Fedora 19 updates-testing report

Wed Mar 12 12:34:45 UTC 2014

The following Fedora 19 Security updates need testing:
 Age  URL
 137  https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
  74  https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19
  56  https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19
  28  https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc19
  26  https://admin.fedoraproject.org/updates/FEDORA-2014-2445/augeas-1.2.0-1.fc19
  26  https://admin.fedoraproject.org/updates/FEDORA-2014-2439/maradns-2.0.09-1.fc19
  20  https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2.fc19
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-2825/postgresql-9.2.7-1.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-3420/ReviewBoard-1.7.22-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-3485/libssh-0.6.3-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-3453/catfish-0.4.0.2-4.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-3493/mingw-gnutls-3.1.22-1.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-3573/rubygem-rbovirt-0.0.18-4.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-3567/subversion-1.7.16-1.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-3537/php-5.5.10-1.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-3589/file-5.11-13.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-3696/wireshark-1.10.6-1.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-3714/udisks2-2.1.2-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-3771/cups-filters-1.0.41-5.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-3782/jansson-2.6-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-3779/asterisk-11.8.1-1.fc19

The following Fedora 19 Critical Path updates have yet to be approved:
 Age URL
  85  https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-3134/krb5-1.11.3-21.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-3243/cryptsetup-1.6.4-1.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-3179/kde-workspace-4.11.7-1.fc19
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-3367/nss-util-3.15.5-1.fc19,nss-softokn-3.15.5-2.fc19,nss-3.15.5-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-3450/bind-9.9.3-15.P2.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-3605/abrt-2.2.0-1.fc19,libreport-2.2.0-1.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-3589/file-5.11-13.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-3619/ibus-1.5.6-1.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-3651/kernel-3.13.6-100.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-3340/gdisk-0.8.10-2.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-3714/udisks2-2.1.2-2.fc19

The following builds have been pushed to Fedora 19 updates-testing

    ansible-1.5.2-2.fc19
    asterisk-11.8.1-1.fc19
    cups-filters-1.0.41-5.fc19
    docker-io-0.9.0-2.fc19
    ibus-table-1.5.0.20140311-1.fc19
    iperf3-3.0.2-1.fc19
    jansson-2.6-1.fc19
    libreoffice-4.1.5.3-6.fc19
    meld-1.8.4-1.fc19
    nodejs-cssom-0.3.0-1.fc19
    openscad-2014.03-1.fc19
    openscad-MCAD-0.0-6.20140307git85794e4.fc19
    python-espeak-0.5-6.fc19
    python-lxml-3.3.3-1.fc19
    python-pycadf-0.4.1-2.fc19
    snappy-player-0.3.7-3.20131221git4fc7f4bd.fc19
    sugar-read-113-1.fc19

Details about builds:

================================================================================
 ansible-1.5.2-2.fc19 (FEDORA-2014-3768)
 SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:

Update to redone 1.5.2 release, adds a fix for the apt module.
Update to 1.5.2. Minor module and docs fixes.
Update to 1.5.1 with several security fixes. See: https://github.com/ansible/ansible/blob/devel/CHANGELOG.md for detailed changes.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 11 2014 Kevin Fenzi <kevin at scrye.com> 1.5.2-2
- Update to redone 1.5.2 release
* Tue Mar 11 2014 Kevin Fenzi <kevin at scrye.com> 1.5.2-1
- Update to 1.5.2
* Mon Mar 10 2014 Kevin Fenzi <kevin at scrye.com> 1.5.1-1
- Update to 1.5.1
--------------------------------------------------------------------------------

================================================================================
 asterisk-11.8.1-1.fc19 (FEDORA-2014-3779)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security
releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1,
and 12.1.1.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolve the following issues:

* AST-2014-001: Stack overflow in HTTP processing of Cookie headers.

  Sending a HTTP request that is handled by Asterisk with a large number of
  Cookie headers could overflow the stack.

  Another vulnerability along similar lines is any HTTP request with a
  ridiculous number of headers in the request could exhaust system memory.

* AST-2014-002: chan_sip: Exit early on bad session timers request

  This change allows chan_sip to avoid creation of the channel and
  consumption of associated file descriptors altogether if the inbound
  request is going to be rejected anyway.

