The following Fedora 19 Security updates need testing: Age URL 356 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 168 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 119 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 117 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 70 https://admin.fedoraproject.org/updates/FEDORA-2014-9162/xulrunner-31.0-1.fc19 62 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3.fc19 49 https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19 37 https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-8.20140822git.fc19 36 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19 20 https://admin.fedoraproject.org/updates/FEDORA-2014-11522/python-2.7.5-14.fc19 20 https://admin.fedoraproject.org/updates/FEDORA-2014-11544/drupal6-6.33-1.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-12059/torque-3.0.4-5.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-12536/python-oauth2-1.5.211-8.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-12584/bugzilla-4.2.11-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.9.0-2.20141007git6a28c29b.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-12679/facter-1.6.18-5.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-12707/perl-Mojolicious-5.49-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-12878/sysklogd-1.5-18.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13031/php-5.5.18-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13044/thunderbird-31.2.0-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13070/rubygem-httpclient-2.4.0-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-12994/firefox-33.0-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13053/drupal7-7.32-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13020/kernel-3.14.22-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13027/java-1.7.0-openjdk-1.7.0.71-2.5.3.0.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13049/java-1.8.0-openjdk-1.8.0.25-0.b18.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13012/openssl-1.0.1e-40.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 304 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 230 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-12420/initscripts-9.47-2.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-12672/libssh2-1.4.3-8.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-12547/xfce4-session-4.10.1-2.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-12870/nss-util-3.17.2-1.fc19,nss-softokn-3.17.2-1.fc19,nss-3.17.2-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13012/openssl-1.0.1e-40.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13044/thunderbird-31.2.0-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13020/kernel-3.14.22-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-12994/firefox-33.0-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13059/kde-workspace-4.11.13-1.fc19 The following builds have been pushed to Fedora 19 updates-testing WindowMaker-0.95.6-2.fc19 bontmia-0.14-13.fc19 deluge-1.3.10-1.fc19 drupal7-7.32-1.fc19 edgar-1.18-1.fc19 firefox-33.0-1.fc19 gccxml-0.9.0-0.25.20140718.gitab651a2.fc19 gridsite-1.7.29-2.fc19 hanazono-fonts-20141012-1.fc19 java-1.7.0-openjdk-1.7.0.71-2.5.3.0.fc19 java-1.8.0-openjdk-1.8.0.25-0.b18.fc19 kde-workspace-4.11.13-1.fc19 kernel-3.14.22-100.fc19 libxml2-2.9.1-2.fc19 man-pages-fr-3.70-1.fc19 mate-themes-extras-1.7.6-1.fc19 mozilla-https-everywhere-4.0.2-1.fc19 onionshare-0.6-5.fc19 openssl-1.0.1e-40.fc19 perl-Module-Build-0.40.04-2.fc19 perl-Module-Starter-1.62-3.fc19 perl-Spreadsheet-XLSX-0.13-8.fc19 php-5.5.18-1.fc19 php-Smarty-3.1.20-1.fc19 php-doctrine-orm-2.4.6-1.fc19 qsstv-8.2.8-1.fc19 rubygem-httpclient-2.4.0-2.fc19 the_silver_searcher-0.25.0-1.fc19 thunderbird-31.2.0-1.fc19 wgrib2-1.9.9-2.fc19 wmsystemtray-1.4-1.fc19 wmudmount-2.2-1.fc19 wmweather+-2.15-2.fc19 zarafa-7.1.11-1.fc19 Details about builds: ================================================================================ WindowMaker-0.95.6-2.fc19 (FEDORA-2014-12988) A fast, feature rich Window Manager -------------------------------------------------------------------------------- Update Information: = WindowMaker = * Better Fedora integration for first time WindowMaker users * Window Maker can now support ImageMagick library to support even more image formats * Add mini-window apercu , a small preview of window contents * Support for up to 9-buttons mouse added * Many configuration options added to WPrefs.app * Add wmiv, an image viewer application * Bug fixes and code cleanups by various people = wmweather+ = * Fix mkgmtime to not crash if passed a tm_mon > 11 * Update curl code to handle the possiblity of curl_multi_fdset returning -1 in maxfds. * Change the res_class to "DockApp". * Escape dashes in the manpage. * Remove curl handle from the multihandle before closing the file descriptor and before doing the callbacks. Otherwise we might get another completion message, which will cause double-free errors and such. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 0.95.6-2 - make system config in /etc noreplace - add fedora specific WMRootMenu in /etc - set current fedora background as default background (via desktop-backgrounds-compat) - fix bogus date in changelog - utf8 cleanup * Tue Oct 14 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 0.95.6-1 - version upgrade (rhbz#1138296) * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.95.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.95.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 31 2013 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 0.95.5-1 - version upgrade - do some more /usr/local/ replacement so that WindowMaker-extra is detected correctly * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.95.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ bontmia-0.14-13.fc19 (FEDORA-2014-13036) Backup over network to multiple incremental archives -------------------------------------------------------------------------------- Update Information: Recent change in GNU cp from GNU coreutils broke bontmia. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Terje Rosten <terje.rosten@xxxxxxx> - 0.14-13 - Add patch to fix cp issue (#1152534) - Clean up * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.14-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.14-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ deluge-1.3.10-1.fc19 (FEDORA-2014-13018) A GTK+ BitTorrent client with support for DHT, UPnP, and PEX -------------------------------------------------------------------------------- Update Information: update to 1.3.10 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 1.3.10-1 - update to 1.3.10 * Mon Oct 6 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 1.3.9-1 - upstream release 1.3.9 - http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.9 - switch to bz2 - remove empty file - drop old obsoletes and provides - drop old sysv transitional changes - switch from using systemd-units to systemd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153456 - deluge-web is vulnerable to POODLE https://bugzilla.redhat.com/show_bug.cgi?id=1153456 -------------------------------------------------------------------------------- ================================================================================ drupal7-7.32-1.fc19 (FEDORA-2014-13053) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Jared Smith <jsmith@xxxxxxxxxxxxxxxxx> - 7.32-1 - Update to upstream 7.32 security release for SA-CORE-2014-005 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153402 - CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005) https://bugzilla.redhat.com/show_bug.cgi?id=1153402 -------------------------------------------------------------------------------- ================================================================================ edgar-1.18-1.fc19 (FEDORA-2014-13011) A platform game -------------------------------------------------------------------------------- Update Information: * Updated German translation -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Andrea Musuruane <musuruan@xxxxxxxxx> - 1.18-1 - Updated to upstream 1.18-1 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ firefox-33.0-1.fc19 (FEDORA-2014-12994) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: New upstream version - Firefox 33. Update to the latest upstream 32.0.2. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Martin Stransky <stransky@xxxxxxxxxx> - 33.0-1 - Update to 33.0 build 2 * Fri Sep 19 2014 Jan Horak <jhorak@xxxxxxxxxx> - 32.0.2-2 - Added support for Mozilla tests * Thu Sep 18 2014 Martin Stransky <stransky@xxxxxxxxxx> - 32.0.2-1 - Update to 32.0.2 build 1 * Tue Sep 16 2014 Martin Stransky <stransky@xxxxxxxxxx> - 32.0.1-2 - disable baseline JIT on i686 (rhbz#1047079) * Mon Sep 15 2014 Martin Stransky <stransky@xxxxxxxxxx> - 32.0.1-1 - Update to 32.0.1 build 2 - Patch from rhbz#1140157 * Wed Sep 10 2014 Jan Horak <jhorak@xxxxxxxxxx> - 32.0-2 - Fix for geolocation API (rhbz#1063739) * Tue Aug 26 2014 Martin Stransky <stransky@xxxxxxxxxx> - 32.0-1 - Update to 32.0 build 1 * Tue Aug 26 2014 David Tardon <dtardon@xxxxxxxxxx> - 31.0-4 - rebuild for ICU 53.1 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 31.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ gccxml-0.9.0-0.25.20140718.gitab651a2.fc19 (FEDORA-2014-13067) XML output extension to GCC -------------------------------------------------------------------------------- Update Information: Synch with upstream - improved gcc 4.9 support files. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 0.9.0-0.25.20140718.gitab651a2 - Updated git snapshot with updated gcc 4.9 support files * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.0-0.24.20140610.gita012b8fe - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ gridsite-1.7.29-2.fc19 (FEDORA-2014-13023) Grid Security for the Web, Web platforms for Grids -------------------------------------------------------------------------------- Update Information: Disable TLS tickets, which are not supported by gridsite (https://github.com/CESNET/gridsite/issues/10). -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 František Dvořák <valtri@xxxxxxxxxx> - 1.7.29-2 - Patch for disabling TLS tickets, which are not supported by gridsite -------------------------------------------------------------------------------- ================================================================================ hanazono-fonts-20141012-1.fc19 (FEDORA-2014-13034) Japanese Mincho-typeface TrueType font -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Akira TAGOH <tagoh@xxxxxxxxxx> - 20141012-1 - New upstream release. (#1152054) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 20131208-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152054 - hanazono-fonts-20141012 is available https://bugzilla.redhat.com/show_bug.cgi?id=1152054 -------------------------------------------------------------------------------- ================================================================================ java-1.7.0-openjdk-1.7.0.71-2.5.3.0.fc19 (FEDORA-2014-13027) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: Upodated to security u71 http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-for-openjdk-7-released/ -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.7.0.71-2.5.3.0 - updated to security icedtea-forest 2.5.3 -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.25-0.b18.fc19 (FEDORA-2014-13049) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: Updated to security u25. Security bugs are same as for http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-for-openjdk-7-released/ -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.25-0.b18 - updated to security u25 - sync with f20 * Mon Jul 21 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.11-7.b12 - removed legacy aarch64 switches - --with-jvm-variants=client and --disable-precompiled-headers - added patch patch9999 enableArm64.patch to enable new hotspot - Attempt to update aarch64 *jdk* to u11b12, by resticting aarch64 sources to hotpot only - partial sync with f20 -------------------------------------------------------------------------------- ================================================================================ kde-workspace-4.11.13-1.fc19 (FEDORA-2014-13059) KDE Workspace -------------------------------------------------------------------------------- Update Information: New LTS bugfix release, see also https://www.kde.org/announcements/announce-4.14.2.php -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 11 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.13-1 - 4.11.13 -------------------------------------------------------------------------------- ================================================================================ kernel-3.14.22-100.fc19 (FEDORA-2014-13020) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.14.22 stable update contains a number of important fixes across the tree. The 3.14.21 stable update contains a number of important fixes across the tree. The 3.14.20 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.14.22-100 - Linux v3.14.22 * Mon Oct 13 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-7975 fs: umount DoS (rhbz 1151108 1152025) * Fri Oct 10 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-7970 VFS: DoS with USER_NS (rhbz 1151095 1151484) * Thu Oct 9 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.14.21-100 - Linux v3.14.21 * Mon Oct 6 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.14.20-100 - Linux v3.14.20 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151108 - CVE-2014-7975 Kernel: fs: umount denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1151108 [ 2 ] Bug #1151095 - CVE-2014-7970 Kernel: fs: VFS denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1151095 -------------------------------------------------------------------------------- ================================================================================ libxml2-2.9.1-2.fc19 (FEDORA-2014-13047) Library providing XML and HTML support -------------------------------------------------------------------------------- Update Information: New variants for the billion laugh DOS attacks -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Daniel Veillard <veillard@xxxxxxxxxx> - 2.9.1-2 - Fix for CVE-2014-3660 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1149084 - CVE-2014-3660 libxml2: denial of service via recursive entity expansion https://bugzilla.redhat.com/show_bug.cgi?id=1149084 -------------------------------------------------------------------------------- ================================================================================ man-pages-fr-3.70-1.fc19 (FEDORA-2014-13002) French version of the Linux man-pages -------------------------------------------------------------------------------- Update Information: update to new upstream version man-pages-fr 3.70-1 (Resolves: rhbz#1152476) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 