The following Fedora 19 Security updates need testing:
Age URL
427
https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glanc...
85
https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29....
61
https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-...
52
https://admin.fedoraproject.org/updates/FEDORA-2014-14237/claws-mail-plug...
45
https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6...
42
https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.10.0-2.fc19
38
https://admin.fedoraproject.org/updates/FEDORA-2014-15248/kde-runtime-4.1...
37
https://admin.fedoraproject.org/updates/FEDORA-2014-15378/rubygem-actionp...
36
https://admin.fedoraproject.org/updates/FEDORA-2014-15466/rubygem-sprocke...
31
https://admin.fedoraproject.org/updates/FEDORA-2014-15740/facter-1.6.18-8...
25
https://admin.fedoraproject.org/updates/FEDORA-2014-15999/libreoffice-4.1...
25
https://admin.fedoraproject.org/updates/FEDORA-2014-16045/util-linux-2.23...
20
https://admin.fedoraproject.org/updates/FEDORA-2014-16485/pam-1.1.6-13.fc19
20
https://admin.fedoraproject.org/updates/FEDORA-2014-16479/python3-3.3.2-1...
15
https://admin.fedoraproject.org/updates/FEDORA-2014-16576/bind-9.9.3-16.P...
15
https://admin.fedoraproject.org/updates/FEDORA-2014-16690/curl-7.29.0-27....
13
https://admin.fedoraproject.org/updates/FEDORA-2014-16896/tcpdump-4.4.0-5...
13
https://admin.fedoraproject.org/updates/FEDORA-2014-16874/asterisk-11.14....
13
https://admin.fedoraproject.org/updates/FEDORA-2014-16728/xorg-x11-server...
13
https://admin.fedoraproject.org/updates/FEDORA-2014-16865/docker-io-1.4.0...
10
https://admin.fedoraproject.org/updates/FEDORA-2014-17053/openjpeg-1.5.1-...
10
https://admin.fedoraproject.org/updates/FEDORA-2014-17081/denyhosts-2.6-2...
9
https://admin.fedoraproject.org/updates/FEDORA-2014-16826/nss-3.17.3-2.fc...
9
https://admin.fedoraproject.org/updates/FEDORA-2014-17110/mariadb-5.5.40-...
9
https://admin.fedoraproject.org/updates/FEDORA-2014-17210/ettercap-0.8.1-...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-17277/mailx-12.5-9.fc19
7
https://admin.fedoraproject.org/updates/FEDORA-2014-16465/jasper-1.900.1-...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-17354/libssh-0.6.4-1....
7
https://admin.fedoraproject.org/updates/FEDORA-2014-17244/kernel-3.14.27-...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-17284/ca-certificates...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-17395/ntp-4.2.6p5-13....
3
https://admin.fedoraproject.org/updates/FEDORA-2014-17508/glpi-0.83.9.1-5...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-17555/mapserver-6.2.2...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-17626/mingw-pcre-8.33...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-17640/dokuwiki-0-0.23...
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
375
https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmark...
301
https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2....
13
https://admin.fedoraproject.org/updates/FEDORA-2014-16892/poppler-0.22.1-...
13
https://admin.fedoraproject.org/updates/FEDORA-2014-16866/perl-Filter-1.5...
13
https://admin.fedoraproject.org/updates/FEDORA-2014-16728/xorg-x11-server...
10
https://admin.fedoraproject.org/updates/FEDORA-2014-17053/openjpeg-1.5.1-...
9
https://admin.fedoraproject.org/updates/FEDORA-2014-16826/nss-3.17.3-2.fc...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-17244/kernel-3.14.27-...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-17284/ca-certificates...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-16465/jasper-1.900.1-...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-17395/ntp-4.2.6p5-13....
