The following Fedora 19 Security updates need testing: Age URL 320 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2... 132 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 83 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 81 https://admin.fedoraproject.org/updates/FEDORA-2014-7570/asterisk-11.10.2-2.... 81 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1... 81 https://admin.fedoraproject.org/updates/FEDORA-2014-7610/perl-Email-Address-... 72 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 48 https://admin.fedoraproject.org/updates/FEDORA-2014-8771/ReviewBoard-1.7.27-... 34 https://admin.fedoraproject.org/updates/FEDORA-2014-9162/xulrunner-31.0-1.fc... 26 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3... 20 https://admin.fedoraproject.org/updates/FEDORA-2014-9602/polkit-qt-0.112.0-1... 20 https://admin.fedoraproject.org/updates/FEDORA-2014-9619/ca-certificates-201... 13 https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-9703/cups-1.6.4-10.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-9624/GraphicsMagick-1.3.... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10491/torque-3.0.4-4.fc1... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10359/procmail-3.22-36.f... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10366/icecream-1.0.1-8.2... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10649/xerces-j2-2.11.0-1... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10569/kernel-3.14.18-100... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10628/pdns-recursor-3.6.... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10573/not-yet-commons-ss...
The following Fedora 19 Critical Path updates have yet to be approved: Age URL 268 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-1... 194 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc1... 13 https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-9828/btrfs-progs-3.16-1.... 13 https://admin.fedoraproject.org/updates/FEDORA-2014-9862/langtable-0.0.27-1.... 13 https://admin.fedoraproject.org/updates/FEDORA-2014-9703/cups-1.6.4-10.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10326/elfutils-0.160-1.f... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10441/libbluray-0.6.2-1.... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10359/procmail-3.22-36.f... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-10478/firefox-32.0-1.fc1... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10569/kernel-3.14.18-100...
The following builds have been pushed to Fedora 19 updates-testing
libreoffice-4.1.6.2-8.fc19 lis-1.4.59-1.fc19 pdns-recursor-3.6.1-1.fc19 perl-Date-Manip-6.47-1.fc19 rubygem-domain_name-0.5.21-1.fc19 skf-1.99.9-1.fc19 texstudio-2.8.4-1.fc19 tnef-1.4.12-1.fc19 xerces-j2-2.11.0-15.fc19
Details about builds:
================================================================================ libreoffice-4.1.6.2-8.fc19 (FEDORA-2014-10640) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information:
CVE-2014-3575 arbitrary file preview disclosure via ole2 objects
The vulnerability allows an attacker to send a document which when opened will trigger the prompt to "Update Links" but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 9 2014 Caolán McNamara caolanm@redhat.com - 1:4.1.6.2-8 - Resolves: rhbz#1139592 CVE-2014-3575 arbitrary file preview disclosure via ole2 objects -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1139592 - CVE-2014-3575 libreoffice: openoffice: Arbitrary file disclosure via crafted OLE objects [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1139592 --------------------------------------------------------------------------------
================================================================================ lis-1.4.59-1.fc19 (FEDORA-2014-10647) A library for solving linear equations and eigenvalue problems -------------------------------------------------------------------------------- Update Information:
Update to 1.4.59 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Florian Lehner dev@der-flo.net - 1.4.59-1 - Update to 1.4.59 --------------------------------------------------------------------------------
================================================================================ pdns-recursor-3.6.1-1.fc19 (FEDORA-2014-10628) Modern, advanced and high performance recursing/non authoritative name server -------------------------------------------------------------------------------- Update Information:
- PowerDNS Recursor Security Release 3.6.1 - CVE-2014-3614
Issue: A specific sequence of packets can crash PowerDNS Recursor 3.6.0 remotely (CVE-2014-3614) Affected: All deployments of PowerDNS Recursor 3.6.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Morten Stevens mstevens@imt-systems.com - 3.6.1-1 - Update to 3.6.1 - CVE-2014-3614 (#1139251 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1139251 - CVE-2014-3614 A specific sequence of packets can crash PowerDNS Recursor 3.6.0 remotely https://bugzilla.redhat.com/show_bug.cgi?id=1139251 --------------------------------------------------------------------------------
