The following Fedora 18 Security updates need testing:
Age URL
16
https://admin.fedoraproject.org/updates/FEDORA-2012-14279/phpldapadmin-1.2.2-3.gitbbedf1.fc18
22
https://admin.fedoraproject.org/updates/FEDORA-2012-13871/libxslt-1.1.27-1.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2012-15293/cxf-2.4.9-2.fc18
10
https://admin.fedoraproject.org/updates/FEDORA-2012-14664/openjpeg-1.5.0-5.fc18
1
https://admin.fedoraproject.org/updates/FEDORA-2012-15342/freeradius-2.2.0-0.fc18
0
https://admin.fedoraproject.org/updates/FEDORA-2012-15376/ruby-1.9.3.194-18.fc18
0
https://admin.fedoraproject.org/updates/FEDORA-2012-15439/perl-HTML-Template-Pro-0.9509-1.fc18
The following builds have been pushed to Fedora 18 updates-testing
atanks-5.6-1.fc18
batik-1.8-0.5.svn1230816.fc18
cnucnu-0-0.11.20121004git618ed580.fc18
epiphany-3.6.0-2.fc18
geary-0.2.0-1.fc18
gprolog-1.4.1-1.fc18
grfcodec-6.0.1-1.fc18
httpcomponents-core-4.2.2-1.fc18
ikiwiki-3.20120725-1.fc18
inkscape-0.48.2-13.fc18
libtiff-4.0.3-1.fc18
maliit-framework-0.92.5-2.fc18
mate-panel-1.4.0-6.fc18
mate-session-manager-1.4.0-4.fc18
network-manager-applet-0.9.7.0-3.git20121004.fc18
ntfs-3g-2012.1.15-4.fc18
openttd-opengfx-0.4.5-1.fc18
perl-HTML-Template-Pro-0.9509-1.fc18
selinux-policy-3.11.1-32.fc18
sugar-0.97.5-2.fc18
sugar-pippy-50-1.fc18
tmw-music-0.3-5.fc18
usbmuxd-1.0.8-5.fc18
validns-0.6-1.fc18
vim-7.3.682-1.fc18
w_scan-20120605-1.fc18
waf-1.7.5-1.fc18
Details about builds:
================================================================================
atanks-5.6-1.fc18 (FEDORA-2012-15463)
Remake of a classic DOS game "Scorched Earth"
--------------------------------------------------------------------------------
Update Information:
New upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Jonathan Ciesla <[email protected]> - 5.6-1
- Minor upstream bugfix.
--------------------------------------------------------------------------------
================================================================================
batik-1.8-0.5.svn1230816.fc18 (FEDORA-2012-15441)
Scalable Vector Graphics for Java
--------------------------------------------------------------------------------
Update Information:
This update fixes a classpath-related bug that caused batik-rasterizer to fail
to run, rending it completely unusable.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2012 Mikolaj Izdebski <[email protected]> - 1.8-0.5.svn1230816
- Fix rasterizer classpath
- Resolves: rhbz#577486
* Fri Aug 24 2012 Mikolaj Izdebski <[email protected]> - 1.8-0.4.svn1230816
- Fix license tag
- Install LICENSE and NOTICE with javadoc package
- Remove RPM bug workaround
- Update to current packaging guidelines
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #577486 - broken batik-rasterizer jar files
https://bugzilla.redhat.com/show_bug.cgi?id=577486
--------------------------------------------------------------------------------
================================================================================
cnucnu-0-0.11.20121004git618ed580.fc18 (FEDORA-2012-15447)
Upstream release monitoring with bug reporting
--------------------------------------------------------------------------------
Update Information:
Update to a new snaphot to avoid too much diversion between the client and
server side code. This update changes the command line. *cnucnu shell* needs to
be used now instead of *cnucnu --shell* to get the cnucnu shell.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Till Maas <[email protected]> - 0-0.11.20121004git618ed580
- Update with new snapshot
--------------------------------------------------------------------------------
================================================================================
epiphany-3.6.0-2.fc18 (FEDORA-2012-15459)
Web browser for GNOME
--------------------------------------------------------------------------------
Update Information:
This update fixes a problem with the versioned directory in which extensions
get installed.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Matthias Clasen <[email protected]> - 1:3.6.0-2
- Fix spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #861770 - Fix major_version in epiphany spec file
https://bugzilla.redhat.com/show_bug.cgi?id=861770
--------------------------------------------------------------------------------
================================================================================
geary-0.2.0-1.fc18 (FEDORA-2012-15462)
A lightweight email program designed around conversations
--------------------------------------------------------------------------------
Update Information:
Update to the final release version.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Thomas Moschny <[email protected]> - 0.2.0-1
- Update to 0.2.0.
