The following Fedora 19 Security updates need testing: Age URL 147 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 84 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 65 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19 38 https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc19 35 https://admin.fedoraproject.org/updates/FEDORA-2014-2439/maradns-2.0.09-1.fc19 30 https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-3589/file-5.11-13.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-3771/cups-filters-1.0.41-5.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-3782/jansson-2.6-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-3815/samba-4.0.16-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3947/lighttpd-1.4.35-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3891/perltidy-20130922-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3839/udisks-1.0.4-12.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4081/v8-3.14.5.10-7.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4152/moodle-2.4.9-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4121/k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4208/ca-certificates-2013.1.97-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4180/tigervnc-1.3.0-10.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4188/openstack-nova-2013.1.5-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4210/openstack-keystone-2013.1.5-2.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 95 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 21 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-3340/gdisk-0.8.10-2.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-3815/samba-4.0.16-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3855/procps-ng-3.3.8-12.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3840/libosinfo-0.2.9-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3970/kde-workspace-4.11.7-4.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-3996/lcms2-2.6-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4090/thunderbird-24.4.0-1.fc19,firefox-28.0-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4059/fftw-3.3.4-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4058/audit-2.3.5-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4079/linux-firmware-20140317-35.gitdec41bce.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4216/selinux-policy-3.12.1-74.23.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4208/ca-certificates-2013.1.97-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4110/pango-1.34.1-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4180/tigervnc-1.3.0-10.fc19 The following builds have been pushed to Fedora 19 updates-testing ca-certificates-2013.1.97-1.fc19 git-cola-2.0.1-1.fc19 glances-1.7.5-1.fc19 libxc-2.1.0-1.fc19 nodejs-less-1.7.0-1.fc19 openstack-keystone-2013.1.5-2.fc19 openstack-nova-2013.1.5-1.fc19 perl-Class-MethodMaker-2.21-1.fc19 python-rhsm-1.11.2-1.fc19 reposurgeon-3.7-1.fc19 selinux-policy-3.12.1-74.23.fc19 sfk-1.7.1-1.fc19 subscription-manager-1.11.2-1.fc19 Details about builds: ================================================================================ ca-certificates-2013.1.97-1.fc19 (FEDORA-2014-4208) The Mozilla CA root certificate bundle -------------------------------------------------------------------------------- Update Information: Refresh the list of CA certificates to version 1.97 as released with NSS 3.16 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Kai Engert <kaie@xxxxxxxxxx> - 2013.1.97-1 - Update to CKBI 1.97 from NSS 3.16 - Remove openjdk build dependency -------------------------------------------------------------------------------- ================================================================================ git-cola-2.0.1-1.fc19 (FEDORA-2014-4198) A sleek and powerful git GUI -------------------------------------------------------------------------------- Update Information: git-cola v2.0.1 * Some context menu actions are now hidden when selected files do not exist. * The build-git-cola.sh contrib script was improved. * Non-ascii worktrees work properly again. * The browser now guards itself against missing files. * Saving widget state now works under Python3. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 21 2014 Christopher Meng <rpm@xxxxxxxx> - 2.0.1-1 - Update to 2.0.1 * Wed Feb 26 2014 Christopher Meng <rpm@xxxxxxxx> - 2.0.0-1 - Update to 2.0.0 * Sat Feb 15 2014 Christopher Meng <rpm@xxxxxxxx> - 1.9.4-2 - Remove unneeded dependency. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1071378 - [abrt] git-cola: core.py:186:wrapped:OSError: [Errno 2] No such file or directory: 'patches/0001-Fix-Accept-header-name-in-Slim-Middleware-ContentNeg.patch' https://bugzilla.redhat.com/show_bug.cgi?id=1071378 [ 2 ] Bug #1070124 - git-cola-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1070124 -------------------------------------------------------------------------------- ================================================================================ glances-1.7.5-1.fc19 (FEDORA-2014-4220) CLI curses based monitoring tool -------------------------------------------------------------------------------- Update Information: Upgrade to 1.7.5 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 15 2014 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.7.5-1 - Update to 1.7.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076509 - glances-1.7.