The following Fedora 19 Security updates need testing: Age URL 392 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 204 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 155 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 72 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19 50 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19 36 https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19 26 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2014-14237/claws-mail-plugins-3.11.1-1.fc19,claws-mail-3.11.1-2.fc19,libetpan-1.6-1.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-14359/curl-7.29.0-25.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.10.0-2.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-15079/mantis-1.2.17-4.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-14874/arm-none-eabi-binutils-cs-2014.05.28-3.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-14838/avr-binutils-2.24-3.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-15124/kwebkitpart-1.3.4-5.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-15202/kernel-3.14.24-100.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-15248/kde-runtime-4.11.5-3.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-15307/python-django14-1.4.16-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15373/lsyncd-2.1.4-4.fc19.1 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15378/rubygem-actionpack-3.2.13-7.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15390/nodejs-0.10.33-1.fc19,libuv-0.10.29-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15405/wget-1.16-3.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15466/rubygem-sprockets-2.8.2-4.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15477/python-eyed3-0.7.4-4.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15463/clamav-0.98.5-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15526/wordpress-4.0.1-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15503/xen-4.2.5-5.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15549/tcpdump-4.4.0-4.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15515/drupal6-6.34-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15522/drupal7-7.34-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15535/phpMyAdmin-4.2.12-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 340 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 266 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-14516/pcre-8.32-11.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-14505/unzip-6.0-12.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-15032/man-db-2.6.3-9.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-15027/evolution-data-server-3.8.5-7.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-14807/device-mapper-persistent-data-0.4.1-2.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-14846/pciutils-3.3.0-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-15202/kernel-3.14.24-100.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15392/kde-workspace-4.11.14-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15377/gvfs-1.16.4-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15506/ca-certificates-2014.2.1-1.5.fc19 The following builds have been pushed to Fedora 19 updates-testing amanda-3.3.3-7.fc19 ca-certificates-2014.2.1-1.5.fc19 drupal6-6.34-1.fc19 drupal7-7.34-1.fc19 edg-mkgridmap-4.0.0-8.fc19 mate-themes-1.9.2-1.fc19 packagedb-cli-2.6-1.fc19 perl-HTML-Mason-1.56-1.fc19 perl-Sub-Exporter-ForMethods-0.100051-1.fc19 php-5.5.19-3.fc19 phpMyAdmin-4.2.12-1.fc19 privoxy-3.0.22-1.fc19 python-copr-1.54-1.fc19 python-fedmsg-meta-fedora-infrastructure-0.3.6-1.fc19 qpid-dispatch-0.2-9.fc19 tcpdump-4.4.0-4.fc19 tzdata-2014j-1.fc19 wordpress-4.0.1-1.fc19 xen-4.2.5-5.fc19 Details about builds: ================================================================================ amanda-3.3.3-7.fc19 (FEDORA-2014-15498) A network-capable tape backup solution -------------------------------------------------------------------------------- Update Information: add kamanda systemd unit files (#1077642) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Petr Hracek <phracek@xxxxxxxxxx> - 3.3.3-7 - add kamanda systemd unit files (#1077642) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077642 - [PATCH] add kamanda systemd unit files. https://bugzilla.redhat.com/show_bug.cgi?id=1077642 -------------------------------------------------------------------------------- ================================================================================ ca-certificates-2014.2.1-1.5.fc19 (FEDORA-2014-15506) The Mozilla CA root certificate bundle -------------------------------------------------------------------------------- Update Information: This is an update to CA certificates version 2.1, as released by Mozilla in NSS versions 3.16.4 and 3.17. Several CA certificates with a weak key size of 1024-bits have been removed by Mozilla, prior to their expiration. (It is expected that additional CA certificates with weak 1024-bit keys will be removed in future releases.) Unfortunately we see issues with software that uses OpenSSL/GnuTLS after these removals with many popular web sites. The issue (or one out of several possible issues) is that web sites may be configured to send multiple intermediate CA certificates, intended for maximum compatibility with client software. One intermediate points to one of the removed CA certificates, and another intermediate points to a newer root. The problem is that OpenSSL/GnuTLS don't search for an alternative trusted root, after being unable to construct a trust chain for the topmost intermediate CA certificate sent by the servers. In order to allow more time to implement enhancements or workarounds, the CA-certificates package will keep trust for the related root CA certificates, by default. See rhbz#1144808 for additional information. The related upstream bugs are: https://bugzilla.mozilla.org/show_bug.cgi?id=936304 https://bugzilla.mozilla.org/show_bug.cgi?id=986005 In addition, this update introduces the