Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Sep 26 06:30:39 UTC 2013
The following Fedora 19 Security updates need testing:
Age URL
55 https://admin.fedoraproject.org/updates/FEDORA-2013-14029/zabbix-2.0.6-3.fc19
42 https://admin.fedoraproject.org/updates/FEDORA-2013-14814/python-glanceclient-0.9.0-3.fc19
7 https://admin.fedoraproject.org/updates/FEDORA-2013-17121/vino-3.8.1-3.fc19
7 https://admin.fedoraproject.org/updates/FEDORA-2013-17109/spice-gtk-0.20-6.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2013-17373/seamonkey-2.21-1.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2013-17397/xpdf-3.03-8.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2013-17475/glibc-2.17-18.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2013-17449/ReviewBoard-1.7.14-1.fc19,python-djblets-0.7.18-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17618/libvirt-1.0.5.6-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17661/wireshark-1.10.2-6.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17662/rubygems-2.0.10-106.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
28 https://admin.fedoraproject.org/updates/FEDORA-2013-15459/kbd-1.15.5-7.fc19
9 https://admin.fedoraproject.org/updates/FEDORA-2013-16926/langtable-0.0.14-1.fc19
7 https://admin.fedoraproject.org/updates/FEDORA-2013-17035/device-mapper-persistent-data-0.2.7-1.fc19
7 https://admin.fedoraproject.org/updates/FEDORA-2013-16994/langtable-0.0.15-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2013-17357/ibus-1.5.4-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17640/cronie-1.4.10-6.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17650/tigervnc-1.3.0-7.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17669/man-db-2.6.3-7.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17625/NetworkManager-0.9.8.2-9.git20130709.fc19
The following builds have been pushed to Fedora 19 updates-testing
NetworkManager-0.9.8.2-9.git20130709.fc19
cronie-1.4.10-6.fc19
git-cola-1.8.5-1.fc19
glm-0.9.4.6-2.fc19
graphite-web-0.9.12-3.fc19
jetring-0.20-3.fc19
keyrings-filesystem-1-1.fc19
libuv-0.10.17-1.fc19
libvirt-1.0.5.6-2.fc19
man-db-2.6.3-7.fc19
mfiler4-1.2.6-1.fc19
munin-2.0.17-6.fc19
nemo-extensions-1.8.0-0.3.git3e366de.fc19
nfs-utils-1.2.8-6.0.fc19
nodejs-0.10.19-1.fc19
opensips-1.10.0-1.fc19
pspp-0.8.1-1.fc19
python-apsw-3.8.0.r2-1.fc19
python-bucky-0.2.6-3.fc19
python-carbon-0.9.12-2.fc19
python-llfuse-0.39-1.fc19
qemu-1.4.2-10.fc19
qt5-qtbase-5.1.1-5.fc19
rubygems-2.0.10-106.fc19
shotwell-0.14.1-1.fc19.1
tigervnc-1.3.0-7.fc19
virt-manager-0.10.0-2.fc19
virt-manager-0.10.0-3.fc19
vpnc-0.5.3-18.svn457.fc19
wireshark-1.10.2-6.fc19
xyzsh-1.5.1-1.fc19
youtube-dl-2013.09.24.2-1.fc19
yum-langpacks-0.4.1-2.fc19
Details about builds:
================================================================================
NetworkManager-0.9.8.2-9.git20130709.fc19 (FEDORA-2013-17625)
Network connection manager and user applications
--------------------------------------------------------------------------------
Update Information:
Re-enables NetworkManager-dispatcher, which the F18->F19 update accidentally disabled
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Dan Winship <danw at redhat.com> - 0.9.8.2-9.git20130709
- workaround for dispatcher getting disabled on upgrade (#974811)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #974811 - NetworkManager dispatchers dbus services misconfiguration
https://bugzilla.redhat.com/show_bug.cgi?id=974811
--------------------------------------------------------------------------------
================================================================================
cronie-1.4.10-6.fc19 (FEDORA-2013-17640)
Cron daemon for executing programs at set times
--------------------------------------------------------------------------------
Update Information:
Cron jobs sometimes don't run e.g. when environment is using XDG_RUNTIME_DIR.