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1076509 -------------------------------------------------------------------------------- ================================================================================ libxc-2.1.0-1.fc19 (FEDORA-2014-4190) Library of exchange and correlation functionals to be used in DFT codes -------------------------------------------------------------------------------- Update Information: Update to 2.1.0, bringing much more functionals. Enable single precision routines as well. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 21 2014 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 2.1.0-1 - Enable single precision routines as well. - Update to 2.1.0. -------------------------------------------------------------------------------- ================================================================================ nodejs-less-1.7.0-1.fc19 (FEDORA-2014-4203) Less.js The dynamic stylesheet language -------------------------------------------------------------------------------- Update Information: https://github.com/less/less.js/blob/v1.7.0/CHANGELOG.md -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Stephen Gallagher <sgallagh@xxxxxxxxxx> 1.7.0-1 - New upstream release 1.7.0 - https://github.com/less/less.js/blob/v1.7.0/CHANGELOG.md - Add support for rulesets in variables and passed to mixins to allow wrapping - Change luma to follow the w3c spec, luma is available as luminance. Contrast still uses luma so you may see differences if your threshold % is close to the existing calculated luma. - Upgraded clean css which means the --selectors-merge-mode is now renamed --compatibility - Add support for using variables with @keyframes, @namespace, @charset - Support property merging with +_ when spaces are needed and keep + for comma separated - Imports now always import once consistently- a race condition meant previously certain configurations would lead to a different ordering of files - Fix support for `.mixin(@args...)` when called with no args (e.g. `.mixin();`) - Do unit conversions with min and max functions. Don't pass through if not understood, throw an error - Allow % to be passed on its own to the unit function e.g. `unit(10, %)` - Fix a bug when comparing a unit value to a non-unit value if the unit-value was the multiple of another unit (e.g. cm, mm, deg etc.) - Fix mixins with media queries in import reference files not being put into the output (they now output, they used to incorrectly not) - Fix lint mode- now reports all errors - Fixed a small scope issue with & {} selector rulesets incorrectly making mixins visible- regression from 1.6.2 - Browser- added log level "debug" at 3 to get less logging, The default has changed so unless you set the value to the default you won't see a difference - Browser- logLevel takes effect regardless of the environment (production/dev) - Browser- added postProcessor option, a function called to post-process the css before adding to the page - Browser- use the right request for file access in IE * Tue Feb 25 2014 Stephen Gallagher <sgallagh@xxxxxxxxxx> 1.6.3-1 - New upstream release 1.6.3 - https://github.com/less/less.js/blob/v1.6.3/CHANGELOG.md - Fix issue with calling toCSS twice not working in some situations (like with bootstrap 2) - The Rhino release is fixed! - ability to use uppercase colours - Fix a nasty bug causing syntax errors when selector interpolation is preceded by a long comment (and some other cases) - Fix a major bug with the variable scope in guards on selectors (e.g. not mixins) - Fold in & when () { to the current selector rather than duplicating it - fix another issue with array prototypes - add a url-args option which adds a value to all urls (for cache busting) - Round numbers to 8 decimal places - thereby stopping javascript precision errors - some improvements to the default() function in more complex scenarios - improved missing '{' and '(' detection * Mon Jan 13 2014 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.6.1-1 - New upstream release 1.6.1 - https://github.com/less/less.js/blob/v1.6.1/CHANGELOG.md - support ^ and ^^ shadow dom selectors - fix sourcemap selector (used to report end of the element or selector) and directive position (previously not supported) - fix parsing empty less files - error on (currently) ambiguous guards on multiple css selectors - older environments - protect against typeof regex returning function - Do not use default keyword - use innerHTML in tests, not innerText - protect for-in in case Array and Object prototypes have custom fields * Thu Jan 2 2014 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.6.0-1 - New upstream release 1.6.0 - https://github.com/less/less.js/blob/v1.6.0/CHANGELOG.md - Properties can be interpolated, e.g. @{prefix}-property: value; - a default function has been added only valid in mixin definitions to determine if no other mixins have been matched - Added a plugins option that allows specifying an array of visitors run on the less AST - Performance improvements that may result in approx 20-40% speed up - Javascript evaluations returning numbers can now be used in calculations/functions - fixed issue when adding colours, taking the alpha over 1 and breaking when used in colour functions - when adding together 2 colours with non zero alpha, the alpha will now be combined rather than added - the advanced colour functions no longer ignore transparency, they blend that too - Added --clean-option and cleancssOptions to allow passing in clean css options - rgba declarations are now always clamped e.g. rgba(-1,258,258, -1) becomes rgba(0, 255, 255, 0) - Fix possible issue with import reference not bringing in styles (may not be a bugfix, just a code tidy) - Fix some issues with urls() being prefixed twice and unquoted urls in