The following Fedora 19 Security updates need testing: Age URL 22 https://admin.fedoraproject.org/updates/FEDORA-2013-14029/zabbix-2.0.6-3.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2013-14814/python-glanceclient-0.9.0-3.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2013-14852/python-django14-1.4.6-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-14891/python-virtualenv-1.10.1-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-14910/drupal7-entity-1.2-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-15049/ssmtp-2.64-9.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-15147/drupal7-theme-zen-5.4-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-15169/ansible-1.2.3-2.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-15196/perl-Module-Metadata-1.000015-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15221/roundcubemail-0.9.3-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15254/python3-3.3.2-6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15258/php-pear-Auth-OpenID-2.2.2-7.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 14 https://admin.fedoraproject.org/updates/FEDORA-2013-14572/rygel-0.18.4-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2013-14756/lorax-19.6-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2013-14737/libtiff-4.0.3-7.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2013-14859/realmd-0.14.5-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2013-14863/pcmanfm-1.1.2-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-15025/langtable-0.0.11-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-15041/openldap-2.4.36-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-15132/gupnp-0.20.5-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-15185/pygpgme-0.3-8.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-15182/perl-Encode-2.52-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15266/json-c-0.11-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15248/libfm-1.1.2.2-1.fc19 The following builds have been pushed to Fedora 19 updates-testing SDL2-2.0.0-3.fc19 evas_generic_loaders-1.7.8-1.fc19 fedmsg-notify-0.5.3-1.fc19 glances-1.7.1-1.fc19 gnome-shell-extension-fedmsg-0.1.5-1.fc19 json-c-0.11-3.fc19 ladspa-caps-plugins-0.9.10-1.fc19 makeself-2.2.0-2.fc19 php-htmLawed-1.1.15-2.fc19 php-pear-Auth-OpenID-2.2.2-7.fc19 python-rhsm-1.10.1-1.fc19 python-rosdep-0.10.21-1.fc19 python3-3.3.2-6.fc19 rabbitmq-server-3.1.5-1.fc19 snifflib-1.8.12-1.fc19 subscription-manager-1.10.1-1.fc19 tinymce-3.5.8-1.fc19 wordpress-3.6-1.fc19 Details about builds: ================================================================================ SDL2-2.0.0-3.fc19 (FEDORA-2013-15274) A cross-platform multimedia library -------------------------------------------------------------------------------- Update Information: Fixed multilib issue. Since this update you can install SDL2-devel x86_64 *and* i686 in one time. -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 24 2013 Igor Gnatenko <i.gnatenko.brain@xxxxxxxxx> - 2.0.0-3 - Fix multilib issues -------------------------------------------------------------------------------- ================================================================================ evas_generic_loaders-1.7.8-1.fc19 (FEDORA-2013-15269) Extra loaders for GPL loaders and unstable libraries -------------------------------------------------------------------------------- Update Information: For Enlightenment 1.7.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #998774 - Review Request: evas_generic_loaders - Extra loaders for GPL loaders and unstable libraries https://bugzilla.redhat.com/show_bug.cgi?id=998774 -------------------------------------------------------------------------------- ================================================================================ fedmsg-notify-0.5.3-1.fc19 (FEDORA-2013-15261) Fedmsg Desktop Notifications -------------------------------------------------------------------------------- Update Information: * Fixed bug with the gnome shell extension not properly starting/stopping the daemon * Distro-specific stuff made more modular (thanks to @olasd) * Debian-related filters added (thanks to @olasd) * Added support for notification expiration (issue #5) * Close notifications upon exit * Improved icon handling for the gnome-shell -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Luke Macken <lmacken@xxxxxxxxxx> - 0.5.3-1 - Update to 0.5.3 to fix a regression * Wed Aug 21 2013 Luke Macken <lmacken@xxxxxxxxxx> - 0.5.2-1 - Update to 0.5.2 bugfix release - Require python-psutil - Update the URLs * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ glances-1.7.1-1.fc19 (FEDORA-2013-15259) CLI curses based monitoring tool -------------------------------------------------------------------------------- Update Information: Update to 1.7.1 update to 1.7 update to 1.7 update to 1.7 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.7.1-1 - Update to 1.7.