Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Dec 25 05:39:02 UTC 2014
The following Fedora 20 Security updates need testing:
Age URL
83 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
35 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
34 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20
20 https://admin.fedoraproject.org/updates/FEDORA-2014-16250/cpio-2.11-28.fc20
19 https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20
18 https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2014-16572/links-2.8-4.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2014-16869/docker-io-1.4.0-1.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2014-16854/freetype-2.5.0-7.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2014-16838/rpm-4.11.3-2.fc20
10 https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2014-17067/denyhosts-2.6-29.fc20.1
6 https://admin.fedoraproject.org/updates/FEDORA-2014-17107/ettercap-0.8.1-2.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-17219/seamonkey-2.31-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-17222/subversion-1.8.11-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-17245/mailx-12.5-11.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-17228/mediawiki-1.23.8-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-17229/php-5.5.20-2.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-17274/mingw-jasper-1.900.1-25.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2014-17303/libssh-0.6.4-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2014-17415/thermostat-1.0.6-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2014-17461/roundcubemail-1.0.4-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-17520/glpi-0.84.8-3.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-17596/mingw-curl-7.39.0-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-17587/mingw-openssl-1.0.1j-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-17570/mingw-dbus-1.6.28-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-17573/mingw-libxml2-2.9.2-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-17603/mingw-binutils-2.24-5.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-17580/mingw-freetype-2.5.4-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-17561/mingw-libjpeg-turbo-1.3.1-4.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
11 https://admin.fedoraproject.org/updates/FEDORA-2014-16810/ppp-2.4.5-35.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-17287/btrfs-progs-3.17.3-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-16705/ibus-1.5.9-8.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-17495/pulseaudio-5.0-25.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-17528/xorg-x11-drv-synaptics-1.7.7-1.fc20
The following builds have been pushed to Fedora 20 updates-testing
bluedevil-2.1-1.fc20
calligra-2.8.7-3.fc20
dnf-langpacks-0.6.0-1.fc20
drupal7-google_analytics-2.1-1.fc20
drupal7-webform-4.2-1.fc20
flannel-0.2.0-1.fc20
fprobe-ulog-1.2-1.fc20
golang-github-abbot-go-http-auth-0-0.1.gitc0ef453.fc20
golang-github-ghodss-yaml-0-0.2.git4fb5c72.fc20
golang-github-jonboulle-clockwork-0-0.1.git3f831b6.fc20
golang-github-spf13-cobra-0-0.5.gite1e66f7.fc20
google-roboto-fonts-1.2-8.fc20
jpegoptim-1.4.2-1.fc20
libbluedevil-2.1-1.fc20
mapserver-6.2.2-1.fc20
mingw-binutils-2.24-5.fc20
mingw-crt-3.3.0-1.fc20
mingw-curl-7.39.0-1.fc20
mingw-dbus-1.6.28-1.fc20
mingw-freetype-2.5.4-1.fc20
mingw-gcc-4.8.4-1.fc20
mingw-headers-3.3.0-1.fc20
mingw-libjpeg-turbo-1.3.1-4.fc20
mingw-libxml2-2.9.2-1.fc20
mingw-openssl-1.0.1j-1.fc20
mingw-winpthreads-3.3.0-1.fc20
nodejs-browser-request-0.3.3-1.fc20
nodejs-crc32-stream-0.3.1-1.fc20
nodejs-dtree-0.0.7-1.fc20
nodejs-end-of-stream-1.1.0-1.fc20
nodejs-hash_file-0.1.1-1.fc20
nodejs-minstache-1.2.0-1.fc20
phoronix-test-suite-5.4.1-1.fc20
sqlitebrowser-3.4.0-1.fc20
virtme-0.0.2-1.fc20
vtun-3.0.3-11.fc20
Details about builds:
================================================================================
bluedevil-2.1-1.fc20 (FEDORA-2014-16998)
Bluetooth stack for KDE
--------------------------------------------------------------------------------
Update Information:
New Bluedevil 2.1 stable release, see also: http://davidrosca.blogspot.com/2014/12/bluedevil-21-released.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Rex Dieter <rdieter at fedoraproject.org> 2.1-1
- 2.1
* Sun Dec 14 2014 Rex Dieter <rdieter at fedoraproject.org> 2.0.0-2
- pull in upstream fix for systray icon visibility when offline (kde#341768)
* Sat Dec 13 2014 Rex Dieter <rdieter at fedoraproject.org> 2.0.0-1
- 2.0
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.0-0.15.36f0438agit20140630
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Aug 12 2014 Rex Dieter <rdieter at fedoraproject.org> 2.0.0-0.14.36f0438agit20140630
- update mime scriptlet
--------------------------------------------------------------------------------
================================================================================
calligra-2.8.7-3.fc20 (FEDORA-2014-17551)
An integrated office suite
--------------------------------------------------------------------------------