Additionally, the release of 12.1.1 resolves the following issue:

* AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a
  request will have an endpoint.

  This change removes the assumption that an outgoing request will always
  have an endpoint and makes the authenticate_qualify option work once again.

Finally, a security advisory, AST-2014-004, was released for a vulnerability
fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to
12.1.1 to resolve both vulnerabilities.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-003.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-004.pdf
The Asterisk Development Team has announced the release of Asterisk 11.8.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.8.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-22544 - Italian prompt vm-options has advertisement in
      it (Reported by Rusty Newton)
 * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
      Asterisk to Chrome (Reported by Shaun Clark)
 * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
      DTMF menus in ConfBridge (processed as directive) (Reported by
      Nicolas Tanski)
 * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
      every register message (Reported by Pawel Pierscionek)
 * ASTERISK-20862 - Asterisk min and max member penalties not
      honored when set with 0 (Reported by Schmooze Com)
 * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
      read (Reported by Michael Walton)
 * ASTERISK-22788 - [patch] main/translate.c: access to variable f
      after free in ast_translate() (Reported by Corey Farrell)
 * ASTERISK-21242 - Segfault when T.38 re-invite retransmission
      receives 200 OK (Reported by Ashley Winters)
 * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
      16 bit multipart SMS with app_sms (Reported by Jan Juergens)
 * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
      from being executed from external interfaces (Reported by Matt
      Jordan)
 * ASTERISK-23021 - Typos in code : "avaliable" instead of
      "available" (Reported by Jeremy Lainé)
 * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
      by Gareth Palmer)
 * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
      Melekhov)
 * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
      sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
      "WIMPy" Harzenetter)
 * ASTERISK-22942 - [patch] - Asterisk crashed after
      Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
 * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
      instead of seconds (Reported by Robert Mordec)
 * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
      core_event_dispatcher taskprocessor thread (Reported by Etienne
      Lessard)
 * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
      memory when <replace-char> is empty (Reported by Gareth Palmer)
 * ASTERISK-22871 - cel_pgsql module not loading after "reload" or
      "reload cel_pgsql.so" command (Reported by Matteo)
 * ASTERISK-23084 - [patch]rasterisk needlessly prints the
      AST-2013-007 warning (Reported by Tzafrir Cohen)
 * ASTERISK-17138 - [patch] Asterisk not re-registering after it
      receives "Forbidden - wrong password on authentication"
      (Reported by Rudi)
 * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
      lua 5.2 (Reported by George Joseph)
 * ASTERISK-22834 - Parking by blind transfer when lot full orphans
      channels (Reported by rsw686)
 * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
      SIP transfer to parking space (Reported by Tommy Thompson)
 * ASTERISK-22946 - Local From tag regression with sipgate.de
      (Reported by Stephan Eisvogel)
 * ASTERISK-23010 - No BYE message sent when sip INVITE is received
      (Reported by Ryan Tilton)
 * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
      - probably introduced in 11.7.0 (Reported by OK)

