The following Fedora 19 Security updates need testing: Age URL 321 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2... 133 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 84 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 83 https://admin.fedoraproject.org/updates/FEDORA-2014-7570/asterisk-11.10.2-2.... 82 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1... 82 https://admin.fedoraproject.org/updates/FEDORA-2014-7610/perl-Email-Address-... 73 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 50 https://admin.fedoraproject.org/updates/FEDORA-2014-8771/ReviewBoard-1.7.27-... 35 https://admin.fedoraproject.org/updates/FEDORA-2014-9162/xulrunner-31.0-1.fc... 27 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3... 22 https://admin.fedoraproject.org/updates/FEDORA-2014-9602/polkit-qt-0.112.0-1... 22 https://admin.fedoraproject.org/updates/FEDORA-2014-9619/ca-certificates-201... 14 https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-9703/cups-1.6.4-10.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-9624/GraphicsMagick-1.3.... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10491/torque-3.0.4-4.fc1... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10569/kernel-3.14.18-100... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10359/procmail-3.22-36.f... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-8.2... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10649/xerces-j2-2.11.0-1... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10628/pdns-recursor-3.6.... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10714/curl-7.29.0-23.fc1... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10746/not-yet-commons-ss...
The following Fedora 19 Critical Path updates have yet to be approved: Age URL 269 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-1... 195 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc1... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10569/kernel-3.14.18-100... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10326/elfutils-0.160-1.f... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10441/libbluray-0.6.2-1.... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10359/procmail-3.22-36.f... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10478/firefox-32.0-1.fc1... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10714/curl-7.29.0-23.fc1...
The following builds have been pushed to Fedora 19 updates-testing
OpenColorIO-1.0.9-1.1.fc19 curl-7.29.0-23.fc19 dar-2.4.15-1.fc19 golang-googlecode-tools-0-1.0.hgd32b5854c941.fc19 gsoap-2.8.12-7.fc19 libgweather-3.8.4-3.fc19 librecad-2.0.5-2.fc19 linux-igd-1.0-19.fc19 mksh-50b-1.fc19 not-yet-commons-ssl-0.3.15-2.fc19 perl-Data-Faker-0.10-2.fc19 perl-MIME-Lite-TT-HTML-0.04-1.fc19 php-Raven-0.10.0-1.fc19 php-jsonlint-1.3.0-1.fc19 siege-3.0.8-1.fc19 tzdata-2014g-1.fc19 ugene-1.14.1-1.fc19 vdsm-4.16.4-0.fc19 zabbix-2.0.13-1.fc19
Details about builds:
================================================================================ OpenColorIO-1.0.9-1.1.fc19 (FEDORA-2014-10748) Enables color transforms and image display across graphics apps -------------------------------------------------------------------------------- Update Information:
Update to latest upstream bugfix release. -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 6 2013 Richard Shaw hobbes1069@gmail.com - 1.0.9-1.1 - Update to latest upstream release. --------------------------------------------------------------------------------
================================================================================ curl-7.29.0-23.fc19 (FEDORA-2014-10714) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information:
- use only full matches for hosts used as IP address in cookies (CVE-2014-3613) - reject incoming cookies set for top level domains (CVE-2014-3620) -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Kamil Dudka kdudka@redhat.com 7.29.0-23 - use only full matches for hosts used as IP address in cookies (CVE-2014-3613) - reject incoming cookies set for top level domains (CVE-2014-3620) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1138846 - CVE-2014-3620 curl: cookies accepted for TLDs https://bugzilla.redhat.com/show_bug.cgi?id=1138846 [ 2 ] Bug #1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain https://bugzilla.redhat.com/show_bug.cgi?id=1136154 --------------------------------------------------------------------------------
================================================================================ dar-2.4.15-1.fc19 (FEDORA-2014-10745) Software for making/restoring incremental CD/DVD backups -------------------------------------------------------------------------------- Update Information:
dar-2.4.15 is available -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Luis Bazan lbazan@fedoraproject.org - 2.4.15-1 - new upstream version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1138940 - dar-2.4.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1138940 --------------------------------------------------------------------------------
================================================================================ golang-googlecode-tools-0-1.0.hgd32b5854c941.fc19 (FEDORA-2014-10754) Supplementary tools and packages for Go -------------------------------------------------------------------------------- Update Information:
updating to the current latest go.tools fix bz1129281 and cleanup file ownership -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 19 2014 Vincent Batts vbatts@fedoraproject.org - 0-1.0.hgd32b5854c941 - updating to the current latest go.tools * Tue Aug 19 2014 Vincent Batts vbatts@fedoraproject.org - 0-0.9.hg17c8fe23290a - setting an epoch for godoc to fix bz1099074 * Sat Aug 16 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0-0.8.hg17c8fe23290a - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Aug 12 2014 Vincent Batts vbatts@redhat.com 0-0.7.hg17c8fe23290a - fix bz1129281 and cleanup file ownership * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0-0.6.hg17c8fe23290a - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Jan 16 2014 Vincent Batts vbatts@redhat.com 0-0.5.hg17c8fe23290a - working on the arch dependencies - clean up file ownership * Thu Dec 5 2013 Vincent Batts vbatts@redhat.com 0-0.4.hg17c8fe23290a - golang-godoc to obsolete the package from golang 1.1.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1130572 - Update to newer commit of upstream https://bugzilla.redhat.com/show_bug.cgi?id=1130572 [ 2 ] Bug #1129281 - `go tools cover` is not resolved https://bugzilla.redhat.com/show_bug.cgi?id=1129281 --------------------------------------------------------------------------------
================================================================================ gsoap-2.8.12-7.fc19 (FEDORA-2014-9760) Generator Tools for Coding SOAP/XML Web Services in C and C++ -------------------------------------------------------------------------------- Update Information:
Try next interface on connect failure. -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 11 2014 Mattias Ellert mattias.ellert@fysast.uu.se - 2.8.12-7 - Try next interface also in case of EINPROGRESS * Mon Aug 25 2014 Mattias Ellert mattias.ellert@fysast.uu.se - 2.8.12-6 - Try next interface on connect failure (backport) - Fix default import paths for soapcpp2 and wsdl2h -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1131327 - Zarafa ical and dagent fail authentication https://bugzilla.redhat.com/show_bug.cgi?id=1131327 --------------------------------------------------------------------------------
================================================================================ libgweather-3.8.4-3.fc19 (FEDORA-2014-10728) A library for weather information -------------------------------------------------------------------------------- Update Information:
This update adopts to an API change in the yr.no weather forecast service that went into effect in September 9, 2014. -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 11 2014 Kalev Lember kalevlember@gmail.com - 3.8.4-3 - Really apply the patch * Thu Sep 11 2014 Kalev Lember kalevlember@gmail.com - 3.8.4-2 - Adapt to yr.no API changes (#1140475) * Thu Sep 11 2014 Kalev Lember kalevlember@gmail.com - 3.8.4-1 - Update to 3.8.4 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1140475 - yr.no API changes https://bugzilla.redhat.com/show_bug.cgi?id=1140475 --------------------------------------------------------------------------------
================================================================================ librecad-2.0.5-2.fc19 (FEDORA-2014-10744) Computer Assisted Design (CAD) Application -------------------------------------------------------------------------------- Update Information:
Update to 2.0.5, add Architect and Electronic parts libraries. New package - librecad - Computer Assisted Design (CAD) Application -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 11 2014 Tom Callaway spot@fedoraproject.org - 2.0.5-2 - add Architect8 and Electronic8 parts libraries * Mon Aug 18 2014 Richard Shaw hobbes1069@gmail.com - 2.0.5-1 - Update to latest upstream release. * Mon Aug 18 2014 Rex Dieter rdieter@fedoraproject.org 2.0.4-4 - update mime scriptlets * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.0.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.0.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1131032 - librecad-2.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1131032 [ 2 ] Bug #1129501 - Part libraries for LibreCAD, 'Electronic5-LCAD.zip' and 'Architect3-LCAD.zip' https://bugzilla.redhat.com/show_bug.cgi?id=1129501 [ 3 ] Bug #950171 - Review Request: librecad - Computer Assisted Design (CAD) Application https://bugzilla.redhat.com/show_bug.cgi?id=950171 --------------------------------------------------------------------------------
================================================================================ linux-igd-1.0-19.fc19 (FEDORA-2014-10708) The Linux UPNP Internet GATEWAY DEVICE -------------------------------------------------------------------------------- Update Information:
Fix some packaging bugs. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Michael Cronenworth mike@cchtml.com - 1.0-19 - Many packaging fixes (BZ# 850189, 903740) * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #850189 - Introduce new systemd-rpm macros in linux-igd spec file https://bugzilla.redhat.com/show_bug.cgi?id=850189 [ 2 ] Bug #903740 - Start up object won't start the service https://bugzilla.redhat.com/show_bug.cgi?id=903740 --------------------------------------------------------------------------------
================================================================================ mksh-50b-1.fc19 (FEDORA-2014-10724) MirBSD enhanced version of the Korn Shell -------------------------------------------------------------------------------- Update Information:
R50 is a recommended bugfix release:
