The following Fedora 19 Security updates need testing: Age URL 88 https://admin.fedoraproject.org/updates/FEDORA-2013-5801/mantis-1.2.15-1.fc19 43 https://admin.fedoraproject.org/updates/FEDORA-2013-9715/heat-jeos-9-1.fc19 31 https://admin.fedoraproject.org/updates/FEDORA-2013-10678/python-keystoneclient-0.2.3-4.fc19 19 https://admin.fedoraproject.org/updates/FEDORA-2013-10467/openstack-keystone-2013.1.2-3.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2013-12321/gpm-1.20.6-33.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2013-12384/gallery3-3.0.9-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-12479/libzrtpcpp-2.3.4-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-12389/ansible-1.2.2-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-12526/nagstamon-0.9.9-9.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-12593/libXvMC-1.0.8-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2013-12667/file-roller-3.8.3-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-12698/seamonkey-2.19-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12948/openjpa-2.2.1-6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12663/ruby-2.0.0.247-13.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-12977/php-5.5.0-2.fc19 The following builds have been pushed to Fedora 19 updates-testing autofs-5.0.7-28.fc19 claws-mail-3.9.2-3.fc19 eclipse-fedorapackager-0.4.1-7.fc19 gnome-screenshot-3.8.3-1.fc19 gogui-1.4.8-1.fc19 graphviz-2.30.1-10.fc19 gstreamer1-1.0.8-1.fc19 gstreamer1-plugins-bad-free-1.0.8-1.fc19 gstreamer1-plugins-base-1.0.8-1.fc19 gstreamer1-plugins-good-1.0.8-1.fc19 libsoup-2.42.2-2.fc19 libvirt-1.0.5.4-1.fc19 mmapper-2.2.0-1.fc19 moodle-2.4.5-2.fc19 ninja-ide-2.3-1.fc19 nodejs-resolve-0.4.0-2.fc19 nodejs-tap-0.4.1-6.fc19 nodejs-temporary-0.0.5-1.fc19 openjpa-2.2.1-6.fc19 php-5.5.0-2.fc19 pidgin-sipe-1.16.1-1.fc19 python-doit-0.22.0-1.fc19 ruby-2.0.0.247-13.fc19 sticky-notes-0.4-2.fc19 Details about builds: ================================================================================ autofs-5.0.7-28.fc19 (FEDORA-2013-12952) A tool for automatically mounting and unmounting filesystems -------------------------------------------------------------------------------- Update Information: - add after sssd dependency to unit file. - fix a couple of compiler warnings, link with full reloc options, fix default path used for unitdir and fix changelog inconsistent dates. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Ian Kent <ikent@xxxxxxxxxx> - 1:5.0.7-28 - add after sssd dependency to unit file (bz984089). * Sat Jul 13 2013 Ian Kent <ikent@xxxxxxxxxx> - 1:5.0.7-27 - fix a couple of compiler warnings. * Fri Jul 12 2013 Ian Kent <ikent@xxxxxxxxxx> - 1:5.0.7-26 - link with full reloc options. * Fri Jul 12 2013 Ian Kent <ikent@xxxxxxxxxx> - 1:5.0.7-25 - fix default path used for unitdir. - fix changelog inconsistent dates. * Wed Jul 10 2013 Ian Kent <ikent@xxxxxxxxxx> - 1:5.0.7-24 - check for protocol option. - use ulimit max open files if greater than internal maximum. -------------------------------------------------------------------------------- References: [ 1 ] Bug #984089 - Consider adding After=sssd.service to autofs.service https://bugzilla.redhat.com/show_bug.cgi?id=984089 -------------------------------------------------------------------------------- ================================================================================ claws-mail-3.9.2-3.fc19 (FEDORA-2013-12959) Email client and news reader based on GTK+ -------------------------------------------------------------------------------- Update Information: Just some bug-fixes: * Claws Mail could crash easily upon creating/editing accounts (bug 981889). * The Fancy HTML mail plugin could crash when using "Save Image As" (bug 979700). * Require pinentry-gtk instead of the virtual pinentry-gui, because pinentry-qt fails silently (bug 981923). * Added a README.Fedora that mentions setting $TMPDIR when using Claws Mail together with Firefox (bug 956380). -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 3.9.2-3 - for Fedora based builds, require pinentry-gtk instead of the virtual pinentry-gui, because pinentry-qt fails silently (#981923) - fix crash in Plugins/Fancy "Save Image As" (#979700) - in %prep section create a README.Fedora %doc file which mentions setting $TMPDIR when using Claws Mail together with Firefox (#956380) * Mon Jul 8 2013 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 3.9.2-2 - fix double-free crash in "Preferences for new account" (#981889) -------------------------------------------------------------------------------- References: [ 1 ] Bug #981889 - [abrt] claws-mail-3.9.2-1.fc19: g_malloc: malloc(): smallbin double linked list corrupted https://bugzilla.redhat.com/show_bug.cgi?id=981889 [ 2 ] Bug #979700 - [abrt] claws-mail-3.9.1-2.fc18: gdk_window_set_geometry_hints: Process /usr/bin/claws-mail was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=979700 -------------------------------------------------------------------------------- ================================================================================ eclipse-fedorapackager-0.4.1-7.fc19 (FEDORA-2013-12947) Fedora Packager for Eclipse -------------------------------------------------------------------------------- Update Information: Added symlink and fixed compilation problem. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Krzysztof Daniel <kdaniel@xxxxxxxxxx> 0.4.1-7 - RHBZ#964415 - RHBZ#984047 -------------------------------------------------------------------------------- References: [ 1 ] Bug #964415 - eclipse-fedorapackager: Only documentation plugin loads https://bugzilla.redhat.com/show_bug.cgi?id=964415 [ 2 ] Bug #984047 - Fails to build in f19 & f20 https://bugzilla.redhat.com/show_bug.cgi?id=984047 -------------------------------------------------------------------------------- ================================================================================ gnome-screenshot-3.8.3-1.fc19 (FEDORA-2013-12961) A screenshot utility for GNOME -------------------------------------------------------------------------------- Update Information: New upstream stable release 3.8.3 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Rui Matos <rmatos@xxxxxxxxxx> - 3.8.3-1 - Update to 3.8.3 - Drop upstreamed patch * Mon Jun 24 2013 Matthias Clasen <mclasen@xxxxxxxxxx> - 3.8.2-2 - Update man page -------------------------------------------------------------------------------- ================================================================================ gogui-1.4.8-1.fc19 (FEDORA-2013-12956) Graphical user interface to programs that play the board game Go -------------------------------------------------------------------------------- Update Information: Merge 1.4.8 changes -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 11 2013 Christophe Burgun <jouty@xxxxxxxxxxxxxxxxx> 1.4.8-1 - Update gogui version -------------------------------------------------------------------------------- ================================================================================ graphviz-2.30.1-10.fc19 (FEDORA-2013-12971) Graph Visualization Tools -------------------------------------------------------------------------------- Update Information: This is an update that fixes manual pages and built-in help. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.30.1-10 - Various man and built-in help fixes * Tue Jun 25 2013 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.30.1-9 - Fixed handling of the libdir/graphviz directory * Tue Jun 11 2013 Remi Collet <rcollet@xxxxxxxxxx> - 2.30.1-8 - rebuild for new GD 2.1.0 * Wed May 15 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.30.1-7 - rebuild for lua 5.2 -------------------------------------------------------------------------------- ================================================================================ gstreamer1-1.0.8-1.fc19 (FEDORA-2013-12972) GStreamer streaming media framework runtime -------------------------------------------------------------------------------- Update Information: Latest stable bugfix release. For changes refer to: http://lists.freedesktop.org/archives/gstreamer-announce/2013-July/000284.html -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 1.0.8-1 - Update to 1.0.8. -------------------------------------------------------------------------------- ================================================================================ gstreamer1-plugins-bad-free-1.0.8-1.fc19 (FEDORA-2013-12972) GStreamer streaming media framework "bad" plugins -------------------------------------------------------------------------------- Update Information: Latest stable bugfix release. For changes refer to: http://lists.freedesktop.org/archives/gstreamer-announce/2013-July/000284.html -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 1.0.8-1 - Update to 1.0.8. * Tue May 7 2013 Colin Walters <walters@xxxxxxxxxx> - 1.0.7-2 - Move libgstdecklink to its correct place in extras; needed for RHEL -------------------------------------------------------------------------------- ================================================================================ gstreamer1-plugins-base-1.0.8-1.fc19 (FEDORA-2013-12972) GStreamer streaming media framework base plugins -------------------------------------------------------------------------------- Update Information: Latest stable bugfix release. For changes refer to: http://lists.freedesktop.org/archives/gstreamer-announce/2013-July/000284.html -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 1.0.8-1 - Update to 1.0.8. -------------------------------------------------------------------------------- ================================================================================ gstreamer1-plugins-good-1.0.8-1.fc19 (FEDORA-2013-12972) GStreamer plugins with good code and licensing -------------------------------------------------------------------------------- Update Information: Latest stable bugfix release. For changes refer to: http://lists.freedesktop.org/archives/gstreamer-announce/2013-July/000284.html -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 1.0.8-1 - Update to 1.0.8. -------------------------------------------------------------------------------- ================================================================================ libsoup-2.42.2-2.fc19 (FEDORA-2013-12976) Soup, an HTTP library implementation -------------------------------------------------------------------------------- Update Information: Fixes hangs/stalls in evolution and libgdata -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Dan Winship <danw@xxxxxxxxxx> - 2.42.2-2 - Add patch to fix hangs with SoupSessionSync (#976529 et al) -------------------------------------------------------------------------------- References: [ 1 ] Bug #976529 - e-mail compose hang