The following Fedora 19 Security updates need testing: Age URL 153 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 90 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 71 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19 44 https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc19 41 https://admin.fedoraproject.org/updates/FEDORA-2014-2439/maradns-2.0.09-1.fc19 36 https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-3771/cups-filters-1.0.41-5.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-3839/udisks-1.0.4-12.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-4081/v8-3.14.5.10-7.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-4152/moodle-2.4.9-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-4121/k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-4180/tigervnc-1.3.0-10.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-4208/ca-certificates-2013.1.97-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-4188/openstack-nova-2013.1.5-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-4210/openstack-keystone-2013.1.5-2.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-4330/seamonkey-2.25-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-4316/check-mk-1.2.4-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4424/xen-4.2.4-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4454/perl-Authen-Captcha-1.024-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4418/munin-2.0.19-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4449/curl-7.29.0-17.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4426/xalan-j2-2.7.1-22.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4438/libyaml-0.1.6-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 101 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 27 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-3840/libosinfo-0.2.9-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-3996/lcms2-2.6-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-4059/fftw-3.3.4-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-4058/audit-2.3.5-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-4079/linux-firmware-20140317-35.gitdec41bce.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-4110/pango-1.34.1-3.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-4180/tigervnc-1.3.0-10.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-4216/selinux-policy-3.12.1-74.23.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-4228/nss-util-3.16.0-1.fc19,nss-softokn-3.16.0-1.fc19,nss-3.16.0-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4292/xorg-x11-drv-synaptics-1.7.4-3.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3970/kde-workspace-4.11.7-6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4449/curl-7.29.0-17.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4384/cups-1.6.4-4.fc19 The following builds have been pushed to Fedora 19 updates-testing couchdb-1.5.0-1.fc19 curl-7.29.0-17.fc19 erlang-oauth-1.4.0-1.fc19 lbzip2-2.5-1.fc19 libyaml-0.1.6-1.fc19 munin-2.0.19-2.fc19 open-vm-tools-9.4.0-8.fc19 ovirt-engine-cli-3.4.0.5-1.fc19 ovirt-engine-sdk-java-3.4.0.7-1.fc19 ovirt-engine-sdk-python-3.4.0.6-1.fc19 perl-Authen-Captcha-1.024-1.fc19 perl-Rose-DB-Object-0.811-1.fc19 python-phyghtmap-1.48-1.fc19 qaccessibilityclient-0.1.1-1.fc19 smokeping-2.6.9-3.fc19 tzdata-2014b-1.fc19 xalan-j2-2.7.1-22.fc19 xen-4.2.4-3.fc19 xfdashboard-0.1.6-2.fc19 Details about builds: ================================================================================ couchdb-1.5.0-1.fc19 (FEDORA-2014-4417) A document database server, accessible via a RESTful JSON API -------------------------------------------------------------------------------- Update Information: Upgrade to 1.5.0. Unfortunately we have bugreports regarding issues with 1.3.1 on F19 so we have to upgrade it. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 10 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.5.0-1 - Ver. 1.5.0 -------------------------------------------------------------------------------- ================================================================================ curl-7.29.0-17.fc19 (FEDORA-2014-4449) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: fix connection re-use when using different log-in credentials (CVE-2014-0138) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Kamil Dudka <kdudka@xxxxxxxxxx> 7.29.0-17 - fix connection re-use when using different log-in credentials (CVE-2014-0138) * Mon Mar 17 2014 Paul Howarth <paul@xxxxxxxxxxxx> 7.29.0-16 - add all perl build requirements for the test suite, in a portable way -------------------------------------------------------------------------------- References: [ 1 ] Bug #1079148 - CVE-2014-0138 curl: wrong re-use of connections in libcurl https://bugzilla.redhat.com/show_bug.cgi?id=1079148 -------------------------------------------------------------------------------- ================================================================================ erlang-oauth-1.4.0-1.fc19 (FEDORA-2014-4417) An Erlang OAuth implementation -------------------------------------------------------------------------------- Update Information: Upgrade to 1.5.0. Unfortunately we have bugreports regarding issues with 1.3.1 on F19 so we have to upgrade it. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 10 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.4.0-1 - Ver. 1.4.0 (API incompatible update) - Removed compatibility with Fedora < 12, RHEL < 6 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ lbzip2-2.5-1.fc19 (FEDORA-2014-4323) Fast, multi-threaded bzip2 utility -------------------------------------------------------------------------------- Update Information: This update rebases to upstream version 2.5, which fixes several bugs and adds some improvements. Full release notes are available at upstream website: http://lbzip2.org/news This release is strictly backwards-compatible with all previous releases in 2.x line. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.5-1 - Update to upstream version 2.5 * Wed Mar 26 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.4-4 - Add patch for performance regression during compression * Wed Mar 26 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.4-3 - Fix a typo in compression order block patch * Wed Mar 26 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.4-2 - Add patch fixing block ordering during compression * Mon Mar 24 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.4-1 - Update to upstream version 2.4 * Sun Dec 22 2013 Ville Skyttä <ville.skytta@xxxxxx> - 2.3-3 - Drop INSTALL from docs. - Fix bogus dates in %changelog. - Use bzipped source tarball. -------------------------------------------------------------------------------- ================================================================================ libyaml-0.1.6-1.fc19 (FEDORA-2014-4438) YAML 1.1 parser and emitter written in C -------------------------------------------------------------------------------- Update Information: New upstream release 0.1.6, fixes CVE-2014-2525 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 John Eckersberg <jeckersb@xxxxxxxxxx> - 0.1.6-1 - New upstream release 0.1.6 (bz1081492) - Fixes CVE-2014-2525 (bz1078083) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078083 - CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs https://bugzilla.redhat.com/show_bug.cgi?id=1078083 -------------------------------------------------------------------------------- ================================================================================ munin-2.0.19-2.fc19 (FEDORA-2014-4418) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information: minor bugfix release: - BZ# 1081254: Start asyncd after node - BZ# 1028075: munin-node doesn't get added to chkconfig Upstream update to 2.0.18, fixes CVE-2013-6359 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 D. Johnson <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.19-2 - BZ# 1081254: Start asyncd after node - BZ# 1028075: munin-node doesn't get added to chkconfig -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037888 - CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18 https://bugzilla.redhat.com/show_bug.cgi?id=1037888 -------------------------------------------------------------------------------- ================================================================================ open-vm-tools-9.4.0-8.fc19 (FEDORA-2014-4386) Open Virtual Machine Tools for virtual machines hosted on VMware -------------------------------------------------------------------------------- Update Information: Added package dependencies to address BZ#1045709 and BZ#1077320. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.0-8 - Add missing package dependency on 'which' (BZ#1045709) * Tue Mar 25 2014 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.0-7 - Add -D_DEFAULT_SOURCE to suppress warning as suggested in https://sourceware.org/bugzilla/show_bug.cgi?id=16632 * Fri Mar 21 2014 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.0-6 - Add missing package dependencies (BZ#1045709, BZ#1077320) * Tue Feb 18 2014 Igor Gnatenko <i.gnatenko.brain@xxxxxxxxx> - 9.4.0-5 - Fix FTBFS g_info redefine (RHBZ #1063847) * Fri Feb 14 2014 David Tardon <dtardon@xxxxxxxxxx> - 9.4.0-4 - rebuild for new ICU * Tue Feb 11 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 9.4.0-3 - Only build on x86-64 for RHEL 7 (RHBZ#1054608). * Wed Dec 4 2013 Richard W.M. Jones <rjones@xxxxxxxxxx> - 9.4.0-2 - Rebuild for procps SONAME bump. * Wed Nov 6 2013 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.0-1 - Package new upstream version open-vm-tools-9.4.0-1280544. - Added CUSTOM_PROCPS_NAME=procps and -Wno-deprecated-declarations for version 9.4.0. * Thu Aug 22 2013 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.2.3-11 - Added copyright and license text. - Corrected summary for all packages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1045709 - open-vm-tools should depend on which https://bugzilla.redhat.com/show_bug.cgi?id=1045709 [ 2 ] Bug #1077320 - open-vm-tools should depend on ifconfig https://bugzilla.redhat.com/show_bug.cgi?id=1077320 -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-cli-3.4.0.5-1.fc19 (FEDORA-2014-4423) oVirt Engine Command Line Interface -------------------------------------------------------------------------------- Update Information: Update to upstream 3.4.0.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Juan Hernandez <juan.hernandez@xxxxxxxxxx> - 3.4.0.5-1 - Update to upstream 3.4.0.5 in order to support version 3.4 of the oVirt project. -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-sdk-java-3.4.0.7-1.fc19 (FEDORA-2014-4434) oVirt Engine Software Development Kit (Java) -------------------------------------------------------------------------------- Update Information: Update to upstream 3.4.0.7 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Juan Hernandez <juan.hernandez@xxxxxxxxxx> - 3.4.0.7-1 - Update to upstream 3.4.0.7 in order to suport version 3.4 of the oVirt project. -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-sdk-python-3.4.0.6-1.fc19 (FEDORA-2014-4448) oVirt Engine Software Development Kit (Python) -------------------------------------------------------------------------------- Update Information: Update to upstream version 3.4.0.6 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Juan Hernandez <juan.hernandez@xxxxxxxxxx> - 3.4.0.6-1 - Update to upstream version 3.4.0.6 in order to support release 3.4 of the oVirt project. -------------------------------------------------------------------------------- ================================================================================ perl-Authen-Captcha-1.024-1.fc19 (FEDORA-2014-4454) Perl extension for creating captchas -------------------------------------------------------------------------------- Update Information: An issue in previous versions of perl-Authen-Captcha is that the generated public string (file name of the picture) for the captcha is merely a checksum of the secret string. It is trivial to break such short strings even using google instead of a rainbow table. Version 1.024 of the module fixes this. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Emmanuel Seyman <emmanuel@xxxxxxxxx> - 1.024-1 - Update to 1.024 -------------------------------------------------------------------------------- ================================================================================ perl-Rose-DB-Object-0.811-1.fc19 (FEDORA-2014-4452) Extensible, high performance object-relational mapper (ORM) -------------------------------------------------------------------------------- Update Information: update to version 0.811 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Bill Pemberton <wfp5p@xxxxxxxxxxxxxxx> - 0.811-1 - update to version 0.811 - fixes a bug that prevented many-to-many map records from being saved to the database -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055297 - perl-Rose-DB-Object-0.811 is available https://bugzilla.redhat.com/show_bug.cgi?id=1055297 -------------------------------------------------------------------------------- ================================================================================ python-phyghtmap-1.48-1.fc19 (FEDORA-2014-4435) Generate OSM contour lines from NASA SRTM data -------------------------------------------------------------------------------- Update Information: This update fixes minor bugs related to index generation and missing file downloads when using viewfinder 3 arc second data. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Volker Fröhlich <volker27@xxxxxx> - 1.48-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080888 - python-phyghtmap-1.48 is available https://bugzilla.redhat.com/show_bug.cgi?id=1080888 -------------------------------------------------------------------------------- ================================================================================ qaccessibilityclient-0.1.1-1.fc19 (FEDORA-2014-4442) Accessibility client library for Qt -------------------------------------------------------------------------------- Update Information: New stable release to replace previous snapshot build, see also: http://lists.kde.org/?l=kde-accessibility&m=139207620411895&w=2 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 12 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.1.1-1 - 1.1.1 release - support QT4_BUILD option - fix dso patch - Provides: libqaccessibilityclient(-devel) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.0-0.3.20121113git - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ smokeping-2.6.9-3.fc19 (FEDORA-2014-4431) Latency Logging and Graphing System -------------------------------------------------------------------------------- Update Information: Smokeping was adding improper date header in email reports. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Terje Rosten <terje.rosten@xxxxxxx> - 2.6.9-3 - Fix build * Wed Mar 26 2014 Terje Rosten <terje.rosten@xxxxxxx> - 2.6.9-2 - Let MTA add date header (bz #1080949) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080949 - wrong date header with locale in alert mails https://bugzilla.redhat.com/show_bug.cgi?id=1080949 -------------------------------------------------------------------------------- ================================================================================ tzdata-2014b-1.fc19 (FEDORA-2014-4420) Timezone data -------------------------------------------------------------------------------- Update Information: Rebase to tzdata-2014b which includes the following update: - Crimea changes to Moscow time on March, 30, 2014. Rebase to 2014a: - Turkey begins DST on 2014-03-31, not 03-30. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Patsy Franklin <pfrankli@xxxxxxxxxx> 2014b-1 - Rebase to 2014b - Crimea changes to Moscow time on March 30, 2014. * Wed Mar 12 2014 Patsy Franklin <pfrankli@xxxxxxxxxx> 2014a-1 - Rebase to 2014a - Turkey begins DST on 2014-03-31, not 03-30. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080928 - tzdata-2014b is available https://bugzilla.redhat.com/show_bug.cgi?id=1080928 [ 2 ] Bug #1075002 - tzdata-2014a is available https://bugzilla.redhat.com/show_bug.cgi?id=1075002 -------------------------------------------------------------------------------- ================================================================================ xalan-j2-2.7.1-22.fc19 (FEDORA-2014-4426) Java XSLT processor -------------------------------------------------------------------------------- Update Information: This update fixes a remote code execution security vulnerability (CVE-2014-0107). -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 0:2.7.1-22 - Add patch to fix remote code execution vulnerability - Resolves: CVE-2014-0107 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080248 - CVE-2014-0107 Xalan-Java: insufficient constraints in secure processing feature (oCERT-2014-002) https://bugzilla.redhat.com/show_bug.cgi?id=1080248 -------------------------------------------------------------------------------- ================================================================================ xen-4.2.4-3.fc19 (FEDORA-2014-4424) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.4-3 - HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1075499 - CVE-2014-2599 xen: HVMOP_set_mem_access is not preemptible https://bugzilla.redhat.com/show_bug.cgi?id=1075499 -------------------------------------------------------------------------------- ================================================================================ xfdashboard-0.1.6-2.fc19 (FEDORA-2014-4459) GNOME shell like dashboard for Xfce -------------------------------------------------------------------------------- Update Information: Update to 0.1.6 containing bugfixes and new enhancements -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 23 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 0.1.6-2 - Updated to 0.1.6 - Added xfdashboard.xml to files section * Sun Mar 23 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 0.1.6-1 - Updated to 0.1.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081122 - version 0.1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1081122 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
