The following Fedora 19 Security updates need testing: Age URL 366 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 178 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 129 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 127 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 72 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3.fc19 47 https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-8.20140822git.fc19 46 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19 30 https://admin.fedoraproject.org/updates/FEDORA-2014-11522/python-2.7.5-14.fc19 30 https://admin.fedoraproject.org/updates/FEDORA-2014-11544/drupal6-6.33-1.fc19 23 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19 16 https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.9.0-2.20141007git6a28c29b.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-13044/thunderbird-31.2.0-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-12994/firefox-33.0-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13360/asterisk-11.13.1-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0.4-4.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13504/phpMyAdmin-4.2.10.1-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13570/php-Smarty-3.1.21-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13564/kernel-3.14.22-101.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 314 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 240 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-12870/nss-util-3.17.2-1.fc19,nss-softokn-3.17.2-1.fc19,nss-3.17.2-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-13044/thunderbird-31.2.0-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-13059/kde-workspace-4.11.13-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13362/perl-Encode-2.54-3.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0.4-4.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13434/curl-7.29.0-24.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13549/xulrunner-33.0-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13564/kernel-3.14.22-101.fc19 The following builds have been pushed to Fedora 19 updates-testing ahkab-0.10-2.fc19 kernel-3.14.22-101.fc19 mate-themes-extras-3.8.0-1.fc19 nginx-1.4.7-5.fc19 oxygen-gtk2-1.4.6-1.fc19 peervpn-0.040-1.fc19 php-Smarty-3.1.21-1.fc19 python-fedora-0.3.36-2.fc19 wpa_supplicant-2.0-12.fc19 xulrunner-33.0-2.fc19 Details about builds: ================================================================================ ahkab-0.10-2.fc19 (FEDORA-2014-13568) A SPICE-like electronic circuit simulator written in Python -------------------------------------------------------------------------------- Update Information: Clean lines on spec file. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Kiara Navarro <sophiekovalevsky@xxxxxxxxxxxxxxxxx> - 0.10-2 - Clean lines on spec file. * Sat Oct 18 2014 Kiara Navarro <sophiekovalevsky@xxxxxxxxxxxxxxxxx> - 0.10-1 - Update release version and new source. * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.09-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ kernel-3.14.22-101.fc19 (FEDORA-2014-13564) The Linux kernel -------------------------------------------------------------------------------- Update Information: Various security fixes for KVM and SCTP -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 3.14.22-101 - CVE-2014-3688 sctp: remote memory pressure from excessive queuing (rhbz 1155745 1155751) - CVE-2014-3687 sctp: panic on duplicate ASCONF chunks (rhbz 1155731 1155738) - CVE-2014-3673 sctp: panic with malformed ASCONF chunks (rhbz 1147850 1155727) - CVE-2014-3690 kvm: invalid host cr4 handling (rhbz 1153322 1155372) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153322 - CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries https://bugzilla.redhat.com/show_bug.cgi?id=1153322 [ 2 ] Bug #1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing https://bugzilla.redhat.com/show_bug.cgi?id=1155745 [ 3 ] Bug #1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks https://bugzilla.redhat.com/show_bug.cgi?id=1155731 [ 4 ] Bug #1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks https://bugzilla.redhat.com/show_bug.cgi?id=1147850 -------------------------------------------------------------------------------- ================================================================================ mate-themes-extras-3.8.0-1.fc19 (FEDORA-2014-13548) Extra gtk-2/3 themes for gtk based desktops -------------------------------------------------------------------------------- Update Information: - update to 3.8.0 release to reflect GTK3 version - update faience themes to GTK3-3.10 (works with GTK3-3.8) - drop cologne theme, get rid of runtime require gtk-xfce-engine -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> -3.8.0.1 - update to 3.8.0 release to reflect GTK3 version - update faince themes to GTK3-3.10 (works with GTK3-3.8) - drop cologne theme, get rid of runtime require gtk-xfce-engine * Thu Oct 16 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.7.6-1 - update to 1.7.6 release -------------------------------------------------------------------------------- ================================================================================ nginx-1.4.7-5.fc19 (FEDORA-2014-13567) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: * use default.d directory * add vim files -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1:1.4.7-5 - use default.d directory * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1:1.4.7-4 - add vim files (#1142849) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1142298 - RFE: nginx + php + webapp https://bugzilla.redhat.com/show_bug.cgi?id=1142298 [ 2 ] Bug #1142849 - [RFE] include nginx vim files https://bugzilla.redhat.com/show_bug.cgi?id=1142849 -------------------------------------------------------------------------------- ================================================================================ oxygen-gtk2-1.4.6-1.fc19 (FEDORA-2014-13556) Oxygen GTK+2 theme -------------------------------------------------------------------------------- Update Information: oxygen-gtk2 1.4.6 - Fixes a serious crash inside eclipse (kde bug 339174) - Fix some rendering issue for checkboxes when low contrast is used for color palette See https://projects.kde.org/news/276 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1.4.6-1 - oxygen-gtk2-1.4.6 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ peervpn-0.040-1.fc19 (FEDORA-2014-13565) A VPN software using full mesh network topology -------------------------------------------------------------------------------- Update Information: Updated to 0.040 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jan Cholasta <jcholast@xxxxxxxxxx> - 0.040-1 - Updated to 0.040 -------------------------------------------------------------------------------- ================================================================================ php-Smarty-3.1.21-1.fc19 (FEDORA-2014-13570) Template/Presentation Framework for PHP -------------------------------------------------------------------------------- Update Information: New upstream release, fix CVE-2014-8350 New upstream release New upstream release New upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.21-1 - New upstream release - Fix version constant - Fix requires * Wed Oct 15 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.20-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155846 - CVE-2014-8350 php-Smarty: secure mode bypass https://bugzilla.redhat.com/show_bug.cgi?id=1155846 -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.3.36-2.fc19 (FEDORA-2014-13561) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: Backport the fix to flask-fas-openid merged upstream at https://github.com/fedora-infra/python-fedora/pull/108 New upstream release fixing logging in openidbaseclient * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS New upstream release fixing logging in openidbaseclient * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 0.3.36-2 - Backport the flask-fas-openid fix merged upstream at: https://github.com/fedora-infra/python-fedora/pull/108 * Thu Aug 7 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.36-1 - New upstream release fixing logging in openidbaseclient * Wed Aug 6 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.35-1 - Upstream 0.3.35 release that adds openidbaseclient * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.34-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150301 - Using "pkgdb-cli" leads to "NameError: name 'NullHandler' is not defined" https://bugzilla.redhat.com/show_bug.cgi?id=1150301 -------------------------------------------------------------------------------- ================================================================================ wpa_supplicant-2.0-12.fc19 (FEDORA-2014-13551) WPA/WPA2/IEEE 802.1X Supplicant -------------------------------------------------------------------------------- Update Information: This update fixes a possible security issue executing scripts with wpa_cli. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Dan Williams <dcbw@xxxxxxxxxx> - 1:2.0-12 - Use os_exec() for action script execution (CVE-2014-3686) * Thu Aug 21 2014 Kevin Fenzi <kevin@xxxxxxxxx> - 1:2.0-11 - Rebuild for rpm bug 1131960 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:2.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:2.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151259 - CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue https://bugzilla.redhat.com/show_bug.cgi?id=1151259 -------------------------------------------------------------------------------- ================================================================================ xulrunner-33.0-2.fc19 (FEDORA-2014-13549) XUL Runtime for Gecko Applications -------------------------------------------------------------------------------- Update Information: Second arch fixes. Update to latest upstream - Xulrunner 33. Update to latest upstream - Firefox 31. Update to latest upstream - Xulrunner 33. Update to latest upstream - Firefox 31. Update to latest upstream - Xulrunner 33. Update to latest upstream - Firefox 31. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Dan Horák <dan[at]danny.cz> - 33.0-2 - Fix filelist for secondary arches * Thu Oct 16 2014 Martin Stransky <stransky@xxxxxxxxxx> - 33.0-1 - Update to 33.0 * Sat Sep 20 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 32.0.2-1 - Update to 32.0.2 - sync fixes to the same as firefox * Tue Sep 9 2014 Martin Stransky <stransky@xxxxxxxxxx> - 32.0-2 - move /sdk/bin to xulrunner libdir * Tue Aug 26 2014 Martin Stransky <stransky@xxxxxxxxxx> - 32.0-1 - Update to 32.0 build 1 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 31.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jul 25 2014 Martin Stransky <stransky@xxxxxxxxxx> - 31.0-1 - Update to 31.0 build 2 * Fri Jul 25 2014 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 30.0-3 - Fix mozilla-config.h wrapper on aarch64 * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 30.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
