The following Fedora 19 Security updates need testing:
Age URL
159
https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glanc...
96
https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1...
77
https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5....
50
https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-s...
42
https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2....
18
https://admin.fedoraproject.org/updates/FEDORA-2014-3839/udisks-1.0.4-12....
12
https://admin.fedoraproject.org/updates/FEDORA-2014-4180/tigervnc-1.3.0-1...
11
https://admin.fedoraproject.org/updates/FEDORA-2014-4208/ca-certificates-...
11
https://admin.fedoraproject.org/updates/FEDORA-2014-4210/openstack-keysto...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-4330/seamonkey-2.25-1...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-4424/xen-4.2.4-3.fc19
6
https://admin.fedoraproject.org/updates/FEDORA-2014-4454/perl-Authen-Capt...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-4426/xalan-j2-2.7.1-2...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-4438/libyaml-0.1.6-1....
3
https://admin.fedoraproject.org/updates/FEDORA-2014-4511/mediawiki-1.21.8...
3
https://admin.fedoraproject.org/updates/FEDORA-2014-4462/munin-2.0.20-1.fc19
3
https://admin.fedoraproject.org/updates/FEDORA-2014-4517/perl-YAML-LibYAM...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4603/php-ZendFramewor...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4636/php-ZendFramewor...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4676/a2ps-4.14-23.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4665/kernel-3.13.8-10...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4711/cups-filters-1.0...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4720/mod_security-2.7...
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
107
https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmark...
33
https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2....
12
https://admin.fedoraproject.org/updates/FEDORA-2014-4110/pango-1.34.1-3.fc19
12
https://admin.fedoraproject.org/updates/FEDORA-2014-4180/tigervnc-1.3.0-1...
11
https://admin.fedoraproject.org/updates/FEDORA-2014-4216/selinux-policy-3...
10
https://admin.fedoraproject.org/updates/FEDORA-2014-4228/nss-util-3.16.0-...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-4292/xorg-x11-drv-syn...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-3970/kde-workspace-4....
6
https://admin.fedoraproject.org/updates/FEDORA-2014-4384/cups-1.6.4-4.fc19
3
https://admin.fedoraproject.org/updates/FEDORA-2014-4486/ibus-1.5.6-2.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4692/bash-4.2.46-1.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4665/kernel-3.13.8-10...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4635/libvpx-1.3.0-4.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4624/xdg-utils-1.1.0-...
The following builds have been pushed to Fedora 19 updates-testing
bacula-5.2.13-18.fc19
bash-4.2.46-1.fc19
cinnamon-2.0.14-16.fc19
cinnamon-session-2.0.6-1.fc19
cups-filters-1.0.41-6.fc19
esniper-2.29.0-1.fc19
iperf3-3.0.3-2.fc19
mate-desktop-1.6.2-2.fc19
mate-file-manager-1.6.4-2.fc19
mod_security-2.7.5-3.fc19
nodejs-jade-1.3.0-3.fc19
nodejs-supertest-0.9.0-1.fc19
subnetcalc-2.2.1-1.fc19
uglify-js-2.4.13-3.fc19
vdsm-4.13.4-0.fc19
xsane-0.999-11.fc19
yagf-0.9.3.1-1.fc19
Details about builds:
================================================================================
bacula-5.2.13-18.fc19 (FEDORA-2014-4726)
Cross platform network backup for Linux, Unix, Mac and Windows
--------------------------------------------------------------------------------
Update Information:
Fix Nagios plugin directory dependency.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Simone Caronni <negativo17(a)gmail.com> - 5.2.13-18
- Add missing requirement for Nagios plugin folder.
- Update queryfile patch.
- Update man pages patch.