Cron daemon unit file should use KillMode=process to kill dependent processes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Marcela Mašláňová <mmaslano at redhat.com> - 1.4.10-6
- some jobs are not executed because not all environment variables are set. rhbz#995590
- cronies systemd script use KillMode=process. rhbz#919290
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #919290 - should cronie's systemd script use "KillMode=process"?
https://bugzilla.redhat.com/show_bug.cgi?id=919290
[ 2 ] Bug #995590 - Cron job runs, but doesn't do anything
https://bugzilla.redhat.com/show_bug.cgi?id=995590
--------------------------------------------------------------------------------
================================================================================
git-cola-1.8.5-1.fc19 (FEDORA-2013-17638)
A sleek and powerful git GUI
--------------------------------------------------------------------------------
Update Information:
Let's terminate bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Christopher Meng <rpm at cicku.me> - 1.8.5-1
- Update to 1.8.5(BZ#1011796) with fix for BZ#886826.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1011796 - git-cola-1.8.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1011796
[ 2 ] Bug #886826 - [abrt] git-cola-1.8.0-1.fc18: decorators.py:84:interruptable:OSError: [Errno 2] No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=886826
--------------------------------------------------------------------------------
================================================================================
glm-0.9.4.6-2.fc19 (FEDORA-2013-17664)
C++ mathematics library for graphics programming
--------------------------------------------------------------------------------
Update Information:
This update fixes bugs that were fixed upstream
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Joonas Sarajärvi <muep at iki.fi> - 0.9.4.6-2
- Fix building on ARM
* Tue Sep 24 2013 Joonas Sarajärvi <muep at iki.fi> - 0.9.4.6-1
- Update to upstream GLM version 0.9.4.6
- Bug fixes
* Tue Aug 20 2013 Joonas Sarajärvi <muep at iki.fi> - 0.9.4.5-1
- Update to upstream GLM version 0.9.4.5
- Bug fixes
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sat Jul 6 2013 Joonas Sarajärvi <muep at iki.fi> - 0.9.4.4-1
- Update to upstream GLM version 0.9.4.4
- Bug fixes
--------------------------------------------------------------------------------
================================================================================
graphite-web-0.9.12-3.fc19 (FEDORA-2013-17632)
A Django webapp for enterprise scalable realtime graphing
--------------------------------------------------------------------------------
Update Information:
Tested against ami-05355a6c.
Don't ship js/ext/resources/*.swf (RHBZ#1000253)
Don't ship js/ext/resources/*.swf (RHBZ#1000253)
Don't ship js/ext/resources/*.swf (RHBZ#1000253)
Don't ship js/ext/resources/*.swf (RHBZ#1000253)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.9.12-3
- Reorder Requires conditionals to fix amzn1 issues (RHBZ#1007300)
- Ensure python-whisper is also updated
* Tue Sep 17 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.9.12-2
- Don't ship js/ext/resources/*.swf (RHBZ#1000253)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1007300 - Installation on AWS (CentOS) fails
https://bugzilla.redhat.com/show_bug.cgi?id=1007300
[ 2 ] Bug #1000253 - graphite-web contains bundled Flash files
https://bugzilla.redhat.com/show_bug.cgi?id=1000253
--------------------------------------------------------------------------------
================================================================================
jetring-0.20-3.fc19 (FEDORA-2013-17598)
GPG keyring maintenance using changesets
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1009996 - Review Request: jetring - GPG keyring maintenance using changesets
https://bugzilla.redhat.com/show_bug.cgi?id=1009996
--------------------------------------------------------------------------------
================================================================================
keyrings-filesystem-1-1.fc19 (FEDORA-2013-17600)
Keyrings filesystem layout
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1010857 - Review Request: keyrings-filesystem - Keyrings filesystem layout
https://bugzilla.redhat.com/show_bug.cgi?id=1010857
--------------------------------------------------------------------------------
================================================================================
libuv-0.10.17-1.fc19 (FEDORA-2013-17619)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
2013.09.24, node.js Version 0.10.19 (Stable)
* readline: handle input starting with control chars (Eric Schrock)
* configure: add mips-float-abi (soft, hard) option (Andrei Sedoi)
* stream: objectMode transforms allow falsey values (isaacs)
* tls: prevent duplicate values returned from read (Nathan Rajlich)
* tls: NPN protocols are now local to connections (Fedor Indutny)
2013.09.25, libuv Version 0.10.17 (Stable)
* build: remove GCC_WARN_ABOUT_MISSING_NEWLINE (Ben Noordhuis)
* darwin: fix 10.6 build error in fsevents.c (Ben Noordhuis)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:0.10.17-1
