Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Mon Dec 1 19:08:30 UTC 2014
The following Fedora 19 Security updates need testing:
Age URL
401 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
213 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
164 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19
59 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19
45 https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19
35 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19
26 https://admin.fedoraproject.org/updates/FEDORA-2014-14237/claws-mail-plugins-3.11.1-1.fc19,claws-mail-3.11.1-2.fc19,libetpan-1.6-1.fc19
19 https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19
17 https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.10.0-2.fc19
16 https://admin.fedoraproject.org/updates/FEDORA-2014-15079/mantis-1.2.17-4.fc19
16 https://admin.fedoraproject.org/updates/FEDORA-2014-14874/arm-none-eabi-binutils-cs-2014.05.28-3.fc19
16 https://admin.fedoraproject.org/updates/FEDORA-2014-14838/avr-binutils-2.24-3.fc19
16 https://admin.fedoraproject.org/updates/FEDORA-2014-15124/kwebkitpart-1.3.4-5.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-15248/kde-runtime-4.11.5-3.fc19
12 https://admin.fedoraproject.org/updates/FEDORA-2014-15378/rubygem-actionpack-3.2.13-7.fc19
12 https://admin.fedoraproject.org/updates/FEDORA-2014-15390/nodejs-0.10.33-1.fc19,libuv-0.10.29-1.fc19
10 https://admin.fedoraproject.org/updates/FEDORA-2014-15466/rubygem-sprockets-2.8.2-4.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-15549/tcpdump-4.4.0-4.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15717/kernel-3.14.25-100.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15740/facter-1.6.18-8.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15730/asterisk-11.14.1-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15733/teeworlds-0.6.3-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15743/curl-7.29.0-26.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-15838/libksba-1.3.2-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-15811/graphviz-2.30.1-13.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-15833/hivex-1.3.8-2.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-15848/docker-io-1.3.2-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16017/xen-4.2.5-6.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15990/mariadb-5.5.40-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15999/libreoffice-4.1.6.2-10.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16020/mediawiki-1.23.7-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16045/util-linux-2.23.2-6.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
349 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
276 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
12 https://admin.fedoraproject.org/updates/FEDORA-2014-15392/kde-workspace-4.11.14-2.fc19
12 https://admin.fedoraproject.org/updates/FEDORA-2014-15377/gvfs-1.16.4-3.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-15506/ca-certificates-2014.2.1-1.5.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15743/curl-7.29.0-26.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15717/kernel-3.14.25-100.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15732/cups-1.6.4-12.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-15832/lvm2-2.02.98-16.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16021/tracker-0.16.5-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16009/unzip-6.0-13.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16045/util-linux-2.23.2-6.fc19
The following builds have been pushed to Fedora 19 updates-testing
ansible-1.8.1-1.fc19
armadillo-4.550.0-1.fc19
ddd-3.3.12-20.fc19
icecream-1.0.1-9.20140822git.fc19
icedtea-web-1.5.2-0.fc19
imapsync-1.607-1.fc19
libreoffice-4.1.6.2-10.fc19
libykneomgr-0.1.6-1.fc19
lis-1.5.24-1.fc19
liveusb-creator-3.13.1-1.fc19
mariadb-5.5.40-1.fc19
mate-panel-1.6.2-3.fc19
mate-themes-extras-3.8.2-1.fc19
mediawiki-1.23.7-1.fc19
munin-2.0.25-1.fc19
pam_mount-2.14-4.fc19
perl-Fsdb-2.53-1.fc19
phpMyAdmin-4.2.13-1.fc19
python-larch-1.20131130-1.fc19
rlwrap-0.42-1.fc19
sip-redirect-0.2.0-1.fc19
tracker-0.16.5-1.fc19
unzip-6.0-13.fc19
util-linux-2.23.2-6.fc19
xen-4.2.5-6.fc19
xpa-2.1.15-3.fc19
Details about builds:
================================================================================
ansible-1.8.1-1.fc19 (FEDORA-2014-15997)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 1.8.1
