The following Fedora 19 Security updates need testing: Age URL 145 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2... 82 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc... 63 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1... 36 https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-ssh-... 33 https://admin.fedoraproject.org/updates/FEDORA-2014-2439/maradns-2.0.09-1.fc... 28 https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2.fc1... 26 https://admin.fedoraproject.org/updates/FEDORA-2014-2825/postgresql-9.2.7-1.... 11 https://admin.fedoraproject.org/updates/FEDORA-2014-3589/file-5.11-13.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-3771/cups-filters-1.0.41... 7 https://admin.fedoraproject.org/updates/FEDORA-2014-3782/jansson-2.6-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3812/springframework-sec... 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3791/libmodplug-0.8.8.5-... 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3815/samba-4.0.16-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3947/lighttpd-1.4.35-1.f... 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3891/perltidy-20130922-1... 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3839/udisks-1.0.4-12.fc1... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4081/v8-3.14.5.10-7.fc19
The following Fedora 19 Critical Path updates have yet to be approved: Age URL 93 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-1... 19 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc1... 13 https://admin.fedoraproject.org/updates/FEDORA-2014-3450/bind-9.9.3-15.P2.fc... 11 https://admin.fedoraproject.org/updates/FEDORA-2014-3605/abrt-2.2.0-1.fc19,l... 11 https://admin.fedoraproject.org/updates/FEDORA-2014-3619/ibus-1.5.6-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-3340/gdisk-0.8.10-2.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3815/samba-4.0.16-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3855/procps-ng-3.3.8-12.... 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3840/libosinfo-0.2.9-1.f... 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3970/kde-workspace-4.11.... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3996/lcms2-2.6-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4090/thunderbird-24.4.0-... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4071/nspr-4.10.4-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4059/fftw-3.3.4-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4058/audit-2.3.5-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4079/linux-firmware-2014...
The following builds have been pushed to Fedora 19 updates-testing
SDL2-2.0.3-1.fc19 bodhi-0.9.9-1.fc19 fedora-packager-0.5.10.3-1.fc19 firefox-28.0-2.fc19 glyphicons-halflings-fonts-3.1.0-2.20140211git728067b.fc19 lv2-artyfx-plugins-1.1-0.1.20140317git1dc4f00.fc19 nginx-1.4.7-1.fc19 nodejs-async-0.2.10-1.fc19 openscap-1.0.6-1.fc19 python-html5lib-0.999-2.fc19 thunderbird-24.4.0-1.fc19 v8-3.14.5.10-7.fc19 wdiff-1.2.1-2.fc19
Details about builds:
================================================================================ SDL2-2.0.3-1.fc19 (FEDORA-2014-4094) A cross-platform multimedia library -------------------------------------------------------------------------------- Update Information:
2.0.3 upstream release 2.0.2 upstream release; enable wayland backend -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 19 2014 Igor Gnatenko i.gnatenko.brain@gmail.com - 2.0.3-1 - 2.0.3 upstream release * Sat Mar 8 2014 Igor Gnatenko i.gnatenko.brain@gmail.com - 2.0.2-1 - 2.0.2 upstream release - Enable wayland backend -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1077635 - SDL2-2.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1077635 --------------------------------------------------------------------------------
================================================================================ bodhi-0.9.9-1.fc19 (FEDORA-2014-4082) A modular framework that facilitates publishing software updates -------------------------------------------------------------------------------- Update Information:
**Summary of major changes**
* Reset the karma to 0 when new builds are added to an existing update (Mathieu Bridon) https://fedorahosted.org/fesco/ticket/1238 https://fedorahosted.org/bodhi/ticket/388
* Disable karma automatism upon AutoQA test failures (Luke Macken) https://fedorahosted.org/fesco/ticket/1242 https://github.com/fedora-infra/bodhi/issues/36
* Do not trigger the stablekarma threshold if the update is being pushed (Luke Macken) https://fedorahosted.org/bodhi/ticket/649
* Prefix the updateinfo file with its hash in the repo metadata (Mathieu Bridon) https://github.com/fedora-infra/bodhi/pull/35
* Fixed a bug in querying the RPM changelogs, which are used in the update announcement (Mathieu Bridon) https://github.com/fedora-infra/bodhi/pull/38
-------------------------------------------------------------------------------- ChangeLog:
* Fri Mar 14 2014 Luke Macken lmacken@redhat.com - 0.9.9-1 - Update to 0.9.9 * Wed Feb 19 2014 Luke Macken lmacken@redhat.com - 0.9.8-2 - Remove the python-simplejson requirement (#1060234) --------------------------------------------------------------------------------
================================================================================ fedora-packager-0.5.10.3-1.fc19 (FEDORA-2014-4093) Tools for setting up a fedora maintainer environment -------------------------------------------------------------------------------- Update Information:
Fix fedora-burn-yubikey to work properly with slot 2 -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 18 2014 Nick Bebout nb@fedoraproject.org - 0.5.10.3-1 - fix fedora-burn-yubikey script to work with slot 2 * Thu Dec 5 2013 Denis Gilmore dennis@ausil.us - 0.5.10.2-1 - update to 0.5.10.2 - drop sparc support * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.5.10.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ firefox-28.0-2.fc19 (FEDORA-2014-4090) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information:
New upstream version - Firefox 28.0, Thunderbird 24.4.0.
