Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Jan 15 06:11:41 UTC 2014
The following Fedora 19 Security updates need testing:
Age URL
88 https://admin.fedoraproject.org/updates/FEDORA-2013-19262/quassel-0.9.1-1.fc19
81 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
26 https://admin.fedoraproject.org/updates/FEDORA-2013-23592/rubygem-actionpack-3.2.13-3.fc19
26 https://admin.fedoraproject.org/updates/FEDORA-2013-23622/ibus-chewing-1.4.4-1.fc19
18 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-0398/cantata-1.2.2-1.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-0467/libXfont-1.4.5-5.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-0508/drupal7-entity-1.3-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-0574/flite-1.3-20.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-0567/strongswan-5.1.1-4.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-0094/rubygem-will_paginate-3.0.4-5.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-0621/graphviz-2.30.1-12.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-0719/openjpeg-1.5.1-8.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22883/qt3-3.3.8b-56.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-0858/bind-9.9.3-14.P2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22932/qt-4.8.5-14.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-0850/puppet-3.4.2-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
55 https://admin.fedoraproject.org/updates/FEDORA-2013-21772/unzip-6.0-11.fc19
29 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-0158/perl-Encode-2.54-2.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-0051/libldb-1.1.16-4.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2014-0250/qtwebkit-2.3.3-3.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-0452/popt-1.16-2.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-0498/livecd-tools-19.8-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-0525/ca-certificates-2013.1.96-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-0517/pcre-8.32-8.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-0437/satyr-0.13-1.fc19,abrt-2.1.11-1.fc19,libreport-2.1.11-1.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-0630/control-center-3.8.5-2.fc19,accountsservice-0.6.35-3.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-0636/selinux-policy-3.12.1-74.17.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-0639/rtkit-0.11-8.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-0719/openjpeg-1.5.1-8.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-0858/bind-9.9.3-14.P2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-0847/ibus-1.5.5-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-0752/firewalld-0.3.9-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-0739/colord-1.0.6-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-0749/util-linux-2.23.2-5.fc19
The following builds have been pushed to Fedora 19 updates-testing
NLopt-2.4.1-5.fc19
bind-9.9.3-14.P2.fc19
corosync-2.3.3-1.fc19
cpuid-20140112-1.fc19
duplicity-0.6.22-4.fc19
findbugs-bcel-5.3-0.2.20130910svn1521566.fc19
fswebcam-20140113-1.fc19
gnome-commander-1.2.8.17-1.fc19
google-android-emoji-fonts-1.01-0.1.20120228git.fc19
ibus-1.5.5-1.fc19
jFormatString-0-0.14.20131227git.fc19
keepalived-1.2.10-1.fc19
knot-1.4.1-1.fc19
libinfinity-0.5.5-1.fc19
mediawiki-1.21.4-1.fc19
nodejs-grunt-cli-0.1.11-1.fc19
nodejs-joosex-simplerequest-0.2.2-4.fc19
open-sans-fonts-1.10-1.fc19
openscap-1.0.3-1.fc19
php-pecl-rrd-1.1.2-1.fc19
puppet-3.4.2-1.fc19
python-argcomplete-0.6.7-1.fc19
python-argcomplete-0.6.7-2.fc19
python-patsy-0.2.1-2.fc19
qt-4.8.5-14.fc19
qt3-3.3.8b-56.fc19
qt5-qtbase-5.2.0-4.fc19
qtchooser-39-1.fc19
sddm-kcm-0-0.2.20140114gitfe615f21.fc19
srm-1.2.12-1.fc19
will-crash-0.6-1.fc19
Details about builds:
================================================================================
NLopt-2.4.1-5.fc19 (FEDORA-2014-0820)
Open-Source library for nonlinear optimization
--------------------------------------------------------------------------------
Update Information:
fixed description-file for octave-NLopt (#1048510) * fixed nlopt.pc to reflect the correct lib to link against
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Björn Esser <bjoern.esser at gmail.com> - 2.4.1-5
- fixed description-file for octave-NLopt (#1048510)
* Tue Jan 14 2014 Björn Esser <bjoern.esser at gmail.com> - 2.4.1-4
- fixed nlopt.pc to reflect the correct lib to link against
* Sat Dec 28 2013 Kevin Fenzi <kevin at scrye.com> - 2.4.1-3
- Rebuild to fix broken deps
* Sat Dec 28 2013 Björn Esser <bjoern.esser at gmail.com> - 2.4.1-2