3.70-1 - update to new upstream version man-pages-fr 3.70-1 (Resolves: rhbz#1152476) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152476 - man-pages-fr-3.70-1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1152476 -------------------------------------------------------------------------------- ================================================================================ mate-themes-extras-1.7.6-1.fc19 (FEDORA-2014-13056) Extra gtk-2/3 themes for gtk based desktops -------------------------------------------------------------------------------- Update Information: - update to 1.7.6 release -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.7.6-1 - update to 1.7.6 release -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-4.0.2-1.fc19 (FEDORA-2014-13022) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: - Disable SSL 3 to Prevent POODLE attack: -- https://github.com/EFForg/https-everywhere/pull/674 - NEW: HTTP Nowhere mode. Block all plaintext http - Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn, Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix, net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung, Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook, F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie, localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub, Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal Institute of GB, Wall Street Journal -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 4.0.2-1 - Disable SSL 3 to Prevent POODLE attack: -- https://github.com/EFForg/https-everywhere/pull/674 - NEW: HTTP Nowhere mode. Block all plaintext http - Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn, Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix, net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung, Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook, F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie, localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub, Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal Institute of GB, Wall Street Journal -------------------------------------------------------------------------------- ================================================================================ onionshare-0.6-5.fc19 (FEDORA-2014-13048) Securely and anonymously share files of any size -------------------------------------------------------------------------------- Update Information: * onionshare - share files securely and anonymously. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151747 - Review request: onionshare - share files of any size securely and anonymously https://bugzilla.redhat.com/show_bug.cgi?id=1151747 -------------------------------------------------------------------------------- ================================================================================ openssl-1.0.1e-40.fc19 (FEDORA-2014-13012) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: Update fixing three moderate security issues. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1e-40 - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) - print ephemeral key size negotiated in TLS handshake (#1057715) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152850 - CVE-2014-3566 openssl: Padding Oracle On Downgraded Legacy Encryption attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1152850 -------------------------------------------------------------------------------- ================================================================================ perl-Module-Build-0.40.04-2.fc19 (FEDORA-2014-13046) Build and install Perl modules -------------------------------------------------------------------------------- Update Information: This release fixes license identifiers produced by module-starter tool to be in line with Software::License and ensures the Module::Build understands them. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 2:0.40.04-2 - Require Software::License to recognize more license identifiers (bug #1152319) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152319 - perl-Module-Starter produces invalid license identifiers https://bugzilla.redhat.com/show_bug.cgi?id=1152319 -------------------------------------------------------------------------------- ================================================================================ perl-Module-Starter-1.62-3.fc19 (FEDORA-2014-13046) A simple starter kit for any module -------------------------------------------------------------------------------- Update Information: This release fixes license identifiers produced by module-starter tool to be in line with Software::License and ensures the Module::Build understands them. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1:1.62-3 - Revert the previous license identifiers patches which broke Software::License - Produce valid Software::License identifiers (bug #1152319) * Tue Oct 14 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1:1.62-2 - Produce valid license identifiers (bug #1152319) - Document the default license is artistic2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152319 - perl-Module-Starter produces invalid license identifiers https://bugzilla.redhat.com/show_bug.cgi?id=1152319 -------------------------------------------------------------------------------- ================================================================================ perl-Spreadsheet-XLSX-0.13-8.fc19 (FEDORA-2014-13006) Perl extension for reading Microsoft Excel 2007 files -------------------------------------------------------------------------------- Update Information: Value "0" parsed as empty string when value is part of shared string table -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.13-8 - Modified existing patch to parse value "0" correct (#1152739) * Fri Aug 29 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.13-7 - Perl 5.20 rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.13-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.13-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 31 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 0.13-4 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152739 - value "0" parsed as empty string when value is part of shared string table https://bugzilla.redhat.com/show_bug.cgi?id=1152739 -------------------------------------------------------------------------------- ================================================================================ php-5.5.18-1.fc19 (FEDORA-2014-13031) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 16 Oct 2014, PHP 5.5.18 Core: * Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk) * Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz) * Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita) * Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol) * Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL: * Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF: * Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) FPM: * Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi) OpenSSL: * Revert regression introduced by fix of bug #41631 Reflection: * Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi) Session: * Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam) XMLRPC: * Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 16 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.18-1 - Update to 5.5.18 http://www.php.net/releases/5_5_18.php -------------------------------------------------------------------------------- ================================================================================ php-Smarty-3.1.20-1.fc19 (FEDORA-2014-13035) Template/Presentation Framework for PHP -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.20-1.trashy - New upstream release -------------------------------------------------------------------------------- ================================================================================ php-doctrine-orm-2.4.6-1.fc19 (FEDORA-2014-13057) Doctrine Object-Relational-Mapper (ORM) -------------------------------------------------------------------------------- Update Information: ### 2.4.6 * [1154: PHP 5.6 internal classes/Serializable serialization fix](https://github.com/doctrine/doctrine2/pull/1154) * [DDC-3120](http://www.doctrine-project.org/jira/browse/DDC-3120) * [DDC-3339](http://www.doctrine-project.org/jira/browse/DDC-3339) ### 2.4.5 * [1142: `func_get_args()` call order fix for HHVM bug](https://github.com/doctrine/doctrine2/pull/1142) * [DDC-3317](http://www.doctrine-project.org/jira/browse/DDC-3317) ### 2.4.4 * [1074: Regression in change set state after `UnitOfWork::recomputeSingleEntityChangeSet()`](https://github.com/doctrine/doctrine2/pull/1074) * [DDC-2996](http://www.doctrine-project.org/jira/browse/DDC-2996) * [DDC-3160](http://www.doctrine-project.org/jira/browse/DDC-3160) * [DDC-3208](http://www.doctrine-project.org/jira/browse/DDC-3208) ### 2.4.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.4.6-1 - Updated to 2.4.6 (BZ #1108129) - Manual git clone source instead of GitHub archive URL (to include tests) - Removed Patch1 (%{name}-upstream.patch) - Added tests -------------------------------------------------------------------------------- References: [ 1 ] Bug #1108129 - php-doctrine-orm-2.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1108129 -------------------------------------------------------------------------------- ================================================================================ qsstv-8.2.8-1.fc19 (FEDORA-2014-13037) Qt-based slow-scan TV and fax -------------------------------------------------------------------------------- Update Information: update for hybrid mode - compatible with Easypal from October 2014 -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 11 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 8.2.8-1 - Update to latest upstream release. - Move documentation to a doc subpackage. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152134 - qsstv-8.2.