- new upstream release 0.10.17
https://github.com/joyent/libuv/blob/v0.10.17/ChangeLog
--------------------------------------------------------------------------------
================================================================================
libvirt-1.0.5.6-2.fc19 (FEDORA-2013-17618)
Library providing a simple virtualization API
--------------------------------------------------------------------------------
Update Information:
* Fix snapshot restore when VM has disabled usb support (bz #1011520)
* Rebased to version 1.0.5.6
* Fix blockjobinfo python API (bz #999077)
* CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332)
* CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667)
* CVE-2013-4291: Supplementary groups handling (bz #1006509, bz #1006511)
* CVE-2013-5651: virBitmapParse out-of-bounds (bz #1006493)
* Fix virsh change-media with block disk type (bz #951192)
* Fix changing VNC listen address (bz #1006697)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Cole Robinson <crobinso at redhat.com> - 1.0.5.6-2
- Fix snapshot restore when VM has disabled usb support (bz #1011520)
* Fri Sep 20 2013 Cole Robinson <crobinso at redhat.com> - 1.0.5.6-1
- Rebased to version 1.0.5.6
- Fix blockjobinfo python API (bz #999077)
- CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332)
- CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667)
- CVE-2013-4291: Supplementary groups handling (bz #1006509, bz #1006511)
- CVE-2013-5651: virBitmapParse out-of-bounds (bz #1006493)
- Fix virsh change-media with block disk type (bz #951192)
- Fix changing VNC listen address (bz #1006697)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1005332 - CVE-2013-4311 libvirt: insecure calling of polkit
https://bugzilla.redhat.com/show_bug.cgi?id=1005332
[ 2 ] Bug #1006173 - CVE-2013-4296 libvirt: invalid free in remoteDispatchDomainMemoryStats
https://bugzilla.redhat.com/show_bug.cgi?id=1006173
[ 3 ] Bug #1006509 - CVE-2013-4291 libvirt: supplementary groups not adjusted correctly when parsing label
https://bugzilla.redhat.com/show_bug.cgi?id=1006509
[ 4 ] Bug #1006493 - CVE-2013-5651 libvirt: virBitmapParse out-of-bounds read access
https://bugzilla.redhat.com/show_bug.cgi?id=1006493
--------------------------------------------------------------------------------
================================================================================
man-db-2.6.3-7.fc19 (FEDORA-2013-17669)
Tools for searching and reading man pages
--------------------------------------------------------------------------------
Update Information:
This update fixes man crash when running with '-M' option.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Peter Schiffer <pschiffe at redhat.com> - 2.6.3-7
- resolves: #986085
fixed crash when running man with -M option
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #986085 - [abrt] man-db-2.6.3-6.fc19: main: Process /usr/bin/man was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=986085
--------------------------------------------------------------------------------
================================================================================
mfiler4-1.2.6-1.fc19 (FEDORA-2013-17631)
2 pane file manager with a embedded shell
--------------------------------------------------------------------------------
Update Information:
New version 1.2.6 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 1.2.6-1
- 1.2.6
--------------------------------------------------------------------------------
================================================================================
munin-2.0.17-6.fc19 (FEDORA-2013-17596)
Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:
BZ# 989080 Add a missing requirement on crontabs to spec file
BZ# 993985: munin possibly affected by F-20 unversioned docdir change
Move Net::IP plugins to a subpackage for dep handling
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 D. Johnson <fenris02 at fedoraproject.org> - 2.0.17-6
- Move Net::IP plugins to a subpackage for dep handling
* Fri Aug 16 2013 D. Johnson <fenris02 at fedoraproject.org> - 2.0.17-5
- BZ# 993985: munin possibly affected by F-20 unversioned docdir change
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Aug 1 2013 Petr Pisar <ppisar at redhat.com> - 2.0.17-3
- Perl 5.18 rebuild
* Sat Jul 27 2013 Jóhann B. Guðmundsson <johannbg at fedoraproject.org> - 2.0.17-2
- BZ# 989080 Add a missing requirement on crontabs to spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #989080 - Add a missing requirement on crontabs for the cron job to the spec file
https://bugzilla.redhat.com/show_bug.cgi?id=989080
[ 2 ] Bug #993985 - munin possibly affected by F-20 unversioned docdir change
https://bugzilla.redhat.com/show_bug.cgi?id=993985
--------------------------------------------------------------------------------
================================================================================
nemo-extensions-1.8.0-0.3.git3e366de.fc19 (FEDORA-2013-17614)
Extensions for Nemo
--------------------------------------------------------------------------------
Update Information:
new
--------------------------------------------------------------------------------