--------------------------------------------------------------------------------
================================================================================
bash-4.2.46-1.fc19 (FEDORA-2014-4692)
The GNU Bourne Again shell
--------------------------------------------------------------------------------
Update Information:
Bash upstream released an official patchlevel fixing regresions introduced in patchlevel
32.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Ondrej Oprala <ooprala(a)redhat.com> - 4.2.46-1
- Patchlevel 46
--------------------------------------------------------------------------------
================================================================================
cinnamon-2.0.14-16.fc19 (FEDORA-2014-4712)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
- Fix cheese issue.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2014 Leigh Scott <leigh123linux(a)googlemail.com> - 2.0.14-16
- add patch to disable xinput for cinnamon only (bz 873434)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #873434 - When cheese 3.6.1 is started the screen is black
https://bugzilla.redhat.com/show_bug.cgi?id=873434
--------------------------------------------------------------------------------
================================================================================
cinnamon-session-2.0.6-1.fc19 (FEDORA-2014-4712)
Cinnamon session manager
--------------------------------------------------------------------------------
Update Information:
- Fix cheese issue.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2014 Leigh Scott <leigh123linux(a)googlemail.com> - 2.0.6-1
- update to 2.0.6
- readd Br pangox-compat-devel for epel
- add upstream fix for clutter xinput (bz 873434)
* Mon Jan 13 2014 Leigh Scott <leigh123linux(a)googlemail.com> - 2.0.5-2
- make changes for epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #873434 - When cheese 3.6.1 is started the screen is black
https://bugzilla.redhat.com/show_bug.cgi?id=873434
--------------------------------------------------------------------------------
================================================================================
cups-filters-1.0.41-6.fc19 (FEDORA-2014-4711)
OpenPrinting CUPS filters and backends
--------------------------------------------------------------------------------
Update Information:
Update fixes remote command injection vulnerability in cups-browsed.
This update removes unused pdftoopvp and urftopdf filters.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2014 Jiri Popelka <jpopelka(a)redhat.com> - 1.0.41-6
- Remote command injection in cups-browsed (bug #1083327).
* Tue Mar 11 2014 Jiri Popelka <jpopelka(a)redhat.com> - 1.0.41-5
- Don't ship pdftoopvp (#1027557) and urftopdf (#1002947).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1083326 - cups-filters: remote command injection in cups-browsed
https://bugzilla.redhat.com/show_bug.cgi?id=1083326
--------------------------------------------------------------------------------
================================================================================
esniper-2.29.0-1.fc19 (FEDORA-2014-4706)
A lightweight console application for sniping eBay auctions
--------------------------------------------------------------------------------
Update Information:
This is a major update to fix bugs #647 .. #656 caused by ebay's changes to the login
and bid pages.
http://sourceforge.net/p/esniper/bugs/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2014 Volker Fröhlich <volker27(a)gmx.at> - 2.29.0-1
- New upstream release
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.28.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
iperf3-3.0.3-2.fc19 (FEDORA-2014-4721)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:
Moved static library to devel section only
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2014 Susant Sahani <ssahani(a)redhat.com> 3.0.3-2
- Moved static library to devel section only .
* Sun Mar 30 2014 Susant Sahani <ssahani(a)redhat.com> 3.0.3-1
- Update to 3.0.3 and added devel rpm support
--------------------------------------------------------------------------------
================================================================================
mate-desktop-1.6.2-2.fc19 (FEDORA-2014-4693)
Shared code for mate-panel, mate-session, mate-file-manager, etc
--------------------------------------------------------------------------------
Update Information:
remove caja-autostart delay
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.6.2-2
- use modern 'make install' macro
- remove caja-autostart gsettings override
- move gtk-docs to -devel subpackage
--------------------------------------------------------------------------------
================================================================================
mate-file-manager-1.6.4-2.fc19 (FEDORA-2014-4693)
File manager for MATE
--------------------------------------------------------------------------------
Update Information:
remove caja-autostart delay
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.6.4-2
- add upstream patch for fixing x-caja-windows issue
- end of a long story :)
- add remove-ck-usage upstream patch
- don't use caja-autostart script anymore
- switch back to matesession usage
* Fri Mar 14 2014 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.6.4-1
- update to 1.6.4 release
- remove non existent COPYING-DOCS file
- add missing update-desktop-database rpm scriptlets
- use modern 'make install' macro
- clean spec file from using tabs and 'macro in comment'
--------------------------------------------------------------------------------
================================================================================
mod_security-2.7.5-3.fc19 (FEDORA-2014-4720)
Security module for the Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
