The following Fedora 19 Security updates need testing:
Age URL
180
https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glanc...
117
https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1...
21
https://admin.fedoraproject.org/updates/FEDORA-2014-4676/a2ps-4.14-23.fc19
21
https://admin.fedoraproject.org/updates/FEDORA-2014-4711/cups-filters-1.0...
9
https://admin.fedoraproject.org/updates/FEDORA-2014-5024/smb4k-1.1.1-2.fc19
9
https://admin.fedoraproject.org/updates/FEDORA-2014-4975/json-c-0.11-6.fc19
9
https://admin.fedoraproject.org/updates/FEDORA-2014-5031/elfutils-0.158-3...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-4384/cups-1.6.4-5.fc19
7
https://admin.fedoraproject.org/updates/FEDORA-2014-5236/syncevolution-1....
7
https://admin.fedoraproject.org/updates/FEDORA-2014-5233/kernel-3.13.10-1...
5
https://admin.fedoraproject.org/updates/FEDORA-2014-5290/java-1.8.0-openj...
5
https://admin.fedoraproject.org/updates/FEDORA-2014-5308/srm-1.2.13-1.fc19
5
https://admin.fedoraproject.org/updates/FEDORA-2014-5284/drupal7-7.27-1.f...
5
https://admin.fedoraproject.org/updates/FEDORA-2014-5337/stunnel-5.01-1.fc19
4
https://admin.fedoraproject.org/updates/FEDORA-2014-5396/community-mysql-...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-5409/mariadb-5.5.37-1...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-5375/ansible-1.5.5-1....
3
https://admin.fedoraproject.org/updates/FEDORA-2014-5414/bugzilla-4.2.9-1...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-5511/ndjbdns-1.06-1.fc19
1
https://admin.fedoraproject.org/updates/FEDORA-2014-5487/python-pillow-2....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-5551/zabbix-2.0.11-3....
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
128
https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmark...
54
https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2....
9
https://admin.fedoraproject.org/updates/FEDORA-2014-5031/elfutils-0.158-3...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-5073/iscsi-initiator-...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-5117/audit-2.3.6-1.fc19
8
https://admin.fedoraproject.org/updates/FEDORA-2014-4384/cups-1.6.4-5.fc19
7
https://admin.fedoraproject.org/updates/FEDORA-2014-5223/bash-4.2.47-1.fc19
7
https://admin.fedoraproject.org/updates/FEDORA-2014-5213/xdg-utils-1.1.0-...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-5233/kernel-3.13.10-1...
5
https://admin.fedoraproject.org/updates/FEDORA-2014-5341/libjpeg-turbo-1....
2
https://admin.fedoraproject.org/updates/FEDORA-2014-5448/ibus-1.5.6-3.fc19
The following builds have been pushed to Fedora 19 updates-testing
ahkab-0.09-3.fc19
babeltrace-1.2.1-1.fc19
cqrlog-1.7.4-1.fc19
ghc-reflection-1.4-1.fc19
ibus-qt-1.3.3-1.fc19
lttv-1.5-5.fc19
perl-Type-Tiny-0.042-1.fc19
pgtoolkit-1.0.1-2.fc19
python-halite-0.1.16-1.fc19
python-six-1.5.2-1.fc19
python3-iep-3.4-2.fc19
qpid-dispatch-0.2-2.fc19
spring-96.0-2.fc19
unetbootin-603-1.fc19
zabbix-2.0.11-3.fc19
Details about builds:
================================================================================
ahkab-0.09-3.fc19 (FEDORA-2014-5524)
A SPICE-like electronic circuit simulator written in Python
--------------------------------------------------------------------------------
Update Information:
A SPICE-like electronic circuit simulator.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1089017 - ahkab - A SPICE-like electronic circuit simulator
https://bugzilla.redhat.com/show_bug.cgi?id=1089017
--------------------------------------------------------------------------------
================================================================================
babeltrace-1.2.1-1.fc19 (FEDORA-2014-5535)
Trace Viewer and Converter, mainly for the Common Trace Format
--------------------------------------------------------------------------------
Update Information:
New upstream release of babeltrace
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Yannick Brosseau <yannick.brosseau(a)gmail.com> - 1.2.1-1
- New upstream release
* Sat Mar 1 2014 Suchakra Sharma <suchakra(a)fedoraproject.org> - 1.2.0-1
- New upstream release
- Popt patch for babeltrace.pc.in removed. Its fixed in Fedora now
- Add new file (babeltrace-ctf.pc)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
cqrlog-1.7.4-1.fc19 (FEDORA-2014-5537)
An amateur radio contact logging program
--------------------------------------------------------------------------------
Update Information:
New version of CQRLOG is now available fixing several bugs and providing several
enhancements.
