The following Fedora 19 Security updates need testing: Age URL 196 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 25 https://admin.fedoraproject.org/updates/FEDORA-2014-5024/smb4k-1.1.1-2.fc19 21 https://admin.fedoraproject.org/updates/FEDORA-2014-5308/srm-1.2.13-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-5903/miniupnpc-1.9-1.fc19,megaglest-3.9.1-2.fc19,0ad-0.0.15-4.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5938/rxvt-unicode-9.20-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5974/python-fmn-web-0.2.4-3.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5948/python-fedora-0.3.34-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5984/php-5.5.12-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6028/mingw-qt-4.8.6-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-5999/mingw-qt5-qtbase-5.2.1-3.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6046/cifs-utils-6.3-2.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6083/qt-4.8.6-5.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6127/rubygem-actionpack-3.2.13-6.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6167/kernel-3.14.3-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6209/mutt-1.5.23-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5759/cups-filters-1.0.53-2.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 144 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 70 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-5620/abrt-2.2.1-1.fc19,libreport-2.2.2-2.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-5665/curl-7.29.0-18.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-5809/xorg-x11-drv-synaptics-1.7.4-9.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-5818/libssh2-1.4.3-7.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-5448/ibus-1.5.7-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6047/gupnp-0.20.11-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6179/nss-softokn-3.16.1-1.fc19,nspr-4.10.5-1.fc19,nss-util-3.16.1-1.fc19,nss-3.16.1-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6167/kernel-3.14.3-100.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6113/xorg-x11-drv-evdev-2.8.4-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6075/selinux-policy-3.12.1-74.26.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6126/policycoreutils-2.1.14-46.8.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6083/qt-4.8.6-5.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5590/libcap-ng-0.7.4-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6185/kde-workspace-4.11.9-4.fc19 The following builds have been pushed to Fedora 19 updates-testing cups-filters-1.0.53-2.fc19 easytag-2.2.2-1.fc19 guilt-0.35-10.fc19 kde-workspace-4.11.9-4.fc19 mutt-1.5.23-1.fc19 orthanc-0.7.5-1.fc19 powerline-0.0.1-7.20140508git9e7c6c.fc19 publican-4.1.1-0.1.fc19 python-ngram-3.3.0-1.fc19 python-pypng-0.0.16-1.fc19 tintii-2.8.2-1.fc19 vcsh-1.20140508-1.fc19 wordpress-3.9.1-1.fc19 Details about builds: ================================================================================ cups-filters-1.0.53-2.fc19 (FEDORA-2014-5759) OpenPrinting CUPS filters and backends -------------------------------------------------------------------------------- Update Information: This update fixes two flaws and various bugs. -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.53-2 - Return Tim's work-around patch for bug #768811. * Mon Apr 28 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.53-1 - 1.0.53 * Wed Apr 2 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.41-6 - Remote command injection in cups-browsed (bug #1083327). * Tue Mar 11 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.41-5 - Don't ship pdftoopvp (#1027557) and urftopdf (#1002947). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1091565 - cups-filters: inadequate fix for CVE-2014-2707 https://bugzilla.redhat.com/show_bug.cgi?id=1091565 [ 2 ] Bug #1091568 - cups-filters: unsupported BrowseAllow value lets cups-browsed accept from all hosts https://bugzilla.redhat.com/show_bug.cgi?id=1091568 [ 3 ] Bug #1083326 - CVE-2014-2707 cups-filters: remote command injection in cups-browsed https://bugzilla.redhat.com/show_bug.cgi?id=1083326 -------------------------------------------------------------------------------- ================================================================================ easytag-2.2.2-1.fc19 (FEDORA-2014-6212) Tag editor for MP3, Ogg, FLAC and other music files -------------------------------------------------------------------------------- Update Information: Update to 2.2.2 * Fix loading filenames from a text file * Fix saving Ogg cover art without a description * Fix check for broken id3lib UTF-16 writing * Fix keyboard navigation to allow escaping the tag area * Update ID3v1 genre list * Revert asynchronous image handling changes * Andreas Winkelmann’s ID3 memory leak fix * Andika Triwidada’s Indonesian translation * Dimitris Spingos’s Greek help translation -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2014 David King <amigadave@xxxxxxxxxxxxx> 2.2.2-1 - Update to 2.2.