Improvements made in this release:
-----------------------------------
 * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
      When Running "sip show peers" (Reported by Michael L. Young)
 * ASTERISK-22659 - Make a new core and extra sounds release
      (Reported by Rusty Newton)
 * ASTERISK-22919 - core show channeltypes slicing  (Reported by
      outtolunc)
 * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
      output (Reported by outtolunc)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0
The Asterisk Development Team has announced the release of Asterisk 11.8.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.8.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-22544 - Italian prompt vm-options has advertisement in
      it (Reported by Rusty Newton)
 * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
      Asterisk to Chrome (Reported by Shaun Clark)
 * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
      DTMF menus in ConfBridge (processed as directive) (Reported by
      Nicolas Tanski)
 * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
      every register message (Reported by Pawel Pierscionek)
 * ASTERISK-20862 - Asterisk min and max member penalties not
      honored when set with 0 (Reported by Schmooze Com)
 * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
      read (Reported by Michael Walton)
 * ASTERISK-22788 - [patch] main/translate.c: access to variable f
      after free in ast_translate() (Reported by Corey Farrell)
 * ASTERISK-21242 - Segfault when T.38 re-invite retransmission
      receives 200 OK (Reported by Ashley Winters)
 * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
      16 bit multipart SMS with app_sms (Reported by Jan Juergens)
 * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
      from being executed from external interfaces (Reported by Matt
      Jordan)
 * ASTERISK-23021 - Typos in code : "avaliable" instead of
      "available" (Reported by Jeremy Lainé)
 * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
      by Gareth Palmer)
 * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
      Melekhov)
 * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
      sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
      "WIMPy" Harzenetter)
 * ASTERISK-22942 - [patch] - Asterisk crashed after
      Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
 * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
      instead of seconds (Reported by Robert Mordec)
 * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
      core_event_dispatcher taskprocessor thread (Reported by Etienne
      Lessard)
 * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
      memory when <replace-char> is empty (Reported by Gareth Palmer)
 * ASTERISK-22871 - cel_pgsql module not loading after "reload" or
      "reload cel_pgsql.so" command (Reported by Matteo)
 * ASTERISK-23084 - [patch]rasterisk needlessly prints the
      AST-2013-007 warning (Reported by Tzafrir Cohen)
 * ASTERISK-17138 - [patch] Asterisk not re-registering after it
      receives "Forbidden - wrong password on authentication"
      (Reported by Rudi)
 * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
      lua 5.2 (Reported by George Joseph)
 * ASTERISK-22834 - Parking by blind transfer when lot full orphans
      channels (Reported by rsw686)
 * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
      SIP transfer to parking space (Reported by Tommy Thompson)
 * ASTERISK-22946 - Local From tag regression with sipgate.de
      (Reported by Stephan Eisvogel)
 * ASTERISK-23010 - No BYE message sent when sip INVITE is received
      (Reported by Ryan Tilton)
 * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
      - probably introduced in 11.7.0 (Reported by OK)

