Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Jun 5 04:26:27 UTC 2014
The following Fedora 19 Security updates need testing:
Age URL
222 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
34 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
29 https://admin.fedoraproject.org/updates/FEDORA-2014-6046/cifs-utils-6.3-2.fc19
26 https://admin.fedoraproject.org/updates/FEDORA-2014-5759/cups-filters-1.0.53-2.fc19
23 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19
22 https://admin.fedoraproject.org/updates/FEDORA-2014-6331/dovecot-2.2.13-1.fc19
14 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19
14 https://admin.fedoraproject.org/updates/FEDORA-2014-6569/openssh-6.2p2-8.fc19
12 https://admin.fedoraproject.org/updates/FEDORA-2014-6594/libtiff-4.0.3-10.fc19
12 https://admin.fedoraproject.org/updates/FEDORA-2014-6597/drupal7-views-3.8-1.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-6645/libgadu-1.12.0-0.5.rc3.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-6717/libpng-1.5.13-3.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-6716/readline-6.2-7.fc19
7 https://admin.fedoraproject.org/updates/FEDORA-2014-6818/check-mk-1.2.4p2-2.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6851/mingw-libgcrypt-1.5.3-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6831/mingw-libtiff-4.0.3-4.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6858/mingw-icu-50.1.2-3.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6829/mingw-pixman-0.30.0-4.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6859/mingw-libjpeg-turbo-1.3.1-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6833/mingw-freetype-2.4.12-3.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6866/mingw-readline-6.2-4.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6892/mingw-libpng-1.5.18-1.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6921/mingw-curl-7.37.0-1.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6896/qt3-3.3.8b-58.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6881/gnutls-3.1.20-5.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6919/libtasn1-3.6-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6938/mod_wsgi-3.5-1.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-6962/mediawiki-1.21.10-1.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-6963/mingw-gnutls-3.1.25-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-7041/kernel-3.14.5-100.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6904/php-doctrine-orm-2.4.2-2.fc19,php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19,php-5.5.13-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-7095/sendmail-8.14.7-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-7090/chkrootkit-0.49-9.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
170 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
96 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
12 https://admin.fedoraproject.org/updates/FEDORA-2014-6613/langtable-0.0.24-2.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-6708/webkitgtk3-2.0.4-3.fc19,webkitgtk-2.0.4-3.fc19
7 https://admin.fedoraproject.org/updates/FEDORA-2014-6814/device-mapper-persistent-data-0.3.2-1.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6898/openldap-2.4.39-3.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-6988/curl-7.29.0-20.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-7095/sendmail-8.14.7-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-7041/kernel-3.14.5-100.fc19
The following builds have been pushed to Fedora 19 updates-testing
antimicro-2.4-1.fc19
chkrootkit-0.49-9.fc19
fedup-0.8.1-1.fc19
gcal-3.6.3-1.fc19
ibus-table-1.8.1-1.fc19
pyfits-3.1.6-2.fc19
sendmail-8.14.7-2.fc19
springlobby-0.195-1.fc19
tomcat-native-1.1.30-1.fc19
zabbix-2.0.12-2.fc19
Details about builds:
================================================================================
antimicro-2.4-1.fc19 (FEDORA-2014-7075)
Graphical program used to map keyboard buttons and mouse controls to a gamepad
--------------------------------------------------------------------------------
Update Information:
new upstream release (#1103432)
Initial package. Antimicro is a graphical program used to map keyboard buttons and mouse controls to a gamepad.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1103432 - antimicro-2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1103432
[ 2 ] Bug #1100961 - Review Request: antimicro - Graphical program used to map keyboard buttons and mouse controls to a gamepad
https://bugzilla.redhat.com/show_bug.cgi?id=1100961
--------------------------------------------------------------------------------
================================================================================
chkrootkit-0.49-9.fc19 (FEDORA-2014-7090)
Tool to locally check for signs of a rootkit
--------------------------------------------------------------------------------
Update Information:
A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges.
