Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat Nov 22 12:47:09 UTC 2014
The following Fedora 20 Security updates need testing:
Age URL
50 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2014-14791/mariadb-galera-5.5.40-2.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2014-15108/mantis-1.2.17-4.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2014-14963/avr-binutils-2.24-3.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2014-15102/moodle-2.5.9-1.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2014-14833/arm-none-eabi-binutils-cs-2014.05.28-3.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2014-15130/kwebkitpart-1.3.4-5.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2014-15244/wireshark-1.10.11-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2014-15266/python-django14-1.4.16-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-15393/lsyncd-2.1.4-4.fc20.1
2 https://admin.fedoraproject.org/updates/FEDORA-2014-15379/nodejs-0.10.33-1.fc20,libuv-0.10.29-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-15394/erlang-R16B-03.9.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-15464/python-eyed3-0.7.4-4.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15521/xen-4.3.3-5.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15541/tcpdump-4.5.1-2.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15519/drupal6-6.34-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15528/drupal7-7.34-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15538/phpMyAdmin-4.2.12-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15532/kde-runtime-4.14.3-2.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15507/wordpress-4.0.1-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
8 https://admin.fedoraproject.org/updates/FEDORA-2014-15054/perl-Pod-Usage-1.64-2.fc20,perl-Pod-Checker-1.60-292.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2014-14798/device-mapper-persistent-data-0.4.1-2.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2014-14964/libtdb-1.3.1-1.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2014-14861/libpipeline-1.2.4-3.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2014-15120/dosfstools-3.0.27-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2014-15326/pycairo-1.10.0-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15552/selinux-policy-3.12.1-195.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15523/gdb-7.7.1-22.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15533/ca-certificates-2014.2.1-1.5.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-15501/v4l-utils-1.6.0-2.fc20
The following builds have been pushed to Fedora 20 updates-testing
ampr-ripd-1.13-1.fc20
ca-certificates-2014.2.1-1.5.fc20
clementine-1.2.3-2.fc20
dnf-langpacks-0.5.1-1.fc20
drupal6-6.34-1.fc20
drupal7-7.34-1.fc20
edg-mkgridmap-4.0.0-8.fc20
gdb-7.7.1-22.fc20
golang-github-emicklei-go-restful-0-0.1.gitad99b12.fc20
golang-github-vishvananda-netlink-0-0.1.git2187ba6.fc20
golang-github-vishvananda-netns-0-0.1.gite14a2d4.fc20
gr-rds-0-0.4.20141117gitff1ca15.fc20
kde-runtime-4.14.3-2.fc20
libechonest-2.3.0-1.fc20
lucene++-3.0.6-1.fc20
mate-themes-1.9.2-1.fc20
nano-2.3.2-5.fc20
nodejs-filelist-0.0.3-1.fc20
nodejs-json-localizer-0.0.2-1.fc20
openvpn-2.3.2-7.fc20
packagedb-cli-2.6-1.fc20
perl-Data-Munge-0.091-1.fc20
perl-File-ConfigDir-0.014-1.fc20
perl-HTML-Mason-1.56-1.fc20
perl-Net-SMTPS-0.04-1.fc20
perl-Sub-Exporter-ForMethods-0.100051-1.fc20
php-5.5.19-3.fc20
php-psr-http-message-0.5.1-1.fc20
php-symfony-2.5.7-1.fc20
phpMyAdmin-4.2.12-1.fc20
pidgin-2.10.10-3.fc20
privoxy-3.0.22-1.fc20
python-copr-1.54-1.fc20
python-docker-py-0.6.0-1.fc20
python-fedmsg-meta-fedora-infrastructure-0.3.6-1.fc20
qpid-dispatch-0.2-9.fc20
selinux-policy-3.12.1-195.fc20
tcpdump-4.5.1-2.fc20
tomahawk-0.8.2-1.fc20
tzdata-2014j-1.fc20
v4l-utils-1.6.0-2.fc20
vtun-3.0.3-10.fc20
websocketpp-0.4.0-2.fc20
wmx-8-1.fc20
wordpress-4.0.1-1.fc20
xen-4.3.3-5.fc20
xfce4-systemload-plugin-1.1.2-1.fc20
xscreensaver-5.32-1.fc20
Details about builds:
================================================================================
ampr-ripd-1.13-1.fc20 (FEDORA-2014-15551)
Routing daemon for the ampr network
--------------------------------------------------------------------------------
Update Information:
This is new version fixing bugs and adding new features, for details see upstream changelog: http://www.yo2loj.ro/hamprojects/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Jaroslav Škarvada <jskarvad at redhat.com> - 1.13-1
- New version
Resolves: rhbz#1166335
- Updated pidfile patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166335 - ampr-ripd-1.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1166335
--------------------------------------------------------------------------------
================================================================================
ca-certificates-2014.2.1-1.5.fc20 (FEDORA-2014-15533)
The Mozilla CA root certificate bundle
--------------------------------------------------------------------------------
Update Information:
This is an update to CA certificates version 2.1, as released by Mozilla in NSS versions 3.16.4 and 3.17.
