstream version 3000.2.0.0
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3000.1.0.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jun 7 2013 Jens Petersen <petersen at redhat.com> - 3000.1.0.3-2
- update to new simplified Haskell Packaging Guidelines
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018672 - ghc-numbers-3000.2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1018672
--------------------------------------------------------------------------------
================================================================================
gnupg-1.4.16-2.fc18 (FEDORA-2013-23678)
A GNU utility for secure communication and data storage
--------------------------------------------------------------------------------
Update Information:
What's New
===========
* Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
See <http://www.cs.tau.ac.il/~tromer/acoustic/>.[CVE-2013-4576]
* Put only the major version number by default into armored output.
* Do not create a trustdb file if --trust-model=always is used.
* Print the keyid for key packets with --list-packets.
* Changed modular exponentiation algorithm to recover from a small performance loss due to a change in 1.4.14.
Impact of the security problem
==============================
CVE-2013-4576 has been assigned to this security bug.
The paper describes two attacks.The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption.This is in general not a problem but may be used to reveal the information that a message, encrypted to a commonly not used key, has been received by the targeted machine.We do not have a software solution to mitigate this attack.
The second attack is more serious. It is an adaptive chosen ciphertext attack to reveal the private key. A possible scenario is that the attacker places a sensor (for example a standard smartphone) in the vicinity of the targeted machine. That machine is assumed to do unattended RSA decryption of received mails, for example by using a mail client which speeds up browsing by opportunistically decrypting mails expected to be read soon.While listening to the acoustic emanations of the targeted machine, the smartphone will send new encrypted messages to that machine and re-construct the private key bit by bit.A 4096 bit RSA key used on a laptop can be revealed within an hour.
GnuPG 1.4.16 avoids this attack by employing RSA blinding during decryption.GnuPG 2.x and current Gpg4win versions make use of Libgcrypt which employs RSA blinding anyway and are thus not vulnerable.
For the highly interesting research on acoustic cryptanalysis and the details of the attack see http://www.cs.tau.ac.il/~tromer/acoustic/ .
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Peter Robinson <pbrobinson at fedoraproject.org> 1.4.16-2
- New upstream v1.4.16
fixes for CVE-2013-4576
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1044402 - gnupg-1.4.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1044402
--------------------------------------------------------------------------------
================================================================================
ibus-chewing-1.4.4-1.fc18 (FEDORA-2013-23663)
The Chewing engine for IBus input platform
--------------------------------------------------------------------------------
Update Information:
- Resolves Bug 842856 - ibus-chewing 1.4.3-1 not built with $RPM_OPT_FLAGS
- Resolves Bug 1027030 - CVE-2013-4509 ibus-chewing: ibus: visible
password entry flaw [fedora-all]
Thanks czchen for the GitHub pull request 39.
- Added translations: fr_FR, ja_JP, ko_KR
- Adopt cmake-fedora-1.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Ding-Yi Chen <dchen at redhat.com> - 1.4.4-1
- Resolves Bug 842856 - ibus-chewing 1.4.3-1 not built with $RPM_OPT_FLAGS
- Resolves Bug 1027030 - CVE-2013-4509 ibus-chewing: ibus: visible
password entry flaw [fedora-all]
Thanks czchen for the GitHub pull request 39.
- Added translations: fr_FR, ja_JP, ko_KR
- Adopt cmake-fedora-1.2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #842856 - ibus-chewing 1.4.3-1 not built with $RPM_OPT_FLAGS
https://bugzilla.redhat.com/show_bug.cgi?id=842856
[ 2 ] Bug #1027030 - CVE-2013-4509 ibus-chewing: ibus: visible password entry flaw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1027030
--------------------------------------------------------------------------------
================================================================================
opendkim-2.9.0-2.fc18 (FEDORA-2013-23672)
A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
--------------------------------------------------------------------------------
Update Information:
- Updating to new upstream 2.9.0 for all build version
- Fixing some minor bugs for systemd users.
* Sun Nov 3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers
* Sun Nov 3 2013 Ville Skytta <ville.skytta at iki.fi> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).
* Sat Aug 03 2013 Petr Pisar <ppisar at redhat.com> - 2.8.4-2
- Perl 5.18 rebuild
* Sun Nov 3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers
* Sun Nov 3 2013 Ville Skytta <ville.skytta at iki.fi> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).
* Sat Aug 03 2013 Petr Pisar <ppisar at redhat.com> - 2.8.4-2
- Perl 5.18 rebuild
* Sun Nov 3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers
* Sun Nov 3 2013 Ville Skytta <ville.skytta at iki.fi> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).
* Sat Aug 03 2013 Petr Pisar <ppisar at redhat.com> - 2.8.4-2
- Perl 5.18 rebuild
* Sun Nov 3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers
* Sun Nov 3 2013 Ville Skytta <ville.skytta at iki.fi> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).
* Sat Aug 03 2013 Petr Pisar <ppisar at redhat.com> - 2.8.4-2
- Perl 5.18 rebuild
* Sun Nov 3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers
* Sun Nov 3 2013 Ville Skytta <ville.skytta at iki.fi> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).