- rebuild for octave-3.8.0-rc2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1048510 - octave-NLopt install errors
https://bugzilla.redhat.com/show_bug.cgi?id=1048510
--------------------------------------------------------------------------------
================================================================================
bind-9.9.3-14.P2.fc19 (FEDORA-2014-0858)
The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
--------------------------------------------------------------------------------
Update Information:
Fixed CVE-2014-0591.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Tomas Hozza <thozza at redhat.com> 32:9.9.3-14.P2
- Fix CVE-2014-0591
* Thu Nov 28 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-13.P2
- Fixed memory leak in nsupdate if 'realm' was used multiple times (#984687)
* Thu Oct 31 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-12.P2
- Correct the upstream patch for #794940
* Wed Oct 30 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-11.P2
- Use upstream version of patch for previously fixed #794940
- Create symlink /var/named/chroot/var/run -> /var/named/chroot/run
- Added session-keyfile statement into default named.conf since we use /run/named
* Fri Oct 18 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-10.P2
- Fix race condition on send buffers in dighost.c (#794940)
* Tue Oct 8 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-9.P2
- install isc/errno2result.h header
* Tue Sep 10 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-8.P2
- Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack
* Fri Aug 16 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-7.P2
- Don't generate rndc.key if there exists rndc.conf
* Fri Aug 16 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-6.P2
- don't install named-sdb.service if SDB macro is defined to zero
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1051717 - CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones
https://bugzilla.redhat.com/show_bug.cgi?id=1051717
--------------------------------------------------------------------------------
================================================================================
corosync-2.3.3-1.fc19 (FEDORA-2014-0801)
The Corosync Cluster Engine and Application Programming Interfaces
--------------------------------------------------------------------------------
Update Information:
This update improves stability and addresses several bugs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Jan Friesse <jfriesse at redhat.com> - 2.3.3-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
cpuid-20140112-1.fc19 (FEDORA-2014-0848)
Dumps information about the CPU(s)
--------------------------------------------------------------------------------
Update Information:
* Tue Jan 14 2014 Fabian Affolter <mail at fabian-affolter.ch> - 20140114-1
- Update to new upstream version 20130114
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Fabian Affolter <mail at fabian-affolter.ch> - 20140114-1
- Update to new upstream version 20130114
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20130610-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
duplicity-0.6.22-4.fc19 (FEDORA-2014-0823)
Encrypted bandwidth-efficient backup using rsync algorithm
--------------------------------------------------------------------------------
Update Information:
Added runtime requirement to python-dropbox
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2014 Rahul Sundaram <sundaram at fedoraproject.org> - 0.6.22-4
- Added runtime requirement to python-dropbox (#1048656)
* Fri Dec 27 2013 Rahul Sundaram <sundaram at fedoraproject.org> - 0.6.22-3
- Fix ssl cert enforcement (rhbz#960860)
- Fix bogus date in changelog
* Thu Dec 26 2013 Robert Scheck <robert at fedoraproject.org> 0.6.22-2
- Added runtime requirement to python-paramiko (#819272, #918933)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1048656 - duplicity prints a non-fatal error message
https://bugzilla.redhat.com/show_bug.cgi?id=1048656
--------------------------------------------------------------------------------
================================================================================
findbugs-bcel-5.3-0.2.20130910svn1521566.fc19 (FEDORA-2014-0837)
Byte Code Engineering Library for FindBugs
--------------------------------------------------------------------------------
Update Information:
Added Maven depmap
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2014 Marek Goldmann <mgoldman at redhat.com> - 5.3-0.2.20130910svn1521566
- Add com.google.code.findbugs:bcel Maven mapping, RHBZ#1052087
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1052087 - findbugs-bcel: Add com.google.code.findbugs:bcel Maven mapping