Several CA certificates with a weak key size of 1024-bits have been removed by Mozilla, prior to their expiration. (It is expected that additional CA certificates with weak 1024-bit keys will be removed in future releases.)
Unfortunately we see issues with software that uses OpenSSL/GnuTLS after these removals with many popular web sites. The issue (or one out of several possible issues) is that web sites may be configured to send multiple intermediate CA certificates, intended for maximum compatibility with client software. One intermediate points to one of the removed CA certificates, and another intermediate points to a newer root. The problem is that OpenSSL/GnuTLS don't search for an alternative trusted root, after being unable to construct a trust chain for the topmost intermediate CA certificate sent by the servers.
In order to allow more time to implement enhancements or workarounds, the CA-certificates package will keep trust for the related root CA certificates, by default. See rhbz#1144808 for additional information. The related upstream bugs are: https://bugzilla.mozilla.org/show_bug.cgi?id=936304 https://bugzilla.mozilla.org/show_bug.cgi?id=986005
In addition, this update introduces the ca-legacy utility and a ca-legacy.conf configuration file. Using the new ca-legacy utility, it is possible to opt-in to disable the trust for the legacy root CA certificates, by executing the command "ca-legacy disable".
If disabled, the system will use the trust set as provided by the upstream Mozilla CA list, and as a consequence software based on OpenSSL/GnuTLS might fail to validate affected certificates. (See also: rhbz#1158197)
More information about the affected CA certificates and other recent modifications can be found in the upstream NSS release notes for version 3.16.3 at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes with amendments to the changes as explained in the NSS release notes for version 3.16.4 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.4_release_notes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Kai Engert <kaie at redhat.com> - 2014.2.1-1.5
- Introduce the ca-legacy utility and a ca-legacy.conf configuration file.
By default, legacy roots required for OpenSSL/GnuTLS compatibility
are kept enabled. Using the ca-legacy utility, the legacy roots can be
disabled. If disabled, the system will use the trust set as provided
by the upstream Mozilla CA list. (See also: rhbz#1158197)
- Includes the fixes for rhbz#1158343
* Sun Sep 21 2014 Kai Engert <kaie at redhat.com> - 2014.2.1-1.1
- Temporarily re-enable several legacy root CA certificates because of
compatibility issues with software based on OpenSSL/GnuTLS,
see rhbz#1144808
* Thu Aug 14 2014 Kai Engert <kaie at redhat.com> - 2014.2.1-1.0
- Update to CKBI 2.1 from NSS 3.16.4
- Fix rhbz#1130226
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1158197 - Allow disabling of legacy root CA certificates as a system configuration
https://bugzilla.redhat.com/show_bug.cgi?id=1158197
[ 2 ] Bug #1130226 - Ensure neutral-trust CA certificates will be loaded by p11-kit-trust
https://bugzilla.redhat.com/show_bug.cgi?id=1130226
--------------------------------------------------------------------------------
================================================================================
clementine-1.2.3-2.fc20 (FEDORA-2014-15472)
A music player and library organizer
--------------------------------------------------------------------------------
Update Information:
New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2014 Rex Dieter <rdieter at fedoraproject.org> 1.2.3-2
- rebuild (libechonest)
--------------------------------------------------------------------------------
================================================================================
dnf-langpacks-0.5.1-1.fc20 (FEDORA-2014-15524)
Langpacks plugin for dnf
--------------------------------------------------------------------------------
Update Information:
update to 0.5.1 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Parag Nemade <pnemade AT redhat DOT com> - 0.5.1-1
- update to 0.5.1 release
* Sun Oct 12 2014 Parag Nemade <pnemade AT redhat DOT com> - 0.5.0-1
- update to 0.5.0 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166342 - dnf-langpacks-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1166342
--------------------------------------------------------------------------------
================================================================================
drupal6-6.34-1.fc20 (FEDORA-2014-15519)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/SA-CORE-2014-006
* Update to Drupal 6.
* Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher at gmail.com> - 6.34-1
- 6.34, DRUPAL-SA-CORE-2014-006
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166100
[ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1127539
[ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166246
[ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166247
--------------------------------------------------------------------------------
================================================================================
drupal7-7.34-1.fc20 (FEDORA-2014-15528)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/SA-CORE-2014-006
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher at gmail.com> - 7.34-1
- 7.34, DRUPAL-SA-CORE-2014-006.
