The following Fedora 19 Security updates need testing: Age URL 371 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 183 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 134 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 132 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 77 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3.fc19 52 https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-8.20140822git.fc19 51 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19 36 https://admin.fedoraproject.org/updates/FEDORA-2014-11544/drupal6-6.33-1.fc19 29 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19 22 https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.9.0-2.20141007git6a28c29b.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-13044/thunderbird-31.2.0-1.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-12994/firefox-33.0-1.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0.4-4.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13570/php-Smarty-3.1.21-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13794/subscription-manager-1.13.6-1.fc19,python-rhsm-1.13.6-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13778/hostapd-2.0-5.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13764/Pound-2.6-8.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13753/seamonkey-2.30-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14089/wget-1.16-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13702/konversation-1.5-7.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14066/php-sabredav-Sabre_VObject-2.1.4-1.fc19,php-sabredav-Sabre_HTTP-1.7.11-1.fc19,php-sabredav-Sabre_CalDAV-1.7.9-1.fc19,php-sabredav-Sabre_DAVACL-1.7.9-1.fc19,php-sabredav-Sabre_CardDAV-1.7.9-2.fc19,php-sabredav-Sabre_DAV-1.7.13-1.fc19,owncloud-5.0.17-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14068/kernel-3.14.23-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14043/php-ZendFramework2-2.2.8-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14059/mokutil-0.2.0-1.fc19,shim-signed-0.8-2 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14005/fedup-0.9.0-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 319 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 245 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-13362/perl-Encode-2.54-3.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0.4-4.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-13434/curl-7.29.0-24.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13549/xulrunner-33.0-2.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13880/device-mapper-persistent-data-0.4.1-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14068/kernel-3.14.23-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14047/qtwebkit-2.3.4-1.fc19 The following builds have been pushed to Fedora 19 updates-testing dyninst-8.2.1-1.fc19 golang-github-russross-blackfriday-1.2-2.fc19 nodejs-seq-0.3.5-3.fc19 pdns-recursor-3.6.2-1.fc19 php-ZendFramework2-2.2.8-2.fc19 wget-1.16-1.fc19 Details about builds: ================================================================================ dyninst-8.2.1-1.fc19 (FEDORA-2014-14115) An API for Run-time Code Generation -------------------------------------------------------------------------------- Update Information: Update to point release 8.2.1. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 Josh Stone <jistone@xxxxxxxxxx> - 8.2.1-1 - Update to point release 8.2.1. -------------------------------------------------------------------------------- ================================================================================ golang-github-russross-blackfriday-1.2-2.fc19 (FEDORA-2014-14131) Markdown processor implemented in Go -------------------------------------------------------------------------------- Update Information: runtime requires go.net/html -------------------------------------------------------------------------------- ================================================================================ nodejs-seq-0.3.5-3.fc19 (FEDORA-2014-14137) An asynchronous flow control library -------------------------------------------------------------------------------- Update Information: Initial package. Fix chainsaw module dependency version Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1142050 - Review Request: nodejs-seq - An asynchronous flow control library https://bugzilla.redhat.com/show_bug.cgi?id=1142050 -------------------------------------------------------------------------------- ================================================================================ pdns-recursor-3.6.2-1.fc19 (FEDORA-2014-14101) Modern, advanced and high performance recursing/non authoritative name server -------------------------------------------------------------------------------- Update Information: - Update to 3.6.2 - Enable security status polling Version 3.6.2 is a bugfix update to 3.6.1. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 Morten Stevens <mstevens@xxxxxxxxxxxxxxx> - 3.6.2-1 - Update to 3.6.2 - Enable security status polling -------------------------------------------------------------------------------- ================================================================================ php-ZendFramework2-2.2.8-2.fc19 (FEDORA-2014-14043) Zend Framework 2 -------------------------------------------------------------------------------- Update Information: # Security Fixes - **ZF2014-05**: Due to an issue that existed in PHP's LDAP extension, it is possible to perform an unauthenticated simple bind against a LDAP server by using a null byte for the password, regardless of whether or not the user normally requires a password. We have provided a patch in order to protect users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all versions of PHP 5.3 and below). If you use Zend\Ldap and are on an affected version of PHP, we recommend upgrading immediately. - **ZF2014-06**: A potential SQL injection vector existed when using a SQL Server adapter to manually quote values due to the fact that it was not escaping null bytes. Code was added to ensure null bytes are escaped, and thus mitigate the SQLi vector. We do not recommend manually quoting values, but if you do, and use the SQL Server adapter without PDO, we recommend upgrading immediately. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.2.8-2 - Removed invalid zend-resources require from Validation component * Tue Oct 28 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.2.8-1 - Updated to 2.2.8 - BZ #1151276 / CVE-2014-8088 / ZF2014-05 - BZ #1151277 / CVE-2014-8089 / ZF2014-06 - BZ #1151278 (fedora) - BZ #1151280 (epel6) - Added composer virtual provides and requires - APC optional for ProgressBar component - Added tests -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05) https://bugzilla.redhat.com/show_bug.cgi?id=1151276 [ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06) https://bugzilla.redhat.com/show_bug.cgi?id=1151277 -------------------------------------------------------------------------------- ================================================================================ wget-1.16-1.fc19 (FEDORA-2014-14089) A utility for retrieving files using the HTTP or FTP protocols -------------------------------------------------------------------------------- Update Information: security update -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 Tomas Hozza <thozza@xxxxxxxxxx> - 1.16-1 - update to 1.16 - fixes CVE-2014-4877 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access https://bugzilla.redhat.com/show_bug.cgi?id=1139181 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