https://bugzilla.redhat.com/show_bug.cgi?id=1052087
--------------------------------------------------------------------------------
================================================================================
fswebcam-20140113-1.fc19 (FEDORA-2014-0793)
Tiny and flexible webcam program
--------------------------------------------------------------------------------
Update Information:
* Tue Jan 14 2014 Fabian Affolter <mail at fabian-affolter.ch> - 20140113-1
- Update to new upstream version 20140113
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Fabian Affolter <mail at fabian-affolter.ch> - 20140113-1
- Update to new upstream version 20140113
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20110717-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jun 26 2013 Fabian Affolter <mail at fabian-affolter.ch> - 20110717-6
- Spec file updated
* Tue Jun 11 2013 Remi Collet <rcollet at redhat.com> - 20110717-5
- Rebuild for new GD 2.1.0
--------------------------------------------------------------------------------
================================================================================
gnome-commander-1.2.8.17-1.fc19 (FEDORA-2014-0830)
A nice and fast file manager for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
New version 1.2.8.17 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Mamoru TASAKA <mtasaka at fedoraproject.org> - 4:1.2.8.17-1
- Update to 1.2.8.17
* Thu Dec 26 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 4:1.2.8.16-1
- Update to 1.2.8.16
--------------------------------------------------------------------------------
================================================================================
google-android-emoji-fonts-1.01-0.1.20120228git.fc19 (FEDORA-2014-0863)
Android Emoji font released by Google
--------------------------------------------------------------------------------
Update Information:
New package, Android Emoji font released by Google.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1049076 - Review Request: google-android-emoji-fonts - Android Emoji font released by Google
https://bugzilla.redhat.com/show_bug.cgi?id=1049076
--------------------------------------------------------------------------------
================================================================================
ibus-1.5.5-1.fc19 (FEDORA-2014-0847)
Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:
This release includes bug fixes and features. Each bug description explains itself.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Takao Fujiwara <tfujiwar at redhat.com> - 1.5.5-1
- Bumped to 1.5.5
- Deleted notify-python in Requires
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1013651 - fi_FI compose keys not working with ibus
https://bugzilla.redhat.com/show_bug.cgi?id=1013651
[ 2 ] Bug #1037999 - [abrt] ibus-1.5.4-2.fc20: panel_switch_engine: Process /usr/libexec/ibus-ui-gtk3 was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=1037999
[ 3 ] Bug #1047833 - ibus compose/candidates windows placement needs to be more intelligent
https://bugzilla.redhat.com/show_bug.cgi?id=1047833
[ 4 ] Bug #1050817 - ibus should no longer require notify-python
https://bugzilla.redhat.com/show_bug.cgi?id=1050817
--------------------------------------------------------------------------------
================================================================================
jFormatString-0-0.14.20131227git.fc19 (FEDORA-2014-0783)
Java format string compile-time checker
--------------------------------------------------------------------------------
Update Information:
Added Maven depmap
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2014 Marek Goldmann <mgoldman at redhat.com> - 0-0.14.20131227git
- Add com.google.code.findbugs:jFormatString Maven mapping, RHBZ#1052089
* Fri Dec 27 2013 Richard Fearn <richardfearn at gmail.com> - 0-0.13.20131227git
- Bump release after fixing incoherent-version-in-changelog rpmlint warning
* Fri Dec 27 2013 Richard Fearn <richardfearn at gmail.com> - 0-0.12.20131227git
- Build using source from new Google Code j-format-string project
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1052089 - jFormatString: Add com.google.code.findbugs:jFormatString Maven mapping
https://bugzilla.redhat.com/show_bug.cgi?id=1052089
--------------------------------------------------------------------------------
================================================================================
keepalived-1.2.10-1.fc19 (FEDORA-2014-0856)
High Availability monitor built upon LVS, VRRP and service pollers
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2.10.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2014 Ryan O'Hara <rohara at redhat.com> - 1.2.10-1
