The following Fedora 17 Security updates need testing: Age URL 385 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-... 197 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-car... 125 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17 120 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc... 117 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc... 49 https://admin.fedoraproject.org/updates/FEDORA-2013-10121/subversion-1.7.10-... 39 https://admin.fedoraproject.org/updates/FEDORA-2013-10940/tomcat6-6.0.37-1.f... 7 https://admin.fedoraproject.org/updates/FEDORA-2013-13202/fdupes-1.51-1.fc17 5 https://admin.fedoraproject.org/updates/FEDORA-2013-13252/moodle-2.2.11-1.fc... 5 https://admin.fedoraproject.org/updates/FEDORA-2013-13231/rubygem-passenger-... 2 https://admin.fedoraproject.org/updates/FEDORA-2013-13381/ghc-xmonad-contrib... 1 https://admin.fedoraproject.org/updates/FEDORA-2013-13473/openttd-1.3.0-2.fc... 1 https://admin.fedoraproject.org/updates/FEDORA-2013-13499/analitza-4.10.5-1.... 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13610/perl-Proc-ProcessT... 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13647/gksu-polkit-0.0.3-... 0 https://admin.fedoraproject.org/updates/FEDORA-2013-13459/squid-3.2.13-1.fc1...
The following Fedora 17 Critical Path updates have yet to be approved: Age URL 145 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17 8 https://admin.fedoraproject.org/updates/FEDORA-2013-13129/livecd-tools-17.18... 8 https://admin.fedoraproject.org/updates/FEDORA-2013-13082/selinux-policy-3.1... 7 https://admin.fedoraproject.org/updates/FEDORA-2013-13149/qtwebkit-2.3.2-1.f... 1 https://admin.fedoraproject.org/updates/FEDORA-2013-13499/analitza-4.10.5-1....
The following builds have been pushed to Fedora 17 updates-testing
duply-1.5.11-1.fc17 gksu-polkit-0.0.3-8.gitf8ce834c.fc17 libssh-0.5.4-5.fc17 mate-power-manager-1.6.2-1.fc17 perl-Proc-ProcessTable-0.48-1.fc17 printrun-0.0-28.20130711gitb8f549b.fc17
Details about builds:
================================================================================ duply-1.5.11-1.fc17 (FEDORA-2013-13641) Wrapper for duplicity -------------------------------------------------------------------------------- Update Information:
Update to 1.5.11.
Upstream changelog:
- purge-incr command for remove-all-inc-of-but-n-full feature added patch provided by Moritz Augsburger, thanks! - documented version command in man page -------------------------------------------------------------------------------- ChangeLog:
* Tue Jul 23 2013 Thomas Moschny thomas.moschny@gmx.de - 1.5.11-1 - Update to 1.5.11. --------------------------------------------------------------------------------
================================================================================ gksu-polkit-0.0.3-8.gitf8ce834c.fc17 (FEDORA-2013-13647) Command line utility to run programs as root -------------------------------------------------------------------------------- Update Information:
* Recreate tarball from proper sources; previous package was shipping an unknown code tarball.
* Add proper patching for CVE-2012-5617/CVE-2013-4161, the previous fix was creating a patch file and not patching the code.
