The following Fedora 19 Security updates need testing: Age URL 308 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 120 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 71 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 70 https://admin.fedoraproject.org/updates/FEDORA-2014-7570/asterisk-11.10.2-2.fc19 69 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 69 https://admin.fedoraproject.org/updates/FEDORA-2014-7610/perl-Email-Address-1.905-1.fc19 60 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 37 https://admin.fedoraproject.org/updates/FEDORA-2014-8771/ReviewBoard-1.7.27-1.fc19 22 https://admin.fedoraproject.org/updates/FEDORA-2014-9162/xulrunner-31.0-1.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-9602/polkit-qt-0.112.0-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-9619/ca-certificates-2014.2.1-1.0.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-9679/php-5.5.16-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9768/zarafa-7.1.10-4.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9791/python-django-1.5.9-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9752/python-elixir-0.7.1-14.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-9703/cups-1.6.4-10.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9963/squid-3.3.13-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9624/GraphicsMagick-1.3.20-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9942/mariadb-5.5.39-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9954/thunderbird-enigmail-1.7.2-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 256 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 182 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-9513/curl-7.29.0-22.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-9602/polkit-qt-0.112.0-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-9619/ca-certificates-2014.2.1-1.0.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9780/nss-3.17.0-1.fc19,nss-softokn-3.17.0-1.fc19,nss-util-3.17.0-1.fc19,nspr-4.10.7-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-9828/btrfs-progs-3.16-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-9862/langtable-0.0.27-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-9703/cups-1.6.4-10.fc19 The following builds have been pushed to Fedora 19 updates-testing GraphicsMagick-1.3.20-3.fc19 gvrng-4.4-7.fc19 libnfc-1.7.1-4.fc19 mariadb-5.5.39-1.fc19 mediawiki-1.23.3-1.fc19 perl-Mail-GnuPG-0.21-1.fc19 perl-Perl-MinimumVersion-1.38-2.fc19 pogo-0.8.3-1.fc19 python-fedmsg-meta-fedora-infrastructure-0.3.1-1.fc19 root-5.34.20-2.fc19 rubygem-logstash-event-1.2.02-2.fc19 scribus-1.4.4-2.fc19 squid-3.3.13-1.fc19 subversion-api-docs-1.7.18-1.fc19 thunderbird-enigmail-1.7.2-1.fc19 Details about builds: ================================================================================ GraphicsMagick-1.3.20-3.fc19 (FEDORA-2014-9624) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: New stable upstream release, patched for CVE-2014-1947. See also: http://www.graphicsmagick.org/NEWS.html#august-16-2014 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.20-3 - go back to original L%02d format variant * Mon Aug 25 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.20-2 - better fix for CVE-2014-1947 (#1064098,#1083082) * Wed Aug 20 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.20-1 - 1.3.20, CVE-2014-1947 (#1064098,#1083082) * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.19-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Wed Aug 13 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.3.19-8 - Rebuild for libjbig soname bump * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.19-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun May 11 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.19-6 - handle upgrade path for introduction of -doc subpkg in 1.3.19-4 * Mon Feb 3 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.3.19-5 - upstream patch, drop debug output (#1060665) * Sat Jan 25 2014 Ville Skyttä <ville.skytta@xxxxxx> - 1.3.19-4 - Split docs into -doc subpackage, drop README.txt (#1056306). - Drop no longer needed BrowseDelegateDefault modification. - Convert docs to UTF-8. * Thu Jan 9 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.19-3 - ppc64le is a multilib arch (#1051208) * Wed Jan 1 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.19-2 - BR: jbigkit, libwebp, xdg-utils, xz * Wed Jan 1 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.19-1 - 1.3.19 (#1047676) * Tue Oct 15 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.18-5 - trim changelog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064098 - CVE-2014-1947 ImageMagick: PSD writing layer name buffer overflow ("L%02ld") https://bugzilla.redhat.com/show_bug.cgi?id=1064098 -------------------------------------------------------------------------------- ================================================================================ gvrng-4.4-7.fc19 (FEDORA-2014-9930) A robot driving game designed to introduce to kids to programming -------------------------------------------------------------------------------- Update Information: Fixed locale location (bz 1133237) -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 27 2014 Neil Horman <nhorman@xxxxxxxxxxxxx> - 4.4-7 - Fixed locale location (bz 1133237) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133237 - program crashes when trying to start https://bugzilla.redhat.com/show_bug.cgi?id=1133237 -------------------------------------------------------------------------------- ================================================================================ libnfc-1.7.1-4.fc19 (FEDORA-2014-9922) NFC SDK and Programmers API -------------------------------------------------------------------------------- Update Information: Migrated udev rule to dynamic ACL management and new bugfix release -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 1.7.1-4 - Migrated udev rule to dynamic ACL management - Fixed udev rule location - Added kernel modules blacklist file as an example (not enabled by default) Resolves: rhbz#1057285 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon Mar 17 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 1.7.1-1 - New version Resolves: rhbz#1076524 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057285 - udev rules not working. https://bugzilla.redhat.com/show_bug.cgi?id=1057285 [ 2 ] Bug #1076524 - libnfc-1.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1076524 -------------------------------------------------------------------------------- ================================================================================ mariadb-5.5.39-1.fc19 (FEDORA-2014-9942) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information: This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5539-changelog and also an unspecified MyISAM temporary file issue. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 22 2014 Honza Horak <hhorak@xxxxxxxxxx> - 1:5.5.39-1 - Update to 5.5.39 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1126271 - mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 https://bugzilla.redhat.com/show_bug.cgi?id=1126271 [ 2 ] Bug #1126272 - mysql: yaSSL off-by-one when decoding dates form X.509 certificates https://bugzilla.redhat.com/show_bug.cgi?id=1126272 -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.23.3-1.fc19 (FEDORA-2014-9964) A wiki engine -------------------------------------------------------------------------------- Update Information: * (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php. * (bug 64970) Fix support for blobs on DatabaseOracle::update. * (bug 66574) Display MediaWiki:Loginprompt on the login page. * (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes. * (bug 60629) Handle invalid language code gracefully in Language::fetchLanguageNames. * (bug 62017) Restore the number of rows shown on Special:Watchlist. * Check for boolean false result from database query in SqlBagOStuff. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.23.3-1 - Update to 1.23.3 - (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php. - (bug 64970) Fix support for blobs on DatabaseOracle::update. - (bug 66574) Display MediaWiki:Loginprompt on the login page. - (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes. - (bug 60629) Handle invalid language code gracefully in Language::fetchLanguageNames. - (bug 62017) Restore the number of rows shown on Special:Watchlist. - Check for boolean false result from database query in SqlBagOStuff. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1134781 - mediawiki-1.23.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1134781 [ 2 ] Bug #1134892 - mediawiki's mw-createinstance script creates a dangling symlink to redirect.php, which has been removed https://bugzilla.redhat.com/show_bug.cgi?id=1134892 -------------------------------------------------------------------------------- ================================================================================ perl-Mail-GnuPG-0.21-1.fc19 (FEDORA-2014-9936) Process email with GPG -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.21-1 - Upstream update. -------------------------------------------------------------------------------- ================================================================================ perl-Perl-MinimumVersion-1.38-2.fc19 (FEDORA-2014-9962) Find a minimum required version of perl for Perl code -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.38-2 - Filter underspecified deps. - Upstream update. - Reflect upstream BR:-changes. - Reflect Source0: having changed. - Minor spec file modernization. -------------------------------------------------------------------------------- ================================================================================ pogo-0.8.3-1.fc19 (FEDORA-2014-9923) Probably the simplest and fastest audio player for Linux -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream version 0.8.3 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 0.8.3-1 - Rebuilt for new upstream version 0.8.3 -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.3.1-1.fc19 (FEDORA-2014-9960) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: 'bodhi conglomerators'. Future-proofed copr processor. New threading lock around fas cache. Latest upstream with fixes for pkgdb and jenkins messages. Fixes to jenkins messages. New Fedora-College processor. Fixes to jenkins messages. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.3.1-1 - Latest upstream with the new conglomerator api. - Also, fixes to copr messages. - New threading lock put around fas cache regeneration. - Bump up the BR version on fedmsg. * Wed Aug 20 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.19-1 - Latest upstream with jenkins and pkgdb fixes. - Remove patches. * Wed Aug 13 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.18-3 - Upstream patches to fix further problems with the jenkins processor. * Sun Aug 10 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.18-2 - Patch out time-sensitive test. * Sat Aug 9 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.18-1 - Fix test suite. * Sat Aug 9 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.17-1 - Bugfixes to jenkins messages. * Sat Aug 9 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.16-1 - Remove patch. - Handle fedora college messages. -------------------------------------------------------------------------------- ================================================================================ root-5.34.20-2.fc19 (FEDORA-2014-9961) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: Move xproofd binary to the root-xproof package -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.34.20-2 - Move xproofd binaries from root-proofd to root-xproof - Adjust EPEL 7 font dependencies - Rebuild using new binutils (ld bug fixed - F21+) -------------------------------------------------------------------------------- ================================================================================ rubygem-logstash-event-1.2.02-2.fc19 (FEDORA-2014-9924) Library that contains the classes required to create LogStash events -------------------------------------------------------------------------------- Update Information: rubygem-logstash-event contains the classes required to create LogStash events (combination of timestamp in ISO8601 format and message in any format) and their serialization to json. logstash-event rubygem is part of LogStash project, http://logstash.net/. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1131991 - Review Request: rubygem-logstash-event - Classes required to create LogStash events https://bugzilla.redhat.com/show_bug.cgi?id=1131991 -------------------------------------------------------------------------------- ================================================================================ scribus-1.4.4-2.fc19 (FEDORA-2014-9929) DeskTop Publishing application written in Qt -------------------------------------------------------------------------------- Update Information: - updated to 1.4.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Dan Horák <dan[at]danny.cz> - 1.4.4-2 - switch to Debian patch for the qreal vs double conflict on ARM (fixes #1076885) * Fri Jun 6 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.4.4-1 - update to 1.4.4, drop non-free dot files -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076885 - shape insertion tool don't works https://bugzilla.redhat.com/show_bug.cgi?id=1076885 [ 2 ] Bug #1119035 - Scribus V1.4.4 not yet available for Fedora 20 https://bugzilla.redhat.com/show_bug.cgi?id=1119035 [ 3 ] Bug #1103247 - scribus-1.4.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1103247 -------------------------------------------------------------------------------- ================================================================================ squid-3.3.13-1.fc19 (FEDORA-2014-9963) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-3609 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 28 2014 Michal Luscon <mluscon@xxxxxxxxxx> - 7:3.3.13-1 - Update to upstream version 3.3.13 - Fixed: CVE-2014-3609 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1134209 - CVE-2014-3609 squid: assertion failure in Range header processing (SQUID-2014:2) https://bugzilla.redhat.com/show_bug.cgi?id=1134209 -------------------------------------------------------------------------------- ================================================================================ subversion-api-docs-1.7.18-1.fc19 (FEDORA-2014-9925) Subversion API documentation -------------------------------------------------------------------------------- Update Information: Rebuild against current stable. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 29 2014 Bojan Smojver <bojan@xxxxxxxxxxxxx> 1.7.18-1 - bump up to 1.7.18 -------------------------------------------------------------------------------- ================================================================================ thunderbird-enigmail-1.7.2-1.fc19 (FEDORA-2014-9954) Authentication and encryption extension for Mozilla Thunderbird -------------------------------------------------------------------------------- Update Information: Upstream annoncement: * This is a bugfix release, fixing several major issues found in v1.7. * A security bug (CVE-2014-5369) has been fixed. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 29 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 1.7.2-1 - Enigmail 1.7.2, fix CVE-2014-5369 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133373 - CVE-2014-5369 thunderbird-enigmail: mail with only Bcc recipients sent in plain text https://bugzilla.redhat.com/show_bug.cgi?id=1133373 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