================================================================================
nfs-utils-1.2.8-6.0.fc19 (FEDORA-2013-17196)
NFS utilities and supporting clients and daemons for the kernel NFS server
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream RC release: nfs-utils-1-2-9-rc6
* Make mountstats Python 3 compatible
* Make nfsiostat Python 3 compatible
* exportfs: test_export shouldn't use invalid uid/gid
* exportfs: Fix the default authentication flavour setting
* gssd: don't use tgtname to find our keytab
* gssd: fix strncmp bug causing client removals
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Steve Dickson <steved at redhat.com> 1.2.8-6.0
- Updated to latest upstream RC release: nfs-utils-1-2-9-rc6
* Wed Sep 18 2013 Steve Dickson <steved at redhat.com> 1.2.8-5.0
- Updated to latest upstream RC release: nfs-utils-1-2-9-rc5
* Thu Aug 22 2013 Steve Dickson <steved at redhat.com> 1.2.8-4.1
- nfs-utils: fix a number of specfile problems
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #985325 - Making nfs-utils Python 3 compatible
https://bugzilla.redhat.com/show_bug.cgi?id=985325
--------------------------------------------------------------------------------
================================================================================
nodejs-0.10.19-1.fc19 (FEDORA-2013-17619)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
2013.09.24, node.js Version 0.10.19 (Stable)
* readline: handle input starting with control chars (Eric Schrock)
* configure: add mips-float-abi (soft, hard) option (Andrei Sedoi)
* stream: objectMode transforms allow falsey values (isaacs)
* tls: prevent duplicate values returned from read (Nathan Rajlich)
* tls: NPN protocols are now local to connections (Fedor Indutny)
2013.09.25, libuv Version 0.10.17 (Stable)
* build: remove GCC_WARN_ABOUT_MISSING_NEWLINE (Ben Noordhuis)
* darwin: fix 10.6 build error in fsevents.c (Ben Noordhuis)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 0.10.19-1
- new upstream release 0.10.19
http://blog.nodejs.org/2013/09/24/node-v0-10-19-stable/
--------------------------------------------------------------------------------
================================================================================
opensips-1.10.0-1.fc19 (FEDORA-2013-17607)
Open Source SIP Server
--------------------------------------------------------------------------------
Update Information:
- Ver. 1.10.0
- Drop support for Fedora 17 and earlier (still maintain support for EL5)
- New external module - rest_client
- New external module - xmlrpc_ng (contains mi_xmlrpc_ng)
- New internal module - db_cachedb
- New internal module - mathops
- Disabled new external module - sngtc (requires a proprietary library)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Peter Lemenkov <lemenkov at gmail.com> - 1.10.0-1
- Ver. 1.10.0
- Drop support for Fedora 17 and earlier (still maintain support for EL5)
- New external module - rest_client
- New external module - xmlrpc_ng (contains mi_xmlrpc_ng)
- New internal module - db_cachedb
- New internal module - mathops
- Disabled new external module - sngtc (requires a proprietary library)
* Fri Sep 6 2013 Peter Lemenkov <lemenkov at gmail.com> - 1.9.1-2
- Proper directory for storing tmpfile
--------------------------------------------------------------------------------
================================================================================
pspp-0.8.1-1.fc19 (FEDORA-2013-17594)
A program for statistical analysis of sampled data
--------------------------------------------------------------------------------
Update Information:
* Ver. 0.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Peter Lemenkov <lemenkov at gmail.com> - 0.8.1-1
- Ver. 0.8.1
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1011394 - pspp-0.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1011394
--------------------------------------------------------------------------------
================================================================================
python-apsw-3.8.0.r2-1.fc19 (FEDORA-2013-17655)
Another Python SQLite Wrapper
--------------------------------------------------------------------------------
Update Information:
update to 3.8.0.r2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Marcel Wysocki <maci at satgnu.net> - 3.8.0.r2-1
- update to 3.8.0-r2
--------------------------------------------------------------------------------
================================================================================
python-bucky-0.2.6-3.fc19 (FEDORA-2013-17660)
CollectD and StatsD adapter for Graphite
--------------------------------------------------------------------------------
Update Information:
Update requires (RHBZ#953834), adding python-setuptools
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.2.6-3
- Update requires (RHBZ#953834), adding python-setuptools
* Thu Sep 19 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.2.6-2
- Update requires (RHBZ#953834)
* Tue Sep 17 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.2.6-1
- Update to 0.2.6
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #953834 - missing dependencies python-setuptools collectd
