The following Fedora 19 Security updates need testing:
Age URL
371
https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glanc...
183
https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
134
https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19
132
https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10....
77
https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7....
52
https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-...
51
https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1...
36
https://admin.fedoraproject.org/updates/FEDORA-2014-11544/drupal6-6.33-1....
29
https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29....
22
https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.9.0-2.20...
15
https://admin.fedoraproject.org/updates/FEDORA-2014-13044/thunderbird-31....
15
https://admin.fedoraproject.org/updates/FEDORA-2014-12994/firefox-33.0-1....
15
https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2...
15
https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1...
10
https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0....
5
https://admin.fedoraproject.org/updates/FEDORA-2014-13570/php-Smarty-3.1....
5
https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-13794/subscription-ma...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-13778/hostapd-2.0-5.fc19
4
https://admin.fedoraproject.org/updates/FEDORA-2014-13764/Pound-2.6-8.fc19
4
https://admin.fedoraproject.org/updates/FEDORA-2014-13753/seamonkey-2.30-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-14089/wget-1.16-1.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-13702/konversation-1....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-14066/php-sabredav-Sa...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-14068/kernel-3.14.23-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-14043/php-ZendFramewo...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-14059/mokutil-0.2.0-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-14005/fedup-0.9.0-1.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
319
https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmark...
245
https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2....
11
https://admin.fedoraproject.org/updates/FEDORA-2014-13362/perl-Encode-2.5...
10
https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0....
10
https://admin.fedoraproject.org/updates/FEDORA-2014-13434/curl-7.29.0-24....
5
https://admin.fedoraproject.org/updates/FEDORA-2014-13549/xulrunner-33.0-...
5
https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-...
3
https://admin.fedoraproject.org/updates/FEDORA-2014-13880/device-mapper-p...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-14068/kernel-3.14.23-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-14047/qtwebkit-2.3.4-...
The following builds have been pushed to Fedora 19 updates-testing
dyninst-8.2.1-1.fc19
golang-github-russross-blackfriday-1.2-2.fc19
nodejs-seq-0.3.5-3.fc19
pdns-recursor-3.6.2-1.fc19
php-ZendFramework2-2.2.8-2.fc19
wget-1.16-1.fc19
Details about builds:
================================================================================
dyninst-8.2.1-1.fc19 (FEDORA-2014-14115)
An API for Run-time Code Generation
--------------------------------------------------------------------------------
Update Information:
Update to point release 8.2.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Josh Stone <jistone(a)redhat.com> - 8.2.1-1
- Update to point release 8.2.1.
--------------------------------------------------------------------------------
================================================================================
golang-github-russross-blackfriday-1.2-2.fc19 (FEDORA-2014-14131)
Markdown processor implemented in Go
--------------------------------------------------------------------------------
Update Information:
runtime requires
go.net/html
--------------------------------------------------------------------------------
================================================================================
nodejs-seq-0.3.5-3.fc19 (FEDORA-2014-14137)
An asynchronous flow control library
--------------------------------------------------------------------------------
Update Information:
Initial package. Fix chainsaw module dependency version
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1142050 - Review Request: nodejs-seq - An asynchronous flow control library
https://bugzilla.redhat.com/show_bug.cgi?id=1142050
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-3.6.2-1.fc19 (FEDORA-2014-14101)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
- Update to 3.6.2
- Enable security status polling
Version 3.6.2 is a bugfix update to 3.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Morten Stevens <mstevens(a)imt-systems.com> - 3.6.2-1
- Update to 3.6.2
- Enable security status polling
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework2-2.2.8-2.fc19 (FEDORA-2014-14043)
Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
# Security Fixes
- **ZF2014-05**: Due to an issue that existed in PHP's LDAP extension, it is possible
to perform an unauthenticated simple bind against a LDAP server by using a null byte for
the password, regardless of whether or not the user normally requires a password. We have
provided a patch in order to protect users of unpatched PHP versions (PHP 5.5 <=
5.5.11, PHP 5.4 <= 5.4.27, all versions of PHP 5.3 and below). If you use Zend\Ldap and
are on an affected version of PHP, we recommend upgrading immediately.
- **ZF2014-06**: A potential SQL injection vector existed when using a SQL Server adapter
to manually quote values due to the fact that it was not escaping null bytes. Code was
added to ensure null bytes are escaped, and thus mitigate the SQLi vector. We do not
recommend manually quoting values, but if you do, and use the SQL Server adapter without
PDO, we recommend upgrading immediately.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.2.8-2
- Removed invalid zend-resources require from Validation component
* Tue Oct 28 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.2.8-1
- Updated to 2.2.8
- BZ #1151276 / CVE-2014-8088 / ZF2014-05
- BZ #1151277 / CVE-2014-8089 / ZF2014-06
- BZ #1151278 (fedora)
- BZ #1151280 (epel6)
- Added composer virtual provides and requires
- APC optional for ProgressBar component
- Added tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP
without knowing the password (ZF2014-05)
https://bugzilla.redhat.com/show_bug.cgi?id=1151276
[ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue when using the
sqlsrv PHP extension (ZF2014-06)
https://bugzilla.redhat.com/show_bug.cgi?id=1151277
--------------------------------------------------------------------------------
================================================================================
wget-1.16-1.fc19 (FEDORA-2014-14089)
A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:
security update
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Tomas Hozza <thozza(a)redhat.com> - 1.16-1
- update to 1.16
- fixes CVE-2014-4877
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access
https://bugzilla.redhat.com/show_bug.cgi?id=1139181
--------------------------------------------------------------------------------