* Fix operator description in the manpage * Change all mention of “eglibc” to “glibc”, it is merged back * Fix rare infinite loop with invalid UTF-8 in the edit buffer * Make more clear when a shell is interactive in the manpage * Document that % is a symmetric remainder operation, and how to get a mathematical modulus from it, in the manpage * Make the cat(1) builtin also interruptible in the write loop, not just in the read loop, and avoid it getting SIGPIPE in the smores function in dot.mkshrc by terminating cat upon user quit * Make some comments match the code, after jaredy from obsd changed IFS split handling * Fix some IFS-related mistakes in the manual page * Document another issue as known-to-fail test IFS-subst-3 * Improve check.pl output in some cases * Relax overzealous nameref RHS checks -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 11 2014 Robert Scheck robert@fedoraproject.org 50b-1 - Upgrade to 50b * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 50-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ not-yet-commons-ssl-0.3.15-2.fc19 (FEDORA-2014-10746) Library to make SSL and Java Easier -------------------------------------------------------------------------------- Update Information:
Fix jar path in install. Update to upstream 0.3.15. Fixes CVE-2014-3604 . -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 11 2014 Alexander Kurtakov akurtako@redhat.com 0.3.15-2 - Fix jar path in install. * Tue Sep 9 2014 Alexander Kurtakov akurtako@redhat.com 0.3.15-1 - Update to upstream 0.3.15. - Fixes CVE-2014-3604 . * Mon Jun 9 2014 Alexander Kurtakov akurtako@redhat.com 0.3.11-12 - Fix FTBFS. * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.3.11-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.3.11-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1132747 - CVE-2014-3604 not-yet-commons-ssl: Not Yet Commons SSL: Hostname verification susceptible to MITM attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1132747 --------------------------------------------------------------------------------
================================================================================ perl-Data-Faker-0.10-2.fc19 (FEDORA-2014-10742) Perl extension for generating fake data -------------------------------------------------------------------------------- Update Information:
perl-Data-Faker: initial submission -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1138971 - Review Request: perl-Data-Faker - Perl extension for generating fake data https://bugzilla.redhat.com/show_bug.cgi?id=1138971 --------------------------------------------------------------------------------
================================================================================ perl-MIME-Lite-TT-HTML-0.04-1.fc19 (FEDORA-2014-10730) MIME::Lite::TT::HTML - Create html mail with MIME::Lite and TT -------------------------------------------------------------------------------- Update Information:
New package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1135168 - Review Request: perl-MIME-Lite-TT-HTML - Create html mail with MIME::Lite and TT https://bugzilla.redhat.com/show_bug.cgi?id=1135168 --------------------------------------------------------------------------------
================================================================================ php-Raven-0.10.0-1.fc19 (FEDORA-2014-10720) A PHP client for Sentry -------------------------------------------------------------------------------- Update Information:
### 0.10.0
- Added a default certificate bundle
### 0.9.1
- Change default curl connection to 'sync' - Improve CLI reporting -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 11 2014 Shawn Iwinski shawn.iwinski@gmail.com - 0.10.0-1 - Updated to 0.10.0 (BZ #1138284) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1138284 - php-Raven-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1138284 [ 2 ] Bug #1134284 - php-Raven-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1134284 --------------------------------------------------------------------------------
================================================================================ php-jsonlint-1.3.0-1.fc19 (FEDORA-2014-10739) JSON Lint for PHP -------------------------------------------------------------------------------- Update Information:
### 1.3.0 (2014-09-05)
* Added parsing to an associative array via JsonParser::PARSE_TO_ASSOC * Fixed a warning when rendering parse errors on empty lines -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 11 2014 Shawn Iwinski shawn.iwinski@gmail.com - 1.3.0-1 - Updated to 1.3.0 (BZ #1138911) * Sat Aug 23 2014 Shawn Iwinski shawn.iwinski@gmail.com - 1.2.0-2 - %license usage -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1138911 - php-jsonlint-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1138911 --------------------------------------------------------------------------------
================================================================================ siege-3.0.8-1.fc19 (FEDORA-2014-10740) HTTP regression testing and benchmarking utility -------------------------------------------------------------------------------- Update Information:
Update to new upstream release 3.0.8 (rhbz#1132901) -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 11 2014 Fabian Affolter mail@fabian-affolter.ch - 3.0.8-1 - Update to new upstream release 3.0.8 (rhbz#1132901) * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.0.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.0.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1132901 - siege-3.0.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1132901 --------------------------------------------------------------------------------
================================================================================ tzdata-2014g-1.fc19 (FEDORA-2014-10747) Timezone data -------------------------------------------------------------------------------- Update Information:
Rebase to 2014g - Turks & Caicos is switching from US eastern time to UTC-4 year-round, modeled as a switch from EST/EDT to AST on 2014-11-02 at 02:00. Rebase to 2014f - Russian time zone changes effective October 26, 2014 - Several other changes as documented in the NEWS file.