It needs a new nspr-4.10.4 package, so please give karma to those updates:
https://admin.fedoraproject.org/updates/FEDORA-2014-4071/nspr-4.10.4-1.fc19 https://admin.fedoraproject.org/updates/FEDORA-2014-4067/nspr-4.10.4-1.fc20
Thanks! -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 19 2014 Martin Stransky stransky@redhat.com - 28.0-2 - NSS version up, disable arm for now * Tue Mar 18 2014 Martin Stransky stransky@redhat.com - 28.0-1 - Update to 28.0 * Thu Mar 6 2014 Martin Stransky stransky@redhat.com - 27.0.1-2 - Removed needless build patch --------------------------------------------------------------------------------
================================================================================ glyphicons-halflings-fonts-3.1.0-2.20140211git728067b.fc19 (FEDORA-2014-4098) Precisely prepared monochromatic icons and symbols -------------------------------------------------------------------------------- Update Information:
A new iconic font designed for web applications. --------------------------------------------------------------------------------
================================================================================ lv2-artyfx-plugins-1.1-0.1.20140317git1dc4f00.fc19 (FEDORA-2014-4101) A collection of LV2 RT plugins -------------------------------------------------------------------------------- Update Information:
This 1.1 release of OpenAV's ArtyFx plugins introduces three new effects. Refer to http://openavproductions.com/artyfx/ for details on the new Satma, Kuiza and Della plugins
-------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 19 2014 Brendan Jones brendan.jones.it@gmail.com 1.1-0.1.git - 1.1 Update, new plugins --------------------------------------------------------------------------------
================================================================================ nginx-1.4.7-1.fc19 (FEDORA-2014-4104) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information:
Update to upstream release 1.4.7. A heap memory buffer overflow was found in the ngx_http_spdy_module, potentially resulting in arbitrary code execution, but this does not affect nginx on Fedora/EPEL. A bug in the "fastcgi_next_upstream" directive was also resolved with this update. * http://nginx.org/en/CHANGES-1.4 -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 18 2014 Jamie Nguyen jamielinux@fedoraproject.org - 1:1.4.7-1 - update to upstream release 1.4.7 --------------------------------------------------------------------------------
================================================================================ nodejs-async-0.2.10-1.fc19 (FEDORA-2014-4089) Higher-order functions and common patterns for asynchronous code -------------------------------------------------------------------------------- Update Information:
This update resolves an incompatibility when this module is used with IE10 via browserify and resolves some issues with documentation and examples. -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 18 2014 Zbigniew Jędrzejewski-Szmek zbyszek@in.waw.pl - 0.2.10-1 - update to upstream release 0.2.10 (#1057505) * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.2.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1057505 - [PATCH] nodejs-async-0.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1057505 --------------------------------------------------------------------------------
================================================================================ openscap-1.0.6-1.fc19 (FEDORA-2014-4095) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information:
upgrade upgrade -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 19 2014 Šimon Lukašík slukasik@redhat.com - 1.0.6-1 - upgrade * Fri Mar 14 2014 Šimon Lukašík slukasik@redhat.com - 1.0.5-1 - upgrade --------------------------------------------------------------------------------
================================================================================ python-html5lib-0.999-2.fc19 (FEDORA-2014-4097) A python based HTML parser/tokenizer -------------------------------------------------------------------------------- Update Information:
"six" module is a runtime requirement -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 12 2014 Dan Scott dan@coffeecode.net - 0.999-2 - "six" module is a runtime requirement * Sat Mar 1 2014 Praveen Kumar kumarpraveen.nitdgp@gmail.com 0.999-1 - Added epoch information * Wed Feb 26 2014 Dan Scott dan@coffeecode.net - 0.999-1 - Updated for new version - Fixed bogus dates in changelog * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0b2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jul 8 2013 Praveen Kumar kumarpraveen.nitdgp@gmail.com - 1.0b2-2 - Updated python3 support which accidently removed from previous revision. * Mon Jul 8 2013 Praveen Kumar kumarpraveen.nitdgp@gmail.com - 1.0b2-1 - Updated new source -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1075783 - python-html5lib requires six module https://bugzilla.redhat.com/show_bug.cgi?id=1075783 --------------------------------------------------------------------------------
================================================================================ thunderbird-24.4.0-1.fc19 (FEDORA-2014-4090) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information:
New upstream version - Firefox 28.0, Thunderbird 24.4.0.
It needs a new nspr-4.10.4 package, so please give karma to those updates:
https://admin.fedoraproject.org/updates/FEDORA-2014-4071/nspr-4.10.4-1.fc19 https://admin.fedoraproject.org/updates/FEDORA-2014-4067/nspr-4.10.4-1.fc20
Thanks! -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 18 2014 Jan Horak jhorak@redhat.com - 24.4.0-1 - Update to 24.4.0 --------------------------------------------------------------------------------
================================================================================ v8-3.14.5.10-7.fc19 (FEDORA-2014-4081) JavaScript Engine -------------------------------------------------------------------------------- Update Information:
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1704 to the following vulnerability:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704
Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Only one vulnerability in this CVE affects v8-3.14.5.10 in Fedora. This update fixes the vulnerability involving unsigned integer arithmetic. -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 18 2014 T.C. Hollingsworth tchollingsworth@gmail.com - 1:3.14.5.10-7 - backport fix for unsigned integer arithmetic (RHBZ#1077136; CVE-2014-1704) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1077136 - CVE-2014-1704 v8: multiple vulnerabilities in v8 fixed in Google Chrome version 33.0.1750.149 https://bugzilla.redhat.com/show_bug.cgi?id=1077136 --------------------------------------------------------------------------------
================================================================================ wdiff-1.2.1-2.fc19 (FEDORA-2014-4099) A front-end to GNU diff -------------------------------------------------------------------------------- Update Information:
Updated to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Mar 14 2013 Praveen Kumar kumarpraveen.nitdgp@gmail.com 1.2.1-1 - New release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1077596 - mdiff crash https://bugzilla.redhat.com/show_bug.cgi?id=1077596 --------------------------------------------------------------------------------