ca-legacy utility and a ca-legacy.conf configuration file. Using the new ca-legacy utility, it is possible to opt-in to disable the trust for the legacy root CA certificates, by executing the command "ca-legacy disable". If disabled, the system will use the trust set as provided by the upstream Mozilla CA list, and as a consequence software based on OpenSSL/GnuTLS might fail to validate affected certificates. (See also: rhbz#1158197) More information about the affected CA certificates and other recent modifications can be found in the upstream NSS release notes for version 3.16.3 at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes with amendments to the changes as explained in the NSS release notes for version 3.16.4 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.4_release_notes -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Kai Engert <kaie@xxxxxxxxxx> - 2014.2.1-1.5 - Introduce the ca-legacy utility and a ca-legacy.conf configuration file. By default, legacy roots required for OpenSSL/GnuTLS compatibility are kept enabled. Using the ca-legacy utility, the legacy roots can be disabled. If disabled, the system will use the trust set as provided by the upstream Mozilla CA list. (See also: rhbz#1158197) - Includes the fixes for rhbz#1158343 * Sun Sep 21 2014 Kai Engert <kaie@xxxxxxxxxx> - 2014.2.1-1.1 - Temporarily re-enable several legacy root CA certificates because of compatibility issues with software based on OpenSSL/GnuTLS, see rhbz#1144808 * Thu Aug 14 2014 Kai Engert <kaie@xxxxxxxxxx> - 2014.2.1-1.0 - Update to CKBI 2.1 from NSS 3.16.4 - Fix rhbz#1130226 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1158197 - Allow disabling of legacy root CA certificates as a system configuration https://bugzilla.redhat.com/show_bug.cgi?id=1158197 [ 2 ] Bug #1130226 - Ensure neutral-trust CA certificates will be loaded by p11-kit-trust https://bugzilla.redhat.com/show_bug.cgi?id=1130226 -------------------------------------------------------------------------------- ================================================================================ drupal6-6.34-1.fc19 (FEDORA-2014-15515) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: https://www.drupal.org/SA-CORE-2014-006 * Update to Drupal 6. * Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 6.34-1 - 6.34, DRUPAL-SA-CORE-2014-006 * Thu Aug 7 2014 Peter Borsa <peter.borsa@xxxxxxxxx> - 6.33-1 - 6.33, SA-CORE-2014-004 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166100 [ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1127539 [ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166246 [ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166247 -------------------------------------------------------------------------------- ================================================================================ drupal7-7.34-1.fc19 (FEDORA-2014-15522) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: https://www.drupal.org/SA-CORE-2014-006 - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 7.34-1 - 7.34, DRUPAL-SA-CORE-2014-006. * Tue Nov 11 2014 Peter Borsa <peter.borsa@xxxxxxxxx> - 7.33-1 - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166101 [ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166249 [ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166250 -------------------------------------------------------------------------------- ================================================================================ edg-mkgridmap-4.0.0-8.fc19 (FEDORA-2014-15502) A tool to build the grid map-file from VO servers -------------------------------------------------------------------------------- Update Information: Added missing dependency on "perl(LWP::Protocol::https)" -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Alejandro Alvarez Ayllon <aalvarez@xxxxxxx> - 4.0.0-8 - Added Requires perl(LWP::Protocol::https) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 4.0.0-5 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165991 - edg-mkgridmap missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1165991 -------------------------------------------------------------------------------- ================================================================================ mate-themes-1.9.2-1.fc19 (FEDORA-2014-15539) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: - update to 1.9.2 release -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.9.2-1 - update to 1.9.2 release -------------------------------------------------------------------------------- ================================================================================ packagedb-cli-2.6-1.fc19 (FEDORA-2014-15508) A CLI for pkgdb -------------------------------------------------------------------------------- Update Information: * Update to packagedb-cli 2.6 * New structure: use the traditional python module structure instead of two python files * Do one API call for `orphan --retire` * Prevent user from retiring packages that have no dead.package file * Add support for obsoleting ACL requests (Stanislav Ochotnicky) * Enable restricting orphan to a specific user (while specifying more branches) * Enable restricting give to a specific user (while specifying more branches) * Let the unorphan action call the unorphan API endpoint * When listing packages, encode the output as UTF-8 before printing -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 2.6-1 - Update to 2.6 - New structure: use the traditional python module structure instead of two python files - Do one API call for `orphan --retire` - Prevent user from retiring packages that have no dead.package file - Add support for obsoleting ACL requests (Stanislav Ochotnicky) - Enable restricting orphan to a specific user (while specifying more branches) - Enable restricting give to a specific user (while specifying more branches) - Let the unorphan action call the unorphan API endpoint - When listing packages, encode the output as UTF-8 before printing -------------------------------------------------------------------------------- ================================================================================ perl-HTML-Mason-1.56-1.fc19 (FEDORA-2014-15499) Powerful Perl-based web site development and delivery engine -------------------------------------------------------------------------------- Update Information: This release restores compatibility with recent CGI Perl module. It also declares all needed dependencies. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1:1.56-1 - 1.56 bump * Sun Mar 2 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1:1.54-1 - Upstream update. - Filter duplicate Requires:. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164460 - perl-HTML-Mason-1.56 is available https://bugzilla.redhat.com/show_bug.cgi?id=1164460 -------------------------------------------------------------------------------- ================================================================================ perl-Sub-Exporter-ForMethods-0.100051-1.fc19 (FEDORA-2014-15553) Helper routines for using Sub::Exporter to build methods -------------------------------------------------------------------------------- Update Information: This release updates upstream's bug tracker and repository contacts. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.100051-1 - 0.100051 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163304 - perl-Sub-Exporter-ForMethods-0.100051 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163304 -------------------------------------------------------------------------------- ================================================================================ php-5.5.19-3.fc19 (FEDORA-2014-15055) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 13 Nov 2014, PHP 5.5.19 Core: * Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()). (Stas) * Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita) * Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk) * Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). (Dmitry) Fileinfo: * Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) * Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) (Remi) FPM: * Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses). (Robin Gloster) GD: * Fixed bug #65171 (imagescale() fails without height param). (Remi) GMP: * Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). (Remi) Mysqli: * Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) ODBC: * Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande) SPL: * Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk) CURL: * Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus) Backported from 5.5.20 FPM: * Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi) * Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi) * Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi) * Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.19-3 - FPM: add upstream patch for https://bugs.php.net/68428 listen.allowed_clients is IPv4 only - refresh upstream patch for 68421 * Sun Nov 16 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.19-2 - FPM: add upstream patch for https://bugs.php.net/68421 access.format=R doesn't log ipv6 address - FPM: add upstream patch for https://bugs.php.net/68420 listen=9000 listens to ipv6 localhost instead of all addresses - FPM: add upstream patch for https://bugs.php.net/68423 will no longer load all pools * Thu Nov 13 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.19-1 - Update to 5.5.19 http://www.php.net/releases/5_5_19.php - new version of systzdata patch, fix case sensitivity -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.2.12-1.fc19 (FEDORA-2014-15535) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.2.12.0 (2014-11-20) ================================ - Blank/white page when JavaScript disabled - Multi row actions cause full page reloads - ReferenceError: targeurl is not defined - Incorrect text/icon display in Tracking report - Recordset return from procedure display nothing - Edit dialog for routines is too long for smaller displays - JavaScript error after moving a column - Issue with long comments on table columns - Input field unnecessarily selected on focus - Exporting selected rows exports all rows of the query - No insert statement produced in SQL export for queries with alias - Field disabled when internal relations used - [security] XSS through exception stack - [security] Path traversal can lead to leakage of line count - [security] XSS vulnerability in table print view - [security] XSS vulnerability in zoom search page - [security] Path traversal in file inclusion of GIS factory - [security] XSS in multi submit - [security] XSS through pma_fontsize cookie -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.2.12-1 - Upgrade to 4.2.12 (#1166397) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13) https://bugzilla.redhat.com/show_bug.cgi?id=1166619 [ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) https://bugzilla.redhat.com/show_bug.cgi?id=1166626 [ 3 ] Bug #1166634 - CVE-2014-8960 phpMyAdmin: XSS vulnerability in error reporting functionality (PMASA-2014-15) https://bugzilla.redhat.com/show_bug.cgi?id=1166634 [ 4 ] Bug #1166637 - CVE-2014-8961 phpMyAdmin: leakage of line count of an arbitrary file (PMASA-2014-16) https://bugzilla.redhat.com/show_bug.cgi?id=1166637 -------------------------------------------------------------------------------- ================================================================================ privoxy-3.0.22-1.fc19 (FEDORA-2014-15509) Privacy enhancing proxy -------------------------------------------------------------------------------- Update Information: Latest upstream bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 3.0.22-1 - Latest upstream, BZ 166398. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.21-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.21-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166398 - privoxy-3.0.