Update to 1.8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Kevin Fenzi <kevin at scrye.com> 1.8.1-1
- Update to 1.8.1
* Tue Nov 25 2014 Kevin Fenzi <kevin at scrye.com> 1.8-2
- Rebase el6 patch
* Tue Nov 25 2014 Kevin Fenzi <kevin at scrye.com> 1.8-1
- Update to 1.8
* Thu Oct 9 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 1.7.2-2
- Add /usr/bin/ansible to the rhel6 newer pycrypto patch
--------------------------------------------------------------------------------
================================================================================
armadillo-4.550.0-1.fc19 (FEDORA-2014-15983)
Fast C++ matrix library with interfaces to LAPACK and ATLAS
--------------------------------------------------------------------------------
Update Information:
Version 4.550 (Singapore Sling Deluxe)
* added matrix exponential function: expmat()
* faster .log_p() and .avg_log_p() functions in the gmm_diag class when compiling with OpenMP enabled
* faster handling of in-place addition/subtraction of expressions with an outer product
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 28 2014 José Matos <jamatos at fedoraproject.org> - 4.550.0-1
- update to 4.550.0
--------------------------------------------------------------------------------
================================================================================
ddd-3.3.12-20.fc19 (FEDORA-2014-16011)
GUI for several command-line debuggers
--------------------------------------------------------------------------------
Update Information:
fix missing dependency
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 29 2014 Andy Grover <agrover at redhat.com> - 3.3.12-20
- Add Requires for xorg-x11-apps, for rhbz #1169011
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.12-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169011 - ddd missing dependency
https://bugzilla.redhat.com/show_bug.cgi?id=1169011
--------------------------------------------------------------------------------
================================================================================
icecream-1.0.1-9.20140822git.fc19 (FEDORA-2014-15987)
Distributed compiler
--------------------------------------------------------------------------------
Update Information:
This update relaxes the SELinux policy for icecc-scheduler to be able to determine broadcast addresses.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Michal Schmidt <mschmidt at redhat.com> - 1.0.1-9.20140822git
- selinux: allow the scheduler to read state via netlink route sockets
- Fixes: rhbz#1162321
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162321 - SELinux is preventing /usr/sbin/icecc-scheduler from 'nlmsg_read' accesses on the netlink_route_socket .
https://bugzilla.redhat.com/show_bug.cgi?id=1162321
--------------------------------------------------------------------------------
================================================================================
icedtea-web-1.5.2-0.fc19 (FEDORA-2014-16014)
Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation
--------------------------------------------------------------------------------
Update Information:
update to upstream 1.5.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Jiri Vanek <jvanek at redhat.com> 1.5.2-0
- update to upstream 1.5.2
--------------------------------------------------------------------------------
================================================================================
imapsync-1.607-1.fc19 (FEDORA-2014-15986)
Tool to migrate email between IMAP servers
--------------------------------------------------------------------------------
Update Information:
Update to 1.607
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 26 2014 Nick Bebout <nb at fedoraproject.org> - 1.607-1
- Upgrade to 1.607
--------------------------------------------------------------------------------
================================================================================
libreoffice-4.1.6.2-10.fc19 (FEDORA-2014-15999)
Free Software Productivity Suite
--------------------------------------------------------------------------------
Update Information:
CVE-2014-9093 backport some arbitrary rtf crash fixes
CVE-2014-3693 Use-after-free in Impress Remote socket manager
CVE-2014-3575 arbitrary file preview disclosure via ole2 objects
The vulnerability allows an attacker to send a document which when opened will trigger the prompt to "Update Links" but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 26 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.1.6.2-10
