Fedora 17 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sun Jul 14 03:40:42 UTC 2013
The following Fedora 17 Security updates need testing:
Age URL
373 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17
185 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17
113 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17
108 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17
105 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17
38 https://admin.fedoraproject.org/updates/FEDORA-2013-10121/subversion-1.7.10-1.fc17
27 https://admin.fedoraproject.org/updates/FEDORA-2013-10940/tomcat6-6.0.37-1.fc17
20 https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17
8 https://admin.fedoraproject.org/updates/FEDORA-2013-12441/gallery3-3.0.9-1.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-12400/ansible-1.2.2-1.fc17
3 https://admin.fedoraproject.org/updates/FEDORA-2013-12745/seamonkey-2.19-1.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-12967/openjpa-2.2.0-3.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-12354/php-5.4.17-2.fc17
The following Fedora 17 Critical Path updates have yet to be approved:
Age URL
325 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17
133 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17
11 https://admin.fedoraproject.org/updates/FEDORA-2013-12153/xulrunner-22.0-4.fc17
9 https://admin.fedoraproject.org/updates/FEDORA-2013-12371/nspr-4.10.0-3.fc17
The following builds have been pushed to Fedora 17 updates-testing
gogui-1.4.8-1.fc17
openjpa-2.2.0-3.fc17
php-5.4.17-2.fc17
pidgin-sipe-1.16.1-1.fc17
Details about builds:
================================================================================
gogui-1.4.8-1.fc17 (FEDORA-2013-12968)
Graphical user interface to programs that play the board game Go
--------------------------------------------------------------------------------
Update Information:
Merge 1.4.8 changes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2013 Christophe Burgun <jouty at fedoraproject.org> 1.4.8-1
- Update gogui version
--------------------------------------------------------------------------------
================================================================================
openjpa-2.2.0-3.fc17 (FEDORA-2013-12967)
Java Persistence 2.0 API
--------------------------------------------------------------------------------
Update Information:
fix for CVE-2013-1768 rhbz#984034,984040.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 gil cattaneo <puntogil at libero.it> 2.2.0-3
- fix for CVE-2013-1768 rhbz#984034,984040
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #984034 - CVE-2013-1768 openjpa: Remote arbitrary code execution by creating a serialized object and leveraging improperly secured server programs
https://bugzilla.redhat.com/show_bug.cgi?id=984034
--------------------------------------------------------------------------------
================================================================================
php-5.4.17-2.fc17 (FEDORA-2013-12354)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
04 Jul 2013, PHP 5.4.17
Core:
- Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence)
- Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence)
- Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence)
- Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas, Jonathan Oddy)
- Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol)
- Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). (Michael M Slusarz)
DateTime:
- Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol)
FPM:
- Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi)
- Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan)
PDO:
- Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). (Laruence)
PDO_DBlib:
- Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). (Stanley Sufficool)
- Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley Sufficool)
- Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes). (Stanley Sufficool)
PDO_firebird:
- Fixed bug #64037 (Firebird return wrong value for numeric field). (Matheus Degiovani, Matteo)
- Fixed bug #62024 (Cannot insert second row with null using parametrized query). (patch by james at kenjim.com, Matheus Degiovani, Matteo)
PDO_mysql:
- Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR). (Antony, Daniel Beardsley)
PDO_pgsql:
- Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi)
pgsql:
- Fixed bug #64609 (pg_convert enum type support). (Matteo)
Readline:
- Implement FR #55694 (Expose additional readline variable to prevent default filename completion). (Hartmel)
SPL:
- Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems). (Laruence)
Backported from 5.4.18
CGI:
- Fixed Bug #65143 (Missing php-cgi man page). (Remi)
Phar:
- Fixed Bug #65142 (Missing phar man page). (Remi)
XML:
- Fixed bug #65236 (heap corruption in xml parser). CVE-2013-4113
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 Remi Collet <rcollet at redhat.com> - 5.4.17-2
- add security fix for CVE-2013-4113
- add missing ASL 1.0 license
* Wed Jul 3 2013 Remi Collet <rcollet at redhat.com> 5.4.17-1
- update to 5.4.17
- add missing man pages (phar, php-cgi)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML
https://bugzilla.redhat.com/show_bug.cgi?id=983689
--------------------------------------------------------------------------------
================================================================================
pidgin-sipe-1.16.1-1.fc17 (FEDORA-2013-12955)
Pidgin protocol plugin to connect to MS Office Communicator
--------------------------------------------------------------------------------
Update Information:
New upstream release:
* fixes call failure when host has multiple IP addresses
* fixes buddy list handling after moving to Lync 2013
* fixes crashes in new HTTP stack
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Stefan Becker <chemobejk at gmail.com> - 1.16.1-1
- update to 1.16.1: bug fix release
- fixes call failure when host has multiple IP addresses
- fixes buddy list handling after moving to Lync 2013
- fixes crashes in new HTTP stack
--------------------------------------------------------------------------------
More information about the test
mailing list