Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed May 21 23:33:29 UTC 2014
The following Fedora 19 Security updates need testing:
Age URL
207 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
20 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
15 https://admin.fedoraproject.org/updates/FEDORA-2014-6046/cifs-utils-6.3-2.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6083/qt-4.8.6-5.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6127/rubygem-actionpack-3.2.13-6.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-5759/cups-filters-1.0.53-2.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-6255/smb4k-1.1.2-1.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-6271/seamonkey-2.26-1.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-6331/dovecot-2.2.13-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6369/perl-LWP-Protocol-https-6.04-2.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6343/zabbix-2.0.12-1.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6395/mutt-1.5.23-2.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6454/python-django-1.5.8-1.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-6470/mumble-1.2.6-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6530/php-ZendFramework2-2.2.7-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6569/openssh-6.2p2-8.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6577/moodle-2.4.10-1.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
156 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
82 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6113/xorg-x11-drv-evdev-2.8.4-1.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6075/selinux-policy-3.12.1-74.26.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6126/policycoreutils-2.1.14-46.8.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6083/qt-4.8.6-5.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-5590/libcap-ng-0.7.4-1.fc19
12 https://admin.fedoraproject.org/updates/FEDORA-2014-6179/nss-softokn-3.16.1-1.fc19,nspr-4.10.5-1.fc19,nss-util-3.16.1-1.fc19,nss-3.16.1-1.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-6185/kde-workspace-4.11.9-4.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-6282/curl-7.29.0-19.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6361/btrfs-progs-3.14.1-1.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6422/taglib-1.9.1-5.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6335/squashfs-tools-4.3-4.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6447/xfsprogs-3.2.0-1.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-6462/libxfce4ui-4.10.0-11.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6587/libnl3-3.2.22-3.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6578/ibus-1.5.7-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6569/openssh-6.2p2-8.fc19
The following builds have been pushed to Fedora 19 updates-testing
ardour3-3.5.380-1.fc19
chicken-4.8.0.6-2.fc19
ibus-1.5.7-2.fc19
libnl3-3.2.22-3.fc19
moodle-2.4.10-1.fc19
nodejs-shelljs-0.3.0-1.fc19
openlibm-0.3-6.fc19
openssh-6.2p2-8.fc19
owfs-2.9p5-1.fc19
perl-Plack-Middleware-Test-StashWarnings-0.08-1.fc19
qpid-cpp-0.24-9.fc19
qpid-qmf-0.24-18.fc19
rubygem-openscap-0.1.0-4.fc19
subversion-api-docs-1.7.16-1.fc19
tango-2-18.fc19
thunderbird-lightning-2.6.5-9.fc19
tralics-2.15.1-3.fc19
Details about builds:
================================================================================
ardour3-3.5.380-1.fc19 (FEDORA-2014-6562)
Digital Audio Workstation
--------------------------------------------------------------------------------
Update Information:
**Ardour 3.5.380 is a CRITICAL bug fix release. ALL USERS ARE RECOMMENDED TO UPGRADE.**
It includes several absolutely vital fixes for bugs that could lead to audio and MIDI files being irreversibly deleted from disk.
Check out [the upstream announcement](https://community.ardour.org/node/8224) for detailed information.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 14 2014 Nils Philippsen <nils at redhat.com> - 3.5.380-1
- version 3.5.380
--------------------------------------------------------------------------------
================================================================================
chicken-4.8.0.6-2.fc19 (FEDORA-2014-6553)
A practical and portable Scheme system
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-3776 and bump to 4.8.0.6.
Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 20 2014 Ricky Elrod <codeblock at fedoraproject.org> - 4.8.0.6-2
- Patch for CVE-2014-3776.
* Thu Apr 24 2014 Ricky Elrod <codeblock at fedoraproject.org> - 4.8.0.6-1
- Upstream 4.8.0.6.