* F keys to CW type window added
* address to RBN server can be changed in Preferences
* full date (not only year,month) is supported in membership files
* Close the "Status of log upload" window after successful upload added
* moved to new LoTW url and updated upload routines
* band button description is editable (Preferences -> TRX control -> Change default
frequencies)
* 6W/MM0NDX was marked as unknown country instead of Senegal - fixed
* after View QSO and CTRL+F2 fields was still read-only - fixed
* QSL information was added to Commend to QSO even if it already exists
* '+' character is now allowed in any field in New QSO window
* log could not recover from a wrong upload of updated QSO - fixed
* '+' as hotkey to add to bandmap function removed, use CTRL+A instead
* any result from ClubLog with 'Skipping QSO' won't stop uploading of the log
* "When TRX control is not active, use frequency and mode from NewQSO window"
option to Preferences->Band map added
* CTRL+N hotkey to QSO list window added (do NOT send QSL)
* TRX control window was not sizeable - fixed
* when ESC was pressed twice in Remote mode, log crashed - fixed
* program crashed when freq was entered with comma as decimal separator - fixed
* broken grid square statistic fixed
* online QSO upload to HamQTH, ClubLog and HRDLog added
* improved QSL managers import, should be faster a bit
* "Long Path" button to Rotor Control added (Darek, SP2MKI)
* COMMENT field is exported to eQSL server
* Always overwrite info from previous QSO with callbook data option added
* help updated
* country files updated
* membership files updated
* layout improved (mostly new QSO window)
* LoTW QSL RCVD was not imported when ADIF didn't include LOTW_QSLRDATE value -
fixed
* CONTESTIA mode was saved as CONSTESTI (increased max length of mode to 10 characters) -
fixed
* ReverseBeacon support in Gray line didn't work - fixed
* after click to OK button in Preferences, bandmap stopped deleting old spots - fixed
* bandmap was not updated when any spot was not added - fixed
* station was added to bandmap when offline mode was activated - fixed
* big square statistics didn't work in newer versions of distributions - fixed
* QSO JT65* mode were not confirmed by eQSL - fixed
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 20 2014 Eric "Sparks" Christensen <sparks(a)fedoraproject.org> -
1.7.4-1
- F keys to CW type window added
- address to RBN server can be changed in Preferences
- full date (not only year,month) is supported in membership files
- Close the "Status of log upload" window after successful upload added
- moved to new LoTW url and updated upload routines
- band button description is editable (Preferences -> TRX control -> Change default
frequencies)
- 6W/MM0NDX was marked as unknown country instead of Senegal - fixed
- after View QSO and CTRL+F2 fields was still read-only - fixed
- QSL information was added to Commend to QSO even if it already exists
- '+' character is now allowed in any field in New QSO window
- log could not recover from a wrong upload of updated QSO - fixed
- '+' as hotkey to add to bandmap function removed, use CTRL+A instead
- any result from ClubLog with 'Skipping QSO' won't stop uploading of the log
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1090238 - Version 1.7.4 available
https://bugzilla.redhat.com/show_bug.cgi?id=1090238
--------------------------------------------------------------------------------
================================================================================
ghc-reflection-1.4-1.fc19 (FEDORA-2014-5527)
Reifies arbitrary terms into types that can be reflected back into terms
--------------------------------------------------------------------------------
Update Information:
Reifies arbitrary terms into types that can be reflected back into terms
-
http://hackage.haskell.org/package/reflection
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1076737 - Review Request: ghc-reflection - Reifies arbitrary terms into types
that can be reflected back into terms
https://bugzilla.redhat.com/show_bug.cgi?id=1076737
--------------------------------------------------------------------------------
================================================================================
ibus-qt-1.3.3-1.fc19 (FEDORA-2014-5552)
Qt IBus library and Qt input method plugin
--------------------------------------------------------------------------------
Update Information:
This update enables surrounding text feature in QT.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 22 2014 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.3.3-1
- Updated to 1.3.3.