Update Information:
Make calligra installable without pulling in calligra-kexi unconditionally.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 21 2014 Rex Dieter <rdieter at fedoraproject.org> 2.8.7-3
- move libcalligradb to -libs, likoreport now depends on it (#1176398)
* Wed Dec 10 2014 Rex Dieter <rdieter at fedoraproject.org> 2.8.7-2
- rebuild (marble)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176398 - calligra-libs requires Kexi
https://bugzilla.redhat.com/show_bug.cgi?id=1176398
--------------------------------------------------------------------------------
================================================================================
dnf-langpacks-0.6.0-1.fc20 (FEDORA-2014-17578)
Langpacks plugin for dnf
--------------------------------------------------------------------------------
Update Information:
update to 0.6.0 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Parag Nemade <pnemade AT redhat DOT com> - 0.6.0-1
- update to 0.6.0 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1151849 - Output is not clear, unicode warning for some languages.
https://bugzilla.redhat.com/show_bug.cgi?id=1151849
[ 2 ] Bug #1151850 - [dnf langinstall] Message for already installed language can be more informative
https://bugzilla.redhat.com/show_bug.cgi?id=1151850
--------------------------------------------------------------------------------
================================================================================
drupal7-google_analytics-2.1-1.fc20 (FEDORA-2014-17575)
Adds the Google Analytics web statistics tracking system to your website
--------------------------------------------------------------------------------
Update Information:
- Updated to 2.1 (BZ #1173033; release notes https://www.drupal.org/node/2384245)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 24 2014 Peter Borsa <peter.borsa at gmail.com> - 2.1-1
- Updated to 2.1 (BZ #1173033; release notes https://www.drupal.org/node/2384245)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1173033 - drupal7-google_analytics-2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1173033
--------------------------------------------------------------------------------
================================================================================
drupal7-webform-4.2-1.fc20 (FEDORA-2014-17579)
Webform is the module for making surveys in Drupal
--------------------------------------------------------------------------------
Update Information:
- Update to 4.2\r\n- Release notes can be found at https://www.drupal.org/node/2381793
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Peter Borsa <peter.borsa at gmail.com> 4.2-1
- Update to 4.2
- Release notes can be found at https://www.drupal.org/node/2381793
* Tue Nov 25 2014 Peter Borsa <peter.borsa at gmail.com> 4.1-1
- Update to 4.1
- Release notes can be found at https://www.drupal.org/node/2351973
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.0-0.3.beta3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1150458 - drupal7-webform-4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1150458
--------------------------------------------------------------------------------
================================================================================
flannel-0.2.0-1.fc20 (FEDORA-2014-17612)
Etcd address management agent for overlay networks
--------------------------------------------------------------------------------
Update Information:
update to upstream v0.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Lokesh Mandvekar <lsm5 at fedoraproject.org> - 0.2.0-1
- update to upstream v0.2.0
- append FLANNEL_OPTIONS variable to unitfile command
- systemd-units merged into systemd for fedora18+
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176844 - add ${FLANNEL_OPTIONS} to flanneld.service unitfile
https://bugzilla.redhat.com/show_bug.cgi?id=1176844
--------------------------------------------------------------------------------
================================================================================
fprobe-ulog-1.2-1.fc20 (FEDORA-2014-17594)
NetFlow probe
--------------------------------------------------------------------------------
Update Information:
Update to 1.2 - Uses libnetfilter_log_libipulog compatibility library to work with NFLOG iptables target.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Orion Poplawski <orion at cora.nwra.com> - 1.2-1
- Update to 1.2 (fixes bug #1172032)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
golang-github-abbot-go-http-auth-0-0.1.gitc0ef453.fc20 (FEDORA-2014-17600)
Basic and Digest HTTP Authentication for golang http
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1175673 - Review Request: golang-github-abbot-go-http-auth - Basic and Digest HTTP Authentication for golang http
https://bugzilla.redhat.com/show_bug.cgi?id=1175673
--------------------------------------------------------------------------------
================================================================================
golang-github-ghodss-yaml-0-0.2.git4fb5c72.fc20 (FEDORA-2014-17583)
