The following Fedora 19 Security updates need testing: Age URL 128 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 65 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 46 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19 19 https://admin.fedoraproject.org/updates/FEDORA-2014-2239/python-tahrir-0.5.1-1.fc19 19 https://admin.fedoraproject.org/updates/FEDORA-2014-2253/python-tahrir-0.5.2-1.fc19 19 https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc19 16 https://admin.fedoraproject.org/updates/FEDORA-2014-2445/augeas-1.2.0-1.fc19 16 https://admin.fedoraproject.org/updates/FEDORA-2014-2439/maradns-2.0.09-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-2876/file-5.11-12.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-2869/easy-rsa-2.2.2-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-2825/postgresql-9.2.7-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-2967/openldap-2.4.39-2.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-2998/perl-CGI-Application-4.50-7.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3192/freeradius-2.2.3-7.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3232/rubygem-actionpack-3.2.13-5.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3253/v8-3.14.5.10-6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3344/mediawiki-1.21.6-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 76 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-2668/wavpack-4.70.0-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-2734/kdelibs-4.11.5-2.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-2849/libreport-2.1.12-3.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-2901/keyutils-1.5.9-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-2967/openldap-2.4.39-2.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3052/langtable-0.0.24-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3030/selinux-policy-3.12.1-74.19.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3142/curl-7.29.0-14.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3133/firefox-27.0.1-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3103/hwdata-0.261-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3134/krb5-1.11.3-21.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3243/cryptsetup-1.6.4-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3178/audit-2.3.4-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3282/iproute-3.12.0-2.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3308/hicolor-icon-theme-0.13-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3340/gdisk-0.8.9-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3179/kde-workspace-4.11.7-1.fc19 The following builds have been pushed to Fedora 19 updates-testing ShellCheck-0.3.1-4.fc19 asunder-2.4-1.fc19 darktable-1.4.1-1.fc19 drbdlinks-1.26-1.fc19 edgar-1.15-1.fc19 fsarchiver-0.6.19-1.fc19 gdisk-0.8.9-1.fc19 mediawiki-1.21.6-1.fc19 perl-Symbol-Global-Name-0.05-1.fc19 qbittorrent-3.1.9-1.fc19 valyriatear-0.6.0-1.fc19 wxGTK3-3.0.0-4.fc19 xfce4-equake-plugin-1.3.4-1.fc19 Details about builds: ================================================================================ ShellCheck-0.3.1-4.fc19 (FEDORA-2014-3345) Tool for checking common errors in POSIX shell scripts -------------------------------------------------------------------------------- Update Information: executable dynamically linked to the library -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Dridi <dridi.boukelmoune@xxxxxxxxx> - 0.3.1-4 - executable dynamically linked to the library (bug #1069048) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1069048 - minor spec file improvements: for README and symlink https://bugzilla.redhat.com/show_bug.cgi?id=1069048 -------------------------------------------------------------------------------- ================================================================================ asunder-2.4-1.fc19 (FEDORA-2014-3332) A graphical Audio CD ripper and encoder -------------------------------------------------------------------------------- Update Information: Upstream release notes: - Added Bengali, Traditional Chinese translations. - Updated Hungarian, Italian translations. - Fixed the eject functionality to be more reliable. - Added support for XDG_CACHE_HOME - Fixed some memory corruption bugs that may have caused crashes and undefined behaviour. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Marcin Zajaczkowski <mszpak ATT wp DOTT pl> - 2.4-1 - Update to 2.4 - Fix bogus date in changelog * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047183 - asunder-2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1047183 -------------------------------------------------------------------------------- ================================================================================ darktable-1.4.1-1.fc19 (FEDORA-2014-3328) Utility to organize and develop raw images -------------------------------------------------------------------------------- Update Information: Upgrade to 1.4.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 12 2014 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.4.1-1 - Upgrade to 1.4.1 - Remove tools source files -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063007 - darktable-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063007 -------------------------------------------------------------------------------- ================================================================================ drbdlinks-1.26-1.fc19 (FEDORA-2014-3348) A program for managing links into a DRBD shared partition -------------------------------------------------------------------------------- Update Information: Upstream changes: * "Link local" relative symlink detection would add empty strings.strings (Fix by Flavio Grossi) -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.26-1 - Upgrade to 1.26 -------------------------------------------------------------------------------- ================================================================================ edgar-1.15-1.fc19 (FEDORA-2014-3331) A platform