The following Fedora 20 Security updates need testing:
Age URL
20
https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keysto...
11
https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
10
https://admin.fedoraproject.org/updates/FEDORA-2014-5918/owncloud-6.0.3-1...
9
https://admin.fedoraproject.org/updates/FEDORA-2014-5972/python-fmn-web-0...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-6003/mingw-qt-4.8.6-1...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-5988/mingw-qt5-qtbase...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-6068/cifs-utils-6.3-2...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-6098/rubygem-actionpa...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-6120/mariadb-galera-5...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-6128/abrt-2.2.1-2.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6277/dpkg-1.16.14-1.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6258/smb4k-1.1.2-1.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6263/botan-1.10.8-1.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6276/seamonkey-2.26-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6288/qemu-1.6.2-5.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6303/perl-LWP-Protoco...
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
7
https://admin.fedoraproject.org/updates/FEDORA-2014-5992/pcmanfm-qt-0.1.0...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-6064/gupnp-0.20.11-1....
4
https://admin.fedoraproject.org/updates/FEDORA-2014-6132/xorg-x11-drv-evd...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-6101/policycoreutils-...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-6084/selinux-policy-3...
3
https://admin.fedoraproject.org/updates/FEDORA-2014-6201/vte3-0.34.9-2.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6309/gdb-7.7.1-12.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6241/curl-7.32.0-10.fc20
The following builds have been pushed to Fedora 20 updates-testing
GraphicsMagick-1.3.19-6.fc20
OCE-0.15-2.fc20
bitlbee-3.2.1-3.fc20
devscripts-2.14.2-1.fc20
gdb-7.7.1-12.fc20
ghc-hjsmin-0.1.4.6-1.fc20
ghc-language-javascript-0.5.13-1.fc20
gitolite3-3.6-1.fc20
hplip-3.14.4-4.fc20
ibus-table-others-1.3.0.20140512-1.fc20
irrlicht-1.8.1-3.fc20
libtrash-3.2-14.fc20
perl-Image-ExifTool-9.60-1.fc20
perl-JSON-MaybeXS-1.002002-2.fc20
perl-LWP-Protocol-https-6.04-4.fc20
perl-Net-DNS-0.75-1.fc20
perl-Parse-DMIDecode-0.03-1.fc20
pyshp-1.2.1-1.fc20
python-blist-1.3.6-1.fc20
python-fn-0.2.13-1.fc20
qemu-1.6.2-5.fc20
rpmlint-1.5-9.fc20
skrooge-1.9.0-1.fc20
ssldump-0.9-0.9.b3.fc20
system-config-kdump-2.0.15-1.fc20
systemtap-2.5-2.fc20
taskcoach-1.3.38-2.fc20
telepathy-qt4-0.9.3.1-0.1.20140403git0191a6dd.fc20
tito-0.5.4-1.fc20
trinity-1.4-1.fc20
xmobar-0.20.1-1.fc20
Details about builds:
================================================================================
GraphicsMagick-1.3.19-6.fc20 (FEDORA-2014-6299)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
Update to latest stable bugfix release, see also
http://www.graphicsmagick.org/NEWS.html#december-31-2013
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 11 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.19-6
- handle upgrade path for introduction of -doc subpkg in 1.3.19-4
* Mon Feb 3 2014 Remi Collet <remi(a)fedoraproject.org> - 1.3.19-5
- upstream patch, drop debug output (#1060665)
* Sat Jan 25 2014 Ville Skyttä <ville.skytta(a)iki.fi> - 1.3.19-4
- Split docs into -doc subpackage, drop README.txt (#1056306).
- Drop no longer needed BrowseDelegateDefault modification.
- Convert docs to UTF-8.
* Thu Jan 9 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.19-3
- ppc64le is a multilib arch (#1051208)
* Wed Jan 1 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.19-2
- BR: jbigkit, libwebp, xdg-utils, xz
* Wed Jan 1 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.19-1
- 1.3.19 (#1047676)
* Tue Oct 15 2013 Rex Dieter <rdieter(a)fedoraproject.org> 1.3.18-5
- trim changelog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096540 - [abrt] GraphicsMagick: MagickMapDeallocateMap(): gm killed by
SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1096540
--------------------------------------------------------------------------------
================================================================================
OCE-0.15-2.fc20 (FEDORA-2014-6320)
OpenCASCADE Community Edition
--------------------------------------------------------------------------------
Update Information:
Initial build.
