Fedora 20 updates-testing report

Fri Dec 19 18:36:05 UTC 2014

The following Fedora 20 Security updates need testing:
 Age  URL
  77  https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
  30  https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
  28  https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-16250/cpio-2.11-28.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16572/links-2.8-4.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16626/qemu-1.6.2-12.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16667/sagemath-6.1.1-6.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16869/docker-io-1.4.0-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16854/freetype-2.5.0-7.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16838/rpm-4.11.3-2.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17067/denyhosts-2.6-29.fc20.1
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17089/orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17107/ettercap-0.8.1-2.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17219/seamonkey-2.31-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17222/subversion-1.8.11-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17245/mailx-12.5-11.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17228/mediawiki-1.23.8-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17229/php-5.5.20-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17274/mingw-jasper-1.900.1-25.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17283/kernel-3.17.7-200.fc20

The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16810/ppp-2.4.5-35.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17263/dbus-1.6.28-3.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17287/btrfs-progs-3.17.3-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17231/hwdata-0.273-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16705/ibus-1.5.9-8.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20

The following builds have been pushed to Fedora 20 updates-testing

    babel-1.3-7.fc20
    btrfs-progs-3.17.3-1.fc20
    ca-certificates-2014.2.2-1.0.fc20
    dbus-1.6.28-3.fc20
    deluge-1.3.11-1.fc20
    devilspie2-0.38-2.fc20
    digikam-4.6.0-1.fc20
    eigen3-3.2.3-1.fc20
    fedmsg-notify-0.5.5-1.fc20
    gnome-contacts-3.10.2-1.fc20
    google-roboto-fonts-1.2-6.fc20
    hwdata-0.273-1.fc20
    ibus-1.5.9-8.fc20
    jasper-1.900.1-27.fc20
    kernel-3.17.7-200.fc20
    kubernetes-0.7.0-18.0.git52e165a.fc20
    mailx-12.5-11.fc20
    mate-themes-extras-3.10.4-1.fc20
    mediawiki-1.23.8-1.fc20
    mingw-eigen3-3.2.3-1.fc20
    mingw-jasper-1.900.1-25.fc20
    mkvtoolnix-7.4.0-1.fc20
    php-5.5.20-2.fc20
    python-mutagen-1.27-1.fc20
    python-nmap-0.3.4-2.fc20
    python-sphinxcontrib-napoleon-0.2.8-2.fc20
    zint-2.4.3-9.fc20

Details about builds:

================================================================================
 babel-1.3-7.fc20 (FEDORA-2014-17261)
 Tools for internationalizing Python applications
--------------------------------------------------------------------------------
Update Information:

* removes the version portion of the egg dependency on pytz as that breaks with newer setuptools.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 1.3-7
- Remove pytz version requirement in egginfo as it confuses newer setuptools
* Mon Jun 30 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 1.3-6
- Change python-setuptools-devel BR into python-setuptools
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Kalev Lember <kalevlember at gmail.com> - 1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
--------------------------------------------------------------------------------

================================================================================
 btrfs-progs-3.17.3-1.fc20 (FEDORA-2014-17287)
 Userspace programs for btrfs
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec  5 2014 Eric Sandeen <sandeen at redhat.com> 3.17.3-1
- New upstream release
* Fri Nov 21 2014 Eric Sandeen <sandeen at redhat.com> 3.17.2-1
- New upstream release
--------------------------------------------------------------------------------

================================================================================
 ca-certificates-2014.2.2-1.0.fc20 (FEDORA-2014-17272)
 The Mozilla CA root certificate bundle
--------------------------------------------------------------------------------
Update Information:

This is an update to the set of CA certificates released with NSS version 3.17.3

However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details.

If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the "ca-legacy disable" command.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2014 Kai Engert <kaie at redhat.com> - 2014.2.2-1.0
- Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications
- Update project URL
--------------------------------------------------------------------------------

================================================================================
 dbus-1.6.28-3.fc20 (FEDORA-2014-17263)
 D-BUS message bus
--------------------------------------------------------------------------------
Update Information:

Several fixes for packaging bugs\r\n\r\n* Relax subpackage dependencies (#1175837)\r\n* Remove obsolete dbus.target.wants (#1084087)\r\n* Use --with-tests to conditionalize test dependencies\r\n* Add some more documentation from the upstream tarball\r\n* Use macroized systemd scriptlets (#850083)\r\n* Correct license description for multiple licenses\r\n* BR systemd-devel\r\n* Adapt to unversioned docdirs; don't ship all docs in main package.\r\n* Fix bogus dates in %changelog and tabs vs spaces warning.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 David King <amigadave at amigadave.com> - 1:1.6.28-3
- Relax subpackage dependencies (#1175837)
* Thu Dec  4 2014 David King <amigadave at amigadave.com> - 1:1.6.28-2
- Remove obsolete dbus.target.wants (#1084087)
- Use --with-tests to conditionalize test dependencies
- Tighten subpackage dependencies by using %{?_isa}
- Add some more documentation from the upstream tarball
- Use macroized systemd scriptlets (#850083)
- Correct license description for multiple licenses
- fix license handling
- BR systemd-devel
- Adapt to unversioned docdirs; don't ship all docs in main package.
- Fix bogus dates in %changelog and tabs vs spaces warning.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175837 - Cannot update dbus pkgs because of conflicts
        https://bugzilla.redhat.com/show_bug.cgi?id=1175837
  [ 2 ] Bug #1084087 - dbus provides unused files
        https://bugzilla.redhat.com/show_bug.cgi?id=1084087
  [ 3 ] Bug #850083 - Introduce new systemd-rpm macros in dbus spec file
        https://bugzilla.redhat.com/show_bug.cgi?id=850083
--------------------------------------------------------------------------------

================================================================================
 deluge-1.3.11-1.fc20 (FEDORA-2014-17299)
 A GTK+ BitTorrent client with support for DHT, UPnP, and PEX
--------------------------------------------------------------------------------
Update Information:

Update to 1.3.11\r\n\r\nGtkUI\r\n\r\n    Fixed ImportError? for users with Twisted < 10\r\n    #2698: Fixed column issue when disabling a plugin \r\n\r\nCore\r\n\r\n    Fixed cache issue with libtorrent 0.16 on Windows\r\n    #2555: Disabled use of SSLv3 protocol for DelugeRPC \r\n\r\nWebUI\r\n\r\n    Modify SSL Context to allow >= TLSv1 protocol\r\n    #2588: Fixed Size column to show total_wanted instead of total_size \nupdate to 1.3.10
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Tom Callaway <spot at fedoraproject.org> - 1.3.11-1
- update to 1.3.11
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1153456 - deluge-web is vulnerable to POODLE
        https://bugzilla.redhat.com/show_bug.cgi?id=1153456
--------------------------------------------------------------------------------

================================================================================
 devilspie2-0.38-2.fc20 (FEDORA-2014-17294)
 A window-matching utility
--------------------------------------------------------------------------------
Update Information:

Initial release.
--------------------------------------------------------------------------------

================================================================================
 digikam-4.6.0-1.fc20 (FEDORA-2014-17291)
 A digital camera accessing & photo management application
--------------------------------------------------------------------------------
Update Information:

digiKam 4.6.0 See https://www.digikam.org/node/725
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Alexey Kurov <nucleo at fedoraproject.org> - 4.6.0-1
- digikam-4.6.0
* Wed Dec 10 2014 Rex Dieter <rdieter at fedoraproject.org> 4.5.0-3
- rebuild (marble)
- drop libjpeg-turbo workarounds (not needed anymore)
* Mon Nov 17 2014 Rex Dieter <rdieter at fedoraproject.org> 4.5.0-2
- fix/workaround FTBFS against newer libjpeg-turbo (kde#340944)
--------------------------------------------------------------------------------

================================================================================
 eigen3-3.2.3-1.fc20 (FEDORA-2014-17250)
 A lightweight C++ template library for vector and matrix math
--------------------------------------------------------------------------------
Update Information:

Update to release 3.2.3, see http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.3 for details.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Sandro Mani <manisandro at gmail.com> - 3.2.3-1
- Update to release 3.2.3
- Drop upstreamed eigen3-ppc64.patch
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175149 - eigen3-3.2.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1175149
--------------------------------------------------------------------------------

================================================================================
 fedmsg-notify-0.5.5-1.fc20 (FEDORA-2014-17253)
 Fedmsg Desktop Notifications
--------------------------------------------------------------------------------
Update Information:

 * Make the topic grid scrollable
 * Fixed the distro-specific imports
 * Uses the abrt python API

--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Luke Macken <lmacken at redhat.com> - 0.5.5-1
- Latest upstream release
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1087076 - Fedmsg-notify height windows is not resizable.
        https://bugzilla.redhat.com/show_bug.cgi?id=1087076
--------------------------------------------------------------------------------

================================================================================
 gnome-contacts-3.10.2-1.fc20 (FEDORA-2014-17279)
 Contacts manager for GNOME
--------------------------------------------------------------------------------
Update Information:

Update to 3.10.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 David King <amigadave at amigadave.com> - 3.10.2-1
- Update to 3.10.2
--------------------------------------------------------------------------------

