The following Fedora 19 Security updates need testing: Age URL 207 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 20 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-6046/cifs-utils-6.3-2.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-6083/qt-4.8.6-5.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-6127/rubygem-actionpack-3.2.13-6.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-5759/cups-filters-1.0.53-2.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6255/smb4k-1.1.2-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6271/seamonkey-2.26-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-6331/dovecot-2.2.13-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6369/perl-LWP-Protocol-https-6.04-2.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6343/zabbix-2.0.12-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6395/mutt-1.5.23-2.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6454/python-django-1.5.8-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6470/mumble-1.2.6-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6530/php-ZendFramework2-2.2.7-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6569/openssh-6.2p2-8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6577/moodle-2.4.10-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 156 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 82 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-6113/xorg-x11-drv-evdev-2.8.4-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-6075/selinux-policy-3.12.1-74.26.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-6126/policycoreutils-2.1.14-46.8.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-6083/qt-4.8.6-5.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-5590/libcap-ng-0.7.4-1.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-6179/nss-softokn-3.16.1-1.fc19,nspr-4.10.5-1.fc19,nss-util-3.16.1-1.fc19,nss-3.16.1-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-6185/kde-workspace-4.11.9-4.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6282/curl-7.29.0-19.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6361/btrfs-progs-3.14.1-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6422/taglib-1.9.1-5.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6335/squashfs-tools-4.3-4.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6447/xfsprogs-3.2.0-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6462/libxfce4ui-4.10.0-11.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6587/libnl3-3.2.22-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6578/ibus-1.5.7-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6569/openssh-6.2p2-8.fc19 The following builds have been pushed to Fedora 19 updates-testing ardour3-3.5.380-1.fc19 chicken-4.8.0.6-2.fc19 ibus-1.5.7-2.fc19 libnl3-3.2.22-3.fc19 moodle-2.4.10-1.fc19 nodejs-shelljs-0.3.0-1.fc19 openlibm-0.3-6.fc19 openssh-6.2p2-8.fc19 owfs-2.9p5-1.fc19 perl-Plack-Middleware-Test-StashWarnings-0.08-1.fc19 qpid-cpp-0.24-9.fc19 qpid-qmf-0.24-18.fc19 rubygem-openscap-0.1.0-4.fc19 subversion-api-docs-1.7.16-1.fc19 tango-2-18.fc19 thunderbird-lightning-2.6.5-9.fc19 tralics-2.15.1-3.fc19 Details about builds: ================================================================================ ardour3-3.5.380-1.fc19 (FEDORA-2014-6562) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information: **Ardour 3.5.380 is a CRITICAL bug fix release. ALL USERS ARE RECOMMENDED TO UPGRADE.** It includes several absolutely vital fixes for bugs that could lead to audio and MIDI files being irreversibly deleted from disk. Check out [the upstream announcement](https://community.ardour.org/node/8224) for detailed information. -------------------------------------------------------------------------------- ChangeLog: * Wed May 14 2014 Nils Philippsen <nils@xxxxxxxxxx> - 3.5.380-1 - version 3.5.380 -------------------------------------------------------------------------------- ================================================================================ chicken-4.8.0.6-2.fc19 (FEDORA-2014-6553) A practical and portable Scheme system -------------------------------------------------------------------------------- Update Information: Fix for CVE-2014-3776 and bump to 4.8.0.6. Latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 4.8.0.6-2 - Patch for CVE-2014-3776. * Thu Apr 24 2014 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 4.8.0.6-1 - Upstream 4.8.0.6. * Sat Dec 14 2013 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 4.8.0.5-3 - Get rid of docs subpackage. - Add a -libs subpackage for the runtime library. * Sun Dec 8 2013 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 4.8.0.5-2 - Add -Wformat for BZ #1037013. * Sun Nov 24 2013 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 4.8.0.5-1 - Upstream 4.8.0.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099613 - CVE-2014-3776 chicken: buffer overflow in "read-u8vector!" procedure leads to DoS or arbitrary code exec https://bugzilla.redhat.com/show_bug.cgi?id=1099613 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.7-2.fc19 (FEDORA-2014-6578) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: This update fixes the width of ibus-setup GUI. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.7-2 - Updated ibus-HEAD.patch for width of ibus-setup. -------------------------------------------------------------------------------- ================================================================================ libnl3-3.2.22-3.fc19 (FEDORA-2014-6587) Convenience library for kernel netlink sockets -------------------------------------------------------------------------------- Update Information: - add nl_has_capability() function - retry local port on ADDRINUSE (rh #1097175) -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Thomas Haller <thaller@xxxxxxxxxx> - 3.2.22-3 - add nl_has_capability() function - retry local port on ADDRINUSE (rh #1097175) * Mon Sep 23 2013 Paul Wouters <pwouters@xxxxxxxxxx> - 3.2.22-2 - Update to 3.2.22 (rhbz#963111) - Add patch for double tree crasher in rtnl_link_set_address_family() * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.21-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097175 - Backport upstream fix for trying other ports when a local port is in use https://bugzilla.redhat.com/show_bug.cgi?id=1097175 -------------------------------------------------------------------------------- ================================================================================ moodle-2.4.10-1.fc19 (FEDORA-2014-6577) A Course Management System -------------------------------------------------------------------------------- Update Information: Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws: CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile CVE-2014-0215 MSA-14-0016: Anonymous student identity revealed in assignment CVE-2014-0216 MSA-14-0017: File access issue in HTML block CVE-2014-0217 MSA-14-0018: Information leak in courses CVE-2014-0218 MSA-14-0019: Reflected XSS in URL downloader repository For a full summary and patch links, refer to the following: http://seclists.org/oss-sec/2014/q2/329 -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 2.4.10-1 - CVE-2014-0213, CVE-2014-0214, CVE-2014-0215, CVE-2014-0216 - CVE-2014-0217, CVE-2014-0218 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099766 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1099766 [ 2 ] Bug #1099765 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1099765 -------------------------------------------------------------------------------- ================================================================================ nodejs-shelljs-0.3.0-1.fc19 (FEDORA-2014-6546) Portable Unix shell commands for Node.js -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- ================================================================================ openlibm-0.3-6.fc19 (FEDORA-2014-6552) High quality system independent, open source libm -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1089500 - Review Request: openlibm - High quality system independent, open source libm https://bugzilla.redhat.com/show_bug.cgi?id=1089500 -------------------------------------------------------------------------------- ================================================================================ openssh-6.2p2-8.fc19 (FEDORA-2014-6569) An open source implementation of SSH protocol versions 1 and 2 -------------------------------------------------------------------------------- Update Information: - environment variables with embedded '=' or '0' characters are now ignored - prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys - /etc/ssh/moduli is readable by all now - ssh-copy-id is run in so called legacy mode when SSH_COPY_ID_LEGACY variable is set -------------------------------------------------------------------------------- ChangeLog: * Mon May 19 2014 Petr Lautrbach <plautrba@xxxxxxxxxx> 6.2p2-8 + 0.9.3-5 - fix fatal() cleanup in the audit patch (#1029074) - fix parsing logic of ldap.conf file (#1033662) - use SSH_COPY_ID_LEGACY variable to run ssh-copy-id in the legacy mode - make /etc/ssh/moduli file public (#1043661) - prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338) - ignore environment variables with embedded '=' or '\0' characters - CVE-2014-2532 (#1077843) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081338 - CVE-2014-2653 openssh: failure to check DNS SSHFP records in certain scenarios https://bugzilla.redhat.com/show_bug.cgi?id=1081338 [ 2 ] Bug #1077843 - CVE-2014-2532 openssh: AcceptEnv environment restriction bypass flaw https://bugzilla.redhat.com/show_bug.cgi?id=1077843 -------------------------------------------------------------------------------- ================================================================================ owfs-2.9p5-1.fc19 (FEDORA-2014-6548) 1-Wire Virtual File System -------------------------------------------------------------------------------- Update Information: This update brings following changes: - improved support of DS2409 (Microlan) hubs - owserver-to-owserver communication is not longer susceptible to loops -------------------------------------------------------------------------------- ChangeLog: * Thu May 15 2014 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 2.9p5-1 - latest upstream release -------------------------------------------------------------------------------- ================================================================================ perl-Plack-Middleware-Test-StashWarnings-0.08-1.fc19 (FEDORA-2014-6567) Test your application's warnings -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.08-1 - Upstream update. -------------------------------------------------------------------------------- ================================================================================ qpid-cpp-0.24-9.fc19 (FEDORA-2014-6558) Libraries for Qpid C++ client applications -------------------------------------------------------------------------------- Update Information: Added virtual package qpid(client-devel) to qpid-cpp-client-devel. Add a virtual package in qpid-cpp-client named qpid(client). -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-9 - Added virtual package qpid(client-devel) to qpid-cpp-client-devel. - Resolves: #BZ#1098154 * Tue May 20 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-8 - Add a virtual package in qpid-cpp-client named qpid(client). - Resolves: BZ#1098154 - Removed the Epoch field before going to stable. * Mon May 19 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-7 - Added an epoch for F19 to replace the 0.26 release. * Tue Jan 21 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-6 - Set qpidd service to start after the network