Fedora 18 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jul 2 00:36:46 UTC 2013
The following Fedora 18 Security updates need testing:
Age URL
174 https://admin.fedoraproject.org/updates/FEDORA-2013-0416/fedora-business-cards-1-0.1.beta1.fc18
107 https://admin.fedoraproject.org/updates/FEDORA-2013-3935/puppet-3.1.1-1.fc18
101 https://admin.fedoraproject.org/updates/FEDORA-2013-4243/stunnel-4.55-1.fc18
88 https://admin.fedoraproject.org/updates/FEDORA-2013-4823/microcode_ctl-2.0-3.fc18
72 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18
31 https://admin.fedoraproject.org/updates/FEDORA-2013-9707/livecd-tools-18.16-2.fc18
27 https://admin.fedoraproject.org/updates/FEDORA-2013-9962/subversion-1.7.10-1.fc18
10 https://admin.fedoraproject.org/updates/FEDORA-2013-11419/python-bugzilla-0.9.0-1.fc18
8 https://admin.fedoraproject.org/updates/FEDORA-2013-10713/openstack-keystone-2012.2.4-5.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-11574/curl-7.27.0-11.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2013-11630/wordpress-3.5.2-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-11768/xen-4.2.2-9.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-11396/glpi-0.83.9.1-1.fc18
3 https://admin.fedoraproject.org/updates/FEDORA-2013-11646/ReviewBoard-1.7.11-1.fc18
3 https://admin.fedoraproject.org/updates/FEDORA-2013-11874/xen-4.2.2-10.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-12108/gegl-0.2.0-11.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-12123/ruby-1.9.3.448-31.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-11998/php-pecl-radius-1.2.7-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-12032/autotrace-0.31.1-34.fc18
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
142 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18
22 https://admin.fedoraproject.org/updates/FEDORA-2013-10428/NetworkManager-0.9.8.2-1.fc18,network-manager-applet-0.9.8.2-1.fc18
11 https://admin.fedoraproject.org/updates/FEDORA-2013-11278/make-3.82-14.fc18
10 https://admin.fedoraproject.org/updates/FEDORA-2013-11419/python-bugzilla-0.9.0-1.fc18
8 https://admin.fedoraproject.org/updates/FEDORA-2013-11498/binutils-2.23.51.0.1-10.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-11574/curl-7.27.0-11.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2013-11629/unzip-6.0-10.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-11749/gnome-shell-3.6.3.1-2.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-11757/xorg-x11-drv-synaptics-1.6.4-2.fc18
3 https://admin.fedoraproject.org/updates/FEDORA-2013-11864/gnome-packagekit-3.6.2-2.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-12117/lcms2-2.5-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-11995/kernel-3.9.8-200.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-11959/procps-ng-3.3.3-6.20120807git.fc18
The following builds have been pushed to Fedora 18 updates-testing
dpkg-1.16.10-6.fc18
dsqlite-1.1.1-1.fc18
f1lt-2.1.1-1.fc18
gegl-0.2.0-11.fc18
ladvd-1.0.4-3.fc18
lcms2-2.5-1.fc18
mate-file-archiver-1.6.0-2.fc18
mate-file-manager-1.6.1-9.fc18
maven-javadoc-plugin-2.9.1-1.fc18.1
mingw-glew-1.9.0-5.fc18
openlmi-providers-0.0.25-2.fc18
php-PHP-CSS-Parser-5.0.6-1.fc18
php-channel-nrk-1.3-1.fc18
php-pecl-apcu-4.0.1-1.fc18
php-pecl-propro-0.1.0-1.fc18
php-pecl-raphf-0.1.0-1.fc18
python-fsmonitor-0.1-1.fc18
python-py-1.4.15-1.fc18
python-rsa-3.1.1-2.fc18
quiterss-0.13.1-1.fc18
rekonq-2.3.2-1.fc18
ruby-1.9.3.448-31.fc18
springframework-security-3.1.4-1.fc18
tweepy-2.0-1.fc18
vanityhash-1.1-1.fc18
Details about builds:
================================================================================
dpkg-1.16.10-6.fc18 (FEDORA-2013-12120)
Package maintenance system for Debian Linux
--------------------------------------------------------------------------------
Update Information:
add support to logrotate and minor spec enhancements.