-------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Patsy Franklin pfrankli@redhat.com - 2014g-1 - Rebase to 2014g - Turks & Caicos is switching from US eastern time to UTC-4 year-round, modeled as a switch from EST/EDT to AST on 2014-11-02 at 02:00. * Thu Aug 14 2014 Patsy Franklin pfrankli@redhat.com - 2014f-1 - Rebase to 2014f - Russian time zone changes effective 2014-10-26 - Several other time zone abbreviation changes as described in the NEWS file. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1136301 - tzdata-2014g is available https://bugzilla.redhat.com/show_bug.cgi?id=1136301 [ 2 ] Bug #1127671 - tzdata-2014f is available https://bugzilla.redhat.com/show_bug.cgi?id=1127671 --------------------------------------------------------------------------------
================================================================================ ugene-1.14.1-1.fc19 (FEDORA-2014-10718) Integrated bioinformatics toolkit -------------------------------------------------------------------------------- Update Information:
This is patch release that contains several major bug fixes and minor interface improvements requested by users.
-------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 11 2014 Yulia Algaer yalgaer@unipro.ru 1.14.1-1 - Upstream version change --------------------------------------------------------------------------------
================================================================================ vdsm-4.16.4-0.fc19 (FEDORA-2014-10725) Virtual Desktop Server Manager -------------------------------------------------------------------------------- Update Information:
vdsm tag 4.16.4 vdsm tag 4.14.11-2 vdsm tag 4.14.11.1 vdsm tag 4.14.11 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Douglas Schilling Landgraf dougsland@redhat.com - 4.16.4-0 - vdsm tag 4.16.4 * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.16.0-7.git5d3ed2d - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Jun 30 2014 Douglas Schilling Landgraf dougsland@redhat.com - 4.16.0-6.git5d3ed2d - vdsm 4.16.0-6.git5d3ed2d * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.14.8.1-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ zabbix-2.0.13-1.fc19 (FEDORA-2014-10722) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information:
This update should solve all standing problems related to PID file directories as well as the trouble with directory ownership through zabbix, when the agent is not installed.
http://www.zabbix.com/rn2.0.13.php -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Volker Fröhlich volker27@gmx.at - 2.0.13-1 - New upstream release; Remove obsolete patches for ZBX-8151 and ZBX-8238 - Use the upstream tarball, now that non-free json was replaced with android-json - Clean between builds, otherwise zabbix_{proxy,server} are compiled again on install; make server and proxy package noarch now - Set the service type to forking in unit files (BZ 1132437), add PIDFile entry, remove RemainAfterExit, change /var/run to /run - Install tmpfiles configuration in the proper location per guidelines, thus solving the startup trouble due to missing directories (respectively BZ 1115251, 1081584, 982001, 1135696) - Harmonize package descriptions and summaries -------------------------------------------------------------------------------- References:
[ 1 ] Bug #982001 - zabbix-agent won't start due to missing /var/run/zabbix dir in package https://bugzilla.redhat.com/show_bug.cgi?id=982001 --------------------------------------------------------------------------------