================================================================================
 google-roboto-fonts-1.2-6.fc20 (FEDORA-2014-17236)
 Google Roboto fonts
--------------------------------------------------------------------------------
Update Information:

Update to what is presumably the latest release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 David Tardon <dtardon at redhat.com> - 1.2-6
- Resolves: rhbz#1174935 update to what is presumably the latest release
  of the font
* Mon Nov 24 2014 David Tardon <dtardon at redhat.com> - 1.2-5
- use just Roboto as the font's name in metainfo
* Thu Nov 20 2014 David Tardon <dtardon at redhat.com> - 1.2-4
- add AppData files
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1174935 - Roboto Black and Roboto Condensed have bad metadata which results in misrendered web pages (among other things)
        https://bugzilla.redhat.com/show_bug.cgi?id=1174935
--------------------------------------------------------------------------------

================================================================================
 hwdata-0.273-1.fc20 (FEDORA-2014-17231)
 Hardware identification and configuration data
--------------------------------------------------------------------------------
Update Information:

Updated pci, usb and vendor ids.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Michal Minar <miminar at redhat.com> 0.273-1
- Updated pci, usb and vendor ids.
--------------------------------------------------------------------------------

================================================================================
 ibus-1.5.9-8.fc20 (FEDORA-2014-16705)
 Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:

This fix replaces 'US' with 'EN' icon on ibus panel icon.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Takao Fujiwara <tfujiwar at redhat.com> - 1.5.9-8
- Updated ibus-HEAD.patch to fix #1175595 ibus-x11 freeze
* Mon Dec  8 2014 Takao Fujiwara <tfujiwar at redhat.com> - 1.5.9-7
- Added ibus-1136623-lost-by-another-focus.patch to fix #1136623
* Mon Dec  8 2014 Takao Fujiwara <tfujiwar at redhat.com> - 1.5.9-6
- Updated ibus-xx-increase-timeout.patch to fix #1163722
- Updated ibus-HEAD.patch for upstream #1747, #1748, #1753
  and gnome #703020, gnome #730628
* Wed Nov 12 2014 Takao Fujiwara <tfujiwar at redhat.com> - 1.5.9-5
- rhbz#1161871 Added BR of python and python3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1163722 - ibus freezes while switching input method
        https://bugzilla.redhat.com/show_bug.cgi?id=1163722
  [ 2 ] Bug #1136623 - The input context is disabled with the popup window
        https://bugzilla.redhat.com/show_bug.cgi?id=1136623
  [ 3 ] Bug #1175595 - [Fedora] using "PreeditType: OverTheSpot" child window input freezes
        https://bugzilla.redhat.com/show_bug.cgi?id=1175595
--------------------------------------------------------------------------------

================================================================================
 jasper-1.900.1-27.fc20 (FEDORA-2014-16349)
 Implementation of the JPEG-2000 standard, Part 1
--------------------------------------------------------------------------------
Update Information:

Fixes various flaws: CVE-2014-9029, CVE-2014-8138, CVE-2014-8137
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Jiri Popelka <jpopelka at redhat.com> - 1.900.1-27
- CVE-2014-8137 - double-free in jas_iccattrval_destroy() (oCERT-2014-012) (#1175761)
- CVE-2014-8138 - heap overflow in jp2_decode() (oCERT-2014-012) (#1175761)
* Thu Dec  4 2014 Jiri Popelka <jpopelka at redhat.com> - 1.900.1-26
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
                  marker segment decoders (#1170650)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1167537 - CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
        https://bugzilla.redhat.com/show_bug.cgi?id=1167537
  [ 2 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173157
  [ 3 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173162
--------------------------------------------------------------------------------

================================================================================
 kernel-3.17.7-200.fc20 (FEDORA-2014-17283)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:

The 3.17.7 stable update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2014 Justin M. Forbes <jforbes at fedoraproject.org> - 3.17.7-200
- Linux v3.17.7
* Tue Dec 16 2014 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2014-8559 deadlock due to incorrect usage of rename_lock (rhbz 1159313 1173814)
- Add patch from Josh Stone to restore var-tracking via Kconfig (rhbz 1126580)
* Mon Dec 15 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Fix ppc64 boot with smt-enabled=off (rhbz 1173806)
- CVE-2014-8133 x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS (rhbz 1172797 1174374)
* Fri Dec 12 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Remove pointless warning in cfg80211 (rhbz 1172543)
* Wed Dec 10 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Fix MSI issues on another Samsung pci-e SSD (rhbz 1084928)
- Fix UAS crashes with Seagate and Fresco Logic drives (rhbz 1164945)
- CVE-2014-8134 fix espfix for 32-bit KVM paravirt guests (rhbz 1172765 1172769)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1159313 - CVE-2014-8559 Kernel: fs: deadlock due to incorrect usage of rename_lock
        https://bugzilla.redhat.com/show_bug.cgi?id=1159313
  [ 2 ] Bug #1172797 - CVE-2014-8133 kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS
        https://bugzilla.redhat.com/show_bug.cgi?id=1172797
  [ 3 ] Bug #1172765 - CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests
        https://bugzilla.redhat.com/show_bug.cgi?id=1172765
--------------------------------------------------------------------------------

