Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Jun 4 07:57:18 UTC 2014
The following Fedora 19 Security updates need testing:
Age URL
221 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
33 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
28 https://admin.fedoraproject.org/updates/FEDORA-2014-6046/cifs-utils-6.3-2.fc19
25 https://admin.fedoraproject.org/updates/FEDORA-2014-5759/cups-filters-1.0.53-2.fc19
23 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19
21 https://admin.fedoraproject.org/updates/FEDORA-2014-6331/dovecot-2.2.13-1.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6569/openssh-6.2p2-8.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-6594/libtiff-4.0.3-10.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-6597/drupal7-views-3.8-1.fc19
10 https://admin.fedoraproject.org/updates/FEDORA-2014-6645/libgadu-1.12.0-0.5.rc3.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-6717/libpng-1.5.13-3.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-6716/readline-6.2-7.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6818/check-mk-1.2.4p2-2.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6851/mingw-libgcrypt-1.5.3-1.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6831/mingw-libtiff-4.0.3-4.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6858/mingw-icu-50.1.2-3.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6829/mingw-pixman-0.30.0-4.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6859/mingw-libjpeg-turbo-1.3.1-1.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6833/mingw-freetype-2.4.12-3.fc19
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6866/mingw-readline-6.2-4.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6892/mingw-libpng-1.5.18-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6921/mingw-curl-7.37.0-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6896/qt3-3.3.8b-58.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6881/gnutls-3.1.20-5.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6919/libtasn1-3.6-1.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-6938/mod_wsgi-3.5-1.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-6962/mediawiki-1.21.10-1.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-6963/mingw-gnutls-3.1.25-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-7041/kernel-3.14.5-100.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6904/php-doctrine-orm-2.4.2-2.fc19,php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19,php-5.5.13-2.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
169 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
95 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6587/libnl3-3.2.22-3.fc19
13 https://admin.fedoraproject.org/updates/FEDORA-2014-6578/ibus-1.5.7-2.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2014-6613/langtable-0.0.24-2.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-6708/webkitgtk3-2.0.4-3.fc19,webkitgtk-2.0.4-3.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-6716/readline-6.2-7.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2014-6717/libpng-1.5.13-3.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6814/device-mapper-persistent-data-0.3.2-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6898/openldap-2.4.39-3.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6919/libtasn1-3.6-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-6881/gnutls-3.1.20-5.fc19
1 https://admin.fedoraproject.org/updates/FEDORA-2014-6988/curl-7.29.0-20.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-7041/kernel-3.14.5-100.fc19
The following builds have been pushed to Fedora 19 updates-testing
compat-qpid-cpp-0.24-12.fc19
dcraw-9.21-1.fc19
freeradius-2.2.5-2.fc19
gcompris-14.05-1.fc19
ghc-io-streams-1.1.4.5-1.fc19
gnome-chemistry-utils-0.14.8-2.fc19
gnumeric-1.12.16-1.fc19
goffice-0.10.16-1.fc19
gsoap-2.8.12-5.fc19
ibus-table-1.8.0-1.fc19
ibus-table-chinese-1.4.6-3.fc19
ibus-table-others-1.3.0.20140603-1.fc19
jd-2.8.8-1.fc19
kernel-3.14.5-100.fc19
libdxfrw-0.5.11-1.fc19
libmediainfo-0.7.69-1.fc19
librecad-2.0.4-1.fc19
mediainfo-0.7.69-1.fc19
php-5.5.13-2.fc19
php-doctrine-orm-2.4.2-2.fc19
php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19
python-django-evolution-0.7.2-1.fc19
qpid-cpp-0.26-9.fc19
qpid-qmf-0.24-21.fc19
ratools-0.5.2-3.fc19
ugene-1.13.3-1.fc19
wkhtmltopdf-0.12.0-1.fc19
xpdf-3.04-2.fc19
Details about builds:
================================================================================
compat-qpid-cpp-0.24-12.fc19 (FEDORA-2014-7038)
Libraries for Qpid C++ client applications
--------------------------------------------------------------------------------
Update Information:
- fix build on s390(x)
First build for Fedora.
