The following Fedora 19 Security updates need testing: Age URL 47 https://admin.fedoraproject.org/updates/FEDORA-2013-14029/zabbix-2.0.6-3.fc19 34 https://admin.fedoraproject.org/updates/FEDORA-2013-14814/python-glanceclient-0.9.0-3.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2013-15984/mediawiki-1.21.2-1.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2013-15925/pyOpenSSL-0.13.1-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2013-16225/tinyproxy-1.8.3-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2013-16376/rubygems-2.0.8-104.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-16476/moodle-2.4.6-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2013-16601/glpi-0.83.9.1-4.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-16798/proftpd-1.3.4d-4.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-16899/python-django14-1.4.8-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-16901/python-django-1.5.4-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-16925/wordpress-3.6.1-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17036/nas-1.9.3-7.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-16992/xulrunner-24.0-2.fc19,firefox-24.0-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17121/vino-3.8.1-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17127/hplip-3.13.9-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17109/spice-gtk-0.20-6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17119/systemd-204-15.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 21 https://admin.fedoraproject.org/updates/FEDORA-2013-15459/kbd-1.15.5-7.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2013-15925/pyOpenSSL-0.13.1-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2013-16224/gdb-7.6.1-41.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2013-16353/gupnp-0.20.6-1.fc19,gssdp-0.14.5-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2013-16691/control-center-3.8.5-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-16797/gdisk-0.8.7-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-16879/sqlite-3.8.0-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-16884/libpwquality-1.2.3-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-16926/langtable-0.0.14-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17119/systemd-204-15.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17126/btrfs-progs-0.20.rc1.20130917git194aa4a-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-16996/procps-ng-3.3.8-10.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17035/device-mapper-persistent-data-0.2.7-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17032/amor-4.11.1-1.fc19,analitza-4.11.1-1.fc19,attica-0.4.2-1.fc19,audiocd-kio-4.11.1-1.fc19,blinken-4.11.1-1.fc19,cantor-4.11.1-1.fc19,dragon-4.11.1-1.fc19,jovie-4.11.1-1.fc19,juk-4.11.1-1.fc19,kaccessible-4.11.1-1.fc19,kactivities-4.11.1-1.fc19,kalgebra-4.11.1-1.fc19,kalzium-4.11.1-1.fc19,kanagram-4.11.1-1.fc19,kate-4.11.1-1.fc19,kbruch-4.11.1-1.fc19,kdeaccessibility-4.11.1-1.fc19,kdeartwork-4.11.1-1.fc19,kde-baseapps-4.11.1-1.fc19,kde-base-artwork-4.11.1-1.fc19,kdebindings-4.11.1-1.fc19,kdeedu-4.11.1-1.fc19,kde-l10n-4.11.1-1.fc19,kdelibs-4.11.1-2.fc19,kdemultimedia-4.11.1-1.fc19,kdepim-4.11.1-1.fc19,kdepimlibs-4.11.1-1.fc19,kdepim-runtime-4.11.1-1.fc19,kdeplasma-addons-4.11.1-2.fc19,kde-print-manager-4.11.1-1.fc19,kde-runtime-4.11.1-1.fc19,kdetoys-4.11.1-1.fc19,kde-wallpapers-4.11.1-1.fc19,kde-workspace-4.11.1-2.fc19,kgeography-4.11.1-1.fc19,khangman-4.11.1-1.fc19,kig-4.11.1-1.fc19,kimono-4.11.1-1.fc19,kiten-4.11.1-1.fc19,klettres-4.11.1-1.fc19,kmag-4.11.1-1.fc19,kmix-4.11.1-1.fc19,kmousetool-4.11.1-1.fc19,kmouth-4.11.1-1.fc19,kmplot-4.11.1-1.fc19,konsole-4.11.1-1.fc19,kross-interpreters-4.11.1-1.fc19,kscd-4.11.1-1.fc19,kstars-4.11.1-1.fc19,kteatime-4.11.1-1.fc19,ktouch-4.11.1-1.fc19,kturtle-4.11.1-1.fc19,ktux-4.11.1-1.fc19,kwordquiz-4.11.1-1.fc19,libkcddb-4.11.1-1.fc19,libkcompactdisc-4.11.1-1.fc19,libkdeedu-4.11.1-1.fc19,libkfbapi-1.0-1.fc19,marble-4.11.1-1.fc19,nepomuk-core-4.11.1-1.fc19,nepomuk-widgets-4.11.1-1.fc19,oxygen-icon-theme-4.11.1-1.fc19,pairs-4.11.1-1.fc19,parley-4.11.1-1.fc19,plasma-mobile-0.4-4.fc19.2,pykde4-4.11.1-1.fc19,qyoto-4.11.1-1.fc19,rocs-4.11.1-1.fc19,ruby-korundum-4.11.1-1.fc19,ruby-qt-4.11.1-1.fc19,smokegen-4.11.1-1.fc19,smokekde-4.11.1-1.fc19,smokeqt-4.11.1-1.fc19,step-4.11.1-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-16994/langtable-0.0.15-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17007/selinux-policy-3.12.1-74.4.fc19 The following builds have been pushed to Fedora 19 updates-testing abi-compliance-checker-1.99.8.3-1.fc19 abi-dumper-0.99.6-1.fc19 anyremote-6.3.2-1.fc19 appdata-tools-0.1.1-1.fc19 avl-3.32-3.fc19 btrfs-progs-0.20.rc1.20130917git194aa4a-1.fc19 etcd-0.1.1-1.fc19 ganyremote-6.3.1-1.fc19 hplip-3.13.9-2.fc19 kanyremote-6.3.1-1.fc19 libevdev-0.4-1.fc19 libreoffice-gallery-vrt-network-equipment-1.0.3-1.fc19 mingw-libgsf-1.14.27-1.fc19 perl-HTML-Mason-PSGIHandler-0.53-1.fc19 spice-gtk-0.20-6.fc19 systemd-204-15.fc19 tali-3.8.1-1.fc19 vino-3.8.1-3.fc19 wine-1.7.2-1.fc19 Details about builds: ================================================================================ abi-compliance-checker-1.99.8.3-1.fc19 (FEDORA-2013-17104) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. abi-compliance-checker Improvements * Optimized performance and memory usage (up to 90%) on input objects with a huge number of changes and deep data type trees (e.g. Linux kernel) * Partial support for GCC 4.8.