The following Fedora 19 Security updates need testing:
Age URL
88
https://admin.fedoraproject.org/updates/FEDORA-2013-5801/mantis-1.2.15-1.fc19
43
https://admin.fedoraproject.org/updates/FEDORA-2013-9715/heat-jeos-9-1.fc19
31
https://admin.fedoraproject.org/updates/FEDORA-2013-10678/python-keystoneclient-0.2.3-4.fc19
19
https://admin.fedoraproject.org/updates/FEDORA-2013-10467/openstack-keystone-2013.1.2-3.fc19
9
https://admin.fedoraproject.org/updates/FEDORA-2013-12321/gpm-1.20.6-33.fc19
8
https://admin.fedoraproject.org/updates/FEDORA-2013-12384/gallery3-3.0.9-1.fc19
7
https://admin.fedoraproject.org/updates/FEDORA-2013-12479/libzrtpcpp-2.3.4-1.fc19
7
https://admin.fedoraproject.org/updates/FEDORA-2013-12389/ansible-1.2.2-1.fc19
7
https://admin.fedoraproject.org/updates/FEDORA-2013-12526/nagstamon-0.9.9-9.fc19
5
https://admin.fedoraproject.org/updates/FEDORA-2013-12593/libXvMC-1.0.8-1.fc19
4
https://admin.fedoraproject.org/updates/FEDORA-2013-12667/file-roller-3.8.3-1.fc19
3
https://admin.fedoraproject.org/updates/FEDORA-2013-12698/seamonkey-2.19-1.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2013-12948/openjpa-2.2.1-6.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2013-12663/ruby-2.0.0.247-13.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-12977/php-5.5.0-2.fc19
The following builds have been pushed to Fedora 19 updates-testing
autofs-5.0.7-28.fc19
claws-mail-3.9.2-3.fc19
eclipse-fedorapackager-0.4.1-7.fc19
gnome-screenshot-3.8.3-1.fc19
gogui-1.4.8-1.fc19
graphviz-2.30.1-10.fc19
gstreamer1-1.0.8-1.fc19
gstreamer1-plugins-bad-free-1.0.8-1.fc19
gstreamer1-plugins-base-1.0.8-1.fc19
gstreamer1-plugins-good-1.0.8-1.fc19
libsoup-2.42.2-2.fc19
libvirt-1.0.5.4-1.fc19
mmapper-2.2.0-1.fc19
moodle-2.4.5-2.fc19
ninja-ide-2.3-1.fc19
nodejs-resolve-0.4.0-2.fc19
nodejs-tap-0.4.1-6.fc19
nodejs-temporary-0.0.5-1.fc19
openjpa-2.2.1-6.fc19
php-5.5.0-2.fc19
pidgin-sipe-1.16.1-1.fc19
python-doit-0.22.0-1.fc19
ruby-2.0.0.247-13.fc19
sticky-notes-0.4-2.fc19
Details about builds:
================================================================================
autofs-5.0.7-28.fc19 (FEDORA-2013-12952)
A tool for automatically mounting and unmounting filesystems
--------------------------------------------------------------------------------
Update Information:
- add after sssd dependency to unit file.
- fix a couple of compiler warnings, link with full reloc options, fix default
path used for unitdir and fix changelog inconsistent dates.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Ian Kent <[email protected]> - 1:5.0.7-28
- add after sssd dependency to unit file (bz984089).
* Sat Jul 13 2013 Ian Kent <[email protected]> - 1:5.0.7-27
- fix a couple of compiler warnings.
* Fri Jul 12 2013 Ian Kent <[email protected]> - 1:5.0.7-26
- link with full reloc options.
* Fri Jul 12 2013 Ian Kent <[email protected]> - 1:5.0.7-25
- fix default path used for unitdir.
- fix changelog inconsistent dates.
* Wed Jul 10 2013 Ian Kent <[email protected]> - 1:5.0.7-24
- check for protocol option.