mixins being processed each time they are called - Fixed error messages for undefined variables in javascript evaluation - Fixed line/column numbers from math errors * Tue Nov 26 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.1-1 - New upstream release 1.5.1 - https://github.com/less/less.js/blob/v1.5.1/CHANGELOG.md - Added source-map-URL option - Fixed a bug which meant the minimised 1.5.0 browser version was not wrapped, meaning it interfered with require js - Fixed a bug where the browser version assume port was specified - Added the ability to specify variables on the command line - Upgraded clean-css and fixed it from trying to import - correct a bug meaning imports weren't synchronous (syncImport option available for full synchronous behaviour) - better mixin matching behaviour with calling multiple classes e.g. .a.b.c; * Tue Oct 22 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.0-1 - New upstream release 1.5.0 - https://github.com/less/less.js/blob/v1.5.0/CHANGELOG.md - sourcemap support - support for import inline option to include css that you do NOT want less to parse e.g. `@import (inline) "file.css";` - better support for modifyVars (refresh styles with new variables, using a file cache), is now more resiliant - support for import reference option to reference external css, but not output it. Any mixin calls or extend's will be output. - support for guards on selectors (currently only if you have a single selector) - allow property merging through the +: syntax - Added min/max functions - Added length function and improved extract to work with comma seperated values - when using import multiple, sub imports are imported multiple times into final output - fix bad spaces between namespace operators - do not compress comment if it begins with an exclamation mark - Fix the saturate function to pass through when using the CSS syntax - Added svg-gradient function - Added no-js option to lessc (in browser, use javascriptEnabled: false) which disallows JavaScript in less files - switched from the little supported and buggy cssmin (previously ycssmin) to clean-css - support transparent as a color, but not convert between rgba(0, 0, 0, 0) and transparent - remove sys.puts calls to stop deprecation warnings in future node.js releases - Browser: added logLevel option to control logging (2 = everything, 1 = errors only, 0 = no logging) - Browser: added errorReporting option which can be "html" (default) or "console" or a function - Now uses grunt for building and testing - A few bug fixes for media queries, extends, scoping, compression and import once. - if you don't pass a strict maths option, font size/line height options are output correctly again - npmignore now include .gitattributes - property names may include capital letters - various windows path fixes (capital letters, multiple // in a path) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078932 - update F19 nodejs-less to match F20's version (v1.5.0) https://bugzilla.redhat.com/show_bug.cgi?id=1078932 -------------------------------------------------------------------------------- ================================================================================ openstack-keystone-2013.1.5-2.fc19 (FEDORA-2014-4210) OpenStack Identity Service -------------------------------------------------------------------------------- Update Information: updated to stable grizzly 2013.1.5 release -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 21 2014 Alan Pevec <apevec@xxxxxxxxxx> 2013.1.5-2 - updated to stable grizzly 2013.1.5 release - Trust circumvention through EC2-style tokens CVE-2013-6391 - Trustee token revocation does not work with memcache backend CVE-2014-2237 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1071434 - CVE-2014-2237 openstack-keystone: trustee token revocation does not work with memcache backend https://bugzilla.redhat.com/show_bug.cgi?id=1071434 [ 2 ] Bug #1039164 - CVE-2013-6391 OpenStack Keystone: trust circumvention through EC2-style tokens https://bugzilla.redhat.com/show_bug.cgi?id=1039164 -------------------------------------------------------------------------------- ================================================================================ openstack-nova-2013.1.5-1.fc19 (FEDORA-2014-4188) OpenStack Compute (nova) -------------------------------------------------------------------------------- Update Information: Update to stable/grizzly release 2013.1.5 * Keep XenAPI security groups through migrate and resize - CVE-2013-4497 * Secure directory permissions in snapshots - CVE-2013-7048 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 21 2014 Xavier Queralt <xqueralt@xxxxxxxxxx> - 2013.1.5-1 - Update to stable/grizzly release 2013.1.5 - Keep XenAPI security groups through migrate and resize - CVE-2013-4497 - Secure directory permissions in snapshots - CVE-2013-7048 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1026171 - CVE-2013-4497 openstack-nova: XenAPI security groups not kept through migrate or resize https://bugzilla.redhat.com/show_bug.cgi?id=1026171 [ 2 ] Bug #1040786 - CVE-2013-7048 Openstack Nova: insecure directory permissions in snapshots https://bugzilla.redhat.com/show_bug.cgi?id=1040786 -------------------------------------------------------------------------------- ================================================================================ perl-Class-MethodMaker-2.21-1.fc19 (FEDORA-2014-4211) Perl module for creating generic object-oriented methods -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 21 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 2.21-1 - Upstream update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077585 - perl-Class-MethodMaker-2.