The following Fedora 17 Security updates need testing: Age URL 273 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-... 85 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-car... 55 https://admin.fedoraproject.org/updates/FEDORA-2013-2143/rubygem-rdoc-3.12-5... 51 https://admin.fedoraproject.org/updates/FEDORA-2013-2315/rubygem-rack-1.4.0-... 13 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-4174/glibc-2.15-59.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2013-4296/tomcat6-6.0.36-1.fc... 8 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4533/bind-9.9.2-7.P2.fc1... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4536/roundcubemail-0.8.6... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4531/mongodb-2.2.3-4.fc1... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4522/libarchive-3.0.4-3.... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4516/drupal7-rules-2.3-1... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4528/asterisk-10.12.2-1.... 5 https://admin.fedoraproject.org/updates/FEDORA-2013-4598/389-ds-base-1.2.11.... 5 https://admin.fedoraproject.org/updates/FEDORA-2013-4576/mingw-libarchive-3.... 5 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc... 3 https://admin.fedoraproject.org/updates/FEDORA-2013-4619/polarssl-1.1.6-1.fc... 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4827/haproxy-1.4.23-1.fc... 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4834/mod_security-2.7.3-... 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4818/clamav-0.97.7-1.fc1... 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4802/xulrunner-20.0-1.fc...
The following Fedora 17 Critical Path updates have yet to be approved: Age URL 225 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1... 54 https://admin.fedoraproject.org/updates/FEDORA-2013-2163/policycoreutils-2.1... 33 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 14 https://admin.fedoraproject.org/updates/FEDORA-2013-4140/audit-2.2.3-2.fc17 13 https://admin.fedoraproject.org/updates/FEDORA-2013-4216/xorg-x11-drv-intel-... 13 https://admin.fedoraproject.org/updates/FEDORA-2013-4174/glibc-2.15-59.fc17 12 https://admin.fedoraproject.org/updates/FEDORA-2013-4308/libnotify-0.7.5-5.f... 8 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-4522/libarchive-3.0.4-3.... 5 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc... 1 https://admin.fedoraproject.org/updates/FEDORA-2013-4730/koji-1.8.0-1.fc17 0 https://admin.fedoraproject.org/updates/FEDORA-2013-4802/xulrunner-20.0-1.fc... The following builds have been pushed to Fedora 17 updates-testing
anki-2.0.8-2.fc17 bitlbee-3.2-3.fc17 c++-gtk-utils-2.0.16-2.fc17 clamav-0.97.7-1.fc17 firefox-20.0-1.fc17 haproxy-1.4.23-1.fc17 jd-2.8.6-0.6.svn4107_trunk.fc17 kde-plasma-alsa-volume-0.42.2-1.fc17 mod_security-2.7.3-1.fc17 perl-WWW-GoodData-1.9-1.fc17 spring-94.1-1.fc17 springlobby-0.169-1.fc17 transmission-2.77-2.fc17 xulrunner-20.0-1.fc17
Details about builds:
================================================================================ anki-2.0.8-2.fc17 (FEDORA-2013-4830) Flashcard program for using space repetition learning -------------------------------------------------------------------------------- Update Information:
This update fixes the selection of the filter in the browser view:
https://anki.lighthouseapp.com/projects/100923/tickets/729-browser-filter-tr... -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 1 2013 Christian Krause chkr@fedoraproject.org - 2.0.8-2 - Add patch to fix filter selection in browser view: https://anki.lighthouseapp.com/projects/100923/tickets/729-browser-filter-tr... --------------------------------------------------------------------------------
================================================================================ bitlbee-3.2-3.fc17 (FEDORA-2013-4821) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information:
Add upstream patch to avoid double-free crash (#922447) -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 2 2013 Matěj Cepl mcepl@redhat.com - 3.2-3 - Add upstream patch to avoid double-free crash (#922447) * Thu Mar 14 2013 Robert Scheck robert@fedoraproject.org 3.2-2 - Add accidentially lost OTR support for RHEL 5 and 6 (#919912) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #922447 - bitlbee crashes on disconnection due to a memory problem https://bugzilla.redhat.com/show_bug.cgi?id=922447 --------------------------------------------------------------------------------
================================================================================ c++-gtk-utils-2.0.16-2.fc17 (FEDORA-2013-4799) A library for GTK+ programming with C++ -------------------------------------------------------------------------------- Update Information:
Enable aarch64 support (bz 925145). -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 28 2013 Frederik Holden frederik+fedora@frh.no - 2.0.16-2 - Temporary fix for bz 925145 (aarch64 support) until new upstream release. - Changed the build step so it doesn't unnecessarily ./configure twice. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #925145 - c++-gtk-utils: Does not support aarch64 in f19 and rawhide https://bugzilla.redhat.com/show_bug.cgi?id=925145 --------------------------------------------------------------------------------
================================================================================ clamav-0.97.7-1.fc17 (FEDORA-2013-4818) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information:
Update to 0.97.7 which fixes several potential security issues -------------------------------------------------------------------------------- ChangeLog:
* Sat Mar 23 2013 Nick Bebout nb@fedoraproject.org - 0.97.7-1 - Update to 0.97.7 * Wed Feb 13 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.97.6-1901 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #922848 - clamav: Multiple potential security issues fixed in 0.97.7 version https://bugzilla.redhat.com/show_bug.cgi?id=922848 --------------------------------------------------------------------------------
================================================================================ firefox-20.0-1.fc17 (FEDORA-2013-4802) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information:
Firefox release notes: - http://www.mozilla.org/en-US/firefox/20.0/releasenotes/ Thunderbird release notes: - https://www.mozilla.org/en-US/thunderbird/17.0.5/releasenotes/ -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 1 2013 Martin Stransky stransky@redhat.com - 20.0-1 - Updated to 20.0 * Mon Mar 18 2013 Martin Stransky stransky@redhat.com - 19.0.2-2 - Added fix for mozbz#239254 - local cache dir --------------------------------------------------------------------------------
================================================================================ haproxy-1.4.23-1.fc17 (FEDORA-2013-4827) HA-Proxy is a TCP/HTTP reverse proxy for high availability environments -------------------------------------------------------------------------------- Update Information:
Update to upstream stable release 1.4.23. -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 2 2013 Ryan O'Hara rohara@redhat.com - 1.4.23-1 - Update to 1.4.23 (CVE-2013-1912, #947697) - Drop supplementary groups after setuid/setgid (#894626) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #947581 - CVE-2013-1912 haproxy: rewrite rules flaw can lead to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=947581 --------------------------------------------------------------------------------
================================================================================ jd-2.8.6-0.6.svn4107_trunk.fc17 (FEDORA-2013-4811) A 2ch browser -------------------------------------------------------------------------------- Update Information:
Update to the latest trunk, including new youtube thumbnail support -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 2 2013 Mamoru TASAKA mtasaka@fedoraproject.org - Update to the latest trunk --------------------------------------------------------------------------------
================================================================================ kde-plasma-alsa-volume-0.42.2-1.fc17 (FEDORA-2013-4813) ALSA Volume Control plasmoid -------------------------------------------------------------------------------- Update Information:
some fixes & improvements; -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 2 2013 Fl@sh kaperang07@gmail.com - 0.42.2-1 - version update --------------------------------------------------------------------------------
================================================================================ mod_security-2.7.3-1.fc17 (FEDORA-2013-4834) Security module for the Apache HTTP Server -------------------------------------------------------------------------------- Update Information:
Update to 2.7.3. Upstream changelog: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES -------------------------------------------------------------------------------- ChangeLog:
* Sat Mar 30 2013 Athmane Madjoudj athmane@fedoraproject.org 2.7.3-1 - Update to 2.7.3 * Fri Jan 25 2013 Athmane Madjoudj athmane@fedoraproject.org 2.7.2-1 - Update to 2.7.2 - Update source url in the spec. * Thu Nov 22 2012 Athmane Madjoudj athmane@fedoraproject.org 2.7.1-5 - Use conditional for loading mod_unique_id (rhbz #879264) - Fix syntax errors on httpd 2.4.x by using IncludeOptional (rhbz #879264, comment #2) * Mon Nov 19 2012 Peter Vrabec pvrabec@redhat.com 2.7.1-4 - mlogc subpackage is not provided on RHEL7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #947842 - CVE-2013-1915 mod_security: Vulnerable to XXE attacks https://bugzilla.redhat.com/show_bug.cgi?id=947842 --------------------------------------------------------------------------------
================================================================================ perl-WWW-GoodData-1.9-1.fc17 (FEDORA-2013-4828) Client library for GoodData REST-ful API -------------------------------------------------------------------------------- Update Information:
Update to 1.9 to fix for API changes. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 3 2013 Lubomir Rintel (GoodData) lubo.rintel@gooddata.com 1.9-1 - Rebase * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Oct 11 2012 Lubomir Rintel (GoodData) lubo.rintel@gooddata.com 1.7-2 - Fix the auth handler for clients that use stock LWP::UserAgent * Wed Aug 22 2012 Lubomir Rintel (GoodData) lubo.rintel@gooddata.com 1.7-1 - Rebase * Fri Jul 20 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jun 16 2012 Petr Pisar ppisar@redhat.com - 1.6-2 - Perl 5.16 rebuild --------------------------------------------------------------------------------
================================================================================ spring-94.1-1.fc17 (FEDORA-2013-4822) Multiplayer, 3D realtime strategy combat game -------------------------------------------------------------------------------- Update Information:
- Version 94.1, major spring/springlobby upstream release. - Drop the E323AI UTC time patch. - Fix #921690. - Update the DSO, assimp-remove patches. - pr-downloader still disabled due to excessive DSO issues.
