The following Fedora 19 Security updates need testing: Age URL 256 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 69 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 58 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19 49 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19 47 https://admin.fedoraproject.org/updates/FEDORA-2014-6597/drupal7-views-3.8-1.fc19 26 https://admin.fedoraproject.org/updates/FEDORA-2014-7322/thunderbird-24.6.0-1.fc19 20 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 18 https://admin.fedoraproject.org/updates/FEDORA-2014-7570/asterisk-11.10.2-2.fc19 18 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 18 https://admin.fedoraproject.org/updates/FEDORA-2014-7610/perl-Email-Address-1.905-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-7716/python-simplejson-3.5.3-1.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7772/python-2.7.5-13.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7889/zarafa-7.1.10-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-8035/python3-3.3.2-9.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7997/ansible-1.6.6-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-8034/docker-io-1.0.0-6.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-7645/couchdb-1.6.0-6.fc19,erlang-ibrowse-4.0.1-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8107/pnp4nagios-0.6.22-2.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8089/rubygem-activerecord-3.2.13-2.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8112/lz4-r119-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8178/kernel-3.14.11-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8176/krb5-1.11.3-22.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8218/ocsinventory-2.0.5-8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8223/libXfont-1.4.8-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 205 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 131 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-7735/gcc-4.8.3-1.fc19,libtool-2.4.2-24.fc19,gcc-python-plugin-0.12-16.fc19,dragonegg-3.3-2.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7772/python-2.7.5-13.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7906/libtasn1-3.7-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-8025/shared-mime-info-1.1-6.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8079/xorg-x11-xauth-1.0.9-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8047/nss-3.16.2-1.fc19,nss-softokn-3.16.2-1.fc19,nss-util-3.16.2-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8207/yum-3.4.3-152.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8223/libXfont-1.4.8-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8202/fontconfig-2.10.93-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8176/krb5-1.11.3-22.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8178/kernel-3.14.11-100.fc19 The following builds have been pushed to Fedora 19 updates-testing libXfont-1.4.8-1.fc19 nx-libs-3.5.0.27-1.fc19 ocsinventory-2.0.5-8.fc19 perl-IO-Socket-IP-0.30-2.fc19 perl-Module-Package-Au-2-1.fc19 qpid-proton-0.7-3.fc19 se-sandbox-runner-1.6.12-1.fc19 yum-3.4.3-152.fc19 Details about builds: ================================================================================ libXfont-1.4.8-1.fc19 (FEDORA-2014-8223) X.Org X11 libXfont runtime library -------------------------------------------------------------------------------- Update Information: - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.4.8-1 - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) * Mon Jun 9 2014 Adam Jackson <ajax@xxxxxxxxxx> 1.4.7-2 - Fix FTBFS against new fontproto * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096593 - CVE-2014-0209 libXfont: integer overflow of allocations in font metadata file parsing https://bugzilla.redhat.com/show_bug.cgi?id=1096593 [ 2 ] Bug #1096597 - CVE-2014-0210 libXfont: unvalidated length fields when parsing xfs protocol replies https://bugzilla.redhat.com/show_bug.cgi?id=1096597 [ 3 ] Bug #1096601 - CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies https://bugzilla.redhat.com/show_bug.cgi?id=1096601 -------------------------------------------------------------------------------- ================================================================================ nx-libs-3.5.0.27-1.fc19 (FEDORA-2014-8213) NX X11 protocol compression libraries -------------------------------------------------------------------------------- Update Information: Update to 3.5.0.27: - Add kernel socket namespace support. Fixes failing nxproxy/nxagent execution on systems where pam_namespace.so is in use. - Fix xkeyboard-2.6 incompatibility issues. (Maybe not all of them, so please report back...). - Fix PPC64 support. (Thanks to Mihai Moldovan for digging into this!!!) - New option: -state <statefile>. More accurately detect the current session state via an external status file. This is part of the bugfix for X2Go BTS issue #302. - Allow clipboard={none,client,server,both} as NX option. - Plus some minor issues -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.27-1 - Update to 3.5.0.27 - Drop aarch64 patch applied upstream * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5.0.24-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 7 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.24-2 - Add patch for aarch64 support attempt * Wed May 7 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.24-1 - Update to 3.5.0.24 - Drop format patch applied upstream * Tue May 6 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.23-1 - Update