--------------------------------------------------------------------------------
================================================================================
bitlbee-3.2.1-3.fc20 (FEDORA-2014-6325)
IRC to other chat networks gateway
--------------------------------------------------------------------------------
Update Information:
Eliminate our own bitlbee.xinetd by patching the upstream one.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 5 2014 Matěj Cepl <mcepl(a)redhat.com> - 3.2.1-3
- Eliminate our own bitlbee.xinetd by patching the upstream one.
* Wed Dec 18 2013 Robert Scheck <robert(a)fedoraproject.org> 3.2.1-2
- Some spec file cleanups and ensure that RHEL 5 builds again
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1061498 - Use (modified) upstream bitlbee.xinetd
https://bugzilla.redhat.com/show_bug.cgi?id=1061498
--------------------------------------------------------------------------------
================================================================================
devscripts-2.14.2-1.fc20 (FEDORA-2014-6312)
Scripts for Debian Package maintainers
--------------------------------------------------------------------------------
Update Information:
Update to version 2.14.2, see
http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devsc...
for details.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Sandro Mani <manisandro(a)gmail.com> - 2.14.2-1
- Update to 2.14.2
--------------------------------------------------------------------------------
================================================================================
gdb-7.7.1-12.fc20 (FEDORA-2014-6309)
A GNU source-level debugger for C, C++, Fortran, Go and other languages
--------------------------------------------------------------------------------
Update Information:
s390 build fix.
F-20 contained a trunk snapshot. As there were several bugs hit by users which are fixed
now in a stable release and as F-20 is the latest stable release for a longer time than
others I have rebased GDB.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> - 7.7.1-12.fc21
- [s390*] Fix compilation error.
* Fri May 9 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> - 7.7.1-11.fc21
- [ppc*] Import ppc64le support (BZ 1096303, Ulrich Weigand).
* Tue May 6 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> - 7.7.1-10.fc21
- Rebase to FSF GDB 7.7.1.
* Mon May 5 2014 Sergio Durigan Junior <sergiodj(a)redhat.com> - 7.7-9.fc21
- Improve testcase message for RH BZ 981154.
* Mon May 5 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> - 7.7-8.fc21
- Fix TLS access for -static -pthread (BZ 1080660).
* Mon May 5 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> - 7.7-7.fc21
- Add GFDL License to the main package (man pages are generated from .texinfo).
* Thu Apr 24 2014 Sergio Durigan Junior <sergiodj(a)redhat.com> - 7.7-6.fc21
- Fix build failures for GCC 4.9 (Nick Clifton).
* Thu Apr 24 2014 Sergio Durigan Junior <sergiodj(a)redhat.com> - 7.7-5.fc21
- Fix 'gdb gives highly misleading error when debuginfo pkg is present,
but not corresponding binary pkg' (RH BZ 981154).
* Mon Feb 24 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> - 7.7-4.fc21
- Fix crash of -readnow /usr/lib/debug/usr/bin/gnatbind.debug (BZ 1069211).
* Sun Feb 23 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> - 7.7-3.fc21
- [rhel6] DTS backward Python compatibility API (BZ 1020004, Phil Muldoon).
- [rhel6] Do not install its man page if gdb-add-index is not installed.
- [rhel] Do not migrate /usr/share/gdb/auto-load/ with symlinks on RHELs.
- Fix gdb-7.7 auto-load from /usr/share/gdb/auto-load/ regression.
* Sun Feb 9 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> - 7.7-2.fc21
- [rhel] Fix rebase build regression on RHEL systems (Tobias Burnus).
* Fri Feb 7 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> - 7.7-1.fc21
- Rebase to FSF GDB 7.7.
- New rpmbuild option: --with asan
* Thu Jan 23 2014 Jan Kratochvil <jan.kratochvil(a)redhat.com> -
7.6.50.20140119-20.fc20
- [s390*,ppc*] Enable secondary targets s390* and ppc* (BZ 1056259).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1080660 - [Fedora] Can't access TLS variables in statically linked
binaries
https://bugzilla.redhat.com/show_bug.cgi?id=1080660
--------------------------------------------------------------------------------
================================================================================
ghc-hjsmin-0.1.4.6-1.fc20 (FEDORA-2014-6313)
Haskell implementation of a javascript minifier
--------------------------------------------------------------------------------
Update Information:
Latest upstream releases + new deps.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Ricky Elrod <relrod(a)redhat.com> - 0.1.4.6-1
- Latest upstream release.
- Add optparse-applicative dep.