================================================================================
 kubernetes-0.7.0-18.0.git52e165a.fc20 (FEDORA-2014-17286)
 Container cluster management
--------------------------------------------------------------------------------
Update Information:

Bump to upstream 52e165a4fd720d1703ebc31bd6660e01334227b8
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2014 Eric Paris <eparis at redhat.com> - 0.7.0-18.0.git52e165a
- Bump to upstream 52e165a4fd720d1703ebc31bd6660e01334227b8
* Mon Dec 15 2014 Eric Paris <eparis at redhat.com> - 0.6-297.0.git5ef34bf
- Bump to upstream 5ef34bf52311901b997119cc49eff944c610081b
* Wed Dec  3 2014 Eric Paris <eparis at redhat.com>
- Replace patch to use old googlecode/go.net/ with BuildRequires on golang.org/x/net/
--------------------------------------------------------------------------------

================================================================================
 mailx-12.5-11.fc20 (FEDORA-2014-17245)
 Enhanced implementation of the mailx command
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2004-2771, CVE-2014-7844
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 jchaloup <jchaloup at redhat.com> - 12.5-11
- Security fix for CVE-2004-2771, CVE-2014-7844
  resolves: #1174903
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1162783 - CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=1162783
--------------------------------------------------------------------------------

================================================================================
 mate-themes-extras-3.10.4-1.fc20 (FEDORA-2014-17249)
 Extra gtk-2/3 themes for gtk based desktops
--------------------------------------------------------------------------------
Update Information:

- update to 3.10.4
- more improvements for csd applications
- improvements for Submarine themes, Smoothly themes,
- Zukitwo color themes and GnomishBeige theme
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Wolfgang Ulbrich <chat-to-me at raveit.de> - 3.10.4-1
- update to 3.10.4
- more improvements for csd applications
- improvements for Submarine themes, Smoothly themes,
- Zukitwo color themes and GnomishBeige theme
--------------------------------------------------------------------------------

================================================================================
 mediawiki-1.23.8-1.fc20 (FEDORA-2014-17228)
 A wiki engine
--------------------------------------------------------------------------------
Update Information:

* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.\r\n* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.\r\n* (bug T74222) The original patch for T74222 was reverted as unnecessary.\r\n
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Michael Cronenworth <mike at cchtml.com> - 1.23.8-1
- Update to 1.23.8
- (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.
- (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.
- (bug T74222) The original patch for T74222 was reverted as unnecessary.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175828 - mediawiki: multiple vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=1175828
--------------------------------------------------------------------------------

================================================================================
 mingw-eigen3-3.2.3-1.fc20 (FEDORA-2014-17288)
 MinGW lightweight C++ template library for vector and matrix math
--------------------------------------------------------------------------------
Update Information:

Update to release 3.2.3, see http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.3 for details.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Sandro Mani <manisandro at gmail.com> - 3.2.3-1
- Update to release 3.2.3
--------------------------------------------------------------------------------

================================================================================
 mingw-jasper-1.900.1-25.fc20 (FEDORA-2014-17274)
 MinGW Windows Jasper library
--------------------------------------------------------------------------------
Update Information:

Fixes for CVE-2014-8137 and CVE-2014-8138
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Michael Cronenworth <mike at cchtml.com> - 1.900.1-25
- Fixes for CVE-2014-8137 and CVE-2014-8138
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173157
  [ 2 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173162
--------------------------------------------------------------------------------

================================================================================
 mkvtoolnix-7.4.0-1.fc20 (FEDORA-2014-17248)
 Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:

Multiple bugfixes and enhancements. Please see upstream changelog (https://www.bunkus.org/videotools/mkvtoolnix/doc/ChangeLog) for more details.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Dominik Mierzejewski <rpm at greysector.net> 7.4.0-1
- update to 7.4.0
- drop obsolete patch (upstream bug #1090)
- shorten desktop and icon file installation commands
* Thu Dec  4 2014 Dominik Mierzejewski <rpm at greysector.net> 7.3.0-1
- update to 7.3.0
- enable unit tests
- use system boost code fragment and pugixml
* Thu Oct  2 2014 Rex Dieter <rdieter at fedoraproject.org> 7.2.0-2
- update icon/mime scriptlets
* Sun Sep 21 2014 Dominik Mierzejewski <rpm at greysector.net> 7.2.0-1
- update to 7.2.0
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1157464 - mkvtoolnix-7.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1157464
--------------------------------------------------------------------------------

================================================================================
 php-5.5.20-2.fc20 (FEDORA-2014-17229)
 PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:

18 Dec 2014, PHP 5.5.20\\r\\n\\r\\nCore:\\r\\n* Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks). (Adam)\\r\\n* Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly  triggered). (Julien)\\r\\n* Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)\\r\\n* Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)\\r\\n* Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) (Stefan Esser)\\r\\n\\r\\nDate:\\r\\n* Fixed day_of_week function as it could sometimes return negative values internally. (Derick)\\r\\n\\r\\nFPM:\\r\\n* Fixed bug #68381 (fpm_unix_init_main ignores log_level). (David Zuelke, Remi)\\r\\n* Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi)\\r\\n* Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)\\r\\n* Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)\\r\\n* Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)\\r\\n* Fixed bug #68452 (php-fpm man page is oudated). (Remi)\\r\\n* Fixed request #68458 (Change pm.start_servers default warning to notice). (David Zuelke, Remi)\\r\\n* Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access). (Remi)\\r\\n* Fixed request #68391 (php-fpm conf files loading order). (Florian Margaine, Remi)\\r\\n* Fixed bug #68478 (access.log don't use prefix). (Remi)\\r\\n\\r\\nMcrypt:\\r\\n* Fixed possible read after end of buffer and use after free. (Dmitry)\\r\\n\\r\\nPDO_pgsql:\\r\\n* Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)\\r\\n* Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction) (Matteo)\\r\\n* Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving) (Matteo)\\r\\n\\r\\nzlib:\\r\\n* Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64) (Sascha Kettler, Matteo)\\r\\n
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Remi Collet <remi at fedoraproject.org> 5.5.20-2
- Update to 5.5.20 (real)
  http://www.php.net/releases/5_5_20.php
- php-xmlrpc requires php-xml
* Wed Dec 10 2014 Remi Collet <remi at fedoraproject.org> 5.5.20-1
- Update to 5.5.20
  http://www.php.net/releases/5_5_20.php
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
        https://bugzilla.redhat.com/show_bug.cgi?id=1175718
--------------------------------------------------------------------------------

================================================================================
 python-mutagen-1.27-1.fc20 (FEDORA-2014-17254)
 Mutagen is a Python module to handle audio meta-data
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 15 2014 Michele Baldessari <michele at acksyn.org> - 1.27-1
- New upstream release
- Only use macro style for buildroot
* Sun Nov 23 2014 Michele Baldessari <michele at acksyn.org> - 1.26-1
- Fixed homepage and source URL
- Set python2-devel as BR
- Fix documentation building and shipping
- Fix spelling errors in description
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.20-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 python-nmap-0.3.4-2.fc20 (FEDORA-2014-17230)
 A python library which helps in using nmap port scanner
--------------------------------------------------------------------------------
Update Information:

Fix package naming (rhbz#1174115)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Fabian Affolter <mail at fabian-affolter.ch> - 0.3.4-2
- Fix package naming (rhbz#1174115)
* Wed Aug  6 2014 Fabian Affolter <mail at fabian-affolter.ch> - 0.3.4-1
- Switch to py3
- Update the URL and the source URL
- Update to latest upstream version 0.3.4
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1174115 - Package built for python3, should be named python3-nmap!
        https://bugzilla.redhat.com/show_bug.cgi?id=1174115
--------------------------------------------------------------------------------

================================================================================
 python-sphinxcontrib-napoleon-0.2.8-2.fc20 (FEDORA-2014-17258)
 Sphinx napoleon extension
--------------------------------------------------------------------------------
Update Information:

Initial release.
--------------------------------------------------------------------------------

================================================================================
 zint-2.4.3-9.fc20 (FEDORA-2014-17260)
 Barcode generator library
--------------------------------------------------------------------------------
Update Information:

This update fixes https://bugzilla.redhat.com/show_bug.cgi?id=1174324
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Martin Gieseking <martin.gieseking at uos.de> 2.4.3-9
- Fixed https://bugzilla.redhat.com/show_bug.cgi?id=1174324
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1174324 - [abrt] zint-qt: __stack_chk_fail_local(): zint-qt killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1174324
--------------------------------------------------------------------------------