Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Dec 4 06:28:13 UTC 2014
The following Fedora 19 Security updates need testing:
Age URL
404 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
216 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
167 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19
62 https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19
47 https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19
38 https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19
29 https://admin.fedoraproject.org/updates/FEDORA-2014-14237/claws-mail-plugins-3.11.1-1.fc19,claws-mail-3.11.1-2.fc19,libetpan-1.6-1.fc19
22 https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19
19 https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.10.0-2.fc19
18 https://admin.fedoraproject.org/updates/FEDORA-2014-15079/mantis-1.2.17-4.fc19
18 https://admin.fedoraproject.org/updates/FEDORA-2014-14874/arm-none-eabi-binutils-cs-2014.05.28-3.fc19
18 https://admin.fedoraproject.org/updates/FEDORA-2014-14838/avr-binutils-2.24-3.fc19
15 https://admin.fedoraproject.org/updates/FEDORA-2014-15248/kde-runtime-4.11.5-3.fc19
14 https://admin.fedoraproject.org/updates/FEDORA-2014-15378/rubygem-actionpack-3.2.13-7.fc19
14 https://admin.fedoraproject.org/updates/FEDORA-2014-15390/nodejs-0.10.33-1.fc19,libuv-0.10.29-1.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-15466/rubygem-sprockets-2.8.2-4.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-15717/kernel-3.14.25-100.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-15740/facter-1.6.18-8.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-15730/asterisk-11.14.1-1.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-15743/curl-7.29.0-26.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15838/libksba-1.3.2-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15811/graphviz-2.30.1-13.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15833/hivex-1.3.8-2.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15848/docker-io-1.3.2-2.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-16017/xen-4.2.5-6.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-15990/mariadb-5.5.40-1.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-15999/libreoffice-4.1.6.2-10.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-16020/mediawiki-1.23.7-1.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-16045/util-linux-2.23.2-6.fc19
1 https://admin.fedoraproject.org/updates/FEDORA-2014-16130/libyaml-0.1.6-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16272/flac-1.3.1-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16251/mingw-flac-1.3.1-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16227/dbus-1.6.28-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16224/pcre-8.32-12.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16257/antiword-0.37-17.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16234/pkcs11-helper-1.11-3.fc19,openvpn-2.3.6-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16203/kde-plasma-networkmanagement-0.9.0.11-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16210/perl-YAML-LibYAML-0.54-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16242/firefox-34.0-1.fc19,thunderbird-31.3.0-1.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
352 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
278 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-15506/ca-certificates-2014.2.1-1.5.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-15743/curl-7.29.0-26.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-15717/kernel-3.14.25-100.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-15732/cups-1.6.4-12.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-15832/lvm2-2.02.98-16.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-16021/tracker-0.16.5-1.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-16009/unzip-6.0-13.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-16045/util-linux-2.23.2-6.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16276/selinux-policy-3.12.1-74.30.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16213/crda-1.1.3_2014.11.18-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16224/pcre-8.32-12.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16227/dbus-1.6.28-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16242/firefox-34.0-1.fc19,thunderbird-31.3.0-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-16272/flac-1.3.1-1.fc19
The following builds have been pushed to Fedora 19 updates-testing
antiword-0.37-17.fc19
bionetgen-2.2.5-2.fc19
crda-1.1.3_2014.11.18-1.fc19
dbus-1.6.28-1.fc19
easystroke-0.6.0-6.fc19
firefox-34.0-1.fc19
flac-1.3.1-1.fc19
java-1.7.0-openjdk-1.7.0.71-2.5.3.1.fc19
kde-plasma-networkmanagement-0.9.0.11-2.fc19
