The following Fedora 20 Security updates need testing: Age URL 20 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-5918/owncloud-6.0.3-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-5972/python-fmn-web-0.2.4-3.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-6003/mingw-qt-4.8.6-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5988/mingw-qt5-qtbase-5.2.1-3.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6068/cifs-utils-6.3-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6098/rubygem-actionpack-4.0.0-4.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6120/mariadb-galera-5.5.37-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6128/abrt-2.2.1-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6277/dpkg-1.16.14-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6258/smb4k-1.1.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6263/botan-1.10.8-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6276/seamonkey-2.26-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6288/qemu-1.6.2-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6303/perl-LWP-Protocol-https-6.04-4.fc20
The following Fedora 20 Critical Path updates have yet to be approved: Age URL 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5992/pcmanfm-qt-0.1.0-5.fc20,pcmanfm-1.2.0-1.fc20,libfm-1.2.0-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6064/gupnp-0.20.11-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6132/xorg-x11-drv-evdev-2.8.4-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6101/policycoreutils-2.2.5-4.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6084/selinux-policy-3.12.1-161.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6201/vte3-0.34.9-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6309/gdb-7.7.1-12.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6241/curl-7.32.0-10.fc20 The following builds have been pushed to Fedora 20 updates-testing GraphicsMagick-1.3.19-6.fc20 OCE-0.15-2.fc20 bitlbee-3.2.1-3.fc20 devscripts-2.14.2-1.fc20 gdb-7.7.1-12.fc20 ghc-hjsmin-0.1.4.6-1.fc20 ghc-language-javascript-0.5.13-1.fc20 gitolite3-3.6-1.fc20 hplip-3.14.4-4.fc20 ibus-table-others-1.3.0.20140512-1.fc20 irrlicht-1.8.1-3.fc20 libtrash-3.2-14.fc20 perl-Image-ExifTool-9.60-1.fc20 perl-JSON-MaybeXS-1.002002-2.fc20 perl-LWP-Protocol-https-6.04-4.fc20 perl-Net-DNS-0.75-1.fc20 perl-Parse-DMIDecode-0.03-1.fc20 pyshp-1.2.1-1.fc20 python-blist-1.3.6-1.fc20 python-fn-0.2.13-1.fc20 qemu-1.6.2-5.fc20 rpmlint-1.5-9.fc20 skrooge-1.9.0-1.fc20 ssldump-0.9-0.9.b3.fc20 system-config-kdump-2.0.15-1.fc20 systemtap-2.5-2.fc20 taskcoach-1.3.38-2.fc20 telepathy-qt4-0.9.3.1-0.1.20140403git0191a6dd.fc20 tito-0.5.4-1.fc20 trinity-1.4-1.fc20 xmobar-0.20.1-1.fc20 Details about builds: ================================================================================ GraphicsMagick-1.3.19-6.fc20 (FEDORA-2014-6299) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: Update to latest stable bugfix release, see also http://www.graphicsmagick.org/NEWS.html#december-31-2013 -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Rex Dieter <[email protected]> 1.3.19-6 - handle upgrade path for introduction of -doc subpkg in 1.3.19-4 * Mon Feb 3 2014 Remi Collet <[email protected]> - 1.3.19-5 - upstream patch, drop debug output (#1060665) * Sat Jan 25 2014 Ville Skyttä <[email protected]> - 1.3.19-4 - Split docs into -doc subpackage, drop README.txt (#1056306). - Drop no longer needed BrowseDelegateDefault modification. - Convert docs to UTF-8. * Thu Jan 9 2014 Rex Dieter <[email protected]> 1.3.19-3 - ppc64le is a multilib arch (#1051208) * Wed Jan 1 2014 Rex Dieter <[email protected]> 1.3.19-2 - BR: jbigkit, libwebp, xdg-utils, xz * Wed Jan 1 2014 Rex Dieter <[email protected]> 1.3.19-1 - 1.3.19 (#1047676) * Tue Oct 15 2013 Rex Dieter <[email protected]> 1.3.18-5 - trim changelog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096540 - [abrt] GraphicsMagick: MagickMapDeallocateMap(): gm killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1096540 -------------------------------------------------------------------------------- ================================================================================ OCE-0.15-2.fc20 (FEDORA-2014-6320) OpenCASCADE Community Edition -------------------------------------------------------------------------------- Update Information: Initial build. -------------------------------------------------------------------------------- ================================================================================ bitlbee-3.2.1-3.fc20 (FEDORA-2014-6325) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information: Eliminate our own bitlbee.xinetd by patching the upstream one. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 5 2014 Matěj Cepl <[email protected]> - 3.2.1-3 - Eliminate our own bitlbee.xinetd by patching the upstream one. * Wed Dec 18 2013 Robert Scheck <[email protected]> 3.2.1-2 - Some spec file cleanups and ensure that RHEL 5 builds again -------------------------------------------------------------------------------- References: [ 1 ] Bug #1061498 - Use (modified) upstream bitlbee.xinetd https://bugzilla.redhat.com/show_bug.cgi?id=1061498 -------------------------------------------------------------------------------- ================================================================================ devscripts-2.14.2-1.fc20 (FEDORA-2014-6312) Scripts for Debian Package maintainers -------------------------------------------------------------------------------- Update Information: Update to version 2.14.2, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.2_changelog for details. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Sandro Mani <[email protected]> - 2.14.2-1 - Update to 2.14.2 -------------------------------------------------------------------------------- ================================================================================ gdb-7.7.1-12.fc20 (FEDORA-2014-6309) A GNU source-level debugger for C, C++, Fortran, Go and other languages -------------------------------------------------------------------------------- Update Information: s390 build fix. F-20 contained a trunk snapshot. As there were several bugs hit by users which are fixed now in a stable release and as F-20 is the latest stable release for a longer time than others I have rebased GDB. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Jan Kratochvil <[email protected]> - 7.7.1-12.fc21 - [s390*] Fix compilation error. * Fri May 9 2014 Jan Kratochvil <[email protected]> - 7.7.1-11.fc21 - [ppc*] Import ppc64le support (BZ 1096303, Ulrich Weigand). * Tue May 6 2014 Jan Kratochvil <[email protected]> - 7.7.1-10.fc21 - Rebase to FSF GDB 7.7.1. * Mon May 5 2014 Sergio Durigan Junior <[email protected]> - 7.7-9.fc21 - Improve testcase message for RH BZ 981154. * Mon May 5 2014 Jan Kratochvil <[email protected]> - 7.7-8.fc21 - Fix TLS access for -static -pthread (BZ 1080660). * Mon May 5 2014 Jan Kratochvil <[email protected]> - 7.7-7.fc21 - Add GFDL License to the main package (man pages are generated from .texinfo). * Thu Apr 24 2014 Sergio Durigan Junior <[email protected]> - 7.7-6.fc21 - Fix build failures for GCC 4.9 (Nick Clifton). * Thu Apr 24 2014 Sergio Durigan Junior <[email protected]> - 7.7-5.fc21 - Fix 'gdb gives highly misleading error when debuginfo pkg is present, but not corresponding binary pkg' (RH BZ 981154). * Mon Feb 24 2014 Jan Kratochvil <[email protected]> - 7.7-4.fc21 - Fix crash of -readnow /usr/lib/debug/usr/bin/gnatbind.debug (BZ 1069211). * Sun Feb 23 2014 Jan Kratochvil <[email protected]> - 7.7-3.fc21 - [rhel6] DTS backward Python compatibility API (BZ 1020004, Phil Muldoon). - [rhel6] Do not install its man page if gdb-add-index is not installed. - [rhel] Do not migrate /usr/share/gdb/auto-load/ with symlinks on RHELs. - Fix gdb-7.7 auto-load from /usr/share/gdb/auto-load/ regression. * Sun Feb 9 2014 Jan Kratochvil <[email protected]> - 7.7-2.fc21 - [rhel] Fix rebase build regression on RHEL systems (Tobias Burnus). * Fri Feb 7 2014 Jan Kratochvil <[email protected]> - 7.7-1.fc21 - Rebase to FSF GDB 7.7. - New rpmbuild option: --with asan * Thu Jan 23 2014 Jan Kratochvil <[email protected]> - 7.6.50.20140119-20.fc20 - [s390*,ppc*] Enable secondary targets s390* and ppc* (BZ 1056259). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080660 - [Fedora] Can't access TLS variables in statically linked binaries https://bugzilla.redhat.com/show_bug.cgi?id=1080660 -------------------------------------------------------------------------------- ================================================================================ ghc-hjsmin-0.1.4.6-1.fc20 (FEDORA-2014-6313) Haskell implementation of a javascript minifier -------------------------------------------------------------------------------- Update Information: Latest upstream releases + new deps. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Ricky Elrod <[email protected]> - 0.1.4.6-1 - Latest upstream release. - Add optparse-applicative dep. * Thu Apr 24 2014 Jens Petersen <[email protected]> - 0.1.4.4-5 - rebuild * Mon Jan 20 2014 Ricky Elrod <[email protected]> - 0.1.4.4-4 - Rebuild again. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1092434 - ghc-language-javascript-0.5.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1092434 [ 2 ] Bug #1057479 - ghc-hjsmin-0.1.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1057479 -------------------------------------------------------------------------------- ================================================================================ ghc-language-javascript-0.5.13-1.fc20 (FEDORA-2014-6313) Parser for JavaScript -------------------------------------------------------------------------------- Update Information: Latest upstream releases + new deps. -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Ricky Elrod <[email protected]> - 0.5.13-1 - Latest upstream release. * Thu Apr 10 2014 Ricky Elrod <[email protected]> - 0.5.12-1 - Latest upstream release. - Remove old patch. * Mon Jan 20 2014 Ricky Elrod <[email protected]> - 0.5.8-5 - Another rebuild. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1092434 - ghc-language-javascript-0.5.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1092434 [ 2 ] Bug #1057479 - ghc-hjsmin-0.1.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1057479 -------------------------------------------------------------------------------- ================================================================================ gitolite3-3.6-1.fc20 (FEDORA-2014-6316) Highly flexible server for git directory version tracker -------------------------------------------------------------------------------- Update Information: Latest upstream, minor enhancements. https://github.com/sitaramc/gitolite/commit/522cc1fc1af530ef9c82e01d89f11022adf4b355 -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Jon Ciesla <[email protected]> - 1:3.6-1 - Latest upstream. -------------------------------------------------------------------------------- ================================================================================ hplip-3.14.4-4.fc20 (FEDORA-2014-6291) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 29 2014 Tim Waugh <[email protected]> - 3.14.4-4 - Fixed scan-tmp patch (bug #1076954). * Tue Apr 22 2014 Tim Waugh <[email protected]> - 3.14.4-3 - Fix for last fix (bug #984167). * Wed Apr 16 2014 Tim Waugh <[email protected]> - 3.14.4-2 - Fixed codec issue (bug #984167). * Wed Apr 9 2014 Jiri Popelka <[email protected]> - 3.14.4-1 - 3.14.4 * Fri Apr 4 2014 Tim Waugh <[email protected]> - 3.14.3-3 - Scan to /var/tmp instead of /tmp (bug #1076954). * Mon Mar 10 2014 Jiri Popelka <[email protected]> - 3.14.3-2 - BuildRequires: pkgconfig(dbus-1) instead of dbus-devel * Fri Mar 7 2014 Jiri Popelka <[email protected]> - 3.14.3-1 - 3.14.3 - --enable-udev-acl-rules configure flag has been removed upstream * Thu Jan 9 2014 Jiri Popelka <[email protected]> - 3.14.1-1 - 3.14.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096485 - hplip is outdated : please upgrade to 3.14.4 https://bugzilla.redhat.com/show_bug.cgi?id=1096485 [ 2 ] Bug #1076954 - segfault and core dump in hp-scan https://bugzilla.redhat.com/show_bug.cgi?id=1076954 -------------------------------------------------------------------------------- ================================================================================ ibus-table-others-1.3.0.20140512-1.fc20 (FEDORA-2014-6302) Various tables for IBus-Table -------------------------------------------------------------------------------- Update Information: update to latest upstream 1.3.0.20140512; keyboard layout fixes; update to latest upstream 1.3.0.20140505; Don’t force “us” layout for the latex input method; The “latex” table uses “\” as a startchar -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Mike FABIAN <[email protected]> - 1.3.0.20140512-1 - update to latest upstream 1.3.0.20140512 - Don’t force “us” layout for cns11643, compose, ipa-x-sampa, viqr, emoji, mathwriter-ibus, translit-ua, and translit - Keep forcing “us” layout only for “rustrad”, “yawerty”, and “thai”. But ibus does not use the option “KEYBOARD_LAYOUT”, the correct name of that option is just “LAYOUT”. Fix that for all tables. * Mon May 5 2014 Mike FABIAN <[email protected]> - 1.3.0.20140505-1 - update to latest upstream 1.3.0.20140505 - Don’t force “us” layout for the latex input method - The “latex” table uses “\” as a startchar - fix wrong weekday in rpm changelog -------------------------------------------------------------------------------- ================================================================================ irrlicht-1.8.1-3.fc20 (FEDORA-2014-6305) A high performance realtime 3D engine -------------------------------------------------------------------------------- Update Information: Fix incorrect variable in Makefile causing slightly incorrect soname versioning (corrected by ldconfig, but causing rpmverify to fail). -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Tom Callaway <[email protected]> - 1.8.1-3 - fix VERSION_RELEASE to be correct in Makefile, resolving bz 1096792 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096792 - Library version linking https://bugzilla.redhat.com/show_bug.cgi?id=1096792 -------------------------------------------------------------------------------- ================================================================================ libtrash-3.2-14.fc20 (FEDORA-2014-6300) Libraries to move files to a trash-folder on delete -------------------------------------------------------------------------------- Update Information: - avoid symbol clashes when loading audacious plug-ins (#1096443) -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Kamil Dudka <[email protected]> - 3.2-14 - avoid symbol clashes when loading audacious plug-ins (#1096443) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096443 - [abrt] libtrash init(): audacious killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1096443 -------------------------------------------------------------------------------- ================================================================================ perl-Image-ExifTool-9.60-1.fc20 (FEDORA-2014-6293) Utility for reading and writing image meta info -------------------------------------------------------------------------------- Update Information: Update to latest stable release. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Tom Callaway <[email protected]> - 9.60-1 - update to 9.60 (new stable) -------------------------------------------------------------------------------- ================================================================================ perl-JSON-MaybeXS-1.002002-2.fc20 (FEDORA-2014-6319) Use Cpanel::JSON::XS with a fallback to JSON::XS and JSON::PP -------------------------------------------------------------------------------- Update Information: This is the first Fedora/EPEL release of perl-JSON-MaybeXS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096264 - Review Request: perl-JSON-MaybeXS - Use Cpanel::JSON::XS with a fallback to JSON::XS and JSON::PP https://bugzilla.redhat.com/show_bug.cgi?id=1096264 -------------------------------------------------------------------------------- ================================================================================ perl-LWP-Protocol-https-6.04-4.fc20 (FEDORA-2014-6303) Provide HTTPS support for LWP::UserAgent -------------------------------------------------------------------------------- Update Information: This release fixes a server certification validation when a certificate authority is defined by HTTPS_CA_DIR or HTTPS_CA_FILE environement variable. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Petr Pisar <[email protected]> - 6.04-4 - Fix CVE-2014-3230 (incorrect handling of SSL certificate verification if HTTPS_CA_DIR or HTTPS_CA_FILE environment variables are set) (bug #1094442) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1094440 - CVE-2014-3230 perl-libwww-perl: incorrect handling of SSL certificate verification https://bugzilla.redhat.com/show_bug.cgi?id=1094440 -------------------------------------------------------------------------------- ================================================================================ perl-Net-DNS-0.75-1.fc20 (FEDORA-2014-6307) DNS resolver modules for Perl -------------------------------------------------------------------------------- Update Information: A new version of Net::DNS is available for Fedora. Highlights of this release include a better IPv6 support and iterating through the available nameservers. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Petr Šabata <[email protected]> - 0.75-1 - 0.75 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095858 - perl-Net-DNS-0.75 is available https://bugzilla.redhat.com/show_bug.cgi?id=1095858 -------------------------------------------------------------------------------- ================================================================================ perl-Parse-DMIDecode-0.03-1.fc20 (FEDORA-2014-6290) Interface to SMBIOS using dmidecode -------------------------------------------------------------------------------- Update Information: Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1091144 - Review Request: perl-Parse-DMIDecode - Interface to SMBIOS using dmidecode https://bugzilla.redhat.com/show_bug.cgi?id=1091144 -------------------------------------------------------------------------------- ================================================================================ pyshp-1.2.1-1.fc20 (FEDORA-2014-6304) Pure Python read/write support for ESRI Shapefile format -------------------------------------------------------------------------------- Update Information: From the changelog: Fixed bug which failed to properly read some dbf fields in Python 3 -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Volker Fröhlich <[email protected]> - 1.2.1-1 - New upstream release - Properly check on Python 3 builds * Thu Jan 23 2014 Volker Fröhlich <[email protected]> - 1.2.0-2 - Disable Python 3 builds for EPEL7 until Python 3 is available there -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096738 - pyshp-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1096738 -------------------------------------------------------------------------------- ================================================================================ python-blist-1.3.6-1.fc20 (FEDORA-2014-6321) A faster list implementation for Python -------------------------------------------------------------------------------- Update Information: - latest upstream release - Python 3 packages available for supported Fedora releases -------------------------------------------------------------------------------- ChangeLog: * Thu May 8 2014 Michel Salim <[email protected]> - 1.3.6-1 - Update to 1.3.6 - Build for Python 3 as well on supported releases -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076573 - python-blist-1.3.