* Tue Nov 11 2014 Peter Borsa <peter.borsa at gmail.com> - 7.33-1
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166101
[ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166249
[ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1166250
--------------------------------------------------------------------------------
================================================================================
edg-mkgridmap-4.0.0-8.fc20 (FEDORA-2014-15540)
A tool to build the grid map-file from VO servers
--------------------------------------------------------------------------------
Update Information:
Added missing dependency on "perl(LWP::Protocol::https)"
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 4.0.0-8
- Added Requires perl(LWP::Protocol::https)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.0.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165991 - edg-mkgridmap missing dependency
https://bugzilla.redhat.com/show_bug.cgi?id=1165991
--------------------------------------------------------------------------------
================================================================================
gdb-7.7.1-22.fc20 (FEDORA-2014-15523)
A GNU source-level debugger for C, C++, Fortran, Go and other languages
--------------------------------------------------------------------------------
Update Information:
This fix makes the GDB RPM aware of the /usr/include/gdb directory, which is created during the RPM installation.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Sergio Durigan Junior <sergiodj at redhat.com> - 7.7.1-22.fc20
- Fix 'Unowned dir /usr/include/gdb/' (RH BZ 1164991).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164991 - Unowned dir /usr/include/gdb/
https://bugzilla.redhat.com/show_bug.cgi?id=1164991
--------------------------------------------------------------------------------
================================================================================
golang-github-emicklei-go-restful-0-0.1.gitad99b12.fc20 (FEDORA-2014-15496)
Package for building REST-style Web Services using Google Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164152 - Review Request: golang-github-emicklei-go-restful - Package for building REST-style Web Services using Google Go
https://bugzilla.redhat.com/show_bug.cgi?id=1164152
--------------------------------------------------------------------------------
================================================================================
golang-github-vishvananda-netlink-0-0.1.git2187ba6.fc20 (FEDORA-2014-15518)
Simple netlink library for go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164176 - Review Request: golang-github-vishvananda-netlink - Simple netlink library for go
https://bugzilla.redhat.com/show_bug.cgi?id=1164176
--------------------------------------------------------------------------------
================================================================================
golang-github-vishvananda-netns-0-0.1.gite14a2d4.fc20 (FEDORA-2014-15527)
Simple network namespace handling for go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164170 - Review Request: golang-github-vishvananda-netns - Simple network namespace handling for go
https://bugzilla.redhat.com/show_bug.cgi?id=1164170
--------------------------------------------------------------------------------
================================================================================
gr-rds-0-0.4.20141117gitff1ca15.fc20 (FEDORA-2014-15513)
GNU Radio FM RDS Receiver
--------------------------------------------------------------------------------
Update Information:
new package
--------------------------------------------------------------------------------
================================================================================
kde-runtime-4.14.3-2.fc20 (FEDORA-2014-15532)
KDE Runtime
--------------------------------------------------------------------------------
Update Information:
New security fix release, insufficient Input Validation By IO Slaves, see also https://www.kde.org/info/security/advisory-20141113-1.txt
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 17 2014 Than Ngo <than at redhat.com> - 4.14.3-2
- fix bz#1164609, CVE-2014-8600, Insufficient Input Validation By IO Slaves
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164293 - CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part
https://bugzilla.redhat.com/show_bug.cgi?id=1164293
--------------------------------------------------------------------------------
================================================================================
libechonest-2.3.0-1.fc20 (FEDORA-2014-15472)
C++ wrapper for the Echo Nest API
--------------------------------------------------------------------------------
Update Information:
New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2014 Rex Dieter <rdieter at fedoraproject.org> 2.3.0-1
- 2.3.0, add -qt5 support
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lucene++-3.0.6-1.fc20 (FEDORA-2014-15472)
A high-performance, full-featured text search engine written in C++
--------------------------------------------------------------------------------
Update Information:
New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------
================================================================================
mate-themes-1.9.2-1.fc20 (FEDORA-2014-15547)
MATE Desktop themes
--------------------------------------------------------------------------------
Update Information:
- update to 1.9.2 release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.9.2-1
- update to 1.9.2 release
--------------------------------------------------------------------------------
================================================================================
nano-2.3.2-5.fc20 (FEDORA-2014-15520)
A small text editor
--------------------------------------------------------------------------------
Update Information:
- fix intermittent crashes with undo/redo (#1166666)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Kamil Dudka <kdudka at redhat.com> - 2.3.2-5
- fix intermittent crashes with undo/redo (#1166666)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166666 - [abrt] nano: delete_node(): nano killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1166666
--------------------------------------------------------------------------------
================================================================================
nodejs-filelist-0.0.3-1.fc20 (FEDORA-2014-15536)
Lazy-evaluating list of files, based on globs or regexes
--------------------------------------------------------------------------------
Update Information:
New node modules - filelist and json-localizer
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164478 - Review Request: nodejs-json-localizer - Utility to localize a JSON object
https://bugzilla.redhat.com/show_bug.cgi?id=1164478
[ 2 ] Bug #1164483 - Review Request: nodejs-filelist - Lazy-evaluating list of files, based on globs or regexes
https://bugzilla.redhat.com/show_bug.cgi?id=1164483
--------------------------------------------------------------------------------
================================================================================
nodejs-json-localizer-0.0.2-1.fc20 (FEDORA-2014-15536)
Utility to localize a JSON object
--------------------------------------------------------------------------------
Update Information:
New node modules - filelist and json-localizer
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164478 - Review Request: nodejs-json-localizer - Utility to localize a JSON object
https://bugzilla.redhat.com/show_bug.cgi?id=1164478
[ 2 ] Bug #1164483 - Review Request: nodejs-filelist - Lazy-evaluating list of files, based on globs or regexes
https://bugzilla.redhat.com/show_bug.cgi?id=1164483
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.2-7.fc20 (FEDORA-2014-15525)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Ralf Corsépius <corsepiu at fedoraproject.org> - 2.3.2-7