lis-1.5.31-1.fc19
mingw-flac-1.3.1-1.fc19
nodejs-grunt-saucelabs-8.3.3-1.fc19
nodejs-nsp-audit-shrinkwrap-1.0.1-1.fc19
obnam-1.8-1.fc19
openscap-1.2.0-1.fc19
openvpn-2.3.6-1.fc19
pcre-8.32-12.fc19
perl-Want-0.24-1.fc19
perl-YAML-LibYAML-0.54-1.fc19
pkcs11-helper-1.11-3.fc19
pybliographer-1.2.17-1.fc19
pyhoca-gui-0.5.0.3-1.fc19
python-bloom-0.5.14-1.fc19
python-cliapp-1.20140719-1.fc19
python-pygraphviz-1.3-2.rc2.fc19
python-rosdep-0.10.33-1.fc19
python-rosdistro-0.3.7-1.fc19
python-x2go-0.5.0.2-1.fc19
rubygem-openscap-0.4.0-1.fc19
selinux-policy-3.12.1-74.30.fc19
statsd-0.7.2-3.fc19
surfraw-2.2.9-3.fc19
thunderbird-31.3.0-1.fc19
varnish-3.0.6-1.fc19
xpdf-3.04-6.fc19
Details about builds:
================================================================================
antiword-0.37-17.fc19 (FEDORA-2014-16257)
MS Word to ASCII/Postscript converter
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-8123
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Adrian Reber <adrian at lisas.de> - 0.37-17
- added patch for "CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]" (#1169665)
- fixed dates in changelog
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.37-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169665 - CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]
https://bugzilla.redhat.com/show_bug.cgi?id=1169665
--------------------------------------------------------------------------------
================================================================================
bionetgen-2.2.5-2.fc19 (FEDORA-2014-16237)
Software for rule-based modeling of biochemical systems
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
================================================================================
crda-1.1.3_2014.11.18-1.fc19 (FEDORA-2014-16213)
Regulatory compliance daemon for 802.11 wireless networking
--------------------------------------------------------------------------------
Update Information:
Update wireless-regdb to version 2014.11.18
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 25 2014 John W. Linville <linville at redhat.com> - 1.1.3_2014.11.18-1
- Update wireless-regdb to version 2014.11.18
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169973 - Update wireless-regdb from 2014-11-18
https://bugzilla.redhat.com/show_bug.cgi?id=1169973
[ 2 ] Bug #1056162 - Wireless: the lack of regulatory entries makes AD country unable to use some wifi drivers
https://bugzilla.redhat.com/show_bug.cgi?id=1056162
--------------------------------------------------------------------------------
================================================================================
dbus-1.6.28-1.fc19 (FEDORA-2014-16227)
D-BUS message bus
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.28
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 David King <amigadave at amigadave.com> - 1:1.6.28-1
- Update to 1.6.28
- Fixes CVE-2014-3635 (fd.o#83622)
- Fixes CVE-2014-3636 (fd.o#82820)
- Fixes CVE-2014-3637 (fd.o#80559)
- Fixes CVE-2014-3638 (fd.o#81053)
- Fixes CVE-2014-3639 (fd.o#80919)
- Fixes CVE-2014-7824 (fd.o#85105)
- Fixes CVE-2014-3477 (fd.o#78979)
- Fixes CVE-2014-3532 (fd.o#80163)
- Fixes CVE-2014-3533 (fd.o#80469)
- Resolves #1115636
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1140523 - CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
https://bugzilla.redhat.com/show_bug.cgi?id=1140523
[ 2 ] Bug #1140525 - CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
https://bugzilla.redhat.com/show_bug.cgi?id=1140525
[ 3 ] Bug #1140527 - CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
https://bugzilla.redhat.com/show_bug.cgi?id=1140527
[ 4 ] Bug #1140529 - CVE-2014-3638 dbus: denial of service in method call handling
https://bugzilla.redhat.com/show_bug.cgi?id=1140529
[ 5 ] Bug #1140532 - CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling
https://bugzilla.redhat.com/show_bug.cgi?id=1140532
[ 6 ] Bug #1114414 - CVE-2014-3532 dbus: denial of service in file descriptor passing feature
https://bugzilla.redhat.com/show_bug.cgi?id=1114414
[ 7 ] Bug #1114416 - CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors
https://bugzilla.redhat.com/show_bug.cgi?id=1114416
--------------------------------------------------------------------------------
================================================================================
easystroke-0.6.0-6.fc19 (FEDORA-2014-16221)
Gesture-recognition application for X11
--------------------------------------------------------------------------------
Update Information:
fix black squares issue on gnome 3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Tom Callaway <spot at fedoraproject.org> - 0.6.0-6
