The following Fedora 19 Security updates need testing:
Age URL
145
https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glanc...
82
https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1...
63
https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5....
36
https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-s...
33
https://admin.fedoraproject.org/updates/FEDORA-2014-2439/maradns-2.0.09-1...
28
https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2....
26
https://admin.fedoraproject.org/updates/FEDORA-2014-2825/postgresql-9.2.7...
11
https://admin.fedoraproject.org/updates/FEDORA-2014-3589/file-5.11-13.fc19
7
https://admin.fedoraproject.org/updates/FEDORA-2014-3771/cups-filters-1.0...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-3782/jansson-2.6-1.fc19
6
https://admin.fedoraproject.org/updates/FEDORA-2014-3812/springframework-...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-3791/libmodplug-0.8.8...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-3815/samba-4.0.16-1.fc19
4
https://admin.fedoraproject.org/updates/FEDORA-2014-3947/lighttpd-1.4.35-...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-3891/perltidy-2013092...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-3839/udisks-1.0.4-12....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4081/v8-3.14.5.10-7.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
93
https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmark...
19
https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2....
13
https://admin.fedoraproject.org/updates/FEDORA-2014-3450/bind-9.9.3-15.P2...
11
https://admin.fedoraproject.org/updates/FEDORA-2014-3605/abrt-2.2.0-1.fc1...
11
https://admin.fedoraproject.org/updates/FEDORA-2014-3619/ibus-1.5.6-1.fc19
9
https://admin.fedoraproject.org/updates/FEDORA-2014-3340/gdisk-0.8.10-2.fc19
6
https://admin.fedoraproject.org/updates/FEDORA-2014-3815/samba-4.0.16-1.fc19
4
https://admin.fedoraproject.org/updates/FEDORA-2014-3855/procps-ng-3.3.8-...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-3840/libosinfo-0.2.9-...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-3970/kde-workspace-4....
1
https://admin.fedoraproject.org/updates/FEDORA-2014-3996/lcms2-2.6-1.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4090/thunderbird-24.4...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4071/nspr-4.10.4-1.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4059/fftw-3.3.4-1.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4058/audit-2.3.5-1.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4079/linux-firmware-2...
The following builds have been pushed to Fedora 19 updates-testing
SDL2-2.0.3-1.fc19
bodhi-0.9.9-1.fc19
fedora-packager-0.5.10.3-1.fc19
firefox-28.0-2.fc19
glyphicons-halflings-fonts-3.1.0-2.20140211git728067b.fc19
lv2-artyfx-plugins-1.1-0.1.20140317git1dc4f00.fc19
nginx-1.4.7-1.fc19
nodejs-async-0.2.10-1.fc19
openscap-1.0.6-1.fc19
python-html5lib-0.999-2.fc19
thunderbird-24.4.0-1.fc19
v8-3.14.5.10-7.fc19
wdiff-1.2.1-2.fc19
Details about builds:
================================================================================
SDL2-2.0.3-1.fc19 (FEDORA-2014-4094)
A cross-platform multimedia library
--------------------------------------------------------------------------------
Update Information:
2.0.3 upstream release
2.0.2 upstream release; enable wayland backend
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 19 2014 Igor Gnatenko <i.gnatenko.brain(a)gmail.com> - 2.0.3-1
- 2.0.3 upstream release
* Sat Mar 8 2014 Igor Gnatenko <i.gnatenko.brain(a)gmail.com> - 2.0.2-1
- 2.0.2 upstream release
- Enable wayland backend
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1077635 - SDL2-2.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1077635
--------------------------------------------------------------------------------
================================================================================
bodhi-0.9.9-1.fc19 (FEDORA-2014-4082)
A modular framework that facilitates publishing software updates
--------------------------------------------------------------------------------
Update Information:
