The following Fedora 19 Security updates need testing: Age URL 94 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2... 39 https://admin.fedoraproject.org/updates/FEDORA-2013-23592/rubygem-actionpack... 31 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc... 17 https://admin.fedoraproject.org/updates/FEDORA-2014-0574/flite-1.3-20.fc19 16 https://admin.fedoraproject.org/updates/FEDORA-2014-0621/graphviz-2.30.1-12.... 15 https://admin.fedoraproject.org/updates/FEDORA-2014-0719/openjpeg-1.5.1-8.fc... 12 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1... 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0946/libmicrohttpd-0.9.3... 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0934/memcached-1.4.17-1.... 10 https://admin.fedoraproject.org/updates/FEDORA-2014-1004/ibus-chewing-1.4.6-... 9 https://admin.fedoraproject.org/updates/FEDORA-2014-1092/libreswan-3.8-1.fc1... 9 https://admin.fedoraproject.org/updates/FEDORA-2014-1100/nss-3.15.4-1.fc19,n... 5 https://admin.fedoraproject.org/updates/FEDORA-2014-1326/perl-MARC-XML-1.0.2... 4 https://admin.fedoraproject.org/updates/FEDORA-2014-1377/moodle-2.4.8-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-1475/mupdf-1.1-5.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-1559/xen-4.2.3-14.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-1560/mingw-openssl-1.0.1... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1516/openstack-nova-2013... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1648/lightdm-gtk-1.6.1-3...
The following Fedora 19 Critical Path updates have yet to be approved: Age URL 42 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-1... 12 https://admin.fedoraproject.org/updates/FEDORA-2014-0847/ibus-1.5.5-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0946/libmicrohttpd-0.9.3... 10 https://admin.fedoraproject.org/updates/FEDORA-2014-0752/firewalld-0.3.9.2-1... 9 https://admin.fedoraproject.org/updates/FEDORA-2014-1100/nss-3.15.4-1.fc19,n... 8 https://admin.fedoraproject.org/updates/FEDORA-2014-1151/hwdata-0.260-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1255/tigervnc-1.3.0-8.fc... 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1281/abattis-cantarell-f... 5 https://admin.fedoraproject.org/updates/FEDORA-2014-1324/firefox-26.0-6.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-1368/krb5-1.11.3-19.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-1385/yum-3.4.3-132.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-1438/libtool-2.4.2-23.fc... 3 https://admin.fedoraproject.org/updates/FEDORA-2014-1451/pango-1.34.1-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-1524/procps-ng-3.3.8-11.... 1 https://admin.fedoraproject.org/updates/FEDORA-2014-1564/libvorbis-1.3.4-1.f... 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1599/libgsf-1.14.29-1.fc...
The following builds have been pushed to Fedora 19 updates-testing
crypto-utils-2.4.1-48.fc19 httpd-2.4.7-1.fc19 ipython-0.13.2-3.fc19 librepo-1.0.0-3.fc19 lightdm-gtk-1.6.1-3.fc19 mingw-gnutls-3.1.18-1.fc19 open-mtools-1.0-1.fc19 openstack-nova-2013.1.4-6.fc19 php-pecl-apcu-4.0.3-1.fc19 python-pypump-0.4-3.fc19 python-whoosh-2.5.6-1.fc19 rubygem-net-http-persistent-2.9.1-1.fc19 scl-utils-20140127-1.fc19 system-config-language-1.4.0-8.fc19 uget-1.10.4-1.fc19 xflr5-6.09.06-1.fc19
Details about builds:
================================================================================ crypto-utils-2.4.1-48.fc19 (FEDORA-2014-1650) SSL certificate and key management utilities -------------------------------------------------------------------------------- Update Information:
This update fixes two bugs:
* Special characters were not escaped properly when executing keyutil.
* Errors when executing keyutil would result in a crash rather than an error message.