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #999006 - glances-1.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=999006 [ 2 ] Bug #995805 - glances-1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=995805 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-fedmsg-0.1.5-1.fc19 (FEDORA-2013-15261) A gnome-shell extension for enabling fedmsg desktop notifications -------------------------------------------------------------------------------- Update Information: * Fixed bug with the gnome shell extension not properly starting/stopping the daemon * Distro-specific stuff made more modular (thanks to @olasd) * Debian-related filters added (thanks to @olasd) * Added support for notification expiration (issue #5) * Close notifications upon exit * Improved icon handling for the gnome-shell -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Luke Macken <lmacken@xxxxxxxxxx> - 0.1.5-1 - Update to 0.1.5 bugfix release * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ json-c-0.11-3.fc19 (FEDORA-2013-15266) A JSON implementation in C -------------------------------------------------------------------------------- Update Information: Increase parser strictness to solve PHP compatibility with original (non-free) parser: * number must not start with 0 * no single-quote string * no comment in data * trailing char not allowed This changes are only enabled in strict mode, so shouldn't affect any application in standard mode. -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 24 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 0.11-3 - increase parser strictness for php * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ ladspa-caps-plugins-0.9.10-1.fc19 (FEDORA-2013-15270) The C* Audio Plugin Suite -------------------------------------------------------------------------------- Update Information: - Update to latest release 0.9.10 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 22 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.9.10-1 - Update to latest release 0.9.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000157 - New ladspa-caps-plugins release 0.9.10 https://bugzilla.redhat.com/show_bug.cgi?id=1000157 -------------------------------------------------------------------------------- ================================================================================ makeself-2.2.0-2.fc19 (FEDORA-2013-15255) Make self-extractable archives on Unix -------------------------------------------------------------------------------- Update Information: Make self-extractable archives on Unix -------------------------------------------------------------------------------- References: [ 1 ] Bug #989015 - Review Request: makeself - Make self-extractable archives on Unix https://bugzilla.redhat.com/show_bug.cgi?id=989015 -------------------------------------------------------------------------------- ================================================================================ php-htmLawed-1.1.15-2.fc19 (FEDORA-2013-15265) PHP code to purify and filter HTML -------------------------------------------------------------------------------- Update Information: Version 1.1.15 - 11 August 2013 * Improved tidying/prettifying functionality -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.1.15-2 - update to 1.1.15 -------------------------------------------------------------------------------- ================================================================================ php-pear-Auth-OpenID-2.2.2-7.fc19 (FEDORA-2013-15258) PHP OpenID -------------------------------------------------------------------------------- Update Information: Fix for CVE-2013-4701 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Kevin Fenzi <kevin@xxxxxxxxx> 2.2.2-7 - Patch for CVE-2013-4701 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.2.