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1077585 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.11.2-1.fc19 (FEDORA-2014-4202) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: Numerous bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Alex Wood <awood@xxxxxxxxxx> 1.11.2-1 - Add attributes for brand_name (alikins@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ reposurgeon-3.7-1.fc19 (FEDORA-2014-4212) SCM Repository Manipulation Tool -------------------------------------------------------------------------------- Update Information: - New --dedos option for filter command, to change \r\n line endings to \n. - New append command for annotating comments. - The 'b' search code has been changed to appropriately match non-commits. - New form of 'graft' allows greater control over graft points. - New =I selector to find non-UTF-8 commit metadata. - Import stream comments led with # are preserved as passthroughs. - Buggy text search of authors fields has been fixed. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 21 2014 Christopher Meng <rpm@xxxxxxxx> - 3.7-1 - New --dedos option for filter command, to change \r\n line endings to \n. - New append command for annotating comments. - The 'b' search code has been changed to appropriately match non-commits. - New form of 'graft' allows greater control over graft points. - New =I selector to find non-UTF-8 commit metadata. - Import stream comments led with # are preserved as passthroughs. - Buggy text search of authors fields has been fixed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077609 - reposurgeon-3.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1077609 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.12.1-74.23.fc19 (FEDORA-2014-4216) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: See http://koji.fedoraproject.org/koji/buildinfo?buildID=506047 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 21 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.12.1-74.23 - Add bumblebee to unconfined_domain * Thu Mar 20 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.12.1-74.22 - Allow couchdb to listen on port 6984 - Added kernel_dontaudit_access_check_proc interface - Added modutils_signal_insmod interface - Add xserver_manage_xkb_libs interface - Fixed ftp_home_dir boolean - Added policy for bumblebee * Mon Mar 17 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.12.1-74.21 - Added sysnet_domtrans_ifconfig in neutron policy * Mon Mar 17 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.12.1-74.20 - Backported quantum and neutron rules from rawhide - Allow couchdb can manage rabbitmq files - Added couchdb_manage_files interface - Fixed quantum policy - Allow snort to manage its log files - Allow procman to list doveconf_etc_t - Dontaudit unpriv users creating rawip_socket, will be blocked by DAC - Allow postgresql to read network state -------------------------------------------------------------------------------- References: [ 1 ] Bug #1023610 - SELinux is preventing /usr/bin/postgres from 'read' accesses on the file unix. https://bugzilla.redhat.com/show_bug.cgi?id=1023610 [ 2 ] Bug #1026851 - selinux with procmail and doveadm https://bugzilla.redhat.com/show_bug.cgi?id=1026851 [ 3 ] Bug #1028178 - SELinux is preventing /usr/lib64/chromium-browser/chromium-browser from 'write' accesses on the sock_file bumblebee.socket. https://bugzilla.redhat.com/show_bug.cgi?id=1028178 [ 4 ] Bug #1066124 - ftp_home_dir set to off allows FTP login to user home directory https://bugzilla.redhat.com/show_bug.cgi?id=1066124 [ 5 ] Bug #1072642 - SELinux is preventing /usr/lib64/erlang/erts-5.10.4/bin/beam.smp from 'create' accesses on the file couchdb.pid. https://bugzilla.redhat.com/show_bug.cgi?id=1072642 [ 6 ] Bug #1072983 - Wrong SELinux policies set for neutron-dhcp-agent https://bugzilla.redhat.com/show_bug.cgi?id=1072983 [ 7 ] Bug #1076672 - SELinux is preventing /usr/sbin/snort-plain from 'write' accesses on the file /var/log/snort/snort.log.1394809020. https://bugzilla.redhat.com/show_bug.cgi?id=1076672 -------------------------------------------------------------------------------- ================================================================================ sfk-1.7.1-1.fc19 (FEDORA-2014-4193) The Swiss File Knife File Tree Processor -------------------------------------------------------------------------------- Update Information: Update to 1.7.1: * Rework of sfk find and entab. * Small improvements of sfk split, ftpserv, filter, runloop. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 21 2014 Christopher Meng <rpm@xxxxxxxx> - 1.7.1-1 - Update to 1.7.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078797 - sfk-1.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1078797 -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.11.2-1.fc19 (FEDORA-2014-4202) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: Numerous bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Alex Wood <awood@xxxxxxxxxx> 1.11.2-1 - Use the new Product.brand_name for brand_name (alikins@xxxxxxxxxx) - 865702: Dont render exc messages with bogus markup (alikins@xxxxxxxxxx) - 1070908: Don't count cpus without topo for lpar (alikins@xxxxxxxxxx) - 1075167: Avoid using injected values in migrate-classic-to-rhsm (ckozak@xxxxxxxxxx) - 1074568: Use our translations in optparser (ckozak@xxxxxxxxxx) - Man page spelling corrections (wpoteat@xxxxxxxxxx) - 1070737: correct config section for ca_cert_dir (ckozak@xxxxxxxxxx) -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