The certwatch man page has also been updated. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Joe Orton jorton@redhat.com - 2.4.1-48 - update certwatch man page (#618421) * Mon Jan 27 2014 Joe Orton jorton@redhat.com - 2.4.1-47 - genkey: escape passwords properly (#980859) - genkey: escape commas in subject (#803305) - keyutil: fix crashes when printing errors (#1045354) - drop requirement on mod_ssl/mod_nss again (#1057858) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1057858 - DO NOT require mod_nss https://bugzilla.redhat.com/show_bug.cgi?id=1057858 [ 2 ] Bug #980859 - can't handle passwords with & https://bugzilla.redhat.com/show_bug.cgi?id=980859 [ 3 ] Bug #803305 - genkey fails due to segfault in keyutil https://bugzilla.redhat.com/show_bug.cgi?id=803305 [ 4 ] Bug #618421 - Undocumented and inaccurate certwatch options https://bugzilla.redhat.com/show_bug.cgi?id=618421 [ 5 ] Bug #1045354 - [abrt] crypto-utils: _IO_vfprintf_internal(): keyutil killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1045354 --------------------------------------------------------------------------------
================================================================================ httpd-2.4.7-1.fc19 (FEDORA-2014-1651) Apache HTTP Server -------------------------------------------------------------------------------- Update Information:
This update contains the latest release of the Apache HTTP Server, version 2.4.7.
Numerous bug fixes and minor enhancements are included; for more information see:
http://www.apache.org/dist/httpd/CHANGES_2.4.7
-------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Jan Kaluza jkaluza@redhat.com - 2.4.7-1 - update to 2.4.7 (#1034071) - mod_ssl: allow SSLEngine to override Listen-based default (r1537535) - load mod_macro by default (#998452) - add README to conf.modules.d - mod_proxy_http: add possible fix for threading issues (r1534321) - core: add fix for truncated output with CGI scripts (r1530793) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #998452 - Newly included mod_macro should be loaded upon startup https://bugzilla.redhat.com/show_bug.cgi?id=998452 [ 2 ] Bug #1034071 - httpd-2.4.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1034071 --------------------------------------------------------------------------------
================================================================================ ipython-0.13.2-3.fc19 (FEDORA-2014-1641) An enhanced interactive Python shell -------------------------------------------------------------------------------- Update Information:
Fix requires on python-setuptools -------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 7 2013 Thomas Spura tomspur@fedoraproject.org - 0.13.2-3 - install into unversioned docdir (#993848) - R on setuptools for starting with pkg_resources (#994673) * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.13.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Apr 10 2013 Thomas Spura tomspur@fedoraproject.org - 0.13.2-2 - Improve package descriptions (#950530) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1037598 - python3-ipython-console is missing a dependency to python3-setuptools https://bugzilla.redhat.com/show_bug.cgi?id=1037598 --------------------------------------------------------------------------------
================================================================================ librepo-1.0.0-3.fc19 (FEDORA-2014-1659) Repodata downloading library -------------------------------------------------------------------------------- Update Information:
Fix gpg unittest. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 1.0.0-3 - Fix GPG unittests (expired key) --------------------------------------------------------------------------------
================================================================================ lightdm-gtk-1.6.1-3.fc19 (FEDORA-2014-1648) LightDM GTK+ Greeter -------------------------------------------------------------------------------- Update Information:
Fix potential denial of service. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Rex Dieter rdieter@fedoraproject.org 1.6.1-3 - CVE-2014-0979 (#149420,1049422) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1049420 - CVE-2014-0979 lightdm-gtk: local DoS due to NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1049420 --------------------------------------------------------------------------------
================================================================================ mingw-gnutls-3.1.18-1.fc19 (FEDORA-2014-1629) MinGW GnuTLS TLS/SSL encryption library -------------------------------------------------------------------------------- Update Information:
Version 3.1.18 (released 2013-12-20)
* libgnutls: Updated code for AES-NI. That prevents an uninitialized variable complaint from valgrind.
* libgnutls: Enforce a maximum size for DH primes.
Version 3.1.17 (released 2013-11-23)
* This release prioritizes the GCM ciphersuites over CBC, enables TPM support and fixes few other bugs on the current stable branch.
