Fedora 18 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sun May 5 02:32:18 UTC 2013
The following Fedora 18 Security updates need testing:
Age URL
116 https://admin.fedoraproject.org/updates/FEDORA-2013-0416/fedora-business-cards-1-0.1.beta1.fc18
85 https://admin.fedoraproject.org/updates/FEDORA-2013-2131/rubygem-rdoc-3.12-6.fc18
81 https://admin.fedoraproject.org/updates/FEDORA-2013-2306/rubygem-rack-1.4.0-5.fc18
50 https://admin.fedoraproject.org/updates/FEDORA-2013-3935/puppet-3.1.1-1.fc18
43 https://admin.fedoraproject.org/updates/FEDORA-2013-4243/stunnel-4.55-1.fc18
35 https://admin.fedoraproject.org/updates/FEDORA-2013-4589/tomcat6-6.0.36-2.fc18
30 https://admin.fedoraproject.org/updates/FEDORA-2013-4823/microcode_ctl-2.0-3.fc18
23 https://admin.fedoraproject.org/updates/FEDORA-2013-5472/php-geshi-1.0.8.11-3.fc18
22 https://admin.fedoraproject.org/updates/FEDORA-2013-5548/plexus-archiver-2.3-1.fc18
15 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18
11 https://admin.fedoraproject.org/updates/FEDORA-2013-6417/owncloud-4.5.10-1.fc18
8 https://admin.fedoraproject.org/updates/FEDORA-2013-6721/openstack-keystone-2012.2.4-2.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-6977/phpMyAdmin-3.5.8.1-1.fc18
3 https://admin.fedoraproject.org/updates/FEDORA-2013-7135/xmp-3.5.0-3.fc18
3 https://admin.fedoraproject.org/updates/FEDORA-2013-7120/tinc-1.0.21-1.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-7289/php-sabredav-Sabre_DAV-1.6.5-5.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-7309/gpsd-3.9-1.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-7369/libtiff-4.0.3-6.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-7426/xen-4.2.2-3.fc18
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
202 https://admin.fedoraproject.org/updates/FEDORA-2012-16107/xorg-x11-drv-qxl-0.1.0-1.fc18
200 https://admin.fedoraproject.org/updates/FEDORA-2012-16207/thunderbird-lightning-1.8-1.fc18,thunderbird-16.0.1-2.fc18
84 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18
60 https://admin.fedoraproject.org/updates/FEDORA-2013-3458/iproute-3.6.0-7.fc18,iptables-1.4.18-1.fc18
13 https://admin.fedoraproject.org/updates/FEDORA-2013-6207/sendmail-8.14.7-1.fc18
12 https://admin.fedoraproject.org/updates/FEDORA-2013-6297/gcr-3.6.2-4.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-7288/dosfstools-3.0.16-3.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-7235/colord-0.1.34-1.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-7211/libwacom-0.7.1-2.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-6209/ibus-1.5.2-3.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-7357/abrt-2.1.4-1.fc18,libreport-2.1.4-1.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-7374/qt-4.8.4-17.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-7369/libtiff-4.0.3-6.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-7131/perl-5.16.3-244.fc18,perl-Digest-1.17-244.fc18,perl-threads-1.86-243.fc18,perl-Version-Requirements-0.101022-243.fc18,perl-Test-Simple-0.98-243.fc18,perl-Carp-1.26-243.fc18,perl-ExtUtils-Manifest-1.61-243.fc18,perl-parent-0.225-243.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-7436/audit-2.3-2.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-7428/libgphoto2-2.5.1.1-4.fc18
The following builds have been pushed to Fedora 18 updates-testing
PyQt4-4.10.1-4.fc18
R-wavethresh-4.6.4-1.fc18
audit-2.3-2.fc18
cura-13.04-1.fc18
cxxtools-2.2-1.fc18
icedtea-web-1.4-0.fc18
libgphoto2-2.5.1.1-4.fc18
mingw-angleproject-0-0.4.svn1561.20121214.fc18
mingw-crt-2.0.999-0.17.trunk.20121110.fc18
mingw-qt5-qtbase-5.0.2-1.fc18
mingw-qt5-qtjsbackend-5.0.2-1.fc18
mingw-qt5-qtscript-5.0.2-1.fc18
mingw-qt5-qttools-5.0.2-1.fc18
nodejs-get-1.2.1-2.fc18
pdns-recursor-3.5.1-1.fc18
pgbouncer-1.5.4-1.fc18
sip-4.14.6-1.fc18
xen-4.2.2-3.fc18
Details about builds:
================================================================================
PyQt4-4.10.1-4.fc18 (FEDORA-2013-6830)
Python bindings for Qt4
--------------------------------------------------------------------------------
Update Information:
New sip/PyQt4 releases, see also:
http://www.riverbankcomputing.com/news/sip-4146
http://www.riverbankcomputing.com/news/pyqt-4101
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2013 Rex Dieter <rdieter at fedoraproject.org> 4.10.1-4
- fix dbus/mainloop hacks (#957867)
* Thu May 2 2013 Rex Dieter <rdieter at fedoraproject.org> 4.10.1-3
- ImportError: cannot import name uic (#958736)