8 fixes in rpm .spec
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 1 2013 Sérgio Basto <sergio at serjux.com> - 1.16.10-6
- add support to logrotate, by Oron Peled, rhbz #979378
- added some new %doc and debian/copyright, by Oron Peled, rhbz #979378
- rpmlint cleanups, by Oron Peled, rhbz #979378
* Sun Jun 30 2013 Sérgio Basto <sergio at serjux.com> - 1.16.10-5
- rhbz #979378
- Obsolete the old dpkg-devel.noarch (replaced by dpkg-dev)
(Obsoletes: dpkg-devel < 1.16)
- Readd to dpkg-perl: Requires: dpkg = <version>-<release>
- Patchset Signed-off-by: Oron Peled
- [PATCH 1/4] move dpkg.cfg from /etc to /etc/dpkg
- [PATCH 2/4] fix some pkgdatadir, pkgconfdir file locations
- [PATCH 3/4] move "dpkg-dev.mo" files to dpkg-perl
- [PATCH 4/4] minor fix to dpkg-perl ownerships
- move from dpkg to dpkg-dev, rhbz #979378
- dpkg-mergechangelogs and its man-pages
- dpkg-buildflags and its man-pages
- remove man pages dups, also rhbz #979378
dpkg-architecture.1.gz
dpkg-buildflags.1.gz
dpkg-buildpackage.1.gz
dpkg-checkbuilddeps.1.gz
dpkg-distaddfile.1.gz
dpkg-genchanges.1.gz
dpkg-gencontrol.1.gz
dpkg-gensymbols.1.gz
dpkg-mergechangelogs.1.gz
dpkg-name.1.gz
dpkg-parsechangelog.1.gz
dpkg-scanpackages.1.gz
dpkg-scansources.1.gz
dpkg-shlibdeps.1.gz
dpkg-source.1.gz
dpkg-vendor.1.gz
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #979378 - Upgrade problem from dpkg* < 1.16 to dpkg* >= 1.16
https://bugzilla.redhat.com/show_bug.cgi?id=979378
--------------------------------------------------------------------------------
================================================================================
dsqlite-1.1.1-1.fc18 (FEDORA-2013-12133)
High level library around SQLite for D language
--------------------------------------------------------------------------------
Update Information:
Merge 1.1.1 changes and fix typo
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 28 2013 Christophe Burgun <jouty at fedoraproject.org> 1.1.1-1
- Update dsqlite version
- Change Source0 Url
- Fix prep section with right name
- Fix so files
* Sun Feb 17 2013 Christophe Burgun <jouty at fedoraproject.org> 1.0-5
- Fix summary and description
- Fix -l fr
--------------------------------------------------------------------------------
================================================================================
f1lt-2.1.1-1.fc18 (FEDORA-2013-12107)
Unofficial Formula 1 live timing application
--------------------------------------------------------------------------------
Update Information:
Update to 2.1.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 30 2013 Antonio Trande <sagitter at fedoraproject.org> 2.1.1-1
- Update to 2.1.1
* Sun Jun 9 2013 Antonio Trande <sagitter at fedoraproject.org> 2.1.0-1
- Update to 2.1.0
--------------------------------------------------------------------------------
================================================================================
gegl-0.2.0-11.fc18 (FEDORA-2013-12108)
A graph based image processing framework
--------------------------------------------------------------------------------
Update Information:
This update contains the following changes:
* Fix buffer overflow in and add plausibility checks to the ppm-load operation.
* Fix multi-lib issue where content of generated documentation could differ between architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 1 2013 Nils Philippsen <nils at redhat.com> - 0.2.0-11
- replace lua-5.2 patch by upstream commit
- fix buffer overflow in and add plausibility checks to ppm-load op
(CVE-2012-4433)
- fix multi-lib issue in generated documentation
* Wed May 15 2013 Tom Callaway <spot at fedoraproject.org> - 0.2.0-10
- rebuild for lua 5.2
- disable check suite (so broken)
* Sun Mar 10 2013 Rex Dieter <rdieter at fedoraproject.org> - 0.2.0-9
- rebuild (OpenEXR)
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 0.2.0-7
- rebuild due to "jpeg8-ABI" feature drop
* Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 0.2.0-6
- rebuild against new libjpeg
* Fri Oct 19 2012 Nils Philippsen <nils at redhat.com> - 0.2.0-5
- don't catch "make check" errors but skip known problematic tests
* Fri Oct 19 2012 Nils Philippsen <nils at redhat.com> - 0.2.0-4
- don't require lensfun-devel for building without workshop ops
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856300 - CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
https://bugzilla.redhat.com/show_bug.cgi?id=856300
--------------------------------------------------------------------------------
================================================================================
ladvd-1.0.4-3.fc18 (FEDORA-2013-12137)
CDP/LLDP sender for UNIX
--------------------------------------------------------------------------------
Update Information:
Fixes SELinux AVC about /etc/passwd access.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 1 2013 Tomasz Torcz <ttorcz at fedoraproject.org> - 1.0.4-3
- selinux policy: allow /etc/passwd read ti find out about unpriviledged user (#975959)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #975959 - SELinux is preventing /usr/sbin/ladvd from 'read' accesses on the file /etc/passwd.
