The following Fedora 19 Security updates need testing: Age URL 180 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 117 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 21 https://admin.fedoraproject.org/updates/FEDORA-2014-4676/a2ps-4.14-23.fc19 21 https://admin.fedoraproject.org/updates/FEDORA-2014-4711/cups-filters-1.0.41-6.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-5024/smb4k-1.1.1-2.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-4975/json-c-0.11-6.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-5031/elfutils-0.158-3.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-4384/cups-1.6.4-5.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5236/syncevolution-1.4.1-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5233/kernel-3.13.10-100.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5290/java-1.8.0-openjdk-1.8.0.5-1.b13.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5308/srm-1.2.13-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5284/drupal7-7.27-1.fc19,drupal6-6.31-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5337/stunnel-5.01-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-5396/community-mysql-5.5.37-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-5409/mariadb-5.5.37-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-5375/ansible-1.5.5-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-5414/bugzilla-4.2.9-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5511/ndjbdns-1.06-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5487/python-pillow-2.0.0-13.gitd1c6db8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5551/zabbix-2.0.11-3.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 128 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 54 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-5031/elfutils-0.158-3.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-5073/iscsi-initiator-utils-6.2.0.873-21.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-5117/audit-2.3.6-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-4384/cups-1.6.4-5.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5223/bash-4.2.47-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5213/xdg-utils-1.1.0-0.24.rc2.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5233/kernel-3.13.10-100.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5341/libjpeg-turbo-1.3.1-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-5448/ibus-1.5.6-3.fc19 The following builds have been pushed to Fedora 19 updates-testing ahkab-0.09-3.fc19 babeltrace-1.2.1-1.fc19 cqrlog-1.7.4-1.fc19 ghc-reflection-1.4-1.fc19 ibus-qt-1.3.3-1.fc19 lttv-1.5-5.fc19 perl-Type-Tiny-0.042-1.fc19 pgtoolkit-1.0.1-2.fc19 python-halite-0.1.16-1.fc19 python-six-1.5.2-1.fc19 python3-iep-3.4-2.fc19 qpid-dispatch-0.2-2.fc19 spring-96.0-2.fc19 unetbootin-603-1.fc19 zabbix-2.0.11-3.fc19 Details about builds: ================================================================================ ahkab-0.09-3.fc19 (FEDORA-2014-5524) A SPICE-like electronic circuit simulator written in Python -------------------------------------------------------------------------------- Update Information: A SPICE-like electronic circuit simulator. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1089017 - ahkab - A SPICE-like electronic circuit simulator https://bugzilla.redhat.com/show_bug.cgi?id=1089017 -------------------------------------------------------------------------------- ================================================================================ babeltrace-1.2.1-1.fc19 (FEDORA-2014-5535) Trace Viewer and Converter, mainly for the Common Trace Format -------------------------------------------------------------------------------- Update Information: New upstream release of babeltrace -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Yannick Brosseau <yannick.brosseau@xxxxxxxxx> - 1.2.1-1 - New upstream release * Sat Mar 1 2014 Suchakra Sharma <suchakra@xxxxxxxxxxxxxxxxx> - 1.2.0-1 - New upstream release - Popt patch for babeltrace.pc.in removed. Its fixed in Fedora now - Add new file (babeltrace-ctf.pc) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ cqrlog-1.7.4-1.fc19 (FEDORA-2014-5537) An amateur radio contact logging program -------------------------------------------------------------------------------- Update Information: New version of CQRLOG is now available fixing several bugs and providing several enhancements. * F keys to CW type window added * address to RBN server can be changed in Preferences * full date (not only year,month) is supported in membership files * Close the "Status of log upload" window after successful upload added * moved to new LoTW url and updated upload routines * band button description is editable (Preferences -> TRX control -> Change default frequencies) * 6W/MM0NDX was marked as unknown country instead of Senegal - fixed * after View QSO and CTRL+F2 fields was still read-only - fixed * QSL information was added to Commend to QSO even if it already exists * '+' character is now allowed in any field in New QSO window * log could not recover from a wrong upload of updated QSO - fixed * '+' as hotkey to add to bandmap function removed, use CTRL+A instead * any result from ClubLog with 'Skipping QSO' won't stop uploading of the log * "When TRX control is not active, use frequency and mode from NewQSO window" option to Preferences->Band map added * CTRL+N hotkey to QSO list window added (do NOT send QSL) * TRX control window was not sizeable - fixed * when ESC was pressed twice in Remote mode, log crashed - fixed * program crashed when freq was entered with comma as decimal separator - fixed * broken grid square statistic fixed * online QSO upload to HamQTH, ClubLog and HRDLog added * improved QSL managers