--------------------------------------------------------------------------------
================================================================================
gprolog-1.4.1-1.fc18 (FEDORA-2012-15455)
GNU Prolog is a free Prolog compiler
--------------------------------------------------------------------------------
Update Information:
Bugfix release from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Jochen Schmitt <Jochen herr-schmitt de> - 1.4.1-1
- New upstream release
- Clean up SPEC file
--------------------------------------------------------------------------------
================================================================================
grfcodec-6.0.1-1.fc18 (FEDORA-2012-15444)
A suite of programs to modify Transport Tycoon Deluxe's GRF files
--------------------------------------------------------------------------------
Update Information:
Update OpenTTD's OpenGFX stack
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 2 2012 Felix Kaechele <[email protected]> - 6.0.1-1
- update to 6.0.1
- switch to xz tarball
--------------------------------------------------------------------------------
================================================================================
httpcomponents-core-4.2.2-1.fc18 (FEDORA-2012-15446)
Set of low level Java HTTP transport components for HTTP services
--------------------------------------------------------------------------------
Update Information:
This update fixes a number of bugs and regressions found since 4.2.1, including
a major bug in the NIO module causing incorrect handling of outgoing
Content-Length delimited messages larger than 2GB.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2012 Mikolaj Izdebski <[email protected]> - 4.2.2-1
- Update to upstream version 4.2.2
--------------------------------------------------------------------------------
================================================================================
ikiwiki-3.20120725-1.fc18 (FEDORA-2012-15461)
A wiki compiler
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable version, 3.20120725. From the upstream changelog:
* recentchangesdiff: When diffurl is not set, provide inline diffs in the
recentchanges page, with visibility toggleable via javascript. Thanks, Antoine
Beaupré
* Split CFLAGS into words when building wrapper. Closes: #682237
* osm: Avoid calling urlto before generated files are registered. Thanks,
Philippe Gauthier and Antoine Beaupré
* osm: Add osm_openlayers_url configuration setting. Thanks, Genevieve
* osm: osm_layers can be used to configured the layers displayed on the map.
Thanks, Antoine Beaupré
* comments: Remove ipv6 address specific code.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 29 2012 Thomas Moschny <[email protected]> - 3.20120725-1
- Update to 3.20120725.
- Add missing BR.
--------------------------------------------------------------------------------
================================================================================
inkscape-0.48.2-13.fc18 (FEDORA-2012-15450)
Vector-based drawing program using SVG
--------------------------------------------------------------------------------
Update Information:
Add uniconvertor dep.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Jon Ciesla <[email protected]> - 0.48.2-13
- Added dep on uniconvertor, BZ 796424.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #796424 - Inkscape dependency uniconvertor not in inkscape rpm
https://bugzilla.redhat.com/show_bug.cgi?id=796424
--------------------------------------------------------------------------------
================================================================================
libtiff-4.0.3-1.fc18 (FEDORA-2012-15448)
Library of functions for manipulating TIFF format image files
--------------------------------------------------------------------------------
Update Information:
Update to 4.0.3 for assorted minor bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Tom Lane <[email protected]> 4.0.3-1
- Update to libtiff 4.0.3
--------------------------------------------------------------------------------
================================================================================
maliit-framework-0.92.5-2.fc18 (FEDORA-2012-15458)
Input method framework
--------------------------------------------------------------------------------
Update Information:
Fix gtk2 module
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Peter Robinson <[email protected]> - 0.92.5-2
- Fix the updating of the gtk2 IM module cache
--------------------------------------------------------------------------------
================================================================================
mate-panel-1.4.0-6.fc18 (FEDORA-2012-15454)
MATE Desktop panel applets
--------------------------------------------------------------------------------
Update Information:
mate desktop panel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #860518 - Review Request: mate-panel - MATE Desktop panel applets
https://bugzilla.redhat.com/show_bug.cgi?id=860518
--------------------------------------------------------------------------------
================================================================================
mate-session-manager-1.4.0-4.fc18 (FEDORA-2012-15453)
MATE Desktop session manager
--------------------------------------------------------------------------------
Update Information:
mate desktop session manager
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #860521 - Review Request: mate-session-manager - MATE Desktop
session manager
https://bugzilla.redhat.com/show_bug.cgi?id=860521
--------------------------------------------------------------------------------
================================================================================
network-manager-applet-0.9.7.0-3.git20121004.fc18 (FEDORA-2012-15445)
A network control and status applet for NetworkManager
--------------------------------------------------------------------------------
Update Information:
Misc bugfixes, plus VLAN editing and a few other improvements
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Dan Winship <[email protected]> - 0.9.7.0-3.git20121004
- Update to git snapshot
--------------------------------------------------------------------------------
================================================================================
ntfs-3g-2012.1.15-4.fc18 (FEDORA-2012-15452)
Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:
Apply patches to ensure that if Windows 8 leaves an NTFS partition in an unsafe
state, Linux will refuse to mount it (if it did, it would lead to data loss).