* Sat Dec 14 2013 Ricky Elrod <codeblock at fedoraproject.org> - 4.8.0.5-3
- Get rid of docs subpackage.
- Add a -libs subpackage for the runtime library.
* Sun Dec 8 2013 Ricky Elrod <codeblock at fedoraproject.org> - 4.8.0.5-2
- Add -Wformat for BZ #1037013.
* Sun Nov 24 2013 Ricky Elrod <codeblock at fedoraproject.org> - 4.8.0.5-1
- Upstream 4.8.0.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1099613 - CVE-2014-3776 chicken: buffer overflow in "read-u8vector!" procedure leads to DoS or arbitrary code exec
https://bugzilla.redhat.com/show_bug.cgi?id=1099613
--------------------------------------------------------------------------------
================================================================================
ibus-1.5.7-2.fc19 (FEDORA-2014-6578)
Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:
This update fixes the width of ibus-setup GUI.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 20 2014 Takao Fujiwara <tfujiwar at redhat.com> - 1.5.7-2
- Updated ibus-HEAD.patch for width of ibus-setup.
--------------------------------------------------------------------------------
================================================================================
libnl3-3.2.22-3.fc19 (FEDORA-2014-6587)
Convenience library for kernel netlink sockets
--------------------------------------------------------------------------------
Update Information:
- add nl_has_capability() function
- retry local port on ADDRINUSE (rh #1097175)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2014 Thomas Haller <thaller at redhat.com> - 3.2.22-3
- add nl_has_capability() function
- retry local port on ADDRINUSE (rh #1097175)
* Mon Sep 23 2013 Paul Wouters <pwouters at redhat.com> - 3.2.22-2
- Update to 3.2.22 (rhbz#963111)
- Add patch for double tree crasher in rtnl_link_set_address_family()
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.2.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1097175 - Backport upstream fix for trying other ports when a local port is in use
https://bugzilla.redhat.com/show_bug.cgi?id=1097175
--------------------------------------------------------------------------------
================================================================================
moodle-2.4.10-1.fc19 (FEDORA-2014-6577)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws:
CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment
CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile
CVE-2014-0215 MSA-14-0016: Anonymous student identity revealed in assignment
CVE-2014-0216 MSA-14-0017: File access issue in HTML block
CVE-2014-0217 MSA-14-0018: Information leak in courses
CVE-2014-0218 MSA-14-0019: Reflected XSS in URL downloader repository
For a full summary and patch links, refer to the following:
http://seclists.org/oss-sec/2014/q2/329
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2014 Jon Ciesla <limburgher at gmail.com> - 2.4.10-1
- CVE-2014-0213, CVE-2014-0214, CVE-2014-0215, CVE-2014-0216
- CVE-2014-0217, CVE-2014-0218
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1099766 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1099766
[ 2 ] Bug #1099765 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1099765
--------------------------------------------------------------------------------
================================================================================
nodejs-shelljs-0.3.0-1.fc19 (FEDORA-2014-6546)
Portable Unix shell commands for Node.js
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
================================================================================
openlibm-0.3-6.fc19 (FEDORA-2014-6552)
High quality system independent, open source libm
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1089500 - Review Request: openlibm - High quality system independent, open source libm
https://bugzilla.redhat.com/show_bug.cgi?id=1089500
--------------------------------------------------------------------------------
================================================================================
openssh-6.2p2-8.fc19 (FEDORA-2014-6569)
An open source implementation of SSH protocol versions 1 and 2
--------------------------------------------------------------------------------
Update Information:
- environment variables with embedded '=' or '0' characters are now ignored
- prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys
- /etc/ssh/moduli is readable by all now
