May 2014 - package-announce - Fedora Mailing-Lists

Fedora 19 Update: perl-Signal-Mask-0.007-1.fc19

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6478 2014-05-18 22:13:58 -------------------------------------------------------------------------------- Name : perl-Signal-Mask Product : Fedora 19 Version : 0.007 Release : 1.fc19 URL : http://search.cpan.org/dist/Signal-Mask/ Summary : Signal masks made easy Description : Signal::Mask is an abstraction around your process or thread signal mask. It is used to fetch and/or change the signal mask of the calling process or thread. The signal mask is the set of signals whose delivery is currently blocked for the caller. It is available as the global hash Signal::Mask. -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1087401 - Review Request:perl-Signal-Mask - Signal masks made easy https://bugzilla.redhat.com/show_bug.cgi?id=1087401 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update perl-Signal-Mask' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

Fedora 20 Update: python3-postgresql-1.1.0-1.fc20

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6495 2014-05-21 01:29:39 -------------------------------------------------------------------------------- Name : python3-postgresql Product : Fedora 20 Version : 1.1.0 Release : 1.fc20 URL : http://python.projects.postgresql.org/ Summary : Connect to PostgreSQL with Python 3 Description : python-postgresql is a Python 3 package providing modules to work with PostgreSQL. This includes a high-level driver, and many other tools that support a developer working with PostgreSQL databases. -------------------------------------------------------------------------------- Update Information: Rebase to new version that supports PostgreSQL 9.2. -------------------------------------------------------------------------------- ChangeLog: * Mon May 19 2014 Honza Horak <hhorak(a)redhat.com> - 1.1.0-1 - Rebase to 1.1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1082216 - python3-postgresql 1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1082216 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python3-postgresql' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

Fedora 20 Update: ssldump-0.9-0.9.b3.fc20

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6296 2014-05-13 04:00:37 -------------------------------------------------------------------------------- Name : ssldump Product : Fedora 20 Version : 0.9 Release : 0.9.b3.fc20 URL : http://www.rtfm.com/ssldump/ Summary : An SSLv3/TLS network protocol analyzer Description : This program is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When ssldump identifies SSLv3/TLS traffic, ssldump decodes the records and displays them in a textual form to stdout. And if provided with the appropriate keying material, ssldump will also decrypt the connections and display the application data traffic. This program is based on tcpdump, a network monitoring and data acquisition tool. -------------------------------------------------------------------------------- Update Information: - Added a patch which adds further link layer offsets - Added patch to include traffic with(out) the 802.1Q VLAN header - Added patch for TLSv1.1/TLSv1.2 application data decrypt support - Added a patch to update known cipher suites according to IANA - Added patch with new cipher suites for application data decoding -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Robert Scheck <robert(a)fedoraproject.org> 0.9-0.9.b3 - Added a patch which adds further link layer offsets - Added patch to include traffic with(out) the 802.1Q VLAN header - Added patch for TLSv1.1/TLSv1.2 application data decrypt support - Added a patch to update known cipher suites according to IANA - Added patch with new cipher suites for application data decoding -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ssldump' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

[SECURITY] Fedora 20 Update: python-django-1.6.5-1.fc20

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6449 2014-05-17 05:40:31 -------------------------------------------------------------------------------- Name : python-django Product : Fedora 20 Version : 1.6.5 Release : 1.fc20 URL : http://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: update to 1.6.5 fixing CVE-2014-1418 -------------------------------------------------------------------------------- ChangeLog: * Fri May 16 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.5-1 - update to 1.6.5 CVE-2014-1418, CVE-2014-3730 (rhbz#1097935) * Mon May 12 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.4-2 - don't hardcode python3.3 * Wed May 7 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.4-1 - update to 1.6.4 fix a potential regression in reverse() * Tue Apr 22 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.3-1 - update to 1.6.3 fixing CVE-2014-0473 and CVE-2014-0474 * Thu Mar 27 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.2-2 - remove simplejson requirement - make bash-completion a sub-package, both main packages can require * Thu Feb 13 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.2-1 - update to 1.6.2 (rhbz#1027766) - bash completion for python3-django-admin (rhbz#1035987) * Sun Nov 24 2013 Matěj Cepl <mcepl(a)redhat.com> - 1.6-1 - update to 1.6 (rhbz#1027766) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097500 - CVE-2014-1418 Django: cached data possibly served to the wrong session https://bugzilla.redhat.com/show_bug.cgi?id=1097500 [ 2 ] Bug #1097505 - CVE-2014-3730 Django: insufficient URL validation could lead to redirects https://bugzilla.redhat.com/show_bug.cgi?id=1097505 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python-django' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