================================================================================ perl-Date-Manip-6.47-1.fc19 (FEDORA-2014-10639) Date manipulation routines -------------------------------------------------------------------------------- Update Information:
Update timezone data. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Petr Šabata contyk@redhat.com - 6.47-1 - Update timezone data * Thu Aug 28 2014 Jitka Plesnikova jplesnik@redhat.com - 6.46-2 - Perl 5.20 rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1138274 - perl-Date-Manip-6.47 is available https://bugzilla.redhat.com/show_bug.cgi?id=1138274 --------------------------------------------------------------------------------
================================================================================ rubygem-domain_name-0.5.21-1.fc19 (FEDORA-2014-10658) Domain Name manipulation library for Ruby -------------------------------------------------------------------------------- Update Information:
New version 0.5.21 is released. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Mamoru TASAKA mtasaka@fedoraproject.org - 0.5.21-1 - 0.5.21 --------------------------------------------------------------------------------
================================================================================ skf-1.99.9-1.fc19 (FEDORA-2014-10655) Utility binary files in Simple Kanji Filter -------------------------------------------------------------------------------- Update Information:
New version 1.99.9 is released. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Mamoru TASAKA mtasaka@fedoraproject.org - 1.99.9-1 - 1.99.9 * Wed Aug 27 2014 Jitka Plesnikova jplesnik@redhat.com - 1.99.8-1.4 - Perl 5.20 rebuild * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.99.8-1.3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.99.8-1.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Apr 29 2014 Vít Ondruch vondruch@redhat.com - 1.99.8-1.1 - Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1 --------------------------------------------------------------------------------
================================================================================ texstudio-2.8.4-1.fc19 (FEDORA-2014-10631) A feature-rich editor for LaTeX documents -------------------------------------------------------------------------------- Update Information:
- update to 2.8.4 - http://texstudio.sourceforge.net/manual/current/usermanual_en.html#SECTIONNE... -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 9 2014 Johannes Lips hannes@fedoraproject.org 2.8.4-1 - Update to latest upstream version 2.8.4 --------------------------------------------------------------------------------
================================================================================ tnef-1.4.12-1.fc19 (FEDORA-2014-10641) Extract files from email attachments like WINMAIL.DAT -------------------------------------------------------------------------------- Update Information:
Update to 1.4.12, a release which resolves an issue in extracting multi-value fields from the tnef archive. Upgrading to this version resolves an issue in 1.4.9 in which tnef files with multi-value fields could not be extracted. Upgrading to this version resolves an issue in 1.4.9 in which tnef files with multi-value fields could not be extracted. Upgrading to this version resolves an issue in 1.4.9 in which tnef files with multi-value fields could not be extracted. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 9 2014 David Timms iinet.net.au@dtimms - 1.4.12-1 - update to 1.4.12 * Sun Aug 31 2014 David Timms iinet.net.au@dtimms - 1.4.11-1.20140826git0b35ad8 - update to 1.4.11 / git tag of 2014-08-26. - add autoreconf to build process now that upstream no longer creates source tarballs. - drop upstreamed format-security patch. - drop document file TODO and update path for README. * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 13 2014 Yaakov Selkowitz yselkowi@redhat.com - 1.4.9-5 - Fix FTBFS with -Werror=format-security (#1037361, #1107453) * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ xerces-j2-2.11.0-15.fc19 (FEDORA-2014-10649) Java XML parser -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2013-4002 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 10 2014 Mat Booth mat.booth@redhat.com - 2.11.0-15 - Add patch for CVE-2013-4002, rhbz #1140031 - Fix ownership of javadoc directory -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) https://bugzilla.redhat.com/show_bug.cgi?id=1019176 --------------------------------------------------------------------------------