The following Fedora 19 Security updates need testing:
Age URL
308
https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glanc...
120
https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
71
https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19
70
https://admin.fedoraproject.org/updates/FEDORA-2014-7570/asterisk-11.10.2...
69
https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10....
69
https://admin.fedoraproject.org/updates/FEDORA-2014-7610/perl-Email-Addre...
60
https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19
37
https://admin.fedoraproject.org/updates/FEDORA-2014-8771/ReviewBoard-1.7....
22
https://admin.fedoraproject.org/updates/FEDORA-2014-9162/xulrunner-31.0-1...
14
https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7....
8
https://admin.fedoraproject.org/updates/FEDORA-2014-9602/polkit-qt-0.112....
8
https://admin.fedoraproject.org/updates/FEDORA-2014-9619/ca-certificates-...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-9679/php-5.5.16-1.fc19
3
https://admin.fedoraproject.org/updates/FEDORA-2014-9768/zarafa-7.1.10-4....
3
https://admin.fedoraproject.org/updates/FEDORA-2014-9791/python-django-1....
3
https://admin.fedoraproject.org/updates/FEDORA-2014-9752/python-elixir-0....
1
https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19
1
https://admin.fedoraproject.org/updates/FEDORA-2014-9703/cups-1.6.4-10.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-9963/squid-3.3.13-1.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-9624/GraphicsMagick-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-9942/mariadb-5.5.39-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-9954/thunderbird-enig...
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
256
https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmark...
182
https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2....
13
https://admin.fedoraproject.org/updates/FEDORA-2014-9513/curl-7.29.0-22.fc19
8
https://admin.fedoraproject.org/updates/FEDORA-2014-9602/polkit-qt-0.112....
8
https://admin.fedoraproject.org/updates/FEDORA-2014-9619/ca-certificates-...
3
https://admin.fedoraproject.org/updates/FEDORA-2014-9780/nss-3.17.0-1.fc1...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-9830/glibc-2.17-21.fc19
1
https://admin.fedoraproject.org/updates/FEDORA-2014-9828/btrfs-progs-3.16...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-9862/langtable-0.0.27...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-9703/cups-1.6.4-10.fc19
The following builds have been pushed to Fedora 19 updates-testing
GraphicsMagick-1.3.20-3.fc19
gvrng-4.4-7.fc19
libnfc-1.7.1-4.fc19
mariadb-5.5.39-1.fc19
mediawiki-1.23.3-1.fc19
perl-Mail-GnuPG-0.21-1.fc19
perl-Perl-MinimumVersion-1.38-2.fc19
pogo-0.8.3-1.fc19
python-fedmsg-meta-fedora-infrastructure-0.3.1-1.fc19
root-5.34.20-2.fc19
rubygem-logstash-event-1.2.02-2.fc19
scribus-1.4.4-2.fc19
squid-3.3.13-1.fc19
subversion-api-docs-1.7.18-1.fc19
thunderbird-enigmail-1.7.2-1.fc19
Details about builds:
================================================================================
GraphicsMagick-1.3.20-3.fc19 (FEDORA-2014-9624)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
New stable upstream release, patched for CVE-2014-1947. See also:
http://www.graphicsmagick.org/NEWS.html#august-16-2014
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.20-3
- go back to original L%02d format variant
* Mon Aug 25 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.20-2
- better fix for CVE-2014-1947 (#1064098,#1083082)
* Wed Aug 20 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.20-1
- 1.3.20, CVE-2014-1947 (#1064098,#1083082)
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3.19-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Aug 13 2014 Orion Poplawski <orion(a)cora.nwra.com> - 1.3.19-8
- Rebuild for libjbig soname bump
* Fri Jun 6 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3.19-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun May 11 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.19-6
- handle upgrade path for introduction of -doc subpkg in 1.3.19-4
* Mon Feb 3 2014 Remi Collet <remi(a)fedoraproject.org> - 1.3.19-5
- upstream patch, drop debug output (#1060665)
* Sat Jan 25 2014 Ville Skyttä <ville.skytta(a)iki.fi> - 1.3.19-4
- Split docs into -doc subpackage, drop README.txt (#1056306).
- Drop no longer needed BrowseDelegateDefault modification.
- Convert docs to UTF-8.