A better way to marshal and unmarshal YAML in Golang
--------------------------------------------------------------------------------
Update Information:
Bump to 4fb5c728a37b361a1e971a3bb3d785fcc96b6ef5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 24 2014 jchaloup <jchaloup at redhat.com> - 0-0.2.git92ff9d3
- Bump to 4fb5c728a37b361a1e971a3bb3d785fcc96b6ef5
related: #1172603
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1172603 - Review Request: golang-github-ghodss-yaml - A better way to marshal and unmarshal YAML in Golang
https://bugzilla.redhat.com/show_bug.cgi?id=1172603
--------------------------------------------------------------------------------
================================================================================
golang-github-jonboulle-clockwork-0-0.1.git3f831b6.fc20 (FEDORA-2014-17591)
A fake clock for golang
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1175771 - Review Request: golang-github-jonboulle-clockwork - A fake clock for golang
https://bugzilla.redhat.com/show_bug.cgi?id=1175771
--------------------------------------------------------------------------------
================================================================================
golang-github-spf13-cobra-0-0.5.gite1e66f7.fc20 (FEDORA-2014-17615)
A Commander for modern go CLI interactions
--------------------------------------------------------------------------------
Update Information:
Bump to e1e66f7b4e667751cf530ddb6e72b79d6eeb0235
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 24 2014 jchaloup <jchaloup at redhat.com> - 0-0.5.gitb1e90a7
- Bump to e1e66f7b4e667751cf530ddb6e72b79d6eeb0235
related: #1085881
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1085881 - Review Request: golang-github-spf13-cobra - A Commander for modern go CLI interactions
https://bugzilla.redhat.com/show_bug.cgi?id=1085881
--------------------------------------------------------------------------------
================================================================================
google-roboto-fonts-1.2-8.fc20 (FEDORA-2014-17605)
Google Roboto fonts
--------------------------------------------------------------------------------
Update Information:
Fix placement of fontconfig .conf files.\nUpdate to what is presumably the latest release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 David Tardon <dtardon at redhat.com> - 1.2-8
- revert the previous "update"
- Resolves: rhbz#1174935 fix font metadata
* Tue Dec 23 2014 David Tardon <dtardon at redhat.com> - 1.2-7
- drop obsolete requires
* Wed Dec 17 2014 David Tardon <dtardon at redhat.com> - 1.2-6
- Resolves: rhbz#1174935 update to what is presumably the latest release
of the font
* Mon Nov 24 2014 David Tardon <dtardon at redhat.com> - 1.2-5
- use just Roboto as the font's name in metainfo
* Thu Nov 20 2014 David Tardon <dtardon at redhat.com> - 1.2-4
- add AppData files
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1174935 - Roboto Black and Roboto Condensed have bad metadata which results in misrendered web pages (among other things)
https://bugzilla.redhat.com/show_bug.cgi?id=1174935
--------------------------------------------------------------------------------
================================================================================
jpegoptim-1.4.2-1.fc20 (FEDORA-2014-17608)
Utility to optimize JPEG files
--------------------------------------------------------------------------------
Update Information:
Update to version 1.4.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Denis Fateyev <denis at fateyev.com> - 1.4.2-1
- Update to version 1.4.2
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176901 - jpegoptim-1.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1176901
--------------------------------------------------------------------------------
================================================================================
libbluedevil-2.1-1.fc20 (FEDORA-2014-16998)
A Qt wrapper for bluez
--------------------------------------------------------------------------------
Update Information:
New Bluedevil 2.1 stable release, see also: http://davidrosca.blogspot.com/2014/12/bluedevil-21-released.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Rex Dieter <rdieter at fedoraproject.org> 2.1-1
- 2.1
* Sat Dec 13 2014 Rex Dieter <rdieter at fedoraproject.org> 2.0-1
- 2.0
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0-0.10.rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mapserver-6.2.2-1.fc20 (FEDORA-2014-17559)
Environment for building spatially-enabled internet applications
--------------------------------------------------------------------------------
Update Information:
Update to latest 6.2 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Pavel Lisý <pali at fedoraproject.org> - 6.2.2-1
- Update to latest 6.2 release
- BZ 1048689 - CVE-2013-7262 mapserver: SQL injections with postgis TIME filters
- BZ 747409 - MapServer uses internal AGG and does not depend on agg-devel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1048689 - CVE-2013-7262 mapserver: SQL injections with postgis TIME filters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1048689
