The following Fedora 19 Security updates need testing: Age URL 390 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 203 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 154 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 70 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19 48 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19 34 https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2.fc19 34 https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19 24 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-14266/python-2.7.5-15.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-14237/claws-mail-plugins-3.11.1-1.fc19,claws-mail-3.11.1-2.fc19,libetpan-1.6-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-14359/curl-7.29.0-25.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.10.0-2.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-15079/mantis-1.2.17-4.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-14874/arm-none-eabi-binutils-cs-2014.05.28-3.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-14838/avr-binutils-2.24-3.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-15124/kwebkitpart-1.3.4-5.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-15202/kernel-3.14.24-100.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15248/kde-runtime-4.11.5-3.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15307/python-django14-1.4.16-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15373/lsyncd-2.1.4-4.fc19.1 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15378/rubygem-actionpack-3.2.13-7.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15390/nodejs-0.10.33-1.fc19,libuv-0.10.29-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15405/wget-1.16-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15466/rubygem-sprockets-2.8.2-4.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15477/python-eyed3-0.7.4-4.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15461/xen-4.2.5-4.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15463/clamav-0.98.5-1.fc19
The following Fedora 19 Critical Path updates have yet to be approved: Age URL 338 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 265 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-14359/curl-7.29.0-25.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-14516/pcre-8.32-11.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-14505/unzip-6.0-12.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-14807/device-mapper-persistent-data-0.4.1-2.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-14846/pciutils-3.3.0-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-15032/man-db-2.6.3-9.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-15027/evolution-data-server-3.8.5-7.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-15202/kernel-3.14.24-100.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15392/kde-workspace-4.11.14-2.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15377/gvfs-1.16.4-3.fc19 The following builds have been pushed to Fedora 19 updates-testing clamav-0.98.5-1.fc19 glusterfs-3.5.3-1.fc19 gtk-gnutella-1.1.1-1.fc19 myproxy-6.1.6-1.fc19 php-EasyRdf-0.8.0-5.fc19 php-solarium-3.3.0-1.fc19 python-eyed3-0.7.4-4.fc19 python-pyroute2-0.3.2-1.fc19 qpid-dispatch-0.2-8.fc19 rubygem-sprockets-2.8.2-4.fc19 xen-4.2.5-4.fc19 Details about builds: ================================================================================ clamav-0.98.5-1.fc19 (FEDORA-2014-15463) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information: ClamAV 0.98.5 ============= ClamAV 0.98.5 also includes these new features and bug fixes: * Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. Andreas Cadhalpun submitted the patch implementing this support. * Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. * Resolution of many of the warning messages from ClamAV compilation. * Improved detection of malicious PE files. * Security fix for ClamAV crash when using 'clamscan -a'. This issue was identified by Kurt Siefried of Red Hat. * Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files. This issue, as well as several other bugs fixed in this release, were identified by Damien Millescamp of Oppida. * ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode. Thanks to Reinhard Max for supplying the patch. * Bug fixes and other feature enhancements. Please see the ChangeLog file or GIT log for further details. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Robert Scheck <rob...@fedoraproject.org> - 0.98.5-1 - Upgrade to 0.98.5 and updated daily.cvd (#1138101) * Sat Aug 16 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.98.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1138101 - CVE-2013-6497 ClamAV: -a segmentation fault when processing files https://bugzilla.redhat.com/show_bug.cgi?id=1138101 -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.5.3-1.fc19 (FEDORA-2014-15460) Cluster File System -------------------------------------------------------------------------------- Update Information: Bug fix update for GlusterFS 3.5 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Lalatendu Mohanty <lmoha...@redhat.com> - Changes to remove regression-tests RPM from Fedora * Thu Nov 13 2014 Lalatendu Mohanty <lmohanty[at]redhat.com> - glusterfs-3.5.3 GA release * Tue Nov 4 2014 Lalatendu Mohanty <lmohanty[at]redhat.com> - glusterfs-3.5.3beta2 release * Mon Oct 6 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - glusterfs-3.5.3beta1 release * Wed Oct 1 2014 Humble Chirammal <hchir...@redhat.com> - glusterfs-3.6.0beta3 release * Thu Sep 25 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - add psmisc for -server - add smarter logic to restart glusterd in %post server * Thu Sep 25 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - glusterfs-3.6.0beta2.tar.gz * Wed Sep 24 2014 Balamurugan Arumugam <barum...@redhat.com> - remove /sbin/ldconfig as interpreter (#1145992) * Mon Sep 22 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - More make fedora master glusterfs spec compatible with upstream GlusterFS 3.6 spec * Mon Sep 22 2014 Humble Chirammal <hchir...@redhat.com> - Make fedora master glusterfs spec compatible with upstream GlusterFS 3.6 spec * Fri Sep 5 2014 Lalatendu Mohanty <lmoha...@redhat.com> - Changed the description as "GlusterFS a distributed filesystem" * Sat Aug 16 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 3.5.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Aug 5 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - use upstream logrotate files exclusively (#1126788) -------------------------------------------------------------------------------- ================================================================================ gtk-gnutella-1.1.1-1.fc19 (FEDORA-2014-15459) GUI based Gnutella Client -------------------------------------------------------------------------------- Update Information: Upgrade to 1.1.