The following Fedora 19 Security updates need testing: Age URL 181 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 118 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 22 https://admin.fedoraproject.org/updates/FEDORA-2014-4676/a2ps-4.14-23.fc19 22 https://admin.fedoraproject.org/updates/FEDORA-2014-4711/cups-filters-1.0.41-6.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-5024/smb4k-1.1.1-2.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-4975/json-c-0.11-6.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-5031/elfutils-0.158-3.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-4384/cups-1.6.4-5.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-5236/syncevolution-1.4.1-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5308/srm-1.2.13-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5284/drupal7-7.27-1.fc19,drupal6-6.31-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5337/stunnel-5.01-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5396/community-mysql-5.5.37-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5409/mariadb-5.5.37-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5375/ansible-1.5.5-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-5414/bugzilla-4.2.9-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5511/ndjbdns-1.06-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5487/python-pillow-2.0.0-13.gitd1c6db8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5562/python-django-1.5.6-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5551/zabbix-2.0.11-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5586/prosody-0.8.2-11.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 129 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 55 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-5031/elfutils-0.158-3.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-5073/iscsi-initiator-utils-6.2.0.873-21.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-5117/audit-2.3.6-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-4384/cups-1.6.4-5.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-5223/bash-4.2.47-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-5213/xdg-utils-1.1.0-0.24.rc2.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5341/libjpeg-turbo-1.3.1-2.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-5448/ibus-1.5.6-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5590/libcap-ng-0.7.4-1.fc19 The following builds have been pushed to Fedora 19 updates-testing bogofilter-1.2.4-1.fc19 cptutils-1.53-1.fc19 easytag-2.2.1-1.fc19 jackson-1.9.11-3.fc19 kde-plasma-networkmanagement-0.9.0.11-1.fc19 libcap-ng-0.7.4-1.fc19 lua-expat-1.3.0-1.fc19 open-vm-tools-9.4.0-9.fc19 perl-MouseX-ConfigFromFile-0.05-3.fc19 perl-Starlet-0.23-1.fc19 prosody-0.8.2-11.fc19 python-django-1.5.6-1.fc19 python-moksha-common-1.2.3-1.fc19 xca-0.9.3-5.fc19 Details about builds: ================================================================================ bogofilter-1.2.4-1.fc19 (FEDORA-2014-5580) Fast anti-spam filtering by Bayesian statistical analysis -------------------------------------------------------------------------------- Update Information: updated to 1.2.4 (fixes #1084359) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 23 2014 Adrian Reber <adrian@xxxxxxxx> - 1.2.4-1 - updated to 1.2.4 (fixes #1084359) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1.2.3-4 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1084359 - bogofilter was updateed https://bugzilla.redhat.com/show_bug.cgi?id=1084359 -------------------------------------------------------------------------------- ================================================================================ cptutils-1.53-1.fc19 (FEDORA-2014-5576) Utilities to manipulate and translate color gradients -------------------------------------------------------------------------------- Update Information: >From the changelog: * fixed a null-deference when writing a cpt with a NULL name (typically when the cpt is read from stdin) * svgx -a now sanitises the filenames devrived from the svg ids, replacing forward-slashes and leading dots by underscores. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2014 Volker Fröhlich <volker27@xxxxxx> 1.53-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1090873 - cptutils-1.53 is available https://bugzilla.redhat.com/show_bug.cgi?id=1090873 -------------------------------------------------------------------------------- ================================================================================ easytag-2.2.1-1.fc19 (FEDORA-2014-5568) Tag editor for MP3, Ogg, FLAC and other music files -------------------------------------------------------------------------------- Update Information: Update to 2.2.1 and add hardening flags * Fix image loading with HTTP URLs and empty images * Fix bogus track numbers when automatically numbering files * Add Opus and Speex MIME types to desktop file * Abhinav Jangda’s fix for numeric characters in ID3 TPOS fields * Roman Bogorodskiy’s ID3 wrapper compilation fix * Improvements to MP4 GIO wrapper * Fix a scanner bug when converting "%20" to " " * Fix compilation if TagLib or libogg is unavailable * Depend on TagLib 1.9.1 for MP4 support * Use CXXFLAGS from the environment * Rafael Ferrera’s Brazilian Portuguese translation update * Aurimas Černius’s Lithuanian translation update * Balázs Úr’s Hungarian translation update * Matej Urbančič’s Slovenian translation update -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 22 2014 David King <amigadave@xxxxxxxxxxxxx> 2.2.1-1 - Update to 2.2.1 - Add hardening flags -------------------------------------------------------------------------------- References: [ 1 ] Bug #1089501 - [abrt] easytag: Scan_Process_Fields(): easytag killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1089501 -------------------------------------------------------------------------------- ================================================================================ jackson-1.9.11-3.fc19 (FEDORA-2014-5570) Jackson Java JSON-processor -------------------------------------------------------------------------------- Update Information: Update to upstream version 1.9.11 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2013 gil cattaneo <puntogil@xxxxxxxxx> 1.9.11-3 - switch to java-headless (build)requires (rhbz#1068160) * Thu Nov 14 2013 gil cattaneo <puntogil@xxxxxxxxx> 1.9.11-2 - use objectweb-asm3 * Wed Sep 25 2013 gil cattaneo <puntogil@xxxxxxxxx> 1.9.11-1 - Update to upstream version 1.9.11 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.9.4-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1088955 - [RFE] Please update jackson to 1.9.9 https://bugzilla.redhat.com/show_bug.cgi?id=1088955 -------------------------------------------------------------------------------- ================================================================================ kde-plasma-networkmanagement-0.9.0.11-1.fc19 (FEDORA-2014-5561) NetworkManager KDE 4 integration -------------------------------------------------------------------------------- Update Information: Plasma networkmanagement 0.9.0.11 release. See http://lamarque-lvs.blogspot.cz/2014/04/plasma-nm-09011.html -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2014 Jan Grulich <jgrulich@xxxxxxxxxx> 0.9.0.11-1 - 0.9.0.11 -------------------------------------------------------------------------------- ================================================================================ libcap-ng-0.7.4-1.fc19 (FEDORA-2014-5590) An alternate posix capabilities library -------------------------------------------------------------------------------- Update Information: Add CAPNG_INIT_SUPP_GRP to capng_change_id. Update the autotools components. Dynamically detect last capability. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2014 Steve Grubb <sgrubb@xxxxxxxxxx> 0.7.4-1 - New upstream release * Thu Nov 14 2013 Steve Grubb <sgrubb@xxxxxxxxxx> 0.7.3-6 - Rebuild to pickup current CAP_LAST_CAP * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Jul 2 2013 Karsten Hopp <karsten@xxxxxxxxxx> 0.7.3-4 - bump release and rebuild to fix dependencies on PPC -------------------------------------------------------------------------------- ================================================================================ lua-expat-1.3.0-1.fc19 (FEDORA-2014-5588) SAX XML parser based on the Expat library -------------------------------------------------------------------------------- Update Information: LuaExpat 1.3.0 [02/Apr/2014] ============================ - Lua 5.2 support (thanks Tomás Guisasola Gorham) - support for the XmlDecl handler - add parser:getcurrentbytecount() (XML_GetCurrentByteCount) - ability to disable CharacterData merging - Makefile improvements (thanks Vadim Misbakh-Soloviov) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 23 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 1.3.0-1 - New upstream release * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri May 10 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2.0-5 - fix for lua 5.2 -------------------------------------------------------------------------------- ================================================================================ open-vm-tools-9.4.0-9.fc19 (FEDORA-2014-5577) Open Virtual Machine Tools for virtual machines hosted on VMware -------------------------------------------------------------------------------- Update Information: Moved 'vm-support' script to /usr/bin. Removed unnecessary dependency on 'dbus'. Added notification to VMware platform when open-vm-tools gets uninstalled. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 23 2014 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.0-9 - Removed unnecessary package dependency on 'dbus' - Moved 'vm-support' script to /usr/bin - Added a call to 'tools.set.version' RPC to inform VMware platform when open-vm-tools has been uninstalled -------------------------------------------------------------------------------- ================================================================================ perl-MouseX-ConfigFromFile-0.05-3.fc19 (FEDORA-2014-5582) An abstract Mouse role for setting attributes from a configfile -------------------------------------------------------------------------------- Update Information: This is the first Fedora release of perl-MouseX-ConfigFromFile. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1088946 - Review Request: perl-MouseX-ConfigFromFile - An abstract Mouse role for setting attributes from a configfile https://bugzilla.redhat.com/show_bug.cgi?id=1088946 -------------------------------------------------------------------------------- ================================================================================ perl-Starlet-0.23-1.fc19 (FEDORA-2014-5573) Simple, high-performance PSGI/Plack HTTP server -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.23-1 - Upstream update. -------------------------------------------------------------------------------- ================================================================================ prosody-0.8.2-11.fc19 (FEDORA-2014-5586) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Added upstream patches to avoid resource consumption denial of service when using XMPP application-layer compression (#1085692) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 23 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 0.8.2-11 - Added upstream patches to avoid resource consumption denial of service when using XMPP application-layer compression (#1085692) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1085692 - CVE-2014-2745 CVE-2014-2744 prosody: resource consumption denial of service when using XMPP application-layer compression https://bugzilla.redhat.com/show_bug.cgi?id=1085692 -------------------------------------------------------------------------------- ================================================================================ python-django-1.5.6-1.fc19 (FEDORA-2014-5562) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: update to 1.5.6 fixing CVE-2014-0473 and CVE-2014-0474 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2014 Matthias Runge <mrunge@xxxxxxxxxx> - 1.5.6-1 - update to 1.5.6 fixing CVE-2014-0473 and CVE-2014-0474 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027766 - python-django-1.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1027766 -------------------------------------------------------------------------------- ================================================================================ python-moksha-common-1.2.3-1.fc19 (FEDORA-2014-5559) Common components for Moksha -------------------------------------------------------------------------------- Update Information: Support older python-six. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2014 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.3-1 - Support older versions of python-six. * Thu Apr 24 2014 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.2-1 - Fixed up some python3 support. - Added dep on python-six. * Mon Oct 14 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.1-1 - Latest upstream; simply includes a forgotten test config. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xca-0.9.3-5.fc19 (FEDORA-2014-5572) Graphical X.509 certificate management tool -------------------------------------------------------------------------------- Update Information: * Tue Apr 22 2014 Patrick Monnerat <pm@xxxxxxxxxxxxx> - 0.9.3-5 - Rebuild for elliptic curves inclusion. https://bugzilla.redhat.com/show_bug.cgi?id=1089245 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 22 2014 Patrick Monnerat <pm@xxxxxxxxxxxxx> - 0.9.3-5 - Rebuild for elliptic curves inclusion. https://bugzilla.redhat.com/show_bug.cgi?id=1089245 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1089245 - EC (elliptic curve) key generation disabled in xca https://bugzilla.redhat.com/show_bug.cgi?id=1089245 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
