The following Fedora 19 Security updates need testing: Age URL 349 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 161 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 112 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 110 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 101 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 64 https://admin.fedoraproject.org/updates/FEDORA-2014-9162/xulrunner-31.0-1.fc19 55 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3.fc19 43 https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19 30 https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-8.20140822git.fc19 29 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19 27 https://admin.fedoraproject.org/updates/FEDORA-2014-10794/squid-3.3.13-2.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-11522/python-2.7.5-14.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-11544/drupal6-6.33-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-11649/rubygem-bundler-1.7.3-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-12059/torque-3.0.4-5.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-12000/xen-4.2.5-3.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-12165/mantis-1.2.17-3.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-12262/mediawiki-1.23.5-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-12344/php-ZendFramework-1.12.9-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-12536/python-oauth2-1.5.211-8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-12584/bugzilla-4.2.11-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.9.0-2.20141007git6a28c29b.fc19
The following Fedora 19 Critical Path updates have yet to be approved: Age URL 297 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 223 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-11671/koji-1.9.0-5.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-11828/dash-0.5.8-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-12420/initscripts-9.47-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-12547/xfce4-session-4.10.1-2.fc19 The following builds have been pushed to Fedora 19 updates-testing R-3.1.1-7.fc19 bugzilla-4.2.11-1.fc19 chirp-0.4.1-1.fc19 elk-2.3.22-9.fc19 fedmsg-0.11.0-1.fc19 game-music-emu-0.6.0-5.fc19 libmygpo-qt-1.0.8-2.fc19 mksh-50d-1.fc19 perl-HTML-WikiConverter-Markdown-0.06-1.fc19 perl-WWW-OrangeHRM-Client-0.9.0-1.fc19 php-pear-Net-URL2-2.0.9-1.fc19 python-fedmsg-meta-fedora-infrastructure-0.3.5-1.fc19 python-fedora-0.3.36-1.fc19 python-oauth2-1.5.211-8.fc19 razorqt-0.5.2-20.fc19 sddm-0.9.0-2.20141007git6a28c29b.fc19 xfce4-session-4.10.1-2.fc19 Details about builds: ================================================================================ R-3.1.1-7.fc19 (FEDORA-2014-12586) A language for data analysis and graphics -------------------------------------------------------------------------------- Update Information: Fix java Requires/BuildRequires to be more permissive. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 29 2014 Orion Poplawski <[email protected]> - 3.1.1-7 - Just BR/R java instead of java-1.5.0-gcj (bug #1110684) * Tue Sep 16 2014 David Sommerseth <[email protected]> - 3.1.1-6 - Setting ulimit when running make check, to avoid segfault due to too small stack (needed on PPC64) * Tue Aug 26 2014 David Tardon <[email protected]> - 3.1.1-5 - rebuild for ICU 53.1 * Fri Aug 15 2014 Fedora Release Engineering <[email protected]> - 3.1.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1110684 - R-java update has new dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1110684 -------------------------------------------------------------------------------- ================================================================================ bugzilla-4.2.11-1.fc19 (FEDORA-2014-12584) Bug tracking system -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-1571, CVE-2014-1572, CVE-2014-1573 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 8 2014 Emmanuel Seyman <[email protected]> - 4.2.11-1 - Update to 4.2.11 (CVE-2014-157, CVE-2014-1573 and CVE-2014-1571) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150091 - CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release https://bugzilla.redhat.com/show_bug.cgi?id=1150091 -------------------------------------------------------------------------------- ================================================================================ chirp-0.4.1-1.fc19 (FEDORA-2014-12489) A tool for programming two-way radio equipment -------------------------------------------------------------------------------- Update Information: Version 0.4.1 contains a special backport for Baofeng users to work around a firmware incompatibility issue. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 9 2014 Richard Shaw <[email protected]> - 0.4.1-1 - Update to latest bugfix release. * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150979 - chirp-0.