- Resolves: rhbz#1165740 CVE-2014-9093 backport some arbitrary rtf crash fixes
* Tue Nov 25 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.1.6.2-9
- Resolves: rhbz#1167503 CVE-2014-3693 Use-after-free in Impress Remote socket manager
* Tue Sep 9 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.1.6.2-8
- Resolves: rhbz#1139592 CVE-2014-3575 arbitrary file preview disclosure via ole2 objects
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165740 - libreoffice: crash importing malformed .rtf [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1165740
[ 2 ] Bug #1167503 - CVE-2014-3693 libreoffice: Use-After-Free in socket manager of Impress Remote [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1167503
[ 3 ] Bug #1139592 - CVE-2014-3575 libreoffice: openoffice: Arbitrary file disclosure via crafted OLE objects [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1139592
--------------------------------------------------------------------------------
================================================================================
libykneomgr-0.1.6-1.fc19 (FEDORA-2014-16012)
YubiKey NEO CCID Manager C Library
--------------------------------------------------------------------------------
Update Information:
Update to 0.1.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 17 2014 Andy Lutomirski <luto at mit.edu> - 0.1.6-1
- Update to 0.1.6
--------------------------------------------------------------------------------
================================================================================
lis-1.5.24-1.fc19 (FEDORA-2014-16025)
A library for solving linear equations and eigenvalue problems
--------------------------------------------------------------------------------
Update Information:
Update to 1.5.24
Update to 1.5.22
Update to 1.5.13
Update to 1.5.11
Update to 1.5.4
Update to 1.5.2
Update to 1.4.67
Update to 1.4.64
Update to 1.4.63
Update to 1.4.62
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Florian Lehner <dev at der-flo.net> - 1.5.24-1
- Update to 1.5.24
* Wed Nov 26 2014 Florian Lehner <dev at der-flo.net> - 1.5.23-1
- Update to 1.5.23
* Tue Nov 25 2014 Florian Lehner <dev at der-flo.net> - 1.5.22-1
- Update to 1.5.22
* Fri Nov 21 2014 Florian Lehner <dev at der-flo.net> - 1.5.19-1
- Update to 1.5.19
* Fri Nov 21 2014 Florian Lehner <dev at der-flo.net> - 1.5.18-1
- Update to 1.5.18
* Sat Nov 15 2014 Florian Lehner <dev at der-flo.net> - 1.5.13-1
- Update to 1.5.13
* Wed Nov 12 2014 Florian Lehner <dev at der-flo.net> - 1.5.11-1
- Update to 1.5.11
* Tue Nov 4 2014 Florian Lehner <dev at der-flo.net> - 1.5.4-1
- Update to 1.5.4
* Sat Nov 1 2014 Florian Lehner <dev at der-flo.net> - 1.5.2-1
- Update to 1.5.2
* Tue Oct 28 2014 Florian Lehner <dev at der-flo.net> - 1.4.67-1
- Update to 1.4.67
* Mon Oct 27 2014 Florian Lehner <dev at der-flo.net> - 1.4.66-1
- Update to 1.4.66
* Tue Oct 21 2014 Florian Lehner <dev at der-flo.net> - 1.4.64-1
- Update to 1.4.64
* Mon Oct 20 2014 Florian Lehner <dev at der-flo.net> - 1.4.63-1
- Update to 1.4.63
* Sat Oct 18 2014 Florian Lehner <dev at der-flo.net> - 1.4.62-1
- Update to 1.4.62
--------------------------------------------------------------------------------
================================================================================
liveusb-creator-3.13.1-1.fc19 (FEDORA-2014-15984)
A liveusb creator
--------------------------------------------------------------------------------
Update Information:
* Support a new installation mode that uses `dd` to copy the iso directly to the device. This method tends to be more reliable than the non-destructive approach.
* Added a new `--dd` command-line option
* DVD iso support with the 'overwrite device' method
* Improved UI layout
* Added AppData metadata
* The `--calculcate-liveos-checksum` now works on Linux
* Fixed the code that automatically populates the available releases
* Switched to use polkit on Linux instead of consolehelper for authentication
* Translation updates
* Improved error handling
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Luke Macken <lmacken at redhat.com> - 3.13.1-1
- Latest upstream release
* Thu Nov 27 2014 Gene Czarcinski <gczarcinski at gmail.com> 3.13.0-2
- convert to using polkit (pkexec) instead of consolehelper
* Wed Nov 26 2014 Luke Macken <lmacken at redhat.com> - 3.13.0-1
- Latest upstream release with bug fixes and interface improvements.