- Update to 1.2.10.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1048443 - keepalived-1.2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1048443
--------------------------------------------------------------------------------
================================================================================
knot-1.4.1-1.fc19 (FEDORA-2014-0827)
An authoritative DNS daemon
--------------------------------------------------------------------------------
Update Information:
update to new upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2014 Jan Vcelak <jvcelak at fedoraproject.org> 1.4.1-1
- update to 1.4.1
--------------------------------------------------------------------------------
================================================================================
libinfinity-0.5.5-1.fc19 (FEDORA-2014-0797)
Library implementing the infinote protocol
--------------------------------------------------------------------------------
Update Information:
* Fix a crash in infinoted when nmap scans the infinote port (Rainer Rehak).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2014 Till Maas <opensource at till.name> - 0.5.5-1
- Update to new release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1052396 - libinfinity-0.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1052396
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.21.4-1.fc19 (FEDORA-2014-0803)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
- Update to 1.21.4
- (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads
- (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
- (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles
- (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads
- (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Patrick Uiterwijk <puiterwijk at redhat.com> - 1.21.4-1
- Security update to 1.19.10
- (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads
- (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
- (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles
- (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads
- (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1052874 - New mediawiki security releases have been released
https://bugzilla.redhat.com/show_bug.cgi?id=1052874
--------------------------------------------------------------------------------
================================================================================
nodejs-grunt-cli-0.1.11-1.fc19 (FEDORA-2014-0782)
Command-line interface for Grunt, the JavaScript testing framework
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #977122 - Review Request: nodejs-grunt-cli - The grunt command-line interface
https://bugzilla.redhat.com/show_bug.cgi?id=977122
--------------------------------------------------------------------------------
================================================================================
nodejs-joosex-simplerequest-0.2.2-4.fc19 (FEDORA-2014-0809)
Simple XHR request abstraction for Node.js
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #968604 - Review Request: nodejs-joosex-simplerequest - Simple XHR request abstraction for Node.js
https://bugzilla.redhat.com/show_bug.cgi?id=968604
--------------------------------------------------------------------------------
================================================================================
open-sans-fonts-1.10-1.fc19 (FEDORA-2014-0812)
Open Sans is a humanist sans-serif typeface designed by Steve Matteson
--------------------------------------------------------------------------------
Update Information:
Open Sans is a humanist sans serif typeface designed by Steve Matteson, Type Director of Ascender Corp. This version contains the complete 897 character set, which includes the standard ISO Latin 1, Latin CE, Greek and Cyrillic character sets. Open Sans was designed with an upright stress, open forms and a neutral, yet friendly appearance. It was optimized for print, web, and mobile interfaces, and has excellent legibility characteristics in its letter forms.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035897 - Review Request: open-sans-fonts - a humanist sans-serif typeface
https://bugzilla.redhat.com/show_bug.cgi?id=1035897
--------------------------------------------------------------------------------
================================================================================
openscap-1.0.3-1.fc19 (FEDORA-2014-0849)
Set of open source libraries enabling integration of the SCAP line of standards
--------------------------------------------------------------------------------
Update Information:
OpenSCAP 1.0.3 brings minor bug fixes.