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1152134 -------------------------------------------------------------------------------- ================================================================================ rubygem-httpclient-2.4.0-2.fc19 (FEDORA-2014-13070) HTTP Client interface for ruby -------------------------------------------------------------------------------- Update Information: Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Troy Dawson <tdawson@xxxxxxxxxx> - 2.4.0-2 - Fix spec make it build and install on epel7 and older versions of fedora * Fri Jun 13 2014 Troy Dawson <tdawson@xxxxxxxxxx> - 2.4.0-1 - Update to latest upstream * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Jan 31 2014 Adam Miller <maxamillion@xxxxxxxxxxxxxxxxx> - 2.3.4.1-1 - Update to latest upstream * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ the_silver_searcher-0.25.0-1.fc19 (FEDORA-2014-13055) Super-fast text searching tool (ag) -------------------------------------------------------------------------------- Update Information: update to 0.25.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Kenjiro Nakayama <nakayamakenjiro@xxxxxxxxx> - 0.25.0-1 - update to 0.25.0 -------------------------------------------------------------------------------- ================================================================================ thunderbird-31.2.0-1.fc19 (FEDORA-2014-13044) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: For list of changes see: https://www.mozilla.org/en-US/thunderbird/31.2.0/releasenotes/ For release notes and fixed issues see here: https://www.mozilla.org/en-US/thunderbird/31.1.1/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Jan Horak <jhorak@xxxxxxxxxx> - 31.2.0-1 - Update to 31.2.0 * Wed Oct 1 2014 Martin Stransky <stransky@xxxxxxxxxx> - 31.1.1-2 - Sync prefs with Firefox * Thu Sep 11 2014 Jan Horak <jhorak@xxxxxxxxxx> - 31.1.1-1 - Update to 31.1.1 * Mon Sep 1 2014 Jan Horak <jhorak@xxxxxxxxxx> - 31.1.0-1 - Update to 31.1.0 * Tue Aug 26 2014 Karsten Hopp <karsten@xxxxxxxxxx> 31.0-5 - ppc64 patch 304 got removed and isn't required anymore (mozbz#973977) * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 31.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Aug 4 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 31.0-3 - Build with system FFI as per firefox/xulrunner (fixes aarch64) * Wed Jul 30 2014 Martin Stransky <stransky@xxxxxxxxxx> - 31.0-2 - Added patch for mozbz#858919 * Tue Jul 29 2014 Martin Stransky <stransky@xxxxxxxxxx> - 31.0-1 - Update to 31.0 -------------------------------------------------------------------------------- ================================================================================ wgrib2-1.9.9-2.fc19 (FEDORA-2014-13025) Manipulate, inventory and decode GRIB2 files -------------------------------------------------------------------------------- Update Information: Update to 1.9.9: - fixed "decode" spelling mistake - fixed code_table_0_0: reported by Matthew Foster, only affected -code_table_0.0 and -disc (alias to previous options). All other codes used a macro which was correct - fixed Ext_name.c for code table 4.3: added prob fcst, climatological thanks Manfred Schwarb - added various Gaussian grids to ncep_grids.c - better error message, f_g2clib - 0xSec fixed section number output for mode >= 2 - added lambertc grid defn for -new_grid: new_grid_lambertc, modified New_grid.c - added radius_major and radius_minor to struct local in New_grid.c, so lambertc calculations don't have to be repeated if already done - Wrt_grb.c fprintf(c,"#define PRODUCTNUMBER %d\n",i+9); -> fprintf(c,"#define PRODUCTNUMBER %d\n",i+10); - fixed same_sec4_nottime (test_sec.c) .. fixes -ave, -fcst_ave for pdt 8 and 9 - works for pdt 0.15 bug report: K. Havener .. thanks -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.9.9-2 - Fix -Werror=format-security (bug #1037383) * Fri Sep 20 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.9.9-1 - Update to 1.9.9 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.9.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon May 13 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.9.8-1 - Update to 1.9.8 - Specfile cleanup -------------------------------------------------------------------------------- ================================================================================ wmsystemtray-1.4-1.fc19 (FEDORA-2014-12997) System tray (freedesktop.org systray protocol) as a Window Maker dock app -------------------------------------------------------------------------------- Update Information: New upstream release (rhbz#1152577) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Alexey I. Froloff <raorn@xxxxxxxxxx> - 1.4-1 - New upstream release (rhbz#1152577) * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152577 - New upstream version available https://bugzilla.redhat.com/show_bug.cgi?id=1152577 -------------------------------------------------------------------------------- ================================================================================ wmudmount-2.2-1.fc19 (FEDORA-2014-13032) A WindowMaker filesystem mounting dockapp using udisks -------------------------------------------------------------------------------- Update Information: * Major rewrite for GTK+ 3.0 and UDisks 2. * Add a default "single click" command: on the fsm, it takes you to the device page. * --non-wmaker option for openbox. * Replaced deprecated GtkStock items. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.2-1 - version upgrade * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.13-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.13-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.13-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ wmweather+-2.15-2.fc19 (FEDORA-2014-12988) Weather status dockapp -------------------------------------------------------------------------------- Update Information: = WindowMaker = * Better Fedora integration for first time WindowMaker users * Window Maker can now support ImageMagick library to support even more image formats * Add mini-window apercu , a small preview of window contents * Support for up to 9-buttons mouse added * Many configuration options added to WPrefs.app * Add wmiv, an image viewer application * Bug fixes and code cleanups by various people = wmweather+ = * Fix mkgmtime to not crash if passed a tm_mon > 11 * Update curl code to handle the possiblity of curl_multi_fdset returning -1 in maxfds. * Change the res_class to "DockApp". * Escape dashes in the manpage. * Remove curl handle from the multihandle before closing the file descriptor and before doing the callbacks. Otherwise we might get another completion message, which will cause double-free errors and such. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.15-2 - run autoreconf before configure for aclocal * Tue Oct 14 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.15-1 - version upgrade * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.11-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.11-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.11-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ zarafa-7.1.11-1.fc19 (FEDORA-2014-13017) Open Source Edition of the Zarafa Collaboration Platform -------------------------------------------------------------------------------- Update Information: Zarafa Collaboration Platform 7.1.11 final R1 [46050] ===================================================== General ------- This R1 release of the 7.1.11 final release addresses the WebAccess install problem on RPM-based systems and resolves the dependencies problems under Ubuntu 14.04. Backend ------- * ZCP-12472: zarafa-search crashes on ubuntu 14.0.4 LTS * ZCP-12405: zarafa-search do not start on Ubuntu 14.04 * ZCP-12581: config files are being saved as config.cfg.dpkg-new on ubuntu 14.04 * ZCP-12570: install.sh for Ubuntu 14.04 * ZCP-12582: installing webaccess on rhel based systems result in scriptlet failed, exit status 1 Zarafa Collaboration Platform 7.1.11 final [45875] ================================================== General ------- This release brings a few new features while maintaining stability. With this release we address a few segfaults in zarafa-search to match this final release. Backend ------- * ZCP-11809: zarafa-gateway is unable to create RTF text stream * ZCP-11862: zarafa-backup zarafa-restore breaks textfiles * ZCP-11934: Enhance MariaDB support by modifying sql_mode * ZCP-12012: zarafa-server segfaults when running zarafa-stats --system * ZCP-12097: Disposition-Notification-To double colons in middle of line. dagent crashes * ZCP-12110: Segfault zarafa-server 7.1.8 R1 * ZCP-12127: Support for Apache 2.4 * ZCP-12134: Randomly lost e-mail attachments in e-mails * ZCP-12266: [BIG5] Customer requires an option to set the default character encoding of incoming mail when no encoding is set. * ZCP-12269: public folder shows MAPI_E_STORE_FULL when creating new element * ZCP-12272: WebAccess: .htaccess is not marked as a configuration file in rpm * ZCP-12436: jpegPhoto included twice in ldap.propmap.cfg * ZCP-12500: Zarafa stores rfc enforced linebreaks as actual line breaks * ZCP-12511: zarafa-gateway is unable to create RTF text stream * ZCP-12537: ical issue when password contains a colon * ZCP-12547: As a hoster I need a way to reduce the performance impact on LDAP caused by zarafa-licensed. * ZCP-12563: Create configuration setting to indicate if folder owners automatically get full access rights or not * ZCP-12548: zarafa-search segfault -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 7.1.11-1 - Upgrade to 7.1.11 (#1139442) - Removed bundled PHP PEAR files/libraries - Added patch to allow mitigation of SSLv3/POODLE vulnerability - Added patch to implement ECDHE support (depending on OpenSSL) - Added patch to allow plaintext authentication from 127.0.0.1 * Tue Aug 26 2014 David Tardon <dtardon@xxxxxxxxxx> - 7.1.10-5 - rebuild for ICU 53.1 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