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1091577 - [abrt] easytag: _gtk_css_computed_values_get_difference(): easytag killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1091577 [ 2 ] Bug #1092814 - [abrt] easytag: g_realloc(): easytag killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1092814 -------------------------------------------------------------------------------- ================================================================================ guilt-0.35-10.fc19 (FEDORA-2014-6183) Scripts to manage quilt-like patches on top of git -------------------------------------------------------------------------------- Update Information: Fixed to work with git v1.9; removed all git version checks. -------------------------------------------------------------------------------- ChangeLog: * Tue May 6 2014 Eric Sandeen <sandeen@xxxxxxxxxx> 0.35-10 - Drop git version check altogether, per upstream * Mon May 5 2014 Eric Sandeen <sandeen@xxxxxxxxxx> 0.35-9 - Allow use with git v1.9 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.35-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ kde-workspace-4.11.9-4.fc19 (FEDORA-2014-6185) KDE Workspace -------------------------------------------------------------------------------- Update Information: Backport upstream fix for kdm crasher when xsessions do not define/set DesktopNames= key New stable/bugfix release, see also http://kde.org/announcements/announce-4.12.5.php -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.9-4 - backports++ (kdm crasher in particular) * Thu May 1 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.9-3 - backport some post-4.11.9 upstream commits * Tue Apr 29 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.9-2 - respin * Fri Apr 25 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.9-1 - 4.11.9 * Thu Apr 24 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.8-7 - another batch of upstream commits, including final versions of screenlocker fixes * Tue Apr 22 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.8-6 - pull in proposed screenlocker fixes (kde#224200, kde#327947, kde#329076) * Sat Apr 19 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.8-5 - plasma-dataengine-extractor love - move calendar dataengine to -akonadi subpkg (currently unused) * Mon Apr 14 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.8-4 - disable nepomuk support (kde-4.13, f21+) * Mon Apr 14 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.8-3 - startkde.cmake: PAM_KWALLET_LOGIN typo * Fri Apr 11 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.8-2 - pull in some post 4.11.8 commits - ... namely adds support for pam-kwallet and XDG_CURRENT_DESKTOP -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095920 - kdm segfaults on login https://bugzilla.redhat.com/show_bug.cgi?id=1095920 -------------------------------------------------------------------------------- ================================================================================ mutt-1.5.23-1.fc19 (FEDORA-2014-6209) A text mode mail user agent -------------------------------------------------------------------------------- Update Information: fix: CVE-2014-0467 heap-based buffer overflow when parsing certain headers -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 29 2014 Jan Pacner <jpacner@xxxxxxxxxx> - 5:1.5.23-1 - Resolves: #1034263 (new version due to CVE) - patch cleanup (upstream fixes) - add html documentation (in addition to the current txt one) * Mon Dec 2 2013 Jan Pacner <jpacner@xxxxxxxxxx> - 5:1.5.22-1 - new release (Resolves: #1034263) - use inline sed instead of nodotlock patch - patches removed: testcert, hdrcnt, certscomp, updating, pophash, notation, writehead, tmpdir, verpeers, tlsv1v2 - manhelp patch adjusted (only DEBUG logging capability was left) * Mon Oct 21 2013 Honza Horak <hhorak@xxxxxxxxxx> - 5:1.5.21-26 - Fixed patch for certificates comparison * Mon Sep 23 2013 Miroslav Lichvar <mlichvar@xxxxxxxxxx> - 5:1.5.21-25 - Revert to packaging only selected doc files * Thu Aug 8 2013 Ville Skyttä <ville.skytta@xxxxxx> - 5:1.5.21-24 - Fix FTBFS with unversioned %{_docdir_fmt} (#992311), drop duplicate docs. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5:1.5.21-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Jul 18 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 5:1.5.21-22 - Perl 5.18 rebuild * Thu Jun 27 2013 Honza Horak <hhorak@xxxxxxxxxx> - 5:1.5.21-21 - Backported support for TLS 1.2 and TLS 1.2 protocols Resolves: #957840 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1075860 - CVE-2014-0467 mutt: heap-based buffer overflow when parsing certain headers https://bugzilla.redhat.com/show_bug.cgi?id=1075860 -------------------------------------------------------------------------------- ================================================================================ orthanc-0.7.5-1.fc19 (FEDORA-2014-6186) RESTful DICOM server for healthcare and medical research -------------------------------------------------------------------------------- Update Information: New upstream version of Orthanc -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2014 Sebastien Jodogne <s.jodogne@xxxxxxxxx> 0.7.5-1 - New upstream version -------------------------------------------------------------------------------- ================================================================================ powerline-0.0.1-7.20140508git9e7c6c.fc19 (FEDORA-2014-6208) The ultimate status-line/prompt utility -------------------------------------------------------------------------------- Update Information: Update to revision 0.0.1-7.20140508git9e7c6c -------------------------------------------------------------------------------- ChangeLog: * Thu May 8 2014 - Andreas Schneider <asn@xxxxxxxxxx> - 0.0.1-7.20140508git9e7c6c - Update to revision 0.0.1-7.20140508git9e7c6c -------------------------------------------------------------------------------- ================================================================================ publican-4.1.1-0.1.fc19 (FEDORA-2014-6197) Common files and scripts for publishing with DocBook XML -------------------------------------------------------------------------------- Update Information: - Fix issue where PDFs failed with long <pre>s - Add abstract to release notes so PDF builds - Fix RPM upgrade not pulling in required XML::TreeBuilder version. BZ #1053609 - Allow PDF to build without any authors. BZ #1050975 - Increase XML::LibXSLT::max_depth to 10K. BZ #1035525 - Include entrytbl in cols count. BZ #1069405 - Add 'td' to translatable blocks list. BZ #1059938 - Treat entry like para for mixedmode tags. BZ #1039382 - Add blank page after cover page in PDF. BZ #1050770 - Fix replaceable override in DB 4.5 XSL. BZ #1054462 - Store processing instructions. BZ #1045463 - Add releaseinfo support. BZ #1050789 - Add suppor5t for wkhtmltopdf 0.12.0 - Add non-minified JS files. BZ #1062109 - Use term as ID node for varlistentry. BZ #1050836 - Fix acroread search and image issues. BZ #1038393 #1065810 - Add line numbering to DB5 html output. BZ #1074709 - Remove glossdiv and indexdiv headings from PDF TOC. BZ #1058545 - Add basic handling & style for revisionflag. - Fix admonition style for wkhtmnltopdf 0.12. - Pass chunk_section_depth to wkhtmltopdf. BZ #1044848 - Do not die on empty brand conf files. BZ #1037037 - Fix font embedding in PDF. - Enforce RPM API requirements. BZ #1029293 - Fix desktop SPEC file creation. BZ #1081087 - Pass previous option to msgmerge. BZ #1081363 - Load splash pages in templates instead of using javascript. BZ #1081300 - Sync list layout across web and desktop styles. BZ #1080236 - Add dt_format parameter. BZ #1081808 - Provide gettext version of package name. BZ #1083102 - Fix step style. BZ #1080156 - Fix DD layout. BZ #1084242 - Fix tables breaking out. BZ #1082444 - Add zt_push and zt_pull for Zanata. - Add abstract to release notes so PDF builds - Fix RPM upgrade not pulling in required XML::TreeBuilder version. BZ #1053609 - Allow PDF to build without any authors. BZ #1050975 - Increase XML::LibXSLT::max_depth to 10K. BZ #1035525 - Include entrytbl in cols count. BZ #1069405 - Add 'td' to translatable blocks list. BZ #1059938 - Treat entry like para for mixedmode tags. BZ #1039382 - Add blank page after cover page in PDF. BZ #1050770 - Fix replaceable override in DB 4.5 XSL. BZ #1054462 - Store processing instructions. BZ #1045463 - Add releaseinfo support. BZ #1050789 - Add suppor5t for wkhtmltopdf 0.12.0 - Add non-minified JS files. BZ #1062109 - Use term as ID node for varlistentry. BZ #1050836 - Fix acroread search and image issues. BZ #1038393 #1065810 - Add line numbering to DB5 html output. BZ #1074709 - Remove glossdiv and indexdiv headings from PDF TOC. BZ #1058545 - Add basic handling & style for revisionflag. - Fix admonition style for wkhtmnltopdf 0.12. - Pass chunk_section_depth to wkhtmltopdf. BZ #1044848 - Do not die on empty brand conf files. BZ #1037037 - Fix font embedding in PDF. - Enforce RPM API requirements. BZ #1029293 - Fix desktop SPEC file creation. BZ #1081087 - Pass previous option to msgmerge. BZ #1081363 - Load splash pages in templates instead of using javascript. BZ #1081300 - Sync list layout across web and desktop styles. BZ #1080236 - Add dt_format parameter. BZ #1081808 - Provide gettext version of package name. BZ #1083102 - Fix step style. BZ #1080156 - Fix DD layout. BZ #1084242 - Fix tables breaking out. BZ #1082444 - Add zt_push and zt_pull