The following Fedora 16 Security updates need testing: Age URL 89 https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16 14 https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2012-15098/openstack-swift-1.4.8-3.fc16 61 https://admin.fedoraproject.org/updates/FEDORA-2012-11526/dokuwiki-0-0.11.20120125.b.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16 92 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 12 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 18 https://admin.fedoraproject.org/updates/FEDORA-2012-14126/dbus-1.4.10-4.fc16 10 https://admin.fedoraproject.org/updates/FEDORA-2012-14707/openjpeg-1.4-14.fc16 17 https://admin.fedoraproject.org/updates/FEDORA-2012-14322/pcp-3.6.8-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15482/perl-HTML-Template-Pro-0.9509-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15507/ruby-1.8.7.358-4.fc16
The following Fedora 16 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15485/mdadm-3.2.5-10.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2012-15325/kernel-3.4.12-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-15203/qt-4.8.2-7.fc16 5 https://admin.fedoraproject.org/updates/FEDORA-2012-15131/mysql-5.5.28-1.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2012-15090/nss-3.13.5-2.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-14958/libfm-1.0.1-1.fc16,pcmanfm-1.0.1-1.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-14959/dracut-018-60.git20120927.fc16 13 https://admin.fedoraproject.org/updates/FEDORA-2012-14626/qrencode-3.3.1-4.fc16 The following builds have been pushed to Fedora 16 updates-testing fence-agents-3.1.10-1.fc16 gofer-0.74-1.fc16 innotop-1.9.0-2.fc16 jetty-6.1.26-9.fc16 kde-plasma-networkmanagement-0.9.0.5-1.fc16 mdadm-3.2.5-10.fc16 oxygen-gtk2-1.3.1-1.fc16 oxygen-gtk3-1.1.1-1.fc16 perl-HTML-Template-Pro-0.9509-1.fc16 python-odict-1.5.0-4.fc16 ruby-1.8.7.358-4.fc16 Details about builds: ================================================================================ fence-agents-3.1.10-1.fc16 (FEDORA-2012-15486) Fence Agents for Red Hat Cluster -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Marek Grac <[email protected]> - 3.1.10-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ gofer-0.74-1.fc16 (FEDORA-2012-15494) A lightweight, extensible python agent -------------------------------------------------------------------------------- Update Information: Update to gofer 0.74. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Jeff Ortel <[email protected]> 0.74-1 - Make watchdog journal object configurable; watchdog singleton by URL only. ([email protected]) * Thu Sep 13 2012 Jeff Ortel <[email protected]> 0.73-1 - Progress reporting enhancements. ([email protected]) - Add for debugging w/o running as root. ([email protected]) * Mon Aug 20 2012 Jeff Ortel <[email protected]> 0.72-1 - Add unit tests: watchdog test. ([email protected]) - Add man page for goferd. ([email protected]) - Replace BlackList with python set. ([email protected]) - Add progress reporting; watchdog enhancements. ([email protected]) - remove f15 and add f18 to tito releaser. ([email protected]) * Tue Jul 31 2012 Jeff Ortel <[email protected]> 0.71-1 - Port ruby-gofer to rubygem-qpid. ([email protected]) - Make /usr/share/gofer/plugins the primary plugin location. Based on fedora packaging guidelines referencing FHS standards. ([email protected]) - Discontinue {_libdir} macro for plugins. ([email protected]) * Tue Jun 12 2012 Jeff Ortel <[email protected]> 0.70-1 - Refit mocks for reparent of Envelope & Options to (object). ([email protected]) * Fri Jun 8 2012 Jeff Ortel <[email protected]> 0.69-1 - 829767 - fix simplejons 2.2+ issue (fedora 17). Envelope/Options rebased on object rather than dict. ([email protected]) - Add whiteboard. ([email protected]) - Fixed 'Undefined variable (s) in XBindings.__bindings(). ([email protected]) * Thu Apr 26 2012 Jeff Ortel <[email protected]> 0.68-1 - Refit watchdog plugin; set journal location; skip directories in journal dir. ([email protected]) - Make the watchdog journal directory configurable. ([email protected]) - Add Broker.touch() and rename Topic.binding(). ([email protected]) - Better support for durable topic subscription. Queue bindings to specified exchanges. ([email protected]) * Fri Mar 16 2012 Jeff Ortel <[email protected]> 0.67-1 - Add (trace) attribute to propagated exceptions. ([email protected]) - Add traceback info to propagated exceptions as: Exception.trace. ([email protected]) - Add support for __getitem__ in container and stub. ([email protected]) - Refactor to crypto (delegate) interface. ([email protected]) - Support multiple security decorators. ([email protected]) - perf: asynchronous ack(); tcp_nodelay. ([email protected]) - Rename 'delayed/trigger' policy property to match option. ([email protected]) - Rename 'delayed' option to: 'trigger'. ([email protected]) - option 