**Summary of major changes**
* Reset the karma to 0 when new builds are added to an existing update (Mathieu Bridon)
https://fedorahosted.org/fesco/ticket/1238
https://fedorahosted.org/bodhi/ticket/388
* Disable karma automatism upon AutoQA test failures (Luke Macken)
https://fedorahosted.org/fesco/ticket/1242
https://github.com/fedora-infra/bodhi/issues/36
* Do not trigger the stablekarma threshold if the update is being pushed (Luke Macken)
https://fedorahosted.org/bodhi/ticket/649
* Prefix the updateinfo file with its hash in the repo metadata (Mathieu Bridon)
https://github.com/fedora-infra/bodhi/pull/35
* Fixed a bug in querying the RPM changelogs, which are used in the update announcement
(Mathieu Bridon)
https://github.com/fedora-infra/bodhi/pull/38
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Luke Macken <lmacken(a)redhat.com> - 0.9.9-1
- Update to 0.9.9
* Wed Feb 19 2014 Luke Macken <lmacken(a)redhat.com> - 0.9.8-2
- Remove the python-simplejson requirement (#1060234)
--------------------------------------------------------------------------------
================================================================================
fedora-packager-0.5.10.3-1.fc19 (FEDORA-2014-4093)
Tools for setting up a fedora maintainer environment
--------------------------------------------------------------------------------
Update Information:
Fix fedora-burn-yubikey to work properly with slot 2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 18 2014 Nick Bebout <nb(a)fedoraproject.org> - 0.5.10.3-1
- fix fedora-burn-yubikey script to work with slot 2
* Thu Dec 5 2013 Denis Gilmore <dennis(a)ausil.us> - 0.5.10.2-1
- update to 0.5.10.2
- drop sparc support
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.10.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
firefox-28.0-2.fc19 (FEDORA-2014-4090)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
New upstream version - Firefox 28.0, Thunderbird 24.4.0.
It needs a new nspr-4.10.4 package, so please give karma to those updates:
https://admin.fedoraproject.org/updates/FEDORA-2014-4071/nspr-4.10.4-1.fc19
https://admin.fedoraproject.org/updates/FEDORA-2014-4067/nspr-4.10.4-1.fc20
Thanks!
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 19 2014 Martin Stransky <stransky(a)redhat.com> - 28.0-2
- NSS version up, disable arm for now
* Tue Mar 18 2014 Martin Stransky <stransky(a)redhat.com> - 28.0-1
- Update to 28.0
* Thu Mar 6 2014 Martin Stransky <stransky(a)redhat.com> - 27.0.1-2
- Removed needless build patch
--------------------------------------------------------------------------------
================================================================================
glyphicons-halflings-fonts-3.1.0-2.20140211git728067b.fc19 (FEDORA-2014-4098)
Precisely prepared monochromatic icons and symbols
--------------------------------------------------------------------------------
Update Information:
A new iconic font designed for web applications.
--------------------------------------------------------------------------------
================================================================================
lv2-artyfx-plugins-1.1-0.1.20140317git1dc4f00.fc19 (FEDORA-2014-4101)
A collection of LV2 RT plugins
--------------------------------------------------------------------------------
Update Information:
This 1.1 release of OpenAV's ArtyFx plugins introduces three new effects. Refer to
http://openavproductions.com/artyfx/ for details on the new Satma, Kuiza and Della
plugins
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 19 2014 Brendan Jones <brendan.jones.it(a)gmail.com> 1.1-0.1.git
- 1.1 Update, new plugins
--------------------------------------------------------------------------------
================================================================================
nginx-1.4.7-1.fc19 (FEDORA-2014-4104)
A high performance web server and reverse proxy server
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.4.7. A heap memory buffer overflow was found in the
ngx_http_spdy_module, potentially resulting in arbitrary code execution, but this does not
affect nginx on Fedora/EPEL. A bug in the "fastcgi_next_upstream" directive was
also resolved with this update.