Improvements made in this release:
-----------------------------------
 * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
      When Running "sip show peers" (Reported by Michael L. Young)
 * ASTERISK-22659 - Make a new core and extra sounds release
      (Reported by Rusty Newton)
 * ASTERISK-22919 - core show channeltypes slicing  (Reported by
      outtolunc)
 * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
      output (Reported by outtolunc)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 11 2014 Jeffrey Ollie <jeff at ocjtech.us> - 11.8.1-1:
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security
- releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1,
- and 12.1.1.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of these versions resolve the following issues:
-
- * AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
-
-   Sending a HTTP request that is handled by Asterisk with a large number of
-   Cookie headers could overflow the stack.
-
-   Another vulnerability along similar lines is any HTTP request with a
-   ridiculous number of headers in the request could exhaust system memory.
-
- * AST-2014-002: chan_sip: Exit early on bad session timers request
-
-   This change allows chan_sip to avoid creation of the channel and
-   consumption of associated file descriptors altogether if the inbound
-   request is going to be rejected anyway.
-
- Additionally, the release of 12.1.1 resolves the following issue:
-
- * AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a
-   request will have an endpoint.
-
-   This change removes the assumption that an outgoing request will always
-   have an endpoint and makes the authenticate_qualify option work once again.
-
- Finally, a security advisory, AST-2014-004, was released for a vulnerability
- fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to
- 12.1.1 to resolve both vulnerabilities.
-
- These issues and their resolutions are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004,
- which were released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1
- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1
-
- The security advisories are available at:
-
-  * http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
-  * http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
-  * http://downloads.asterisk.org/pub/security/AST-2014-003.pdf
-  * http://downloads.asterisk.org/pub/security/AST-2014-004.pdf
* Tue Mar  4 2014 Jeffrey Ollie <jeff at ocjtech.us> - 11.8.0-1:
- The Asterisk Development Team has announced the release of Asterisk 11.8.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 11.8.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following are the issues resolved in this release:
-
- Bugs fixed in this release:
- -----------------------------------
-  * ASTERISK-22544 - Italian prompt vm-options has advertisement in
-       it (Reported by Rusty Newton)
-  * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
-       Asterisk to Chrome (Reported by Shaun Clark)
-  * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
-       DTMF menus in ConfBridge (processed as directive) (Reported by
-       Nicolas Tanski)
-  * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
-       every register message (Reported by Pawel Pierscionek)
-  * ASTERISK-20862 - Asterisk min and max member penalties not
-       honored when set with 0 (Reported by Schmooze Com)
-  * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
-       read (Reported by Michael Walton)
-  * ASTERISK-22788 - [patch] main/translate.c: access to variable f
-       after free in ast_translate() (Reported by Corey Farrell)
-  * ASTERISK-21242 - Segfault when T.38 re-invite retransmission
-       receives 200 OK (Reported by Ashley Winters)
-  * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
-       16 bit multipart SMS with app_sms (Reported by Jan Juergens)
-  * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
-       from being executed from external interfaces (Reported by Matt
-       Jordan)
-  * ASTERISK-23021 - Typos in code : "avaliable" instead of
-       "available" (Reported by Jeremy Lainé)
-  * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
-       by Gareth Palmer)
-  * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
-       Melekhov)
-  * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
-       sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
-       "WIMPy" Harzenetter)
-  * ASTERISK-22942 - [patch] - Asterisk crashed after
-       Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
-  * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
-       instead of seconds (Reported by Robert Mordec)
-  * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
-       core_event_dispatcher taskprocessor thread (Reported by Etienne
-       Lessard)
-  * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
-       memory when <replace-char> is empty (Reported by Gareth Palmer)
-  * ASTERISK-22871 - cel_pgsql module not loading after "reload" or
-       "reload cel_pgsql.so" command (Reported by Matteo)
-  * ASTERISK-23084 - [patch]rasterisk needlessly prints the
-       AST-2013-007 warning (Reported by Tzafrir Cohen)
-  * ASTERISK-17138 - [patch] Asterisk not re-registering after it
-       receives "Forbidden - wrong password on authentication"
-       (Reported by Rudi)
-  * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
-       lua 5.2 (Reported by George Joseph)
-  * ASTERISK-22834 - Parking by blind transfer when lot full orphans
-       channels (Reported by rsw686)
-  * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
-       SIP transfer to parking space (Reported by Tommy Thompson)
-  * ASTERISK-22946 - Local From tag regression with sipgate.de
-       (Reported by Stephan Eisvogel)
-  * ASTERISK-23010 - No BYE message sent when sip INVITE is received
-       (Reported by Ryan Tilton)
-  * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
-       - probably introduced in 11.7.0 (Reported by OK)
-
- Improvements made in this release:
- -----------------------------------
-  * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
-       When Running "sip show peers" (Reported by Michael L. Young)
-  * ASTERISK-22659 - Make a new core and extra sounds release
-       (Reported by Rusty Newton)
-  * ASTERISK-22919 - core show channeltypes slicing  (Reported by
-       outtolunc)
-  * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
-       output (Reported by outtolunc)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1074825 - CVE-2014-2286 asterisk: cookie processing stack overflow (AST-2014-001)
        https://bugzilla.redhat.com/show_bug.cgi?id=1074825
  [ 2 ] Bug #1074827 - CVE-2014-2287 asterisk: remote denial of service via file descriptor exhaustion (AST-2014-002)
        https://bugzilla.redhat.com/show_bug.cgi?id=1074827
--------------------------------------------------------------------------------

================================================================================
 cups-filters-1.0.41-5.fc19 (FEDORA-2014-3771)
 OpenPrinting CUPS filters and backends
--------------------------------------------------------------------------------
Update Information:

This update removes unused pdftoopvp and urftopdf filters.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 11 2014 Jiri Popelka <jpopelka at redhat.com> - 1.0.41-5
- Don't ship pdftoopvp (#1027557) and urftopdf (#1002947).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1074840 - CVE-2013-6473 CVE-2013-6476 CVE-2013-6474 CVE-2013-6475 cups-filters: various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1074840
--------------------------------------------------------------------------------

================================================================================
 docker-io-0.9.0-2.fc19 (FEDORA-2014-3769)
 Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:

lxc removed (optional)
BZ 1074880 - upstream version bump to v0.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 11 2014 Lokesh Mandvekar <lsm5 at redhat.com> - 0.9.0-2
- lxc removed (optional)
  http://blog.docker.io/2014/03/docker-0-9-introducing-execution-drivers-and-libcontainer/
* Tue Mar 11 2014 Lokesh Mandvekar <lsm5 at redhat.com> - 0.9.0-1
- BZ 1074880 - upstream version bump to v0.9.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1074880 - docker-io-0.9.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1074880
--------------------------------------------------------------------------------

