The following Fedora 19 Security updates need testing: Age URL 45 https://admin.fedoraproject.org/updates/FEDORA-2013-4753/microcode_ctl-2.0-3.1.fc19 32 https://admin.fedoraproject.org/updates/FEDORA-2013-5801/mantis-1.2.15-1.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2013-7098/xmp-3.5.0-3.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2013-7979/tomcat-7.0.40-2.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-8023/openstack-keystone-2013.1.1-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2013-8116/clamav-0.97.8-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2013-8113/krb5-1.11.2-5.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2013-8134/gallery3-3.0.7-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2013-8166/python-virtualenv-1.9.1-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-8328/owncloud-4.5.11-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-8338/varnish-3.0.3-5.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-8370/thunderbird-17.0.6-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-8513/xen-4.2.2-5.fc19 The following builds have been pushed to Fedora 19 updates-testing NetworkManager-0.9.8.1-4.git20130515.fc19 createrepo-0.9.9-21.fc19 debootstrap-1.0.50-1.fc19 fuse-2.9.2-3.fc19 grilo-0.2.6-1.fc19 grilo-plugins-0.2.7-1.fc19 josm-0-0.44.5939svn.fc19 libcec-2.1.3-1.fc19 libdivecomputer-0.4.0-1.fc19 libewf-20130416-1.fc19 libpst-0.6.59-1.fc19 minised-1.14-2.fc19 network-manager-applet-0.9.8.1-4.git20130514.fc19 oddjob-0.31.4-1.fc19 perl-Event-Lib-1.03-20.fc19 python-mimeparse-0.1.4-1.fc19 python-testtools-0.9.30-1.fc19 subsurface-3.1-1.fc19 xen-4.2.2-5.fc19 yelp-3.8.1-2.fc19 zhu3d-4.2.6-1.fc19 Details about builds: ================================================================================ NetworkManager-0.9.8.1-4.git20130515.fc19 (FEDORA-2013-8509) Network connection manager and user applications -------------------------------------------------------------------------------- Update Information: This update enables hardened builds for increased security and fixes an issue with a potential crash when removing slaves from bridge/bond master interfaces. -------------------------------------------------------------------------------- ChangeLog: * Fri May 17 2013 Dan Williams <dcbw@xxxxxxxxxx> - 0.9.8.1-4.git20130515 - core: fix potential crash removing slaves from bond/bridge masters * Fri May 10 2013 Dan Williams <dcbw@xxxxxxxxxx> - 0.9.8.1-3.git20130514 - Enable hardened build - core: fix issue with buggy access points being removed from wifi scan list * Tue May 7 2013 Dan Williams <dcbw@xxxxxxxxxx> - 0.9.8.1-2.git20130507 - core: fix issue with UI not showing disconnected on rfkill - core: memory leak fixes - core: silence warning about failure reading permanent MAC address (rh #907912) - core: wait up to 120s for slow-connecting modems - core: don't crash on PPPoE connections without a wired setting - core: ensure the AvailableConnections property is always correct - keyfile: ensure all-default VLAN connections are read correctly - core: suppress kernel's automatic creation of bond0 (rh #953466) - libnm-glib: make NMSecretAgent usable with GObject Introspection - libnm-util: fix GObject Introspection annotations of nm_connection_need_secrets() - core: documentation updates -------------------------------------------------------------------------------- References: [ 1 ] Bug #853199 - daemon programs should be compiled with PIE and full RELRO flags https://bugzilla.redhat.com/show_bug.cgi?id=853199 -------------------------------------------------------------------------------- ================================================================================ createrepo-0.9.9-21.fc19 (FEDORA-2013-8516) Creates a common metadata repository -------------------------------------------------------------------------------- Update Information: Sync with F-18 and F-20(rawhide) releases -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 17 2013 Zdenek Pavlas <zpavlas@xxxxxxxxxx> - 0.9.9-21 - update to latest HEAD - don't BuildRequire bash-completion in rhel - Fail for bad compress-type options to modifyrepo, like createrepo. BZ 886589 - Fix options documentation. BZ 892657. - modifyrepo: fix --compress option bug. BZ 950724 - modifyrepo: add --checksum and --{unique,simple}-md-filenames options * Thu Mar 28 2013 Zdenek Pavlas <zpavlas@xxxxxxxxxx> - 0.9.9-20 - package also "/etc/bash_completion.d"'s parent * Wed Mar 20 2013 Zdenek Pavlas <zpavlas@xxxxxxxxxx> - 0.9.9-19 - add BuildRequires: bash-completion * Wed Mar 20 2013 Zdenek Pavlas <zpavlas@xxxxxxxxxx> - 0.9.9-18 - add bash-completion aliases, use pkg-config. -------------------------------------------------------------------------------- ================================================================================ debootstrap-1.0.50-1.fc19 (FEDORA-2013-8512) Debian GNU/Linux bootstrapper -------------------------------------------------------------------------------- Update Information: New upstream release. - add support for 'jessie' release - print version and revision information when retrieving the packages -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 1.0.50-1 - new upstream release: + add support for 'jessie' release + print version and revision information when retrieving the packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #959902 - debootstrap-1.0.