- fix black squares issue on gnome 3 (bz1084308)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 23 2014 Petr Machata <pmachata at redhat.com> - 0.6.0-3
- Rebuild for boost 1.55.0
* Fri May 23 2014 David Tardon <dtardon at redhat.com> - 0.6.0-2
- rebuild for boost 1.55.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1084308 - Black squares rendered around gestures
https://bugzilla.redhat.com/show_bug.cgi?id=1084308
--------------------------------------------------------------------------------
================================================================================
firefox-34.0-1.fc19 (FEDORA-2014-16242)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
New Firefox release - 34.0.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Martin Stransky <stransky at redhat.com> - 34.0-1
- Update to 34.0 build 2
--------------------------------------------------------------------------------
================================================================================
flac-1.3.1-1.fc19 (FEDORA-2014-16272)
An encoder/decoder for the Free Lossless Audio Codec
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-9028, CVE-2014-8962
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Miroslav Lichvar <mlichvar at redhat.com> 1.3.1-1
- update to 1.3.1 (CVE-2014-8962, CVE-2014-9028)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1167236 - CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1167236
[ 2 ] Bug #1167741 - CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_
https://bugzilla.redhat.com/show_bug.cgi?id=1167741
--------------------------------------------------------------------------------
================================================================================
java-1.7.0-openjdk-1.7.0.71-2.5.3.1.fc19 (FEDORA-2014-16228)
OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:
packages made relocatable (RH11690970)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Jiri Vanek <jvanek at redhat.com> - 1:1.7.0.71-2.5.3.1
- removed source14 remove-origin-from-rpaths (11690970)
- removed build requirement for chrpath
--------------------------------------------------------------------------------
================================================================================
kde-plasma-networkmanagement-0.9.0.11-2.fc19 (FEDORA-2014-16203)
NetworkManager KDE 4 integration
--------------------------------------------------------------------------------
Update Information:
Add option for server certificate verification.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2014 Jan Grulich <jgrulich at redhat.com> 0.9.0.11-2
- add option for server certificate verification
Resolves: 1169887
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169886 - kde-plasma-networkmanagement, kde-plasma-nm: creates OpenVPN connections vulnerable to MITM attack
https://bugzilla.redhat.com/show_bug.cgi?id=1169886
--------------------------------------------------------------------------------
================================================================================
lis-1.5.31-1.fc19 (FEDORA-2014-16202)
A library for solving linear equations and eigenvalue problems
--------------------------------------------------------------------------------
Update Information:
Update to 1.5.31
Update to 1.5.24
Update to 1.5.22
Update to 1.5.13
Update to 1.5.11
Update to 1.5.4
Update to 1.5.2
Update to 1.4.67
Update to 1.4.64
Update to 1.4.63
Update to 1.4.62
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2014 Florian Lehner <dev at der-flo.net> - 1.5.31-1
- Update to 1.5.31
* Thu Nov 27 2014 Florian Lehner <dev at der-flo.net> - 1.5.24-1
- Update to 1.5.24
* Wed Nov 26 2014 Florian Lehner <dev at der-flo.net> - 1.5.23-1
- Update to 1.5.23
* Tue Nov 25 2014 Florian Lehner <dev at der-flo.net> - 1.5.22-1
- Update to 1.5.22
* Fri Nov 21 2014 Florian Lehner <dev at der-flo.net> - 1.5.19-1
- Update to 1.5.19
* Fri Nov 21 2014 Florian Lehner <dev at der-flo.net> - 1.5.18-1
- Update to 1.5.18
* Sat Nov 15 2014 Florian Lehner <dev at der-flo.net> - 1.5.13-1
- Update to 1.5.13
* Wed Nov 12 2014 Florian Lehner <dev at der-flo.net> - 1.5.11-1
- Update to 1.5.11
* Tue Nov 4 2014 Florian Lehner <dev at der-flo.net> - 1.5.4-1
- Update to 1.5.4
* Sat Nov 1 2014 Florian Lehner <dev at der-flo.net> - 1.5.2-1
- Update to 1.5.2
* Tue Oct 28 2014 Florian Lehner <dev at der-flo.net> - 1.4.67-1
- Update to 1.4.67
* Mon Oct 27 2014 Florian Lehner <dev at der-flo.net> - 1.4.66-1
- Update to 1.4.66
* Tue Oct 21 2014 Florian Lehner <dev at der-flo.net> - 1.4.64-1
- Update to 1.4.64
* Mon Oct 20 2014 Florian Lehner <dev at der-flo.net> - 1.4.63-1
- Update to 1.4.63
* Sat Oct 18 2014 Florian Lehner <dev at der-flo.net> - 1.4.62-1
- Update to 1.4.62
--------------------------------------------------------------------------------