import, should be faster a bit * "Long Path" button to Rotor Control added (Darek, SP2MKI) * COMMENT field is exported to eQSL server * Always overwrite info from previous QSO with callbook data option added * help updated * country files updated * membership files updated * layout improved (mostly new QSO window) * LoTW QSL RCVD was not imported when ADIF didn't include LOTW_QSLRDATE value - fixed * CONTESTIA mode was saved as CONSTESTI (increased max length of mode to 10 characters) - fixed * ReverseBeacon support in Gray line didn't work - fixed * after click to OK button in Preferences, bandmap stopped deleting old spots - fixed * bandmap was not updated when any spot was not added - fixed * station was added to bandmap when offline mode was activated - fixed * big square statistics didn't work in newer versions of distributions - fixed * QSO JT65* mode were not confirmed by eQSL - fixed -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Eric "Sparks" Christensen <sparks@xxxxxxxxxxxxxxxxx> - 1.7.4-1 - F keys to CW type window added - address to RBN server can be changed in Preferences - full date (not only year,month) is supported in membership files - Close the "Status of log upload" window after successful upload added - moved to new LoTW url and updated upload routines - band button description is editable (Preferences -> TRX control -> Change default frequencies) - 6W/MM0NDX was marked as unknown country instead of Senegal - fixed - after View QSO and CTRL+F2 fields was still read-only - fixed - QSL information was added to Commend to QSO even if it already exists - '+' character is now allowed in any field in New QSO window - log could not recover from a wrong upload of updated QSO - fixed - '+' as hotkey to add to bandmap function removed, use CTRL+A instead - any result from ClubLog with 'Skipping QSO' won't stop uploading of the log -------------------------------------------------------------------------------- References: [ 1 ] Bug #1090238 - Version 1.7.4 available https://bugzilla.redhat.com/show_bug.cgi?id=1090238 -------------------------------------------------------------------------------- ================================================================================ ghc-reflection-1.4-1.fc19 (FEDORA-2014-5527) Reifies arbitrary terms into types that can be reflected back into terms -------------------------------------------------------------------------------- Update Information: Reifies arbitrary terms into types that can be reflected back into terms - http://hackage.haskell.org/package/reflection -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076737 - Review Request: ghc-reflection - Reifies arbitrary terms into types that can be reflected back into terms https://bugzilla.redhat.com/show_bug.cgi?id=1076737 -------------------------------------------------------------------------------- ================================================================================ ibus-qt-1.3.3-1.fc19 (FEDORA-2014-5552) Qt IBus library and Qt input method plugin -------------------------------------------------------------------------------- Update Information: This update enables surrounding text feature in QT. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 22 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.3.3-1 - Updated to 1.3.3. * Fri Feb 14 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.3.2-6 - rebuild for new ICU * Thu Aug 8 2013 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.3.2-5 - Fixed installed but unpackaged files with rpm-build 4.11.1 and %doc. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jul 29 2013 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.3.2-3 - Fixed misc issues. -------------------------------------------------------------------------------- ================================================================================ lttv-1.5-5.fc19 (FEDORA-2014-5535) Linux Trace Toolkit Viewer -------------------------------------------------------------------------------- Update Information: New upstream release of babeltrace -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 23 2014 Yannick Brosseau <yannick.brosseau@xxxxxxxxx> - 1.5-5 - Rebuild with newer libbabeltrace -------------------------------------------------------------------------------- ================================================================================ perl-Type-Tiny-0.042-1.fc19 (FEDORA-2014-5518) Tiny, yet Moo(se)-compatible type constraint -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 8 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> 0.042-1 - Upstream update. - Split out perl(Test::TypeTiny) to avoid deps on perl(Test::*). -------------------------------------------------------------------------------- ================================================================================ pgtoolkit-1.0.1-2.fc19 (FEDORA-2014-5545) Tools for PostgreSQL maintenance -------------------------------------------------------------------------------- Update Information: Resolving dependency issues. Update pgtoolkit to 1.0.1. -------------------------------------------------------------------------------- ================================================================================ python-halite-0.1.16-1.fc19 (FEDORA-2014-5526) SaltStack Web UI -------------------------------------------------------------------------------- Update Information: Updated to version 0.1.16. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 22 2014 Erik Johnson <erik@xxxxxxxxxxxxx> - 0.1.16-1 - Updated to version 0.1.16. -------------------------------------------------------------------------------- ================================================================================ python-six-1.5.2-1.fc19 (FEDORA-2014-5512) Python 2 and 3 compatibility utilities -------------------------------------------------------------------------------- Update Information: - Latest upstream -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 7 2014 Matthias Runge <mrunge@xxxxxxxxxx> - 1.5.2-1 - upgrade to 1.5.2 (rhbz#1048819) * Mon Sep 16 2013 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 1.4.1-1 - 1.4.1 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python3-iep-3.4-2.fc19 (FEDORA-2014-5553) The interactive editor for Python -------------------------------------------------------------------------------- Update Information: Initial import -------------------------------------------------------------------------------- References: [ 1 ] Bug #1084654 - Review Request: python3-iep - The interactive editor for Python https://bugzilla.redhat.com/show_bug.cgi?id=1084654 -------------------------------------------------------------------------------- ================================================================================ qpid-dispatch-0.2-2.fc19 (FEDORA-2014-5547) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information: Fixed merging problems across Fedora and EPEL releases. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 22 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.2-2 - Fixed merging problems across Fedora and EPEL releases. * Tue Apr 22 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.2-1 - Rebased on Qpid Dispatch 0.2. -------------------------------------------------------------------------------- ================================================================================ spring-96.0-2.fc19 (FEDORA-2014-5542) Multiplayer, 3D realtime strategy combat game -------------------------------------------------------------------------------- Update Information: - Version 96.0, major spring/springlobby upstream release. - pr-downloader finally enabled and finally builds under mock; patches and libcurl added. - spring no longer requires springlobby and spring-maps-default as it creates a circular dependency. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 5 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 96.0-2 - pr-downloader finally builds under mock; patches and libcurl added. - spring no longer requires springlobby and spring-maps-default as it creates a circular dependency. * Mon Jan 13 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 96.0-1 - Version 96.0, major spring/springlobby upstream release. - pr-downloader finally enabled. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055230 - spring and spring lobby versions are outdated https://bugzilla.redhat.com/show_bug.cgi?id=1055230 [ 2 ] Bug #1079581 - [abrt] spring: __pthread_cond_destroy(): spring killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1079581 -------------------------------------------------------------------------------- ================================================================================ unetbootin-603-1.fc19 (FEDORA-2014-5557) Create bootable Live USB drives for a variety of Linux distributions -------------------------------------------------------------------------------- Update Information: Update to version 603. Change naming to reflect upstream versioning scheme. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 22 2014 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 603-1 - Change naming to reflect upstream versioning scheme. - Update to 603. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1090033 - unetbootin-603 is available https://bugzilla.redhat.com/show_bug.cgi?id=1090033 -------------------------------------------------------------------------------- ================================================================================ zabbix-2.0.11-3.fc19 (FEDORA-2014-5551) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: The logrotate configuration had no su statement in 2.0.11-2. Furthermore, the log file should have been created as zabbixsrv:zabbix for the proxy and server, what they are now. http://www.zabbix.com/rn2.0.11.php Also solves 3 security issues: * [ZBX-7703] fixed being able to switch users without proper credentials when using HTTP authentication; reference CVE-2014-1682 * [ZBX-6721] fixed LDAP authentication; reference CVE-2013-5572 * [ZBX-7693] fixed admin user being able to update media for other users; reference CVE-2014-1685 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 22 2014 Volker Fröhlich <volker27@xxxxxx> - 2.0.11-3 - Don't remove su directive from logrotate config in error - Adapt logrotate.in file and sed invocation from 2.2 packages * Sun Feb 16 2014 Volker Fröhlich <volker27@xxxxxx> - 2.0.11-2 - Remove if clauses for Fedora/RHEL as they are obsolete in EL 7 - Use systemd scriplet macros (BZ#850378) - Remove init scripts * Wed Feb 12 2014 Volker Fröhlich <volker27@xxxxxx> - 2.0.11-1 - New upstream release - Truncate changelog * Sun Dec 15 2013 Volker Fröhlich <volker27@xxxxxx> - 2.0.10-2 - The start function of the proxy init script had a typo causing failure - Improved the section on running multiple instances in the README * Fri Dec 13 2013 Volker Fröhlich <volker27@xxxxxx> - 2.0.10-1 - New upstream release - Drop obsolete patch ZBX-7479 - Improve init scripts to not kill other instances (BZ#1018293) - General overhaul of init scripts and documentation in README - Harmonize scriptlet if-clause style -------------------------------------------------------------------------------- References: [ 1 ] Bug #1013963 - CVE-2013-5572 zabbix: password leakage https://bugzilla.redhat.com/show_bug.cgi?id=1013963 [ 2 ] Bug #1061563 - CVE-2014-1682 zabbix: API issue allows users to impersonate other users https://bugzilla.redhat.com/show_bug.cgi?id=1061563 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