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Dmitry Butskoy <dmi...@butskoy.name> - 1.1.1-1 - Upgrade to 1.1.1 -------------------------------------------------------------------------------- ================================================================================ myproxy-6.1.6-1.fc19 (FEDORA-2014-15488) Manage X.509 Public Key Infrastructure (PKI) security credentials -------------------------------------------------------------------------------- Update Information: MyProxy 6.1.6 * Allow TLS (no longer force SSLv3) * VOMS support now in a separate package (myproxy-voms) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Mattias Ellert <mattias.ell...@fysast.uu.se> - 6.1.6-1 - Update to 6.1.6 - Drop patch myproxy-deps.patch (fixed upstream) - Upstream source moved from sourceforge to the Globus Toolkit github repo - Use source tarball published by Globus - Use upstream's init scripts and systemd unit files - New binary package myproxy-voms (voms support split out as a plugin) -------------------------------------------------------------------------------- ================================================================================ php-EasyRdf-0.8.0-5.fc19 (FEDORA-2014-15474) A PHP library designed to make it easy to consume and produce RDF -------------------------------------------------------------------------------- Update Information: RPM-only release * php-redland is now an optional dependency * Added php-composer(easyrdf/easyrdf) virtual provide -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 0.8.0-5 - Modified raptor and redland logic * Fri Nov 14 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 0.8.0-4 - No raptor or redland for el7 * Thu Nov 13 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 0.8.0-3 - Added php-composer(easyrdf/easyrdf) virtual provide - Added option to build without tests ("--without tests") - Reduce PHP min version from 5.3.3 to 5.2.8 (per composer.json) - %license usage * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ php-solarium-3.3.0-1.fc19 (FEDORA-2014-15462) Solarium PHP Solr client library -------------------------------------------------------------------------------- Update Information: See https://github.com/basdenooijer/solarium/issues/294 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Remi Collet <r...@fedoraproject.org> - 3.3.0-1 - update to 3.3.0 - provide php-composer(solarium/solarium) - fix license handling - don't run test suite with php 5.3 (EL-6) -------------------------------------------------------------------------------- ================================================================================ python-eyed3-0.7.4-4.fc19 (FEDORA-2014-15477) Python audio data toolkit (ID3 and MP3) -------------------------------------------------------------------------------- Update Information: - Fixed CVE-2014-1934. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Mr Niranjan <mrniran...@fedoraproject.org> - 0.7.4-4 - Fixed CVE-2014-1934, patch from Travis Shirk. * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.7.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Jan 10 2014 Christopher Meng <r...@cicku.me> - 0.7.4-2 - Dependencies cleanup. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063671 - CVE-2014-1934 python-eyed3: insecure temporary file creation https://bugzilla.redhat.com/show_bug.cgi?id=1063671 -------------------------------------------------------------------------------- ================================================================================ python-pyroute2-0.3.2-1.fc19 (FEDORA-2014-15468) Pure Python netlink library -------------------------------------------------------------------------------- Update Information: Update to 0.3.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Peter V. Saveliev <pe...@svinota.eu> 0.3.2-1 - Update to 0.3.2 * Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.2.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Mar 18 2014 Jiri Pirko <jpi...@redhat.com> - 0.2.7-1 - Update to 0.2.7 -------------------------------------------------------------------------------- ================================================================================ qpid-dispatch-0.2-8.fc19 (FEDORA-2014-15491) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information: DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Darryl L. Pierce <dpie...@redhat.com> - 0.2-8 - DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. - Include systemd service file for EPEL7 packages. - Brought systemd support up to current Fedora packaging guidelines. - Resolves: BZ#1165691 - Resolves: BZ#1165681 * Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 0.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165691 - Man page for qdstat.conf is missing https://bugzilla.redhat.com/show_bug.cgi?id=1165691 [ 2 ] Bug #1165681 - RPMs do not provide a systemd service unit file https://bugzilla.redhat.com/show_bug.cgi?id=1165681 -------------------------------------------------------------------------------- ================================================================================ rubygem-sprockets-2.8.2-4.fc19 (FEDORA-2014-15466) Rack-based asset packaging system -------------------------------------------------------------------------------- Update Information: Contains fix for CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Josef Stribny <jstri...@redhat.com> - 2.8.2-4 - Fix CVE-2014-7819 (rhbz#1164331) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161527 - CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1161527 -------------------------------------------------------------------------------- ================================================================================ xen-4.2.5-4.fc19 (FEDORA-2014-15461) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Michael Young <m.a.yo...@durham.ac.uk> - 4.2.5-4 - Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1160664 - CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109) https://bugzilla.redhat.com/show_bug.cgi?id=1160664 [ 2 ] Bug #1160643 - CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110) https://bugzilla.redhat.com/show_bug.cgi?id=1160643 [ 3 ] Bug #1078846 - CVE-2014-0150 qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function https://bugzilla.redhat.com/show_bug.cgi?id=1078846 -------------------------------------------------------------------------------- -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
