[SECURITY] Fedora 20 Update: rxvt-unicode-9.20-1.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Mon May 12 05:26:44 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-5939
2014-05-02 20:20:15
--------------------------------------------------------------------------------
Name : rxvt-unicode
Product : Fedora 20
Version : 9.20
Release : 1.fc20
URL : http://software.schmorp.de/
Summary : Unicode version of rxvt
Description :
rxvt-unicode is a clone of the well known terminal emulator rxvt, modified to
store text in Unicode (either UCS-2 or UCS-4) and to use locale-correct input
and output. It also supports mixing multiple fonts at the same time, including
Xft fonts.
--------------------------------------------------------------------------------
Update Information:
* Update to 9.20: http://cvs.schmorp.de/rxvt-unicode/Changes
* Fix CVE-2014-3121: user-assisted arbitrary commands execution
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 1 2014 Jamie Nguyen <jamielinux at fedoraproject.org> - 9.20-1
- update to upstream release 9.20, which includes a fix for security bug
CVE-2014-3121 (#1093287, #1093288, #1093289)
- include man pages for new extension (selection-to-clipboard)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1093287 - CVE-2014-3121 rxvt-unicode: user-assisted arbitrary commands execution
https://bugzilla.redhat.com/show_bug.cgi?id=1093287
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update rxvt-unicode' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list