* Sat Aug 03 2013 Petr Pisar <ppisar at redhat.com> - 2.8.4-2
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Steve Jenkins <steve stevejenkins com> - 2.9.0-2
- Patch adds user and group to systemd service file (Thx jcosta at redhat.com)
- Changed default ownership of /etc/opendkim/keys directory to opendkim user
* Wed Dec 18 2013 Steve Jenkins <steve stevejenkins com> - 2.9.0-1
- Updated to use newer upstream 2.9.0 source code
- Added libbsd-devel to Build Requires
- Removed listrl references from libopendkim files section (handled by libbsd-devel)
* Sun Nov 3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers
* Sun Nov 3 2013 Ville Skytta ville.skytta at iki.fi> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).
* Sat Aug 3 2013 Petr Pisar <ppisar at redhat.com> - 2.8.4-2
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1041546 - opendkim.service needs user/group
https://bugzilla.redhat.com/show_bug.cgi?id=1041546
[ 2 ] Bug #993997 - opendkim possibly affected by F-20 unversioned docdir change
https://bugzilla.redhat.com/show_bug.cgi?id=993997
--------------------------------------------------------------------------------
================================================================================
perl-Proc-Daemon-0.14-9.fc18 (FEDORA-2013-23646)
Run Perl program as a daemon process
--------------------------------------------------------------------------------
Update Information:
Add patch from debian to fix pidfile with mode 666 CVE-2013-7135
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Remi Collet <remi at fedoraproject.org> 0.14-9
- fix pidfile with mode 666, patch from debian, CVE-2013-7135
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1043872 - CVE-2013-7135 perl-Proc-Daemon: writes pidfile with mode 666
https://bugzilla.redhat.com/show_bug.cgi?id=1043872
--------------------------------------------------------------------------------
================================================================================
python-caja-1.4.0-4.fc18 (FEDORA-2013-23655)
Python bindings for Caja
--------------------------------------------------------------------------------
Update Information:
- rebuild for caja rename in f21
- add python2 stacks
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1:1.4.0-4
- rebuild for caja rename in f21
- add python2 stacks
--------------------------------------------------------------------------------
================================================================================
rubygem-actionpack-3.2.8-4.fc18 (FEDORA-2013-23662)
Web-flow and rendering framework putting the VC in MVC
--------------------------------------------------------------------------------
Update Information:
Includes security patches for:
- CVE-2013-6417 - Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
- CVE-2013-4491 - Reflective XSS Vulnerability in Ruby on Rails
- CVE-2013-6415 - XSS Vulnerability in number_to_currency
- CVE-2013-6414 - Denial of Service Vulnerability in Action View
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 16 2013 Josef Stribny <jstribny at redhat.com> - 1:3.2.8-4
- Fixes for CVE-2013-6417, CVE-2013-4491, CVE-2013-6415, CVE-2013-6414
--------------------------------------------------------------------------------
================================================================================
seamonkey-2.23-1.fc18 (FEDORA-2013-23591)
Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.23
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Dmitry Butskoy <Dmitry at Butskoy.name> 2.23-1
- update to 2.23
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1043100 - seamonkey-2.23 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043100
--------------------------------------------------------------------------------
================================================================================
tuxcut-5.1-1.fc18 (FEDORA-2013-23585)
Arpspoof attacks protector
--------------------------------------------------------------------------------
Update Information:
Fix the remove issue.
Fix delay time when closing the application sometimes.
Enhance the application launcher.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 12 2013 Mosaab Alzoubi <moceap at hotmail.com> - 5.1-1
- Update release.
- New upstream URL method.
- Tweak %prep for new release.
- Use upstream icon.
- Update bin/tuxcut.
--------------------------------------------------------------------------------
================================================================================
tzdata-2013i-1.fc18 (FEDORA-2013-23590)
Timezone data
--------------------------------------------------------------------------------
Update Information:
- Rebase with early release of 2013i from Paul Eggert github.
- Jordan switches back to standard time at 00:00 on December 20,2013.
- The 2006-2011 transition schedule is planned to resume in 2014.
- The compile-time flag NOSOLAR has been removed.
- The files solar87, solar88, and solar89 are no longer distributed.
- tz-link.htm now mentions Noda Time.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Patsy Franklin <pfrankli at redhat.com> 2013i-1
- Rebase with early release of 2013i from Paul Eggert github.
- Jordan switches back to standard time at 00:00 on December 20,2013.
- The 2006-2011 transition schedule is planned to resume in 2014.
- The compile-time flag NOSOLAR has been removed.
- The files solar87, solar88, and solar89 are no longer distributed.
- tz-link.htm now mentions Noda Time.
--------------------------------------------------------------------------------
================================================================================
vrq-1.0.97-1.fc18 (FEDORA-2013-23643)
Verilog tool framework with plugins for manipulating source code
--------------------------------------------------------------------------------
Update Information:
Updated to 1.0.97.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 18 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 1.0.97-1
- Updated to 1.0.97
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #987435 - vrq-1.0.97 is available
https://bugzilla.redhat.com/show_bug.cgi?id=987435
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2013.12.17.2-1.fc18 (FEDORA-2013-23679)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
youtube-dl-2013.12.17.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 19 2013 Christopher Meng <rpm at cicku.me> - 2013.12.17.2-1
- Update to 2013.12.17.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1039524 - youtube-dl-2013.12.17.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1039524
--------------------------------------------------------------------------------
More information about the test
mailing list