- Rework package doc handling (RHBZ #1165004).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165004 - Unowned dir /usr/share/doc/openvpn
https://bugzilla.redhat.com/show_bug.cgi?id=1165004
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-2.6-1.fc20 (FEDORA-2014-15500)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
* Update to packagedb-cli 2.6
* New structure: use the traditional python module structure instead of two python files
* Do one API call for `orphan --retire`
* Prevent user from retiring packages that have no dead.package file
* Add support for obsoleting ACL requests (Stanislav Ochotnicky)
* Enable restricting orphan to a specific user (while specifying more branches)
* Enable restricting give to a specific user (while specifying more branches)
* Let the unorphan action call the unorphan API endpoint
* When listing packages, encode the output as UTF-8 before printing
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Pierre-Yves Chibon <pingou at pingoured.fr> - 2.6-1
- Update to 2.6
- New structure: use the traditional python module structure instead of two
python files
- Do one API call for `orphan --retire`
- Prevent user from retiring packages that have no dead.package file
- Add support for obsoleting ACL requests (Stanislav Ochotnicky)
- Enable restricting orphan to a specific user (while specifying more branches)
- Enable restricting give to a specific user (while specifying more branches)
- Let the unorphan action call the unorphan API endpoint
- When listing packages, encode the output as UTF-8 before printing
--------------------------------------------------------------------------------
================================================================================
perl-Data-Munge-0.091-1.fc20 (FEDORA-2014-15531)
Utility functions for working with perl data structures and code references
--------------------------------------------------------------------------------
Update Information:
Work around regex bug in perls < 5.18 that causes spurious test failures.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 22 2014 David Dick <ddick at cpan.org> - 0.091-1
- Work around regex bug in perls < 5.18 that causes spurious test failures.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166382 - perl-Data-Munge-0.091 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1166382
--------------------------------------------------------------------------------
================================================================================
perl-File-ConfigDir-0.014-1.fc20 (FEDORA-2014-15530)
Get directories of configuration files
--------------------------------------------------------------------------------
Update Information:
Fix typo in pod, update README
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 22 2014 David Dick <ddick at cpan.org> - 0.014-1
- Fix typo in pod, update README
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.013-2
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1163231 - perl-File-ConfigDir-0.014 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1163231
--------------------------------------------------------------------------------
================================================================================
perl-HTML-Mason-1.56-1.fc20 (FEDORA-2014-15511)
Powerful Perl-based web site development and delivery engine
--------------------------------------------------------------------------------
Update Information:
This release restores compatibility with recent CGI Perl module. It also declares all needed dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Petr Pisar <ppisar at redhat.com> - 1:1.56-1
- 1.56 bump
* Sun Mar 2 2014 Ralf Corsépius <corsepiu at fedoraproject.org> - 1:1.54-1
- Upstream update.
- Filter duplicate Requires:.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164460 - perl-HTML-Mason-1.56 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1164460
--------------------------------------------------------------------------------
================================================================================
perl-Net-SMTPS-0.04-1.fc20 (FEDORA-2014-15537)
SSL/STARTTLS support for Net::SMTP
--------------------------------------------------------------------------------
Update Information:
Update to Authen::SASL version requirements
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 22 2014 David Dick <ddick at cpan.org> - 0.04-1
- Update to Authen::SASL version requirements
* Thu Aug 28 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.03-3
- Perl 5.20 rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.03-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1159516 - perl-Net-SMTPS-0.04 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1159516
--------------------------------------------------------------------------------
================================================================================
perl-Sub-Exporter-ForMethods-0.100051-1.fc20 (FEDORA-2014-15546)
Helper routines for using Sub::Exporter to build methods
--------------------------------------------------------------------------------
Update Information:
This release updates upstream's bug tracker and repository contacts.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Petr Pisar <ppisar at redhat.com> - 0.100051-1
- 0.100051 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1163304 - perl-Sub-Exporter-ForMethods-0.100051 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1163304
--------------------------------------------------------------------------------
================================================================================
php-5.5.19-3.fc20 (FEDORA-2014-15061)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
13 Nov 2014, PHP 5.5.19
Core:
* Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()). (Stas)
* Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
* Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk)
* Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). (Dmitry)
Fileinfo:
* Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
* Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) (Remi)
FPM:
* Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses). (Robin Gloster)
GD:
* Fixed bug #65171 (imagescale() fails without height param). (Remi)
GMP:
* Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). (Remi)
Mysqli:
* Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
ODBC:
* Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande)
SPL:
* Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)
CURL:
* Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
Backported from 5.5.20
FPM:
* Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi)
* Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)
* Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)
* Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Remi Collet <remi at fedoraproject.org> 5.5.19-3
- FPM: add upstream patch for https://bugs.php.net/68428
listen.allowed_clients is IPv4 only
- refresh upstream patch for 68421
* Sun Nov 16 2014 Remi Collet <remi at fedoraproject.org> 5.5.19-2
- FPM: add upstream patch for https://bugs.php.net/68421
access.format=R doesn't log ipv6 address
- FPM: add upstream patch for https://bugs.php.net/68420
listen=9000 listens to ipv6 localhost instead of all addresses
- FPM: add upstream patch for https://bugs.php.net/68423
will no longer load all pools
* Thu Nov 13 2014 Remi Collet <remi at fedoraproject.org> 5.5.19-1
- Update to 5.5.19
http://www.php.net/releases/5_5_19.php
- new version of systzdata patch, fix case sensitivity
--------------------------------------------------------------------------------
================================================================================
php-psr-http-message-0.5.1-1.fc20 (FEDORA-2014-15510)
Common interface for HTTP messages (PSR-7)
--------------------------------------------------------------------------------
Update Information:
## 0.5.1
* null is no longer allowed (per the ML; see also php-fig/fig-standards#367).