- use ulimit max open files if greater than internal maximum.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #984089 - Consider adding After=sssd.service to autofs.service
https://bugzilla.redhat.com/show_bug.cgi?id=984089
--------------------------------------------------------------------------------
================================================================================
claws-mail-3.9.2-3.fc19 (FEDORA-2013-12959)
Email client and news reader based on GTK+
--------------------------------------------------------------------------------
Update Information:
Just some bug-fixes:
* Claws Mail could crash easily upon creating/editing accounts (bug 981889).
* The Fancy HTML mail plugin could crash when using "Save Image As" (bug
979700).
* Require pinentry-gtk instead of the virtual pinentry-gui, because
pinentry-qt fails silently (bug 981923).
* Added a README.Fedora that mentions setting $TMPDIR when using
Claws Mail together with Firefox (bug 956380).
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Michael Schwendt <[email protected]>
- 3.9.2-3
- for Fedora based builds, require pinentry-gtk instead of the virtual
pinentry-gui, because pinentry-qt fails silently (#981923)
- fix crash in Plugins/Fancy "Save Image As" (#979700)
- in %prep section create a README.Fedora %doc file which mentions
setting $TMPDIR when using Claws Mail together with Firefox (#956380)
* Mon Jul 8 2013 Michael Schwendt <[email protected]>
- 3.9.2-2
- fix double-free crash in "Preferences for new account" (#981889)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #981889 - [abrt] claws-mail-3.9.2-1.fc19: g_malloc: malloc():
smallbin double linked list corrupted
https://bugzilla.redhat.com/show_bug.cgi?id=981889
[ 2 ] Bug #979700 - [abrt] claws-mail-3.9.1-2.fc18:
gdk_window_set_geometry_hints: Process /usr/bin/claws-mail was killed by signal
11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=979700
--------------------------------------------------------------------------------
================================================================================
eclipse-fedorapackager-0.4.1-7.fc19 (FEDORA-2013-12947)
Fedora Packager for Eclipse
--------------------------------------------------------------------------------
Update Information:
Added symlink and fixed compilation problem.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 Krzysztof Daniel <[email protected]> 0.4.1-7
- RHBZ#964415
- RHBZ#984047
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #964415 - eclipse-fedorapackager: Only documentation plugin loads
https://bugzilla.redhat.com/show_bug.cgi?id=964415
[ 2 ] Bug #984047 - Fails to build in f19 & f20
https://bugzilla.redhat.com/show_bug.cgi?id=984047
--------------------------------------------------------------------------------
================================================================================
gnome-screenshot-3.8.3-1.fc19 (FEDORA-2013-12961)
A screenshot utility for GNOME
--------------------------------------------------------------------------------
Update Information:
New upstream stable release 3.8.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 Rui Matos <[email protected]> - 3.8.3-1
- Update to 3.8.3
- Drop upstreamed patch
* Mon Jun 24 2013 Matthias Clasen <[email protected]> - 3.8.2-2
- Update man page
--------------------------------------------------------------------------------
================================================================================
gogui-1.4.8-1.fc19 (FEDORA-2013-12956)
Graphical user interface to programs that play the board game Go
--------------------------------------------------------------------------------
Update Information:
Merge 1.4.8 changes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2013 Christophe Burgun <[email protected]> 1.4.8-1
- Update gogui version
--------------------------------------------------------------------------------
================================================================================
graphviz-2.30.1-10.fc19 (FEDORA-2013-12971)
Graph Visualization Tools
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes manual pages and built-in help.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 Jaroslav Škarvada <[email protected]> - 2.30.1-10
- Various man and built-in help fixes
* Tue Jun 25 2013 Jaroslav Škarvada <[email protected]> - 2.30.1-9
- Fixed handling of the libdir/graphviz directory
* Tue Jun 11 2013 Remi Collet <[email protected]> - 2.30.1-8
- rebuild for new GD 2.1.0
* Wed May 15 2013 Tom Callaway <[email protected]> - 2.30.1-7
- rebuild for lua 5.2
--------------------------------------------------------------------------------
================================================================================
gstreamer1-1.0.8-1.fc19 (FEDORA-2013-12972)
GStreamer streaming media framework runtime
--------------------------------------------------------------------------------
Update Information:
Latest stable bugfix release. For changes refer to:
http://lists.freedesktop.org/archives/gstreamer-announce/2013-July/000284.html
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Brian Pepple <[email protected]> - 1.0.8-1
- Update to 1.0.8.