for Zanata. -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2014 Rüdiger Landmann <rlandmann@xxxxxxxxxx> 4.1.1-0.1 - Depend on FOP * Thu May 8 2014 Jeff Fearn <jfearn@xxxxxxxxxx> 4.1.1-0 - Fix long tables and pre's breaking PDF build. BZ #1095574 * Mon May 5 2014 Jeff Fearn <jfearn@xxxxxxxxxx> 4.1.0-0 - Add abstract to release notes so PDF builds - Fix RPM upgrade not pulling in required XML::TreeBuilder version. BZ #1053609 - Allow PDF to build without any authors. BZ #1050975 - Increase XML::LibXSLT::max_depth to 10K. BZ #1035525 - Include entrytbl in cols count. BZ #1069405 - Add 'td' to translatable blocks list. BZ #1059938 - Treat entry like para for mixedmode tags. BZ #1039382 - Add blank page after cover page in PDF. BZ #1050770 - Fix replaceable override in DB 4.5 XSL. BZ #1054462 - Store processing instructions. BZ #1045463 - Add releaseinfo support. BZ #1050789 - Add suppor5t for wkhtmltopdf 0.12.0 - Add non-minified JS files. BZ #1062109 - Use term as ID node for varlistentry. BZ #1050836 - Fix acroread search and image issues. BZ #1038393 #1065810 - Add line numbering to DB5 html output. BZ #1074709 - Remove glossdiv and indexdiv headings from PDF TOC. BZ #1058545 - Add basic handling & style for revisionflag. - Fix admonition style for wkhtmnltopdf 0.12. - Pass chunk_section_depth to wkhtmltopdf. BZ #1044848 - Do not die on empty brand conf files. BZ #1037037 - Fix font embedding - Enforce RPM API requirements. BZ #1029293 - Fix desktop SPEC file creation. BZ #1081087 - Pass previous option to msgmerge. BZ #1081363 - Load splash pages in templates instead of using javascript. BZ #1081300 - Sync list layout across web and desktop styles. BZ #1080236 - Add dt_format parameter. BZ #1081808 - Provide gettext version of package name. BZ #1083102 - Fix step style. BZ #1080156 - Fix DD layout. BZ #1084242 - Fix tables breaking out. BZ #1082444 - Add zt_push and zt_pull for Zanata. -------------------------------------------------------------------------------- ================================================================================ python-ngram-3.3.0-1.fc19 (FEDORA-2014-6190) Set-based subclass providing fuzzy search based on N-grams -------------------------------------------------------------------------------- Update Information: initial rpm release (#1096188) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096188 - Review Request: python-ngram - Set-based subclass providing fuzzy search based on N-grams https://bugzilla.redhat.com/show_bug.cgi?id=1096188 -------------------------------------------------------------------------------- ================================================================================ python-pypng-0.0.16-1.fc19 (FEDORA-2014-6187) Pure Python PNG image encoder/decoder -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096350 - Review Request: python-pypng - Pure Python PNG image encoder/decoder https://bugzilla.redhat.com/show_bug.cgi?id=1096350 -------------------------------------------------------------------------------- ================================================================================ tintii-2.8.2-1.fc19 (FEDORA-2014-6188) Selective colour, saturation and hue shift effects utility -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1070549 - Review Request: tintii - Selective colour, saturation and hue shift effects utility https://bugzilla.redhat.com/show_bug.cgi?id=1070549 -------------------------------------------------------------------------------- ================================================================================ vcsh-1.20140508-1.fc19 (FEDORA-2014-6203) Version Control System for $HOME -------------------------------------------------------------------------------- Update Information: This update mainly increases portability and brings various improvements. https://github.com/RichiH/vcsh/blob/v1.20140508/changelog -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2014 Dridi Boukelmoune <dridi.boukelmoune@xxxxxxxxx> - 1.20140508-1 - Bumped version to 1.20140508 - Switched to a commit tarball from github -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095893 - vcsh-1.20140508 is available https://bugzilla.redhat.com/show_bug.cgi?id=1095893 -------------------------------------------------------------------------------- ================================================================================ wordpress-3.9.1-1.fc19 (FEDORA-2014-6144) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: WordPress 3.9 “Smith” Official annoucements: * http://wordpress.org/news/2014/04/smith/ * http://wordpress.org/news/2014/05/wordpress-3-9-1/ -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 3.9.1-1 - update to 3.9.1 Maintenance Release * Wed May 7 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 3.9-1 - update to 3.9 “Smith” -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
