[SECURITY] Fedora 19 Update: libmicrohttpd-0.9.33-1.fc19
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-0946
2014-01-16 05:26:37
--------------------------------------------------------------------------------
Name : libmicrohttpd
Product : Fedora 19
Version : 0.9.33
Release : 1.fc19
URL : http://www.gnu.org/software/libmicrohttpd/
Summary : Lightweight library for embedding a webserver in applications
Description :
GNU libmicrohttpd is a small C library that is supposed to make it
easy to run an HTTP server as part of another application.
Key features that distinguish libmicrohttpd from other projects are:
* C library: fast and small
* API is simple, expressive and fully reentrant
* Implementation is http 1.1 compliant
* HTTP server can listen on multiple ports
* Support for IPv6
* Support for incremental processing of POST data
* Creates binary of only 25k (for now)
* Three different threading models
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 0.9.33 due to security issues
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2014 Václav Pavlín <vpavlin(a)redhat.com> - 0.9.33-1
- Update to latest upstream release 0.9.33 due to security
issues (#1039391, #1039391)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1039391 - libmicrohttpd: stack overflow in MHD_digest_auth_check() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1039391
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libmicrohttpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months
Fedora 20 Update: glpi-0.84.4-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1392
2014-01-23 09:49:41
--------------------------------------------------------------------------------
Name : glpi
Product : Fedora 20
Version : 0.84.4
Release : 1.fc20
URL : http://www.glpi-project.org/
Summary : Free IT asset management software
Description :
GLPI is the Information Resource-Manager with an additional Administration-
Interface. You can use it to build up a database with an inventory for your
company (computer, software, printers...). It has enhanced functions to make
the daily life for the administrators easier, like a job-tracking-system with
mail-notification and methods to build a database with basic information
about your network-topology.
--------------------------------------------------------------------------------
Update Information:
Upstream changelog for version 0.84.4
* Bug #4617: Unable to use ticket search engine for my groups when huge number of groups
* Bug #4632: The functions _searchOptionsValues are never launched
* Bug #4660: approbation of the solution for a post-only
* Bug #4661: Tranfer connected item of a computer
* Bug #4664: Replay dictionnaries rules
* Bug #4666: Some bottom buttons of massive action do not work
* Bug #4678: Trouble with search for knowbase item
* Bug #4683: Creation of recurrent ticket
* Bug #4684: multi rights in rule engine
* Bug #4685: Do not execute SLA on deleted tickets
* Bug #4695: Dictionnary of software
* Bug #4712: permit due_date = opening date of a ticket / Bug on due_date computation if preliminary creation
* Bug #4713: In user list, when add column 'entity (profile)' we can see (R) but not the (D)
* Bug #4722: Bugs on global search engine for Ticket
* Bug #4728: Performance trouble on tickets linked to computers
* Bug #4732: Search on manufacturer for monitor
* Bug #4735: Do not display Create default template icon in profile if not on root entity
* Bug #4736: Affect item by IP / FQDNLabel on rule ticket does not work
* Bug #4737: Trouble on update ticket : may delete SLA instead of update
* Bug #4748: DB Replicate password update save encoding trouble
* Bug #4749: Create closed ticket with mandatory errors
* Bug #4751: Test button on Ldap replica is not functionnal
* Bug #4752: LDAP Filter Comparators (<=, >=) Fail Syntax Check
* Bug #4754: Notification : trouble with migration of validation.storestatus
* Bug #4757: Tickets to approve in central (my view)
* Bug #4758: Error value of ##ticket.assigntosupplier##
* Feature #4381: Massive actions to change group of users
* Feature #4677: Add location of the ticket in notification tags
* Feature #4690: More possible days in SLA
* Feature #4733: Add date of the ticket followup in search engine
* Feature #4760: Limit text fields length in search engine
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2014 Remi Collet <remi(a)fedoraproject.org> - 0.84.4-1
- update to 0.84.4
https://forge.indepnet.net/projects/glpi/versions/993
* Tue Jan 21 2014 Remi Collet <remi(a)fedoraproject.org> - 0.84.3-2
- fix SELinux context #1032995
use httpd_sys_rw_content_t instead of httpd_sys_script_rw_t
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update glpi' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months
Fedora 20 Update: cups-bjnp-1.2.2-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1365
2014-01-23 09:48:37
--------------------------------------------------------------------------------
Name : cups-bjnp
Product : Fedora 20
Version : 1.2.2
Release : 1.fc20
URL : https://sourceforge.net/projects/cups-bjnp/
Summary : CUPS backend for the Canon BJNP network printers
Description :
This package contains a backend for CUPS for Canon printers using the
proprietary BJNP network protocol.