Update to new upstream release: OpenSCAP 1.0.2. Vast majority of the changes are bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Šimon Lukašík <slukasik at redhat.com> - 1.0.3-1
- upgrade
- This upstream release addresses: #1052142
* Fri Jan 10 2014 Šimon Lukašík <slukasik at redhat.com> - 1.0.2-1
- upgrade
- This upstream release addresses: #1018291, #1029879, #1026833
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1052142 - partition_test fails with huge values in *space* system data
https://bugzilla.redhat.com/show_bug.cgi?id=1052142
--------------------------------------------------------------------------------
================================================================================
php-pecl-rrd-1.1.2-1.fc19 (FEDORA-2014-0805)
PHP Bindings for rrdtool
--------------------------------------------------------------------------------
Update Information:
Upstream changelog:
* closing connection to rrd caching daemon #66088
* better documentation for RRDGraph::setOptions #65756
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Remi Collet <remi at fedoraproject.org> - 1.1.2-1
- Update to 1.1.2 (stable)
- install doc in pecl doc_dir
- install tests in pecl test_dir
- add conditional build of ZTS extension
--------------------------------------------------------------------------------
================================================================================
puppet-3.4.2-1.fc19 (FEDORA-2014-0850)
A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
Update to 3.4.2 to mitigate CVE-2013-4969
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Sam Kottler <skottler at fedoraproject.org> - 3.4.2-1
- Update to 3.4.2 to mitigate CVE-2013-4969 (BZ#1047792)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1047792 - CVE-2013-4969 Puppet: Unsafe use of Temp files in File type [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1047792
--------------------------------------------------------------------------------
================================================================================
python-argcomplete-0.6.7-1.fc19 (FEDORA-2014-0816)
Bash tab completion for argparse
--------------------------------------------------------------------------------
Update Information:
Applying latest patch (0.6.7) of argcomplete.
Pushing new build for update as previous was not picked up.
--------------------------------------------------------------------------------
================================================================================
python-argcomplete-0.6.7-2.fc19 (FEDORA-2014-0784)
Bash tab completion for argparse
--------------------------------------------------------------------------------
Update Information:
Removing '%exclude %{python_sitelib}/test' fom %files as no longer needed.
--------------------------------------------------------------------------------
================================================================================
python-patsy-0.2.1-2.fc19 (FEDORA-2014-0804)
Describing statistical models in Python using symbolic formulas
--------------------------------------------------------------------------------
Update Information:
A Python package for describing statistical models and for building design matrices.
--------------------------------------------------------------------------------
================================================================================
qt-4.8.5-14.fc19 (FEDORA-2013-22932)
Qt toolkit
--------------------------------------------------------------------------------
Update Information:
Qt Project Security Advisory: XML Entity Expansion Denial of Service (CVE-2013-4549)
See also http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
In addition, this update:
* adds support for discovering printers shared by CUPS 1.6,
* adds support for the aarch64 architecture,
* fixes QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),
* fixes QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.8.5-14
- fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
- fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
* Mon Dec 23 2013 Peter Robinson <pbrobinson at fedoraproject.org> 4.8.5-13
- Add support for aarch64 (#1046360)
* Thu Dec 5 2013 Rex Dieter <rdieter at fedoraproject.org> 4.8.5-12
- XML Entity Expansion Denial of Service (CVE-2013-4549)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #980952 - RFE: Discover printers shared by CUPS 1.6
https://bugzilla.redhat.com/show_bug.cgi?id=980952
--------------------------------------------------------------------------------
================================================================================
qt3-3.3.8b-56.fc19 (FEDORA-2013-22883)
The shared library for the Qt 3 GUI toolkit
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2013-4549 (XML Entity Expansion Denial of Service) in Qt 3. See the Qt Project Security Advisory
for details: http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
In addition, this update fixes:
* QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),
* QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded,