First build for Fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1080583 - Review Request: compat-qpid-cpp - Compatibility modules for Qpid
https://bugzilla.redhat.com/show_bug.cgi?id=1080583
--------------------------------------------------------------------------------
================================================================================
dcraw-9.21-1.fc19 (FEDORA-2014-7065)
Tool for decoding raw image data from digital cameras
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release with these changes:
- Support Lossy DNG files that lack an OpcodeList2 tag.
- Decode DNG files made from Fuji X-Trans photos.
- Support the Canon G1 X Mark II, Nikon P340, Samsing NX mini.
- Patched in Anders Torger's code for Phase One correction.
- Correctly crop all Sony cameras, read Panasonic blacklevels.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 6 2014 Nils Philippsen <nils at redhat.com> - 9.21-1
- report lcms2 errors
* Mon May 5 2014 Nils Philippsen <nils at redhat.com> - 9.21-1
- version 9.21
--------------------------------------------------------------------------------
================================================================================
freeradius-2.2.5-2.fc19 (FEDORA-2014-7015)
High-performance and highly configurable free RADIUS server
--------------------------------------------------------------------------------
Update Information:
- Add explicit dependency on OpenSSL package with fixed CVE-2014-0160 (Heartbleed bug).
- Add confirmation of fixed OpenSSL vulnerabilities to radiusd.conf.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 2 2014 Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> - 2.2.5-2
- Add explicit dependency on OpenSSL package with fixed CVE-2014-0160
(Heartbleed bug).
- Add confirmation of fixed OpenSSL vulnerabilities to radiusd.conf.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1101794 - Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
https://bugzilla.redhat.com/show_bug.cgi?id=1101794
--------------------------------------------------------------------------------
================================================================================
gcompris-14.05-1.fc19 (FEDORA-2014-7029)
Educational suite for kids 2-10 years old
--------------------------------------------------------------------------------
Update Information:
- New upstream release 14.05 (rhbz#1083910)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Hans de Goede <hdegoede at redhat.com> - 14.05-1
- New upstream release 14.05 (rhbz#1083910)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1083910 - gcompris-14.05 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1083910
--------------------------------------------------------------------------------
================================================================================
ghc-io-streams-1.1.4.5-1.fc19 (FEDORA-2014-7067)
Simple, composable, easy-to-use stream I/O
--------------------------------------------------------------------------------
Update Information:
Simple, composable, easy-to-use stream I/O
- http://hackage.haskell.org/package/io-streams
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1060989 - Review Request: ghc-io-streams - Simple, composable, easy-to-use stream I/O
https://bugzilla.redhat.com/show_bug.cgi?id=1060989
--------------------------------------------------------------------------------
================================================================================
gnome-chemistry-utils-0.14.8-2.fc19 (FEDORA-2014-7027)
A set of chemical utilities
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream releases of gnumeric and goffice:
* http://gnumeric.org/announcements/1.12/gnumeric-1.12.16.html
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 28 2014 Julian Sikorski <belegdol at fedoraproject.org> - 0.14.8-2
- Rebuilt for gnumeric-1.12.16
--------------------------------------------------------------------------------
================================================================================
gnumeric-1.12.16-1.fc19 (FEDORA-2014-7027)
Spreadsheet program for GNOME
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream releases of gnumeric and goffice:
* http://gnumeric.org/announcements/1.12/gnumeric-1.12.16.html
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 28 2014 Julian Sikorski <belegdol at fedoraproject.org> - 1:1.12.16-1
- Updated to 1.12.16
- Patched glib2 requirement down to 2.36.0
--------------------------------------------------------------------------------
================================================================================
goffice-0.10.16-1.fc19 (FEDORA-2014-7027)
G Office support libraries
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream releases of gnumeric and goffice:
* http://gnumeric.org/announcements/1.12/gnumeric-1.12.16.html
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 28 2014 Julian Sikorski <belegdol at fedoraproject.org> - 0.10.16-1
- Updated to 0.10.16
- Patched glib2 requirement down to 2.36.0
--------------------------------------------------------------------------------
================================================================================
gsoap-2.8.12-5.fc19 (FEDORA-2014-7026)
Generator Tools for Coding SOAP/XML Web Services in C and C++
--------------------------------------------------------------------------------
Update Information:
Fix for IPv4 only hosts.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 2 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.8.12-5
- Fix for IPv4 only hosts
--------------------------------------------------------------------------------
================================================================================
ibus-table-1.8.0-1.fc19 (FEDORA-2014-7066)
The Table engine for IBus platform
--------------------------------------------------------------------------------
Update Information:
update to 1.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Mike FABIAN <mfabian at redhat.com> - 1.8.0-1
- update to 1.8.0
- adapt tools/ibus-table-query tothe new database format
* Wed May 28 2014 Mike FABIAN <mfabian at redhat.com> - 1.5.0.20140528-1
- update to 1.5.0.20140528
- Use Unicode code point as a last ditch sort key for the candidates
- Fix bug in Unihan_Variants.txt, 同 is both simplified *and* traditional Chinese
