The following Fedora 19 Security updates need testing: Age URL 236 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 49 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 38 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19 28 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19 27 https://admin.fedoraproject.org/updates/FEDORA-2014-6597/drupal7-views-3.8-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-7274/tor-0.2.4.22-2.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7333/ReviewBoard-1.7.26-2.fc19,python-django-evolution-0.6.9-4.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7322/thunderbird-24.6.0-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7399/python-jinja2-2.6-7.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-7413/rb_libtorrent-0.16.8-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-7408/xen-4.2.4-5.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7426/kernel-3.14.8-100.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7490/sos-3.1-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 184 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 111 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7157/libbluray-0.6.0-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7178/perl-Filter-1.50-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7192/linux-firmware-20140605-36.gita4f3bc03.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-7270/qt-4.8.6-9.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-7285/gupnp-av-0.12.6-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7322/thunderbird-24.6.0-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7389/crda-1.1.3_2014.06.13-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7395/squashfs-tools-4.3-6.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7462/btrfs-progs-3.14.2-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7453/kde-workspace-4.11.10-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7498/pcre-8.32-9.fc19 The following builds have been pushed to Fedora 19 updates-testing asm6809-2.1-1.fc19 copr-cli-1.33-1.fc19 erlang-sd_notify-0.1-1.fc19 iperf3-3.0.5-1.fc19 knot-1.4.7-1.fc19 lwtools-4.10-1.fc19 mozilla-https-everywhere-3.5.1-2.fc19 nodejs-0.10.29-1.fc19 pcp-3.9.5-1.fc19 pcre-8.32-9.fc19 ratools-0.5.3-2.fc19 readline-6.2-8.fc19 traceroute-2.0.20-1.fc19 udt-4.11-2.fc19 v8-3.14.5.10-9.fc19 wcd-5.2.5-1.fc19 xfig-3.2.5-43.c.fc19 Details about builds: ================================================================================ asm6809-2.1-1.fc19 (FEDORA-2014-7543) Multiple pass 6809 & 6309 cross assembler -------------------------------------------------------------------------------- Update Information: asm6809 - Multiple pass 6809 & 6309 cross assembler -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109366 - Review Request: asm6809 - Multiple pass 6809 & 6309 cross assembler https://bugzilla.redhat.com/show_bug.cgi?id=1109366 -------------------------------------------------------------------------------- ================================================================================ copr-cli-1.33-1.fc19 (FEDORA-2014-7515) Command line interface for COPR -------------------------------------------------------------------------------- Update Information: cancel added to the man page exit code 4 for failed build and man pages updated error and shell return code 1 when build fails delete a project shell return codes with errors copr-cli cancel fix -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Miroslav Suchý <msuchy@xxxxxxxxxx> 1.33-1 - cancel added to the man page - exit code 4 for failed build and man pages updated - error and shell return code 1 when build fails - delete a project - shell return codes with errors - copr-cli cancel fix -------------------------------------------------------------------------------- ================================================================================ erlang-sd_notify-0.1-1.fc19 (FEDORA-2014-7510) Erlang interface to systemd notify subsystem -------------------------------------------------------------------------------- Update Information: * Initial build -------------------------------------------------------------------------------- References: [ 1 ] Bug #1104604 - Review Request: erlang-sd_notify - Erlang interface to systemd notify subsystem https://bugzilla.redhat.com/show_bug.cgi?id=1104604 -------------------------------------------------------------------------------- ================================================================================ iperf3-3.0.5-1.fc19 (FEDORA-2014-7545) Measurement tool for TCP/UDP bandwidth performance -------------------------------------------------------------------------------- Update Information: Update to 3.0.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Susant Sahani <ssahani@xxxxxxxxxx> 3.0.5-1 - Update to 3.0.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1111027 - iperf3-3.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1111027 -------------------------------------------------------------------------------- ================================================================================ knot-1.4.7-1.fc19 (FEDORA-2014-7549) An authoritative DNS daemon -------------------------------------------------------------------------------- Update Information: update to 1.4.7 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 18 2014 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 1.4.7-1 - update to 1.4.7 + Fixed DDNS corner cases + Fixed zone EXPIRE timer + Fixed semantic checks false positives + Fixed sending malformed IXFR with automatic DNSSEC + Fixed NAPTR record serialization -------------------------------------------------------------------------------- ================================================================================ lwtools-4.10-1.fc19 (FEDORA-2014-7547) Cross-development tool chain for Motorola 6809 and Hitachi 6309 -------------------------------------------------------------------------------- Update Information: lwtools - Cross-development tool chain for Motorola 6809 and Hitachi 6309 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109314 - Review Request: lwtools - Cross-development tool chain for Motorola 6809 and Hitachi 6309 