================================================================================
mingw-flac-1.3.1-1.fc19 (FEDORA-2014-16251)
Encoder/decoder for the Free Lossless Audio Codec
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-9028, CVE-2014-8962
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 David King <amigadave at amigadave.com> - 1.3.1-1
- Update to 1.3.1 (#1168768)
- Fixes CVE-2014-8962 and CVE-2014-9028
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Feb 16 2014 František Dvořák <valtri at civ.zcu.cz> - 1.3.0-2
- Added tools subpackage
- Comment licensing breakdown
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1167236 - CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1167236
[ 2 ] Bug #1167741 - CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_
https://bugzilla.redhat.com/show_bug.cgi?id=1167741
--------------------------------------------------------------------------------
================================================================================
nodejs-grunt-saucelabs-8.3.3-1.fc19 (FEDORA-2014-16207)
Grunt task running tests using Sauce Labs
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1115679 - Review Request: nodejs-grunt-saucelabs - Grunt task running tests using Sauce Labs
https://bugzilla.redhat.com/show_bug.cgi?id=1115679
--------------------------------------------------------------------------------
================================================================================
nodejs-nsp-audit-shrinkwrap-1.0.1-1.fc19 (FEDORA-2014-16269)
Audits a shrinkwrap file against the NSP module vulnerability database
--------------------------------------------------------------------------------
Update Information:
update to 1.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2014 Parag Nemade <pnemade AT redhat DOT com> - 1.0.1-1
- update to 1.0.1
--------------------------------------------------------------------------------
================================================================================
obnam-1.8-1.fc19 (FEDORA-2014-16246)
An easy, secure backup program
--------------------------------------------------------------------------------
Update Information:
Many enhancements and bug fixes; see NEWS file
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Michel Alexandre Salim <salimma at fedoraproject.org> - 1.8-1
- Update to 1.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1100691 - obnam-1.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1100691
--------------------------------------------------------------------------------
================================================================================
openscap-1.2.0-1.fc19 (FEDORA-2014-16275)
Set of open source libraries enabling integration of the SCAP line of standards
--------------------------------------------------------------------------------
Update Information:
New OpenSCAP release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Šimon Lukašík <slukasik at redhat.com> - 1.2.0-1
- upgrade to the latest upstream release
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.6-1.fc19 (FEDORA-2014-16234)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Jon Ciesla <limburgher at gmail.com> 2.3.6-1
- 2.3.6, CVE-2014-8104.
* Fri Nov 21 2014 Ralf Corsépius <corsepiu at fedoraproject.org> - 2.3.5-2
- Rework package doc handling (RHBZ #1165004).
* Tue Oct 28 2014 Jon Ciesla <limburgher at gmail.com> 2.3.5-1
- 2.3.5.
* Tue Aug 26 2014 Jan Vcelak <jvcelak at fedoraproject.org> 2.3.4-4
* Fri Nov 21 2014 Ralf Corsépius <corsepiu at fedoraproject.org> - 2.3.2-7
- Rework package doc handling (RHBZ #1165004).
* Tue Aug 26 2014 Jan Vcelak <jvcelak at fedoraproject.org> 2.3.2-6
- Enable systemd support.
* Sun Jan 19 2014 Ville Skyttä <ville.skytta at iki.fi> - 2.3.2-5
- Don't order service after syslog.target.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
pcre-8.32-12.fc19 (FEDORA-2014-16224)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes CVE-2014-8964 (an unused memory usage on zero-repeat assertion condition)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Petr Pisar <ppisar at redhat.com> - 8.32-12
- Fix CVE-2014-8964 (unused memory usage on zero-repeat assertion condition)
(bug #1165626)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166147 - CVE-2014-8964 pcre: incorrect handling of zero-repeat assertion conditions
https://bugzilla.redhat.com/show_bug.cgi?id=1166147
--------------------------------------------------------------------------------
================================================================================
perl-Want-0.24-1.fc19 (FEDORA-2014-16263)
Perl module implementing a generalisation of wantarray
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2014 Ralf Corsépius <corsepiu at fedoraproject.org> - 0.24-1
- Upstream update.