- ssh-copy-id is run in so called legacy mode when SSH_COPY_ID_LEGACY variable is set
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 19 2014 Petr Lautrbach <plautrba at redhat.com> 6.2p2-8 + 0.9.3-5
- fix fatal() cleanup in the audit patch (#1029074)
- fix parsing logic of ldap.conf file (#1033662)
- use SSH_COPY_ID_LEGACY variable to run ssh-copy-id in the legacy mode
- make /etc/ssh/moduli file public (#1043661)
- prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338)
- ignore environment variables with embedded '=' or '\0' characters - CVE-2014-2532
(#1077843)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1081338 - CVE-2014-2653 openssh: failure to check DNS SSHFP records in certain scenarios
https://bugzilla.redhat.com/show_bug.cgi?id=1081338
[ 2 ] Bug #1077843 - CVE-2014-2532 openssh: AcceptEnv environment restriction bypass flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1077843
--------------------------------------------------------------------------------
================================================================================
owfs-2.9p5-1.fc19 (FEDORA-2014-6548)
1-Wire Virtual File System
--------------------------------------------------------------------------------
Update Information:
This update brings following changes:
- improved support of DS2409 (Microlan) hubs
- owserver-to-owserver communication is not longer susceptible to loops
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2014 Tomasz Torcz <ttorcz at fedoraproject.org> - 2.9p5-1
- latest upstream release
--------------------------------------------------------------------------------
================================================================================
perl-Plack-Middleware-Test-StashWarnings-0.08-1.fc19 (FEDORA-2014-6567)
Test your application's warnings
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 20 2014 Ralf Corsépius <corsepiu at fedoraproject.org> - 0.08-1
- Upstream update.
--------------------------------------------------------------------------------
================================================================================
qpid-cpp-0.24-9.fc19 (FEDORA-2014-6558)
Libraries for Qpid C++ client applications
--------------------------------------------------------------------------------
Update Information:
Added virtual package qpid(client-devel) to qpid-cpp-client-devel.
Add a virtual package in qpid-cpp-client named qpid(client).
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 21 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.24-9
- Added virtual package qpid(client-devel) to qpid-cpp-client-devel.
- Resolves: #BZ#1098154
* Tue May 20 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.24-8
- Add a virtual package in qpid-cpp-client named qpid(client).
- Resolves: BZ#1098154
- Removed the Epoch field before going to stable.
* Mon May 19 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.24-7
- Added an epoch for F19 to replace the 0.26 release.
* Tue Jan 21 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.24-6
- Set qpidd service to start after the network service.
- Resolves: BZ#1055660
* Thu Dec 5 2013 Darryl L. Pierce <dpierce at redhat.com> - 0.24-5
- Fixed how qpid-cpp-server was depending on -store.
- qpidd.service now starts after network.service
- Resolves: BZ#1038674
- Resolves: BZ#1038094
* Sat Nov 30 2013 Darryl L. Pierce <dpierce at redhat.com> - 0.24-4
- Removed rdma.so from the -server subpackage.
- Removed rdmaconnector.so from the -client subpackage.
- Resolves: BZ#1035323
* Thu Sep 26 2013 Darryl L. Pierce <dpierce at redhat.com> - 0.24-3.1
- Provide a symlink from /etc/qpid/qpidd.conf to /etc/qpidd.conf:
- * this will be removed with the 0.26 release
- * for upgrades any existing file is preserved for now
- Resolves: BZ#1012001
* Mon Sep 23 2013 Darryl L. Pierce <dpierce at redhat.com> - 0.24-3
- Fixed dependencies on python-qmf to be python-qpid-qmf.
* Mon Sep 23 2013 Darryl L. Pierce <dpierce at redhat.com> - 0.24-2
- Add arch checks for all requires to block potential multilib errors on upgrade.
- Added virtual provides for both obsoleted -ssl packages.
- Resolves: BZ#1010999
* Fri Sep 20 2013 Darryl L. Pierce <dpierce at redhat.com> - 0.24-1
- Rebased on Qpid 0.24.
- Relocated qpidd.conf to /etc/qpid
- Trimmed old changelog entries due to bogus date complaints.
- Added fixes to support ARM as a primary platform.