{0-1}, waiting for a fix for the bug 57850 in the next GCC versions * Support for incomplete ABI dumps New Options * -affected-limit Bug Fixes * Fixed identification of template constructors and destructors * Do not show "this" first argument of methods in the report * Corrected descriptions of affected symbols in the report * Fixed false alarms on changed offset of parameters * Do not hang on class A<N>:public A<N-1> Other * Code refactoring abi-dumper * Reduced memory usage 10% -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.99.8.3-1 - Update to latest bugfix release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009481 - abi-compliance-checker-1.99.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1009481 [ 2 ] Bug #1009482 - abi-dumper-0.99.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1009482 -------------------------------------------------------------------------------- ================================================================================ abi-dumper-0.99.6-1.fc19 (FEDORA-2013-17104) Tool to dump ABI of an ELF object containing DWARF debug info -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. abi-compliance-checker Improvements * Optimized performance and memory usage (up to 90%) on input objects with a huge number of changes and deep data type trees (e.g. Linux kernel) * Partial support for GCC 4.8.{0-1}, waiting for a fix for the bug 57850 in the next GCC versions * Support for incomplete ABI dumps New Options * -affected-limit Bug Fixes * Fixed identification of template constructors and destructors * Do not show "this" first argument of methods in the report * Corrected descriptions of affected symbols in the report * Fixed false alarms on changed offset of parameters * Do not hang on class A<N>:public A<N-1> Other * Code refactoring abi-dumper * Reduced memory usage 10% -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Richard Shaw <hobbes1069@xxxxxxxxx> - 0.99.6-1 - Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009481 - abi-compliance-checker-1.99.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1009481 [ 2 ] Bug #1009482 - abi-dumper-0.99.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1009482 -------------------------------------------------------------------------------- ================================================================================ anyremote-6.3.2-1.fc19 (FEDORA-2013-17125) Remote control through bluetooth or Wi-Fi connection -------------------------------------------------------------------------------- Update Information: v6.3.2 v6.3.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 12 2013 Mikhail Fedotov <anyremote at mail.ru> - 6.3.2 - Configuration file for SMPlayer2 as added. FreeBSD and some other fixes. * Wed Jun 12 2013 Mikhail Fedotov <anyremote at mail.ru> - 6.3.1 - Small enhancements and bugfixes. -------------------------------------------------------------------------------- ================================================================================ appdata-tools-0.1.1-1.fc19 (FEDORA-2013-17116) Tools for AppData files -------------------------------------------------------------------------------- Update Information: - New upstream version - Add an xsd file to validate the AppStream XML - Allow <name> and <summary> data in appdata files - Assign each problem a kind - Detect starting a description with 'This application' - Fail validation if tags are duplicated -------------------------------------------------------------------------------- ================================================================================ avl-3.32-3.fc19 (FEDORA-2013-17118) Aerodynamic and flight-dynamic analysis of rigid aircrafts -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007541 - Review Request: avl - Aerodynamic and flight-dynamic analysis of rigid aircrafts https://bugzilla.redhat.com/show_bug.cgi?id=1007541 -------------------------------------------------------------------------------- ================================================================================ btrfs-progs-0.20.rc1.20130917git194aa4a-1.fc19 (FEDORA-2013-17126) Userspace programs for btrfs -------------------------------------------------------------------------------- Update Information: New upstream git snapshot, while we wait for a point release. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 17 2013 Eric Sandeen <sandeen@xxxxxxxxxx> 0.20.rc1.20130917git194aa4a-1 - New upstream snapshot - Deprecated btrfsctl, btrfs-show, and btrfs-vol; still available in btrfs cmd * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.20.rc1.20130501git7854c8b-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon May 13 2013 Richard W.M. Jones <rjones@xxxxxxxxxx> 0.20.rc1.20130501git7854c8b-3 - Add accepted upstream patch to fix SONAME libbtrfs.so -> libbtrfs.so.0 * Thu May 2 2013 Eric Sandeen <sandeen@xxxxxxxxxx> 0.20.rc1.20130501git7854c8b-2 - Fix subpackage brokenness * Wed May 1 2013 Eric Sandeen <sandeen@xxxxxxxxxx> 0.20.rc1.20130501git7854c8b-1 - New upstream snapshot - btrfs-progs-devel subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #710534 - buffer overflow in btrfs if device name too long https://bugzilla.redhat.com/show_bug.cgi?id=710534 [ 2 ] Bug #989155 - btrfs-progs: Support skinny extents via btrfstune -x https://bugzilla.redhat.com/show_bug.cgi?id=989155 [ 3 ] Bug #969867 - btrfs-progs does not support raid5 or raid6 - Fedora 18 and Fedora 19 https://bugzilla.redhat.com/show_bug.cgi?id=969867 -------------------------------------------------------------------------------- ================================================================================ etcd-0.1.1-1.fc19 (FEDORA-2013-17115) A highly-available key value store for shared configuration -------------------------------------------------------------------------------- Update Information: Bodhi update for initial etcd package for existing releases (FC19 / FC20) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1005504 - Review Request: etcd - key value store package. https://bugzilla.redhat.com/show_bug.cgi?id=1005504 -------------------------------------------------------------------------------- ================================================================================ ganyremote-6.3.1-1.fc19 (FEDORA-2013-17120) GTK frontend for anyRemote -------------------------------------------------------------------------------- Update Information: Greek translation was added -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 16 2013 Mikhail Fedotov <anyremote at mail.ru> - 6.3.1 - Greek translation was added (Thanks to Ioannis Servetas) -------------------------------------------------------------------------------- ================================================================================ hplip-3.13.9-2.fc19 (FEDORA-2013-17127) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information: This update brings in the latest upstream release and fixes a security issue with the way polkit is used for authentication. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Tim Waugh <twaugh@xxxxxxxxxx> - 3.13.9-2 - Applied patch to avoid unix-process authorization subject when using polkit as it is racy (bug #1009541, CVE-2013-4325). * Tue Sep 10 2013 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.13.9-1 - 3.13.9: hplipjs filter removed, several patches applied upstream * Wed Aug 14 2013 Tim Waugh <twaugh@xxxxxxxxxx> - 3.13.8-2 - Moved hpps filter to hpijs sub-package (bug #996852). - Fixed typo in systemtray.py (bug #991638). * Tue Aug 13 2013 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.13.8-1 - 3.13.8 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.13.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1006674 - CVE-2013-4325 hplip: Insecure calling of polkit https://bugzilla.redhat.com/show_bug.cgi?id=1006674 -------------------------------------------------------------------------------- ================================================================================ kanyremote-6.3.1-1.fc19 (FEDORA-2013-17111) KDE frontend for anyRemote -------------------------------------------------------------------------------- Update Information: Greek translation was added -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 16 2013 Mikhail Fedotov <anyremote at mail.ru> - 6.3.1 - Greek translation was added (Thanks to Ioannis Servetas) -------------------------------------------------------------------------------- ================================================================================ libevdev-0.4-1.fc19 (FEDORA-2013-17103) Kernel Evdev Device Wrapper Library -------------------------------------------------------------------------------- Update Information: libevdev 0.4, now with uinput support, stable API, etc. Nothing uses this yet, safe to update. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 0.4-1 - libevdev 0.4 -------------------------------------------------------------------------------- ================================================================================ libreoffice-gallery-vrt-network-equipment-1.0.3-1.fc19 (FEDORA-2013-17124) A network equipment shape gallery for LibreOffice -------------------------------------------------------------------------------- Update Information: A new package. -------------------------------------------------------------------------------- ================================================================================ mingw-libgsf-1.14.27-1.fc19 (FEDORA-2013-17117) MinGW build of structured file editing library -------------------------------------------------------------------------------- Update