Fedora 17 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Jul 18 06:16:02 UTC 2013
The following Fedora 17 Security updates need testing:
Age URL
377 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17
189 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17
117 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17
112 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17
109 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17
42 https://admin.fedoraproject.org/updates/FEDORA-2013-10121/subversion-1.7.10-1.fc17
32 https://admin.fedoraproject.org/updates/FEDORA-2013-10940/tomcat6-6.0.37-1.fc17
24 https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-12745/seamonkey-2.19-1.fc17
4 https://admin.fedoraproject.org/updates/FEDORA-2013-12354/php-5.4.17-2.fc17
4 https://admin.fedoraproject.org/updates/FEDORA-2013-12967/openjpa-2.2.0-3.fc17
2 https://admin.fedoraproject.org/updates/FEDORA-2013-13018/libzrtpcpp-2.3.4-1.fc17,ortp-0.20.0-5.fc17,twinkle-1.4.2-19.fc17.1
0 https://admin.fedoraproject.org/updates/FEDORA-2013-13180/icu-4.8.1.1-6.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-13202/fdupes-1.51-1.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-13213/python-pip-1.3.1-4.fc17
The following Fedora 17 Critical Path updates have yet to be approved:
Age URL
137 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-13129/livecd-tools-17.18-1.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-13082/selinux-policy-3.10.0-171.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-13149/qtwebkit-2.3.2-1.fc17
The following builds have been pushed to Fedora 17 updates-testing
fdupes-1.51-1.fc17
icu-4.8.1.1-6.fc17
java-dirq-1.4-1.fc17
libstoragemgmt-0.0.21-1.fc17
python-pip-1.3.1-4.fc17
qtwebkit-2.3.2-1.fc17
Details about builds:
================================================================================
fdupes-1.51-1.fc17 (FEDORA-2013-13202)
Finds duplicate files in a given set of directories
--------------------------------------------------------------------------------
Update Information:
Upstream
* Added support for 64-bit file offsets on 32-bit systems.
* Using tty for interactive input instead of regular stdin. This is to allow feeding filenames via stdin in future versions of fdupes without breaking interactive deletion feature.
* Fixed some typos in --help.
* Turned C++ style comments into C style comments.
* Update to latest upstream release.
Package
* Added patch to fix security bugs BZ#865591 & 865592.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 16 2013 Richard Shaw <hobbes1069 at gmail.com> - 1.51-1
- Update to latest upstream release.
- Fixes security bugs BZ#865591 & 865592.
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.50-0.7.PR2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.50-0.6.PR2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #865591 - fdupes: possible file linking of files with different owner/group/permissions
https://bugzilla.redhat.com/show_bug.cgi?id=865591
--------------------------------------------------------------------------------
================================================================================
icu-4.8.1.1-6.fc17 (FEDORA-2013-13180)
International Components for Unicode
--------------------------------------------------------------------------------
Update Information:
Resolves various flaws in Layout Engine font processing.
Supports aarch64 as 64-bit platform in icu-config.sh wrapper.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 17 2013 Eike Rathke <erack at redhat.com> - 4.8.1.1-6
- Resolves: rhbz#966141 various flaws in Layout Engine font processing
- Resolves: rhbz#966077 aarch64 support for icu-config.sh wrapper
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031)
https://bugzilla.redhat.com/show_bug.cgi?id=952656
[ 2 ] Bug #952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)
https://bugzilla.redhat.com/show_bug.cgi?id=952708
[ 3 ] Bug #952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)
https://bugzilla.redhat.com/show_bug.cgi?id=952709
[ 4 ] Bug #952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)
https://bugzilla.redhat.com/show_bug.cgi?id=952711
--------------------------------------------------------------------------------
================================================================================
java-dirq-1.4-1.fc17 (FEDORA-2013-13219)
Directory based queue
--------------------------------------------------------------------------------
Update Information:
Update to upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 16 2013 Massimo Paladin <massimo.paladin at gmail.com> - 1.4-1
- Updating to latest version.
--------------------------------------------------------------------------------
================================================================================
libstoragemgmt-0.0.21-1.fc17 (FEDORA-2013-13153)
Storage array management library
--------------------------------------------------------------------------------
Update Information:
New upstream release.
New upstream release.
Upstream update.
Upstream update.
New upstream release.
Upstream update.
Upstream update.
New upstream release.
Upstream update.
Upstream update.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 16 2013 Tony Asleson <tasleson at redhat.com> 0.0.21-1
- New upstream release
- Put plug-ins in separate sub packages
- Don't include IBM plug-in on RHEL > 6, missing paramiko
* Tue May 28 2013 Tony Asleson <tasleson at redhat.com> - 0.0.20-1
- New upstream release
- Separate package for python libraries
- Make timestamps match on version.py in library
- Add python-paramiko requirement for IBM plug-in
* Mon Apr 22 2013 Tony Asleson <tasleson at redhat.com> - 0.0.19-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
python-pip-1.3.1-4.fc17 (FEDORA-2013-13213)
A tool for installing and managing Python packages
--------------------------------------------------------------------------------
Update Information:
Fix potential DOS with specially crafted malicious SSL certs.
Backing out rename of pip binary to fix #958377 and updating package summary to match upstream's description.
Backing out rename of pip binary to fix #958377 and updating package summary to match upstream's description.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 16 2013 Toshio Kuratomi <toshio at fedoraproject.org> - 1.3.1-4
- Fix for CVE 2013-2099
* Thu May 23 2013 Tim Flink <tflink at fedoraproject.org> - 1.3.1-3
- undo python2 executable rename to python-pip. fixes #958377
- fix summary to match upstream
* Mon May 6 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> - 1.3.1-2
- Fix main package Summary, it's for Python 2, not 3 (#877401)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #963260 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
https://bugzilla.redhat.com/show_bug.cgi?id=963260
--------------------------------------------------------------------------------
================================================================================
qtwebkit-2.3.2-1.fc17 (FEDORA-2013-13149)
Qt WebKit bindings
--------------------------------------------------------------------------------
Update Information:
New upstream bugfix release, see also http://blogs.kde.org/2013/07/17/qtwebkit-232-and-qtwebkit-qt-51
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2013 Rex Dieter <rdieter at fedoraproject.org> 2.3.2-1
- qtwebkit-2.3.2
--------------------------------------------------------------------------------
More information about the test
mailing list