The problematic part was:
file_port=$file_port $i
Which is changed to file_port="$file_port $i" to fix the issue. From the Debian diff:
--- chkrootkit-0.49.orig/debian/patches/CVE-2014-0476.patch
+++ chkrootkit-0.49/debian/patches/CVE-2014-0476.patch
@@ -0,0 +1,13 @@
+Index: chkrootkit/chkrootkit
+===================================================================
+--- chkrootkit.orig/chkrootkit
++++ chkrootkit/chkrootkit
+@@ -117,7 +117,7 @@ slapper (){
+ fi
+ for i in ${SLAPPER_FILES}; do
+ if [ -f ${i} ]; then
+- file_port=$file_port $i
++ file_port="$file_port $i"
+ STATUS=1
+ fi
+ done
Acknowledgements:
Red Hat would like to thank Thomas Stangner for reporting this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2014 Jon Ciesla <limburgher at gmail.com> - 0.49-9
- Patch for CVE-2014-0476, BZ 1104456, 11044567.
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.49-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1104456 - CVE-2014-0476 chkrootkit: local privilege escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1104456
[ 2 ] Bug #1104457 - CVE-2014-0476 chkrootkit: local privilege escalation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1104457
--------------------------------------------------------------------------------
================================================================================
fedup-0.8.1-1.fc19 (FEDORA-2014-7085)
The Fedora Upgrade tool
--------------------------------------------------------------------------------
Update Information:
* Adds a warning for upgrades without a new kernel
* Fixes a bunch of crashes
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 22 2014 Will Woods <wwoods at redhat.com> 0.8.1-1
- Warn the user when there is no kernel package in the upgrade
- Fix crash when resizing terminal window (#1044987)
- Fix crashes with bad arguments to --repo and --iso (#1045090, #1044083)
- Fix some crashes during transaction test (#1043981, #1047005)
- Fix upgrade hang if packagedir isn't on root partition (#1045168)
- Don't redownload everything if the user just upgraded from 0.7.x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1044987 - fedup-0.8.0-3.fc20.noarch exits if doulble ckicking on the window to max/min it
https://bugzilla.redhat.com/show_bug.cgi?id=1044987
[ 2 ] Bug #1045090 - [abrt] fedup: download.py:133:setup_repos:ValueError: need more than 1 value to unpack
https://bugzilla.redhat.com/show_bug.cgi?id=1045090
[ 3 ] Bug #1044083 - [abrt] fedup: commandline.py:197:device_setup:NameError: global name 'message' is not defined
https://bugzilla.redhat.com/show_bug.cgi?id=1044083
[ 4 ] Bug #1043981 - [abrt] fedup: fedup-cli:216:main:AttributeError: 'ProblemSummary' object has no attribute 'format_details'
https://bugzilla.redhat.com/show_bug.cgi?id=1043981
[ 5 ] Bug #1047005 - [abrt] fedup: download.py:276:find_replacement:AttributeError: 'NoneType' object has no attribute 'pkgtup'
https://bugzilla.redhat.com/show_bug.cgi?id=1047005
--------------------------------------------------------------------------------
================================================================================
gcal-3.6.3-1.fc19 (FEDORA-2014-7069)
GNU Gregorian calendar program
--------------------------------------------------------------------------------
Update Information:
new upstream release with:
* Remove duplicate for All Saints Day for DE_BY.