## 0.5.0
* Refactors MessageInterface to only provide getters.
* MessageInterface now defines getBody() to require that it return a StreamableInterface instance.
* Removes Request and Response interfaces
* Provides server-side interfaces:
* IncomingRequestInterface, which provides accessors for HTTP properties and environment-specific items ($_SERVER, $_GET, $_POST, $_FILES, $_COOKIE, etc), and support for mutable "attributes".
* OutgoingResponseInterface, which provides both accessors and mutators for all HTTP properties.
* Provides client-side interfaces:
* OutgoingRequestInterface, which provides accessors and mutators for all HTTP properties.
* IncomingResponseInterface, which provides accessors for HTTP properties.
* StreamableInterface removes attach().
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 0.5.1-1
- Updated to 0.5.1 (BZ #1163322)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1163322 - php-psr-http-message-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1163322
--------------------------------------------------------------------------------
================================================================================
php-symfony-2.5.7-1.fc20 (FEDORA-2014-15504)
PHP framework for web projects
--------------------------------------------------------------------------------
Update Information:
## 2.5.7 (2014-11-20)
* bug #12525 [Bundle][FrameworkBundle] be smarter when guessing the document root (xabbuh)
* bug #12296 [SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners (rjkip)
* bug #12489 [FrameworkBundle] Fix server run in case the router script does not exist (romainneutron)
* bug #12443 [HttpKernel] Adding support for invokable controllers in the RequestDataCollector (jameshalsall)
* bug #12393 [DependencyInjection] inlined factory not referenced (boekkooi)
* bug #12436 [Filesystem] Fixed case for empty folder (yosmanyga)
* bug #12397 [Routing] fix BC (nicolas-grekas)
* bug #12382 [Routing] removed errors from git (HeinZawHtet)
* bug #12370 [Yaml] improve error message for multiple documents (xabbuh)
* bug #12170 [Form] fix form handling with OPTIONS request method (Tobion)
* bug #12235 [Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns (webmozart)
* bug #12326 [Session] remove invalid hack in session regenerate (Tobion)
* bug #12341 [Kernel] ensure session is saved before sending response (Tobion)
* bug #12329 [Routing] serialize the compiled route to speed things up (Tobion)
* bug #12291 [Form] Fixed usage of "name" variable in form_start block (webmozart)
* bug #12316 Break infinite loop while resolving aliases (chx)
* bug #12313 [Security][listener] change priority of switchuser (aitboudad)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.7-1
- Updated to 2.5.7 (BZ #1166396)
- Added php-composer(egulias/email-validator) dependency
* Sun Nov 2 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.6-2
- Exclude "intl-data" test group instead of removing test files
* Sun Nov 2 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.6-1
- Updated to 2.5.6 (BZ #1157502)
- "php-twig-Twig" dependency updated to "php-composer(twig/twig)"
- Obsoleted php-symfony-icu (data now in intl component)
* Mon Sep 29 2014 Remi Collet <remi at fedoraproject.org> - 2.5.5-1
- update to 2.5.5
- hack PHPUnit autoloader to not use old system symfony
- don't skip any Yaml test
* Wed Sep 3 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.4-1
- Updated to 2.5.4 (CVE-2014-6072, CVE-2014-5245, CVE-2014-4931, CVE-2014-6061,
CVE-2014-5244, BZ #1138285)
- Removed test files from PropertyAccess and Stopwatch components
- Updated skipped tests
* Tue Aug 12 2014 Remi Collet <remi at fedoraproject.org> - 2.5.3-1
- update to 2.5.3
- fix test bootstrap for PHPUnit 4.2
* Sat Jul 19 2014 Remi Collet <remi at fedoraproject.org> - 2.5.2-2
- fix license handling
* Fri Jul 18 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.2-1
- Updated to 2.5.2 (BZ #1100720)
- Added php-composer() virtual provides
- Updated most dependencies to use available php-composer virtual provides
- php-password-compat conditional changed from "0%{?el6}%{?el7}" to
""%{php_version}" < "5.5""
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Apr 30 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.4.4-1
- Updated to 2.4.4 (BZ #1038134)
- Updated Doctrine dependencies
- Sub-pkg phpcompatinfo without Tests directory since they are not pkged
* Mon Feb 17 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.4.2-1
- Updated to 2.4.2 (BZ #1038134)
- Re-enabled tests
- Added expressionlanguage component sub-pkg
- Added provides for security component composer sub-pkgs
* Mon Jan 13 2014 Remi Collet <remi at fedoraproject.org> - 2.3.9-0
- EPEL-7 bootstrap build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166396 - php-symfony-2.5.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1166396
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.2.12-1.fc20 (FEDORA-2014-15538)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.2.12.0 (2014-11-20)
================================
- Blank/white page when JavaScript disabled
- Multi row actions cause full page reloads
- ReferenceError: targeurl is not defined
- Incorrect text/icon display in Tracking report
- Recordset return from procedure display nothing
- Edit dialog for routines is too long for smaller displays
- JavaScript error after moving a column
- Issue with long comments on table columns