* Thu Jan 9 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.19-3
- ppc64le is a multilib arch (#1051208)
* Wed Jan 1 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.19-2
- BR: jbigkit, libwebp, xdg-utils, xz
* Wed Jan 1 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.19-1
- 1.3.19 (#1047676)
* Tue Oct 15 2013 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.18-5
- trim changelog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1064098 - CVE-2014-1947 ImageMagick: PSD writing layer name buffer overflow
("L%02ld")
https://bugzilla.redhat.com/show_bug.cgi?id=1064098
--------------------------------------------------------------------------------
================================================================================
gvrng-4.4-7.fc19 (FEDORA-2014-9930)
A robot driving game designed to introduce to kids to programming
--------------------------------------------------------------------------------
Update Information:
Fixed locale location (bz 1133237)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 27 2014 Neil Horman <nhorman(a)tuxdriver.com> - 4.4-7
- Fixed locale location (bz 1133237)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1133237 - program crashes when trying to start
https://bugzilla.redhat.com/show_bug.cgi?id=1133237
--------------------------------------------------------------------------------
================================================================================
libnfc-1.7.1-4.fc19 (FEDORA-2014-9922)
NFC SDK and Programmers API
--------------------------------------------------------------------------------
Update Information:
Migrated udev rule to dynamic ACL management and new bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Jaroslav Škarvada <jskarvad(a)redhat.com> - 1.7.1-4
- Migrated udev rule to dynamic ACL management
- Fixed udev rule location
- Added kernel modules blacklist file as an example (not enabled by default)
Resolves: rhbz#1057285
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.7.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.7.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Mar 17 2014 Jaroslav Škarvada <jskarvad(a)redhat.com> - 1.7.1-1
- New version
Resolves: rhbz#1076524
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1057285 - udev rules not working.
https://bugzilla.redhat.com/show_bug.cgi?id=1057285
[ 2 ] Bug #1076524 - libnfc-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1076524
--------------------------------------------------------------------------------
================================================================================
mariadb-5.5.39-1.fc19 (FEDORA-2014-9942)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes all issues described at
https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5539-cha... and also
an unspecified MyISAM temporary file issue.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 22 2014 Honza Horak <hhorak(a)redhat.com> - 1:5.5.39-1
- Update to 5.5.39
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1126271 - mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and
5.6.20
https://bugzilla.redhat.com/show_bug.cgi?id=1126271
[ 2 ] Bug #1126272 - mysql: yaSSL off-by-one when decoding dates form X.509
certificates
https://bugzilla.redhat.com/show_bug.cgi?id=1126272
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.23.3-1.fc19 (FEDORA-2014-9964)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
* (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php.
* (bug 64970) Fix support for blobs on DatabaseOracle::update.
* (bug 66574) Display MediaWiki:Loginprompt on the login page.
* (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
* (bug 60629) Handle invalid language code gracefully in Language::fetchLanguageNames.
* (bug 62017) Restore the number of rows shown on Special:Watchlist.
* Check for boolean false result from database query in SqlBagOStuff.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Michael Cronenworth <mike(a)cchtml.com> - 1.23.3-1
- Update to 1.23.3
- (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php.
- (bug 64970) Fix support for blobs on DatabaseOracle::update.
- (bug 66574) Display MediaWiki:Loginprompt on the login page.
- (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
- (bug 60629) Handle invalid language code gracefully in
Language::fetchLanguageNames.
- (bug 62017) Restore the number of rows shown on Special:Watchlist.
- Check for boolean false result from database query in SqlBagOStuff.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1134781 - mediawiki-1.23.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1134781
[ 2 ] Bug #1134892 - mediawiki's mw-createinstance script creates a dangling symlink
to redirect.php, which has been removed
https://bugzilla.redhat.com/show_bug.cgi?id=1134892
--------------------------------------------------------------------------------
================================================================================
perl-Mail-GnuPG-0.21-1.fc19 (FEDORA-2014-9936)
Process email with GPG
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Ralf Corsépius <corsepiu(a)fedoraproject.org> - 0.21-1
- Upstream update.
--------------------------------------------------------------------------------
================================================================================
perl-Perl-MinimumVersion-1.38-2.fc19 (FEDORA-2014-9962)
Find a minimum required version of perl for Perl code
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Ralf Corsépius <corsepiu(a)fedoraproject.org> - 1.38-2
- Filter underspecified deps.
- Upstream update.
- Reflect upstream BR:-changes.
- Reflect Source0: having changed.
- Minor spec file modernization.
--------------------------------------------------------------------------------
================================================================================
pogo-0.8.3-1.fc19 (FEDORA-2014-9923)
Probably the simplest and fastest audio player for Linux
--------------------------------------------------------------------------------
Update Information:
Rebuilt for new upstream version 0.8.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Filipe Rosset <rosset.filipe(a)gmail.com> - 0.8.3-1
- Rebuilt for new upstream version 0.8.3
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.3.1-1.fc19 (FEDORA-2014-9960)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
'bodhi conglomerators'. Future-proofed copr processor. New threading lock around
fas cache.