* Fri Apr 26 2013 Rex Dieter <rdieter at fedoraproject.org> 4.10.1-2
- filter private shared objects
- %{python_sitelib}/dbus/mainloop/qt.so should be in %python_sitearch (#957260)
- .spec cleanup
- -assistant subpkg
* Mon Apr 22 2013 Rex Dieter <rdieter at fedoraproject.org> 4.10.1-1
- 4.10.1
* Tue Apr 2 2013 Than Ngo <than at redhat.com> - 4.10-3
- adapt rhel patch
* Fri Mar 22 2013 Rex Dieter <rdieter at fedoraproject.org> 4.10-2
- introduce qscintilla, webkit feature macros
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #923233 - [abrt] ninja-ide-2.1.1-4.fc18: highlighter.py:326:realtime_highlight:AttributeError: 'QTextBlockUserData' object has no attribute 'clear_data'
https://bugzilla.redhat.com/show_bug.cgi?id=923233
[ 2 ] Bug #957260 - PyQt4: %{python_sitelib}/dbus/mainloop/qt.so should be in %python_sitearch
https://bugzilla.redhat.com/show_bug.cgi?id=957260
--------------------------------------------------------------------------------
================================================================================
R-wavethresh-4.6.4-1.fc18 (FEDORA-2013-7434)
R module, Software to perform wavelet statistics and transforms
--------------------------------------------------------------------------------
Update Information:
Minor bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2013 José Matos <jamatos at fedoraproject.org> - 4.6.4-1
- update to 4.6.4
* Thu Apr 11 2013 Tom Callaway <spot at fedoraproject.org> - 4.6.2-1
- update to 4.6.2
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
audit-2.3-2.fc18 (FEDORA-2013-7436)
User space tools for 2.6 kernel auditing
--------------------------------------------------------------------------------
Update Information:
This release improves support for systemd, interpretations of audit events, and fixes man pages. This release also includes support for compiling a master set of rules from /etc/audit/rules.d. For more details, see the audit-2.3 release notes and augenrules man page.
This update fixes a lot of small bugs and updates the syscall tables for the 3.7 and 3.8 kernels. It adds more interpretations for arguments of security critical syscalls.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2013 Steve Grubb <sgrubb at redhat.com> 2.3-2
- If no rules exist, copy shipped rules into place
* Tue Apr 30 2013 Steve Grubb <sgrubb at redhat.com> 2.3-1
- New upstream bugfix release
--------------------------------------------------------------------------------
================================================================================
cura-13.04-1.fc18 (FEDORA-2013-7427)
3D printer control software
--------------------------------------------------------------------------------
Update Information:
Cure can slice now, alsu updated to the latest version
3D printer control software
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #901659 - Review Request: cura - 3D printer control software
https://bugzilla.redhat.com/show_bug.cgi?id=901659
--------------------------------------------------------------------------------
================================================================================
cxxtools-2.2-1.fc18 (FEDORA-2013-7435)
A collection of general-purpose C++ classes
--------------------------------------------------------------------------------
Update Information:
* Fri May 3 2013 Martin Gansser <martinkg at fedoraproject.org> - 2.2-1
- new release
- spec file cleanup
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2013 Martin Gansser <martinkg at fedoraproject.org> - 2.2-1
- new release
- spec file cleanup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #821220 - cxxtools - A collection of general-purpose C++ classes
https://bugzilla.redhat.com/show_bug.cgi?id=821220
--------------------------------------------------------------------------------
================================================================================
icedtea-web-1.4-0.fc18 (FEDORA-2013-7438)
Java browser plug-in and Web Start implementation
--------------------------------------------------------------------------------
Update Information:
* Numerous improvements and enhancements in core and system of classloaders
* Added cs localization
* Added de localization
* Added pl localization
* Splash screen for javaws and plugin
* Better error reporting for plugin via Error-splash-screen
* All IcedTea-Web dialogues are centered to middle of active screen
* Download indicator made compact for more then one jar
* User can select its own JVM via itw-settings and deploy.properties.