https://bugzilla.redhat.com/show_bug.cgi?id=953834
--------------------------------------------------------------------------------
================================================================================
python-carbon-0.9.12-2.fc19 (FEDORA-2013-17653)
Back-end data caching and persistence daemon for Graphite
--------------------------------------------------------------------------------
Update Information:
Add strict python-whisper Requires (RHBZ#1010432), Don't cleanup user and user data on package remove (RHBZ#1010430)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.9.12-2
- Add strict python-whisper Requires (RHBZ#1010432)
- Don't cleanup user and user data on package remove (RHBZ#1010430)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1010432 - python-carbon-0.9.12 should require python-whisper >= 0.9.12
https://bugzilla.redhat.com/show_bug.cgi?id=1010432
[ 2 ] Bug #1010430 - python-carbon deletes user-created data on uninstall; shouldn't per packaging guidelines
https://bugzilla.redhat.com/show_bug.cgi?id=1010430
--------------------------------------------------------------------------------
================================================================================
python-llfuse-0.39-1.fc19 (FEDORA-2013-17593)
Python Bindings for the low-level FUSE API
--------------------------------------------------------------------------------
Update Information:
update to version 0.39
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 maci <maci at satgnu.net> - 0.39-1
- update to 0.39
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.38-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
qemu-1.4.2-10.fc19 (FEDORA-2013-17591)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
* Require newer ceph-libs to fix symbol error (bz #995883)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Cole Robinson <crobinso at redhat.com> - 2:1.4.2-10
- Require newer ceph-libs to fix symbol error (bz #995883)
--------------------------------------------------------------------------------
================================================================================
qt5-qtbase-5.1.1-5.fc19 (FEDORA-2013-17615)
Qt5 - QtBase components
--------------------------------------------------------------------------------
Update Information:
fix big endian builds
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2013 Dan Horák <dan[at]danny.cz> - 5.1.1-5
- fix big endian builds
* Wed Sep 11 2013 Rex Dieter <rdieter at fedoraproject.org> 5.1.1-4
- macros.qt5: use newer location, use unexpanded macros
* Sat Sep 7 2013 Rex Dieter <rdieter at fedoraproject.org> 5.1.1-3
- ExcludeArch: ppc64 ppc (#1005482)
* Fri Sep 6 2013 Rex Dieter <rdieter at fedoraproject.org> 5.1.1-2
- BR: pkgconfig(libudev) pkgconfig(xkbcommon) pkgconfig(xcb-xkb)
--------------------------------------------------------------------------------
================================================================================
rubygems-2.0.10-106.fc19 (FEDORA-2013-17662)
The Ruby standard for packaging ruby libraries
--------------------------------------------------------------------------------
Update Information:
Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as CVE-2013-4363.
A packaging bug was found that a directory was not properly owned.
This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 2.0.10-106
- Update to 2.0.10 (fix for CVE-2013-4363 included)
* Mon Sep 23 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 2.0.9-105
- Update to 2.0.9
- Fix %gem_dir/doc ownership (bug 1008866)
- Patch for CVE-2013-4363
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1008866 - /usr/share/gems/doc ownership
https://bugzilla.redhat.com/show_bug.cgi?id=1008866
--------------------------------------------------------------------------------
================================================================================
shotwell-0.14.1-1.fc19.1 (FEDORA-2013-17613)
A photo organizer for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
Add patch fixing the video-thumbnailer (rhbz#986574).
Thanks to David Woodhouse.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Thomas Moschny <thomas.moschny at gmx.de> - 0.14.1-1.1
- Add patch fixing the video-thumbnailer (rhbz#986574),
thanks to David Woodhouse.
- Fix bogus dates in the %changelog.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #986574 - shotwell-video-thumbnailer requests invalid output format; Imported video files have no thumbnail
https://bugzilla.redhat.com/show_bug.cgi?id=986574
--------------------------------------------------------------------------------
================================================================================
tigervnc-1.3.0-7.fc19 (FEDORA-2013-17650)
A TigerVNC remote display system
--------------------------------------------------------------------------------
Update Information:
This update removes an incorrect patch that caused a modifier key state tracking bug, and also fixes some documentation issues.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Tim Waugh <twaugh at redhat.com> 1.3.0-7
- Removed incorrect patch (for unexpected key_is_down). Fixes stuck
keys bug (bug #989502).
