The following Fedora 19 Security updates need testing: Age URL 200 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-5974/python-fmn-web-0.2.4-3.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-5948/python-fedora-0.3.34-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-6046/cifs-utils-6.3-2.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6083/qt-4.8.6-5.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6127/rubygem-actionpack-3.2.13-6.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6209/mutt-1.5.23-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-5759/cups-filters-1.0.53-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6255/smb4k-1.1.2-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6237/botan-1.8.14-3.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6271/seamonkey-2.26-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6331/dovecot-2.2.13-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6369/perl-LWP-Protocol-https-6.04-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6343/zabbix-2.0.12-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6354/kernel-3.14.4-100.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 149 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 75 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-5818/libssh2-1.4.3-7.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-5448/ibus-1.5.7-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-6047/gupnp-0.20.11-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6113/xorg-x11-drv-evdev-2.8.4-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6075/selinux-policy-3.12.1-74.26.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6126/policycoreutils-2.1.14-46.8.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6083/qt-4.8.6-5.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5590/libcap-ng-0.7.4-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6179/nss-softokn-3.16.1-1.fc19,nspr-4.10.5-1.fc19,nss-util-3.16.1-1.fc19,nss-3.16.1-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6185/kde-workspace-4.11.9-4.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6282/curl-7.29.0-19.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6354/kernel-3.14.4-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6361/btrfs-progs-3.14.1-1.fc19 The following builds have been pushed to Fedora 19 updates-testing btrfs-progs-3.14.1-1.fc19 docker-io-0.11.1-3.fc19 duplicity-0.6.24-2.fc19 gnome-chemistry-utils-0.14.8-1.fc19 kernel-3.14.4-100.fc19 mingw-physfs-2.0.3-4.fc19 nagios-plugins-bonding-1.4-1.fc19 perl-Fedora-Rebuild-0.12.0-1.fc19 perl-LWP-Protocol-https-6.04-2.fc19 psi4-4.0-0.11.0c7ea92git.fc19 rxvt-unicode-9.20-2.fc19 stompclt-1.2-1.fc19 xl2tpd-1.3.6-1.fc19 zabbix-2.0.12-1.fc19 Details about builds: ================================================================================ btrfs-progs-3.14.1-1.fc19 (FEDORA-2014-6361) Userspace programs for btrfs -------------------------------------------------------------------------------- Update Information: New upstream version -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 22 2014 Eric Sandeen <sandeen@xxxxxxxxxx> 3.14.1-1 - New upstream release * Wed Apr 16 2014 Eric Sandeen <sandeen@xxxxxxxxxx> 3.14-1 - New upstream release * Mon Jan 20 2014 Eric Sandeen <sandeen@xxxxxxxxxx> 3.12-2 - Add proper Source0 URL, switch to .xz -------------------------------------------------------------------------------- ================================================================================ docker-io-0.11.1-3.fc19 (FEDORA-2014-6358) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: enable selinux regenerate btrfs removal patch BZ 1080799 - upstream version bump remove tar and libcgroup dep lxc removed (optional) BZ 1074880 - upstream version bump to v0.9.0 -------------------------------------------------------------------------------- ChangeLog: * Tue May 13 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0.11.1-3 - enable selinux * Tue May 13 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0.11.1-2 - remove conditionals * Thu May 8 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0.11.1-1 - Bug 1095616 - upstream bump to 0.11.1 - manpages via pandoc * Mon Apr 14 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0.10.0-2 - regenerate btrfs removal patch - update commit value * Mon Apr 14 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0.10.0-1 - include manpages from contrib * Wed Apr 9 2014 Bobby Powers <bobbypowers@xxxxxxxxx> - 0.10.0-1 - Upstream version bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1087223 - docker-io-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1087223 [ 2 ] Bug #1086430 - Update to latest version 0.10.0 https://bugzilla.redhat.com/show_bug.cgi?id=1086430 [ 3 ] Bug #1080799 - docker-io-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1080799 [ 4 ] Bug #1074880 - docker-io-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1074880 -------------------------------------------------------------------------------- ================================================================================ duplicity-0.6.24-2.fc19 (FEDORA-2014-6345) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information: add build requires on python-setuptools add dependency on python-lockfile update to 0.6.33 -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.6.24-2 - add build requires on python-setuptools * Mon May 12 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.6.24-1 - update to 0.6.24 - drop patch for documentation and remove it directly in spec * Fri Apr 11 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.6.23-2 - add dependency on python-lockfile * Fri Apr 11 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.6.23-1 - update to 0.6.33 - drop no longer needed patch for Amazon s3 backup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060956 - Deja-Dup Restore Failure on FC 19 https://bugzilla.redhat.com/show_bug.cgi?id=1060956 [ 2 ] Bug #1086848 - duplicity 0.6.23-1 has missing dependency on python-lockfile https://bugzilla.redhat.com/show_bug.cgi?id=1086848 -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.8-1.fc19 (FEDORA-2014-6342) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream release: * https://savannah.nongnu.org/forum/forum.php?forum_id=7975 -------------------------------------------------------------------------------- ChangeLog: * Tue May 13 2014 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.14.8-1 - Updated to 0.14.8 -------------------------------------------------------------------------------- ================================================================================ kernel-3.14.4-100.fc19 (FEDORA-2014-6354) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.14.4 stable update contains a number of important fixes across the tree. The 3.14.3 stable rebase contains support for new hardware, some new features, and a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Tue May 13 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.14.4-100 - Linux v3.14.4 * Mon May 12 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-3144/CVE-2014-3145 filter: prevent nla from peeking beyond eom (rhbz 1096775, 1096784) * Fri May 9 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-1738 CVE-2014-1737 floppy: priv esclation (rhbz 1094299 1096195) * Thu May 8 2014 Neil Horman <nhorman@xxxxxxxxxx> - 3.14.3-101 - Fix dma unmap error in jme driver (rhbz 1082266) * Thu May 8 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.14.3-100 - Linux v3.14.3 * Sat May 3 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add patch to fix HID rmi driver from Benjamin Tissoires (rhbz 1090161) * Wed Apr 30 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-3122: mm: fix locking DoS issue (rhbz 1093084 1093076) - Enable CONFIG_MEMORY_HOTPLUG (rhbz 1092948) * Fri Apr 25 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - Add synaptics min-max quirk for ThinkPad Edge E431 (rhbz#1089689) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096775 - CVE-2014-3144 CVE-2014-3145 Kernel: filter: prevent nla extensions to peek beyond the end of the message https://bugzilla.redhat.com/show_bug.cgi?id=1096775 [ 2 ] Bug #1094299 - CVE-2014-1737 CVE-2014-1738 kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command https://bugzilla.redhat.com/show_bug.cgi?id=1094299 [ 3 ] Bug #1094232 - CVE-2014-0196 kernel: pty layer race condition leading to memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=1094232 [ 4 ] Bug #1094265 - CVE-2014-0181 kernel: net: insufficient permision checks of netlink messages https://bugzilla.redhat.com/show_bug.cgi?id=1094265 [ 5 ] Bug #1093076 - CVE-2014-3122 Kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking https://bugzilla.redhat.com/show_bug.cgi?id=1093076 -------------------------------------------------------------------------------- ================================================================================ mingw-physfs-2.0.3-4.fc19 (FEDORA-2014-6370) MinGW compiled physfs library to provide abstract access to various archives -------------------------------------------------------------------------------- Update Information: initial import of mingw-physfs -------------------------------------------------------------------------------- References: [ 1 ] Bug #957346 - Review Request: mingw-physfs - MinGW compiled physfs library to provide abstract access to various archives https://bugzilla.redhat.com/show_bug.cgi?id=957346 -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-bonding-1.4-1.fc19 (FEDORA-2014-6367) Nagios plugin to monitor Linux bonding interfaces -------------------------------------------------------------------------------- Update Information: Upstream release 1.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #887821 - Review Request: nagios-plugins-bonding - Nagios plugin to monitor Linux bonding interfaces https://bugzilla.redhat.com/show_bug.cgi?id=887821 -------------------------------------------------------------------------------- ================================================================================ perl-Fedora-Rebuild-0.12.0-1.fc19 (FEDORA-2014-6359) Rebuilds Fedora packages from scratch -------------------------------------------------------------------------------- Update Information: This release fixes spurious failures reporting missing working directory. It improves performance in the dependency solver. It provides new tool rebuildreset and documentation for Fedora::Rebuild::Solver module. -------------------------------------------------------------------------------- ChangeLog: * Tue May 13 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.12.0-1 - 0.12.0 bump -------------------------------------------------------------------------------- ================================================================================ perl-LWP-Protocol-https-6.04-2.fc19 (FEDORA-2014-6369) Provide HTTPS support for LWP::UserAgent -------------------------------------------------------------------------------- Update Information: This release fixes a server certification validation when a certificate authority is defined by HTTPS_CA_DIR or HTTPS_CA_FILE environement variable. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 6.04-2 - Fix CVE-2014-3230 (incorrect handling of SSL certificate verification if HTTPS_CA_DIR or HTTPS_CA_FILE environment variables are set) (bug #1094442) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1094440 - CVE-2014-3230 perl-libwww-perl: incorrect handling of SSL certificate verification https://bugzilla.redhat.com/show_bug.cgi?id=1094440 -------------------------------------------------------------------------------- ================================================================================ psi4-4.0-0.11.0c7ea92git.fc19 (FEDORA-2014-6365) An ab initio quantum chemistry package -------------------------------------------------------------------------------- Update Information: Update to newest git snapshot. -------------------------------------------------------------------------------- ChangeLog: * Tue May 13 2014 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.0-0.11.0c7ea928git - Update to newest git snapshot. - Remove BR: ruby-devel. * Mon Mar 10 2014 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.0-0.10.b5 - Rebuild against updated libint. * Sat Jan 4 2014 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.0-0.9.b5 - Drop %?_isa from virtual provide of -static package (BZ #951582). -------------------------------------------------------------------------------- ================================================================================ rxvt-unicode-9.20-2.fc19 (FEDORA-2014-6372) Unicode version of rxvt -------------------------------------------------------------------------------- Update Information: Remove Fedora-specific patches that change expected default behavior. -------------------------------------------------------------------------------- ChangeLog: * Tue May 13 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 9.20-2 - There is no need for the patches below, as they change the behavior of our package and break the principle of least astonishment. - Remove Fedora-specific patch to scroll up/down one line. Any users wanting this behavior can create their own key bindings. - Remove Fedora-specific patch to open new tabs with Control-t. Any users wanting this behavior can create their own key bindings. - The popular 'tabbed' extension can now work properly (#1096791). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096791 - Shift+Down does not open new tab https://bugzilla.redhat.com/show_bug.cgi?id=1096791 -------------------------------------------------------------------------------- ================================================================================ stompclt-1.2-1.fc19 (FEDORA-2014-6353) Versatile STOMP client -------------------------------------------------------------------------------- Update Information: Update to upstream, rhbz #1097055. -------------------------------------------------------------------------------- ChangeLog: * Tue May 13 2014 Alexandre Beche <alexandre.beche@xxxxxxxxx> 1.2-1 - Update to upstream, rhbz #1097055. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097055 - Upgrade to new upstream version https://bugzilla.redhat.com/show_bug.cgi?id=1097055 -------------------------------------------------------------------------------- ================================================================================ xl2tpd-1.3.6-1.fc19 (FEDORA-2014-6347) Layer 2 Tunnelling Protocol Daemon (RFC 2661) -------------------------------------------------------------------------------- Update Information: Updated to 1.3.6 which fixes listening on the ANY address, systemd fixes, and revert of ipparam manipulation -------------------------------------------------------------------------------- ChangeLog: * Tue May 13 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 1.3.6-1 - Updated to 1.3.6 - using github-only monstrosity packaging - Resolves: rhbz#1051785 (new upstream version available) - Resolves: rhbz#868391 xl2tpd sends response packets from wrong IP address - Revert: rhbz#929447 Incorrect "ipparam" manipulation - Resolves: rhbz#1055196 Don't order service after syslog.target - Resolves: rhbz#984332 xl2tpd tmpfiles configuration file in wrong directory - Removed patches merged in upstream. - FIPS patch updated with advertising clause for openssl in xl2tpd -V (although the GPL code was already basically taken from openssl) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.1-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1051785 - xl2tpd-1.3.7dev1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1051785 [ 2 ] Bug #868391 - xl2tpd sends response packets from wrong IP address https://bugzilla.redhat.com/show_bug.cgi?id=868391 [ 3 ] Bug #929447 - Incorrect "ipparam" manipulation https://bugzilla.redhat.com/show_bug.cgi?id=929447 [ 4 ] Bug #1055196 - Don't order service after syslog.target. https://bugzilla.redhat.com/show_bug.cgi?id=1055196 [ 5 ] Bug #984332 - xl2tpd tmpfiles configuration file in wrong directory https://bugzilla.redhat.com/show_bug.cgi?id=984332 -------------------------------------------------------------------------------- ================================================================================ zabbix-2.0.12-1.fc19 (FEDORA-2014-6343) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: http://www.zabbix.com/rn2.0.12.php -------------------------------------------------------------------------------- ChangeLog: * Tue May 13 2014 Volker Fröhlich <volker27@xxxxxx> - 2.0.12-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095926 - CVE-2014-1685 zabbix: unauthorized modification of user media via Zabbix Admin users https://bugzilla.redhat.com/show_bug.cgi?id=1095926 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