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.12.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Feb 21 2014 Luke Macken <lmacken at redhat.com> 3.12.1-1
- Update to 3.12.1 with more translations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096460 - [abrt] liveusb-creator: grabber.py:1727:_do_grab:URLGrabError: [Errno 14] curl#7 - "Failed to connect to 2a02:6b8::183: Сеть недоступна"
https://bugzilla.redhat.com/show_bug.cgi?id=1096460
[ 2 ] Bug #995258 - Cannot install Fedora 19 on MacBook pro
https://bugzilla.redhat.com/show_bug.cgi?id=995258
[ 3 ] Bug #1006270 - [abrt] liveusb-creator-3.11.8-3.fc19: creator.py:362:get_liveos:TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
https://bugzilla.redhat.com/show_bug.cgi?id=1006270
[ 4 ] Bug #1033489 - [abrt] liveusb-creator-3.11.8-3.fc19: creator.py:341:delete_liveos:UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 12: ordinal not in range(128)
https://bugzilla.redhat.com/show_bug.cgi?id=1033489
[ 5 ] Bug #1044309 - [abrt] liveusb-creator: gui.py:470:status:TypeError: QTextEdit.append(QString): argument 1 has unexpected type 'int'
https://bugzilla.redhat.com/show_bug.cgi?id=1044309
[ 6 ] Bug #1045692 - [abrt] liveusb-creator: gui.py:80:__init__:LiveUSBError: Unknown release: RFRemix 20 i686 XFCE
https://bugzilla.redhat.com/show_bug.cgi?id=1045692
[ 7 ] Bug #1057640 - [abrt] liveusb-creator: creator.py:732:get_free_bytes:OSError: [Errno 2] File o directory non esistente: '/run/media/lorenzo/F28B-8137'
https://bugzilla.redhat.com/show_bug.cgi?id=1057640
[ 8 ] Bug #1089453 - [abrt] liveusb-creator: linux_dialog.py:10:<module>:ImportError: /usr/lib/python2.7/site-packages/PyQt4/QtCore.so: undefined symbol: _ZTI13QStateMachine
https://bugzilla.redhat.com/show_bug.cgi?id=1089453
[ 9 ] Bug #1098725 - [abrt] liveusb-creator: creator.py:341:delete_liveos:UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 21: ordinal not in range(128)
https://bugzilla.redhat.com/show_bug.cgi?id=1098725
[ 10 ] Bug #1101288 - Created F20 liveusb boot problem
https://bugzilla.redhat.com/show_bug.cgi?id=1101288
[ 11 ] Bug #1120893 - unable to boot supermicro X10ssl-f and C7Z87
https://bugzilla.redhat.com/show_bug.cgi?id=1120893
[ 12 ] Bug #1149782 - liveusb-creator creates non-booting Live USB
https://bugzilla.redhat.com/show_bug.cgi?id=1149782
[ 13 ] Bug #1154779 - [abrt] liveusb-creator: python2.7 killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1154779
[ 14 ] Bug #1156489 - liveusb-creator for Windows (Win 8.1) produces not bootable usb media
https://bugzilla.redhat.com/show_bug.cgi?id=1156489
[ 15 ] Bug #1160979 - Trying to boot from USB just says "No OS found", or something like that
https://bugzilla.redhat.com/show_bug.cgi?id=1160979
[ 16 ] Bug #1161867 - Create a F20-DVD work but USB fail to boot
https://bugzilla.redhat.com/show_bug.cgi?id=1161867
[ 17 ] Bug #1164589 - Fedora Live unable to boot from USB 3.0 device
https://bugzilla.redhat.com/show_bug.cgi?id=1164589
[ 18 ] Bug #537577 - Ability to build LiveUSB from within a LiveDVD/CD
https://bugzilla.redhat.com/show_bug.cgi?id=537577
[ 19 ] Bug #1044243 - Installing from USB has wrong file paths
https://bugzilla.redhat.com/show_bug.cgi?id=1044243
[ 20 ] Bug #1054465 - [abrt] liveusb-creator: creator.py:362:get_liveos:TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
https://bugzilla.redhat.com/show_bug.cgi?id=1054465
[ 21 ] Bug #1145813 - RFE: use polkit instead of consolehelper
https://bugzilla.redhat.com/show_bug.cgi?id=1145813
--------------------------------------------------------------------------------
================================================================================