'delayed' implies asynchronous RMI. ([email protected]) - fix for tito compat. ([email protected]) - bridge: clean debug prints; make gateway a thread. ([email protected]) - Add tcp bridge (experimental). ([email protected]) - Add support for delayed trigger asynchronous RMI. ([email protected]) - Add fedora releaser. ([email protected]) - support setting producer uuid; HMAC enhancements. ([email protected]) - rel-eng: rename redhat releaser. ([email protected]) -------------------------------------------------------------------------------- ================================================================================ innotop-1.9.0-2.fc16 (FEDORA-2012-15497) A MySQL and InnoDB monitor program -------------------------------------------------------------------------------- Update Information: Update to version 1.9.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Eduardo Echeverria <[email protected]> 1.9.0-2 - Add BuildRequires * Fri Sep 21 2012 Luis Bazan <[email protected]> 1.9.0-1 - New Upstream version * Thu Jul 19 2012 Fedora Release Engineering <[email protected]> - 1.8.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jul 10 2012 Luis Bazan <[email protected]> - 1.8.1-4 - back to original state man3 and man1 * Tue Jul 10 2012 Luis Bazan <[email protected]> - 1.8.1-3 - remove man3 * Tue Jul 10 2012 Luis Bazan <[email protected]> - 1.8.1-2 - Change man3 and man1 * Mon Jul 9 2012 Luis Bazán <[email protected]> - 1.8.1-1 - New Upstream Version 1.8.1 * Sun Jun 17 2012 Petr Pisar <[email protected]> - 1.6.0-10 - Perl 5.16 rebuild * Fri Jan 13 2012 Fedora Release Engineering <[email protected]> - 1.6.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ jetty-6.1.26-9.fc16 (FEDORA-2012-15509) The Jetty Webserver and Servlet Container -------------------------------------------------------------------------------- Update Information: This update fixes a bug that caused jetty user and group to be removed and not recreated during package upgrade and allows default JETTY_PORT to be overridden in jetty.conf. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Mikolaj Izdebski <[email protected]> - 6.1.26-9 - Allow to override the default JETTY_PORT, resolves: rhbz#826551 - Don't delete jetty user on package erase, resolves: rhbz#857708 -------------------------------------------------------------------------------- References: [ 1 ] Bug #826551 - Allow to override the default JETTY_PORT jetty.conf https://bugzilla.redhat.com/show_bug.cgi?id=826551 [ 2 ] Bug #857708 - missing jetty user https://bugzilla.redhat.com/show_bug.cgi?id=857708 -------------------------------------------------------------------------------- ================================================================================ kde-plasma-networkmanagement-0.9.0.5-1.fc16 (FEDORA-2012-15489) NetworkManager KDE 4 integration -------------------------------------------------------------------------------- Update Information: New stable release 0.9.0.5, for details see http://lamarque-lvs.blogspot.cz/2012/09/plasma-nm-0905.html -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 1 2012 Rex Dieter <[email protected]> 0.9.0.5-1 - 0.9.0.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #832893 - Password dialog is missing password field https://bugzilla.redhat.com/show_bug.cgi?id=832893 -------------------------------------------------------------------------------- ================================================================================ mdadm-3.2.5-10.fc16 (FEDORA-2012-15485) The mdadm program controls Linux md devices (software RAID arrays) -------------------------------------------------------------------------------- Update Information: This is an update to the mdadm package. This update clarifies some issues around licenses in the source code files. There are no code changes compared to the prior release. All users of mdadm are encouraged to upgrade. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Jes Sorensen <[email protected]> - 3.2.5-10 - Fix mistake where Fedora 18 systemd macro changes were incorrectly pulled into the Fedora 16 and Fedora 17 updates of mdadm. * Wed Oct 3 2012 Jes Sorensen <[email protected]> - 3.2.5-9 - Resolve issue with ambiguous licenses - Resolves bz862761 * Mon Sep 10 2012 Jes Sorensen <[email protected]> - 3.2.5-8 - Switch to using new systemd macros for F18+ - Resolves bz850202 * Thu Aug 2 2012 Jes Sorensen <[email protected]> - 3.2.5-7 - Remove bogus rogue patch applied in 3.2.5-5 with justification and without following the structure of the mdadm package. * Fri Jul 27 2012 Fedora Release Engineering <[email protected]> - 3.2.