* Added extended applets security settings and dialogue
* Security updates
- CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
- CVE-2013-1927, RH884705: fixed gifar vulnerabilit
- CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
- CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
* NetX
- PR1027: DownloadService is not supported by IcedTea-Web
- PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run
- PR1292: Javaws does not resolve versioned jar names with periods correctly
* Plugin
- PR1106: Buffer overflow in plugin table-
- PR1166: Embedded JNLP File is not supported in applet tag
- PR1217: Add command line arguments for plugins
- PR1189: Icedtea-plugin requires code attribute when using jnlp_href
- PR1198: JSObject is not passed to javascript correctly
- PR1260: IcedTea-Web should not rely on GTK
- PR1157: Applets can hang browser after fatal exception
- PR580: http://www.horaoficial.cl/ loads improperly
* Common
- PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered
- PR955: regression: SweetHome3D fails to run
- PR1145: IcedTea-Web can cause ClassCircularityError
- PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
- PR822: Applets fail to load if jars have different signers
- PR1186: System.getProperty("deployment.user.security.trusted.cacerts") is null
- PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails
- PR1299: WebStart doesn't read socket proxy settings from firefox correctly
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 4 2013 Jiri Vanek <jvanek at redhat.com> 1.4-0
- Updated to 1.4
- See announcement for detail
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-May/023195.html
- added check
--------------------------------------------------------------------------------
================================================================================
libgphoto2-2.5.1.1-4.fc18 (FEDORA-2013-7428)
Library for accessing digital cameras
--------------------------------------------------------------------------------
Update Information:
- Fix crash when dealing with PTP devices without a memory card (rhbz#915688)
- Fix PTP devices not working in USB-3 ports (rhbz#819918)
- Cleanup spec-file
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 4 2013 Hans de Goede <hdegoede at redhat.com> - 2.5.1.1-4
- Fix crash when dealing with PTP devices without a memory card (rhbz#915688)
* Thu May 2 2013 Hans de Goede <hdegoede at redhat.com> - 2.5.1.1-3
- Fix PTP devices not working in USB-3 ports (rhbz#819918)
- Cleanup spec-file
* Tue Apr 23 2013 Tim Waugh <twaugh at redhat.com> 2.5.1.1-2
- Use _udevrulesdir macro.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #915688 - [abrt] gphoto2-2.5.0-2.fc18: dtoh32ap: Process /usr/bin/gphoto2 was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=915688
[ 2 ] Bug #819918 - Canon EOS DSLRs not working on USB 3 ports (ep 0x81, 0x2 - rounding interval to 32768 microframes, ep desc says 0 microframes)
https://bugzilla.redhat.com/show_bug.cgi?id=819918
--------------------------------------------------------------------------------
================================================================================
mingw-angleproject-0-0.4.svn1561.20121214.fc18 (FEDORA-2013-7425)
Almost Native Graphics Layer Engine
--------------------------------------------------------------------------------
Update Information:
Fix compatibility issue regarding vsprintf_s on Windows XP
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 4 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 0-0.4.svn1561.20121214
- Rebuild against latest mingw-crt (fixes Windows XP compatibility issue, RHBZ #917323)
- Added another workaround due to the fact that the gyp
build system doesn't properly support cross-compilation
Fixes FTBFS against latest gyp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows
https://bugzilla.redhat.com/show_bug.cgi?id=917323
--------------------------------------------------------------------------------
================================================================================
mingw-crt-2.0.999-0.17.trunk.20121110.fc18 (FEDORA-2013-7425)
MinGW Windows cross-compiler runtime
--------------------------------------------------------------------------------
Update Information:
Fix compatibility issue regarding vsprintf_s on Windows XP
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 4 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 2.0.999-0.17.trunk.20121110
- Added Windows XP compatibility wrapper for the vsprintf_s function (RHBZ #917323)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows
https://bugzilla.redhat.com/show_bug.cgi?id=917323
--------------------------------------------------------------------------------
================================================================================
mingw-qt5-qtbase-5.0.2-1.fc18 (FEDORA-2013-7431)
Qt5 for Windows - QtBase component
--------------------------------------------------------------------------------
Update Information:
Update to Qt 5.0.2 and disabled DirectWrite support (as it is unavailable on Windows XP)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 13 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.0.2-1
- Update to 5.0.2
- Remove DirectWrite support for now as the necessary API
isn't available on Windows XP (as mentioned in RHBZ #917323)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows
https://bugzilla.redhat.com/show_bug.cgi?id=917323
--------------------------------------------------------------------------------
================================================================================
mingw-qt5-qtjsbackend-5.0.2-1.fc18 (FEDORA-2013-7431)
Qt5 for Windows - QtJsBackend component
--------------------------------------------------------------------------------