- Input field unnecessarily selected on focus
- Exporting selected rows exports all rows of the query
- No insert statement produced in SQL export for queries with alias
- Field disabled when internal relations used
- [security] XSS through exception stack
- [security] Path traversal can lead to leakage of line count
- [security] XSS vulnerability in table print view
- [security] XSS vulnerability in zoom search page
- [security] Path traversal in file inclusion of GIS factory
- [security] XSS in multi submit
- [security] XSS through pma_fontsize cookie
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Robert Scheck <robert at fedoraproject.org> 4.2.12-1
- Upgrade to 4.2.12 (#1166397)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13)
https://bugzilla.redhat.com/show_bug.cgi?id=1166619
[ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14)
https://bugzilla.redhat.com/show_bug.cgi?id=1166626
[ 3 ] Bug #1166634 - CVE-2014-8960 phpMyAdmin: XSS vulnerability in error reporting functionality (PMASA-2014-15)
https://bugzilla.redhat.com/show_bug.cgi?id=1166634
[ 4 ] Bug #1166637 - CVE-2014-8961 phpMyAdmin: leakage of line count of an arbitrary file (PMASA-2014-16)
https://bugzilla.redhat.com/show_bug.cgi?id=1166637
--------------------------------------------------------------------------------
================================================================================
pidgin-2.10.10-3.fc20 (FEDORA-2014-15497)
A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:
Fix: Bump MSN ApplicationID again (#1165066)
Fix: Pidgin 2.10.10 can't connect to MSN (#1165066)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Jan Synáček <jsynacek at redhat.com> - 2.10.10-3
- Fix: Bump MSN ApplicationID again (#1165066)
* Tue Nov 18 2014 Jan Synáček <jsynacek at redhat.com> - 2.10.10-2
- Fix: Pidgin 2.10.10 can't connect to MSN (#1165066)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165066 - Pidgin 2.10.10 can't connect to MSN
https://bugzilla.redhat.com/show_bug.cgi?id=1165066
--------------------------------------------------------------------------------
================================================================================
privoxy-3.0.22-1.fc20 (FEDORA-2014-15512)
Privacy enhancing proxy
--------------------------------------------------------------------------------
Update Information:
Latest upstream bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Jon Ciesla <limburgher at gmail.com> - 3.0.22-1
- Latest upstream, BZ 166398.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0.21-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0.21-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166398 - privoxy-3.0.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1166398
--------------------------------------------------------------------------------
================================================================================
python-copr-1.54-1.fc20 (FEDORA-2014-15514)
Python interface for Copr
--------------------------------------------------------------------------------
Update Information:
update python-copr to 1.54
api enhancement:
- Client constructor accepts kwargs arguments instead of config dict;
- all custom exceptions inherited from CoprException
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Valentin Gologuzov <vgologuz at redhat.com> 1.54-1
- fixed poor decision abou CoprClient constructor, now it accepts
kwargs arguments instead of config dict
* Mon Nov 3 2014 Valentin Gologuzov <vgologuz at redhat.com> 1.53-1
- [python-copr] syntax bugfix
* Mon Nov 3 2014 Valentin Gologuzov <vgologuz at redhat.com> 1.52-1
- [python-copr] removed log config from client
* Tue Oct 7 2014 Valentin Gologuzov <vgologuz at redhat.com> 1.51-1
- [python-copr, cli] test coverage
- [python-copr, cli] updating copr-cli to use python-copr
- [python-copr] minor fixes, added usage examples to docs
--------------------------------------------------------------------------------
================================================================================
python-docker-py-0.6.0-1.fc20 (FEDORA-2014-15534)
An API client for docker written in Python
--------------------------------------------------------------------------------
Update Information:
Resolves: rhbz#1160293 - update to 0.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Lokesh Mandvekar <lsm5 at fedoraproject.org> - 0.6.0-1
- Resolves: rhbz#1160293 - update to 0.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1160293 - python-docker-py-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1160293
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.3.6-1.fc20 (FEDORA-2014-15545)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
New pkgdb conglomerator, new 'hotness' processor. Some bugfixes to fas and mailman messages.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Ralph Bean <rbean at redhat.com> - 0.3.6-1
- Latest upstream with some bugfixes.
- Disable network test with patch.
--------------------------------------------------------------------------------
================================================================================
qpid-dispatch-0.2-9.fc20 (FEDORA-2014-15529)
Dispatch router for Qpid
--------------------------------------------------------------------------------
Update Information:
Fixed a merge issue that resulted in two patches not being applied.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.2-9
- Fixed a merge issue that resulted in two patches not being applied.