https://bugzilla.redhat.com/show_bug.cgi?id=975959
--------------------------------------------------------------------------------
================================================================================
lcms2-2.5-1.fc18 (FEDORA-2013-12117)
Color Management Engine
--------------------------------------------------------------------------------
Update Information:
- Update to new upstream version.
- Added a reference for Mac MLU tag
- Added a way to read the profile creator from header
- Added error descriptions on cmsSmoothToneCurve
- Added identity curves support for write V2 LUT
- Added new cmsPlugInTHR() and fixed some race conditions
- Added TIFF Lab16 handling on tifficc
- Fixed a bug on big endian platforms not supporting uint64 or long long.
- Fixed a multithead bug on optimization
- Fixed devicelink generation for 8 bits
- Fixed some 64 bit warnings on size_t to uint32 conversions
- Rendering intent used when creating the transform is now propagated to profile
- RGB profiles store only one copy of the curve to save space
- Transform2Devicelink now keeps white point when guessing deviceclass is enabled
- Update black point detection algorithm to reflect ICC changes
- User defined parametric curves can now be saved in ICC profiles
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 1 2013 Richard Hughes <richard at hughsie.com> 2.5-1
- Update to new upstream version.
- Added a reference for Mac MLU tag
- Added a way to read the profile creator from header
- Added error descriptions on cmsSmoothToneCurve
- Added identity curves support for write V2 LUT
- Added new cmsPlugInTHR() and fixed some race conditions
- Added TIFF Lab16 handling on tifficc
- Fixed a bug on big endian platforms not supporting uint64 or long long.
- Fixed a multithead bug on optimization
- Fixed devicelink generation for 8 bits
- Fixed some 64 bit warnings on size_t to uint32 conversions
- Rendering intent used when creating the transform is now propagated to profile
- RGB profiles store only one copy of the curve to save space
- Transform2Devicelink now keeps white point when guessing deviceclass is enabled
- Update black point detection algorithm to reflect ICC changes
- User defined parametric curves can now be saved in ICC profiles
--------------------------------------------------------------------------------
================================================================================
mate-file-archiver-1.6.0-2.fc18 (FEDORA-2013-12068)
MATE Desktop file archiver
--------------------------------------------------------------------------------
Update Information:
- https://github.com/mate-desktop/mate-file-archiver/issues/19,
- fix add folder to an existing archive
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 30 2013 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.6.0-2
- https://github.com/mate-desktop/mate-file-archiver/issues/19,
- fix add folder to existing archive
- remove BR gsettings-desktop-schemas
- remove BR glib2-devel
- remove needless gsettings convert file
--------------------------------------------------------------------------------
================================================================================
mate-file-manager-1.6.1-9.fc18 (FEDORA-2013-12090)
File manager for MATE
--------------------------------------------------------------------------------
Update Information:
- set autostart to false in caja-autostart, fix rhbz #969663
- add mate-file-manager_fix-radio-buttons.patch to fix rhbz #964357
- fix single-click 'behavior' for open files and folders
- add AutostartCondition to caja-autostart.desktop
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 1 2013 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.6.1-9
- set autostart to false in caja-autostart, fix rhbz #969663
- and #978598
* Sun Jun 30 2013 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.6.1-8
- add mate-file-manager_fix-radio-buttons.patch to fix rhbz #964357
- clean up BR's
- add runtime require hicolor-icon-theme
- revert 1.6.1-7 changes
* Thu Jun 20 2013 Dan Mashal <dan.mashal at fedoraproejct.org> - 1.6.1-7
- Try caja without the autostart file (886029)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #978598 - High CPU usage with MATE desktop
https://bugzilla.redhat.com/show_bug.cgi?id=978598
--------------------------------------------------------------------------------
================================================================================
maven-javadoc-plugin-2.9.1-1.fc18.1 (FEDORA-2013-12132)
Maven Javadoc Plugin
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream, fixes rhbz #979577, works around CVE-2013-1571