-------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 1 2013 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 94.1-1 - Version 94.1, major spring/springlobby upstream release. - Drop the E323AI UTC time patch. - Update the DSO, assimp-remove patches. - pr-downloader still disabled due to excessive DSO issues. * Sat Feb 9 2013 Denis Arnaud denis.arnaud_fedora@m4x.org - 91.0-3 - Rebuild for Boost-1.53.0 * Thu Dec 13 2012 Adam Jackson ajax@redhat.com - 91.0-2 - Rebuild for glew 1.9.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #921690 - spring 93.1 is available - new version https://bugzilla.redhat.com/show_bug.cgi?id=921690 --------------------------------------------------------------------------------
================================================================================ springlobby-0.169-1.fc17 (FEDORA-2013-4824) A lobby client for the spring RTS game engine -------------------------------------------------------------------------------- Update Information:
- Version 0.169, major spring/springlobby upstream release. - Fix #921690. - GTK2 patch dropped. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 1 2013 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 0.169-1 - Version 0.169, major spring/springlobby upstream release. - Fix #921690. - GTK2 patch dropped. * Sun Feb 24 2013 Rahul Sundaram sundaram@fedoraproject.org - 0.147-4 - Rebuild for rb_libtorrent soname bump - Clean up spec to follow current guidelines * Sat Feb 9 2013 Denis Arnaud denis.arnaud_fedora@m4x.org - 0.147-3 - Rebuild for Boost-1.53.0 * Sun Feb 3 2013 Kevin Fenzi kevin@scrye.com - 0.147-2 - Rebuild for broken deps in rawhide -------------------------------------------------------------------------------- References:
[ 1 ] Bug #921690 - spring 93.1 is available - new version https://bugzilla.redhat.com/show_bug.cgi?id=921690 --------------------------------------------------------------------------------
================================================================================ transmission-2.77-2.fc17 (FEDORA-2013-4825) A lightweight GTK+ BitTorrent client -------------------------------------------------------------------------------- Update Information:
revert use of systemd macros -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 2 2013 Rahul Sundaram sundaram@fedorapeople.org - 2.77-2 - fix use of systemd macros. resolves rhbz#947627 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #947627 - transmission-2.77-1.fc17.x86_64 spews errors from Fedora 18+ specific %systemd_post macro https://bugzilla.redhat.com/show_bug.cgi?id=947627 --------------------------------------------------------------------------------
================================================================================ xulrunner-20.0-1.fc17 (FEDORA-2013-4802) XUL Runtime for Gecko Applications -------------------------------------------------------------------------------- Update Information:
Firefox release notes: - http://www.mozilla.org/en-US/firefox/20.0/releasenotes/ Thunderbird release notes: - https://www.mozilla.org/en-US/thunderbird/17.0.5/releasenotes/ -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 19 2013 Martin Stransky stransky@redhat.com - 20.0-1 - Update to latest upstream (20.0) * Tue Mar 19 2013 Martin Stransky stransky@redhat.com - 19.0.2-4 - Added fix for rhbz#913284 - Firefox segfaults in mozilla::gfx::AlphaBoxBlur::BoxBlur_C() on PPC64 * Tue Mar 19 2013 Martin Stransky stransky@redhat.com - 19.0.2-3 - Added fix for mozbz#826171/rhbz#922904 - strndup implementation in memory/build/mozmemory_wrap.c is broken --------------------------------------------------------------------------------