* Thu Sep 19 2013 Tim Waugh <twaugh at redhat.com> 1.3.0-6
- Fixed typo in 10-libvnc.conf (bug #1009111).
* Wed Sep 18 2013 Tim Waugh <twaugh at redhat.com> 1.3.0-5
- Better fix for PIDFile problem (bug #983232).
* Mon Aug 5 2013 Tim Waugh <twaugh at redhat.com> 1.3.0-4
- Fixed doc-related build failure (bug #992790).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #980870 - Man pages and --help output out of sync
https://bugzilla.redhat.com/show_bug.cgi?id=980870
[ 2 ] Bug #989502 - tigervnc 1.3.0-3 sort of freezes when typing a "/" slash key
https://bugzilla.redhat.com/show_bug.cgi?id=989502
[ 3 ] Bug #1009111 - Error in config file
https://bugzilla.redhat.com/show_bug.cgi?id=1009111
--------------------------------------------------------------------------------
================================================================================
virt-manager-0.10.0-2.fc19 (FEDORA-2013-17656)
Virtual Machine Manager
--------------------------------------------------------------------------------
Update Information:
* Fix parsing rawhide .treeinfo (bz #989162)
* Fix spice with TLS (bz #904295)
* Reduce impact of memory leak (bz #972371)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Cole Robinson <crobinso at redhat.com> - 0.10.0-2
- Fix parsing rawhide .treeinfo (bz #989162)
- Fix spice with TLS (bz #904295)
- Reduce impact of memory leak (bz #972371)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #989162 - virt-install fails when pointed at rawhide tree (invalid literal for int() with base 10: 'rawhide')
https://bugzilla.redhat.com/show_bug.cgi?id=989162
[ 2 ] Bug #904295 - virt-manager console doesn't connect to SPICE with TLS
https://bugzilla.redhat.com/show_bug.cgi?id=904295
[ 3 ] Bug #972371 - f19 virt-manager consistently leaks memory ( > 1GB in 12 hours)
https://bugzilla.redhat.com/show_bug.cgi?id=972371
--------------------------------------------------------------------------------
================================================================================
virt-manager-0.10.0-3.fc19 (FEDORA-2013-17599)
Virtual Machine Manager
--------------------------------------------------------------------------------
Update Information:
* Make cache=default when adding new disk to existing VM (bz #976925)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Cole Robinson <crobinso at redhat.com> - 0.10.0-3
- Make cache=default when adding new disk to existing VM (bz #976925)
* Tue Sep 24 2013 Cole Robinson <crobinso at redhat.com> - 0.10.0-2
- Fix parsing rawhide .treeinfo (bz #989162)
- Fix spice with TLS (bz #904295)
- Reduce impact of memory leak (bz #972371)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #976925 - Guest cannot boot if an IDE CDROM device has cache mode set to 'none'
https://bugzilla.redhat.com/show_bug.cgi?id=976925
--------------------------------------------------------------------------------
================================================================================
vpnc-0.5.3-18.svn457.fc19 (FEDORA-2013-17610)
IPSec VPN client compatible with Cisco equipment
--------------------------------------------------------------------------------
Update Information:
Added support for unbound
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2013 Paul Wouters <pwouters at redhat.com> - 0.5.3-18.svn457
- Add support for dynamically reconfiguring unbound DNS (rhbz#865092)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #865092 - Patch: Add support for unbound to vpnc-script
https://bugzilla.redhat.com/show_bug.cgi?id=865092
--------------------------------------------------------------------------------
================================================================================
wireshark-1.10.2-6.fc19 (FEDORA-2013-17661)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
dumpcap now stores temporary capture files in /var/tmp
* Convert automake/pkgconfig files into patches (better upstream integration)
* Restored category in the *.desktop file
* Install another one necessary header file - frame_data_sequence.h
* Add basic OpenFlow dissector