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=959902 -------------------------------------------------------------------------------- ================================================================================ fuse-2.9.2-3.fc19 (FEDORA-2013-8511) File System in Userspace (FUSE) utilities -------------------------------------------------------------------------------- Update Information: - Removed pre-F12 stuff - Dropped ancient dependency on initscripts and chkconfig -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 2.9.2-3 - Removed pre-F12 stuff - Dropped ancient dependency on initscripts and chkconfig -------------------------------------------------------------------------------- ================================================================================ grilo-0.2.6-1.fc19 (FEDORA-2013-8505) Content discovery framework -------------------------------------------------------------------------------- Update Information: New upstream releases of grilo and grilo-plugins. For details see: - https://mail.gnome.org/archives/grilo-list/2013-May/msg00011.html - https://mail.gnome.org/archives/grilo-list/2013-May/msg00012.html In addition to the changes from upstream, this build includes a packaging change to avoid pulling in yelp as grilo-plugins dependency. -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Kalev Lember <kalevlember@xxxxxxxxx> - 0.2.6-1 - Update to 0.2.6 - Drop the vala sed hack, 0.2.6 now works with recent vala - Include man pages -------------------------------------------------------------------------------- References: [ 1 ] Bug #964421 - grilo-plugins depends on yelp which in turn pulls in gnome-user-docs just for a single empty directory https://bugzilla.redhat.com/show_bug.cgi?id=964421 -------------------------------------------------------------------------------- ================================================================================ grilo-plugins-0.2.7-1.fc19 (FEDORA-2013-8505) Plugins for the Grilo framework -------------------------------------------------------------------------------- Update Information: New upstream releases of grilo and grilo-plugins. For details see: - https://mail.gnome.org/archives/grilo-list/2013-May/msg00011.html - https://mail.gnome.org/archives/grilo-list/2013-May/msg00012.html In addition to the changes from upstream, this build includes a packaging change to avoid pulling in yelp as grilo-plugins dependency. -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Kalev Lember <kalevlember@xxxxxxxxx> - 0.2.7-1 - Update to 0.2.7 * Sat May 18 2013 Kalev Lember <kalevlember@xxxxxxxxx> - 0.2.6-2 - Use the find_lang --with-gnome macro for help files - Drop the dep on yelp (#964421) -------------------------------------------------------------------------------- References: [ 1 ] Bug #964421 - grilo-plugins depends on yelp which in turn pulls in gnome-user-docs just for a single empty directory https://bugzilla.redhat.com/show_bug.cgi?id=964421 -------------------------------------------------------------------------------- ================================================================================ josm-0-0.44.5939svn.fc19 (FEDORA-2013-8518) An editor for OpenStreetMap (OSM) -------------------------------------------------------------------------------- Update Information: Update to 5939 svn revision -------------------------------------------------------------------------------- ChangeLog: * Fri May 17 2013 Cédric OLIVIER <cedric.olivier@xxxxxxx> 0-0.44.5939svn - Update to 5939 svn revision * Wed May 1 2013 Cédric OLIVIER <cedric.olivier@xxxxxxx> 0-0.43.5836svn - Update to 5836 svn revision -------------------------------------------------------------------------------- References: [ 1 ] Bug #961084 - josm needs to be updated https://bugzilla.redhat.com/show_bug.cgi?id=961084 -------------------------------------------------------------------------------- ================================================================================ libcec-2.1.3-1.fc19 (FEDORA-2013-8519) Library and utilities for HDMI-CEC device control -------------------------------------------------------------------------------- Update Information: Update to latest 2.1.3 upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri May 17 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 2.1.3-1 - Update to 2.1.