* Inherit some portability fixes from gnulib.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2014 Daiki Ueno <dueno at redhat.com> - 3.6.3-1
- new upstream release (#100912)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.6.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1100912 - minor gcal update (to 3.6.3) available
https://bugzilla.redhat.com/show_bug.cgi?id=1100912
--------------------------------------------------------------------------------
================================================================================
ibus-table-1.8.1-1.fc19 (FEDORA-2014-7100)
The Table engine for IBus platform
--------------------------------------------------------------------------------
Update Information:
update to 1.8.1; Added support for wildcards (both in table and in pinyin mode); Don’t show the prompt characters defined in the table in pinyin mode in hte auxiliary text
update to 1.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2014 Mike FABIAN <mfabian at redhat.com> - 1.8.1-1
- update to 1.8.1
- Added support for wildcards (both in table and in pinyin mode)
- Don’t show the prompt characters defined in the table in
pinyin mode in the auxiliary text
* Tue Jun 3 2014 Mike FABIAN <mfabian at redhat.com> - 1.8.0-1
- update to 1.8.0
- adapt tools/ibus-table-query tothe new database format
* Wed May 28 2014 Mike FABIAN <mfabian at redhat.com> - 1.5.0.20140528-1
- update to 1.5.0.20140528
- Use Unicode code point as a last ditch sort key for the candidates
- Fix bug in Unihan_Variants.txt, 同 is both simplified *and* traditional Chinese
- Update Unihan_Variants.txt from “2011-08-08 Unicode 6.1.0” to “2013-02-25 Unicode 6.3.0” and regenerate engine/chinese_variants.py
* Tue May 27 2014 Mike FABIAN <mfabian at redhat.com> - 1.5.0.20140527-1
- update to 1.5.0.20140527
- Put exact matches always at the top of the candidate list
- Fix typo in the filtering for Chinese mode 3 (All characters with traditional Chinese first)
- Support prompt characters (e.g. for cangjie and stroke5)
* Mon May 19 2014 Mike FABIAN <mfabian at redhat.com> - 1.5.0.20140519-1
- update to 1.5.0.20140519
- rewrite major parts of ibus-table, fix many bugs.
--------------------------------------------------------------------------------
================================================================================
pyfits-3.1.6-2.fc19 (FEDORA-2014-7078)
Python interface to FITS
--------------------------------------------------------------------------------
Update Information:
Release notes: http://www.stsci.edu/institute/software_hardware/pyfits/release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Sergio Pascual <sergiopr at fedoraproject.org> - 3.1.6-2
- New upstream 3.1.6 (bugfixes)
* Fri Apr 4 2014 Sergio Pascual <sergiopr at fedoraproject.org> - 3.1.5-1
- New upstream 3.1.5 (bugfixes)
--------------------------------------------------------------------------------
================================================================================
sendmail-8.14.7-2.fc19 (FEDORA-2014-7095)
A widely used Mail Transport Agent (MTA)
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes bug which can lead to sendmail leaking file descriptors to processes it spawns.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2014 Jaroslav Škarvada <jskarvad at redhat.com> - 8.14.7-2
- Properly set the close-on-exec flag for file descriptors
(by close-on-exec patch)
Resolves: CVE-2014-3956
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1102174 - CVE-2014-3956 sendmail: Properly set the close-on-exec flag for file descriptors
https://bugzilla.redhat.com/show_bug.cgi?id=1102174
--------------------------------------------------------------------------------
================================================================================
springlobby-0.195-1.fc19 (FEDORA-2014-7076)
A lobby client for the spring RTS game engine
--------------------------------------------------------------------------------
Update Information:
- Version 0.195, integration w/ spring's pr-download library finally working on Fedora.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 0.195-1
- Version 0.195, integration w/ spring's pr-download library finally working on Fedora.
* Fri Apr 4 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 0.180-1
- Version 0.188, major spring/springlobby upstream release.
- CurlWrapper no longer needed.
* Mon Jan 13 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 0.180-1
- Version 0.180, major spring/springlobby upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1101046 - springlooby 0.169 is outdated since Mars 18, 2013
https://bugzilla.redhat.com/show_bug.cgi?id=1101046
--------------------------------------------------------------------------------
================================================================================
tomcat-native-1.1.30-1.fc19 (FEDORA-2014-7079)
Tomcat native library
--------------------------------------------------------------------------------
Update Information:
Update to version 1.1.30 for Tomcat 7.0.54 compatibility.
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 15 2014 Ville Skyttä <ville.skytta at iki.fi> - 1.1.30-1
- Update to 1.1.30
--------------------------------------------------------------------------------
================================================================================
zabbix-2.0.12-2.fc19 (FEDORA-2014-7096)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
Release notes: http://www.zabbix.com/rn2.0.12.php
This build contains a patch for ZBX-8238:
https://support.zabbix.com/browse/ZBXNEXT-3238
"logrt may continue reading an old file repeatedly."
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Volker Fröhlich <volker27 at gmx.at> - 2.0.12-2
- Patch for ZBX-8238 (logrt may continue reading an old file repeatedly)
--------------------------------------------------------------------------------
More information about the test
mailing list