-------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 26 2014 Michael Cronenworth mike@cchtml.com - 3.1.18-1 - Update to 3.1.18 --------------------------------------------------------------------------------
================================================================================ open-mtools-1.0-1.fc19 (FEDORA-2014-1621) Tools for testing IP multicast -------------------------------------------------------------------------------- Update Information:
This package provides tools for testing Internet Protocol multicast. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1009446 - Review Request: open-mtools - Tools for testing IP multicast https://bugzilla.redhat.com/show_bug.cgi?id=1009446 --------------------------------------------------------------------------------
================================================================================ openstack-nova-2013.1.4-6.fc19 (FEDORA-2014-1516) OpenStack Compute (nova) -------------------------------------------------------------------------------- Update Information:
Fix root disk leak in live migration - CVE-2013-7130 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Xavier Queralt <xqueralt@@redhat.com> - 2013.1.4-6 - Fix the patch for CVE-2013-7130 which was not backported properly * Fri Jan 24 2014 Xavier Queralt xqueralt@redhat.com - 2013.1.4-5 - Require python-keystoneclient for api-paste - rhbz#909113 - Fix root disk leak in live migration - CVE-2013-7130 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1055400 - CVE-2013-7130 OpenStack nova: Live migration can leak root disk into ephemeral storage https://bugzilla.redhat.com/show_bug.cgi?id=1055400 --------------------------------------------------------------------------------
================================================================================ php-pecl-apcu-4.0.3-1.fc19 (FEDORA-2014-1654) APC User Cache -------------------------------------------------------------------------------- Update Information:
Upstream changelog: - Fix various compatibility problems - Fix a few lingering faults - Remove experimental eval serializer - Fix iterator for compatibility -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Remi Collet remi@fedoraproject.org - 4.0.3-1 - Update to 4.0.3 (beta) - install doc in pecl doc_dir - install tests in pecl test_dir (in devel) - cleanup SCL stuff * Mon Jan 13 2014 Remi Collet rcollet@redhat.com - 4.0.2-3 - EPEL-7 build --------------------------------------------------------------------------------
================================================================================ python-pypump-0.4-3.fc19 (FEDORA-2014-1664) Python Pump.io library -------------------------------------------------------------------------------- Update Information:
Initial packaging. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1025601 - Review Request: python-pypump - Python Pump.io library https://bugzilla.redhat.com/show_bug.cgi?id=1025601 --------------------------------------------------------------------------------
================================================================================ python-whoosh-2.5.6-1.fc19 (FEDORA-2014-1644) Fast, pure-Python full text indexing, search, and spell checking library -------------------------------------------------------------------------------- Update Information:
Source updated to 2.5.6 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Robert Kuska rkuska@redhat.com - 2.5.6-1 - Rebase to 2.5.6 --------------------------------------------------------------------------------
================================================================================ rubygem-net-http-persistent-2.9.1-1.fc19 (FEDORA-2014-1631) Persistent connections using Net::HTTP plus a speed fix -------------------------------------------------------------------------------- Update Information:
New version 2.9.1 is released. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Mamoru TASAKA mtasaka@fedoraproject.org - 2.9.1-1 - 2.9.1 --------------------------------------------------------------------------------
================================================================================ scl-utils-20140127-1.fc19 (FEDORA-2014-1623) Utilities for alternative packaging -------------------------------------------------------------------------------- Update Information:
Just a bunch of SCL related macro updates. A few rather small bugfixes A few rather small bugfixes -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Jan Zeleny jzeleny@redhat.com - 20140127-1 - don't exclude provides from SCLs (#1056183) - don't generate scl-package(%scl) in macros.scl, it's already handled in dependency generator - add automatic Requires: %scl_runtime to every SCL package (#1054711) * Wed Jan 8 2014 Jan Zeleny jzeleny@redhat.com - 20140108-1 - split _scl_prefix macro in two parts: scl_basedir and scl_vendor (#985233) - check if temp file is created (#1032666) - don't split command arguments containing white space (#1032666) - rename some attr rpm macros to stop confusing rpm (#1023625) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1054711 - Automatically generate %{?scl:Requires: %scl_runtime} https://bugzilla.redhat.com/show_bug.cgi?id=1054711 [ 2 ] Bug #1056183 - Excluding provides causes failures in collections https://bugzilla.redhat.com/show_bug.cgi?id=1056183 [ 3 ] Bug #985233 - split prefix macro in two parts https://bugzilla.redhat.com/show_bug.cgi?id=985233 [ 4 ] Bug #1032550 - scl command splits arguments with white-space https://bugzilla.redhat.com/show_bug.cgi?id=1032550 [ 5 ] Bug #1023625 - scl.attr screws up %__pkconfig_{provides,path} macros when building for non-SCL https://bugzilla.redhat.com/show_bug.cgi?id=1023625 --------------------------------------------------------------------------------
================================================================================ system-config-language-1.4.0-8.fc19 (FEDORA-2014-1657) A graphical interface for modifying the system language -------------------------------------------------------------------------------- Update Information:
Resolves:rh#1057681 - [abrt] gettext.py:93:c2py:ValueError: plural forms expression could be dangerous Some fixes backported from 1.4.1 rawhide release -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Parag Nemade <pnemade AT redhat DOT com> - 1.4.0-8 - Resolves:rh#1057681 - [abrt] gettext.py:93:c2py:ValueError: plural forms expression could be dangerous * Thu Jan 16 2014 Parag Nemade <pnemade AT redhat DOT com> - 1.4.0-7 - Resolves:rh#920025 -[abrt] tui_install.py:395:is_group_installed:GroupsError: No Group named spanish-support exists - Resolves:rh#1052331 - system-config-language traceback due to missing zulu-support package - Resolves:rh#974743 - Group named german-support missing - Resolves:rh#981968 - Georgian language (ka_GE) not available in Language selection - Resolves:rh#1043569 - OK button should be disabled always for the default selected language -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1057681 - [abrt] system-config-language: gettext.py:93:c2py:ValueError: plural forms expression could be dangerous https://bugzilla.redhat.com/show_bug.cgi?id=1057681 [ 2 ] Bug #920025 - [abrt] system-config-language-1.3.5-19.fc18: tui_install.py:395:is_group_installed:GroupsError: No Group named spanish-support exists https://bugzilla.redhat.com/show_bug.cgi?id=920025 [ 3 ] Bug #1052331 - system-config-language traceback due to missing zulu-support package https://bugzilla.redhat.com/show_bug.cgi?id=1052331 [ 4 ] Bug #974743 - Group named german-support missing https://bugzilla.redhat.com/show_bug.cgi?id=974743 [ 5 ] Bug #981968 - Georgian language (ka_GE) not available in Language selection https://bugzilla.redhat.com/show_bug.cgi?id=981968 [ 6 ] Bug #1043569 - [ALL LANG] OK button should be disabled always for the default selected language https://bugzilla.redhat.com/show_bug.cgi?id=1043569 --------------------------------------------------------------------------------
================================================================================ uget-1.10.4-1.fc19 (FEDORA-2014-1663) Download manager using GTK+ and libcurl -------------------------------------------------------------------------------- Update Information:
New version 1.10.4 is released. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Mamoru TASAKA mtasaka@fedoraproject.org - 1.10.4-1 - 1.10.4 (bug 1055090) - Update URL and summary (bug 1055092) - Not activate gnutls support for now * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.10.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1055090 - Please update uGet package (repo=1.10.3 / current=1.10.4) https://bugzilla.redhat.com/show_bug.cgi?id=1055090 --------------------------------------------------------------------------------
================================================================================ xflr5-6.09.06-1.fc19 (FEDORA-2014-1662) Analysis tool for airfoils, wings and planes -------------------------------------------------------------------------------- Update Information:
Update to 6.09.06, see http://sourceforge.net/projects/xflr5/files/v6.09.06/ReleaseNotes.txt for details. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 27 2014 Sandro Mani manisandro@gmail.com - 6.09.06-1 - Update to 6.09.06 --------------------------------------------------------------------------------