service. - Resolves: BZ#1055660 * Thu Dec 5 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-5 - Fixed how qpid-cpp-server was depending on -store. - qpidd.service now starts after network.service - Resolves: BZ#1038674 - Resolves: BZ#1038094 * Sat Nov 30 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-4 - Removed rdma.so from the -server subpackage. - Removed rdmaconnector.so from the -client subpackage. - Resolves: BZ#1035323 * Thu Sep 26 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-3.1 - Provide a symlink from /etc/qpid/qpidd.conf to /etc/qpidd.conf: - * this will be removed with the 0.26 release - * for upgrades any existing file is preserved for now - Resolves: BZ#1012001 * Mon Sep 23 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-3 - Fixed dependencies on python-qmf to be python-qpid-qmf. * Mon Sep 23 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-2 - Add arch checks for all requires to block potential multilib errors on upgrade. - Added virtual provides for both obsoleted -ssl packages. - Resolves: BZ#1010999 * Fri Sep 20 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.24-1 - Rebased on Qpid 0.24. - Relocated qpidd.conf to /etc/qpid - Trimmed old changelog entries due to bogus date complaints. - Added fixes to support ARM as a primary platform. - Build depends on qpid-proton 0.5. - QPID-4938: Stop building ssl and acl support as separate plugin modules on Unix - Cleaner encoding of index for delivery tags - QPID-5122 - QPID-5123: Changes to Fedora 19 packaging of libdb4 prevents legacystore from building - QPID-5016: Legacy store not correctly initialising rmgr - QPID-5126: Fix for building legacy store on ARM platforms * Tue Jul 2 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.22-2 - Fixed adding the soversion to shared libraries. - Resolves: BZ#980364 * Thu Jun 13 2013 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.22-1.1 - Rebased on Qpid 0.22. - The package now uses the CMake build system from Qpid. - No longer use a separate source for the store. - Resolves: BZ#616080 - Resolves: BZ#966780 - Resolves: BZ#967100 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1098154 - qpid-cpp-client should provide a virtual package on which other packages can depend https://bugzilla.redhat.com/show_bug.cgi?id=1098154 -------------------------------------------------------------------------------- ================================================================================ qpid-qmf-0.24-18.fc19 (FEDORA-2014-6571) The QPID Management Framework -------------------------------------------------------------------------------- Update Information: Changed requirements to be on virtual qpid packages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099481 - Packages should require the qpid(client) virtual package to avoid version problems in F19 https://bugzilla.redhat.com/show_bug.cgi?id=1099481 -------------------------------------------------------------------------------- ================================================================================ rubygem-openscap-0.1.0-4.fc19 (FEDORA-2014-6588) A FFI wrapper around the OpenSCAP library -------------------------------------------------------------------------------- Update Information: A new package born! -------------------------------------------------------------------------------- ================================================================================ subversion-api-docs-1.7.16-1.fc19 (FEDORA-2014-6573) Subversion API documentation -------------------------------------------------------------------------------- Update Information: Rebuild against current stable. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Bojan Smojver <bojan@xxxxxxxxxxxxx> 1.7.16-1 - bump up to 1.7.16 -------------------------------------------------------------------------------- ================================================================================ tango-2-18.fc19 (FEDORA-2014-6545) The Developer's Library for D -------------------------------------------------------------------------------- Update Information: update to latest rev -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-18 - update to latest rev * Sun Mar 9 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-17 - Update to latest rev * Wed Oct 30 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-16 - exclude arm * Thu Oct 24 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-15 - Update to rev ff2b1d3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057936 - The package cannot be installed because it requires the wrong .so https://bugzilla.redhat.com/show_bug.cgi?id=1057936 -------------------------------------------------------------------------------- ================================================================================ thunderbird-lightning-2.6.5-9.fc19 (FEDORA-2014-6592) The calendar extension to Thunderbird -------------------------------------------------------------------------------- Update Information: Update to 2.6.5 -------------------------------------------------------------------------------- ChangeLog: * Wed May 14 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.6.5-9 - Update to 2.6.5 * Fri Jan 31 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.6.4-8 - Fix build with -Werror=format-security (bug #1037355) -------------------------------------------------------------------------------- ================================================================================ tralics-2.15.1-3.fc19 (FEDORA-2014-6590) LaTeX to XML translator -------------------------------------------------------------------------------- Update Information: LaTeX to XML translator -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000445 - Review Request: tralics - LaTeX to XML translator https://bugzilla.redhat.com/show_bug.cgi?id=1000445 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