================================================================================
 ibus-table-1.5.0.20140311-1.fc19 (FEDORA-2014-3772)
 The Table engine for IBus platform
--------------------------------------------------------------------------------
Update Information:

fix a regression introduced by the Python3 port; add a .desktop file and make the setup tool work with Gnome; make it possible to interrupt the setup tool with Control-C from the command line
port from Python2 to Python3, fix setup tool, add profiling support
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 11 2014 Mike FABIAN <mfabian at redhat.com> - 1.5.0.20140311-1
- update to latest upstream
- fix a regression introduced by the Python3 port
- add a .desktop file and make the setup tool work with Gnome
- make it possible to interrupt the setup tool with Control-C from the command line
* Thu Mar  6 2014 Mike FABIAN <mfabian at redhat.com> - 1.5.0.20140306-1
- update to latest upstream
- Resolves: rhbz#1072940 - Left Shift stopped work for ibus-table-1.5.0.20140218-1.fc20.noarch
- port from Python2 to Python3, require Python3 in this rpm now
- fix directory for setup tool, setup tool should work now
- add profiling support
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1072940 - Left Shift stopped work for ibus-table-1.5.0.20140218-1.fc20.noarch
        https://bugzilla.redhat.com/show_bug.cgi?id=1072940
--------------------------------------------------------------------------------

================================================================================
 iperf3-3.0.2-1.fc19 (FEDORA-2014-3751)
 Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:

iperf3-3.0.2 is available
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 11 2014 Susant Sahani <ssahani at redhat.com> 3.0.2-1
- Update to 3.0.2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1074900 - iperf3-3.0.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1074900
--------------------------------------------------------------------------------

================================================================================
 jansson-2.6-1.fc19 (FEDORA-2014-3782)
 C library for encoding, decoding and manipulating JSON data
--------------------------------------------------------------------------------
Update Information:

Florian Weimer of the Red Hat Product Security Team found that the
hashing implementation in Jansson, a library for encoding, decoding and manipulating JSON data, was susceptible to predictable hash collisions.

A remote attacker could use this flaw to cause an application using Jansson to use an excessive amount of CPU time by sending a crafted JSON document containing a large number of parameters whose names map to the same hash value. (CVE-2013-6401)

--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 13 2014 Jared Smith <jsmith at fedoraproject.org> - 2.6-1
- Update to Jansson 2.6 for CVE-2013-6401
* Sat Jan 25 2014 Jiri Pirko <jpirko at redhat.com> 2.5-1
- Update to Jansson 2.5.
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1063817 - CVE-2013-6401 jansson: hash table collisions CPU usage DoS [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1063817
  [ 2 ] Bug #1064201 - jansson-2.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1064201
--------------------------------------------------------------------------------

================================================================================
 libreoffice-4.1.5.3-6.fc19 (FEDORA-2014-3742)
 Free Software Productivity Suite
--------------------------------------------------------------------------------
Update Information:

Resolves rhbz#988516, fdo#65655, some RTF import issues
fix build on s390
Fix for a notorious difficult to reproduce but common crash in writer
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 10 2014 Michael Stahl <mstahl at redhat.com> - 1:4.1.5.3-6
- Resolves: rhbz#988516: DOCX import: fix context stack when importing header
- Resolves: fdo#65655: Different_Odd_And_Even_Pages flag ignored
- RTF import: fix nested tables
- RTF import: import field parameters
* Fri Mar  7 2014 David Tardon <dtardon at redhat.com> - 1:4.1.5.3-5
- fix build on s390
* Tue Mar  4 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.1.5.3-4
- Related: rhbz#1065807 search for "wizards" in the different template dirs
* Mon Mar  3 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.1.5.3-3
- Resolves: rhbz#1065807 search XDG defined "Templates"
- Resolves: rhbz#1057977 do not crash when fonts are updated
- Resolves: rhbz#1007697 Update on a Window deletes itself
* Tue Feb 18 2014 David Tardon <dtardon at redhat.com> - 1:4.1.5.3-2
- Resolves: rhbz#1065925 [abrt] libreoffice-core: Divide(): soffice.bin killed
  by SIGFPE
--------------------------------------------------------------------------------

================================================================================
 meld-1.8.4-1.fc19 (FEDORA-2014-3757)
 Visual diff and merge tool
--------------------------------------------------------------------------------
Update Information:

This update brings a new meld to you and now explicitly uses Python 2.7 as the Python interpreter of choice (RHBZ#1024318).
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 10 2014 Dominic Hopf <dmaphy at fedoraproject.org> - 1.8.4-1
- New upstream release: Meld 1.8.4
- fix RHBZ#1024318: use /usr/bin/python as python interpreter
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1024318 - meld should use system python interpreter
        https://bugzilla.redhat.com/show_bug.cgi?id=1024318
--------------------------------------------------------------------------------

================================================================================
 nodejs-cssom-0.3.0-1.fc19 (FEDORA-2014-3741)
 CSS Object Model implementation and CSS parser for Node.js
--------------------------------------------------------------------------------
Update Information:

Update to upstream release 0.3.0.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 23 2014 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.3.0-1
- update to upstream release 0.3.0
- MIT-LICENSE.txt is now included upstream
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 openscad-2014.03-1.fc19 (FEDORA-2014-3761)
 The Programmers Solid 3D CAD Modeller
--------------------------------------------------------------------------------
Update Information:

**Language Features:**
* Added diameter argument: circle(d), cylinder(d, d1, d2) and sphere(d)
* Added parent_module() and $parent_modules
* Added children() as a replacement for child()
* Unicode strings (using UTF-8) are now correctly handled
* Ranges can have a negative step value
* Added norm() and cross() functions

**Program Features:**
* Cmd-line: --info parameter prints system/library info
* Cmd-line: --csglimit parameter to change CSG rendering limit
* Cmd-line: Better handling of cmd-line arguments under Windows
* GUI: Added Reset View
* GUI: Added Search&Replace in editor
* GUI: Syntax highlighting now has a dark background theme
* GUI: We now create a backup file before rendering to allow for recovery if OpenSCAD crashes/freezes
* GUI: Accessibility features enabled (e.g. screenreading)

**Bugfixes/improvements:**
* Reading empty STL files sometimes caused a crash
* OPENSCADPATH now uses semicolon as path separator under Windows
* polyhedron() is now much more robust handling almost planar polygons
* Automatic reloads of large designs are more robust
* Boolean logic in if() statements are now correctly short-circuited
* rands() with zero range caused an infinite loop
* resize(, auto=true) didn't work when shrinking objects
* The $children variable sometimes misbehaved due to dynamic scoping
* The --camera cmd-line option behaved differently then the corresponding GUI function
* PNG export now doesn't leak transparency settings into the target image
* Improved performance of 3D hull() operations
* Some editor misbehaviors were fixed
* Stability fixes of CGAL-related crashes
* Windows cmd-line can now handle spaces in filenames
* Default CSG rendering limit is now 100K elements
* Fixed a crash reading DXF files using comma as decimal separator
* Fixed a crash running the cmd-line without a HOME env. variable
* Intersecting something with nothing now correctly results in an empty object

**Deprecations:**
* child() is no longer supported. Use children() instead.
* polyhedron(triangles=[...]): Use polyhedron(faces=[...]) instead.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  9 2014 Miro Hrončok <mhroncok at redhat.com> - 2014.03-1
- New version
* Fri Dec 27 2013 Miro Hrončok <mhroncok at redhat.com> - 2013.06-8
- Enable Xvfb tests
- Add AppData from upstream git
* Mon Nov 18 2013 Dave Airlie <airlied at redhat.com> - 2013.06-7
- rebuilt for GLEW 1.10
* Sun Nov 17 2013 Miro Hrončok <mhroncok at redhat.com> - 2013.06-6
- Rebuilt for new glew
--------------------------------------------------------------------------------

================================================================================
 openscad-MCAD-0.0-6.20140307git85794e4.fc19 (FEDORA-2014-3761)
 OpenSCAD Parametric CAD Library
--------------------------------------------------------------------------------
Update Information:

**Language Features:**
* Added diameter argument: circle(d), cylinder(d, d1, d2) and sphere(d)
* Added parent_module() and $parent_modules
* Added children() as a replacement for child()
* Unicode strings (using UTF-8) are now correctly handled
* Ranges can have a negative step value
* Added norm() and cross() functions