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Enhance desktop integration (*.desktop and MIME-related files)
* Add basic OpenFlow dissector
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Enhance desktop integration (*.desktop and MIME-related files)
* Add basic OpenFlow dissector
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Ver. 1.10.2
* Various security fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 17 2013 Peter Hatina <phatina at redhat.com> - 1.10.2-6
- move default temporary directory to /var/tmp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #990155 - CVE-2013-4920 wireshark: DoS (application crash) in the P1 dissector (wnpa-sec-2013-42)
https://bugzilla.redhat.com/show_bug.cgi?id=990155
[ 2 ] Bug #990156 - CVE-2013-4921 wireshark: Off-by-one (application crash) in the Radiotap dissector (wnpa-sec-2013-43)
https://bugzilla.redhat.com/show_bug.cgi?id=990156
[ 3 ] Bug #990157 - CVE-2013-4922 wireshark: Double-free in the DCOM ISystemActivator dissector (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990157
[ 4 ] Bug #990160 - CVE-2013-4923 wireshark: Memory leak (DoS, memory consumption) in the DCOM ISystemActivator dissector (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990160
[ 5 ] Bug #990163 - CVE-2013-4924 wireshark: Assertion failure in the DCOM ISystemActivator dissector (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990163
[ 6 ] Bug #990164 - CVE-2013-4925 wireshark: Integer signedness error in the DCOM ISystemActivator dissector (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990164
[ 7 ] Bug #990165 - CVE-2013-4926 wireshark: DoS in the DCOM ISystemActivator dissector due improper remaining data to process presence check (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990165
[ 8 ] Bug #990166 - CVE-2013-4927 wireshark: Integer signedness error in the Bluetooth SDP dissector (wnpa-sec-2013-45)
https://bugzilla.redhat.com/show_bug.cgi?id=990166
[ 9 ] Bug #972679 - CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32)
https://bugzilla.redhat.com/show_bug.cgi?id=972679
[ 10 ] Bug #972680 - CVE-2013-4075 wireshark: DoS (crash) in the GMR-1 BCCH dissector (wnpa-sec-2013-33)
https://bugzilla.redhat.com/show_bug.cgi?id=972680
[ 11 ] Bug #972681 - CVE-2013-4076 wireshark: Invalid free in the PPP dissector (wnpa-sec-2013-34)
https://bugzilla.redhat.com/show_bug.cgi?id=972681
[ 12 ] Bug #972682 - CVE-2013-4077 wireshark: Array index error in the NBAP dissector (wnpa-sec-2013-35)
https://bugzilla.redhat.com/show_bug.cgi?id=972682
[ 13 ] Bug #972683 - CVE-2013-4078 wireshark: DoS (infinite loop) in the RDP dissector (wnpa-sec-2013-36)
https://bugzilla.redhat.com/show_bug.cgi?id=972683
[ 14 ] Bug #972684 - CVE-2013-4079 wireshark: DoS (infinite loop, application hang) in the GSM CBCH dissector (wnpa-sec-2013-37)
https://bugzilla.redhat.com/show_bug.cgi?id=972684
[ 15 ] Bug #972685 - CVE-2013-4080 wireshark: DoS (infinite loop, CPU & memory consumption) in the Assa Abloy R3 dissector (wnpa-sec-2013-38)
https://bugzilla.redhat.com/show_bug.cgi?id=972685
[ 16 ] Bug #972686 - CVE-2013-4081 wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39)
https://bugzilla.redhat.com/show_bug.cgi?id=972686
[ 17 ] Bug #972687 - CVE-2013-4082 wireshark: Heap-based buffer overflow in the Ixia IxVeriWave file parser (wnpa-sec-2013-40)
https://bugzilla.redhat.com/show_bug.cgi?id=972687
[ 18 ] Bug #972688 - CVE-2013-4083 wireshark: Invalid free in the DCP ETSI dissector (wnpa-sec-2013-41)
https://bugzilla.redhat.com/show_bug.cgi?id=972688
[ 19 ] Bug #990167 - CVE-2013-4928 wireshark: Integer signedness error in the Bluetooth OBEX dissector (wnpa-sec-2013-46)
https://bugzilla.redhat.com/show_bug.cgi?id=990167
[ 20 ] Bug #990168 - CVE-2013-4929 wireshark: DoS (infinite loop) in the DIS dissector (wnpa-sec-2013-47)
https://bugzilla.redhat.com/show_bug.cgi?id=990168
[ 21 ] Bug #990169 - CVE-2013-4930 wireshark: Assertion failure in the DVB-CI dissector (wnpa-sec-2013-48)
https://bugzilla.redhat.com/show_bug.cgi?id=990169
[ 22 ] Bug #990170 - CVE-2013-4931 wireshark: DoS (infinite loop) in the GSM RR dissector (wnpa-sec-2013-49)