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #999687 - CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption https://bugzilla.redhat.com/show_bug.cgi?id=999687 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.10.1-1.fc19 (FEDORA-2013-15263) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: This update includes numerous bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 22 2013 Alex Wood <awood@xxxxxxxxxx> 1.10.1-1 - 997194: fix interpolation of default values (ckozak@xxxxxxxxxx) - bump version to 1.10.x (jesusr@xxxxxxxxxx) - remove 6.5 releaser (jesusr@xxxxxxxxxx) * Wed Aug 14 2013 jesus m. rodriguez <jesusr@xxxxxxxxxx> 1.9.2-1 - remove rhel 5.9, 5.10, 6.3, 6.4 (jesusr@xxxxxxxxxx) - Fedora 17 is at end of life. (awood@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ python-rosdep-0.10.21-1.fc19 (FEDORA-2013-15264) ROS System Dependency Installer -------------------------------------------------------------------------------- Update Information: Add a requirement on python-catkin_pkg to satisfy rhbz#975896 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 19 2013 Rich Mattes <richmattes@xxxxxxxxx> - 0.10.21-1 - Update to release 0.10.21 - Depend on python-catkin_pkg (rhbz#975896) * Sat Jun 1 2013 Rich Mattes <richmattes@xxxxxxxxx> - 0.10.18-1.20130601git91fb6852 - Update to release 0.10.18 - Update github source url -------------------------------------------------------------------------------- References: [ 1 ] Bug #975896 - rosdep init fails https://bugzilla.redhat.com/show_bug.cgi?id=975896 -------------------------------------------------------------------------------- ================================================================================ python3-3.3.2-6.fc19 (FEDORA-2013-15254) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Fix for CVE-2013-4238 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 3.3.2-6 - Added fix for CVE-2013-4238 (rhbz#996399) -------------------------------------------------------------------------------- References: [ 1 ] Bug #996381 - CVE-2013-4238 python: hostname check bypassing vulnerability in SSL module https://bugzilla.redhat.com/show_bug.cgi?id=996381 -------------------------------------------------------------------------------- ================================================================================ rabbitmq-server-3.1.5-1.fc19 (FEDORA-2013-15267) The RabbitMQ server -------------------------------------------------------------------------------- Update Information: * New Upstream Release - 3.1.5 (bugfix release) -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 24 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.1.5-1 - New Upstream Release - 3.1.5 (bugfix release) * Wed Aug 7 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.1.4-1 - New Upstream Release - 3.1.4 (bugfix release) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #850289 - Introduce new systemd-rpm macros in rabbitmq-server spec file https://bugzilla.redhat.com/show_bug.cgi?id=850289 [ 2 ] Bug #948651 - contents of rabbitmq-server package different if built from source vs yum -y install rabbitmq-server https://bugzilla.redhat.com/show_bug.cgi?id=948651 [ 3 ] Bug #951518 - rabbitmq-server and ulimit nofile limit. https://bugzilla.redhat.com/show_bug.cgi?id=951518 [ 4 ] Bug #880703 - upgrade rabbitmq-server to include important updates https://bugzilla.redhat.com/show_bug.cgi?id=880703 -------------------------------------------------------------------------------- ================================================================================ snifflib-1.8.12-1.fc19 (FEDORA-2013-15273) Numerical library for Java -------------------------------------------------------------------------------- Update Information: This update adds Snifflib - a numerical library which provides honest-to-goodness N-dimensional array construction and manipulation along with standard linear algebra functionality as well as statistics and computational routines in the Java language. -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.10.1-1.fc19 (FEDORA-2013-15263) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: This update includes numerous bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 22 2013 Alex Wood <awood@xxxxxxxxxx> 1.10.1-1 - Adding Fedora 20 branch to releaser. (awood@xxxxxxxxxx) - Subscribe/unsubscribe mirror attach/remove tests (alikins@xxxxxxxxxx) - Revert "990195: remove subscribe options" (alikins@xxxxxxxxxx) - 994620: reword tooltip message (ckozak@xxxxxxxxxx) - 997935: stop making requests after unregister (ckozak@xxxxxxxxxx) - 997740: allow autoheal call more often (ckozak@xxxxxxxxxx) - Prevent name collision over the parent variable in RHEL 5 Firstboot. (awood@xxxxxxxxxx) - 