Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat Nov 1 17:18:15 UTC 2014
The following Fedora 19 Security updates need testing:
Age URL
371 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
183 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
134 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19
132 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19
77 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3.fc19
52 https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-8.20140822git.fc19
51 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19
36 https://admin.fedoraproject.org/updates/FEDORA-2014-11544/drupal6-6.33-1.fc19
29 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19
22 https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.9.0-2.20141007git6a28c29b.fc19
15 https://admin.fedoraproject.org/updates/FEDORA-2014-13044/thunderbird-31.2.0-1.fc19
15 https://admin.fedoraproject.org/updates/FEDORA-2014-12994/firefox-33.0-1.fc19
15 https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2.fc19
15 https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19
10 https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0.4-4.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-13570/php-Smarty-3.1.21-1.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-13794/subscription-manager-1.13.6-1.fc19,python-rhsm-1.13.6-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-13778/hostapd-2.0-5.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-13764/Pound-2.6-8.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-13753/seamonkey-2.30-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-14089/wget-1.16-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-13702/konversation-1.5-7.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-14066/php-sabredav-Sabre_VObject-2.1.4-1.fc19,php-sabredav-Sabre_HTTP-1.7.11-1.fc19,php-sabredav-Sabre_CalDAV-1.7.9-1.fc19,php-sabredav-Sabre_DAVACL-1.7.9-1.fc19,php-sabredav-Sabre_CardDAV-1.7.9-2.fc19,php-sabredav-Sabre_DAV-1.7.13-1.fc19,owncloud-5.0.17-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-14068/kernel-3.14.23-100.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-14043/php-ZendFramework2-2.2.8-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-14059/mokutil-0.2.0-1.fc19,shim-signed-0.8-2
0 https://admin.fedoraproject.org/updates/FEDORA-2014-14005/fedup-0.9.0-1.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
319 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
245 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-13362/perl-Encode-2.54-3.fc19
10 https://admin.fedoraproject.org/updates/FEDORA-2014-13451/webkitgtk3-2.0.4-4.fc19
10 https://admin.fedoraproject.org/updates/FEDORA-2014-13434/curl-7.29.0-24.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-13549/xulrunner-33.0-2.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-13880/device-mapper-persistent-data-0.4.1-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-14068/kernel-3.14.23-100.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-14047/qtwebkit-2.3.4-1.fc19
The following builds have been pushed to Fedora 19 updates-testing
dyninst-8.2.1-1.fc19
golang-github-russross-blackfriday-1.2-2.fc19
nodejs-seq-0.3.5-3.fc19
pdns-recursor-3.6.2-1.fc19
php-ZendFramework2-2.2.8-2.fc19
wget-1.16-1.fc19
Details about builds:
================================================================================
dyninst-8.2.1-1.fc19 (FEDORA-2014-14115)
An API for Run-time Code Generation
--------------------------------------------------------------------------------
Update Information:
Update to point release 8.2.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Josh Stone <jistone at redhat.com> - 8.2.1-1
- Update to point release 8.2.1.
--------------------------------------------------------------------------------
================================================================================
golang-github-russross-blackfriday-1.2-2.fc19 (FEDORA-2014-14131)
Markdown processor implemented in Go
--------------------------------------------------------------------------------
Update Information:
runtime requires go.net/html
--------------------------------------------------------------------------------
================================================================================
nodejs-seq-0.3.5-3.fc19 (FEDORA-2014-14137)
An asynchronous flow control library
--------------------------------------------------------------------------------
Update Information:
Initial package. Fix chainsaw module dependency version
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1142050 - Review Request: nodejs-seq - An asynchronous flow control library
https://bugzilla.redhat.com/show_bug.cgi?id=1142050
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-3.6.2-1.fc19 (FEDORA-2014-14101)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
- Update to 3.6.2
- Enable security status polling
Version 3.6.2 is a bugfix update to 3.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Morten Stevens <mstevens at imt-systems.com> - 3.6.2-1
- Update to 3.6.2
- Enable security status polling
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework2-2.2.8-2.fc19 (FEDORA-2014-14043)
Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
# Security Fixes
- **ZF2014-05**: Due to an issue that existed in PHP's LDAP extension, it is possible to perform an unauthenticated simple bind against a LDAP server by using a null byte for the password, regardless of whether or not the user normally requires a password. We have provided a patch in order to protect users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all versions of PHP 5.3 and below). If you use Zend\Ldap and are on an affected version of PHP, we recommend upgrading immediately.
- **ZF2014-06**: A potential SQL injection vector existed when using a SQL Server adapter to manually quote values due to the fact that it was not escaping null bytes. Code was added to ensure null bytes are escaped, and thus mitigate the SQLi vector. We do not recommend manually quoting values, but if you do, and use the SQL Server adapter without PDO, we recommend upgrading immediately.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.2.8-2
- Removed invalid zend-resources require from Validation component
* Tue Oct 28 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.2.8-1
- Updated to 2.2.8
- BZ #1151276 / CVE-2014-8088 / ZF2014-05
- BZ #1151277 / CVE-2014-8089 / ZF2014-06
- BZ #1151278 (fedora)
- BZ #1151280 (epel6)
- Added composer virtual provides and requires
- APC optional for ProgressBar component
- Added tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05)
https://bugzilla.redhat.com/show_bug.cgi?id=1151276
[ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06)
https://bugzilla.redhat.com/show_bug.cgi?id=1151277
--------------------------------------------------------------------------------
================================================================================
wget-1.16-1.fc19 (FEDORA-2014-14089)
A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:
security update
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2014 Tomas Hozza <thozza at redhat.com> - 1.16-1
- update to 1.16
- fixes CVE-2014-4877
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access
https://bugzilla.redhat.com/show_bug.cgi?id=1139181
--------------------------------------------------------------------------------
More information about the test
mailing list