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Tom Callaway <[email protected]> - 2:2012.1.15-4
- add patches from upstream git to add a level of safety in the case where
windows 8
leaves the NTFS filesystem in an unsafe state and Linux access could result
in data loss.
Basically, with these patches, Linux will refuse to mount the ntfs partition.
For the details
refer to: https://bugzilla.redhat.com/show_bug.cgi?id=859373
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #859373 - Danger in dual booting Windows 8 and Linux
https://bugzilla.redhat.com/show_bug.cgi?id=859373
--------------------------------------------------------------------------------
================================================================================
openttd-opengfx-0.4.5-1.fc18 (FEDORA-2012-15444)
OpenGFX replacement graphics for OpenTTD
--------------------------------------------------------------------------------
Update Information:
Update OpenTTD's OpenGFX stack
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 2 2012 Felix Kaechele <[email protected]> - 0.4.5-1
- update to 0.4.5
--------------------------------------------------------------------------------
================================================================================
perl-HTML-Template-Pro-0.9509-1.fc18 (FEDORA-2012-15439)
Perl/XS module to use HTML Templates from CGI scripts
--------------------------------------------------------------------------------
Update Information:
This version of HTML::Template::Pro fixes a cross-site scripting (XSS)
vulnerability in the module.
http://www.openwall.com/lists/oss-security/2011/12/19/1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Emmanuel Seyman <[email protected]> - 0.9509-1
- Update to 0.9509 (CVE-2011-4616, #773453)
- Add default perl filter
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #768822 - CVE-2011-4616 perl-HTML-Template-Pro: XSS issue
https://bugzilla.redhat.com/show_bug.cgi?id=768822
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.11.1-32.fc18 (FEDORA-2012-15440)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
Needed to fix systemd problems.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 4 2012 Miroslav Grepl <[email protected]> 3.11.1-32
- Add missing permissive domains
* Sun Nov 4 2012 Miroslav Grepl <[email protected]> 3.11.1-31
- Add new mandb policy
- ALlow systemd-tmpfiles_t to relabel mandb_cache_t
- Allow logrotate to start all unit files
* Sun Nov 4 2012 Miroslav Grepl <[email protected]> 3.11.1-30
- Add fixes for ctbd
- Allow nmbd to stream connect to ctbd
- Make cglear_t as nsswitch_domain
- Fix bogus in interfaces
- Allow openshift to read/write postfix public pipe
- Add postfix_manage_spool_maildrop_files() interface
- stickshift paths have been renamed to openshift
- gnome-settings-daemon wants to write to /run/systemd/inhibit/ pipes
- Update man pages, adding ENTRYPOINTS
* Fri Nov 2 2012 Miroslav Grepl <[email protected]> 3.11.1-29
- Add mei_device_t
- Make sure gpg content in homedir created with correct label
- Allow dmesg to write to abrt cache files
- automount wants to search virtual memory sysctls
- Add support for hplip logs stored in /var/log/hp/tmp
- Add labeling for /etc/owncloud/config.php
- Allow setroubleshoot to send analysys to syslogd-journal
- Allow virsh_t to interact with new fenced daemon
- Allow gpg to write to /etc/mail/spamassassiin directories
- Make dovecot_deliver_t a mail server delivery type
- Add label for /var/tmp/DNS25
* Thu Sep 27 2012 Miroslav Grepl <[email protected]> 3.11.1-28
- Fixes for tomcat_domain template interface
* Thu Sep 27 2012 Miroslav Grepl <[email protected]> 3.11.1-27
- Remove init_systemd and init_upstart boolean, Move init_daemon_domain and
init_system_domain to use attributes
- Add attribute to all base os types. Allow all domains to read all ro base OS
types
* Wed Sep 26 2012 Miroslav Grepl <[email protected]> 3.11.1-26
- Additional unit files to be defined as power unit files
- Fix more boolean names
--------------------------------------------------------------------------------
================================================================================
sugar-0.97.5-2.fc18 (FEDORA-2012-15449)
Constructionist learning platform
--------------------------------------------------------------------------------
Update Information:
* Split out Control Panels to sub packages
* Update gnome-keyring patch. RHBZ 862581
* Add patch to update build dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Peter Robinson <[email protected]> - 0.97.5-2
- Split out Control Panels to sub packages
- Update gnome-keyring patch. RHBZ 862581
- Add patch to update build dependencies
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #862581 - sugar-desktop install to gnome asks for password for
jabber (f18-TC1-i386 netinstall)
https://bugzilla.redhat.com/show_bug.cgi?id=862581
--------------------------------------------------------------------------------
================================================================================
sugar-pippy-50-1.fc18 (FEDORA-2012-15451)
Pippy for Sugar