--------------------------------------------------------------------------------
================================================================================
gstreamer1-plugins-bad-free-1.0.8-1.fc19 (FEDORA-2013-12972)
GStreamer streaming media framework "bad" plugins
--------------------------------------------------------------------------------
Update Information:
Latest stable bugfix release. For changes refer to:
http://lists.freedesktop.org/archives/gstreamer-announce/2013-July/000284.html
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Brian Pepple <[email protected]> - 1.0.8-1
- Update to 1.0.8.
* Tue May 7 2013 Colin Walters <[email protected]> - 1.0.7-2
- Move libgstdecklink to its correct place in extras; needed for RHEL
--------------------------------------------------------------------------------
================================================================================
gstreamer1-plugins-base-1.0.8-1.fc19 (FEDORA-2013-12972)
GStreamer streaming media framework base plugins
--------------------------------------------------------------------------------
Update Information:
Latest stable bugfix release. For changes refer to:
http://lists.freedesktop.org/archives/gstreamer-announce/2013-July/000284.html
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Brian Pepple <[email protected]> - 1.0.8-1
- Update to 1.0.8.
--------------------------------------------------------------------------------
================================================================================
gstreamer1-plugins-good-1.0.8-1.fc19 (FEDORA-2013-12972)
GStreamer plugins with good code and licensing
--------------------------------------------------------------------------------
Update Information:
Latest stable bugfix release. For changes refer to:
http://lists.freedesktop.org/archives/gstreamer-announce/2013-July/000284.html
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Brian Pepple <[email protected]> - 1.0.8-1
- Update to 1.0.8.
--------------------------------------------------------------------------------
================================================================================
libsoup-2.42.2-2.fc19 (FEDORA-2013-12976)
Soup, an HTTP library implementation
--------------------------------------------------------------------------------
Update Information:
Fixes hangs/stalls in evolution and libgdata
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 Dan Winship <[email protected]> - 2.42.2-2
- Add patch to fix hangs with SoupSessionSync (#976529 et al)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #976529 - e-mail compose hang
https://bugzilla.redhat.com/show_bug.cgi?id=976529
--------------------------------------------------------------------------------
================================================================================
libvirt-1.0.5.4-1.fc19 (FEDORA-2013-12963)
Library providing a simple virtualization API
--------------------------------------------------------------------------------
Update Information:
* Rebased to version 1.0.5.4
* Fix crash on migration
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 Cole Robinson <[email protected]> - 1.0.5.4-1
- Rebased to version 1.0.5.4
- Fix crash on migration
* Thu Jul 11 2013 Cole Robinson <[email protected]> - 1.0.5.3-1
- Rebased to version 1.0.5.3
- Allow /dev/tty in LXC container (bz #982317)
- Fix cpu hot-add with latest qemu (bz #979260)
- Fix crash in udev logging (bz #969152)
--------------------------------------------------------------------------------
================================================================================
mmapper-2.2.0-1.fc19 (FEDORA-2013-12974)
Graphical MUME mapper
--------------------------------------------------------------------------------
Update Information:
MMapper 2.2.0 release with compatibility fixes with latest MUME changes.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Kalev Lember <[email protected]> - 2.2.0-1
- Update to 2.2.0
--------------------------------------------------------------------------------
================================================================================
moodle-2.4.5-2.fc19 (FEDORA-2013-12964)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Latest upstream release for this branch.
Correct unbundling of php-pear-HTML-Quickform.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 Jon Ciesla <[email protected]> - 2.4.5-2
- Include two non-upstream additions to HTML-Quickform.