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1150979 -------------------------------------------------------------------------------- ================================================================================ elk-2.3.22-9.fc19 (FEDORA-2014-12582) FP-LAPW Code -------------------------------------------------------------------------------- Update Information: build against new openmpi on fc21 + epel7 package -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 7 2014 Marcin Dulak <[email protected]> - 2.3.22-9 - build against new openmpi * Sat Aug 16 2014 Fedora Release Engineering <[email protected]> - 2.3.22-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ fedmsg-0.11.0-1.fc19 (FEDORA-2014-12575) Tools for Fedora Infrastructure real-time messaging -------------------------------------------------------------------------------- Update Information: New fedmsg.meta.msg2long_form API. Other IRC-related bugfixes and enhancements. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 9 2014 Ralph Bean <[email protected]> - 0.11.0-1 - Fix harmless error about twisted.words at daemon startup. - Optional shortening of links in IRC. - IRC bot now reconnects when dropped. - New fedmsg.meta.msg2long_form API. -------------------------------------------------------------------------------- ================================================================================ game-music-emu-0.6.0-5.fc19 (FEDORA-2014-12445) Video game music file emulation/playback library -------------------------------------------------------------------------------- Update Information: update to latest stable -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 16 2014 Fedora Release Engineering <[email protected]> - 0.6.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 0.6.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Sep 20 2013 Karel Volný <[email protected]> 0.6.0-3 - Adjust virtual provides according to further comments on bug#1006881 * Fri Sep 13 2013 Karel Volný <[email protected]> 0.6.0-2 - Add virtual provides libgme (bug #1006881) * Thu Aug 22 2013 Karel Volný <[email protected]> 0.6.0-1 - New release - See changes.txt for list of upstream changes - Adds pkgconfig file (+ patch to correct path) * Sat Aug 3 2013 Fedora Release Engineering <[email protected]> - 0.5.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ libmygpo-qt-1.0.8-2.fc19 (FEDORA-2014-12008) Qt4 Library that wraps the gpodder.net Web API -------------------------------------------------------------------------------- Update Information: Update to latest 1.0.8 release, adds Qt5 support, and fix cmake/pkgconfig header paths -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 9 2014 Rex Dieter <[email protected]> 1.0.8-2 - qt5-devel: fix typo in base pkg dependency * Wed Oct 1 2014 Rex Dieter <[email protected]> 1.0.8-1 - 1.0.8 - include path for cmake and chkconfig are wrong for libmygpo-qt (#1148246) - use github-hosted sources - Qt5 support: libmygpo-qt5,libmy-qt5-devel subpkgs * Sun Aug 17 2014 Fedora Release Engineering <[email protected]> - 1.0.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 1.0.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1148246 - libmygpo-qt: include path for cmake and pkgconfig are wrong https://bugzilla.redhat.com/show_bug.cgi?id=1148246 -------------------------------------------------------------------------------- ================================================================================ mksh-50d-1.fc19 (FEDORA-2014-12497) MirBSD enhanced version of the Korn Shell -------------------------------------------------------------------------------- Update Information: R50d is a required bugfix release: * Fix NULL pointer dereference on “unset x; nameref x” * Fix severe regression in field splitting (LP#1378208) * Add a warning about not using tainted user input (including from the environ(7)ment) in arithmetics, until Stéphane writes it up nicely -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 8 2014 Robert Scheck <[email protected]> 50d-1 - Upgrade to 50d (#1150493) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150493 - mksh-50d is available https://bugzilla.redhat.com/show_bug.cgi?id=1150493 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-WikiConverter-Markdown-0.06-1.fc19 (FEDORA-2014-12484) Convert HTML to Markdown markup -------------------------------------------------------------------------------- Update Information: Update to 0.06 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 8 2014 Jitka Plesnikova <[email protected]> - 0.06-1 - 0.06 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1127473 - Please update to upstream version >= 0.06 https://bugzilla.redhat.com/show_bug.cgi?id=1127473 -------------------------------------------------------------------------------- ================================================================================ perl-WWW-OrangeHRM-Client-0.9.0-1.fc19 (FEDORA-2014-12568) Client for OrangeHRM -------------------------------------------------------------------------------- Update Information: This release adjust to changes on SAML IDP side and it adds support for Kerberos authentication. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 8 2014 Petr Pisar <[email protected]> - 0.9.0-1 - 0.9.0 bump -------------------------------------------------------------------------------- ================================================================================ php-pear-Net-URL2-2.0.9-1.fc19 (FEDORA-2014-12450) Class for parsing and handling URL -------------------------------------------------------------------------------- Update Information: Upstream Changelog: Version 2.0.9 * Fixed #20418: Incorrect normalization of URI with missing authority * Upd: Test for RFC 3986 Section 1.1.2 Examples * Upd: Travis CI - PHP 5.6 added Version 2.0.8 * Fixed #20420: Inconsistent setAuthority and getAuthority * Fixed #20423: URI with IPv6 or IPvFuture not parsed * Imp: Test for RFC 3986 Section 1.1.2 Examples -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 9 2014 Remi Collet <[email protected]> - 2.0.9-1 - Update to 2.0.8 (stable) * Wed Oct 8 2014 Remi Collet <[email protected]> - 2.0.8-1 - Update to 2.0.8 (stable) -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.3.5-1.fc19 (FEDORA-2014-12559) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: Fix to anitya processor. Bugfixes to anitya and pkgdb processors. New koschei and anitya processors. Handle new pkgdb messages, certain legacy messages, and new bugzilla messages. git messages now return the full patch via a call to msg2long_form -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 9 2014 Ralph Bean <[email protected]> - 0.3.5-1 - Further fixes to anitya. * Wed Oct 8 2014 Ralph Bean <[email protected]> - 0.3.4-1 - Fixes to pkgdb and anitya processors. * Fri Oct 3 2014 Ralph Bean <[email protected]> - 0.3.3-1 - New koschei and anitya processors. * Mon Sep 29 2014 Ralph Bean <[email protected]> - 0.3.2-1 - Latest upstream. - Handle different types of legacy messages. - git messages now return the full patch via a call to msg2long_form. - future-proofing against new types of bugzilla messages. -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.3.36-1.fc19 (FEDORA-2014-12555) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: New upstream release fixing logging in openidbaseclient * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 7 2014 Toshio Kuratomi <[email protected]> - 0.3.36-1 - New upstream release fixing logging in openidbaseclient * Wed Aug 6 2014 Toshio Kuratomi <[email protected]> - 0.3.35-1 - Upstream 0.3.35 release that adds openidbaseclient * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 0.3.34-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150301 - Using "pkgdb-cli" leads to "NameError: name 'NullHandler' is not defined" https://bugzilla.redhat.com/show_bug.cgi?id=1150301 -------------------------------------------------------------------------------- ================================================================================ python-oauth2-1.5.211-8.fc19 (FEDORA-2014-12536) Python support for improved oauth -------------------------------------------------------------------------------- Update Information: Actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson). Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 8 2014 Tom Callaway <[email protected]> - 1.5.211-8 - actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007746 - CVE-2013-4346 python-oauth2: _check_signature() ignores the nonce value when validating signed urls https://bugzilla.redhat.com/show_bug.cgi?id=1007746 [ 2 ] Bug #1007758 - CVE-2013-4347 python-oauth2: Uses poor PRNG in nonce https://bugzilla.redhat.com/show_bug.cgi?id=1007758 -------------------------------------------------------------------------------- ================================================================================ razorqt-0.5.2-20.fc19 (FEDORA-2014-12560) Lightweight desktop toolbox -------------------------------------------------------------------------------- Update Information: rebuild with system libqtxdg-0.5.3 -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 5 2014 TI_Eugene <[email protected]> 0.5.2-20 - rebuild with system libqtxdg-0.5.3 * Sun Aug 17 2014 Fedora Release Engineering <[email protected]> - 0.5.2-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Aug 1 2014 Rex Dieter <[email protected]> 0.5.2-18 - revert (bundled) libqtxdg package version to 0.5.2 avoids conflicts with system liqtxdg * Fri Aug 1 2014 Rex Dieter <[email protected]> 0.5.2-17 - fix epel-6 build * Mon Jun 16 2014 TI_Eugene <[email protected]> 0.5.2-16 - Fixed bad "Requires: razorqt-data" version * Fri Jun 13 2014 TI_Eugene <[email protected]> 0.5.2-15 - Repackaging with libqtxdg-0.5.3 (builtin) * Sun Jun 8 2014 Fedora Release Engineering <[email protected]> - 0.5.2-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ sddm-0.9.0-2.20141007git6a28c29b.fc19 (FEDORA-2014-12407) QML based X11 desktop manager -------------------------------------------------------------------------------- Update Information: Bump to latest upstream git (and a new release), fixes CVE-2014-7271 and CVE-2014-7272 Sync to the newest upstream development, fixes authentication -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 9 2014 Martin Briza <[email protected]> - 0.9.0-2.20141007git6a28c29b - Remove pam_gnome_keyring.so (temporarily) from sddm.pam to fix impossibility to log out - Resolves: #1150283 * Tue Oct 7 2014 Martin Briza <[email protected]> - 0.9.0-1.20141007git6a28c29b - Bump to latest upstream git (and a new release) - Hack around focus problem in the Fedora theme - Compile against Qt5 - Removed upstreamed patch and files - Resolves: #1114192 #1119777 #1123506 #1125129 #1140386 #1112841 #1128463 #1128465 #1149608 #1149628 #1148659 #1148660 #1149610 #1149629 * Mon Aug 18 2014 Fedora Release Engineering <[email protected]> - 0.2.0-0.32.20140627gitf49c2c79 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 27 2014 Martin Briza <[email protected]> - 0.2.0-0.31.20140627gitf49c2c79 - Patch unitialized values in signal handler in the daemon * Fri Jun 27 2014 Martin Briza <[email protected]> - 0.2.0-0.30.20140627gitf49c2c79 - Bump to latest upstream, switch back to sddm project - Drop sddm.service - Enable manpage and journald support * Tue Jun 24 2014 Martin Briza <[email protected]> - 0.2.0-0.29.20140623gitdb1d7381 - Fix default config to respect the new /usr/share paths - Fixed multiple users after autologin * Mon Jun 23 2014 Martin Briza <[email protected]> - 0.2.0-0.28.20140623gitdb1d7381 - Fix Requires, release * Mon Jun 23 2014 Martin Briza <[email protected]> - 0.2.0-0.27.20131125gitdb1d7381 - Updated to the latest upstream git - Notable changes: Greeter runs under the sddm user, it's possible to configure display setup, different install paths in /usr/share - Resolves: #1034414 #1035939 #1035950 #1036308 #1038548 #1045722 #1045937 #1065715 #1082229 #1007067 #1027711 #1031745 #1008951 #1016902 #1031415 #1020921 * Sun Jun 8 2014 Fedora Release Engineering <[email protected]> - 0.2.0-0.26.20131125git7a008602 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 1 2014 Rex Dieter <[email protected]> 0.2.0-0.25.20131125git7a008602 - update pam config (+pam_kwallet,-pam_mate_keyring) * Mon Jan 27 2014 Adam Jackson <[email protected]> 0.2.0-0.24.20131125git7a008602 - Rebuild for new sonames in libxcb 1.10 * Mon Dec 16 2013 Martin Briza <[email protected]> - 0.2.0-0.23.20131125git7a008602 - Revert all work done on authentication, doesn't support multiple logins right now * Mon Nov 25 2013 Martin Briza <[email protected]> - 0.2.0-0.22.20131125git7a008602 - Fix saving of last session and user * Mon Nov 25 2013 Martin Briza <[email protected]> - 0.2.0-0.21.20131125git7a008602 - Rebase to current upstream - Fix the theme (and improve it by a bit) - Fix the authentication stack - Don't touch numlock on startup - Disabled the XDMCP server until it's accepted upstream - Resolves: #1016902 #1028799 #1031415 #1031745 #1020921 #1008951 #1004621 * Tue Nov 5 2013 Martin Briza <[email protected]> - 0.2.0-0.20.20130914git50ca5b20 - Fix xdisplay and tty vars * Tue Nov 5 2013 Martin Briza <[email protected]> - 0.2.0-0.19.20130914git50ca5b20 - Patch cleanup * Tue Nov 5 2013 Martin Briza <[email protected]> - 0.2.0-0.18.20130914git50ca5b20 - Cmake magic * Tue Nov 5 2013 Martin Briza <[email protected]> - 0.2.0-0.17.20130914git50ca5b20 - Rewritten the authentication stack to work right with PAM -------------------------------------------------------------------------------- References: [ 1 ] Bug #1149608 - CVE-2014-7271 sddm: user "sddm" can login without authentication. https://bugzilla.redhat.com/show_bug.cgi?id=1149608 [ 2 ] Bug #1148659 - sddm: multiple flaws in SDDM display manager leading to privilege escalation to root https://bugzilla.redhat.com/show_bug.cgi?id=1148659 [ 3 ] Bug #1149610 - CVE-2014-7272 sddm: several local privileges escalation issues https://bugzilla.redhat.com/show_bug.cgi?id=1149610 -------------------------------------------------------------------------------- ================================================================================ xfce4-session-4.10.1-2.fc19 (FEDORA-2014-12547) Xfce session manager -------------------------------------------------------------------------------- Update Information: Update to fix bug 1150207 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 8 2014 Mukundan Ragavan <[email protected]> - 4.10.1-2 - Add patch for fixing bashisms. Fixes bug 1150207 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150207 - bashisms in startxfce4 https://bugzilla.redhat.com/show_bug.cgi?id=1150207 -------------------------------------------------------------------------------- -- test mailing list [email protected] To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