* Thu Apr 24 2014 Jens Petersen <petersen(a)redhat.com> - 0.1.4.4-5
- rebuild
* Mon Jan 20 2014 Ricky Elrod <codeblock(a)fedoraproject.org> - 0.1.4.4-4
- Rebuild again.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1092434 - ghc-language-javascript-0.5.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1092434
[ 2 ] Bug #1057479 - ghc-hjsmin-0.1.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1057479
--------------------------------------------------------------------------------
================================================================================
ghc-language-javascript-0.5.13-1.fc20 (FEDORA-2014-6313)
Parser for JavaScript
--------------------------------------------------------------------------------
Update Information:
Latest upstream releases + new deps.
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 11 2014 Ricky Elrod <relrod(a)redhat.com> - 0.5.13-1
- Latest upstream release.
* Thu Apr 10 2014 Ricky Elrod <codeblock(a)fedoraproject.org> - 0.5.12-1
- Latest upstream release.
- Remove old patch.
* Mon Jan 20 2014 Ricky Elrod <codeblock(a)fedoraproject.org> - 0.5.8-5
- Another rebuild.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1092434 - ghc-language-javascript-0.5.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1092434
[ 2 ] Bug #1057479 - ghc-hjsmin-0.1.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1057479
--------------------------------------------------------------------------------
================================================================================
gitolite3-3.6-1.fc20 (FEDORA-2014-6316)
Highly flexible server for git directory version tracker
--------------------------------------------------------------------------------
Update Information:
Latest upstream, minor enhancements.
https://github.com/sitaramc/gitolite/commit/522cc1fc1af530ef9c82e01d89f11...
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Jon Ciesla <limburgher(a)gmail.com> - 1:3.6-1
- Latest upstream.
--------------------------------------------------------------------------------
================================================================================
hplip-3.14.4-4.fc20 (FEDORA-2014-6291)
HP Linux Imaging and Printing Project
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 29 2014 Tim Waugh <twaugh(a)redhat.com> - 3.14.4-4
- Fixed scan-tmp patch (bug #1076954).
* Tue Apr 22 2014 Tim Waugh <twaugh(a)redhat.com> - 3.14.4-3
- Fix for last fix (bug #984167).
* Wed Apr 16 2014 Tim Waugh <twaugh(a)redhat.com> - 3.14.4-2
- Fixed codec issue (bug #984167).
* Wed Apr 9 2014 Jiri Popelka <jpopelka(a)redhat.com> - 3.14.4-1
- 3.14.4
* Fri Apr 4 2014 Tim Waugh <twaugh(a)redhat.com> - 3.14.3-3
- Scan to /var/tmp instead of /tmp (bug #1076954).
* Mon Mar 10 2014 Jiri Popelka <jpopelka(a)redhat.com> - 3.14.3-2
- BuildRequires: pkgconfig(dbus-1) instead of dbus-devel
* Fri Mar 7 2014 Jiri Popelka <jpopelka(a)redhat.com> - 3.14.3-1
- 3.14.3
- --enable-udev-acl-rules configure flag has been removed upstream
* Thu Jan 9 2014 Jiri Popelka <jpopelka(a)redhat.com> - 3.14.1-1
- 3.14.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096485 - hplip is outdated : please upgrade to 3.14.4
https://bugzilla.redhat.com/show_bug.cgi?id=1096485
[ 2 ] Bug #1076954 - segfault and core dump in hp-scan
https://bugzilla.redhat.com/show_bug.cgi?id=1076954
--------------------------------------------------------------------------------
================================================================================
ibus-table-others-1.3.0.20140512-1.fc20 (FEDORA-2014-6302)
Various tables for IBus-Table
--------------------------------------------------------------------------------
Update Information:
update to latest upstream 1.3.0.20140512; keyboard layout fixes;
update to latest upstream 1.3.0.20140505; Don’t force “us” layout for the latex input
method; The “latex” table uses “\” as a startchar
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Mike FABIAN <mfabian(a)redhat.com> - 1.3.0.20140512-1
- update to latest upstream 1.3.0.20140512
- Don’t force “us” layout for cns11643, compose, ipa-x-sampa, viqr,
emoji, mathwriter-ibus, translit-ua, and translit
- Keep forcing “us” layout only for “rustrad”, “yawerty”, and “thai”.
But ibus does not use the option “KEYBOARD_LAYOUT”, the correct name
of that option is just “LAYOUT”. Fix that for all tables.