- Update Unihan_Variants.txt from “2011-08-08 Unicode 6.1.0” to “2013-02-25 Unicode 6.3.0” and regenerate engine/chinese_variants.py
* Tue May 27 2014 Mike FABIAN <mfabian at redhat.com> - 1.5.0.20140527-1
- update to 1.5.0.20140527
- Put exact matches always at the top of the candidate list
- Fix typo in the filtering for Chinese mode 3 (All characters with traditional Chinese first)
- Support prompt characters (e.g. for cangjie and stroke5)
* Mon May 19 2014 Mike FABIAN <mfabian at redhat.com> - 1.5.0.20140519-1
- update to 1.5.0.20140519
- rewrite major parts of ibus-table, fix many bugs.
--------------------------------------------------------------------------------
================================================================================
ibus-table-chinese-1.4.6-3.fc19 (FEDORA-2014-7020)
Chinese input tables for IBus
--------------------------------------------------------------------------------
Update Information:
bump release number to build against updated ibus-table
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 27 2014 Mike FABIAN <mfabian at redhat.com> - 1.4.6-3
- bump release number to build against updated ibus-table
--------------------------------------------------------------------------------
================================================================================
ibus-table-others-1.3.0.20140603-1.fc19 (FEDORA-2014-7040)
Various tables for IBus-Table
--------------------------------------------------------------------------------
Update Information:
update to latest upstream 1.3.0.20140603; use AUTO_WILDCARD=TRUE for all tables, this option started working in ibus-table > 1.8.0
bump release number to build against updated ibus-table
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Mike FABIAN <mfabian at redhat.com> - 1.3.0.20140603-1
- update to latest upstream 1.3.0.20140603
- use AUTO_WILDCARD=TRUE for all tables, this option started working
in ibus-table > 1.8.0
* Tue May 27 2014 Mike FABIAN <mfabian at redhat.com> - 1.3.0.20140512-2
- bump release number to build against updated ibus-table
--------------------------------------------------------------------------------
================================================================================
jd-2.8.8-1.fc19 (FEDORA-2014-7037)
A 2ch browser
--------------------------------------------------------------------------------
Update Information:
2.8.8 formal release is released.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 2 2014 Mamoru TASAKA <mtasaka at fedoraproject.org> - 2.8.8-1
- 2.8.8
--------------------------------------------------------------------------------
================================================================================
kernel-3.14.5-100.fc19 (FEDORA-2014-7041)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 3.14.5 stable update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 2 2014 Justin M. Forbes <jforbes at fedoraproject.org> - 3.14.5-100
- Linux v3.14.5
* Thu May 29 2014 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2014-3917 DoS with syscall auditing (rhbz 1102571 1102715)
* Tue May 20 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Backport patch to add new elantech touchpad support (rhbz 1051668)
* Wed May 14 2014 Hans de Goede <hdegoede at redhat.com>
- Add synaptics min/max quirk patch for the ThinkPad W540 (rhbz 1096436)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1102571 - CVE-2014-3917 kernel: DoS with syscall auditing
https://bugzilla.redhat.com/show_bug.cgi?id=1102571
--------------------------------------------------------------------------------
================================================================================
libdxfrw-0.5.11-1.fc19 (FEDORA-2014-7042)
Library to read/write DXF files
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 2 2014 Tom Callaway <spot at fedoraproject.org> - 0.5.11-1
- update to 0.5.11
- resync with librecad changes
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1093657 - librecad-2.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1093657
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.69-1.fc19 (FEDORA-2014-7056)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.69
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Vasiliy N. Glazov <vascom2 at gmail.com> 0.7.69-1
- Update to 0.7.69
* Fri May 23 2014 Vasiliy N. Glazov <vascom2 at gmail.com> 0.7.68-2
- Update for tinyxml2 changes
--------------------------------------------------------------------------------
================================================================================
librecad-2.0.4-1.fc19 (FEDORA-2014-7042)
Computer Assisted Design (CAD) Application
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1093657 - librecad-2.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1093657
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.69-1.fc19 (FEDORA-2014-7044)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.69
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Vasiliy N. Glazov <vascom2 at gmail.com> 0.7.69-1
- Update to 0.7.69
--------------------------------------------------------------------------------
================================================================================
php-5.5.13-2.fc19 (FEDORA-2014-6904)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
29 May 2014, PHP 5.5.13
CLI server:
* Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
COM:
* Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
Core:
* Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski)
* Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
* Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob)
* Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
* Fixed bug #67249 (printf out-of-bounds read). (Stas)
* Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
* Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
Curl:
* Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
Date:
* Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
* Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
* Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
DOM:
* Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol)
Fileinfo:
* Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
* Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
* Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237).