https://bugzilla.redhat.com/show_bug.cgi?id=1109314 -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-3.5.1-2.fc19 (FEDORA-2014-7506) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 30 2014 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 3.5.1-1 - Revert https://github.com/EFForg/https-everywhere/pull/134 due to YouTube -- breakage. - Re-enable ability to see all rulesets in enable/disable dialog. - Added more Debian coverage. - Fixes to Doubleclick, Guardian, Heroku, Home Depot, HypeMachine, IMDB, -- Justin.tv, Kikatek, Mozilla, MyFitnessPal, Pinterest, XKCD, Reuters, -- Technet, Tumblr, Wordpress, Yandex, Youtube, Flickr. - Fix Australis icon positioning: -- https://github.com/EFForg/https-everywhere/pull/216 * Wed Apr 16 2014 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 3.5-1 - Merge all non-ruleset changes from 4.0development.16 - Merge all new/modified rulesets from 4.0development.16 that are -- in the Alexa Top 1000 using utils/alexa-ruleset-checker.py. For a full list, -- see utils/alexa-logs/07042014.log. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1100493 - can't access http://www.pcworld.com with mozilla-https-everywhere enabled https://bugzilla.redhat.com/show_bug.cgi?id=1100493 -------------------------------------------------------------------------------- ================================================================================ nodejs-0.10.29-1.fc19 (FEDORA-2014-7518) JavaScript runtime -------------------------------------------------------------------------------- Update Information: 2014.06.05, Version 0.10.29 (Stable) * child_process: do not set args before throwing (Greg Sabia Tucker) * child_process: spawn() does not throw TypeError (Greg Sabia Tucker) * constants: export O_NONBLOCK (Fedor Indutny) * crypto: improve memory usage (Alexis Campailla) * fs: close file if fstat() fails in readFile() (cjihrig) * lib: name EventEmitter prototype methods (Ben Noordhuis) * tls: fix performance issue (Alexis Campailla) The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a stable distribution release. This build of nodejs will behave as if NODE_INVALID_UTF8 was set. For more information on the implications, see: http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/ Additionally, a minor bug in v8 has been fixed that caused certain integer comparisons to return true when they should have returned false. Please note that there is no OpenSSL security fixes as part of this update as there were upstream; nodejs in Fedora uses the system OpenSSL library and thus receives security updates as soon as the "openssl" packages on your system are updated. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.29-1 - new upstream release 0.10.29 http://blog.nodejs.org/2014/06/16/node-v0-10-29-stable/ - The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a stable distribution release. This build of nodejs will behave as if NODE_INVALID_UTF8 was set. For more information on the implications, see: http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/ -------------------------------------------------------------------------------- ================================================================================ pcp-3.9.5-1.fc19 (FEDORA-2014-7548) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information: Daemon signal handlers no longer use unsafe APIs (BZ 847343), Handle /var/run setups on a temporary filesystem (BZ 656659), Resolve pmlogcheck sigsegv for some archives (BZ 1077432), Ensure pcp-gui-{testsuite,debuginfo} packages get replaced, Revive support for EPEL5 builds, post pcp-gui merge, Update to latest PCP sources. Update to latest PCP sources -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 18 2014 Dave Brolley <brolley@xxxxxxxxxx> - 3.9.5-1 - Daemon signal handlers no longer use unsafe APIs (BZ 847343) - Handle /var/run setups on a temporary filesystem (BZ 656659) - Resolve pmlogcheck sigsegv for some archives (BZ 1077432) - Ensure pcp-gui-{testsuite,debuginfo} packages get replaced. - Revive support for EPEL5 builds, post pcp-gui merge. - Update to latest PCP sources. * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.9.4-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 15 2014 Nathan Scott <nathans@xxxxxxxxxx> - 3.9.4-1 - Merged pcp-gui and pcp-doc packages into core PCP. - Allow for conditional libmicrohttpd builds in spec file. - Adopt slow-start capability in systemd PMDA (BZ 1073658) - Resolve pmcollectl network/disk mis-reporting (BZ 1097095) - Update to latest PCP sources. -------------------------------------------------------------------------------- References: [ 1 ] Bug #847343 - pcp: pmcd signal handlers are unsafe https://bugzilla.redhat.com/show_bug.cgi?id=847343 [ 2 ] Bug #656659 - Please Update Spec File to use %ghost on files in /var/run and /var/lock https://bugzilla.redhat.com/show_bug.cgi?id=656659 [ 3 ] Bug #1077432 - pmlogcheck SEGV https://bugzilla.redhat.com/show_bug.cgi?id=1077432 [ 4 ] Bug #1073658 - intermittent pmdasystemd failure at pmcd startup during system boot https://bugzilla.redhat.com/show_bug.cgi?id=1073658 -------------------------------------------------------------------------------- ================================================================================ pcre-8.32-9.fc19 (FEDORA-2014-7498) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes matching first character in multi-line case-insensitive UTF-8 mode and compilation of character class with a literal quotation. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 8.32-9 - Fix bad starting data when char with more than one other case follows circumflex in multiline UTF mode (bug #1110620) - Fix character class with a literal quotation (bug #1111054) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1110620 - First character optimization bug for multi-line case insensitive UTF-8 match https://bugzilla.redhat.com/show_bug.cgi?id=1110620 [ 2 ] Bug #1111054 - Character class with literal quotation is miscompiled https://bugzilla.redhat.com/show_bug.cgi?id=1111054 -------------------------------------------------------------------------------- ================================================================================ ratools-0.5.3-2.fc19 (FEDORA-2014-7504) Framework for IPv6 Router Advertisements -------------------------------------------------------------------------------- Update Information: Update to ratools-0.5.