- Resolves: BZ#1165691
* Wed Nov 19 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.2-8
- DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage.
- Include systemd service file for EPEL7 packages.
- Brought systemd support up to current Fedora packaging guidelines.
- Resolves: BZ#1165691
- Resolves: BZ#1165681
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165691 - Man page for qdstat.conf is missing
https://bugzilla.redhat.com/show_bug.cgi?id=1165691
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.12.1-195.fc20 (FEDORA-2014-15552)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=594778
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Lukas Vrabec <lvrabec at redhat.com> 3.12.1-195
- Allow all systemd domains to search file systems
- Label sock file charon.vici as ipsec_var_run_t. BZ(1165065)
- Allow mongodb to bind to the mongo port and mongos to run as mongod_t
- Allow networkmanager manage also openvpn sock pid files.
- Allow openvpn to create uuid connections in /var/run/NetworkManager with NM labeling.
- Allow sendmail to create dead.letter. BZ(1165443)
- Allow bumblebee to use nsswitch. BZ(1155339)
* Fri Nov 14 2014 Lukas Vrabec <lvrabec at redhat.com> 3.12.1-194
- New interface dev_rw_uhid_dev
- Allow systemd-logind to mount /run/user/1000 to get gdm working
- Remove label for /var/lib/glpi/ in cron policy. BZ(1033025)
- Allow bluetooth read/write uhid devices. BZ (1161169
- Label /var/log/horizon as an apache log
- Add fixes to allow docker to create more content in tmpfs ,and donaudit reading /proc
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1033025 - Please include policy for GLPI
https://bugzilla.redhat.com/show_bug.cgi?id=1033025
[ 2 ] Bug #1133121 - SELinux is preventing systemd-readahe from read, open access on the directory .
https://bugzilla.redhat.com/show_bug.cgi?id=1133121
[ 3 ] Bug #1165443 - SELinux is preventing /usr/sbin/ssmtp from 'create' accesses on the file .
https://bugzilla.redhat.com/show_bug.cgi?id=1165443
--------------------------------------------------------------------------------
================================================================================
tcpdump-4.5.1-2.fc20 (FEDORA-2014-15541)
A network traffic monitoring tool
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-8767 CVE-2014-8768 CVE-2014-8769
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Michal Sekletar <msekleta at redhat.com> - 14:4.5.1-2
- fix for CVE-2014-8767 (#1165160)
- fix for CVE-2014-8768 (#1165161)
- fix for CVE-2014-8768 (#1165162)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165160 - CVE-2014-8767 tcpdump: denial of service in verbose mode using malformed OLSR payload
https://bugzilla.redhat.com/show_bug.cgi?id=1165160
[ 2 ] Bug #1165161 - CVE-2014-8768 tcpdump: denial of service in verbose mode using malformed Geonet payload
https://bugzilla.redhat.com/show_bug.cgi?id=1165161
[ 3 ] Bug #1165162 - CVE-2014-8769 tcpdump: unreliable output using malformed AOVD payload
https://bugzilla.redhat.com/show_bug.cgi?id=1165162
--------------------------------------------------------------------------------
================================================================================
tomahawk-0.8.2-1.fc20 (FEDORA-2014-15472)
The Social Media Player
--------------------------------------------------------------------------------
Update Information:
New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Rex Dieter <rdieter at fedoraproject.org> 0.8.2-1
- tomahawk-0.8.2 (#1166418)
* Tue Nov 18 2014 Rex Dieter <rdieter at fedoraproject.org> 0.8.1-1
- tomahawk-0.8.1 (#1154274)
* Wed Nov 5 2014 Rex Dieter <rdieter at fedoraproject.org> 0.7.0-12
- rebuild (libechonest)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.7.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 28 2014 Rex Dieter <rdieter at fedoraproject.org> 0.7.0-10
- expclitly disable breakpad,crashreporter for aarch64 too
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.7.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 23 2014 Petr Machata <pmachata at redhat.com> - 0.7.0-8
- Rebuild for boost 1.55.0
* Tue May 13 2014 Rex Dieter <rdieter at fedoraproject.org> 0.7.0-7
- rebuild (jreen)
* Wed Mar 19 2014 Ville Skyttä <ville.skytta at iki.fi> - 0.7.0-6
- Use system qxt instead of bundled one
--------------------------------------------------------------------------------
================================================================================
tzdata-2014j-1.fc20 (FEDORA-2014-15543)
Timezone data
--------------------------------------------------------------------------------
Update Information:
Rebase to 2014j
- Turks & Caicos' switch from US eastern time to UTC-4 year-round
did not occur on 2014-11-02 at 02:00. It's currently scheduled
for 2015-11-01 at 02:00.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2014 Patsy Franklin <pfrankli at redhat.com> - 2014j-1
- Rebase to 2014j
- Turks & Caicos' switch from US eastern time to UTC-4 year-round
did not occur on 2014-11-02 at 02:00. It's currently scheduled
for 2015-11-01 at 02:00.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1163352 - tzdata-2014j is available
https://bugzilla.redhat.com/show_bug.cgi?id=1163352
--------------------------------------------------------------------------------
================================================================================
v4l-utils-1.6.0-2.fc20 (FEDORA-2014-15501)
Utilities for video4linux and DVB devices
--------------------------------------------------------------------------------
Update Information:
- Fix crash when decoding 1920x1080 jpeg to YUV420
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Hans de Goede <hdegoede at redhat.com> - 1.6.0-2
- Fix crash when decoding 1920x1080 jpeg to YUV420
* Sun Oct 5 2014 Mauro Carvalho Chehab - 1.6.0-1
- Upgrade to version 1.6.0
* Mon Sep 8 2014 Mauro Carvalho Chehab - 1.4.0-1
- Upgrade to version 1.4.0
* Fri Aug 22 2014 Mauro Carvalho Chehab - 1.2.1-3
- Add ALSA support on qv4l2 and fix a couple issues at spec file
* Thu Aug 21 2014 Mauro Carvalho Chehab - 1.2.1-2
- Update to version 1.2.1 and add package for libdvbv5
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
vtun-3.0.3-10.fc20 (FEDORA-2014-15554)
Virtual tunnel over TCP/IP networks
--------------------------------------------------------------------------------
Update Information:
enhanced service file (-n to prevent daemonizing vtund)
added /etc/sysconfig/vtun environment file; updated unit files
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Gabriel Somlo <somlo at cmu.edu> 3.0.3-10
- enhanced service file (-n to prevent daemonizing vtund)
* Fri Nov 14 2014 Gabriel Somlo <somlo at cmu.edu> 3.0.3-9
- added /etc/sysconfig/vtun environment file
- updated unit files
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
websocketpp-0.4.0-2.fc20 (FEDORA-2014-15472)
C++ WebSocket Protocol Library
--------------------------------------------------------------------------------
Update Information:
New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------
================================================================================
wmx-8-1.fc20 (FEDORA-2014-15544)
A really simple window manager for X
--------------------------------------------------------------------------------
Update Information:
update to version 8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Gabriel Somlo <somlo at cmu.edu> 8-1
- update to 8
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7-14.20120109svn
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7-13.20120109svn
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
wordpress-4.0.1-1.fc20 (FEDORA-2014-15507)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
WordPress 4.0.1 Security Release
See: https://wordpress.org/news/2014/11/wordpress-4-0-1/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Remi Collet <remi at fedoraproject.org> - 4.0.1-1
- WordPress 4.0.1 Security Release
- use system php-getid3 when available #1145574
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release
https://bugzilla.redhat.com/show_bug.cgi?id=1166468
--------------------------------------------------------------------------------
================================================================================
xen-4.3.3-5.fc20 (FEDORA-2014-15521)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
Insufficient restrictions on certain MMU update hypercalls,
Missing privilege level checks in x86 emulation of far branches,
Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't
exploitable from xen
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Michael Young <m.a.young at durham.ac.uk> - 4.3.3-5
- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
[XSA-113] (#1166261)
* Wed Nov 19 2014 Michael Young <m.a.young at durham.ac.uk> - 4.3.3-4
- Insufficient restrictions on certain MMU update hypercalls [XSA-109,
CVE-2014-8594] (#1165205)
- Missing privilege level checks in x86 emulation of far branches [XSA-110,
CVE-2014-8595] (#1165204)
- Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't
exploitable from xen (#1086776)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1160664 - CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109)
https://bugzilla.redhat.com/show_bug.cgi?id=1160664
[ 2 ] Bug #1160643 - CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110)
https://bugzilla.redhat.com/show_bug.cgi?id=1160643
[ 3 ] Bug #1078846 - CVE-2014-0150 qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function
https://bugzilla.redhat.com/show_bug.cgi?id=1078846
--------------------------------------------------------------------------------
================================================================================
xfce4-systemload-plugin-1.1.2-1.fc20 (FEDORA-2014-15550)
Systemload monitor for the Xfce panel
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.2. Fixes bugs #1165421 and #1166890
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2014 Kevin Fenzi <kevin at scrye.com> 1.1.2-1
- Update to 1.1.2. Fixes bugs #1165421 and #1166890
* Mon Aug 18 2014 Kalev Lember <kalevlember at gmail.com> - 1.1.1-8
- Rebuilt for upower 0.99.1 soname bump
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Oct 30 2013 Kevin Fenzi <kevin at scrye.com> 1.1.1-5
- Rebuild for new upower
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165421 - Bug fixes & improvements up to date
https://bugzilla.redhat.com/show_bug.cgi?id=1165421
[ 2 ] Bug #1166890 - broken tooltip for uptime
https://bugzilla.redhat.com/show_bug.cgi?id=1166890
--------------------------------------------------------------------------------
================================================================================
xscreensaver-5.32-1.fc20 (FEDORA-2014-15517)
X screen saver and locker
--------------------------------------------------------------------------------
Update Information:
New version 5.32 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Mamoru TASAKA <mtasaka at fedoraproject.org> - 1:5.32-1
- Update to 5.32
--------------------------------------------------------------------------------
More information about the test
mailing list