Fix Chunked string case sensitive issue (CVE-2013-5705, RHBZ #1082904 #1082905 #1082906)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Athmane Madjoudj <athmane(a)fedoraproject.org> 2.7.5-3
- Fix Chunked string case sensitive issue (CVE-2013-5705, RHBZ #1082904 #1082905
#1082906)
* Sat Aug 3 2013 Petr Pisar <ppisar(a)redhat.com> - 2.7.5-2
- Perl 5.18 rebuild
* Tue Jul 30 2013 Athmane Madjoudj <athmane(a)fedoraproject.org> 2.7.5-1
- Update to 2.7.5
* Thu Jul 18 2013 Petr Pisar <ppisar(a)redhat.com> - 2.7.4-2
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1082904 - CVE-2013-5705 mod_security: bypass of intended rules via chunked
requests
https://bugzilla.redhat.com/show_bug.cgi?id=1082904
--------------------------------------------------------------------------------
================================================================================
nodejs-jade-1.3.0-3.fc19 (FEDORA-2014-4730)
Jade template engine for Node.js
--------------------------------------------------------------------------------
Update Information:
introduce symlink to /usr/bin/jade-nodejs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1.3.0-3
- include _bindir/jade-nodejs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1082964 - no commandline jade
https://bugzilla.redhat.com/show_bug.cgi?id=1082964
--------------------------------------------------------------------------------
================================================================================
nodejs-supertest-0.9.0-1.fc19 (FEDORA-2014-4705)
A superagent driven library for testing HTTP servers
--------------------------------------------------------------------------------
Update Information:
initial package
--------------------------------------------------------------------------------
================================================================================
subnetcalc-2.2.1-1.fc19 (FEDORA-2014-4696)
An IPv4/IPv6 Subnet Calculator
--------------------------------------------------------------------------------
Update Information:
IPv6 support fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 15 2014 Christopher Meng <rpm(a)cicku.me> - 2.2.1-1
- Update to 2.2.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1082322 - subnetcalc-2.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1082322
--------------------------------------------------------------------------------
================================================================================
uglify-js-2.4.13-3.fc19 (FEDORA-2014-4714)
JavaScript parser, mangler/compressor and beautifier toolkit
--------------------------------------------------------------------------------
Update Information:
pretrans script should run in js-uglify subpackage (#1082946)
port to new multi-version and browser JavaScript guidelines
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 2.4.13-3
- pretrans script should run in js-uglify subpackage (#1082946)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1082946 - Update from uglify-js-common to js-uglify fails
https://bugzilla.redhat.com/show_bug.cgi?id=1082946
[ 2 ] Bug #1055177 - uglify-js should be using the proper system for packaging multiple
npm versions
https://bugzilla.redhat.com/show_bug.cgi?id=1055177
--------------------------------------------------------------------------------
================================================================================
vdsm-4.13.4-0.fc19 (FEDORA-2014-4717)
Virtual Desktop Server Manager
--------------------------------------------------------------------------------
Update Information:
vdsm-4.13.4 for ovirt-3.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2014 Douglas Schilling Landgraf <dougsland(a)redhat.com> - 4.13.4
- vdsm-4.13.4 for ovirt-3.3.5
--------------------------------------------------------------------------------
================================================================================
xsane-0.999-11.fc19 (FEDORA-2014-4132)
X Window System front-end for the SANE scanner interface
--------------------------------------------------------------------------------
Update Information:
This update fixes a crash that could occur when receiving signals in short succession.
Additionally, it fixes issues found during source code analysis.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2014 Nils Philippsen <nils(a)redhat.com> - 0.999-11
- fix coverity patch: ensure directories exist instead of indiscriminately
attempting to create them (#1079586)
* Wed Mar 19 2014 Nils Philippsen <nils(a)redhat.com> - 0.999-10
- fix signal handling (#1073698)
- fix issues found during static analysis that don't require far-reaching
refactoring
* Mon Sep 23 2013 Nils Philippsen <nils(a)redhat.com> - 0.999-7
- get rid of ancient compat cruft
- build against lcms2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1073698 - [abrt] xsane: sane_dll_close(): xsane killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1073698
[ 2 ] Bug #1079586 - xsane starts with a lot of error messages, and doesn't load
saved configuration parameters
https://bugzilla.redhat.com/show_bug.cgi?id=1079586
--------------------------------------------------------------------------------
================================================================================
yagf-0.9.3.1-1.fc19 (FEDORA-2014-4718)
Graphical front-end for cuneiform
--------------------------------------------------------------------------------
Update Information:
New 0.9.3.1 version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2014 Dmitrij S. Kryzhevich <krege(a)land.ru> 0.9.3.1-1
- Update to 0.9.3.1.
* Sat Feb 22 2014 Dmitrij S. Kryzhevich <krege(a)land.ru> 0.9.3-1
- Update to 0.9.3.
- Fix prev. bogus dates (Thu -> Tue).
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.9.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------