--------------------------------------------------------------------------------
Update Information:
New upstream gtk3 release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Peter Robinson <[email protected]> - 50-1
- Release 50
--------------------------------------------------------------------------------
================================================================================
tmw-music-0.3-5.fc18 (FEDORA-2012-15460)
Music files for The Mana World
--------------------------------------------------------------------------------
Update Information:
This package contains the optional music files for The Mana World (TMW).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #860703 - Rename Request: tmw-music - Music files for The Mana World
https://bugzilla.redhat.com/show_bug.cgi?id=860703
--------------------------------------------------------------------------------
================================================================================
usbmuxd-1.0.8-5.fc18 (FEDORA-2012-15443)
Daemon for communicating with Apple's iOS devices
--------------------------------------------------------------------------------
Update Information:
* Make use of the new systemd macros
* Minor updates to spec
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Peter Robinson <[email protected]> - 1.0.8-5
- Make use of the new systemd macros
- Minor updates to spec
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #857414 - Introduce new systemd-rpm macros in usbmuxd spec file
https://bugzilla.redhat.com/show_bug.cgi?id=857414
--------------------------------------------------------------------------------
================================================================================
validns-0.6-1.fc18 (FEDORA-2012-15442)
DNS and DNSSEC zone file validator
--------------------------------------------------------------------------------
Update Information:
Fixed DNSSEC support, TYPEXX support
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Paul Wouters <[email protected]> - 0.6-0
- Updated to 0.6, which incorporates all patches
* Thu Oct 4 2012 Paul Wouters <[email protected]> - 0.5-4
- Pullup from git for NSEC3 glue record handling fix
--------------------------------------------------------------------------------
================================================================================
vim-7.3.682-1.fc18 (FEDORA-2012-15457)
The VIM editor
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream version.
Ruby and Python libraries are now being loaded dynamically if they are
available. This removes the dependency on ruby and python during the
installation.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2012 Karsten Hopp <[email protected]> 7.3.682-1
- patchlevel 682
- use --enable-rubyinterp=dynamic and --enable-pythoninterp=dynamic
* Tue Aug 28 2012 Karsten Hopp <[email protected]> 7.3.638-2
- fix some man page typos (#668894, #675480)
- own usr/share/vim/vimfiles/doc/tags (#845564)
- add path to csope database (#844843)
* Tue Aug 28 2012 Karsten Hopp <[email protected]> 7.3.638-1
- patchlevel 638
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #859594 - vim in F18 is older than in F17
https://bugzilla.redhat.com/show_bug.cgi?id=859594
--------------------------------------------------------------------------------
================================================================================
w_scan-20120605-1.fc18 (FEDORA-2012-15456)
Tool for scanning DVB transponders
--------------------------------------------------------------------------------
Update Information:
Update to latest version with many bugfixes and enhancements
See http://wirbel.htpc-forum.de/w_scan/index2.html (German)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2012 Felix Kaechele <[email protected]> - 20120605-1
- bugfixes
- Israel DVB-T support
- updated all sattelite info
- added support for 67 more sattelites
--------------------------------------------------------------------------------
================================================================================
waf-1.7.5-1.fc18 (FEDORA-2012-14837)
A Python-based build system
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version 1.7.5. From the upstream changelog:
* Fixed the LD_LIBRARY_PATH race condition in waf_unit_test #1200
* Library detection fixes in boost.py #1199
* Various waf_unit_test enhancements #1194
* Use the same function signature main(int, char**) in all configuration tests
#1192
* Fixed the Clang version number detection #1191
* Let the feature 'includes' propagate INCLUDES and FRAMEWORKPATH variables
* Fix for incorrect installation paths #1202
* New Cabal script (haskell)
* Fixed the kde4 library detection on Fedora
* New tool for protocol buffers (protoc.py) #1184
* Fixed a syntax error affecting Python < 2.6
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 2 2012 Thomas Moschny <[email protected]> - 1.7.5-1
- Update to 1.7.5.
* Wed Sep 26 2012 Thomas Moschny <[email protected]> - 1.7.4-1
- Update to 1.7.4.
--------------------------------------------------------------------------------
--
test mailing list
[email protected]
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