mariadb-5.5.40-1.fc19 (FEDORA-2014-15990)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-changelog and also couple of security issues.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 14 2014 Honza Horak <hhorak at redhat.com> - 1:5.5.40-1
- Rebase to 5.5.40
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153461
[ 2 ] Bug #1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153462
[ 3 ] Bug #1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153463
[ 4 ] Bug #1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153464
[ 5 ] Bug #1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153467
[ 6 ] Bug #1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153489
[ 7 ] Bug #1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153490
[ 8 ] Bug #1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153491
[ 9 ] Bug #1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153493
[ 10 ] Bug #1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153494
[ 11 ] Bug #1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153495
[ 12 ] Bug #1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153496
[ 13 ] Bug #1153497 - CVE-2014-6564 mysql: unspecified vulnerability related to SERVER:INNODB FULLTEXT SEARCH DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153497
--------------------------------------------------------------------------------
================================================================================
mate-panel-1.6.2-3.fc19 (FEDORA-2014-16024)
MATE Desktop panel applets
--------------------------------------------------------------------------------
Update Information:
- fix rhbz (#1023604)
- timezone fix
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 28 2014 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.6.2-3
- fix rhbz (#1023604)
- timezone fix
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1023604 - [abrt] mate-panel-1.6.1-4.fc20: container_child_background_set: Process /usr/bin/mate-panel was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=1023604
--------------------------------------------------------------------------------
================================================================================
mate-themes-extras-3.8.2-1.fc19 (FEDORA-2014-16047)
Extra gtk-2/3 themes for gtk based desktops
--------------------------------------------------------------------------------
Update Information:
- better support for CSD applications
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2014 Wolfgang Ulbrich <chat-to-me at raveit.de> - 3.8.2-1
- update to 3.8.2
- drop Gnome-Cupertino themes , they don't work with GTK3-3.8
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.23.7-1.fc19 (FEDORA-2014-16020)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7
* (bug 66776, bug 71478) SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done for format=json, and allowing sites to disable the mangling using $wgMangleFlashPolicy.
* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update the content model for a page could allow an unprivileged attacker to edit another user's common.js under certain circumstances. The user right "editcontentmodel" was added, and is needed to change a revision's content model.
* (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw HTML, it is not safe to preview wikitext coming from an untrusted source such as a cross-site request. Thus add an edit token to the form, and when raw HTML is allowed, ensure the token is provided before showing the preview. This check is not performed on wikis that both allow raw HTML and anonymous editing, since there are easier ways to exploit that scenario.
* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a public RFC about the desired functionality. This issue was reported by user Bawolff.
* (bug 71621) Make allowing site-wide styles on restricted special pages a config option.