Information: Upstream bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 17 2013 Greg Hellings <greg.hellings@xxxxxxxxx> - 1.14.27-1 - Updated to new upstream version -------------------------------------------------------------------------------- ================================================================================ perl-HTML-Mason-PSGIHandler-0.53-1.fc19 (FEDORA-2013-17106) PSGI handler for HTML::Mason -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.53-1 - Upstream update. - Modernize spec. - Reflect upstream Source0-URL having changed. -------------------------------------------------------------------------------- ================================================================================ spice-gtk-0.20-6.fc19 (FEDORA-2013-17109) A GTK+ widget for SPICE clients -------------------------------------------------------------------------------- Update Information: Fix CVE-2013-4324 Insecure calling of polkit via polkit_unix_process_new() Add a few upstream patches fixing bugs in spice-gtk 0.20 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> - 0.20-6 - Fix CVE-2013-4324 Insecure calling of polkit via polkit_unix_process_new() (rhbz#1009540) * Fri Sep 13 2013 Hans de Goede <hdegoede@xxxxxxxxxx> - 0.20-5 - Fix the spice-client-glib-usb-acl-helper no longer being suid root * Fri Sep 13 2013 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.20-4 - Add misc upstream patches fixing various 0.20 bugs * Wed Aug 28 2013 Alon Levy <alevy@xxxxxxxxxx> - 0.20-3 - Fix wrong mono cursor local rendering (rhbz#998529) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.20-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1006669 - CVE-2013-4324 spice-gtk: Insecure calling of polkit via polkit_unix_process_new() https://bugzilla.redhat.com/show_bug.cgi?id=1006669 -------------------------------------------------------------------------------- ================================================================================ systemd-204-15.fc19 (FEDORA-2013-17119) A System and Service Manager -------------------------------------------------------------------------------- Update Information: Fixes polkit authentication issue. Updates the hardware database (including keyboard mappings) to the latest version from upstream. Backport a bunch of fixes from upstream. Only a few correspond to bug reports, and others correct display issues, memory access, and correctness of operation. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> 204-15 - Fix policykit authentication (#1006680). * Tue Sep 17 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> 204-14 - Backport the hardware database (#989103). - Backport two small patches. * Fri Sep 6 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> 204-13 - Backport a bunch of fixes (#995575 and others). * Fri Sep 6 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> 204-12 - Add ownership of a few directories that we create (#894202). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1006680 - CVE-2013-4327 systemd: insecure calling of polkit https://bugzilla.redhat.com/show_bug.cgi?id=1006680 -------------------------------------------------------------------------------- ================================================================================ tali-3.8.1-1.fc19 (FEDORA-2013-17113) GNOME Tali game -------------------------------------------------------------------------------- Update Information: Fix sensitivity of undo move action, fix missing user help, translations -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Tanner Doshier <doshitan@xxxxxxxxx> - 3.8.1-1 - Update to 3.8.1 -------------------------------------------------------------------------------- ================================================================================ vino-3.8.1-3.fc19 (FEDORA-2013-17121) A remote desktop system for GNOME -------------------------------------------------------------------------------- Update Information: Fix denial of service (CVE-2013-5745) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 18 2013 Debarshi Ray <rishi@xxxxxxxxxxxxxxxx> - 3.8.1-3 - Fix denial of service (CVE-2013-5745) -------------------------------------------------------------------------------- References: [ 1 ] Bug #910082 - CVE-2013-5745 vino: denial of service flaw https://bugzilla.redhat.com/show_bug.cgi?id=910082 -------------------------------------------------------------------------------- ================================================================================ wine-1.7.2-1.fc19 (FEDORA-2013-17108) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: * Right-to-left text layout improvements. * NTLM and Negotiate authentication for RPC over HTTP. * More glyphs in the built-in Wingdings font. * Activation context improvements. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 15 2013 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.7.2-1 - version upgrade - workaround for rhbz#968860 - upgraded winepulse -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