**Program Features:**
* Cmd-line: --info parameter prints system/library info
* Cmd-line: --csglimit parameter to change CSG rendering limit
* Cmd-line: Better handling of cmd-line arguments under Windows
* GUI: Added Reset View
* GUI: Added Search&Replace in editor
* GUI: Syntax highlighting now has a dark background theme
* GUI: We now create a backup file before rendering to allow for recovery if OpenSCAD crashes/freezes
* GUI: Accessibility features enabled (e.g. screenreading)

**Bugfixes/improvements:**
* Reading empty STL files sometimes caused a crash
* OPENSCADPATH now uses semicolon as path separator under Windows
* polyhedron() is now much more robust handling almost planar polygons
* Automatic reloads of large designs are more robust
* Boolean logic in if() statements are now correctly short-circuited
* rands() with zero range caused an infinite loop
* resize(, auto=true) didn't work when shrinking objects
* The $children variable sometimes misbehaved due to dynamic scoping
* The --camera cmd-line option behaved differently then the corresponding GUI function
* PNG export now doesn't leak transparency settings into the target image
* Improved performance of 3D hull() operations
* Some editor misbehaviors were fixed
* Stability fixes of CGAL-related crashes
* Windows cmd-line can now handle spaces in filenames
* Default CSG rendering limit is now 100K elements
* Fixed a crash reading DXF files using comma as decimal separator
* Fixed a crash running the cmd-line without a HOME env. variable
* Intersecting something with nothing now correctly results in an empty object

**Deprecations:**
* child() is no longer supported. Use children() instead.
* polyhedron(triangles=[...]): Use polyhedron(faces=[...]) instead.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  9 2014 Miro Hrončok <mhroncok at redhat.com> - 0.0-6.20140307git85794e4
- Commit used in OpenSCAD 2014.03
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.0-5.20130531git9a958fd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 python-espeak-0.5-6.fc19 (FEDORA-2014-3753)
 Python 2 bindings for espeak
--------------------------------------------------------------------------------
Update Information:

Simple to use yet complete Python bindings for the eSpeak speech synthesizer.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #977638 - Review Request: python-espeak - Python bindings for espeak
        https://bugzilla.redhat.com/show_bug.cgi?id=977638
--------------------------------------------------------------------------------

================================================================================
 python-lxml-3.3.3-1.fc19 (FEDORA-2014-3745)
 ElementTree-like Python bindings for libxml2 and libxslt
--------------------------------------------------------------------------------
Update Information:

3.3.3 (2014-03-04)
==================

Bugs fixed
----------

* LP#1287118: Crash when using Element subtypes with ``__slots__``.

Other changes
-------------

* The internal classes ``_LogEntry`` and ``_Attrib`` can no longer be
  subclassed from Python code.
3.3.2 (2014-02-26)
==================

Bugs fixed
----------

* The properties ``resolvers`` and ``version``, as well as the methods
  ``set_element_class_lookup()`` and ``makeelement()``, were lost from
  ``iterparse`` objects.

* LP#1222132: instances of ``XMLSchema``, ``Schematron`` and ``RelaxNG``
  did not clear their local ``error_log`` before running a validation.

* LP#1238500: lxml.doctestcompare mixed up "expected" and "actual" in
  attribute values.

* Some file I/O tests were failing in MS-Windows due to incorrect temp
  file usage.  Initial patch by Gabi Davar.

* LP#910014: duplicate IDs in a document were not reported by DTD
  validation.

* LP#1185332: ``tostring(method="html")`` did not use HTML serialisation
  semantics for trailing tail text.  Initial patch by Sylvain Viollon.

* LP#1281139: ``.attrib`` value of Comments lost its mutation methods
  in 3.3.0.  Even though it is empty and immutable, it should still
  provide the same interface as that returned for Elements.

3.3.1 (2014-02-12)
==================

Bugs fixed
----------

* LP#1014290: HTML documents parsed with ``parser.feed()`` failed to find
  elements during tag iteration.

* LP#1273709: Building in PyPy failed due to missing support for
  ``PyUnicode_Compare()`` and ``PyByteArray_*()`` in PyPy's C-API.

* LP#1274413: Compilation in MSVC failed due to missing "stdint.h" standard
  header file.

* LP#1274118: iterparse() failed to parse BOM prefixed files.
3.3.2 (2014-02-26)
==================

Bugs fixed
----------