* Mon May 5 2014 Mike FABIAN <mfabian(a)redhat.com> - 1.3.0.20140505-1
- update to latest upstream 1.3.0.20140505
- Don’t force “us” layout for the latex input method
- The “latex” table uses “\” as a startchar
- fix wrong weekday in rpm changelog
--------------------------------------------------------------------------------
================================================================================
irrlicht-1.8.1-3.fc20 (FEDORA-2014-6305)
A high performance realtime 3D engine
--------------------------------------------------------------------------------
Update Information:
Fix incorrect variable in Makefile causing slightly incorrect soname versioning (corrected
by ldconfig, but causing rpmverify to fail).
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Tom Callaway <spot(a)fedoraproject.org> - 1.8.1-3
- fix VERSION_RELEASE to be correct in Makefile, resolving bz 1096792
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096792 - Library version linking
https://bugzilla.redhat.com/show_bug.cgi?id=1096792
--------------------------------------------------------------------------------
================================================================================
libtrash-3.2-14.fc20 (FEDORA-2014-6300)
Libraries to move files to a trash-folder on delete
--------------------------------------------------------------------------------
Update Information:
- avoid symbol clashes when loading audacious plug-ins (#1096443)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Kamil Dudka <kdudka(a)redhat.com> - 3.2-14
- avoid symbol clashes when loading audacious plug-ins (#1096443)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096443 - [abrt] libtrash init(): audacious killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1096443
--------------------------------------------------------------------------------
================================================================================
perl-Image-ExifTool-9.60-1.fc20 (FEDORA-2014-6293)
Utility for reading and writing image meta info
--------------------------------------------------------------------------------
Update Information:
Update to latest stable release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Tom Callaway <spot(a)fedoraproject.org> - 9.60-1
- update to 9.60 (new stable)
--------------------------------------------------------------------------------
================================================================================
perl-JSON-MaybeXS-1.002002-2.fc20 (FEDORA-2014-6319)
Use Cpanel::JSON::XS with a fallback to JSON::XS and JSON::PP
--------------------------------------------------------------------------------
Update Information:
This is the first Fedora/EPEL release of perl-JSON-MaybeXS.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096264 - Review Request: perl-JSON-MaybeXS - Use Cpanel::JSON::XS with a
fallback to JSON::XS and JSON::PP
https://bugzilla.redhat.com/show_bug.cgi?id=1096264
--------------------------------------------------------------------------------
================================================================================
perl-LWP-Protocol-https-6.04-4.fc20 (FEDORA-2014-6303)
Provide HTTPS support for LWP::UserAgent
--------------------------------------------------------------------------------
Update Information:
This release fixes a server certification validation when a certificate authority is
defined by HTTPS_CA_DIR or HTTPS_CA_FILE environement variable.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Petr Pisar <ppisar(a)redhat.com> - 6.04-4
- Fix CVE-2014-3230 (incorrect handling of SSL certificate verification if
HTTPS_CA_DIR or HTTPS_CA_FILE environment variables are set) (bug #1094442)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1094440 - CVE-2014-3230 perl-libwww-perl: incorrect handling of SSL
certificate verification
https://bugzilla.redhat.com/show_bug.cgi?id=1094440
--------------------------------------------------------------------------------
================================================================================
perl-Net-DNS-0.75-1.fc20 (FEDORA-2014-6307)
DNS resolver modules for Perl
--------------------------------------------------------------------------------
Update Information:
A new version of Net::DNS is available for Fedora. Highlights of this release include a
better IPv6 support and iterating through the available nameservers.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Petr Šabata <contyk(a)redhat.com> - 0.75-1
- 0.75 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1095858 - perl-Net-DNS-0.75 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1095858
--------------------------------------------------------------------------------
================================================================================
perl-Parse-DMIDecode-0.03-1.fc20 (FEDORA-2014-6290)
Interface to SMBIOS using dmidecode
--------------------------------------------------------------------------------
Update Information:
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1091144 - Review Request: perl-Parse-DMIDecode - Interface to SMBIOS using
dmidecode
https://bugzilla.redhat.com/show_bug.cgi?id=1091144
--------------------------------------------------------------------------------
================================================================================
pyshp-1.2.1-1.fc20 (FEDORA-2014-6304)
Pure Python read/write support for ESRI Shapefile format
--------------------------------------------------------------------------------
Update Information:
From the changelog:
Fixed bug which failed to properly read some dbf fields in Python 3
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Volker Fröhlich <volker27(a)gmx.at> - 1.2.1-1
- New upstream release
- Properly check on Python 3 builds
* Thu Jan 23 2014 Volker Fröhlich <volker27(a)gmx.at> - 1.2.0-2
- Disable Python 3 builds for EPEL7 until Python 3 is available there
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096738 - pyshp-1.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1096738
--------------------------------------------------------------------------------
================================================================================
python-blist-1.3.6-1.fc20 (FEDORA-2014-6321)
A faster list implementation for Python
--------------------------------------------------------------------------------
Update Information:
- latest upstream release
- Python 3 packages available for supported Fedora releases
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 8 2014 Michel Salim <salimma(a)fedoraproject.org> - 1.3.6-1
- Update to 1.3.6
- Build for Python 3 as well on supported releases
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1076573 - python-blist-1.3.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1076573
--------------------------------------------------------------------------------
================================================================================
python-fn-0.2.13-1.fc20 (FEDORA-2014-6294)
Features to allow functional programming in Python
--------------------------------------------------------------------------------
Update Information:
Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 18 2013 Ricky Elrod <codeblock(a)fedoraproject.org> 0.2.13-1
- Latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1031276 - python-fn-0.2.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1031276
--------------------------------------------------------------------------------
================================================================================
qemu-1.6.2-5.fc20 (FEDORA-2014-6288)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
* Migration CVEs: CVE-2014-0182 etc.