- Switch to using DESTDIR and pure_install.
--------------------------------------------------------------------------------
================================================================================
perl-YAML-LibYAML-0.54-1.fc19 (FEDORA-2014-16210)
Perl YAML Serialization using XS and libyaml
--------------------------------------------------------------------------------
Update Information:
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2014 Paul Howarth <paul at city-fan.org> - 0.54-1
- Update to 0.54
- Fix for an edge case in scanner that results in an assert() failing
(https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure)
(CVE-2014-9130)
- Drop upstreamed patches for CVE-2013-6393 and CVE-2014-2525
* Tue Nov 18 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.52-3
- Update BRs (bz#1165198)
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.52-2
- Perl 5.20 rebuild
* Sun Aug 24 2014 Paul Howarth <paul at city-fan.org> - 0.52-1
- Update to 0.52
- Fix e1 test failure on 5.21.4
* Mon Aug 18 2014 Paul Howarth <paul at city-fan.org> - 0.51-1
- Update to 0.51 (various minor tidy-ups, no functional changes)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.47-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Aug 9 2014 Paul Howarth <paul at city-fan.org> - 0.47-1
- Update to 0.47:
- Fix swim errors
- Include upstream license file
* Wed Aug 6 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.46-1
- 0.46 bump
* Tue Aug 5 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.45-1
- 0.45 bump
* Mon Jul 14 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.44-1
- 0.44 bump
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.41-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings
https://bugzilla.redhat.com/show_bug.cgi?id=1169369
--------------------------------------------------------------------------------
================================================================================
pkcs11-helper-1.11-3.fc19 (FEDORA-2014-16234)
A library for using PKCS#11 providers
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Apr 11 2014 Jon Ciesla <limburgher at gmail.com> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
pybliographer-1.2.17-1.fc19 (FEDORA-2014-16222)
Framework for working with bibliographic databases
--------------------------------------------------------------------------------
Update Information:
This update fixes bugs and installs appdata file.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Zoltan Kota <zoltank at gmail.com> - 1.2.17-1
- update to 1.2.17
--------------------------------------------------------------------------------
================================================================================
pyhoca-gui-0.5.0.3-1.fc19 (FEDORA-2014-16261)
Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Orion Poplawski <orion at cora.nwra.com> - 0.5.0.3-1
- Update to 0.5.0.3
--------------------------------------------------------------------------------
================================================================================
python-bloom-0.5.14-1.fc19 (FEDORA-2014-16277)
Bloom is a release automation tool
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream versions and add python3 packages for rosdistro and catkin_lint
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 28 2014 Scott K Logan <logans at cottsay.net> - 0.5.14-1
- Update to 0.5.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1160290 - python-catkin_lint-1.3.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1160290
[ 2 ] Bug #1167730 - python-bloom-0.5.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1167730
[ 3 ] Bug #1155143 - python-rosdistro-0.3.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1155143
--------------------------------------------------------------------------------
================================================================================
python-cliapp-1.20140719-1.fc19 (FEDORA-2014-16256)
Python framework for Unix command line programs
--------------------------------------------------------------------------------
Update Information:
Version 1.20140719
* The way logging is set up has been split into smaller methods, to allow overriding better.
* Plugins no longer need to define a `disable` method: the default implementation is now a no-op.
Bug fixes:
* When getting help for a subcommand, cliapp would crash saying
`get_help_text_formatter` couldn't be found. This has been fixed.
Version 1.20140315
------------------
* `cliapp` now logs the current working directory, uid, effective uid, gid, and effective gid at startup.
* `cliapp` (`Settings.load_configs`) now reports an unknown
variable in a configuration file with a nice error message, rather than a stack trace.
* Allow overriding how the full help text for a subcommand is to be formatted.
