The following Fedora 19 Security updates need testing: Age URL 336 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 148 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 99 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 97 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 88 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 50 https://admin.fedoraproject.org/updates/FEDORA-2014-9162/xulrunner-31.0-1.fc19 42 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3.fc19 29 https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19 29 https://admin.fedoraproject.org/updates/FEDORA-2014-9703/cups-1.6.4-10.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2014-10491/torque-3.0.4-4.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-8.20140822git.fc19 16 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-10714/curl-7.29.0-23.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-10794/squid-3.3.13-2.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-11008/kernel-3.14.19-100.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11565/nss-softokn-3.17.1-2.fc19,nss-util-3.17.1-1.fc19,nss-3.17.1-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11348/kdelibs-4.11.5-5.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11370/nginx-1.4.7-3.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11428/perl-Data-Dumper-2.154-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11483/xen-4.2.5-2.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11522/python-2.7.5-14.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11544/drupal6-6.33-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11541/libvncserver-0.9.10-0.6.20140718git9453be42.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11464/krfb-4.11.5-4.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11495/nodejs-send-0.3.0-4.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11399/nodejs-qs-0.6.6-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-11649/rubygem-bundler-1.7.3-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-11745/seamonkey-2.29.1-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-11582/mediawiki-1.23.4-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 284 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 210 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-10986/kde-workspace-4.11.12-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-11008/kernel-3.14.19-100.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-10971/man-db-2.6.3-8.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-10968/squashfs-tools-4.3-8.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11522/python-2.7.5-14.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11565/nss-softokn-3.17.1-2.fc19,nss-util-3.17.1-1.fc19,nss-3.17.1-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11348/kdelibs-4.11.5-5.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11443/firefox-32.0.2-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-11394/thunderbird-31.1.1-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-11671/koji-1.9.0-5.fc19 The following builds have been pushed to Fedora 19 updates-testing juffed-0.10-10.fc19 koji-1.9.0-5.fc19 lcgdm-dav-0.15.0-1.fc19 mediawiki-1.23.4-1.fc19 nex-20140621-1.fc19 openscap-1.1.1-1.fc19 ovirt-guest-agent-1.0.10-2.fc19 php-pear-Net-Sieve-1.3.3-1.fc19 python-doit-0.26.0-1.fc19 rubygem-bundler-1.7.3-1.fc19 seamonkey-2.29.1-1.fc19 x2goserver-4.0.1.16-1.fc19 Details about builds: ================================================================================ juffed-0.10-10.fc19 (FEDORA-2014-11627) Advanced text editor -------------------------------------------------------------------------------- Update Information: Terminal plugin enabled -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 26 2014 TI_Eugene <ti.eugene@xxxxxxxxx> 0.10-10 - spec tuning * Fri Sep 26 2014 TI_Eugene <ti.eugene@xxxxxxxxx> 0.10-9 - terminal plugin enabled * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.10-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.10-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Nov 8 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.10-6 - rebuild (qscintilla) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.10-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ koji-1.9.0-5.fc19 (FEDORA-2014-11671) Build system tools -------------------------------------------------------------------------------- Update Information: Use https to download packages from kojipkgs. Reference: https://fedorahosted.org/koji/ticket/106 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 26 2014 Till Maas <opensource@xxxxxxxxx> - 1.9.0-5 - Use https for kojipkgs -------------------------------------------------------------------------------- ================================================================================ lcgdm-dav-0.15.0-1.fc19 (FEDORA-2014-11741) HTTP/DAV front end to the DPM/LFC services -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 26 2014 Alejandro Alvarez Ayllon <aalvarez@xxxxxxx> - 0.15.0-1 - New upstream release * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.14.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jul 25 2014 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 0.14.1-6 - Patch for building against json-c-0.12-2 * Fri Jul 25 2014 Adrien Devresse <adevress at cern.ch> - 0.14.1-5 - Rebuilt for libjson update * Mon Jul 14 2014 Alejandro Alvarez Ayllon <aalvarez@xxxxxxx> - 0.14.1-3 - Rebuilt for gsoap 2.8.17 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.14.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.23.4-1.fc19 (FEDORA-2014-11582) A wiki engine -------------------------------------------------------------------------------- Update Information: * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs. * (bug 65998) Make MySQLi work with non-standard socket. * (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config settings. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 26 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.23.4-1 - Update to 1.23.4 - (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs. - (bug 65998) Make MySQLi work with non-standard socket. - (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config settings. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1146515 - mediawiki: security update https://bugzilla.redhat.com/show_bug.cgi?id=1146515 -------------------------------------------------------------------------------- ================================================================================ nex-20140621-1.fc19 (FEDORA-2014-11607) A lexer generator for Go that is similar to Lex/Flex -------------------------------------------------------------------------------- Update Information: Initial Fedora package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1146551 - Review Request: nex - A lexer generator for Go that is similar to Lex/Flex https://bugzilla.redhat.com/show_bug.cgi?id=1146551 -------------------------------------------------------------------------------- ================================================================================ openscap-1.1.1-1.fc19 (FEDORA-2014-11693) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: upgrade to the latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 26 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.1.1-1 - upgrade to the latest upstream release -------------------------------------------------------------------------------- ================================================================================ ovirt-guest-agent-1.0.10-2.fc19 (FEDORA-2014-11670) The oVirt Guest Agent -------------------------------------------------------------------------------- Update Information: Removed unnecessary runtime dependeny on python-pep8 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 26 2014 Vinzenz Feenstra <evilissimo@xxxxxxxxxx> - 1.0.10-2 - Removed unnecessary runtime dependency on python-pep8 -------------------------------------------------------------------------------- ================================================================================ php-pear-Net-Sieve-1.3.3-1.fc19 (FEDORA-2014-11715) Handles talking to a sieve server -------------------------------------------------------------------------------- Update Information: Upstream changelog: * Fix notices from non-static calling of PEAR methods. * Fix reading OK responses with string literal messages. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 26 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.3.3-1 - Version 1.3.3 (stable) - API 1.3.0 (stable) -------------------------------------------------------------------------------- ================================================================================ python-doit-0.26.0-1.fc19 (FEDORA-2014-11716) Automation Tool -------------------------------------------------------------------------------- Update Information: This update fixes some issues in previous releases. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 24 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 0.26.0-1 - update to 0.26 - don't own /etc/bash_completion.d/ * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.25.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 28 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 0.25.0-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1136279 - python-doit-0.26.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1136279 -------------------------------------------------------------------------------- ================================================================================ rubygem-bundler-1.7.3-1.fc19 (FEDORA-2014-11649) Library and utilities to manage a Ruby application's gem dependencies -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2013-0334: 'bundle install' may install a gem from a source other than expected -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 25 2014 Josef Stribny <jstribny@xxxxxxxxxx> - 1.7.3-1 - Update to 1.7.3 * Tue Jul 2 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 1.3.1-2 - Always include Patch100 in SRPM. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1146335 - CVE-2013-0334 rubygem-bundler: 'bundle install' may install a gem from a source other than expected https://bugzilla.redhat.com/show_bug.cgi?id=1146335 -------------------------------------------------------------------------------- ================================================================================ seamonkey-2.29.1-1.fc19 (FEDORA-2014-11745) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information: Update to 2.29.1 Update to 2.29 Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 26 2014 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> 2.29.1-1 - update to 2.29.1 * Sat Sep 20 2014 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> 2.29-1 - update to 2.29 - apply some patches from firefox-32 package * Wed Aug 20 2014 Kevin Fenzi <kevin@xxxxxxxxx> - 2.26.1-3 - Rebuild for rpm bug 1131892 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.26.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1146490 - seamonkey-2.29.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1146490 [ 2 ] Bug #1139157 - seamonkey-2.29 is available (SSA:2014-252-01) https://bugzilla.redhat.com/show_bug.cgi?id=1139157 -------------------------------------------------------------------------------- ================================================================================ x2goserver-4.0.1.16-1.fc19 (FEDORA-2014-11645) X2Go Server -------------------------------------------------------------------------------- Update Information: Update to 4.0.1.16: o Complete rewrite of the NX session state control / monitoring o Enhance support for other desktop session types (OpenBox, IceWM) o Attempt at supporting GNOMEv3 Flashback session in X2Go o Support for Cinnamon 1.4 X2Go Sessions o Support configuration of clipboard behaviour (server-side _and_ client-side) o Fix issues with non-resumable sessions after connection disrupture. o Support desktop sharing if sharable sessions is on a kernel namespace socket only. o Move all NX session files to /tmp. Don't store session information in $HOME anymore. Only place symlinks in $HOME pointing to /tmp. Fixes performance and stability of X2Go with homes on network file systems. o Fix privilege upgrades for applications launched via pkexec. New upstream release (4.0.1.14): - Log SSHFS output and errors to ~/.x2go/C-<session>/sshfs-mounts.log. (Fixes: #415). - If x2golistmounts is used without cmd option <session_id>, then the env var $X2GO_SESSION (current session) will be attempted to use. - If x2goumount-session is used without cmd option <session_id>, then the env var $X2GO_SESSION (current session) will be attempted to use. - Fix x2gostartagent. Make sure the -nolisten tcp option is configurable via x2goagent.options. (Fixes: #424). - Safely remove desktop files for client-side shared folders. Remove the correct desktop file, even if the shared folder has already been (forcefully) umounted. Such situations occur in cases where the connection gets interrupted. SSHFS will then get removed by the Linux kernel and we have to "guess" what desktop icons is actually to be removed. - Fix broken file descriptor closures in x2gocleansessions. (Fixes: #441). - x2gofm.desktop: Drop obsolete Encoding key from .desktop file. - Fix typos / hyphen-as-minus signs issues in x2goversion.8 and x2gomountdirs.8. New upstream release (4.0.1.14): - Log SSHFS output and errors to ~/.x2go/C-<session>/sshfs-mounts.log. (Fixes: #415). - If x2golistmounts is used without cmd option <session_id>, then the env var $X2GO_SESSION (current session) will be attempted to use. - If x2goumount-session is used without cmd option <session_id>, then the env var $X2GO_SESSION (current session) will be attempted to use. - Fix x2gostartagent. Make sure the -nolisten tcp option is configurable via x2goagent.options. (Fixes: #424). - Safely remove desktop files for client-side shared folders. Remove the correct desktop file, even if the shared folder has already been (forcefully) umounted. Such situations occur in cases where the connection gets interrupted. SSHFS will then get removed by the Linux kernel and we have to "guess" what desktop icons is actually to be removed. - Fix broken file descriptor closures in x2gocleansessions. (Fixes: #441). - x2gofm.desktop: Drop obsolete Encoding key from .desktop file. - Fix typos / hyphen-as-minus signs issues in x2goversion.8 and x2gomountdirs.8. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 25 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.16-1 - Update to 4.0.1.16 * Tue Sep 9 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.0.1.15-7 - Perl 5.20 mass * Wed Aug 27 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.0.1.15-6 - Perl 5.20 rebuild * Tue Aug 26 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.15-5 - Fix scriptlet requires * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0.1.15-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0.1.15-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 2 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.15-2 - Add Requires xorg-x11-xauth -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