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 11 2014 Cole Robinson <crobinso(a)redhat.com> - 2:1.6.2-5
- Migration CVEs: CVE-2014-0182 etc.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1088986 - CVE-2014-0182 qemu: virtio: out-of-bounds buffer write on state
load with invalid config_len
https://bugzilla.redhat.com/show_bug.cgi?id=1088986
[ 2 ] Bug #1066405 - CVE-2013-4534 qemu: openpic: buffer overrun on incoming migration
https://bugzilla.redhat.com/show_bug.cgi?id=1066405
[ 3 ] Bug #1066404 - CVE-2013-4533 qemu: pxa2xx: buffer overrun on incoming migration
https://bugzilla.redhat.com/show_bug.cgi?id=1066404
[ 4 ] Bug #1066401 - CVE-2013-4535 CVE-2013-4536 qemu: virtio: insufficient validation
of num_sg when mapping
https://bugzilla.redhat.com/show_bug.cgi?id=1066401
[ 5 ] Bug #1066394 - CVE-2013-4537 qemu: ssi-sd: buffer overrun on invalid state load
https://bugzilla.redhat.com/show_bug.cgi?id=1066394
[ 6 ] Bug #1066393 - CVE-2013-4538 qemu: ssd0323: fix buffer overun on invalid state
load
https://bugzilla.redhat.com/show_bug.cgi?id=1066393
[ 7 ] Bug #1066387 - CVE-2013-4539 qemu: tsc210x: buffer overrun on invalid state load
https://bugzilla.redhat.com/show_bug.cgi?id=1066387
[ 8 ] Bug #1066386 - CVE-2013-4540 qemu: zaurus: buffer overrun on invalid state load
https://bugzilla.redhat.com/show_bug.cgi?id=1066386
[ 9 ] Bug #1066384 - CVE-2013-4541 qemu: usb: insufficient sanity checking of
setup_index+setup_len in post_load
https://bugzilla.redhat.com/show_bug.cgi?id=1066384
[ 10 ] Bug #1066382 - CVE-2013-4542 qemu: virtio-scsi: buffer overrun on invalid state
load
https://bugzilla.redhat.com/show_bug.cgi?id=1066382
[ 11 ] Bug #1066361 - CVE-2013-6399 qemu: virtio: buffer overrun on incoming migration
https://bugzilla.redhat.com/show_bug.cgi?id=1066361
[ 12 ] Bug #1066357 - CVE-2013-4531 qemu: target-arm/machine.c: fix buffer overflow on
invalid state load
https://bugzilla.redhat.com/show_bug.cgi?id=1066357
[ 13 ] Bug #1066354 - CVE-2013-4530 qemu: pl022: fix buffer overun on invalid state
load
https://bugzilla.redhat.com/show_bug.cgi?id=1066354
[ 14 ] Bug #1066353 - CVE-2013-4529 qemu: hw/pci/pcie_aer.c: buffer overrun on invalid
state load
https://bugzilla.redhat.com/show_bug.cgi?id=1066353
[ 15 ] Bug #1066347 - CVE-2013-4527 qemu: hpet: buffer overrun on invalid state load
https://bugzilla.redhat.com/show_bug.cgi?id=1066347
[ 16 ] Bug #1066345 - CVE-2013-4526 qemu: ahci: fix buffer overrun on invalid state
load
https://bugzilla.redhat.com/show_bug.cgi?id=1066345
[ 17 ] Bug #1066342 - CVE-2013-4151 qemu: virtio: out-of-bounds buffer write on invalid
state load
https://bugzilla.redhat.com/show_bug.cgi?id=1066342
[ 18 ] Bug #1066340 - CVE-2013-4150 qemu: virtio-net: out-of-bounds buffer write on
invalid state load
https://bugzilla.redhat.com/show_bug.cgi?id=1066340
[ 19 ] Bug #1066337 - CVE-2013-4149 qemu: virtio-net: out-of-bounds buffer write on
load
https://bugzilla.redhat.com/show_bug.cgi?id=1066337
[ 20 ] Bug #1066334 - CVE-2013-4148 qemu: virtio-net: buffer overflow on invalid state
load
https://bugzilla.redhat.com/show_bug.cgi?id=1066334
--------------------------------------------------------------------------------
================================================================================
rpmlint-1.5-9.fc20 (FEDORA-2014-6306)
Tool for checking common errors in RPM packages
--------------------------------------------------------------------------------
Update Information:
Add exclusion for non-readable file in ovirt-iso-uploader.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Tom Callaway <spot(a)fedoraproject.org> - 1.5-9