- Build depends on qpid-proton 0.5.
- QPID-4938: Stop building ssl and acl support as separate plugin modules on Unix
- Cleaner encoding of index for delivery tags - QPID-5122
- QPID-5123: Changes to Fedora 19 packaging of libdb4 prevents legacystore from building
- QPID-5016: Legacy store not correctly initialising rmgr
- QPID-5126: Fix for building legacy store on ARM platforms
* Tue Jul 2 2013 Darryl L. Pierce <dpierce at redhat.com> - 0.22-2
- Fixed adding the soversion to shared libraries.
- Resolves: BZ#980364
* Thu Jun 13 2013 Darryl L. Pierce <dpierce at redhat.com> - 0.22-1.1
- Rebased on Qpid 0.22.
- The package now uses the CMake build system from Qpid.
- No longer use a separate source for the store.
- Resolves: BZ#616080
- Resolves: BZ#966780
- Resolves: BZ#967100
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1098154 - qpid-cpp-client should provide a virtual package on which other packages can depend
https://bugzilla.redhat.com/show_bug.cgi?id=1098154
--------------------------------------------------------------------------------
================================================================================
qpid-qmf-0.24-18.fc19 (FEDORA-2014-6571)
The QPID Management Framework
--------------------------------------------------------------------------------
Update Information:
Changed requirements to be on virtual qpid packages.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1099481 - Packages should require the qpid(client) virtual package to avoid version problems in F19
https://bugzilla.redhat.com/show_bug.cgi?id=1099481
--------------------------------------------------------------------------------
================================================================================
rubygem-openscap-0.1.0-4.fc19 (FEDORA-2014-6588)
A FFI wrapper around the OpenSCAP library
--------------------------------------------------------------------------------
Update Information:
A new package born!
--------------------------------------------------------------------------------
================================================================================
subversion-api-docs-1.7.16-1.fc19 (FEDORA-2014-6573)
Subversion API documentation
--------------------------------------------------------------------------------
Update Information:
Rebuild against current stable.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 20 2014 Bojan Smojver <bojan at rexursive.com> 1.7.16-1
- bump up to 1.7.16
--------------------------------------------------------------------------------
================================================================================
tango-2-18.fc19 (FEDORA-2014-6545)
The Developer's Library for D
--------------------------------------------------------------------------------
Update Information:
update to latest rev
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 20 2014 jonathan MERCIER <bioinfornatics at gmail.com> - 2-18
- update to latest rev
* Sun Mar 9 2014 jonathan MERCIER <bioinfornatics at gmail.com> - 2-17
- Update to latest rev
* Wed Oct 30 2013 Jonathan MERCIER <bioinfornatics at gmail.com> - 2-16
- exclude arm
* Thu Oct 24 2013 Jonathan MERCIER <bioinfornatics at gmail.com> - 2-15
- Update to rev ff2b1d3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1057936 - The package cannot be installed because it requires the wrong .so
https://bugzilla.redhat.com/show_bug.cgi?id=1057936
--------------------------------------------------------------------------------
================================================================================
thunderbird-lightning-2.6.5-9.fc19 (FEDORA-2014-6592)
The calendar extension to Thunderbird
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 14 2014 Orion Poplawski <orion at cora.nwra.com> - 2.6.5-9
- Update to 2.6.5
* Fri Jan 31 2014 Orion Poplawski <orion at cora.nwra.com> - 2.6.4-8
- Fix build with -Werror=format-security (bug #1037355)
--------------------------------------------------------------------------------
================================================================================
tralics-2.15.1-3.fc19 (FEDORA-2014-6590)
LaTeX to XML translator
--------------------------------------------------------------------------------
Update Information:
LaTeX to XML translator
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1000445 - Review Request: tralics - LaTeX to XML translator
https://bugzilla.redhat.com/show_bug.cgi?id=1000445
--------------------------------------------------------------------------------
More information about the test
mailing list