The following builds have been pushed to Fedora 19 updates-testing
archlinux-keyring-20141218-1.fc19
clamtk-5.12-1.fc19
dokuwiki-0-0.23.20140929b.fc19
fldigi-3.22.04-1.fc19
mingw-pcre-8.33-4.fc19
par-1.52-15.fc19
Details about builds:
================================================================================
archlinux-keyring-20141218-1.fc19 (FEDORA-2014-17647)
GPG keys used by Arch distribution to sign packages
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 24 2014 Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> - 20141218-1
- New upstream release (#1176858).
* Wed Sep 10 2014 Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> - 20140908-1
- New upstream release (#1140086).
--------------------------------------------------------------------------------
================================================================================
clamtk-5.12-1.fc19 (FEDORA-2014-17619)
Easy to use graphical user interface for Clam anti virus
--------------------------------------------------------------------------------
Update Information:
Update to 5.12.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 25 2014 Dave M. <dave.nerd(a)gmail.com> - 5.12-1
- Updated to release 5.12.
--------------------------------------------------------------------------------
================================================================================
dokuwiki-0-0.23.20140929b.fc19 (FEDORA-2014-17640)
Standards compliant simple to use wiki
--------------------------------------------------------------------------------
Update Information:
Update to the 2014-09-29b release which contains various fixes,
notably:\\r\\n\\r\\nSecurity:\\r\\n* CVE-2014-9253 - XSS via SFW file upload\\r\\n*
CVE-2012-6662 - jquery-ui XSS vulnerability\\r\\n\\r\\nBugfixes:\\r\\n* dokuwiki requires
php-xml (RHBZ#1061477)\\r\\n* wrong SELinux file context for writable files/directories
(RHBZ#1064524)\\r\\n* drop httpd requirement (RHBZ#1164396)\\r\\n
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 26 2014 Adam Tkac <vonsch(a)gmail.com> - 0.0.23.20140929b
- update to the latest upstream
- drop requirement of httpd (#1164396)
- fix SELinux file contexts (#1064524)
- require php-xml (#1061477)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0-0.22.20131208
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1061477 - wiki:syntax page requires php-xml to render
https://bugzilla.redhat.com/show_bug.cgi?id=1061477
[ 2 ] Bug #1150133 - dokuwiki: various security flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1150133
[ 3 ] Bug #1174331 - CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1174331
[ 4 ] Bug #1161816 - dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
https://bugzilla.redhat.com/show_bug.cgi?id=1161816
[ 5 ] Bug #1174332 - CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=1174332
[ 6 ] Bug #1164396 - dokuwiki requires apache
https://bugzilla.redhat.com/show_bug.cgi?id=1164396
[ 7 ] Bug #1166099 - CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default
content in Tooltip widget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166099
[ 8 ] Bug #1064524 - Wrong SELinux type in dokuwiki-selinux package
https://bugzilla.redhat.com/show_bug.cgi?id=1064524
[ 9 ] Bug #1150134 - dokuwiki: various security flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1150134
[ 10 ] Bug #1174333 - CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1174333
[ 11 ] Bug #1101095 - New release available - 2014-05-05 "Ponder Stibbons"
https://bugzilla.redhat.com/show_bug.cgi?id=1101095
--------------------------------------------------------------------------------
================================================================================
fldigi-3.22.04-1.fc19 (FEDORA-2014-17616)
Digital modem program for Linux
--------------------------------------------------------------------------------
Update Information:
flrig - Version 1.3.19 * maintenance release\r\n\r\n xmlrpc error handling\r\n *
improve xmlrpc error handling\r\n - require 5 consecutive connect errors before
closing and\r\nreopening connection\r\n\r\n Kenwood transceivers\r\n * Changed use
of sendCommand function to wait_char function when\r\nappropriate\r\n\r\n TS450S\r\n
* wait_char(...) substituted for waitN in backend\r\n * added read bandwidth values
before setting.\r\n - 8.33 MHz filter value never changed\r\n - 455 kHz filter