[ 2 ] Bug #747409 - Port from ELGIS: Simplfy spec
https://bugzilla.redhat.com/show_bug.cgi?id=747409
--------------------------------------------------------------------------------
================================================================================
mingw-binutils-2.24-5.fc20 (FEDORA-2014-17603)
Cross-compiled version of binutils for Win32 and Win64 environments
--------------------------------------------------------------------------------
Update Information:
Fix various CVE's
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 2.24-5
- Fix CVE-2014-8501 (RHBZ #1162578 #1162583)
- Fix CVE-2014-8502 (RHBZ #1162602)
- Fix CVE-2014-8503 (RHBZ #1162612)
- Fix CVE-2014-8504 (RHBZ #1162626)
- Fix CVE-2014-8737 (RHBZ #1162660)
- Fix CVE-2014-8738 (RHBZ #1162673)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.24-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.24-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 30 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 2.24-2
- Fix FTBFS against gcc 4.9
* Sat Jan 11 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 2.24-1
- Update to 2.24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162578 - CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162578
[ 2 ] Bug #1162602 - CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162602
[ 3 ] Bug #1162612 - CVE-2014-8503 mingw-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162612
[ 4 ] Bug #1162626 - CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162626
[ 5 ] Bug #1162660 - mingw-binutils: binutils: directory traversal vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162660
[ 6 ] Bug #1162673 - mingw-binutils: binutils: out of bounds memory write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162673
--------------------------------------------------------------------------------
================================================================================
mingw-crt-3.3.0-1.fc20 (FEDORA-2014-17552)
MinGW Windows cross-compiler runtime
--------------------------------------------------------------------------------
Update Information:
Updated mingw toolchain to mingw-w64 v3.3.0 and gcc 4.8.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 3.3.0-1
- Update to 3.3.0
--------------------------------------------------------------------------------
================================================================================
mingw-curl-7.39.0-1.fc20 (FEDORA-2014-17596)
MinGW Windows port of curl and libcurl
--------------------------------------------------------------------------------
Update Information:
* Update to 7.39.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 7.39.0-1
- Update to 7.39.0
- Fixes CVE-2014-3707 (RHBZ #1160724)
- Fixes CVE-2014-3620 CVE-2014-3613 (RHBZ #1140037)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.37.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1140037 - CVE-2014-3620 CVE-2014-3613 mingw-curl: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1140037
[ 2 ] Bug #1160724 - CVE-2014-3707 mingw-curl: curl: incorrect handle duplication after COPYPOSTFIELDS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1160724
--------------------------------------------------------------------------------
================================================================================
mingw-dbus-1.6.28-1.fc20 (FEDORA-2014-17570)
MinGW Windows port of D-Bus
--------------------------------------------------------------------------------
Update Information:
* Update to 1.8.12\\r\\n* Fixes various CVE's
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 22 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 1.6.28-1
- Update to 1.6.28
- Fixes CVE-2014-7824 (RHBZ #1173557)
- Fixes CVE-2014-3638 CVE-2014-3639 CVE-2014-3636
CVE-2014-3637 and CVE-2014-3635 (RHBZ #1142582)
- Fixes CVE-2014-3477 (RHBZ #1117395)
- Fixes CVE-2014-3533 CVE-2014-3532 (RHBZ #1115637)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1173557 - CVE-2014-7824 mingw-dbus: dbus: local denial of service via incomplete fix for CVE-2014-3636 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1173557
[ 2 ] Bug #1142582 - CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 mingw-dbus: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1142582
[ 3 ] Bug #1115637 - CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1115637
[ 4 ] Bug #1117395 - CVE-2014-3477 mingw-dbus: dbus: denial of service flaw in dbus-daemon [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1117395
--------------------------------------------------------------------------------
================================================================================
mingw-freetype-2.5.4-1.fc20 (FEDORA-2014-17580)
Free and portable font rendering engine
--------------------------------------------------------------------------------
Update Information:
* Update to 2.5.4\r\n* Updated subpixel rendering patch to 2.5.3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 2.5.4-1
- Update to 2.5.4
- Fixes RHBZ #1172635