game -------------------------------------------------------------------------------- Update Information: * Updated Dutch, Japanese, Russian and Ukrainian translations * Fixed a minor issue when changing direction using an analogue controller * Fixed the corrupted message that appears when Edgar's inventory is full * The slime timer above Edgar is now removed when changing maps or loading a game * Crushers no longer get stuck if they hit a pushable object * Ice cubes can no longer bounce on springs forever -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Andrea Musuruane <musuruan@xxxxxxxxx> - 1.15-1 - Updated to upstream 1.15-1 -------------------------------------------------------------------------------- ================================================================================ fsarchiver-0.6.19-1.fc19 (FEDORA-2014-3333) Safe and flexible file-system backup/deployment tool -------------------------------------------------------------------------------- Update Information: Update to 0.6.19, fixes a regression introduced in 0.6.18 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Adel Gadllah <adel.gadllah@xxxxxxxxx> - 0.6.19-1 - Update to 0.6.19 - Fixes regression introduced in 0.6.18 -------------------------------------------------------------------------------- ================================================================================ gdisk-0.8.9-1.fc19 (FEDORA-2014-3340) An fdisk-like partitioning tool for GPT disks -------------------------------------------------------------------------------- Update Information: Update to latest upstream release gdisk 0.8.9. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Terje Rosten <terje.rosten@xxxxxxx> - 0.8.9-1 - 0.8.9 * Wed Feb 12 2014 Nils Philippsen <nils@xxxxxxxxxx> - 0.8.8-2 - fix bogus dates in changelog - rebuild for new libicu -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066290 - gdisk-0.8.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1066290 -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.21.6-1.fc19 (FEDORA-2014-3344) A wiki engine -------------------------------------------------------------------------------- Update Information: * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace. * (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time. * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.21.6-1 - Update to 1.21.6 - (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non- whitelisted namespace. - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time. - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1071135 - mediawiki: cross-site scripting flaw when handling SVG images https://bugzilla.redhat.com/show_bug.cgi?id=1071135 [ 2 ] Bug #1071136 - mediawiki: timing attack on token https://bugzilla.redhat.com/show_bug.cgi?id=1071136 [ 3 ] Bug #1071139 - mediawiki: HTML injection https://bugzilla.redhat.com/show_bug.cgi?id=1071139 -------------------------------------------------------------------------------- ================================================================================ perl-Symbol-Global-Name-0.05-1.fc19 (FEDORA-2014-3347) Finds name and type of a global variable -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ qbittorrent-3.1.9-1.fc19 (FEDORA-2014-3351) A Bittorrent Client -------------------------------------------------------------------------------- Update Information: - update to 3.1.9 release -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1:3.1.9-1 - update to 3.1.9 release -------------------------------------------------------------------------------- ================================================================================ valyriatear-0.6.0-1.fc19 (FEDORA-2014-3350) Valyria Tear is a free 2D J-RPG based on the Hero of Allacrost engine -------------------------------------------------------------------------------- Update Information: New release! Overview of changes: - Many, many, many bugfixes and performance improvements. - The characters actual weapon is shown in battles, along with weaponless attack support. - Custom minimap support. - New art! - Battle enemies scriptable AI support. - Better scripted battle events. - Equipment and Battle status effect support in battles. - UI theme change support. - Menu mode UI stats info display improvements. - Translated into 4 languages (French, Galician Italian, and German) - Come and add your own! - Map enemies using patrol way points. - Scripted puzzle objects. - and of course, more of the story :) -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Erik Schilling <ablu.erikschilling@xxxxxxxxxxxxxx> - 0.6.0-1 - New release * Wed Sep 4 2013 Erik Schilling <ablu.erikschilling@xxxxxxxxxxxxxx> 0.6-0.1rc1 - New rc release * Tue Jul 30 2013 Erik Schilling <ablu.erikschilling@xxxxxxxxxxxxxx> 0.5.0-6 - Fixed building with newer boost version * Tue Jul 30 2013 Petr Machata <pmachata@xxxxxxxxxx> - 0.5.0-5 - Rebuild for boost 1.54.0 -------------------------------------------------------------------------------- ================================================================================ wxGTK3-3.0.0-4.fc19 (FEDORA-2014-3346) GTK port of the wxWidgets GUI library -------------------------------------------------------------------------------- Update Information: new wxGTK3 package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1020942 - Package Request: wxGTK3 https://bugzilla.redhat.com/show_bug.cgi?id=1020942 -------------------------------------------------------------------------------- ================================================================================ xfce4-equake-plugin-1.3.4-1.fc19 (FEDORA-2014-3336) Plugin for the XFCE panel which monitors earthquakes -------------------------------------------------------------------------------- Update Information: Initial RPM version 1.3.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1069050 - Review Request: xfce4-equake-plugin - Plugin for the XFCE panel which monitors earthquakes https://bugzilla.redhat.com/show_bug.cgi?id=1069050 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