- update config to ignore non-readable /etc/ovirt-engine/isouploader.conf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1094723 - ovirt-iso-uploader - rpmlint check on non-readable config files
https://bugzilla.redhat.com/show_bug.cgi?id=1094723
--------------------------------------------------------------------------------
================================================================================
skrooge-1.9.0-1.fc20 (FEDORA-2014-6322)
Personal finances manager
--------------------------------------------------------------------------------
Update Information:
New Package Upstream 1.9.0
new upstream release 1.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Siddharth Sharma <siddharth.kde(a)gmail.com> - 1.9.0-1
- New Package Upstream 1.9.0
* Tue Jan 7 2014 siddharth <siddharth.kde(a)gmail.com> - 1.8.0-1
- new upstream release 1.8.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1049101 - Package out of date
https://bugzilla.redhat.com/show_bug.cgi?id=1049101
--------------------------------------------------------------------------------
================================================================================
ssldump-0.9-0.9.b3.fc20 (FEDORA-2014-6296)
An SSLv3/TLS network protocol analyzer
--------------------------------------------------------------------------------
Update Information:
- Added a patch which adds further link layer offsets
- Added patch to include traffic with(out) the 802.1Q VLAN header
- Added patch for TLSv1.1/TLSv1.2 application data decrypt support
- Added a patch to update known cipher suites according to IANA
- Added patch with new cipher suites for application data decoding
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 11 2014 Robert Scheck <robert(a)fedoraproject.org> 0.9-0.9.b3
- Added a patch which adds further link layer offsets
- Added patch to include traffic with(out) the 802.1Q VLAN header
- Added patch for TLSv1.1/TLSv1.2 application data decrypt support
- Added a patch to update known cipher suites according to IANA
- Added patch with new cipher suites for application data decoding
--------------------------------------------------------------------------------
================================================================================
system-config-kdump-2.0.15-1.fc20 (FEDORA-2014-6328)
A graphical interface for configuring kernel crash dumping
--------------------------------------------------------------------------------
Update Information:
This release contains a couple of bugfixes.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Martin Milata <mmilata(a)redhat.com> - 2.0.15-1
- Update to 2.0.15
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1083007 - Allow setting dump path even if no partition is chosen
https://bugzilla.redhat.com/show_bug.cgi?id=1083007
--------------------------------------------------------------------------------
================================================================================
systemtap-2.5-2.fc20 (FEDORA-2014-6297)
Programmable system-wide instrumentation system
--------------------------------------------------------------------------------
Update Information:
Upstream release, notes at
https://sourceware.org/ml/systemtap/2014-q2/msg00103.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 Frank Ch. Eigler <fche(a)redhat.com> - 2.5-2
- Include fix for upstream
http://sourceware.org/PR16894
* Wed Apr 30 2014 Jonathan Lebon <jlebon(a)redhat.com> - 2.5-1
- Upstream release. See wiki page below for detailed notes.