* (bug 42723) Added updated version history from 1.19.2 to 1.22.13
* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that might be a flash policy directive configurable.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 28 2014 Michael Cronenworth <mike at cchtml.com> - 1.23.7-1
- Update to 1.23.7
- Release notes: http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7
--------------------------------------------------------------------------------
================================================================================
munin-2.0.25-1.fc19 (FEDORA-2014-16030)
Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:
Upstream released 2.0.25
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 25 2014 "D. Johnson" <fenris02 at fedoraproject.org> - 2.0.25-1
- Upstream released 2.0.25
--------------------------------------------------------------------------------
================================================================================
pam_mount-2.14-4.fc19 (FEDORA-2014-16031)
A PAM module that can mount volumes for a user session
--------------------------------------------------------------------------------
Update Information:
- Fix problems with selinux and unmounting (support utab)
- Handle newer mount versions
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 28 2014 Till Maas <opensource at till.name> - 2.14-4
- Remove usage of deprecated -p0 mount option (#1167684)
- Support utab (#1161601)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 6 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1167684 - pam_mount does not mount anything: invalid option -- 'p'
https://bugzilla.redhat.com/show_bug.cgi?id=1167684
[ 2 ] Bug #1161601 - selinux breaks pam_mount umounting from gdm
https://bugzilla.redhat.com/show_bug.cgi?id=1161601
--------------------------------------------------------------------------------
================================================================================
perl-Fsdb-2.53-1.fc19 (FEDORA-2014-16026)
A set of commands for manipulating flat-text databases from the shell
--------------------------------------------------------------------------------
Update Information:
update to 2.53
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 26 2014 John Heidemann <johnh at isi.edu> 2.53-1
- See http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.2.13-1.fc19 (FEDORA-2014-16040)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.2.13.0 (2014-11-30)
================================
- Query history not being deleted
- db/table query string parameters no longer work
- Unseen messages in tracking
- Tracking report export as SQL dump does not work
- Syntax error during db_copy operation
- SELECT permission issues with relations and restricted access
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2014 Robert Scheck <robert at fedoraproject.org> 4.2.13-1
- Upgrade to 4.2.13
--------------------------------------------------------------------------------
================================================================================
python-larch-1.20131130-1.fc19 (FEDORA-2014-15982)
Python B-tree library
--------------------------------------------------------------------------------
Update Information:
* Serious bug fixed: the "KeyError" crash for reference counts. This
was false memory use optimisation, which triggered a rare bug in
related code. Repeatable test case by Rob Kendrick, and helpful
analysis by Itamar Turing-Trauring.
* Serious bug fixed: another "node missing" bug. This crash was
caused by a bug that overwrote on-disk reference count groups
with zeroes. Repeatable test case by Rob Kendrick.
* Fixes to fsck from Antoine Brenner.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Michel Alexandre Salim <salimma at fedoraproject.org> - 1.20131130-1
- Update to 1.20131130
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1036606 - python-larch-1.20131130 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1036606
--------------------------------------------------------------------------------
================================================================================
rlwrap-0.42-1.fc19 (FEDORA-2014-16049)
Wrapper for GNU readline
--------------------------------------------------------------------------------
Update Information:
* Added --mirror-arguments (-U) option
* several bug fixes, see CHANGES
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Michel Alexandre Salim <salimma at fedoraproject.org> - 0.42-1
- Update to 0.42
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1136042 - RFE - Please build an EPEL7 release of rlwrap
https://bugzilla.redhat.com/show_bug.cgi?id=1136042
[ 2 ] Bug #1164466 - rlwrap-0.42 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1164466
--------------------------------------------------------------------------------
================================================================================
sip-redirect-0.2.0-1.fc19 (FEDORA-2014-15981)
Tiny IPv4 and IPv6 SIP redirect server written in Perl
--------------------------------------------------------------------------------
Update Information:
sip-redirect 0.2.0
==================
- Changed hard requirement for IPv6 support for perl Socket6 to either perl Socket >= 1.95 or perl Socket6
- Updated the copy of the GNU GPLv2 to reflect new FSF address
- Added support for systemd alternatively to classic initscript
- Ignore spaces around separator characters in configuration file
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 29 2014 Robert Scheck <robert at fedoraproject.org> 0.2.0-1
- Upgrade to 0.2.0
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.1.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.1.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar at redhat.com> - 0.1.2-9
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
================================================================================
tracker-0.16.5-1.fc19 (FEDORA-2014-16021)
Desktop-neutral search tool and indexer
--------------------------------------------------------------------------------
Update Information:
Update to 0.16.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2014 David King <amigadave at amigadave.com> - 0.16.5-1
- Update to 0.16.5
* Thu Oct 2 2014 Debarshi Ray <rishi at fedoraproject.org> - 0.16.4-3
- Fix a couple of tracker-miner-fs crashes (Red Hat #972338)
* Wed Sep 24 2014 David King <amigadave at amigadave.com> - 0.16.4-2
- Enable FLAC and Vorbis extractors
- Build against newer versions of Thunderbird and Firefox
- Preserve timestamps during install
--------------------------------------------------------------------------------
================================================================================
unzip-6.0-13.fc19 (FEDORA-2014-16009)
A utility for unpacking zip files
--------------------------------------------------------------------------------
Update Information:
- Fix unitialized reads, reported in valgrind, see bug #558738.