to 3.5.0.23 - Drop ppc64 and imake patches applied upstream * Fri Jan 24 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.22-3 - Add patch to fix imake build - Add patch to fix -Werror=format-security build * Fri Jan 24 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.22-2 - Set compile flags properly on arm and ppc64 - Add patch to fix ppc64 build -------------------------------------------------------------------------------- ================================================================================ ocsinventory-2.0.5-8.fc19 (FEDORA-2014-8218) Open Computer and Software Inventory Next Generation -------------------------------------------------------------------------------- Update Information: Upstream XSS security fix for CVE-2014-4722 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.0.5-8 - XSS security fix for CVE-2014-4722 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1117205 - CVE-2014-4722 ocsinventory: multiple stored XSS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1117205 -------------------------------------------------------------------------------- ================================================================================ perl-IO-Socket-IP-0.30-2.fc19 (FEDORA-2014-8224) Drop-in replacement for IO::Socket::INET supporting both IPv4 and IPv6 -------------------------------------------------------------------------------- Update Information: The 0.30-2 release fixes multihoming, especially with IO::Socket::SSL, really. This release fixes connect to multihomed peer in case IO::Socket::IP is sub-classed. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.30-2 - Fix multihomed SSL (bug #1116600) * Mon Jul 7 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.30-1 - 0.30 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1116600 - perl-IO-Socket-IP-0.30 is available https://bugzilla.redhat.com/show_bug.cgi?id=1116600 -------------------------------------------------------------------------------- ================================================================================ perl-Module-Package-Au-2-1.fc19 (FEDORA-2014-8221) Reusable Module::Install bits -------------------------------------------------------------------------------- Update Information: New package: Reusable Module::Install bits -------------------------------------------------------------------------------- References: [ 1 ] Bug #886192 - Review Request: perl-Module-Package-Au - Reusable Module::Install bits https://bugzilla.redhat.com/show_bug.cgi?id=886192 -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.7-3.fc19 (FEDORA-2014-8229) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Removed intra-package comments which cause error messages on package uninstall. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 8 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.7-3 - Removed intra-package comments which cause error messages on package uninstall. * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ se-sandbox-runner-1.6.12-1.fc19 (FEDORA-2014-8211) Qt wrapper for SELinux Sandbox -------------------------------------------------------------------------------- Update Information: fixed building a list of included path; fixed setting a working directories & their SELinux labels; -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 8 2014 Fl@sh <kaperang07@xxxxxxxxx> - 1.6.12-1 - version updated; -------------------------------------------------------------------------------- ================================================================================ yum-3.4.3-152.fc19 (FEDORA-2014-8207) RPM package installer/updater/manager -------------------------------------------------------------------------------- Update Information: - Copy packages in/out of an installroot, for no downloads creating containers. - A few cleanups for the fs sub-command UI. - Add spec requires for fs sub-command. - Fix yum.conf file saving for filters. - Fix repo-pkgs check-update not showing any updates. - Fix ValueError when /var/lib/yum/groups/installed is empty. BZ 971307 - Fix 'yum updateinfo list all new-packages' traceback. BZ 1072945 - Make yum quit when an invalid option is provided with --setopt. - No error for refilter cleanup, rm dirs. and eat all errors. BZ 1062959. - Use get_uuid_obj() instead of get_uuid(), to help out ostree. - Make utils.get_process_info() respect executable names with spaces. - Fix traceback when history files don't exist and user is not root. - Fix storing objects directly in the yumdb. - Don't store uuid as var_uuid, or we create it all the time. - Fix dumping xml for suggests/etc. - Fix for weird anaconda C NULL exception traceback. BZ 1058297. - Fix apkgs setup for removing packages. BZ 1019960. - Fix typo, so we can find the suggests/etc. tables. - Change 'size' option to 'maxsize' in yum.logrotate. BZ 1005879. - Mask st_mode to fix verifying permissions for ghost files. BZ 1045415. - normpath() file URIs. BZ 1009499. - Add bash completion for fs. - Fix summary for yum fs command. BZ 1086461. - Check /usr for writability before running a transaction. - Add repo= arguments to almost all RepoError raises, so we don't print unknown. - Add/fix upgrade-minimal typos from man page. - Replace vars in include lines in .repo files. BZ 977380. - Make --setopt handle spaces properly. BZ 1094373 - Fix traceback when the history dir is empty. BZ 875610 - Add missing import for rpm, when override_install_langs isn't set. - Workaround the TypeError in filterdeps(). BZ 1108625 - Read FS yumvars before yum.conf setup, and reread if installroot changed. - Call systemd Inhibit, to inhibit shutdowns during transactions. BZ 1109930. - Have check provides check directly against the rpm index, and then quit. - Read env vars in readStartupConfig() to make them work in yum.conf. BZ 1102575 - Add rules for naming files in /etc/yum/vars to yum.conf man page. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 18 2014 James Antill <james at fedoraproject.org> - 3.4.3-152 - update to latest HEAD - Workaround the TypeError in _filter_deps(). BZ 1108625 * Mon Jun 16 2014 James Antill <james at fedoraproject.org> - 3.4.3-151 - update to latest HEAD - Read FS yumvars before yum.conf setup, and reread if installroot changed. - Call systemd Inhibit, to inhibit shutdowns during transactions. BZ 1109930. - Have check provides check directly against the rpm index, and then quit. - Read env vars in readStartupConfig() to make them work in yum.conf. BZ 1102575 - Add rules for naming files in /etc/yum/vars to yum.conf man page. * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.4.3-149 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 21 2014 James Antill <james at fedoraproject.org> - 3.4.3-148 - update to latest HEAD - Check /usr for writability before running a transaction. - Add repo= arguments to almost all RepoError raises, so we don't print unknown. - Add/fix upgrade-minimal typos from man page. - Replace vars in include lines in .repo files. BZ 977380. - Make --setopt handle spaces properly. BZ 1094373 - Fix traceback when the history dir is empty. BZ 875610 * Tue Apr 15 2014 James Antill <james at fedoraproject.org> - 3.4.3-146 - update to latest HEAD - Fix for weird anaconda C NULL exception traceback. BZ 1058297. - Add bash completion for fs. - Fix summary for yum fs command. BZ 1086461. * Tue Apr 8 2014 James Antill <james at fedoraproject.org> - 3.4.3-145 - update to latest HEAD - Fix for weird anaconda C NULL exception traceback. BZ 1058297. - Fix apkgs setup for removing packages. BZ 1019960. - Fix typo, so we can find the suggests/etc. tables. - Change 'size' option to 'maxsize' in yum.logrotate. BZ 1005879. - Mask st_mode to fix verifying permissions for ghost files. BZ 1045415. - normpath() file URIs. BZ 1009499. * Tue Mar 25 2014 James Antill <james at fedoraproject.org> - 3.4.3-144 - update to latest HEAD - Fix dumping xml for suggests/etc. * Mon Mar 24 2014 James Antill <james at fedoraproject.org> - 3.4.3-143 - update to latest HEAD - Fix storing objects directly in the yumdb. - Don't store uuid as var_uuid, or we create it all the time. * Mon Mar 24 2014 James Antill <james at fedoraproject.org> - 3.4.3-142 - update to latest HEAD - No error for refilter cleanup, rm dirs. and eat all errors. BZ 1062959. - Use get_uuid_obj() instead of get_uuid(), to help out ostree. - Make utils.get_process_info() respect executable names with spaces. - Fix traceback when history files don't exist and user is not root. * Mon Mar 10 2014 Valentina Mukhamedzhanova <vmukhame@xxxxxxxxxx> - 3.4.3-141 - update to latest HEAD - Fix repo-pkgs check-update not showing any updates. - Fix ValueError when /var/lib/yum/groups/installed is empty. BZ 971307 - Fix 'yum updateinfo list all new-packages' traceback. BZ 1072945 - Make yum quit when an invalid option is provided with --setopt. * Sun Feb 23 2014 James Antill <james at fedoraproject.org> - 3.4.3-140 - update to latest HEAD - Fix yum.conf file saving for filters. * Fri Feb 21 2014 James Antill <james at fedoraproject.org> - 3.4.3-139 - update to latest HEAD - Copy packages in/out of an installroot, for no downloads creating containers. - A few cleanups for the fs sub-command UI. - Add spec requires for fs sub-command. * Tue Feb 18 2014 James Antill <james at fedoraproject.org> - 3.4.3-138 - update to latest HEAD - Workaround for weird mash issue, probably. -------------------------------------------------------------------------------- References: [ 1 ] Bug #971307 - [abrt] yum-3.4.3-91.fc19: igroups.py:92:_read_pkg_grps:ValueError: invalid literal for int() with base 10: '' https://bugzilla.redhat.com/show_bug.cgi?id=971307 [ 2 ] Bug #1072945 - [abrt] yum: yumcommands.py:3841:list_show_pkgs:KeyError: '0install' https://bugzilla.redhat.com/show_bug.cgi?id=1072945 [ 3 ] Bug #1019960 - [abrt] yum-3.4.3-111.fc19: yumcommands.py:3678:doCommand:TypeError: 'NoneType' object is not iterable https://bugzilla.redhat.com/show_bug.cgi?id=1019960 [ 4 ] Bug #1009499 - yum complicates config URIs needlessly, leading to strange error messages https://bugzilla.redhat.com/show_bug.cgi?id=1009499 [ 5 ] Bug #1058297 - SystemError: error return without exception set https://bugzilla.redhat.com/show_bug.cgi?id=1058297 [ 6 ] Bug #1086461 - yum help output for fs duplicates that for fssnapshot https://bugzilla.redhat.com/show_bug.cgi?id=1086461 [ 7 ] Bug #1072121 - [abrt] yum: yumcommands.py:4619:_fs_filters:NameError: global name 'rpm' is not defined https://bugzilla.redhat.com/show_bug.cgi?id=1072121 [ 8 ] Bug #1048714 - erase not part of auto completion of yum https://bugzilla.redhat.com/show_bug.cgi?id=1048714 [ 9 ] Bug #1102575 - Environment variable substitution in yum.conf doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1102575 [ 10 ] Bug #1108625 - [abrt] yum: packages.py:1422:_filter_deps:TypeError: zip argument #2 must support iteration https://bugzilla.redhat.com/show_bug.cgi?id=1108625 [ 11 ] Bug #1109930 - RFE: take systemd inhibitor lock while doing operations that shouldn't be interrupted by shutdown https://bugzilla.redhat.com/show_bug.cgi?id=1109930 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