*
http://nginx.org/en/CHANGES-1.4
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 18 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1:1.4.7-1
- update to upstream release 1.4.7
--------------------------------------------------------------------------------
================================================================================
nodejs-async-0.2.10-1.fc19 (FEDORA-2014-4089)
Higher-order functions and common patterns for asynchronous code
--------------------------------------------------------------------------------
Update Information:
This update resolves an incompatibility when this module is used with IE10 via browserify
and resolves some issues with documentation and examples.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 18 2014 Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> - 0.2.10-1
- update to upstream release 0.2.10 (#1057505)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.2.9-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1057505 - [PATCH] nodejs-async-0.2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1057505
--------------------------------------------------------------------------------
================================================================================
openscap-1.0.6-1.fc19 (FEDORA-2014-4095)
Set of open source libraries enabling integration of the SCAP line of standards
--------------------------------------------------------------------------------
Update Information:
upgrade
upgrade
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 19 2014 Šimon Lukašík <slukasik(a)redhat.com> - 1.0.6-1
- upgrade
* Fri Mar 14 2014 Šimon Lukašík <slukasik(a)redhat.com> - 1.0.5-1
- upgrade
--------------------------------------------------------------------------------
================================================================================
python-html5lib-0.999-2.fc19 (FEDORA-2014-4097)
A python based HTML parser/tokenizer
--------------------------------------------------------------------------------
Update Information:
"six" module is a runtime requirement
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Dan Scott <dan(a)coffeecode.net> - 0.999-2
- "six" module is a runtime requirement
* Sat Mar 1 2014 Praveen Kumar <kumarpraveen.nitdgp(a)gmail.com> 0.999-1
- Added epoch information
* Wed Feb 26 2014 Dan Scott <dan(a)coffeecode.net> - 0.999-1
- Updated for new version
- Fixed bogus dates in changelog
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0b2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul 8 2013 Praveen Kumar <kumarpraveen.nitdgp(a)gmail.com> - 1.0b2-2
- Updated python3 support which accidently removed from previous revision.
* Mon Jul 8 2013 Praveen Kumar <kumarpraveen.nitdgp(a)gmail.com> - 1.0b2-1
- Updated new source
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075783 - python-html5lib requires six module
https://bugzilla.redhat.com/show_bug.cgi?id=1075783
--------------------------------------------------------------------------------
================================================================================
thunderbird-24.4.0-1.fc19 (FEDORA-2014-4090)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
New upstream version - Firefox 28.0, Thunderbird 24.4.0.
It needs a new nspr-4.10.4 package, so please give karma to those updates:
https://admin.fedoraproject.org/updates/FEDORA-2014-4071/nspr-4.10.4-1.fc19
https://admin.fedoraproject.org/updates/FEDORA-2014-4067/nspr-4.10.4-1.fc20
Thanks!
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 18 2014 Jan Horak <jhorak(a)redhat.com> - 24.4.0-1
- Update to 24.4.0
--------------------------------------------------------------------------------
================================================================================
v8-3.14.5.10-7.fc19 (FEDORA-2014-4081)
JavaScript Engine
--------------------------------------------------------------------------------
Update Information:
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1704 to
the following vulnerability:
URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704
Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18,
as used in Google Chrome before 33.0.1750.149, allow attackers to
cause a denial of service or possibly have other impact via unknown
vectors.
Only one vulnerability in this CVE affects v8-3.14.5.10 in Fedora. This update fixes the
vulnerability involving unsigned integer arithmetic.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 18 2014 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1:3.14.5.10-7
- backport fix for unsigned integer arithmetic (RHBZ#1077136; CVE-2014-1704)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1077136 - CVE-2014-1704 v8: multiple vulnerabilities in v8 fixed in Google
Chrome version 33.0.1750.149
https://bugzilla.redhat.com/show_bug.cgi?id=1077136
--------------------------------------------------------------------------------
================================================================================
wdiff-1.2.1-2.fc19 (FEDORA-2014-4099)
A front-end to GNU diff
--------------------------------------------------------------------------------
Update Information:
Updated to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.2.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Mar 14 2013 Praveen Kumar <kumarpraveen.nitdgp(a)gmail.com> 1.2.1-1
- New release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1077596 - mdiff crash
https://bugzilla.redhat.com/show_bug.cgi?id=1077596
--------------------------------------------------------------------------------