Fedora 20 Update: xen-4.3.2-4.fc20

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6486 2014-05-19 03:31:18 -------------------------------------------------------------------------------- Name : xen Product : Fedora 20 Version : 4.3.2 Release : 4.fc20 URL : http://xen.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: add systemd preset support (#1094938) -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.2-4 - add systemd preset support (#1094938) * Thu May 1 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.2-3 - HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) * Wed Mar 26 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.2-2 - HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) * Tue Feb 18 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.2-1 - update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included * Wed Feb 12 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-10 - use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491) * Thu Feb 6 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-9 - integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335) * Fri Jan 24 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-8 - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) * Thu Jan 23 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-7 - Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142) * Wed Dec 11 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-6 - Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024) * Mon Dec 2 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-5 - HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885] * Tue Nov 26 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-4 - Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923) * Thu Nov 21 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-3 - Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1094938 - xen: script and/or trigger should not directly enable systemd units https://bugzilla.redhat.com/show_bug.cgi?id=1094938 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

Fedora 19 Update: freeradius-2.2.5-1.fc19

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6147 2014-05-09 02:07:54 -------------------------------------------------------------------------------- Name : freeradius Product : Fedora 19 Version : 2.2.5 Release : 1.fc19 URL : http://www.freeradius.org/ Summary : High-performance and highly configurable free RADIUS server Description : The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now has many more features than Cistron or Livingston, and is much more configurable. FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol, as defined in RFC 2865 (and others). It allows Network Access Servers (NAS boxes) to perform authentication for dial-up users. There are also RADIUS clients available for Web servers, firewalls, Unix logins, and more. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the amount of re-configuration which has to be done when adding or deleting new users. -------------------------------------------------------------------------------- Update Information: Upgrade to upstream 2.2.5 release. Upstream ChangeLog entry follows. Feature improvements * Update dictionary.terena. * expose server version via %v. Patch from Alan Buxey. * Forbid running with vulnerable versions of OpenSSL. See "allow_vulnerable_openssl" in the "security" subsection of "radiusd.conf" * Catch underlying "heartbleed" problem, so that nothing bad happens even when using a vulnerable version of OpenSSL. * Add dictionary.zte Bug fixes * Minor changes to build on Sun. * Print non-ASCII characters as octal in linelog. Closes #578 * close stdout in daemon mode. * Fix zombie period calculation. Closes #579 -------------------------------------------------------------------------------- ChangeLog: * Thu May 8 2014 Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com> - 2.2.5-1 - Upgrade to upstream 2.2.5 release. See /usr/share/doc/freeradius-2.2.5/ChangeLog for details * Fri Mar 21 2014 Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com> - 2.2.4-1 - Rebase onto 2.2.4. Resolves: bug#1078762. * Fri Feb 21 2014 Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com> - 2.2.3-7 - Fix CVE-2014-2015 "freeradius: stack-based buffer overflow flaw in rlm_pap module" - resolves: bug#1066984 (fedora 1066763) * Tue Jan 14 2014 John Dennis <jdennis(a)redhat.com> - 2.2.3-6 - Upgrade to upstream 2.2.3 release See /usr/share/doc/freeradius-2.2.3/ChangeLog for details -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update freeradius' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

Fedora 20 Update: php-pear-Mail-Mime-1.8.9-1.fc20

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6390 2014-05-16 08:56:30 -------------------------------------------------------------------------------- Name : php-pear-Mail-Mime Product : Fedora 20 Version : 1.8.9 Release : 1.fc20 URL : http://pear.php.net/package/Mail_Mime Summary : Classes to create MIME messages Description : Mail_Mime provides classes to deal with the creation and manipulation of MIME messages. It allows people to create e-mail messages consisting of: * Text Parts * HTML Parts * Inline HTML Images * Attachments * Attached messages It supports big messages, base64 and quoted-printable encoding and non-ASCII characters in file names, subjects, recipients, etc. encoded using RFC2047 and/or RFC2231. -------------------------------------------------------------------------------- Update Information: Upstream Changelog: * Fixed Bug #20273: Incorrect handling of HTAB in encodeHeader() [alec] * Fixed Bug #20226: Mail_mimePart::encodeHeader does not encode ISO-2022-JP string [alec] * Fixed Bug #20222: Broken Compatybility with PHP4 [alec] -------------------------------------------------------------------------------- ChangeLog: * Wed May 14 2014 Remi Collet <remi(a)fedoraproject.org> - 1.8.9-1 - update to 1.8.9 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php-pear-Mail-Mime' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