997189: error is now a sys.exc_info() tuple. (awood@xxxxxxxxxx) - self._parent is not defined here. (awood@xxxxxxxxxx) - bump version and remove rhel-6.5 releaser (jesusr@xxxxxxxxxx) - Convert contract selection window to use a MappedListStore. (awood@xxxxxxxxxx) - Stripe rows whenever the My Subs or All Available tabs are shown. (awood@xxxxxxxxxx) - 991165: Refresh row striping after the TreeView is resorted. (awood@xxxxxxxxxx) - Remove unused background attribute in Installed Products tab. (awood@xxxxxxxxxx) - Set background color on progress bar renderer. (awood@xxxxxxxxxx) - No need to set a hint to true in glade then false in code. (awood@xxxxxxxxxx) - Remove duplicate import. (awood@xxxxxxxxxx) - Add a very simple "smoke" test script (alikins@xxxxxxxxxx) - 842402: Re-aligning Subscription Manager Gui (cschevia@xxxxxxxxxx) * Wed Aug 14 2013 jesus m. rodriguez <jesusr@xxxxxxxxxx> 1.9.2-1 - 851321: Refresh/redraw tables after removing subscriptions (cschevia@xxxxxxxxxx) - 974587: allow certs with no content (ckozak@xxxxxxxxxx) - 977920, 983660: manpage updates (dlackey@xxxxxxxxxxxxxx) - 987579: Re-arranged preferences dialog (cschevia@xxxxxxxxxx) - 990195: remove subscribe options (ckozak@xxxxxxxxxx) - 991214: refresh ent dir, catch exception gracefully (ckozak@xxxxxxxxxx) - 991548: Display correct error message for registration failures. (awood@xxxxxxxxxx) - 991580: add rhsmd debug to stdout (ckozak@xxxxxxxxxx) - 993202: fix default config, take advantage of rhsmconfig options (ckozak@xxxxxxxxxx) - 994266: list consumed shows expired bugs (ckozak@xxxxxxxxxx) - 994997: Fix Unknown is_guest during firstboot. (dgoodwin@xxxxxxxxxx) - Changed 'It is' to possessive 'Its' (cschevia@xxxxxxxxxx) - Remove unused WARNING_DAYS variable (ckozak@xxxxxxxxxx) - Bump python-rhsm requires to 1.9.1 for config changes. (dgoodwin@xxxxxxxxxx) - add ondate to status (ckozak@xxxxxxxxxx) - Fedora 17 is at end of life. (awood@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ tinymce-3.5.8-1.fc19 (FEDORA-2013-15257) Web based Javascript HTML WYSIWYG editor control -------------------------------------------------------------------------------- Update Information: This update provides the latest upstream version of tinymce (all 3.x releases are compatible, newer builds provide only bugfixes and new functionality) and removes a pre-built Flash binary from the package, whose inclusion was contrary to Fedora policy: https://fedoraproject.org/wiki/Packaging:Guidelines#No_inclusion_of_pre-built_binaries_or_libraries . The effect of this removal is that the media embedding plugin will only embed an HTML5 video player; it will not try and use a Flash plugin to provide a player widget if HTML5 video is not possible for the given browser and media type. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Adam Williamson <awilliam@xxxxxxxxxx> - 3.5.8-1 - bump to latest upstream release - drop pre-build Flash blobs, patch media plugin not to try and use moxieplayer * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.4.3.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000266 - tinymce contains bundled Flash and Shockwave files https://bugzilla.redhat.com/show_bug.cgi?id=1000266 -------------------------------------------------------------------------------- ================================================================================ wordpress-3.6-1.fc19 (FEDORA-2013-15271) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: This update provides the latest upstream release of Wordpress, 3.6, with bug fixes and new features. Fedora does not try to stick with old branches of Wordpress as upstream does not support them, instead encouraging all deployments to update to the latest release. It also removes several Flash and Silverlight binaries which the package was previously shipping in pre-compiled form. This is not compatible with Fedora guidelines. It would not be straightforward to compile these during the package build process, so they have had to be removed. The impact of these changes has been documented in the README.fedora file. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 22 2013 Adam Williamson <awilliam@xxxxxxxxxx> - 3.6.0-1 - update to 3.6.0 - drop pre-compiled Flash and Silverlight binaries - #1000267 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000267 - wordpress contains bundled Flash and Silverlight files https://bugzilla.redhat.com/show_bug.cgi?id=1000267 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test