* Fri Feb 14 2014 David Tardon <dtardon(a)redhat.com> - 1.3.2-6
- rebuild for new ICU
* Thu Aug 8 2013 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.3.2-5
- Fixed installed but unpackaged files with rpm-build 4.11.1 and %doc.
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul 29 2013 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.3.2-3
- Fixed misc issues.
--------------------------------------------------------------------------------
================================================================================
lttv-1.5-5.fc19 (FEDORA-2014-5535)
Linux Trace Toolkit Viewer
--------------------------------------------------------------------------------
Update Information:
New upstream release of babeltrace
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 23 2014 Yannick Brosseau <yannick.brosseau(a)gmail.com> - 1.5-5
- Rebuild with newer libbabeltrace
--------------------------------------------------------------------------------
================================================================================
perl-Type-Tiny-0.042-1.fc19 (FEDORA-2014-5518)
Tiny, yet Moo(se)-compatible type constraint
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2014 Ralf Corsépius <corsepiu(a)fedoraproject.org> 0.042-1
- Upstream update.
- Split out perl(Test::TypeTiny) to avoid deps on perl(Test::*).
--------------------------------------------------------------------------------
================================================================================
pgtoolkit-1.0.1-2.fc19 (FEDORA-2014-5545)
Tools for PostgreSQL maintenance
--------------------------------------------------------------------------------
Update Information:
Resolving dependency issues.
Update pgtoolkit to 1.0.1.
--------------------------------------------------------------------------------
================================================================================
python-halite-0.1.16-1.fc19 (FEDORA-2014-5526)
SaltStack Web UI
--------------------------------------------------------------------------------
Update Information:
Updated to version 0.1.16.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 22 2014 Erik Johnson <erik(a)saltstack.com> - 0.1.16-1
- Updated to version 0.1.16.
--------------------------------------------------------------------------------
================================================================================
python-six-1.5.2-1.fc19 (FEDORA-2014-5512)
Python 2 and 3 compatibility utilities
--------------------------------------------------------------------------------
Update Information:
- Latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 7 2014 Matthias Runge <mrunge(a)redhat.com> - 1.5.2-1
- upgrade to 1.5.2 (rhbz#1048819)
* Mon Sep 16 2013 Bohuslav Kabrda <bkabrda(a)redhat.com> - 1.4.1-1
- 1.4.1
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python3-iep-3.4-2.fc19 (FEDORA-2014-5553)
The interactive editor for Python
--------------------------------------------------------------------------------
Update Information:
Initial import
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1084654 - Review Request: python3-iep - The interactive editor for Python
https://bugzilla.redhat.com/show_bug.cgi?id=1084654
--------------------------------------------------------------------------------
================================================================================
qpid-dispatch-0.2-2.fc19 (FEDORA-2014-5547)
Dispatch router for Qpid
--------------------------------------------------------------------------------
Update Information:
Fixed merging problems across Fedora and EPEL releases.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 22 2014 Darryl L. Pierce <dpierce(a)redhat.com> - 0.2-2
- Fixed merging problems across Fedora and EPEL releases.