- Fix fix broken -X option (keep original user) - never worked before- added patch and option -DIZ_HAVE_UXUIDGID for compilation. See bug #1139053.
Fix wrong output data due to memcpy() overlap.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Petr Stodulka <pstodulk at redhat.com> - 6.0-13
- Fix unitialized reads (#558738)
- Fix fix broken -X option - never worked before. Added -DIZ_HAVE_UXUIDGID
option for compilation.
(#935202)
* Thu Nov 6 2014 Petr Stodulka <pstodulk at redhat.com> - 6.0-12
- Fix producing of incorrect output due to memcpy overlapping
by added option -D NOMEMCPY to compile section.
(#1161325)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139053 - The -X option to unzip has never worked on Unix/Linux.
https://bugzilla.redhat.com/show_bug.cgi?id=1139053
[ 2 ] Bug #558738 - Valgrind reports uninitialized reads in unzip
https://bugzilla.redhat.com/show_bug.cgi?id=558738
[ 3 ] Bug #1161325 - unzip reports crc error and produces incorrect output
https://bugzilla.redhat.com/show_bug.cgi?id=1161325
--------------------------------------------------------------------------------
================================================================================
util-linux-2.23.2-6.fc19 (FEDORA-2014-16045)
A collection of basic system utilities
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-9114
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Karel Zak <kzak at redhat.com> 2.23.2-6
- fix #1168490 - CVE-2014-9114 util-linux: command injection flaw in blkid
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1168485 - CVE-2014-9114 util-linux: command injection flaw in blkid
https://bugzilla.redhat.com/show_bug.cgi?id=1168485
--------------------------------------------------------------------------------
================================================================================
xen-4.2.5-6.fc19 (FEDORA-2014-16017)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Excessive checking in compatibility mode hypercall argument translation,
Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor,
fix segfaults and failures in xl migrate --debug
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Michael Young <m.a.young at durham.ac.uk> - 4.2.5-6
- Excessive checking in compatibility mode hypercall argument translation
[XSA-111, CVE-2014-8866]
- Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor
[XSA-112, CVE-2014-8867]
- fix segfaults and failures in xl migrate --debug (#1166461)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166461 - migrate --debug option can lead to Segmentation fault (core dumped)
https://bugzilla.redhat.com/show_bug.cgi?id=1166461
--------------------------------------------------------------------------------
================================================================================
xpa-2.1.15-3.fc19 (FEDORA-2014-15978)
The X Public Access messaging system
--------------------------------------------------------------------------------
Update Information:
xpa now requires xpa-libs, as it should; fixed wrong tcl version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Sergio Pascual <sergiopr at fedoraproject.org> - 2.1.15-3
- Fix race condition, tools were built before the shared library
- tcl in f20 is 8.5 (rh bz #1168544)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1168544 - xpa-2.1.15-2 requires unavailable tcl-8.6
https://bugzilla.redhat.com/show_bug.cgi?id=1168544
--------------------------------------------------------------------------------
More information about the test
mailing list