* Fri Jul 12 2013 Jon Ciesla <[email protected]> - 2.4.5-1
- Latest upstream.
--------------------------------------------------------------------------------
================================================================================
ninja-ide-2.3-1.fc19 (FEDORA-2013-12944)
Ninja IDE for Python development
--------------------------------------------------------------------------------
Update Information:
Update to 2.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 Nikos Roussos <[email protected]> - 2.3-1
- Update to 2.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #983236 - [abrt] ninja-ide-2.2-1.fc19:
plugins_manager.py:79:_format_for_table:TypeError: list indices must be
integers, not unicode
https://bugzilla.redhat.com/show_bug.cgi?id=983236
--------------------------------------------------------------------------------
================================================================================
nodejs-resolve-0.4.0-2.fc19 (FEDORA-2013-12962)
Resolve like require.resolve() on behalf of files asynchronously/synchronously
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #977134 - Review Request: nodejs-resolve - Resolve like
require.resolve() on behalf of files asynchronously/synchronously
https://bugzilla.redhat.com/show_bug.cgi?id=977134
--------------------------------------------------------------------------------
================================================================================
nodejs-tap-0.4.1-6.fc19 (FEDORA-2013-12954)
A Test Anything Protocol library
--------------------------------------------------------------------------------
Update Information:
This update fixes a broken dependency on inherits@1.
This update fixes a broken dependency on inherits@1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2013 Jamie Nguyen <[email protected]> - 0.4.1-6
- temporarily disable test/segv.js, as in local mock the test receives SIGSEGV
but in koji it receives SIGTERM instead
* Wed Jul 10 2013 T.C. Hollingsworth <[email protected]> - 0.4.1-5
- enable tests
- force the use inherits@1 since this module is incompatible with inherits@2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #982799 - nodejs-tap test suite fails
https://bugzilla.redhat.com/show_bug.cgi?id=982799
--------------------------------------------------------------------------------
================================================================================
nodejs-temporary-0.0.5-1.fc19 (FEDORA-2013-12966)
An easy way to create temporary files and directories
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #977135 - Review Request: nodejs-temporary - An easy way to create
temporary files and directories
https://bugzilla.redhat.com/show_bug.cgi?id=977135
--------------------------------------------------------------------------------
================================================================================
openjpa-2.2.1-6.fc19 (FEDORA-2013-12948)
Java Persistence 2.0 API
--------------------------------------------------------------------------------
Update Information:
fix for CVE-2013-1768 rhbz#984034,984040. fix ant.d script.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 gil cattaneo <[email protected]> 2.2.1-6
- fix ant.d script
* Fri Jul 12 2013 gil cattaneo <[email protected]> 2.2.1-5
- fix for CVE-2013-1768 rhbz#984034,984040
- switch to XMvn
- minor changes to adapt to current guideline
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #984034 - CVE-2013-1768 openjpa: Remote arbitrary code execution by
creating a serialized object and leveraging improperly secured server programs
https://bugzilla.redhat.com/show_bug.cgi?id=984034
--------------------------------------------------------------------------------
================================================================================
php-5.5.0-2.fc19 (FEDORA-2013-12977)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
XML:
* Fixed bug #65236 (heap corruption in xml parser). CVE-2013-4113
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 12 2013 Remi Collet <[email protected]> - 5.5.0-2
- add security fix for CVE-2013-4113
- add missing ASL 1.0 license
- 32k stack size seems ok for tests on both 32/64bits build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow
when parsing deeply nested XML
https://bugzilla.redhat.com/show_bug.cgi?id=983689
--------------------------------------------------------------------------------
================================================================================
pidgin-sipe-1.16.1-1.fc19 (FEDORA-2013-12965)
Pidgin protocol plugin to connect to MS Office Communicator
--------------------------------------------------------------------------------
Update Information:
New upstream release:
* fixes call failure when host has multiple IP addresses
* fixes buddy list handling after moving to Lync 2013
* fixes crashes in new HTTP stack
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Stefan Becker <[email protected]> - 1.16.1-1
- update to 1.16.1: bug fix release
- fixes call failure when host has multiple IP addresses
- fixes buddy list handling after moving to Lync 2013
- fixes crashes in new HTTP stack
--------------------------------------------------------------------------------
================================================================================
python-doit-0.22.0-1.fc19 (FEDORA-2013-12969)
Automation Tool
--------------------------------------------------------------------------------
Update Information:
New stable release with several bugs fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 José Matos <[email protected]> - 0.22.0-1
- update to 0.22
- force removal of the distrute_setup.py to use the system version
--------------------------------------------------------------------------------
================================================================================
ruby-2.0.0.247-13.fc19 (FEDORA-2013-12663)
An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:
- Update to Ruby 2.0.0-p247 (rhbz#979605).