http://sourceware.org/systemtap/wiki/SystemTapReleases
--------------------------------------------------------------------------------
================================================================================
taskcoach-1.3.38-2.fc20 (FEDORA-2014-6326)
Your friendly task manager
--------------------------------------------------------------------------------
Update Information:
Updated to the latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Šimon Lukašík <slukasik(a)redhat.com> - 1.3.38-2
- remove duplicate sources
* Mon May 12 2014 Šimon Lukašík <slukasik(a)redhat.com> - 1.3.38-1
- Updated to the latest upstream version
--------------------------------------------------------------------------------
================================================================================
telepathy-qt4-0.9.3.1-0.1.20140403git0191a6dd.fc20 (FEDORA-2014-6310)
High-level bindings for Telepathy
--------------------------------------------------------------------------------
Update Information:
Pull in latest batch of upstream bugfixes, in particular includes a fix to limit local
avatar cache growth/size.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 29 2014 Rex Dieter <rdieter(a)fedoraproject.org>
0.9.3.1-0.1.20140403git0191a6dd
- 0.9.3.1 snapshot, fixes FTBFS
--------------------------------------------------------------------------------
================================================================================
tito-0.5.4-1.fc20 (FEDORA-2014-6324)
A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:
Support older versions of git-annex.
Fix a getcwd error in releaser.
Fix silently failing commands.
Allow builders to run on untagged projects if --test is specified.
Added scl builder option.
Cleanup builders/releasers when interrupted.
Removed dep on gitpython.
Added rpmbuild output to error message.
Significant improvements, new builders/releasers, removal of dead code and refactoring.
Significant improvements, new builders/releasers, removal of dead code and refactoring.
New support for writing out a templated version file during tagging. New Copr build system
and OBS releasers. Fixed bug with old versions of packages still being left in the yum
repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix
permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies.
Significant improvements, new builders/releasers, removal of dead code and refactoring.
New support for writing out a templated version file during tagging. New Copr build system
and OBS releasers. Fixed bug with old versions of packages still being left in the yum
repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix
permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies.
Significant improvements, new builders/releasers, removal of dead code and refactoring.
New support for writing out a templated version file during tagging. New Copr build system
and OBS releasers. Fixed bug with old versions of packages still being left in the yum
repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix
permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Devan Goodwin <dgoodwin(a)rm-rf.ca> 0.5.4-1
- make version comparison compat with python2 and python3
(jumanjiman(a)gmail.com)
* Mon May 12 2014 Devan Goodwin <dgoodwin(a)rm-rf.ca> 0.5.3-1
- avoid syntax error on el5 (jumanjiman(a)gmail.com)
- Support pre-5.20131213 versions of git-annex for EL6 (dcleal(a)redhat.com)
- Add version comparison utility (dcleal(a)redhat.com)
* Fri May 9 2014 Devan Goodwin <dgoodwin(a)rm-rf.ca> 0.5.2-1
- Fix releaser getcwd error. (dgoodwin(a)redhat.com)
* Fri May 9 2014 Devan Goodwin <dgoodwin(a)rm-rf.ca> 0.5.1-1
- Raise error on failed run_command. (dgoodwin(a)redhat.com)
- Allow builder to run in test mode on untagged project (dcleal(a)redhat.com)
- Add 'scl' builder option for software collection name (dcleal(a)redhat.com)
- added rpmbuild output to an error raised by tito to easier the error's cause
analysis (artur.krysiak.warszawa(a)gmail.com)
- propagate docs to docker public registry (jumanjiman(a)gmail.com)
- spec: remove dependency on GitPython (jumanjiman(a)gmail.com)
- Update tito.8.asciidoc (james.slagle(a)gmail.com)
- Cleanup releasers + builders when interrupted (dcleal(a)redhat.com)
- make run_command_print() compatible with python3 (msuchy(a)redhat.com)
- remove unused import "commands" (msuchy(a)redhat.com)
- Change package-specific config message to debug (dcleal(a)redhat.com)
* Mon Mar 24 2014 Devan Goodwin <dgoodwin(a)rm-rf.ca> 0.5.0-1
- Prep for python3. (jumanjiman(a)gmail.com)
- Print output live for longer running rpmbuild commands. (dgoodwin(a)redhat.com)
- Add GitAnnexBuilder, using git-annex to store blobs (dcleal(a)redhat.com)
- Remove legacy CvsBuilder and CvsReleaser. (dgoodwin(a)redhat.com)
- Stop writing temp file to load tito.props from past tag.
(dgoodwin(a)redhat.com)
- Remove deprecated support for build.py.props config filename.
(dgoodwin(a)redhat.com)
- Remove a very old hack for assuming config from Makefiles.