* Thu Jul 10 2014 Nicola Fontana <ntd at entidi.it> - 2.5.3-3
- Update subpixel rendering patch to 2.5.3 (RHBZ #1118276)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1118276 - Subpixel rendering patch invalid
https://bugzilla.redhat.com/show_bug.cgi?id=1118276
[ 2 ] Bug #1172635 - mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240). [fedora-20]
https://bugzilla.redhat.com/show_bug.cgi?id=1172635
--------------------------------------------------------------------------------
================================================================================
mingw-gcc-4.8.4-1.fc20 (FEDORA-2014-17552)
MinGW Windows cross-compiler (GCC) for C
--------------------------------------------------------------------------------
Update Information:
Updated mingw toolchain to mingw-w64 v3.3.0 and gcc 4.8.4
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 22 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 4.8.4-1
- Update to 4.8.4
--------------------------------------------------------------------------------
================================================================================
mingw-headers-3.3.0-1.fc20 (FEDORA-2014-17552)
Win32/Win64 header files
--------------------------------------------------------------------------------
Update Information:
Updated mingw toolchain to mingw-w64 v3.3.0 and gcc 4.8.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 3.3.0-1
- Update to 3.3.0
- Backported upstream commit ea45fb3 (add tsattrs.h header)
as this is required by the most recent mingw-wine-gecko
--------------------------------------------------------------------------------
================================================================================
mingw-libjpeg-turbo-1.3.1-4.fc20 (FEDORA-2014-17561)
MinGW Windows Libjpeg-turbo library
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2014-9092
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 22 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 1.3.1-4
- Fix CVE-2014-9092 (RHBZ #1169851 #1169853)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169851 - CVE-2014-9092 mingw-libjpeg-turbo: libjpeg-turbo: denial of service via specially-crafted JPEG file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169851
--------------------------------------------------------------------------------
================================================================================
mingw-libxml2-2.9.2-1.fc20 (FEDORA-2014-17573)
MinGW Windows libxml2 XML processing library
--------------------------------------------------------------------------------
Update Information:
Update to libxml2 2.9.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 2.9.2-1
- Update to 2.9.2
- Avoid corrupting the xml catalogs
- Fix CVE-2014-0191 (RHBZ #1107557)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.9.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1107557 - CVE-2014-0191 mingw-libxml2: libxml2: external parameter entity loaded when entity substitution is disabled [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1107557
--------------------------------------------------------------------------------
================================================================================
mingw-openssl-1.0.1j-1.fc20 (FEDORA-2014-17587)
MinGW port of the OpenSSL toolkit
--------------------------------------------------------------------------------
Update Information:
* Synced with native openssl-1.0.1j-3.fc22\r\n* Add support for RFC 5649\r\n* Prevent compiler warning "Please include winsock2.h before windows.h" when using the OpenSSL headers\r\n* Fixes various CVE's
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 22 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 1.0.1j-1
- Synced with native openssl-1.0.1j-3.fc22
- Add support for RFC 5649
- Prevent compiler warning "Please include winsock2.h before windows.h"
when using the OpenSSL headers
- Fixes various CVE's (RHBZ #1127889 #1127709 #1152851)
* Thu Aug 21 2014 Marc-André Lureau <marcandre.lureau at redhat.com> - 1.0.1i-1
- Synced with native openssl-1.0.1i-3.fc21
- Fixes various flaws (RHBZ#1096234 and RHBZ#1127705)
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511
CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 CVE-2014-0221
CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298
CVE-2014-3470
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.1e-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1152851 - CVE-2014-3566 mingw-openssl: openssl: Padding Oracle On Downgraded Legacy Encryption attack [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1152851
[ 2 ] Bug #1096234 - CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1096234
[ 3 ] Bug #1127705 - CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1127705
--------------------------------------------------------------------------------
================================================================================
mingw-winpthreads-3.3.0-1.fc20 (FEDORA-2014-17552)
MinGW pthread library
--------------------------------------------------------------------------------
Update Information:
Updated mingw toolchain to mingw-w64 v3.3.0 and gcc 4.8.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 3.3.0-1
- Update to 3.3.0
--------------------------------------------------------------------------------
================================================================================
nodejs-browser-request-0.3.3-1.fc20 (FEDORA-2014-17593)
Browser port of the Node.js 'request' package
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1173387 - Review Request: nodejs-browser-request - Browser port of the Node.js 'request' package
https://bugzilla.redhat.com/show_bug.cgi?id=1173387
--------------------------------------------------------------------------------
================================================================================
nodejs-crc32-stream-0.3.1-1.fc20 (FEDORA-2014-17598)
A streaming CRC32 checksumer
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176887 - Review Request: nodejs-crc32-stream - A streaming CRC32 checksumer
https://bugzilla.redhat.com/show_bug.cgi?id=1176887
--------------------------------------------------------------------------------
================================================================================
nodejs-dtree-0.0.7-1.fc20 (FEDORA-2014-17574)
Command-line tool to view the dependency tree of any single js file
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1171750 - Review Request: nodejs-dtree - Command-line tool to view the dependency tree of any single js file
https://bugzilla.redhat.com/show_bug.cgi?id=1171750
--------------------------------------------------------------------------------
================================================================================
nodejs-end-of-stream-1.1.0-1.fc20 (FEDORA-2014-17589)
Call a callback when a readable/writable/duplex stream has completed or failed
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176809 - Review Request: nodejs-end-of-stream - Call a callback when a readable/writable/duplex stream has completed or failed
https://bugzilla.redhat.com/show_bug.cgi?id=1176809
--------------------------------------------------------------------------------
================================================================================
nodejs-hash_file-0.1.1-1.fc20 (FEDORA-2014-17590)
A simple utility for getting a hash of a file
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176880 - Review Request: nodejs-hash_file - A simple utility for getting a hash of a file
https://bugzilla.redhat.com/show_bug.cgi?id=1176880
--------------------------------------------------------------------------------
================================================================================
nodejs-minstache-1.2.0-1.fc20 (FEDORA-2014-17542)
Mini mustache template engine
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1173206 - Review Request: nodejs-minstache - Mini mustache template engine
https://bugzilla.redhat.com/show_bug.cgi?id=1173206
--------------------------------------------------------------------------------
================================================================================
phoronix-test-suite-5.4.1-1.fc20 (FEDORA-2014-17563)
An Automated, Open-Source Testing Framework
--------------------------------------------------------------------------------
Update Information:
Update to new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 24 2014 Markus Mayer <lotharlutz at gmx.de> 5.4.1-1
- new upstream release
* Thu Oct 2 2014 Rex Dieter <rdieter at fedoraproject.org> 5.2.1-2
- update mime scriptlets
--------------------------------------------------------------------------------
================================================================================
sqlitebrowser-3.4.0-1.fc20 (FEDORA-2014-17562)
Create, design, and edit SQLite database files
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1173375 - Review Request: sqlitebrowser - Create, design, and edit SQLite database files
https://bugzilla.redhat.com/show_bug.cgi?id=1173375
--------------------------------------------------------------------------------
================================================================================
virtme-0.0.2-1.fc20 (FEDORA-2014-17607)
Virtualize the running distro or a simple rootfs
--------------------------------------------------------------------------------
Update Information:
New upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Andy Lutomirski <luto at mit.edu> - 0.0.2-1
- New upstream version.
--------------------------------------------------------------------------------
================================================================================
vtun-3.0.3-11.fc20 (FEDORA-2014-17545)
Virtual tunnel over TCP/IP networks
--------------------------------------------------------------------------------
Update Information:
enhanced service file (remove "KillMode", use default "cgroup" mode)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 23 2014 Gabriel Somlo <somlo at cmu.edu> 3.0.3-11
- enhanced service file (remove "KillMode", use default "cgroup" mode)
--------------------------------------------------------------------------------
More information about the test
mailing list