https://bugzilla.redhat.com/show_bug.cgi?id=976529 -------------------------------------------------------------------------------- ================================================================================ libvirt-1.0.5.4-1.fc19 (FEDORA-2013-12963) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Rebased to version 1.0.5.4 * Fix crash on migration -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 1.0.5.4-1 - Rebased to version 1.0.5.4 - Fix crash on migration * Thu Jul 11 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 1.0.5.3-1 - Rebased to version 1.0.5.3 - Allow /dev/tty in LXC container (bz #982317) - Fix cpu hot-add with latest qemu (bz #979260) - Fix crash in udev logging (bz #969152) -------------------------------------------------------------------------------- ================================================================================ mmapper-2.2.0-1.fc19 (FEDORA-2013-12974) Graphical MUME mapper -------------------------------------------------------------------------------- Update Information: MMapper 2.2.0 release with compatibility fixes with latest MUME changes. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Kalev Lember <kalevlember@xxxxxxxxx> - 2.2.0-1 - Update to 2.2.0 -------------------------------------------------------------------------------- ================================================================================ moodle-2.4.5-2.fc19 (FEDORA-2013-12964) A Course Management System -------------------------------------------------------------------------------- Update Information: Latest upstream release for this branch. Correct unbundling of php-pear-HTML-Quickform. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 2.4.5-2 - Include two non-upstream additions to HTML-Quickform. * Fri Jul 12 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 2.4.5-1 - Latest upstream. -------------------------------------------------------------------------------- ================================================================================ ninja-ide-2.3-1.fc19 (FEDORA-2013-12944) Ninja IDE for Python development -------------------------------------------------------------------------------- Update Information: Update to 2.3 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Nikos Roussos <comzeradd@xxxxxxxxxxxxxxxxx> - 2.3-1 - Update to 2.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #983236 - [abrt] ninja-ide-2.2-1.fc19: plugins_manager.py:79:_format_for_table:TypeError: list indices must be integers, not unicode https://bugzilla.redhat.com/show_bug.cgi?id=983236 -------------------------------------------------------------------------------- ================================================================================ nodejs-resolve-0.4.0-2.fc19 (FEDORA-2013-12962) Resolve like require.resolve() on behalf of files asynchronously/synchronously -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #977134 - Review Request: nodejs-resolve - Resolve like require.resolve() on behalf of files asynchronously/synchronously https://bugzilla.redhat.com/show_bug.cgi?id=977134 -------------------------------------------------------------------------------- ================================================================================ nodejs-tap-0.4.1-6.fc19 (FEDORA-2013-12954) A Test Anything Protocol library -------------------------------------------------------------------------------- Update Information: This update fixes a broken dependency on inherits@1. This update fixes a broken dependency on inherits@1. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 11 2013 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.4.1-6 - temporarily disable test/segv.js, as in local mock the test receives SIGSEGV but in koji it receives SIGTERM instead * Wed Jul 10 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.4.1-5 - enable tests - force the use inherits@1 since this module is incompatible with inherits@2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #982799 - nodejs-tap test suite fails https://bugzilla.redhat.com/show_bug.cgi?id=982799 -------------------------------------------------------------------------------- ================================================================================ nodejs-temporary-0.0.5-1.fc19 (FEDORA-2013-12966) An easy way to create temporary files and directories -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #977135 - Review Request: nodejs-temporary - An easy way to create temporary files and directories https://bugzilla.redhat.com/show_bug.cgi?id=977135 -------------------------------------------------------------------------------- ================================================================================ openjpa-2.2.1-6.fc19 (FEDORA-2013-12948) Java Persistence 2.0 API -------------------------------------------------------------------------------- Update Information: fix for CVE-2013-1768 rhbz#984034,984040. fix ant.d script. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 gil cattaneo <puntogil@xxxxxxxxx> 2.2.1-6 - fix ant.d script * Fri Jul 12 2013 gil cattaneo <puntogil@xxxxxxxxx> 2.2.1-5 - fix for CVE-2013-1768 rhbz#984034,984040 - switch to XMvn - minor changes to adapt to current guideline -------------------------------------------------------------------------------- References: [ 1 ] Bug #984034 - CVE-2013-1768 openjpa: Remote arbitrary code execution by creating a serialized object and leveraging improperly secured server programs https://bugzilla.redhat.com/show_bug.cgi?id=984034 -------------------------------------------------------------------------------- ================================================================================ php-5.5.0-2.fc19 (FEDORA-2013-12977) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: XML: * Fixed bug #65236 (heap corruption in xml parser). CVE-2013-4113 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 12 2013 Remi Collet <rcollet@xxxxxxxxxx> - 5.5.0-2 - add security fix for CVE-2013-4113 - add missing ASL 1.0 license - 32k stack size seems ok for tests on both 32/64bits build -------------------------------------------------------------------------------- References: [ 1 ] Bug #983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML https://bugzilla.redhat.com/show_bug.cgi?id=983689 -------------------------------------------------------------------------------- ================================================================================ pidgin-sipe-1.16.1-1.fc19 (FEDORA-2013-12965) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information: New upstream release: * fixes call failure when host has multiple IP addresses * fixes buddy list handling after moving to Lync 2013 * fixes crashes in new HTTP stack -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Stefan Becker <chemobejk@xxxxxxxxx> - 1.16.1-1 - update to 1.16.1: bug fix release - fixes call failure when host has multiple IP addresses - fixes buddy list handling after moving to Lync 2013 - fixes crashes in new HTTP stack -------------------------------------------------------------------------------- ================================================================================ python-doit-0.22.0-1.fc19 (FEDORA-2013-12969) Automation Tool -------------------------------------------------------------------------------- Update Information: New stable release with several bugs fixed. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 0.22.0-1 - update to 0.22 - force removal of the distrute_setup.py to use the system version -------------------------------------------------------------------------------- ================================================================================ ruby-2.0.0.247-13.fc19 (FEDORA-2013-12663) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information: - Update to Ruby 2.0.0-p247 (rhbz#979605). - Fix RubyGems search paths when building gems with native extension. - Make symlinks for psych gem to ruby stdlib dirs. - Add support for ABRT autoloading. - Better support for build without configuration (rhbz#977941). - Use system-wide cert.pem. - Fixes multilib conlicts of .gemspec files. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 11 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 2.0.0.247-13 - Fixes multilib conlicts of .gemspec files. - Make symlinks for psych gem to ruby stdlib dirs (rhbz#979133). - Use system-wide cert.pem. * Thu Jul 4 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 2.0.0.247-12 - Fix RubyGems search paths when building gems with native extension (rhbz#979133). * Tue Jul 2 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 2.0.0.247-11 - Fix RubyGems version. * Tue Jul 2 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 2.0.0.247-10 - Better support for build without configuration (rhbz#977941). * Mon Jul 1 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 2.0.0.247-9 - Update to Ruby 2.0.0-p247 (rhbz#979605). - Fix CVE-2013-4073. - Fix for wrong makefiles created by mkmf (rhbz#921650). - Add support for ABRT autoloading. -------------------------------------------------------------------------------- References: [ 1 ] Bug #979133 - Ruby does not come with psych built in https://bugzilla.redhat.com/show_bug.cgi?id=979133 [ 2 ] Bug #979605 - ruby-2.0.0.247 is available https://bugzilla.redhat.com/show_bug.cgi?id=979605 [ 3 ] Bug #921650 - ruby 2.0 creates bad makefiles https://bugzilla.redhat.com/show_bug.cgi?id=921650 [ 4 ] Bug #979295 - ruby: CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=979295 [ 5 ] Bug #977941 - Cannot build simple program using Ruby binding without specifying path to arch dependent config.h https://bugzilla.redhat.com/show_bug.cgi?id=977941 [ 6 ] Bug #983769 - compile error including ruby.h in c99 mode: unknown type name ‘fd_set’ https://bugzilla.redhat.com/show_bug.cgi?id=983769 -------------------------------------------------------------------------------- ================================================================================ sticky-notes-0.4-2.fc19 (FEDORA-2013-12945) Sticky notes is a free and open source paste-bin application -------------------------------------------------------------------------------- Update Information: Update to 0.4 (Upstream changelog: http://ur1.ca/emlhn ). Replace URL shortening service with free one. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 13 2013 Athmane Madjoudj <athmane@xxxxxxxxxxxxxxxxx> 0.4-2 - Patch to use free URL shortener ur1.ca instead of Google's goo.gl. * Sat Jul 13 2013 Athmane Madjoudj <athmane@xxxxxxxxxxxxxxxxx> 0.4-1 - Update to 0.4 - Drop upstreamed patches - Unbundle new libs - Simplify the specfile. * Sun Apr 14 2013 Athmane Madjoudj <athmane@xxxxxxxxxxxxxxxxx> 0.3.13112012.2-1 - Drop upstreamed patches - Update spec (url change / download method) - Add support for url shortening -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