Update Information:
Update to Qt 5.0.2 and disabled DirectWrite support (as it is unavailable on Windows XP)
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.0.2-1
- Update to 5.0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows
https://bugzilla.redhat.com/show_bug.cgi?id=917323
--------------------------------------------------------------------------------
================================================================================
mingw-qt5-qtscript-5.0.2-1.fc18 (FEDORA-2013-7431)
Qt5 for Windows - QtScript component
--------------------------------------------------------------------------------
Update Information:
Update to Qt 5.0.2 and disabled DirectWrite support (as it is unavailable on Windows XP)
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.0.2-1
- Update to 5.0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows
https://bugzilla.redhat.com/show_bug.cgi?id=917323
--------------------------------------------------------------------------------
================================================================================
mingw-qt5-qttools-5.0.2-1.fc18 (FEDORA-2013-7431)
Qt5 for Windows - QtTools component
--------------------------------------------------------------------------------
Update Information:
Update to Qt 5.0.2 and disabled DirectWrite support (as it is unavailable on Windows XP)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 30 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.0.2-1
- Update to 5.0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #917323 - Win32 apps built with mingw32-qt5-qtbase always crash at startup under wine and windows
https://bugzilla.redhat.com/show_bug.cgi?id=917323
--------------------------------------------------------------------------------
================================================================================
nodejs-get-1.2.1-2.fc18 (FEDORA-2013-7423)
A slightly higher-level HTTP client for node
--------------------------------------------------------------------------------
Update Information:
A slightly higher-level HTTP client for Node.js
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #957929 - Review Request: nodejs-get - A slightly higher-level HTTP client for node
https://bugzilla.redhat.com/show_bug.cgi?id=957929
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-3.5.1-1.fc18 (FEDORA-2013-7424)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
- Update to 3.5.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2013 Morten Stevens <mstevens at imt-systems.com> - 3.5.1-1
- Update to 3.5.1
--------------------------------------------------------------------------------
================================================================================
pgbouncer-1.5.4-1.fc18 (FEDORA-2013-7433)
Lightweight connection pooler for PostgreSQL
--------------------------------------------------------------------------------
Update Information:
- Update to 1.5.4, per changes described at:
http://pgfoundry.org/frs/shownotes.php?release_id=2000
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2013 Devrim GÜNDÜZ <devrim at gunduz.org> - 1.5.4-1
- Update to 1.5.4, per changes described at:
http://pgfoundry.org/frs/shownotes.php?release_id=2000
--------------------------------------------------------------------------------
================================================================================
sip-4.14.6-1.fc18 (FEDORA-2013-6830)
SIP - Python/C++ Bindings Generator
--------------------------------------------------------------------------------
Update Information:
New sip/PyQt4 releases, see also:
http://www.riverbankcomputing.com/news/sip-4146
http://www.riverbankcomputing.com/news/pyqt-4101
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 21 2013 Rex Dieter <rdieter at fedoraproject.org> 4.14.6-1
- sip-4.14.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #923233 - [abrt] ninja-ide-2.1.1-4.fc18: highlighter.py:326:realtime_highlight:AttributeError: 'QTextBlockUserData' object has no attribute 'clear_data'
https://bugzilla.redhat.com/show_bug.cgi?id=923233
[ 2 ] Bug #957260 - PyQt4: %{python_sitelib}/dbus/mainloop/qt.so should be in %python_sitearch
https://bugzilla.redhat.com/show_bug.cgi?id=957260
--------------------------------------------------------------------------------
================================================================================
xen-4.2.2-3.fc18 (FEDORA-2013-7426)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
PV guests can use non-preemptible long latency operations to mount a
denial of service attack on the whole system [XSA-45, CVE-2013-1918],
malicious guests can inject interrupts through bridge devices to mount a
denial of service attack on the whole system [XSA-49, CVE-2013-1952]
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 2 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.2-3
- PV guests can use non-preemptible long latency operations to
mount a denial of service attack on the whole system
[XSA-45, CVE-2013-1918] (#958918)
- malicious guests can inject interrupts through bridge devices to
mount a denial of service attack on the whole system
[XSA-49, CVE-2013-1952] (#958919)
* Fri Apr 26 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.2-2
- fix further man page issues to allow building on F19 and F20
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #956163 - CVE-2013-1918 kernel: xen: Several long latency operations are not preemptible
https://bugzilla.redhat.com/show_bug.cgi?id=956163
[ 2 ] Bug #956309 - CVE-2013-1952 kernel: xen: VT-d interrupt remapping source validation flaw for bridges
https://bugzilla.redhat.com/show_bug.cgi?id=956309
--------------------------------------------------------------------------------
More information about the test
mailing list