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 30 2013 Mat Booth <fedora at matbooth.co.uk> - 2.9.1-1.1
- Fix build deps for F18
* Sun Jun 30 2013 Mat Booth <fedora at matbooth.co.uk> - 2.9.1-1
- Update to latest upstream, fixes rhbz #979577, works around CVE-2013-1571
- Remove dep on jakarta-commons-httpclient
* Wed Apr 10 2013 Mikolaj Izdebski <mizdebsk at redhat.com> - 2.9-6
- Remove test dependencies from POM
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Feb 6 2013 Java SIG <java-devel at lists.fedoraproject.org> - 2.9-4
- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
- Replace maven BuildRequires with maven-local
* Tue Jan 8 2013 Mikolaj Izdebski <mizdebsk at redhat.com> - 2.9-3
- Add missing requires
- Resolves: rhbz#893166
* Mon Nov 26 2012 Stanislav Ochotnicky <sochotnicky at redhat.com> - 2.9-2
- Add LICENSE and NOTICE files to packages (#879605)
- Add dependency exclusion to make enforcer happy
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #979577 - maven-javadoc-plugin-2.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=979577
--------------------------------------------------------------------------------
================================================================================
mingw-glew-1.9.0-5.fc18 (FEDORA-2013-12084)
MinGW Windows GLEW library
--------------------------------------------------------------------------------
Update Information:
Rebuild with fix for FTBFS on i686 hosts.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 30 2013 Sandro Mani <manisandro at gmail.com> - 1.9.0-5
- Don't strip glew.exe visualinfo.exe on install
--------------------------------------------------------------------------------
================================================================================
openlmi-providers-0.0.25-2.fc18 (FEDORA-2013-12109)
Set of basic CIM providers
--------------------------------------------------------------------------------
Update Information:
Again add registration of 05_LMI_Qualifiers.mof
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 28 2013 Roman Rakus <rrakus at redhat.com> - 0.0.25-2
- Againg add registration of 05_LMI_Qualifiers.mof
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #973233 - sfcbd process SEGV on openlmi lmiusers request
https://bugzilla.redhat.com/show_bug.cgi?id=973233
--------------------------------------------------------------------------------
================================================================================
php-PHP-CSS-Parser-5.0.6-1.fc18 (FEDORA-2013-12119)
A Parser for CSS Files
--------------------------------------------------------------------------------
Update Information:
PHP CSS Parser: a Parser for CSS Files written in PHP.
Allows extraction of CSS files into a data structure, manipulation of said structure and output as (optimized) CSS.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #969436 - Review Request: php-PHP-CSS-Parser - A Parser for CSS Files
https://bugzilla.redhat.com/show_bug.cgi?id=969436
--------------------------------------------------------------------------------
================================================================================
php-channel-nrk-1.3-1.fc18 (FEDORA-2013-12088)
Adds pear.nrk.io channel to PEAR
--------------------------------------------------------------------------------
Update Information:
This package adds the pear.nrk.io channel which allows PEAR packages from this channel to be installed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #970927 - Review Request: php-channel-nrk - Adds pear.nrk.io channel to PEAR
https://bugzilla.redhat.com/show_bug.cgi?id=970927
--------------------------------------------------------------------------------
================================================================================
php-pecl-apcu-4.0.1-1.fc18 (FEDORA-2013-12102)
APC User Cache
--------------------------------------------------------------------------------
Update Information:
APCu is userland caching: APC stripped of opcode caching in preparation for the deployment of Zend OPcache as the primary solution to opcode caching in future versions of PHP.
APCu has a revised and simplified codebase, by the time the PECL release is available, every part of APCu being used will have received review and where necessary or appropriate, changes.
Simplifying and documenting the API of APCu completely removes the barrier to maintenance and development of APCu in the future, and additionally allows us to make optimizations not possible previously because of APC's inherent complexity.