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #963612 - RFE: update libcec to 2.1 in Fedora 18 https://bugzilla.redhat.com/show_bug.cgi?id=963612 -------------------------------------------------------------------------------- ================================================================================ libdivecomputer-0.4.0-1.fc19 (FEDORA-2013-8504) Library for communication with dive computers -------------------------------------------------------------------------------- Update Information: Update to subsurface 3.1 and libdivecomputer 0.4.0 More information at: https://subsurface.hohndel.org/2013/05/subsurface-3-1-has-been-released/ -------------------------------------------------------------------------------- ChangeLog: * Fri May 17 2013 Pierre-Yves Chibon - 0.4.0-1 - Update to the 0.4.0 release -------------------------------------------------------------------------------- ================================================================================ libewf-20130416-1.fc19 (FEDORA-2013-8520) Library for the Expert Witness Compression Format (EWF) -------------------------------------------------------------------------------- Update Information: Update to 20130416 -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Nicolas Chauvet <kwizart@xxxxxxxxx> - 20130416-1 - Update to 20130416 -------------------------------------------------------------------------------- ================================================================================ libpst-0.6.59-1.fc19 (FEDORA-2013-8514) Utilities to convert Outlook .pst files to other formats -------------------------------------------------------------------------------- Update Information: add autoconf checking for libgsf -------------------------------------------------------------------------------- ChangeLog: * Fri May 17 2013 Carl Byington <carl@xxxxxxxxxxxxxxx> 0.6.59-1 - add autoconf checking for libgsf * Fri Mar 29 2013 Carl Byington <carl@xxxxxxxxxxxxxxx> 0.6.58-4 - add autoreconf for aarch64 -------------------------------------------------------------------------------- ================================================================================ minised-1.14-2.fc19 (FEDORA-2013-8521) A smaller, cheaper, faster SED implementation -------------------------------------------------------------------------------- Update Information: Very OLD sed implemention before GNU sed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #957465 - Review Request: minised - A smaller, cheaper, faster SED implementation https://bugzilla.redhat.com/show_bug.cgi?id=957465 -------------------------------------------------------------------------------- ================================================================================ network-manager-applet-0.9.8.1-4.git20130514.fc19 (FEDORA-2013-8509) A network control and status applet for NetworkManager -------------------------------------------------------------------------------- Update Information: This update enables hardened builds for increased security and fixes an issue with a potential crash when removing slaves from bridge/bond master interfaces. -------------------------------------------------------------------------------- ChangeLog: * Tue May 14 2013 Dan Williams <dcbw@xxxxxxxxxx> - 0.9.8.1-4.git20130514 - Updated translations - applet: don't show Security combo when AP security is known * Tue Apr 30 2013 Dan Williams <dcbw@xxxxxxxxxx> - 0.9.8.1-1.git20130430 - editor: fix possible crash canceling connection edit dialog - applet: only request secrets from the user when allowed to - applet: fix signal icons with newer libpng - applet: fix possible crash getting secrets with libsecret -------------------------------------------------------------------------------- References: [ 1 ] Bug #853199 - daemon programs should be compiled with PIE and full RELRO flags https://bugzilla.redhat.com/show_bug.cgi?id=853199 -------------------------------------------------------------------------------- ================================================================================ oddjob-0.31.4-1.fc19 (FEDORA-2013-8506) A D-Bus service which runs odd jobs on behalf of client applications -------------------------------------------------------------------------------- Update Information: This update corrects the included systemd unit file so that the service can actually be enabled. -------------------------------------------------------------------------------- ChangeLog: * Fri May 17 2013 