https://bugzilla.redhat.com/show_bug.cgi?id=990170
[ 23 ] Bug #990172 - CVE-2013-4932 wireshark: Multiple array index errors in the GSM A Common dissector (wnpa-sec-2013-50)
https://bugzilla.redhat.com/show_bug.cgi?id=990172
[ 24 ] Bug #990175 - CVE-2013-4933 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51)
https://bugzilla.redhat.com/show_bug.cgi?id=990175
[ 25 ] Bug #990178 - CVE-2013-4934 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) (A different flaw than CVE-2013-4933)
https://bugzilla.redhat.com/show_bug.cgi?id=990178
[ 26 ] Bug #990179 - CVE-2013-4935 wireshark: DoS (application crash) in the ASN.1 PER dissector (wnpa-sec-2013-52)
https://bugzilla.redhat.com/show_bug.cgi?id=990179
[ 27 ] Bug #965111 - wireshark: DoS (infinite loop) in the MySQL dissector (wnpa-sec-2013-30, upstream #8458)
https://bugzilla.redhat.com/show_bug.cgi?id=965111
[ 28 ] Bug #965190 - CVE-2013-3559 wireshark: DoS (crash) in the DCP ETSI dissector (wnpa-sec-2013-27, upstream #8231, #8540, #8541)
https://bugzilla.redhat.com/show_bug.cgi?id=965190
[ 29 ] Bug #965192 - CVE-2013-3558 wireshark: DoS (crash) in the PPP CCP dissector (wnpa-sec-2013-26, upstream #8638)
https://bugzilla.redhat.com/show_bug.cgi?id=965192
[ 30 ] Bug #965193 - CVE-2013-3557 wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599)
https://bugzilla.redhat.com/show_bug.cgi?id=965193
[ 31 ] Bug #965194 - CVE-2013-3555 wireshark: DoS (crash) in the GTPv2 dissector (wnpa-sec-2013-24, upstream #8493)
https://bugzilla.redhat.com/show_bug.cgi?id=965194
[ 32 ] Bug #965195 - wireshark: DoS (excessive CPU consumption) in the RELOAD dissector (wnpa-sec-2013-23, upstream #8362, #8546)
https://bugzilla.redhat.com/show_bug.cgi?id=965195
[ 33 ] Bug #965110 - wireshark: DoS (large loop) in the ETCH dissector (wnpa-sec-2013-31, upstream #8464)
https://bugzilla.redhat.com/show_bug.cgi?id=965110
[ 34 ] Bug #965112 - CVE-2013-3562 wireshark: DoS (stack overflow, crash) in the Websocket dissector (wnpa-sec-2013-29, upstream #8448, #8499)
https://bugzilla.redhat.com/show_bug.cgi?id=965112
[ 35 ] Bug #965186 - CVE-2013-3560 wireshark: DoS (crash) in the MPEG DSM-CC dissector (wnpa-sec-2013-28, upstream #8481)
https://bugzilla.redhat.com/show_bug.cgi?id=965186
--------------------------------------------------------------------------------
================================================================================
xyzsh-1.5.1-1.fc19 (FEDORA-2013-17623)
Interactive shell and text processing tool
--------------------------------------------------------------------------------
Update Information:
New version 1.5.1 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 1.5.1-1
- 1.5.1
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2013.09.24.2-1.fc19 (FEDORA-2013-17663)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
New version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Christopher Meng <rpm at cicku.me> - 2013.09.24.2-1
- Update to new release(BZ#1011845).
* Sat Sep 21 2013 Christopher Meng <rpm at cicku.me> - 2013.09.20.1-1
- Update to new release(BZ#1009593).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1011845 - youtube-dl-2013.09.24.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1011845
--------------------------------------------------------------------------------
================================================================================
yum-langpacks-0.4.1-2.fc19 (FEDORA-2013-17633)
Langpacks plugin for yum
--------------------------------------------------------------------------------
Update Information:
Fix issue of yum-langpacks commands that slows down yum runs
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Parag Nemade <pnemade AT redhat DOT com> - 0.4.1-2
- Fix issue of yum-langpacks commands that slows down yum runs (rh#1011670)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1011670 - [PATCH] yum-langpackages slows down yum runs a lot, due to langtable and loading groups.
https://bugzilla.redhat.com/show_bug.cgi?id=1011670
--------------------------------------------------------------------------------
More information about the test
mailing list