APCu only supports userland caching (and dumping) of variables, providing an upgrade path for the future. When O+ takes over, many will be tempted to use 3rd party solutions to userland caching, possibly even distributed solutions; this would be a grave error. The tried and tested APC codebase provides far superior support for local storage of PHP variables.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #928196 - Review Request: php-pecl-apcu - APC User Cache
https://bugzilla.redhat.com/show_bug.cgi?id=928196
--------------------------------------------------------------------------------
================================================================================
php-pecl-propro-0.1.0-1.fc18 (FEDORA-2013-12114)
Property proxy
--------------------------------------------------------------------------------
Update Information:
A reusable split-off of pecl_http's property proxy API.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #974818 - Review Request: php-pecl-propro - Property proxy
https://bugzilla.redhat.com/show_bug.cgi?id=974818
--------------------------------------------------------------------------------
================================================================================
php-pecl-raphf-0.1.0-1.fc18 (FEDORA-2013-12087)
Resource and persistent handles factory
--------------------------------------------------------------------------------
Update Information:
A reusable split-off of pecl_http's persistent handle and resource factory API.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #974819 - Review Request: php-pecl-raphf - Resource and persistent handles factory
https://bugzilla.redhat.com/show_bug.cgi?id=974819
--------------------------------------------------------------------------------
================================================================================
python-fsmonitor-0.1-1.fc18 (FEDORA-2013-12081)
Filesystem Monitoring for Python
--------------------------------------------------------------------------------
Update Information:
python-fsmonitor 0.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #979847 - python-fsmonitor - Filesystem Monitoring for Python
https://bugzilla.redhat.com/show_bug.cgi?id=979847
--------------------------------------------------------------------------------
================================================================================
python-py-1.4.15-1.fc18 (FEDORA-2013-12100)
Library with cross-python path, ini-parsing, io, code, log facilities
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable version.
From the upstream changelog:
* majorly speed up some common calling patterns with LocalPath.listdir()/join/check/stat functions considerably.
* fix an edge case with fnmatch where a glob style pattern appeared in an absolute path.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 30 2013 Thomas Moschny <thomas.moschny at gmx.de> - 1.4.15-1
- Update to 1.4.15.
- Disable failing Subversion checks for now.
* Wed Jun 12 2013 Thomas Moschny <thomas.moschny at gmx.de> - 1.4.14-2
- Use python-sphinx for rhel > 6 (rhbz#973321).
- Update URL.
- Fix changelog entry with an incorrect date (rhbz#973325).
--------------------------------------------------------------------------------
================================================================================
python-rsa-3.1.1-2.fc18 (FEDORA-2013-12074)
Pure-Python RSA implementation
--------------------------------------------------------------------------------
Update Information:
python-rsa 3.1.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #965095 - python-rsa - Pure-Python RSA implementation
https://bugzilla.redhat.com/show_bug.cgi?id=965095
--------------------------------------------------------------------------------
================================================================================
quiterss-0.13.1-1.fc18 (FEDORA-2013-12116)
RSS/Atom aggregator
--------------------------------------------------------------------------------
Update Information:
Version bump.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 1 2013 TI_Eugene <ti.eugene at gmail.com> - 0.13.1-1
- Version bump
--------------------------------------------------------------------------------
================================================================================
rekonq-2.3.2-1.fc18 (FEDORA-2013-12130)
KDE browser based on QtWebkit
--------------------------------------------------------------------------------
Update Information:
Rekonq 2.3.2 release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 1 2013 Jan Grulich <jgrulich at redhat.com> 2.3.2-1
- 2.3.2
--------------------------------------------------------------------------------
================================================================================
ruby-1.9.3.448-31.fc18 (FEDORA-2013-12123)
An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:
A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority.
This vulnerability has been assigned the CVE identifier CVE-2013-4073.
This new update should solve this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 1 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 1.9.3.448-31
- Update to 1.9.3 p448
- Fix hostname check bypassing vulnerability in SSL client
(CVE-2013-4073)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #979295 - ruby: CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=979295
--------------------------------------------------------------------------------
================================================================================
springframework-security-3.1.4-1.fc18 (FEDORA-2013-12071)
Modular Java/J2EE application security framework
--------------------------------------------------------------------------------
Update Information:
Initial import (#882477).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #882477 - Review Request: springframework-security - Modular Java/J2EE application security framework
https://bugzilla.redhat.com/show_bug.cgi?id=882477
--------------------------------------------------------------------------------
================================================================================
tweepy-2.0-1.fc18 (FEDORA-2013-12093)
Twitter library for python
--------------------------------------------------------------------------------
Update Information:
Update tweepy to version 2.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 28 2013 rtnpro <rtnpro at gmail.com> 2.0-1
- Update to tweepy v2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #675104 - Review Request: tweepy - Twitter library for python
https://bugzilla.redhat.com/show_bug.cgi?id=675104
--------------------------------------------------------------------------------
================================================================================
vanityhash-1.1-1.fc18 (FEDORA-2013-12096)
Hexadecimal hash fragment creation tool
--------------------------------------------------------------------------------
Update Information:
Hexadecimal hash fragment creation tool.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #979370 - Review Request: vanityhash - Hexadecimal hash fragment creation tool
https://bugzilla.redhat.com/show_bug.cgi?id=979370
--------------------------------------------------------------------------------
More information about the test
mailing list