Latest upstream with fixes for pkgdb and jenkins messages.
Fixes to jenkins messages.
New Fedora-College processor.
Fixes to jenkins messages.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Ralph Bean <rbean(a)redhat.com> - 0.3.1-1
- Latest upstream with the new conglomerator api.
- Also, fixes to copr messages.
- New threading lock put around fas cache regeneration.
- Bump up the BR version on fedmsg.
* Wed Aug 20 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.19-1
- Latest upstream with jenkins and pkgdb fixes.
- Remove patches.
* Wed Aug 13 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.18-3
- Upstream patches to fix further problems with the jenkins processor.
* Sun Aug 10 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.18-2
- Patch out time-sensitive test.
* Sat Aug 9 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.18-1
- Fix test suite.
* Sat Aug 9 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.17-1
- Bugfixes to jenkins messages.
* Sat Aug 9 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.16-1
- Remove patch.
- Handle fedora college messages.
--------------------------------------------------------------------------------
================================================================================
root-5.34.20-2.fc19 (FEDORA-2014-9961)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
Move xproofd binary to the root-xproof package
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 5.34.20-2
- Move xproofd binaries from root-proofd to root-xproof
- Adjust EPEL 7 font dependencies
- Rebuild using new binutils (ld bug fixed - F21+)
--------------------------------------------------------------------------------
================================================================================
rubygem-logstash-event-1.2.02-2.fc19 (FEDORA-2014-9924)
Library that contains the classes required to create LogStash events
--------------------------------------------------------------------------------
Update Information:
rubygem-logstash-event contains the classes required to create LogStash events
(combination of timestamp in ISO8601 format and message in any format) and their
serialization to json.
logstash-event rubygem is part of LogStash project,
http://logstash.net/.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1131991 - Review Request: rubygem-logstash-event - Classes required to create
LogStash events
https://bugzilla.redhat.com/show_bug.cgi?id=1131991
--------------------------------------------------------------------------------
================================================================================
scribus-1.4.4-2.fc19 (FEDORA-2014-9929)
DeskTop Publishing application written in Qt
--------------------------------------------------------------------------------
Update Information:
- updated to 1.4.4
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Dan Horák <dan[at]danny.cz> - 1.4.4-2
- switch to Debian patch for the qreal vs double conflict on ARM (fixes #1076885)
* Fri Jun 6 2014 Tom Callaway <spot(a)fedoraproject.org> - 1.4.4-1
- update to 1.4.4, drop non-free dot files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1076885 - shape insertion tool don't works
https://bugzilla.redhat.com/show_bug.cgi?id=1076885
[ 2 ] Bug #1119035 - Scribus V1.4.4 not yet available for Fedora 20
https://bugzilla.redhat.com/show_bug.cgi?id=1119035
[ 3 ] Bug #1103247 - scribus-1.4.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1103247
--------------------------------------------------------------------------------
================================================================================
squid-3.3.13-1.fc19 (FEDORA-2014-9963)
The Squid proxy caching server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-3609
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 28 2014 Michal Luscon <mluscon(a)redhat.com> - 7:3.3.13-1
- Update to upstream version 3.3.13
- Fixed: CVE-2014-3609
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1134209 - CVE-2014-3609 squid: assertion failure in Range header processing
(SQUID-2014:2)
https://bugzilla.redhat.com/show_bug.cgi?id=1134209
--------------------------------------------------------------------------------
================================================================================
subversion-api-docs-1.7.18-1.fc19 (FEDORA-2014-9925)
Subversion API documentation
--------------------------------------------------------------------------------
Update Information:
Rebuild against current stable.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 29 2014 Bojan Smojver <bojan(a)rexursive.com> 1.7.18-1
- bump up to 1.7.18
--------------------------------------------------------------------------------
================================================================================
thunderbird-enigmail-1.7.2-1.fc19 (FEDORA-2014-9954)
Authentication and encryption extension for Mozilla Thunderbird
--------------------------------------------------------------------------------
Update Information:
Upstream annoncement:
* This is a bugfix release, fixing several major issues found in v1.7.
* A security bug (CVE-2014-5369) has been fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 29 2014 Remi Collet <remi(a)fedoraproject.org> 1.7.2-1
- Enigmail 1.7.2, fix CVE-2014-5369
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1133373 - CVE-2014-5369 thunderbird-enigmail: mail with only Bcc recipients
sent in plain text
https://bugzilla.redhat.com/show_bug.cgi?id=1133373
--------------------------------------------------------------------------------