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 18 2014 Florian Lehner <dev@xxxxxxxxxxx> - 0.5.3-2 - Use macroized scriptlets for systemd * Mon Jun 16 2014 Florian Lehner <dev@xxxxxxxxxxx> - 0.5.3-1 - Move ractl.8-manpage from section 1 to section 8 - Add rad.8-manpage - Add Systemd files - Move config.example to example.conf * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ readline-6.2-8.fc19 (FEDORA-2014-7496) A library for editing typed command lines -------------------------------------------------------------------------------- Update Information: readline in Fedora is very slow when rl_event_hook is used, this update fix it. Security patch for debug function -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Jiří Klimeš <jklimes@xxxxxxxxxx> - 6.2-8 - resolves: #1109946 input: fix rl_read_key slowness when using rl_event_hook * Mon May 26 2014 jchaloup <jchaloup@xxxxxxxxxx> - 6.2-7 - resolves: #1077026 Security patch for debug functions -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109946 - readline in Fedora is very slow when rl_event_hook is used https://bugzilla.redhat.com/show_bug.cgi?id=1109946 [ 2 ] Bug #1077026 - readline: insecure temporary file use in _rl_tropen() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1077026 -------------------------------------------------------------------------------- ================================================================================ traceroute-2.0.20-1.fc19 (FEDORA-2014-7494) Traces the route taken by packets over an IPv4/IPv6 network -------------------------------------------------------------------------------- Update Information: Update to 2.0.20 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 18 2014 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> - 3:2.0.20-1 - update to 2.0.20 * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3:2.0.19-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Dec 3 2013 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> - 3:2.0.19-5 - fix format-security issue (#1037363) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3:2.0.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ udt-4.11-2.fc19 (FEDORA-2014-7533) UDP based Data Transfer Protocol -------------------------------------------------------------------------------- Update Information: UDT is a reliable UDP based application level data transport protocol for distributed data intensive applications over wide area high-speed networks. UDT uses UDP to transfer bulk data with its own eliability control and congestion control mechanisms. The new protocol can transfer data at a much higher speed than TCP does. UDT is also a highly configurable framework that can accommodate various congestion control algorithms. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1107441 - Review Request: udt - UDP based Data Transfer Protocol https://bugzilla.redhat.com/show_bug.cgi?id=1107441 -------------------------------------------------------------------------------- ================================================================================ v8-3.14.5.10-9.fc19 (FEDORA-2014-7518) JavaScript Engine -------------------------------------------------------------------------------- Update Information: 2014.06.05, Version 0.10.29 (Stable) * child_process: do not set args before throwing (Greg Sabia Tucker) * child_process: spawn() does not throw TypeError (Greg Sabia Tucker) * constants: export O_NONBLOCK (Fedor Indutny) * crypto: improve memory usage (Alexis Campailla) * fs: close file if fstat() fails in readFile() (cjihrig) * lib: name EventEmitter prototype methods (Ben Noordhuis) * tls: fix performance issue (Alexis Campailla) The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a stable distribution release. This build of nodejs will behave as if NODE_INVALID_UTF8 was set. For more information on the implications, see: http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/ Additionally, a minor bug in v8 has been fixed that caused certain integer comparisons to return true when they should have returned false. Please note that there is no OpenSSL security fixes as part of this update as there were upstream; nodejs in Fedora uses the system OpenSSL library and thus receives security updates as soon as the "openssl" packages on your system are updated. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:3.14.5.10-9 - fix corner case in integer comparisons (v8 bug#2416; nodejs bug#7528) -------------------------------------------------------------------------------- ================================================================================ wcd-5.2.5-1.fc19 (FEDORA-2014-7514) Chdir for DOS and Unix -------------------------------------------------------------------------------- Update Information: New upstream version 5.2.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 18 2014 Erwin Waterlander <waterlan@xxxxxxxxx> - 5.2.5-1 - New upstream version 5.2.5. -------------------------------------------------------------------------------- ================================================================================ xfig-3.2.5-43.c.fc19 (FEDORA-2014-7542) An X Window System tool for drawing basic vector graphics -------------------------------------------------------------------------------- Update Information: - Fix crash when changing arrow size on x86_64 (rhbz#1046102) -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 18 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 3.2.5-43.c - Fix crash when changing arrow size on x86_64 (rhbz#1046102) * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.5-42.c - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon Jan 6 2014 Michal Srb <msrb@xxxxxxxxxx> - 3.2.5-41.c - Name binaries correctly * Mon Jan 6 2014 Michal Srb <msrb@xxxxxxxxxx> - 3.2.5-40.c - Use fprintf in safe manner -------------------------------------------------------------------------------- References: [ 1 ] Bug #1046102 - [abrt] xfig: set_arrow_size_state(): xfig-Xaw3d killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1046102 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