* Tue Apr 22 2014 Darryl L. Pierce <dpierce(a)redhat.com> - 0.2-1
- Rebased on Qpid Dispatch 0.2.
--------------------------------------------------------------------------------
================================================================================
spring-96.0-2.fc19 (FEDORA-2014-5542)
Multiplayer, 3D realtime strategy combat game
--------------------------------------------------------------------------------
Update Information:
- Version 96.0, major spring/springlobby upstream release.
- pr-downloader finally enabled and finally builds under mock; patches and libcurl
added.
- spring no longer requires springlobby and spring-maps-default as it creates a circular
dependency.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 5 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 96.0-2
- pr-downloader finally builds under mock; patches and libcurl added.
- spring no longer requires springlobby and spring-maps-default as it creates a circular
dependency.
* Mon Jan 13 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 96.0-1
- Version 96.0, major spring/springlobby upstream release.
- pr-downloader finally enabled.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1055230 - spring and spring lobby versions are outdated
https://bugzilla.redhat.com/show_bug.cgi?id=1055230
[ 2 ] Bug #1079581 - [abrt] spring: __pthread_cond_destroy(): spring killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1079581
--------------------------------------------------------------------------------
================================================================================
unetbootin-603-1.fc19 (FEDORA-2014-5557)
Create bootable Live USB drives for a variety of Linux distributions
--------------------------------------------------------------------------------
Update Information:
Update to version 603. Change naming to reflect upstream versioning scheme.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 22 2014 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 603-1
- Change naming to reflect upstream versioning scheme.
- Update to 603.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1090033 - unetbootin-603 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1090033
--------------------------------------------------------------------------------
================================================================================
zabbix-2.0.11-3.fc19 (FEDORA-2014-5551)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
The logrotate configuration had no su statement in 2.0.11-2. Furthermore, the log file
should have been created as zabbixsrv:zabbix for the proxy and server, what they are
now.
http://www.zabbix.com/rn2.0.11.php
Also solves 3 security issues:
* [ZBX-7703] fixed being able to switch users without proper credentials
when using HTTP authentication; reference CVE-2014-1682
* [ZBX-6721] fixed LDAP authentication; reference CVE-2013-5572
* [ZBX-7693] fixed admin user being able to update media for other users;
reference CVE-2014-1685
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 22 2014 Volker Fröhlich <volker27(a)gmx.at> - 2.0.11-3
- Don't remove su directive from logrotate config in error
- Adapt logrotate.in file and sed invocation from 2.2 packages
* Sun Feb 16 2014 Volker Fröhlich <volker27(a)gmx.at> - 2.0.11-2
- Remove if clauses for Fedora/RHEL as they are obsolete in EL 7
- Use systemd scriplet macros (BZ#850378)
- Remove init scripts
* Wed Feb 12 2014 Volker Fröhlich <volker27(a)gmx.at> - 2.0.11-1
- New upstream release
- Truncate changelog
* Sun Dec 15 2013 Volker Fröhlich <volker27(a)gmx.at> - 2.0.10-2
- The start function of the proxy init script had a typo causing failure
- Improved the section on running multiple instances in the README
* Fri Dec 13 2013 Volker Fröhlich <volker27(a)gmx.at> - 2.0.10-1
- New upstream release
- Drop obsolete patch ZBX-7479
- Improve init scripts to not kill other instances (BZ#1018293)
- General overhaul of init scripts and documentation in README
- Harmonize scriptlet if-clause style
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1013963 - CVE-2013-5572 zabbix: password leakage
https://bugzilla.redhat.com/show_bug.cgi?id=1013963
[ 2 ] Bug #1061563 - CVE-2014-1682 zabbix: API issue allows users to impersonate other
users
https://bugzilla.redhat.com/show_bug.cgi?id=1061563
--------------------------------------------------------------------------------