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166398 -------------------------------------------------------------------------------- ================================================================================ python-copr-1.54-1.fc19 (FEDORA-2014-15516) Python interface for Copr -------------------------------------------------------------------------------- Update Information: update python-copr to 1.54 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.54-1 - fixed poor decision abou CoprClient constructor, now it accepts kwargs arguments instead of config dict * Mon Nov 3 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.53-1 - [python-copr] syntax bugfix * Mon Nov 3 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.52-1 - [python-copr] removed log config from client * Tue Oct 7 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.51-1 - [python-copr, cli] test coverage - [python-copr, cli] updating copr-cli to use python-copr - [python-copr] minor fixes, added usage examples to docs -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.3.6-1.fc19 (FEDORA-2014-15505) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: New pkgdb conglomerator, new 'hotness' processor. Some bugfixes to fas and mailman messages. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.3.6-1 - Latest upstream with some bugfixes. - Disable network test with patch. -------------------------------------------------------------------------------- ================================================================================ qpid-dispatch-0.2-9.fc19 (FEDORA-2014-15542) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information: Fixed a merge issue that resulted in two patches not being applied. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.2-9 - Fixed a merge issue that resulted in two patches not being applied. - Resolves: BZ#1165691 * Wed Nov 19 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.2-8 - DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. - Include systemd service file for EPEL7 packages. - Brought systemd support up to current Fedora packaging guidelines. - Resolves: BZ#1165691 - Resolves: BZ#1165681 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165691 - Man page for qdstat.conf is missing https://bugzilla.redhat.com/show_bug.cgi?id=1165691 -------------------------------------------------------------------------------- ================================================================================ tcpdump-4.4.0-4.fc19 (FEDORA-2014-15549) A network traffic monitoring tool -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-8767 CVE-2014-8769 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Michal Sekletar <msekleta@xxxxxxxxxx> - 14:4.4.0-4 - fix changelog (last commit was fix for CVE-2014-8767 and CVE-2014-8769) * Thu Nov 20 2014 Michal Sekletar <msekleta@xxxxxxxxxx> - 14:4.4.0-3 - fix for CVE-2014-8767 (#1165160) - fix for CVE-2014-8769 (#1165162) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165160 - CVE-2014-8767 tcpdump: denial of service in verbose mode using malformed OLSR payload https://bugzilla.redhat.com/show_bug.cgi?id=1165160 [ 2 ] Bug #1165162 - CVE-2014-8769 tcpdump: unreliable output using malformed AOVD payload https://bugzilla.redhat.com/show_bug.cgi?id=1165162 -------------------------------------------------------------------------------- ================================================================================ tzdata-2014j-1.fc19 (FEDORA-2014-15548) Timezone data -------------------------------------------------------------------------------- Update Information: Rebase to 2014j - Turks & Caicos' switch from US eastern time to UTC-4 year-round did not occur on 2014-11-02 at 02:00. It's currently scheduled for 2015-11-01 at 02:00. Rebase to 2014i - Pacific/Fiji will observe DST from 2014-11-02 02:00 to 2015-01-18 03:00. - A new Zone Pacific/Bougainville, for the part of Papua New Guinea that plans to switch from UTC+10 to UTC+11 on 2014-12-28 at 02:00 - see NEWS file for additional changes -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Patsy Franklin <pfrankli@xxxxxxxxxx> - 2014j-1 - Rebase to 2014j - Turks & Caicos' switch from US eastern time to UTC-4 year-round did not occur on 2014-11-02 at 02:00. It's currently scheduled for 2015-11-01 at 02:00. * Mon Oct 27 2014 Patsy Franklin <pfrankli@xxxxxxxxxx> - 2014i-1 - Rebase to 2014i - Pacific/Fiji will observe DST from 2014-11-02 02:00 to 2015-01-18 03:00. - A new Zone Pacific/Bougainville, for the part of Papua New Guinea that plans to switch from UTC+10 to UTC+11 on 2014-12-28 at 02:00 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163352 - tzdata-2014j is available https://bugzilla.redhat.com/show_bug.cgi?id=1163352 [ 2 ] Bug #1157611 - tzdata-2014i is available https://bugzilla.redhat.com/show_bug.cgi?id=1157611 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.0.1-1.fc19 (FEDORA-2014-15526) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: WordPress 4.0.1 Security Release See: https://wordpress.org/news/2014/11/wordpress-4-0-1/ -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.0.1-1 - WordPress 4.0.1 Security Release - use system php-getid3 when available #1145574 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release https://bugzilla.redhat.com/show_bug.cgi?id=1166468 -------------------------------------------------------------------------------- ================================================================================ xen-4.2.5-5.fc19 (FEDORA-2014-15503) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.5-5 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113] (#1166261) * Wed Nov 19 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.5-4 - Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1160664 - CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109) https://bugzilla.redhat.com/show_bug.cgi?id=1160664 [ 2 ] Bug #1160643 - CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110) https://bugzilla.redhat.com/show_bug.cgi?id=1160643 [ 3 ] Bug #1078846 - CVE-2014-0150 qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function https://bugzilla.redhat.com/show_bug.cgi?id=1078846 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