value iaw with UI\r\n\r\n Transceiver timeout\r\n * Restored timout to sendCommand
even if nread is zero\r\n\r\n Scripts\r\n * removed binary build from
builddist.sh\r\n\r\n Yaesu\r\n * Changed get query to use waitN(...)\r\n\r\nfldigi -
Version 3.22.04 * maintenance release\r\n - quick fix for main window title
issue\r\n\r\n xmlrpc\r\n * fix for xmlrpc transceiver naming\nVersion 3.22.03 *
maintenance release\\r\\n\\r\\n * changed all berlios lists references to source
forge\\r\\n\\r\\n * CW xmt filter\\r\\n - Added user selectable Windowed-sinc transmit
bandpass filter. \\r\\n - Useful for tuning transmit sound at QRQ operating
speeds.\\r\\n\\r\\n * CW configuration\\r\\n - updated documentation for the new
bandpass transmit shaping\\r\\n\\r\\n * DTMF\\r\\n - Corrected dtmf command execution
within trx tx loop\\r\\n\\r\\n * FFT filter\\r\\n - Corrected initialization of fft
filter.\\r\\n\\r\\n * ARQ/KISS IO state conflict\\r\\n - Ensure all state flags
reflect selected mode.\\r\\n - Toggle IO mode in software.\\r\\n\\r\\n * Window
title\\r\\n - changed to append vice replace window title with transceiver
name\\r\\n\\r\\n * Xmt Audio Stream\\r\\n - Restored MT63 output power\\r\\n -
Modified output audio stream processing to prevent audio codec roll over\\r\\n\\r\\n * RX
Text\\r\\n - reject Mousewheel (3rd mouse button) closure when in Rx text
panel\\r\\n\\r\\n * OpenBSD\\r\\n - compatibility fixes for OpenBSD\\r\\n\\r\\n *
LOGGER EXPORT\\r\\n - Corrected struct position of log field
'QSL_VIA'\\r\\n\\r\\n * Documentation\\r\\n - Removed references to
Precompiled Binaries\\r\\n - Added illustration of command line parameters\\r\\n .
on Win8.1\\r\\n . on Mint UI launcher properties\\r\\n\\r\\n * LOG lookup\\r\\n -
Changed debug level to VERBOSE; easier to see response without DEBUG clutter\\r\\n\\r\\n
* Lion/Yosemite madness\\r\\n - OS-X changed allowable application behavior after user
presses the Red-X \\r\\n "I'm outta here" button. Fix to prevent
system uncaught exception behavior.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 26 2014 Richard Shaw <hobbes1069(a)gmail.com> - 3.22.04-1
- Update to latest upstream release.
* Thu Dec 25 2014 Richard Shaw <hobbes1069(a)gmail.com> - 3.22.03-1
- Update to latest upstream release.
* Mon Dec 1 2014 Richard Shaw <hobbes1069(a)gmail.com> - 3.22.02-1
- Update to latest upstream release.
--------------------------------------------------------------------------------
================================================================================
mingw-pcre-8.33-4.fc19 (FEDORA-2014-17626)
MinGW Windows pcre library
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2014-8964
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 25 2014 Yaakov Selkowitz <yselkowi(a)redhat.com> - 8.33-4
- Add upstream patches from main pcre package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1177278 - CVE-2014-8964 mingw-pcre: pcre: incorrect handling of zero-repeat
assertion conditions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1177278
--------------------------------------------------------------------------------
================================================================================
par-1.52-15.fc19 (FEDORA-2014-17632)
Paragraph reformatter, vaguely like fmt, but more elaborate
--------------------------------------------------------------------------------
Update Information:
Added protection against null dereference to previous patch.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 25 2014 David Levine <par.packager(a)gmail.com> - 1.52-14
- Added protection against null dereference to previous patch.
* Wed Dec 24 2014 David Levine <par.packager(a)gmail.com> - 1.52-14
- Added patch to fix segfault with multibyte characters [Bug 962221].
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.52-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 6 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.52-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Jul 29 2013 Ville Skyttä <ville.skytta(a)iki.fi> - 1.52-11
- Don't create unneeded doc dir in %install.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #962221 - [abrt] par-1.52-8.fc18: freelines: Process /usr/bin/par was killed
by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=962221
--------------------------------------------------------------------------------