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed Jul 18 2012 Karsten Hopp <[email protected]> 3.2.5-5 - include <linux/types.h> in some to avoid type clashes. same problem as rhbz #840902 -------------------------------------------------------------------------------- References: [ 1 ] Bug #862761 - Source file license ambiguities https://bugzilla.redhat.com/show_bug.cgi?id=862761 -------------------------------------------------------------------------------- ================================================================================ oxygen-gtk2-1.3.1-1.fc16 (FEDORA-2012-15503) Oxygen GTK+2 theme -------------------------------------------------------------------------------- Update Information: oxygen-gtk2-v1.3.1, oxygen-gtk3-v1.1.1 - thread-proof timers used for transitions and animations - Safer code for Groupbox appearance - proper rendering of flat GtkEntries - honor custom color for menu background - more testing options for the demo application See https://projects.kde.org/news/170 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Alexey Kurov <[email protected]> - 1.3.1-1 - oxygen-gtk2-1.3.1 * Fri Jul 20 2012 Fedora Release Engineering <[email protected]> - 1.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #851846 - [abrt] nntpgrab-gui-0.7.2-1.fc17: gtk_widget_compute_expand: Process /usr/bin/nntpgrab_gui was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=851846 -------------------------------------------------------------------------------- ================================================================================ oxygen-gtk3-1.1.1-1.fc16 (FEDORA-2012-15503) Oxygen GTK+3 theme -------------------------------------------------------------------------------- Update Information: oxygen-gtk2-v1.3.1, oxygen-gtk3-v1.1.1 - thread-proof timers used for transitions and animations - Safer code for Groupbox appearance - proper rendering of flat GtkEntries - honor custom color for menu background - more testing options for the demo application See https://projects.kde.org/news/170 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 5 2012 Alexey Kurov <[email protected]> - 1:1.1.1-1 - oxygen-gtk3-1.1.1 * Fri Jul 20 2012 Fedora Release Engineering <[email protected]> - 1:1.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #851846 - [abrt] nntpgrab-gui-0.7.2-1.fc17: gtk_widget_compute_expand: Process /usr/bin/nntpgrab_gui was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=851846 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-Template-Pro-0.9509-1.fc16 (FEDORA-2012-15482) Perl/XS module to use HTML Templates from CGI scripts -------------------------------------------------------------------------------- Update Information: This version of HTML::Template::Pro fixes a cross-site scripting (XSS) vulnerability in the module. http://www.openwall.com/lists/oss-security/2011/12/19/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 4 2012 Emmanuel Seyman <[email protected]> - 0.9509-1 - Update to 0.9509 (CVE-2011-4616, #773453) - Add default perl filter -------------------------------------------------------------------------------- References: [ 1 ] Bug #768822 - CVE-2011-4616 perl-HTML-Template-Pro: XSS issue https://bugzilla.redhat.com/show_bug.cgi?id=768822 -------------------------------------------------------------------------------- ================================================================================ python-odict-1.5.0-4.fc16 (FEDORA-2012-15495) Ordered dictionary -------------------------------------------------------------------------------- Update Information: Version 1.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #862853 - Review Request: python-odict - Ordered dictionary https://bugzilla.redhat.com/show_bug.cgi?id=862853 -------------------------------------------------------------------------------- ================================================================================ ruby-1.8.7.358-4.fc16 (FEDORA-2012-15507) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information: Some security flaws were found on ruby currently shipped on Fedora 17 where malicious user can bypass safe mechanize by raising exception intentionally and make arbitrary strings tainted. This flaw were now registered as CVE-2012-4464 and CVE-2012-4466. Note that CVE-2012-4464 is basically the same as CVE-2011-1005, which was supposed to be already fixed on ruby 1.8.x branch but it proved that the fix was incomplete. This new rpm will fix the above issue. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 4 2012 Mamoru Tasaka <[email protected]> - 1.8.7.358-4 - Also backport fix for the left part of CVE-2011-1005 (causing the same issue as CVE-2012-4464) (Vít Ondruch <[email protected]>) * Thu Oct 4 2012 Mamoru Tasaka <[email protected]> - 1.8.7.358-3 - Backport fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch -------------------------------------------------------------------------------- References: [ 1 ] Bug #862907 - CVE-2012-4464 CVE-2012-4466 ruby: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=862907 -------------------------------------------------------------------------------- -- test mailing list [email protected] To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