* Use proper bus name in service file to fix service timeout. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jul 21 2013 Simone Caronni negativo17@gmail.com - 0.0.3-8.gitf8ce834c - Update to git snapshot, add script to recreate tarball. - Fix Patch1, was creating a patch file and not patching files. - Add fix to service file from Jan Pokorný (#975541). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #987561 - CVE-2013-4161 gksu-polkit: improper patching of CVE-2012-5617 https://bugzilla.redhat.com/show_bug.cgi?id=987561 [ 2 ] Bug #883162 - CVE-2012-5617 gksu-polkit: privilege escalation due to improper authentication settings in policykit configuration file https://bugzilla.redhat.com/show_bug.cgi?id=883162 --------------------------------------------------------------------------------
================================================================================ libssh-0.5.4-5.fc17 (FEDORA-2013-13653) A library implementing the SSH2 protocol (0xbadc0de version) -------------------------------------------------------------------------------- Update Information:
Add EPEL 5 support and enable Doxygen documentation. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 18 2013 Simone Caronni negativo17@gmail.com - 0.5.4-5 - Add EPEL 5 support. - Add Debian patches to enable Doxygen documentation. --------------------------------------------------------------------------------
================================================================================ mate-power-manager-1.6.2-1.fc17 (FEDORA-2013-13623) MATE power management service -------------------------------------------------------------------------------- Update Information:
update to 1.6.2 release
Features: - Removed systemd-daemon dependency and check at runtime if systemd-logind is running - Improved systemd-logind support
Bug fixes: - Dont rely only on consolekit for button pressed event - rhbz (#972881) -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 24 2013 Wolfgang Ulbrich chat-to-me@raveit.de - 1.6.2-1 - update to 1.6.2 release - fix systemd-login1 support, (#972881) - remove runtime require ConsoleKit-x11 - remove gsettings convert file - remove runtime require ConsoleKit-x11 - remove BR systemd-devel - remove systemd configure flags - remove NOCONFIGURE=1 ./autogen.sh --------------------------------------------------------------------------------
================================================================================ perl-Proc-ProcessTable-0.48-1.fc17 (FEDORA-2013-13610) Perl extension to access the Unix process table -------------------------------------------------------------------------------- Update Information:
This update, to the current upstream maintenance release, fixes numerous bugs (as mentioned in the package changelog), including unsafe usage of /tmp when caching is enabled (CVE-2011-4363), which could allow an attacker to overwrite arbitrary files due to a race condition. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 24 2013 Paul Howarth paul@city-fan.org - 0.48-1 - Update to 0.48 - Make module thread-safe on linux (CPAN RT#38709) - New constructor flag enable_ttys, which when set to 0 disables traversing the device tree - New maintainer JSWARTZ - Fix reading process command lines (CPAN RT#51470) - Fixes for non-threaded perls (CPAN RT#41397, CPAN RT#46861, CPAN RT#58236) - Fix file descriptor leak (CPAN RT#69397) - Fix unsafe use of /tmp (CPAN RT#72862, CVE-2011-4363) - Various fixes for non-linux operating systems - Fix byte order tag in cache file (CPAN RT#72862) - Fixes to stay accurate on machines with many CPUs (CPAN RT#82175), to include system time into calculations (CPAN RT#80391) and others (CPAN RT#81312, CPAN RT#82175 and CPAN RT#80391) - Fix unknown process states for debian kernels (CPAN RT#71976) - Added tests - Drop ARG_MAX patch, no longer needed - Don't use macros for commands - Don't need to remove empty directories from the buildroot - Don't ship empty TODO file - Drop %defattr, redundant since rpm 4.4 - Specify all dependencies - Add %{?perl_default_filter} * Thu Jul 18 2013 Petr Pisar ppisar@redhat.com - 0.44-14 - Perl 5.18 rebuild * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.44-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Fri Jul 20 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.44-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Mon Jun 11 2012 Petr Pisar ppisar@redhat.com - 0.44-11 - Perl 5.16 rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #758866 - CVE-2011-4363 perl-Proc-ProcessTable: unsafe temporary file usage https://bugzilla.redhat.com/show_bug.cgi?id=758866 --------------------------------------------------------------------------------
================================================================================ printrun-0.0-28.20130711gitb8f549b.fc17 (FEDORA-2013-13603) RepRap printer interface and tools -------------------------------------------------------------------------------- Update Information:
New tag release fixinfg several bugs and adding more features. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 24 2013 Miro Hrončok mhroncok@redhat.com - 0.0-28.20130711gitb8f549b - New upstream tag release - Corrected bogus date in %changelog - Flush patch no longer needed - No longer NoArch - BR added Cython --------------------------------------------------------------------------------