--------------------------------------------------------------------------------
Update Information:
new upstream release 1.2.2
- Fix crash with newer printers that send an xml-document for printer status
- Fix possible buffer overflow on response buffer
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2014 Louis Lagendijk <llagendijk(a)users.sourceforge.net> - 1.2.2-1
- new upstream release 1.2.2
- Fix crash with newer printers that send an xml-document for printer status
- Fix possible buffer overflow on response buffer
* Wed Jan 22 2014 Louis Lagendijk <llagendijk(a)users.sourceforge.net> - 1.2.1-3
- temporary release for testing
- Fix crash with newer printers that send an xml-document for printer status
- Fix possible buffer overflow on response buffer
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1056222 - [abrt] cups-bjnp: strcpy(): bjnp killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1056222
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update cups-bjnp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months
Fedora 20 Update: f2fs-tools-1.2.0-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1317
2014-01-22 21:40:25
--------------------------------------------------------------------------------
Name : f2fs-tools
Product : Fedora 20
Version : 1.2.0
Release : 1.fc20
URL : http://sourceforge.net/projects/f2fs-tools/
Summary : Tools for Flash-Friendly File System (F2FS)
Description :
NAND flash memory-based storage devices, such as SSD, and SD cards,
have been widely being used for ranging from mobile to server systems.
Since they are known to have different characteristics from the
conventional rotational disks,a file system, an upper layer to
the storage device, should adapt to the changes
from the sketch.
F2FS is a new file system carefully designed for the
NAND flash memory-based storage devices.
We chose a log structure file system approach,
but we tried to adapt it to the new form of storage.
Also we remedy some known issues of the very old log
structured file system, such as snowball effect
of wandering tree and high cleaning overhead.
Because a NAND-based storage device shows different characteristics
according to its internal geometry or flash memory management
scheme aka FTL, we add various parameters not only for configuring
on-disk layout, but also for selecting allocation
and cleaning algorithms.
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 19 2014 Eduardo Echeverria <echevemaster(a)gmail.com> - 1.2.0-1
- Update to the latest upstream version
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update f2fs-tools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months
Fedora 20 Update: fatrat-1.2.0-0.17.beta2.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1336
2014-01-22 21:41:05
--------------------------------------------------------------------------------
Name : fatrat
Product : Fedora 20
Version : 1.2.0
Release : 0.17.beta2.fc20
URL : http://fatrat.dolezel.info
Summary : Feature-rich download manager
Description :
FatRat is download manager written in C++ and build on top of the Qt4 library.
It is rich in features and is continuously extended. Main characteristics:
- Segmented HTTP(S)/FTP downloads
- FTP uploads
- Support for SOCKS5 and HTTP proxies
- RSS feed support + special functions for TV shows and podcasts
- BitTorrent support (including torrent creating, DHT, UPnP, encryption etc.)
- Torrent search on mayor torrent sites
- RapidShare.com FREE and premium downloads
- RapidShare.com uploads
- RapidShare.com link verification and folder extraction
- RapidSafe link decoding
- MD4/MD5/SHA1 hash computing
- Remote control via Jabber
- Remote control via an AJAX web interface
- Subtitle search
- Scheduler
- Clipboard monitor
--------------------------------------------------------------------------------
Update Information:
rebuild due to gloox library update
Fix broken build
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 2 2013 Jan Vcelak <jvcelak(a)fedoraproject.org> 1:1.2.0-0.17.beta2
- rebuild due to gloox rebase
* Tue Nov 26 2013 Jan Vcelak <jvcelak(a)fedoraproject.org> 1:1.2.0-0.16.beta2
- workaround bug in gloox header file, fixes compilation
- workaround bug in gloox-devel, add missing build requires, fixes linking
* Sun Nov 17 2013 Jan Vcelak <jvcelak(a)fedoraproject.org> 1:1.2.0-0.15.beta2
- rebuild due to broken deps
- update unversioned doc dir
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1055808 - fatrat needs to be rebuild
https://bugzilla.redhat.com/show_bug.cgi?id=1055808
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update fatrat' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months
[SECURITY] Fedora 20 Update: moodle-2.5.4-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1396
2014-01-23 09:49:51
--------------------------------------------------------------------------------
Name : moodle
Product : Fedora 20
Version : 2.5.4
Release : 1.fc20
URL : http://moodle.org/
Summary : A Course Management System
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-0008,9,10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2014 Jon Ciesla <limburgher(a)gmail.com> - 2.5.4-1
- Fix for CVE-2014-0008,9,10.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1055390 - CVE-2014-0008 CVE-2014-0009 CVE-2014-0010 moodle: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1055390
[ 2 ] Bug #1055388 - CVE-2014-0008 CVE-2014-0009 CVE-2014-0010 moodle: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1055388
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update moodle' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months
Fedora 19 Update: duplicity-0.6.22-5.fc19
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1099
2014-01-19 03:19:57
--------------------------------------------------------------------------------
Name : duplicity
Product : Fedora 19
Version : 0.6.22
Release : 5.fc19
URL : http://www.nongnu.org/duplicity/
Summary : Encrypted bandwidth-efficient backup using rsync algorithm
Description :
Duplicity incrementally backs up files and directory by encrypting
tar-format volumes with GnuPG and uploading them to a remote (or
local) file server. In theory many protocols for connecting to a
file server could be supported; so far ssh/scp, local file access,
rsync, ftp, HSI, WebDAV and Amazon S3 have been written.