FPM:
* Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos)
GD:
* Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
PCRE:
* Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol)
Phar:
* Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)
Backported from 5.4.30:
* Fileinfo: Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
* Core: workaround regression introduce in fix for #67072
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Remi Collet <remi at fedoraproject.org> 5.5.13-2
- fileinfo: fix insufficient boundary check
- workaround regression introduce in fix for 67072 in
serialize/unzerialize functions
* Fri May 30 2014 Remi Collet <rcollet at redhat.com> 5.5.13-1
- Update to 5.5.13
http://www.php.net/releases/5_5_13.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=1098155
[ 2 ] Bug #1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1098193
--------------------------------------------------------------------------------
================================================================================
php-doctrine-orm-2.4.2-2.fc19 (FEDORA-2014-6904)
Doctrine Object-Relational-Mapper (ORM)
--------------------------------------------------------------------------------
Update Information:
29 May 2014, PHP 5.5.13
CLI server:
* Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
COM:
* Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
Core:
* Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski)
* Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
* Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob)
* Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
* Fixed bug #67249 (printf out-of-bounds read). (Stas)
* Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
* Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
Curl:
* Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
Date:
* Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
* Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
* Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
DOM:
* Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol)
Fileinfo:
* Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
* Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
* Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237).
FPM:
* Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos)
GD:
* Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
PCRE:
* Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol)
Phar:
* Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)
Backported from 5.4.30:
* Fileinfo: Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
* Core: workaround regression introduce in fix for #67072
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2014 Remi Collet <remi at fedoraproject.org> 2.4.2-2
- upstream fix for latest PHP (#1103219)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=1098155
[ 2 ] Bug #1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1098193
--------------------------------------------------------------------------------
================================================================================
php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19 (FEDORA-2014-6904)
Mock Object library for PHPUnit
--------------------------------------------------------------------------------
Update Information:
29 May 2014, PHP 5.5.13
CLI server:
* Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
COM:
* Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
Core:
* Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski)
* Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
* Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob)
* Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
* Fixed bug #67249 (printf out-of-bounds read). (Stas)
* Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
* Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
Curl:
* Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
Date:
* Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
* Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
* Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
DOM:
* Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol)
Fileinfo:
* Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
* Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
* Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237).
FPM:
* Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos)
GD:
* Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
PCRE:
* Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol)
Phar:
* Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)
Backported from 5.4.30:
* Fileinfo: Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
* Core: workaround regression introduce in fix for #67072
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2014 Remi Collet <remi at fedoraproject.org> - 1.2.3-4
- upstream fix for latest PHP (#1103223)
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=1098155
[ 2 ] Bug #1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1098193
--------------------------------------------------------------------------------
================================================================================
python-django-evolution-0.7.2-1.fc19 (FEDORA-2014-7047)
Schema evolution for Django
--------------------------------------------------------------------------------
Update Information:
Fixed a crash from no-op column renames on PostgreSQL
Fixed a crash from no-op column renames on MySQL
Note to Review Board users: this will fix an issue when upgrading from 1.5.x to 2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 2 2014 Stephen Gallagher <sgallagh at redhat.com> 0.7.2-1
- New upstream release 0.7.2
- http://downloads.reviewboard.org/releases/django-evolution/0.7/django_evolution-0.7.2.NEWS
- Fixed a crash from no-op column renames on PostgreSQL
--------------------------------------------------------------------------------
================================================================================
qpid-cpp-0.26-9.fc19 (FEDORA-2014-7053)
Libraries for Qpid C++ client applications
--------------------------------------------------------------------------------
Update Information:
Fixed dependency of server-ha on qpid(server).
