Fedora 19 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sat Nov 1 17:18:15 UTC 2014 

The following Fedora 19 Security updates need testing:
 Age  URL
 371  https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
 183  https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
 134  https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19
 132  https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19
  77  https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3.fc19
  52  https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-8.20140822git.fc19
  51  https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19
  36  https://admin.fedoraproject.org/updates/FEDORA-2014-11544/drupal6-6.33-1.fc19
  29  https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19
  22  https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.9.0-2.20141007git6a28c29b.fc19
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-13044/thunderbird-31.2.0-1.fc19
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-12994/firefox-33.0-1.fc19
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2.fc19
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0.4-4.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-13570/php-Smarty-3.1.21-1.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-13794/subscription-manager-1.13.6-1.fc19,python-rhsm-1.13.6-1.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-13778/hostapd-2.0-5.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-13764/Pound-2.6-8.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-13753/seamonkey-2.30-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-14089/wget-1.16-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-13702/konversation-1.5-7.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-14066/php-sabredav-Sabre_VObject-2.1.4-1.fc19,php-sabredav-Sabre_HTTP-1.7.11-1.fc19,php-sabredav-Sabre_CalDAV-1.7.9-1.fc19,php-sabredav-Sabre_DAVACL-1.7.9-1.fc19,php-sabredav-Sabre_CardDAV-1.7.9-2.fc19,php-sabredav-Sabre_DAV-1.7.13-1.fc19,owncloud-5.0.17-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-14068/kernel-3.14.23-100.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-14043/php-ZendFramework2-2.2.8-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-14059/mokutil-0.2.0-1.fc19,shim-signed-0.8-2
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-14005/fedup-0.9.0-1.fc19


The following Fedora 19 Critical Path updates have yet to be approved:
 Age URL
 319  https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
 245  https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-13362/perl-Encode-2.54-3.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0.4-4.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-13434/curl-7.29.0-24.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-13549/xulrunner-33.0-2.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-13880/device-mapper-persistent-data-0.4.1-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-14068/kernel-3.14.23-100.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-14047/qtwebkit-2.3.4-1.fc19


The following builds have been pushed to Fedora 19 updates-testing

    dyninst-8.2.1-1.fc19
    golang-github-russross-blackfriday-1.2-2.fc19
    nodejs-seq-0.3.5-3.fc19
    pdns-recursor-3.6.2-1.fc19
    php-ZendFramework2-2.2.8-2.fc19
    wget-1.16-1.fc19

Details about builds:


================================================================================
 dyninst-8.2.1-1.fc19 (FEDORA-2014-14115)
 An API for Run-time Code Generation
--------------------------------------------------------------------------------
Update Information:

Update to point release 8.2.1.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Josh Stone <jistone at redhat.com> - 8.2.1-1
- Update to point release 8.2.1.
--------------------------------------------------------------------------------


================================================================================
 golang-github-russross-blackfriday-1.2-2.fc19 (FEDORA-2014-14131)
 Markdown processor implemented in Go
--------------------------------------------------------------------------------
Update Information:

runtime requires go.net/html
--------------------------------------------------------------------------------


================================================================================
 nodejs-seq-0.3.5-3.fc19 (FEDORA-2014-14137)
 An asynchronous flow control library
--------------------------------------------------------------------------------
Update Information:

Initial package. Fix chainsaw module dependency version
Initial package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1142050 - Review Request: nodejs-seq - An asynchronous flow control library
        https://bugzilla.redhat.com/show_bug.cgi?id=1142050
--------------------------------------------------------------------------------


================================================================================
 pdns-recursor-3.6.2-1.fc19 (FEDORA-2014-14101)
 Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:

- Update to 3.6.2
- Enable security status polling

Version 3.6.2 is a bugfix update to 3.6.1.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Morten Stevens <mstevens at imt-systems.com> - 3.6.2-1
- Update to 3.6.2
- Enable security status polling
--------------------------------------------------------------------------------


================================================================================
 php-ZendFramework2-2.2.8-2.fc19 (FEDORA-2014-14043)
 Zend Framework 2
--------------------------------------------------------------------------------
Update Information:

# Security Fixes

- **ZF2014-05**: Due to an issue that existed in PHP's LDAP extension, it is possible to perform an unauthenticated simple bind against a LDAP server by using a null byte for the password, regardless of whether or not the user normally requires a password. We have provided a patch in order to protect users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all versions of PHP 5.3 and below). If you use Zend\Ldap and are on an affected version of PHP, we recommend upgrading immediately.
- **ZF2014-06**: A potential SQL injection vector existed when using a SQL Server adapter to manually quote values due to the fact that it was not escaping null bytes. Code was added to ensure null bytes are escaped, and thus mitigate the SQLi vector. We do not recommend manually quoting values, but if you do, and use the SQL Server adapter without PDO, we recommend upgrading immediately.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.2.8-2
- Removed invalid zend-resources require from Validation component
* Tue Oct 28 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.2.8-1
- Updated to 2.2.8
- BZ #1151276 / CVE-2014-8088 / ZF2014-05
- BZ #1151277 / CVE-2014-8089 / ZF2014-06
- BZ #1151278 (fedora)
- BZ #1151280 (epel6)
- Added composer virtual provides and requires
- APC optional for ProgressBar component
- Added tests
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05)
        https://bugzilla.redhat.com/show_bug.cgi?id=1151276
  [ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06)
        https://bugzilla.redhat.com/show_bug.cgi?id=1151277
--------------------------------------------------------------------------------


================================================================================
 wget-1.16-1.fc19 (FEDORA-2014-14089)
 A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:

security update
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 31 2014 Tomas Hozza <thozza at redhat.com> - 1.16-1
- update to 1.16
- fixes CVE-2014-4877
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access
        https://bugzilla.redhat.com/show_bug.cgi?id=1139181
--------------------------------------------------------------------------------

More information about the test mailing list