Because duplicity uses librsync, the incremental archives are space
efficient and only record the parts of files that have changed since
the last backup. Currently duplicity supports deleted files, full
unix permissions, directories, symbolic links, fifos, device files,
but not hard links.
--------------------------------------------------------------------------------
Update Information:
Added patch to fix Amazon s3 backup
Added runtime requirement to python-dropbox
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2014 Rahul Sundaram <sundaram(a)fedoraproject.org> - 0.6.22-5
- Added patch to fix Amazon s3 backup (#1048068)
* Mon Jan 13 2014 Rahul Sundaram <sundaram(a)fedoraproject.org> - 0.6.22-4
- Added runtime requirement to python-dropbox (#1048656)
* Fri Dec 27 2013 Rahul Sundaram <sundaram(a)fedoraproject.org> - 0.6.22-3
- Fix ssl cert enforcement (rhbz#960860)
- Fix bogus date in changelog
* Thu Dec 26 2013 Robert Scheck <robert(a)fedoraproject.org> 0.6.22-2
- Added runtime requirement to python-paramiko (#819272, #918933)
* Wed Dec 25 2013 Robert Scheck <robert(a)fedoraproject.org> 0.6.22-1
- Upgrade to 0.6.22 (#903584, #992158)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.6.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1048068 - backup to s3 fails with traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1048068
[ 2 ] Bug #1048656 - duplicity prints a non-fatal error message
https://bugzilla.redhat.com/show_bug.cgi?id=1048656
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update duplicity' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months
Fedora 20 Update: opencryptoki-3.0-8.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1398
2014-01-23 09:49:55
--------------------------------------------------------------------------------
Name : opencryptoki
Product : Fedora 20
Version : 3.0
Release : 8.fc20
URL : http://sourceforge.net/projects/opencryptoki
Summary : Implementation of the PKCS#11 (Cryptoki) specification v2.11
Description :
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package contains the Slot Daemon (pkcsslotd) and general utilities.
--------------------------------------------------------------------------------
Update Information:
- include token specific directories (#1013017, #1045775, #1054442)
- fix pkcsconf crash for non-root users (#10054661)
- the libs subpackage must care of creating the pkcs11 group, it's the first to be installed
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 20 2014 Dan Horák <dan[at]danny.cz> - 3.0-8
- include token specific directories (#1013017, #1045775, #1054442)
- fix pkcsconf crash for non-root users (#10054661)
- the libs subpackage must care of creating the pkcs11 group, it's the first to be installed
* Tue Dec 3 2013 Dan Horák <dan[at]danny.cz> - 3.0-7
- fix build with -Werror=format-security (#1037228)
* Fri Nov 22 2013 Dan Horák <dan[at]danny.cz> - 3.0-6
- apply post-3.0 fixes (#1033284)
* Tue Nov 19 2013 Dan Horák <dan[at]danny.cz> - 3.0-5
- update opencryptoki man page (#1001729)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1045775 - pksconf need various directory to be created in order to work
https://bugzilla.redhat.com/show_bug.cgi?id=1045775
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update opencryptoki' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months
Fedora 20 Update: perl-Lingua-EN-Sentence-0.25-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1309
2014-01-22 21:40:05
--------------------------------------------------------------------------------
Name : perl-Lingua-EN-Sentence
Product : Fedora 20
Version : 0.25
Release : 1.fc20
URL : http://search.cpan.org/dist/Lingua-EN-Sentence/
Summary : Module for splitting text into sentences
Description :
The Lingua::EN::Sentence module contains the function get_sentences, which
splits text into its constituent sentences, based on a regular expression
and a list of abbreviations (built in and given).
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1054867 - Review Request: perl-Lingua-EN-Sentence - Module for splitting text into sentences
https://bugzilla.redhat.com/show_bug.cgi?id=1054867
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Lingua-EN-Sentence' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months
Fedora 20 Update: LuxRender-1.3.1-4.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-0093
2014-01-03 07:38:03
--------------------------------------------------------------------------------
Name : LuxRender
Product : Fedora 20
Version : 1.3.1
Release : 4.fc20
URL : http://www.luxrender.net
Summary : Lux Renderer, an unbiased rendering system
Description :
LuxRender is a rendering system for physically correct image synthesis.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream (1.3.1).
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 1 2014 François Cami <fcami(a)fedoraproject.org> - 1.3.1-4
- Fix FTBS.
* Tue Dec 10 2013 Björn Esser <bjoern.esser(a)gmail.com> - 1.3.1-3
- rebuilt to fix several broken dependencies in Rawhide
* Wed Nov 27 2013 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3.1-2
- rebuild (openexr)
* Tue Nov 19 2013 Nicolas Chauvet <kwizart(a)gmail.com> - 1.3.1-1
- Update to 1.3.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1047722 - [PATCH] RFE: Update LuxRender to 1.3.1 (fix FTBS)
https://bugzilla.redhat.com/show_bug.cgi?id=1047722
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update LuxRender' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years, 2 months