- Fix RubyGems search paths when building gems with native extension.
- Make symlinks for psych gem to ruby stdlib dirs.
- Add support for ABRT autoloading.
- Better support for build without configuration (rhbz#977941).
- Use system-wide cert.pem.
- Fixes multilib conlicts of .gemspec files.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2013 Vít Ondruch <[email protected]> - 2.0.0.247-13
- Fixes multilib conlicts of .gemspec files.
- Make symlinks for psych gem to ruby stdlib dirs (rhbz#979133).
- Use system-wide cert.pem.
* Thu Jul 4 2013 Vít Ondruch <[email protected]> - 2.0.0.247-12
- Fix RubyGems search paths when building gems with native extension
(rhbz#979133).
* Tue Jul 2 2013 Vít Ondruch <[email protected]> - 2.0.0.247-11
- Fix RubyGems version.
* Tue Jul 2 2013 Vít Ondruch <[email protected]> - 2.0.0.247-10
- Better support for build without configuration (rhbz#977941).
* Mon Jul 1 2013 Vít Ondruch <[email protected]> - 2.0.0.247-9
- Update to Ruby 2.0.0-p247 (rhbz#979605).
- Fix CVE-2013-4073.
- Fix for wrong makefiles created by mkmf (rhbz#921650).
- Add support for ABRT autoloading.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #979133 - Ruby does not come with psych built in
https://bugzilla.redhat.com/show_bug.cgi?id=979133
[ 2 ] Bug #979605 - ruby-2.0.0.247 is available
https://bugzilla.redhat.com/show_bug.cgi?id=979605
[ 3 ] Bug #921650 - ruby 2.0 creates bad makefiles
https://bugzilla.redhat.com/show_bug.cgi?id=921650
[ 4 ] Bug #979295 - ruby: CVE-2013-4073 ruby: hostname check bypassing
vulnerability in SSL client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=979295
[ 5 ] Bug #977941 - Cannot build simple program using Ruby binding without
specifying path to arch dependent config.h
https://bugzilla.redhat.com/show_bug.cgi?id=977941
[ 6 ] Bug #983769 - compile error including ruby.h in c99 mode: unknown type
name ‘fd_set’
https://bugzilla.redhat.com/show_bug.cgi?id=983769
--------------------------------------------------------------------------------
================================================================================
sticky-notes-0.4-2.fc19 (FEDORA-2013-12945)
Sticky notes is a free and open source paste-bin application
--------------------------------------------------------------------------------
Update Information:
Update to 0.4 (Upstream changelog: http://ur1.ca/emlhn ). Replace URL
shortening service with free one.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 13 2013 Athmane Madjoudj <[email protected]> 0.4-2
- Patch to use free URL shortener ur1.ca instead of Google's goo.gl.
* Sat Jul 13 2013 Athmane Madjoudj <[email protected]> 0.4-1
- Update to 0.4
- Drop upstreamed patches
- Unbundle new libs
- Simplify the specfile.
* Sun Apr 14 2013 Athmane Madjoudj <[email protected]> 0.3.13112012.2-1
- Drop upstreamed patches
- Update spec (url change / download method)
- Add support for url shortening
--------------------------------------------------------------------------------
--
test mailing list
[email protected]
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