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.31.4-1 - add an [Install] section containing WantedBy=sysinit.target to the systemd unit file (#963722), allowing it to actually be "enabled" -------------------------------------------------------------------------------- References: [ 1 ] Bug #963722 - oddjob can not be started through d-bus https://bugzilla.redhat.com/show_bug.cgi?id=963722 -------------------------------------------------------------------------------- ================================================================================ perl-Event-Lib-1.03-20.fc19 (FEDORA-2013-8508) Perl wrapper around libevent -------------------------------------------------------------------------------- Update Information: Fix segfault -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Nicolas Chauvet <kwizart@xxxxxxxxx> - 1.03-20 - Fix segfault with perl 5.16 - rhbz#958361 -------------------------------------------------------------------------------- References: [ 1 ] Bug #958361 - perl -MEvent::Lib gives Segmentation fault https://bugzilla.redhat.com/show_bug.cgi?id=958361 -------------------------------------------------------------------------------- ================================================================================ python-mimeparse-0.1.4-1.fc19 (FEDORA-2013-8510) Python module for parsing mime-type names -------------------------------------------------------------------------------- Update Information: - update to 0.1.4 with python3 support -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Pádraig Brady <P@xxxxxxxxxxxxxx> - 0.1.4-1 - Update to release 0.1.4 -------------------------------------------------------------------------------- ================================================================================ python-testtools-0.9.30-1.fc19 (FEDORA-2013-8515) Extensions to the Python unit testing framework -------------------------------------------------------------------------------- Update Information: - update to 0.9.30 -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Pádraig Brady <pbrady@xxxxxxxxxx> - 0.9.30-1 - Update to 0.9.30 -------------------------------------------------------------------------------- ================================================================================ subsurface-3.1-1.fc19 (FEDORA-2013-8504) Rough divelog in C and Gtk -------------------------------------------------------------------------------- Update Information: Update to subsurface 3.1 and libdivecomputer 0.4.0 More information at: https://subsurface.hohndel.org/2013/05/subsurface-3-1-has-been-released/ -------------------------------------------------------------------------------- ChangeLog: * Fri May 17 2013 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 3.1-1 - Update to 3.1 - Add BR on sqlite-devel -------------------------------------------------------------------------------- ================================================================================ xen-4.2.2-5.fc19 (FEDORA-2013-8513) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] xen-devel should require libuuid-devel, pygrub menu items can include too much text -------------------------------------------------------------------------------- ChangeLog: * Fri May 17 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.2-5 - xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241) * Tue May 14 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.2-4 - xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524) -------------------------------------------------------------------------------- References: [ 1 ] Bug #962322 - CVE-2013-2072 xen: Buffer overflow in xencontrol Python bindings affecting xend https://bugzilla.redhat.com/show_bug.cgi?id=962322 -------------------------------------------------------------------------------- ================================================================================ yelp-3.8.1-2.fc19 (FEDORA-2013-8517) Help browser for the GNOME desktop -------------------------------------------------------------------------------- Update Information: yelp should depend on yelp-libs not the other way around -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1:3.8.1-2 - yelp should depend on yelp-libs not the other way around -------------------------------------------------------------------------------- ================================================================================ zhu3d-4.2.6-1.fc19 (FEDORA-2013-8507) Interactive OpenGL-based mathematical function viewer -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Sat May 18 2013 Siddharth Sharma <siddharths@xxxxxxxxxxxxxxxxx> - 4.2.6-1 - Upstream update to 4.2.6 - Remove libGLU Patch -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