* The `cliapp.Settings.require` method now accepts many setting names, and check for all of them.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Michel Alexandre Salim <salimma at fedoraproject.org> - 1.20140719-1
- Update to 1.20140719
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1077600 - python-cliapp-1.20140719 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1077600
--------------------------------------------------------------------------------
================================================================================
python-pygraphviz-1.3-2.rc2.fc19 (FEDORA-2014-16212)
Create and Manipulate Graphs and Networks
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
================================================================================
python-rosdep-0.10.33-1.fc19 (FEDORA-2014-16277)
ROS System Dependency Installer
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream versions and add python3 packages for rosdistro and catkin_lint
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2014 Scott K Logan <logans at cottsay.net> - 0.10.33-1
- Update to release 0.10.33
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1160290 - python-catkin_lint-1.3.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1160290
[ 2 ] Bug #1167730 - python-bloom-0.5.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1167730
[ 3 ] Bug #1155143 - python-rosdistro-0.3.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1155143
--------------------------------------------------------------------------------
================================================================================
python-rosdistro-0.3.7-1.fc19 (FEDORA-2014-16277)
File format for managing ROS Distributions
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream versions and add python3 packages for rosdistro and catkin_lint
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 25 2014 Scott K Logan <logans at cottsay.net> - 0.3.7-1
- Update to release 0.3.7
- Remove argparse patch (fixed upstream)
- Fix sphinx dependency in el6
- Add check section
- Add python3 package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1160290 - python-catkin_lint-1.3.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1160290
[ 2 ] Bug #1167730 - python-bloom-0.5.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1167730
[ 3 ] Bug #1155143 - python-rosdistro-0.3.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1155143
--------------------------------------------------------------------------------
================================================================================
python-x2go-0.5.0.2-1.fc19 (FEDORA-2014-16261)
Python module providing X2Go client API
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Orion Poplawski <orion at cora.nwra.com> - 0.5.0.2-1
- Update to 0.5.0.2
--------------------------------------------------------------------------------
================================================================================
rubygem-openscap-0.4.0-1.fc19 (FEDORA-2014-16275)
A FFI wrapper around the OpenSCAP library
--------------------------------------------------------------------------------
Update Information:
New OpenSCAP release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Šimon Lukašík <slukasik at redhat.com> - 0.4.0-1
- upgrade to the new upstream version
* Thu Oct 23 2014 Šimon Lukašík <slukasik at redhat.com> - 0.3.0-1
- upgrade to the new upstream version
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.12.1-74.30.fc19 (FEDORA-2014-16276)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=596542
More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=552380
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Lukas Vrabec <lvrabec at redhat.com> 3.12.1-74.30
- Allow systemd_tmpfiles_t to manage/relabel non auth files. BZ #(1139336)
- Fix labeling for HOME_DIR/tmp and HOME_DIR/.tmp directories.
- Label ~/tmp and ~/.tmp directories in user tmp dirs as user_tmp_t
- Allow boinc_t manage boinc_project_tmp_t files and dirs (#1135687)
- Allow apache to communicate with zoneminder, dontaudit attempts to read utmp
- Allow smoltclient to connect on http_cache port. (#982199)
- Allow mozilla_plugin_t to setcap (#981796)
* Tue Aug 12 2014 Lukas Vrabec <lvrabec at redhat.com> 3.12.1-74.29
- Allow sensord to send a signal.
- Allow smokeping cgi script to send syslog messages (#1122163)
- docker needs setfcap
* Thu Jun 19 2014 Lukas Vrabec <lvrabec at redhat.com> 3.12.1-74.28
- Added docker policy
- Allow chrome_sandbox to execute config_home_t
- apcupsd will send a wall message to all terminals telling the system is about to go down
- If you use ldap you should be able to read certs
* Wed May 14 2014 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-74.27
- Add missing dyntransition for sandbox_x_domain
* Fri May 9 2014 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-74.26
- Update sandbox_transition() to call sandbox_dyntrasition().
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #965714 - Zoneminder will not start with Selinux in Enforcing Mode
https://bugzilla.redhat.com/show_bug.cgi?id=965714
[ 2 ] Bug #981796 - SELinux is preventing /usr/bin/pulseaudio from using the 'setcap' accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=981796
[ 3 ] Bug #982199 - SELinux is preventing /usr/bin/python2.7 from 'name_connect' accesses on the tcp_socket .
https://bugzilla.redhat.com/show_bug.cgi?id=982199
[ 4 ] Bug #1023937 - SELinux is preventing /usr/libexec/cups-pk-helper-mechanism from 'read' accesses on the file tmpQ1BRQ4.
https://bugzilla.redhat.com/show_bug.cgi?id=1023937
[ 5 ] Bug #1135687 - SELinux is preventing /usr/bin/rm from 'rmdir' accesses on the directory .vbox-boinc-ipc.
