The following Fedora 19 Security updates need testing: Age URL 256 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 68 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 57 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19 48 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19 46 https://admin.fedoraproject.org/updates/FEDORA-2014-6597/drupal7-views-3.8-1.fc19 25 https://admin.fedoraproject.org/updates/FEDORA-2014-7322/thunderbird-24.6.0-1.fc19 19 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2014-7570/asterisk-11.10.2-2.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2014-7610/perl-Email-Address-1.905-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-7716/python-simplejson-3.5.3-1.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7772/python-2.7.5-13.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-7889/zarafa-7.1.10-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8035/python3-3.3.2-9.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-7997/ansible-1.6.6-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8034/docker-io-1.0.0-6.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7645/couchdb-1.6.0-6.fc19,erlang-ibrowse-4.0.1-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-8107/pnp4nagios-0.6.22-2.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-8089/rubygem-activerecord-3.2.13-2.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-8112/lz4-r119-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8178/kernel-3.14.11-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8176/krb5-1.11.3-22.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 204 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 130 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-7735/gcc-4.8.3-1.fc19,libtool-2.4.2-24.fc19,gcc-python-plugin-0.12-16.fc19,dragonegg-3.3-2.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7772/python-2.7.5-13.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-7906/libtasn1-3.7-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8047/nss-3.16.2-1.fc19,nss-softokn-3.16.2-1.fc19,nss-util-3.16.2-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8025/shared-mime-info-1.1-6.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8079/xorg-x11-xauth-1.0.9-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8202/fontconfig-2.10.93-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8176/krb5-1.11.3-22.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8178/kernel-3.14.11-100.fc19 The following builds have been pushed to Fedora 19 updates-testing RBTools-0.6.2-1.fc19 abduco-0.1-1.fc19 copr-cli-1.35-1.fc19 cross-gcc-4.9.0-3.fc19 fontconfig-2.10.93-2.fc19 kde-connect-0.7.2-1.fc19 kernel-3.14.11-100.fc19 krb5-1.11.3-22.fc19 lapack-3.4.2-7.fc19 libstoragemgmt-0.1.0-1.fc19 php-scssphp-0.0.12-1.fc19 python-qpid-0.28-3.fc19 rubygem-coveralls-0.7.0-3.fc19 scalapack-1.7.5-21.fc19 Details about builds: ================================================================================ RBTools-0.6.2-1.fc19 (FEDORA-2014-8192) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information: https://www.reviewboard.org/docs/releasenotes/rbtools/0.6.2/ -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2014 Stephen Gallagher <sgallagh@xxxxxxxxxx> 0.6.2-1 - New upstream release 0.6.2 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.6.2/ -------------------------------------------------------------------------------- ================================================================================ abduco-0.1-1.fc19 (FEDORA-2014-8175) Session management in a clean and simple way -------------------------------------------------------------------------------- Update Information: Initial package (RHBZ #1116653) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1116653 - Review Request: abduco - Session management in a clean and simple way https://bugzilla.redhat.com/show_bug.cgi?id=1116653 -------------------------------------------------------------------------------- ================================================================================ copr-cli-1.35-1.fc19 (FEDORA-2014-8181) Command line interface for COPR -------------------------------------------------------------------------------- Update Information: stop if you receive unknown status -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 4 2014 Miroslav Suchý <msuchy@xxxxxxxxxx> 1.35-1 - [cli] stop waiting when the status is unknown * Fri Jul 4 2014 Miroslav Suchý <msuchy@xxxxxxxxxx> 1.34-1 - [cli] skipped state support -------------------------------------------------------------------------------- ================================================================================ cross-gcc-4.9.0-3.fc19 (FEDORA-2014-8179) Cross C compiler -------------------------------------------------------------------------------- Update Information: Move to using gcc-4.9 -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2014 David Howells <dhowells@xxxxxxxxxx> - 4.9.0-3 - Enable libgcc building on s390x [BZ 1116185]. * Mon Jun 16 2014 David Howells <dhowells@xxxxxxxxxx> - 4.9.0-2 - Rebase on gcc-4.9.0-14. * Mon Jun 16 2014 David Howells <dhowells@xxxxxxxxxx> - 4.9.0-1 - Move to