Fedora 19 Update: ssldump-0.9-0.9.b3.fc19

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6287 2014-05-13 04:00:18 -------------------------------------------------------------------------------- Name : ssldump Product : Fedora 19 Version : 0.9 Release : 0.9.b3.fc19 URL : http://www.rtfm.com/ssldump/ Summary : An SSLv3/TLS network protocol analyzer Description : This program is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When ssldump identifies SSLv3/TLS traffic, ssldump decodes the records and displays them in a textual form to stdout. And if provided with the appropriate keying material, ssldump will also decrypt the connections and display the application data traffic. This program is based on tcpdump, a network monitoring and data acquisition tool. -------------------------------------------------------------------------------- Update Information: - Added a patch which adds further link layer offsets - Added patch to include traffic with(out) the 802.1Q VLAN header - Added patch for TLSv1.1/TLSv1.2 application data decrypt support - Added a patch to update known cipher suites according to IANA - Added patch with new cipher suites for application data decoding -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Robert Scheck <robert(a)fedoraproject.org> 0.9-0.9.b3 - Added a patch which adds further link layer offsets - Added patch to include traffic with(out) the 802.1Q VLAN header - Added patch for TLSv1.1/TLSv1.2 application data decrypt support - Added a patch to update known cipher suites according to IANA - Added patch with new cipher suites for application data decoding * Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9-0.8.b3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ssldump' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

Fedora 19 Update: glite-px-proxyrenewal-1.3.35-1.fc19

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6112 2014-05-08 09:10:58 -------------------------------------------------------------------------------- Name : glite-px-proxyrenewal Product : Fedora 19 Version : 1.3.35 Release : 1.fc19 URL : http://glite.cern.ch Summary : gLite proxyrenewal renews existing proxy certificates for grid users Description : The daemon is responsible for secure and controlled way of periodical renewal of user proxy certificates. Its primary goal is to support long-time jobs running on the grid. -------------------------------------------------------------------------------- Update Information: New release 1.3.35. Changes: * Make sure 1024-bit keys are explicitly requested from Globus for initiating proxy certificates, overriding the current Globus default of 512 bits * Hardened build has been enabled, result binaries are more secured now -------------------------------------------------------------------------------- ChangeLog: * Tue May 6 2014 František Dvořák <valtri(a)civ.zcu.cz> - 1.3.35-1 - Release glite-px-proxyrenewal 1.3.35 - Enable hardened build - Update patches, add EPEL 7 support - Simplify scriptlets -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update glite-px-proxyrenewal' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

Fedora 20 Update: lohit-nepali-fonts-2.94.0-1.fc20

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-6382 2014-05-16 08:56:11 -------------------------------------------------------------------------------- Name : lohit-nepali-fonts Product : Fedora 20 Version : 2.94.0 Release : 1.fc20 URL : https://fedorahosted.org/lohit/ Summary : Free TrueType fonts for Nepali language Description : This package provides a free TrueType font for Nepali language. -------------------------------------------------------------------------------- Update Information: This is an update with latest upstream release. This is an update with enhanced upstream new release. -------------------------------------------------------------------------------- ChangeLog: * Thu May 15 2014 Pravin Satpute <psatpute(a)redhat.com> - 2.94.0-1 - Upstream release 2.94.0 - Positioning lookup clean-up. - Improved grid fitting(GASP) table. - Renamed anchors to DVAnchor. - Using glyph reference (copy reference) instead of whole glyph points. - Auto test integrated with Makefile ($make test). - Resolved #32: "सर्व्हिस does not render correctly" - Resolved #33: "improper rendering for word : "मञ्यांच्या"" * Mon Dec 30 2013 Pravin Satpute <psatpute(a)redhat.com> - 2.93.0-1 - Upstream release 2.93.0 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update lohit-nepali-fonts' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

10 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce May 2014