https://bugzilla.redhat.com/show_bug.cgi?id=1135687
[ 6 ] Bug #1139336 - SELinux is preventing /usr/bin/systemd-tmpfiles from 'setattr' accesses on the directory mctsct1z.default.
https://bugzilla.redhat.com/show_bug.cgi?id=1139336
[ 7 ] Bug #1141967 - Receive the error Multiple different specifications for /var/opt/quest/vas/vasd(/.*)? when trying to develop an SELinux module for Dell Software's vasd.
https://bugzilla.redhat.com/show_bug.cgi?id=1141967
[ 8 ] Bug #1089660 - Dovecot cannot access slapd_cert
https://bugzilla.redhat.com/show_bug.cgi?id=1089660
[ 9 ] Bug #1109498 - SELinux is preventing /usr/bin/wall from 'open' accesses on the chr_file /dev/pts/0.
https://bugzilla.redhat.com/show_bug.cgi?id=1109498
[ 10 ] Bug #1122163 - SELinux is preventing /usr/bin/perl from 'getattr' accesses on the sock_file /dev/log.
https://bugzilla.redhat.com/show_bug.cgi?id=1122163
[ 11 ] Bug #1123111 - SELinux is preventing /usr/sbin/sensord from using the 'signal' accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=1123111
[ 12 ] Bug #1079636 - Enforcing selinux-policy-targeted prevents named-chroot.service from functioning
https://bugzilla.redhat.com/show_bug.cgi?id=1079636
--------------------------------------------------------------------------------
================================================================================
statsd-0.7.2-3.fc19 (FEDORA-2014-16223)
A simple, lightweight network daemon to collect metrics over UDP
--------------------------------------------------------------------------------
Update Information:
fix end of line encodings
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164496 - Review Request: statsd - A simple, lightweight network daemon to collect metrics over UDP
https://bugzilla.redhat.com/show_bug.cgi?id=1164496
--------------------------------------------------------------------------------
================================================================================
surfraw-2.2.9-3.fc19 (FEDORA-2014-16254)
Shell Users Revolutionary Front Rage Against the Web
--------------------------------------------------------------------------------
Update Information:
Remove dependency on screen (rhbz#1159215).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Thomas Moschny <thomas.moschny at gmx.de> - 2.2.9-3
- Remove dependency on screen (rhbz#1159215).
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1159215 - Surfraw unecessarily depends on screen
https://bugzilla.redhat.com/show_bug.cgi?id=1159215
--------------------------------------------------------------------------------
================================================================================
thunderbird-31.3.0-1.fc19 (FEDORA-2014-16242)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
New Firefox release - 34.0.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Jan Horak <jhorak at redhat.com> - 31.3.0-1
- Update to 31.3.0
--------------------------------------------------------------------------------
================================================================================
varnish-3.0.6-1.fc19 (FEDORA-2014-16244)
High-performance HTTP accelerator
--------------------------------------------------------------------------------
Update Information:
New upstream release. A bugfix release.
From the upstream release notes:
Varnish 3.0.6 has just been released. It corrects a series of bugs fixed over the last 11 months, including three robustness bugs that may, in odd cases, lead to Varnish restarting.
We recommend that users that can't upgrade to 4.0 at this point, upgrade to 3.0.6.
This is the last planned release in the 3.0 series. Please note that per our release schedule we support the
old stable version one year after the next version is released. Varnish 4.0.0 was released in April 2014.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Ingvar Hagelund <ingvar at redpill-linpro.com> 3.0.6-1
- New upstream release
- Added python to BuildRequires - it's needed for mock builds on f19
--------------------------------------------------------------------------------
================================================================================
xpdf-3.04-6.fc19 (FEDORA-2014-16232)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
fix proper display of international strings in the title
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Tom Callaway <spot at fedoraproject.org> - 1:3.04-6
- fix proper display of international strings in the title (bz 1169301)
* Fri Sep 12 2014 Tom Callaway <spot at fedoraproject.org> - 1:3.04-5
- fix .desktop file
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:3.04-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:3.04-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169301 - xpdf does not show non-ASCII paths correctly
https://bugzilla.redhat.com/show_bug.cgi?id=1169301
--------------------------------------------------------------------------------
More information about the test
mailing list