* some minor format string abuse that was probably not exploitable (most instances definitely weren't).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.3.8b-56
- work around -Werror=format-security false positives (#1037297)
* Mon Jan 13 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.3.8b-55
- fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
- fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
* Thu Dec 5 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.3.8b-54
- backport CVE-2013-4549 fix from Qt 4
* Tue Aug 27 2013 Rex Dieter <rdieter at fedoraproject.org> 3.3.8b-53
- trim changelog
* Tue Aug 27 2013 Rex Dieter <rdieter at fedoraproject.org> 3.3.8b-52
- strip extraneous libs from .pc/.prl files
- -devel: due to ^^, drop non-X11-related deps too
* Mon Aug 26 2013 Jon Ciesla <limburgher at gmail.com> - 3.3.8b-51
- libmng rebuild.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.8b-50
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar at redhat.com> - 3.3.8b-49
- Perl 5.18 rebuild
* Thu Apr 25 2013 Than Ngo <than at redhat.com> - 3.3.8b-48
- build with -fno-strict-aliasing
- drop deprecated Encoding
--------------------------------------------------------------------------------
================================================================================
qt5-qtbase-5.2.0-4.fc19 (FEDORA-2014-0853)
Qt5 - QtBase components
--------------------------------------------------------------------------------
Update Information:
This update fixes:
* building against QtSql, by requiring all the SQL plugins in qt5-qtbase-devel so they are detected at build time,
* QTBUG-35459, a too low character limit for XML entities enforced by the recent fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),
* QTBUG-35460, a misspelling in the error message produced by the recent CVE-2013-4549 fix when the character limit for XML entities was exceeded.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 13 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> - 5.2.0-4
- fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
- fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
- reenable docs on Fedora (accidentally disabled)
* Mon Jan 13 2014 Rex Dieter <rdieter at fedoraproject.org> - 5.2.0-3
- move sql build deps into subpkg sections
- macro'ize ibase,tds support (disabled on rhel)
* Thu Jan 2 2014 Rex Dieter <rdieter at fedoraproject.org> 5.2.0-2
- -devel: qtsql apparently wants all drivers available at buildtime
--------------------------------------------------------------------------------
================================================================================
qtchooser-39-1.fc19 (FEDORA-2014-0794)
Qt Chooser
--------------------------------------------------------------------------------
Update Information:
Qt Chooser provides a wrapper to switch between versions of Qt development binaries when multiple versions like 4 and 5 are installed or local Qt builds are to be used.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #895149 - Review Request: qtchooser - Qt Chooser
https://bugzilla.redhat.com/show_bug.cgi?id=895149
--------------------------------------------------------------------------------
================================================================================
sddm-kcm-0-0.2.20140114gitfe615f21.fc19 (FEDORA-2014-0802)
SDDM KDE configuration module
--------------------------------------------------------------------------------
Update Information:
Updated to the latest upstream commit. Fixes theme display
New package
--------------------------------------------------------------------------------
================================================================================
srm-1.2.12-1.fc19 (FEDORA-2014-0845)
Secure file deletion
--------------------------------------------------------------------------------
Update Information:
* Tue Jan 14 2014 Fabian Affolter <mail at fabian-affolter.ch> - 1.2.12-1
- Update to new upstream version 1.2.12
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Fabian Affolter <mail at fabian-affolter.ch> - 1.2.12-1
- Update to new upstream version 1.2.12
* Sat Sep 7 2013 Fabian Affolter <mail at fabian-affolter.ch> - 1.2.11-8
- Spec file update
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.11-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
will-crash-0.6-1.fc19 (FEDORA-2014-0785)
Set of crashing executables written in various languages
--------------------------------------------------------------------------------
Update Information:
Version bump
New version 0.5
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Richard Marko <rmarko at fedoraproject.org> - 0.6-1
- Version bump
- added will_cpp_segfault
- reworked will_segfault to produce more stack frames
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri May 3 2013 Jiri Moskovcak <jmoskovc at redhat.com> 0.5-1
- new upstream release - 0.5
- added will_oops
--------------------------------------------------------------------------------
More information about the test
mailing list