gcc-4.9.0. -------------------------------------------------------------------------------- ================================================================================ fontconfig-2.10.93-2.fc19 (FEDORA-2014-8202) Font configuration and customization library -------------------------------------------------------------------------------- Update Information: Fix the race condition issue on updating caches -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 8 2014 Akira TAGOH <tagoh@xxxxxxxxxx> - 2.10.93-2 - Fix the race condition issue on updating caches. (#921706) -------------------------------------------------------------------------------- References: [ 1 ] Bug #921706 - ghostscript: /invalidfont in /findfont, --nostringval-- Helvetica https://bugzilla.redhat.com/show_bug.cgi?id=921706 -------------------------------------------------------------------------------- ================================================================================ kde-connect-0.7.2-1.fc19 (FEDORA-2014-7848) KDE Connect client for communication with smartphones -------------------------------------------------------------------------------- Update Information: New upstream release, fixes remote filesystem support, and adds a new features including remote pointer control see also http://albertvaka.wordpress.com/2014/06/28/awesome-contributions-to-kde-connect/ -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 6 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.7.2-1 - kde-connect-0.7.2 (#1116448) * Sun Jun 29 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.7.1-1 - 0.7.1 * Sat Jun 28 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.7-1 - kde-connect-0.7 (#1114196) - Requires: fuse-sshfs (#1114197) - Requires: qca-ossl - -libs, -devel subpkgs * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6-0.3.20140305git52901898 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114196 - KDE Connect 0.7 released https://bugzilla.redhat.com/show_bug.cgi?id=1114196 [ 2 ] Bug #1114197 - KDE Connect's SFTP dependencies not installed https://bugzilla.redhat.com/show_bug.cgi?id=1114197 [ 3 ] Bug #1116448 - KDE Connect 0.7.2 released https://bugzilla.redhat.com/show_bug.cgi?id=1116448 -------------------------------------------------------------------------------- ================================================================================ kernel-3.14.11-100.fc19 (FEDORA-2014-8178) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.14.11 stable update contains a number of important fixes across the tree. The 3.14.9 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.14.11-100 - Linux v3.14.11 - Fixes CVE-2014-4715 (rhbz 1115767 1116362) - Fixes CVE-2014-4699 (rhbz 1115927 1116477) * Fri Jun 27 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - Add patch to fix wifi on lenove yoga 2 series (rhbz#1021036) * Thu Jun 26 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.14.9-100 - Linux v3.14.9 * Wed Jun 25 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Revert commit that breaks Wacom Intuos4 from Benjamin Tissoires - CVE-2014-0206 aio: insufficient head sanitization in aio_read_events_ring (rhbz 1094602 1112975) * Mon Jun 23 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-4508 BUG in x86_32 syscall auditing (rhbz 1111590 1112073) * Fri Jun 20 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Bring in intel_pstate regression fixes for BayTrail (rhbz 1111920) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115767 - CVE-2014-4715 lz4: LZ4_decompress_generic() integer overflow (32-bit arches) https://bugzilla.redhat.com/show_bug.cgi?id=1115767 [ 2 ] Bug #1115927 - CVE-2014-4699 kernel: x86_64: ptrace: sysret to non-canonical address https://bugzilla.redhat.com/show_bug.cgi?id=1115927 [ 3 ] Bug #1113967 - CVE-2014-4667 kernel: sctp: sk_ack_backlog wrap-around problem https://bugzilla.redhat.com/show_bug.cgi?id=1113967 [ 4 ] Bug #1113899 - CVE-2014-4608 kernel: lzo1x_decompress_safe() integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1113899 [ 5 ] Bug #1112436 - CVE-2014-4611 lz4: LZ4_decompress_generic() integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1112436 [ 6 ] Bug #1094602 - CVE-2014-0206 kernel: aio: insufficient sanitization of head in aio_read_events_ring() https://bugzilla.redhat.com/show_bug.cgi?id=1094602 [ 7 ] Bug #1111590 - CVE-2014-4508 Kernel: x86_32: BUG in syscall auditing https://bugzilla.redhat.com/show_bug.cgi?id=1111590 -------------------------------------------------------------------------------- ================================================================================ krb5-1.11.3-22.fc19 (FEDORA-2014-8176) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: This update incorporates backported upstream fixes for potential crashes caused by attempts to process malformed GSSAPI messages (CVE-2014-4341, CVE-2014-4342). -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.11.3-22 - pull in fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1116181) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1116180 - CVE-2014-4341 CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens https://bugzilla.redhat.com/show_bug.cgi?id=1116180 -------------------------------------------------------------------------------- ================================================================================ lapack-3.4.2-7.fc19 (FEDORA-2014-8191) Numerical linear algebra package libraries -------------------------------------------------------------------------------- Update Information: Fix issue with BLAS which caused issues for R. Use the compiled object files in tmglib, not the static lib it makes. Also link tmglib to lapacke library. Add matgen_obj files to lapacke library. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.4.2-7 - fix issues with BLAS found by R * Thu Jun 19 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.4.2-6 - compile in tmglib object files, not static lib * Tue Jun 17 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.4.2-4 - add matgen_obj files to lapacke lib * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.4.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1113657 - reg-BLAS regression test fails ? https://bugzilla.redhat.com/show_bug.cgi?id=1113657 [ 2 ] Bug #1108192 - Include all LAPACKE routines https://bugzilla.redhat.com/show_bug.cgi?id=1108192 -------------------------------------------------------------------------------- ================================================================================ libstoragemgmt-0.1.0-1.fc19 (FEDORA-2014-8194) Storage array management library -------------------------------------------------------------------------------- Update Information: Upstream update. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2014 Tony Asleson <tasleson@xxxxxxxxxx> - 0.1.0-1 - New upstream release * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.0.24-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ php-scssphp-0.0.12-1.fc19 (FEDORA-2014-8172) A compiler for SCSS written in PHP -------------------------------------------------------------------------------- Update Information: ### [0.0.12](https://github.com/leafo/scssphp/releases/tag/v0.0.12) -- July 6, 2014 * revert erroneous import-partials-fix (smuuf) * handle If-Modified-Since in client request, and send Last-Modified in response (braver) * add hhvm to travis-ci testing ### [0.0.11](https://github.com/leafo/scssphp/releases/tag/v0.0.11) -- July 5, 2014 #### Bug Fixes * support multi-line continuation character (backslash) per CSS2.1 and CSS3 spec (@caiosm1005) * imported partials should not be compiled (@squarestar) #### Enhancements * added interface to set/unset variables, i.e., setVariables($array) and unsetVariable($name) (@leafo) #### Maintenance * micro-optimization replacing is_null() with ! isset() (@Yahasana) -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.0.12-1 - Updated to 0.0.12 (BZ #1116615) - Added option to build without tests ("--without tests") * Sun Jun 8 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 0.0.10-2 - fix FTBFS, ignore max version of PHPUnit - provides php-composer(leafo/scssphp) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.0.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1116615 - php-scssphp-0.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1116615 -------------------------------------------------------------------------------- ================================================================================ python-qpid-0.28-3.fc19 (FEDORA-2014-8182) Python client library for AMQP -------------------------------------------------------------------------------- Update Information: Avoid use of poll if select is monkey patched by Eventlet/Greenthreads -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.28-3 - Avoid use of poll if select is monkey patched by Eventlet/Greenthreads - Resolves: BZ#1109488 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.28-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Jun 5 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.28-1 - Rebased on Qpid 0.28. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109488 - python-qpid-0.28 hangs when using with glance (eventlet) https://bugzilla.redhat.com/show_bug.cgi?id=1109488 -------------------------------------------------------------------------------- ================================================================================ rubygem-coveralls-0.7.0-3.fc19 (FEDORA-2014-8200) A Ruby implementation of the Coveralls API -------------------------------------------------------------------------------- Update Information: Newpackage -------------------------------------------------------------------------------- ================================================================================ scalapack-1.7.5-21.fc19 (FEDORA-2014-8187) A subset of LAPACK routines redesigned for heterogeneous computing -------------------------------------------------------------------------------- Update Information: Fix shared library creation such that it is linked to the correct libraries. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 2 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.7.5-21 - link shared library to other needed libs * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7.5-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1113567 - scalapack: undefined non-weak symbols and unused direct shlib dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1113567 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