(dgoodwin(a)redhat.com)
- Refactor config overriding. (dgoodwin(a)redhat.com)
- Move taggers to sub-directory. (dgoodwin(a)redhat.com)
- Move releasers to sub-directory. (dgoodwin(a)redhat.com)
- Improved docs for [version_template] section of tito.props
(chris.a.st.pierre(a)gmail.com)
- allow empty dist tag in functional tests (jumanjiman(a)gmail.com)
- docs: createrepo is needed for functional tests (jumanjiman(a)gmail.com)
- provide config for editorconfig plugins (jumanjiman(a)gmail.com)
- Add more missing documentation to MANIFEST.in. (dgoodwin(a)redhat.com)
- Assume a default fetch strategy. (dgoodwin(a)redhat.com)
- Add markdown docs for FetchBuilder instead of manpage. (dgoodwin(a)redhat.com)
- Fix releasers and respect offline flag. (dgoodwin(a)redhat.com)
- Support release with fetch builder. (dgoodwin(a)redhat.com)
- Add support for passing builder args through a releaser.
(dgoodwin(a)redhat.com)
- MANIFEST.in: include README.mkd and asciidoc files (code(a)alan.grosskurth.ca)
- Rename --builder-arg to just --arg in build command. (dgoodwin(a)redhat.com)
- Fix issue with releaser temp dir. (dgoodwin(a)redhat.com)
- Refactor to just one config object. (dgoodwin(a)redhat.com)
- Make external source builder fetch strategy configurable.
(dgoodwin(a)redhat.com)
- Fix buildroot using ~/rpmbuild/BUILDROOT. (dgoodwin(a)redhat.com)
- Refactor builders to allow separate modules. (dgoodwin(a)redhat.com)
- Restore building of specific tags. (dgoodwin(a)redhat.com)
- Start building with external sources and no tag. (dgoodwin(a)redhat.com)
- Allow possibility of building without a pre-existing tag.
(dgoodwin(a)redhat.com)
- Print koji/brew task ID and URL during release. (dgoodwin(a)redhat.com)
* Thu Nov 14 2013 Devan Goodwin <dgoodwin(a)rm-rf.ca> 0.4.18-1
- Merge the FiledVersionTagger into the base VersionTagger.
(dgoodwin(a)redhat.com)
- add Copr releaser (msuchy(a)redhat.com)
- Fix broken asciidoc. (dgoodwin(a)redhat.com)
- Fix old versions in yum repodata. (dgoodwin(a)redhat.com)
- adding the FiledVersionTagger class that we are using internally
(vbatts(a)redhat.com)
- tito report man page missing options (admiller(a)redhat.com)
- Implement OBS releaser (msuchy(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
trinity-1.4-1.fc20 (FEDORA-2014-6317)
System call fuzz tester
--------------------------------------------------------------------------------
Update Information:
Upstream notes on this release:
- Big changes since 1.3 include some more targeted fuzzing of VM related syscalls, which
judging from the fallout over the last six months, seems to be working quite well.
- Trinity should now also scale up a lot better on bigger machines with lots of cores. It
should pick a reasonable default number of child processes, but you can override with -C
as you could before, but now without any restrictions other than available memory.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Jerry James <loganjerry(a)gmail.com> - 1.4-1
- New upstream version
--------------------------------------------------------------------------------
================================================================================
xmobar-0.20.1-1.fc20 (FEDORA-2014-6327)
A minimalistic text-based status bar
--------------------------------------------------------------------------------
Update Information:
* New features
- Back to picking by default the first available screen, with a new configuration option,
pickBroadest, for choosing the broadest (see issue #158).
- Mouse actions now support multiple buttons, by Marcin Mikołajczyk.
- Non supported monitors are ignored in configuration files (see issue #139), by Adam
Vogt.
* Bug fixes
- Disk monitor now ignores non-existent devices (Reto Hablützel).
- Weather is now non-blocking and doesn't use curl (Ben Boeckel).
- Fix for Memory monitor in 3.14 kernels (Ben Boeckel).
- Fix for infinite loops in AutoMPD (issue #76, issue #111).
- More robust AC readings in BatteryP.
- Fix for Top monitor's readings for processes whose name contains blanks.
- Fixes for geometry computation on multihead (Dmitry Malikov).
- Fixes for missing XDG configuration (Thiago Negri and James McCoy, see issue #133).
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 9 2014 Ben Boeckel <mathstuf(a)gmail.com> - 0.20.1-1
- Update to 0.20.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075010 - xmobar-0.20.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1075010
--------------------------------------------------------------------------------