Fixed a few typos that slipped into the specfile for virtual packages.
Added virtual package qpid(client-devel) to qpid-cpp-client-devel.
Add a virtual package in qpid-cpp-client named qpid(client).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.26-9
- Fixed dependency of server-ha on qpid(server).
* Wed May 28 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.26-8
- Fixed a few typos that slipped into the specfile for virtual packages.
* Tue May 27 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.26-7
- Added virtual packages for all binary subpackages.
- Updated requires to be for virtual packages.
* Fri May 23 2014 Petr Machata <pmachata at redhat.com> - 0.26-6
- Rebuild for boost 1.55.0
* Thu May 22 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.26-5
- Removed the architecture macro from the virtual provides.
* Wed May 21 2014 Darryl L. Pierce <dpierce at redhat.com> - 0.26-4
- Added virtual packages for qpid-cpp-client and -client-devel.y
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1098154 - qpid-cpp-client should provide a virtual package on which other packages can depend
https://bugzilla.redhat.com/show_bug.cgi?id=1098154
--------------------------------------------------------------------------------
================================================================================
qpid-qmf-0.24-21.fc19 (FEDORA-2014-7023)
The QPID Management Framework
--------------------------------------------------------------------------------
Update Information:
Missed the arch reference on one requires.
Changed requirements to be on virtual qpid packages.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1099481 - Packages should require the qpid(client) virtual package to avoid version problems in F19
https://bugzilla.redhat.com/show_bug.cgi?id=1099481
--------------------------------------------------------------------------------
================================================================================
ratools-0.5.2-3.fc19 (FEDORA-2014-7045)
Framework for IPv6 Router Advertisements
--------------------------------------------------------------------------------
Update Information:
Framework for IPv6 Router Advertisements
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1100899 - Review Request: ratools - Framework for IPv6 Router Advertisements
https://bugzilla.redhat.com/show_bug.cgi?id=1100899
--------------------------------------------------------------------------------
================================================================================
ugene-1.13.3-1.fc19 (FEDORA-2014-7031)
Integrated bioinformatics toolkit
--------------------------------------------------------------------------------
Update Information:
The patch release 1.13.3 contains several fixes and improvements of the remote NCBI BLAST feature in UGENE and a fix of an error with several UGENE bundles on Mac OS X.
The details about the issues can be found in our bug tracker https://ugene.unipro.ru/tracker/browse/UGENE-3012?jql=project%20%3D%20UGENE%20AND%20fixVersion%20%3D%20%221.13.3%22%20AND%20resolution%20is%20not%20EMPTY.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Yulia Algaer <yalgaer at unipro.ru> 1.13.3-1
- Upstream version change
--------------------------------------------------------------------------------
================================================================================
wkhtmltopdf-0.12.0-1.fc19 (FEDORA-2014-7014)
Simple shell utility to convert html to pdf
--------------------------------------------------------------------------------
Update Information:
New version 0.12.0 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Mamoru TASAKA <mtasaka at fedoraproject.org> - 0.12.0-1
- 0.12.0
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.11.0-0.2.rc1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xpdf-3.04-2.fc19 (FEDORA-2014-7025)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
Fix embarassing typo in lang config files.
Update xpdf to 3.04. Use motif (instead of lesstif) on Fedora.
Update xpdf to 3.04. Use motif (instead of lesstif) on Fedora.
Update xpdf to 3.04. Use motif (instead of lesstif) on Fedora.
Update xpdf to 3.04. Use motif (instead of lesstif) on Fedora.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2014 Tom Callaway <spot at fedoraproject.org> - 1:3.04-2
- fix "sharexpdf" typo in lang configs
* Thu May 29 2014 Tom Callaway <spot at fedoraproject.org> - 1:3.04-1
- update to 3.04
- update all patches, langpacks
- use motif instead of lesstif where possible
- fix pdftopng to install (not in poppler right now)
--------------------------------------------------------------------------------
More information about the test
mailing list