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1076573 -------------------------------------------------------------------------------- ================================================================================ python-fn-0.2.13-1.fc20 (FEDORA-2014-6294) Features to allow functional programming in Python -------------------------------------------------------------------------------- Update Information: Latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 18 2013 Ricky Elrod <[email protected]> 0.2.13-1 - Latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1031276 - python-fn-0.2.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1031276 -------------------------------------------------------------------------------- ================================================================================ qemu-1.6.2-5.fc20 (FEDORA-2014-6288) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * Migration CVEs: CVE-2014-0182 etc. -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Cole Robinson <[email protected]> - 2:1.6.2-5 - Migration CVEs: CVE-2014-0182 etc. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1088986 - CVE-2014-0182 qemu: virtio: out-of-bounds buffer write on state load with invalid config_len https://bugzilla.redhat.com/show_bug.cgi?id=1088986 [ 2 ] Bug #1066405 - CVE-2013-4534 qemu: openpic: buffer overrun on incoming migration https://bugzilla.redhat.com/show_bug.cgi?id=1066405 [ 3 ] Bug #1066404 - CVE-2013-4533 qemu: pxa2xx: buffer overrun on incoming migration https://bugzilla.redhat.com/show_bug.cgi?id=1066404 [ 4 ] Bug #1066401 - CVE-2013-4535 CVE-2013-4536 qemu: virtio: insufficient validation of num_sg when mapping https://bugzilla.redhat.com/show_bug.cgi?id=1066401 [ 5 ] Bug #1066394 - CVE-2013-4537 qemu: ssi-sd: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066394 [ 6 ] Bug #1066393 - CVE-2013-4538 qemu: ssd0323: fix buffer overun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066393 [ 7 ] Bug #1066387 - CVE-2013-4539 qemu: tsc210x: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066387 [ 8 ] Bug #1066386 - CVE-2013-4540 qemu: zaurus: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066386 [ 9 ] Bug #1066384 - CVE-2013-4541 qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load https://bugzilla.redhat.com/show_bug.cgi?id=1066384 [ 10 ] Bug #1066382 - CVE-2013-4542 qemu: virtio-scsi: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066382 [ 11 ] Bug #1066361 - CVE-2013-6399 qemu: virtio: buffer overrun on incoming migration https://bugzilla.redhat.com/show_bug.cgi?id=1066361 [ 12 ] Bug #1066357 - CVE-2013-4531 qemu: target-arm/machine.c: fix buffer overflow on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066357 [ 13 ] Bug #1066354 - CVE-2013-4530 qemu: pl022: fix buffer overun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066354 [ 14 ] Bug #1066353 - CVE-2013-4529 qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066353 [ 15 ] Bug #1066347 - CVE-2013-4527 qemu: hpet: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066347 [ 16 ] Bug #1066345 - CVE-2013-4526 qemu: ahci: fix buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066345 [ 17 ] Bug #1066342 - CVE-2013-4151 qemu: virtio: out-of-bounds buffer write on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066342 [ 18 ] Bug #1066340 - CVE-2013-4150 qemu: virtio-net: out-of-bounds buffer write on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066340 [ 19 ] Bug #1066337 - CVE-2013-4149 qemu: virtio-net: out-of-bounds buffer write on load https://bugzilla.redhat.com/show_bug.cgi?id=1066337 [ 20 ] Bug #1066334 - CVE-2013-4148 qemu: virtio-net: buffer overflow on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066334 -------------------------------------------------------------------------------- ================================================================================ rpmlint-1.5-9.fc20 (FEDORA-2014-6306) Tool for checking common errors in RPM packages -------------------------------------------------------------------------------- Update Information: Add exclusion for non-readable file in ovirt-iso-uploader. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Tom Callaway <[email protected]> - 1.5-9 - update config to ignore non-readable /etc/ovirt-engine/isouploader.conf -------------------------------------------------------------------------------- References: [ 1 ] Bug #1094723 - ovirt-iso-uploader - rpmlint check on non-readable config files https://bugzilla.redhat.com/show_bug.cgi?id=1094723 -------------------------------------------------------------------------------- ================================================================================ skrooge-1.9.0-1.fc20 (FEDORA-2014-6322) Personal finances manager -------------------------------------------------------------------------------- Update Information: New Package Upstream 1.9.0 new upstream release 1.8.0 -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Siddharth Sharma <[email protected]> - 1.9.0-1 - New Package Upstream 1.9.0 * Tue Jan 7 2014 siddharth <[email protected]> - 1.8.0-1 - new upstream release 1.8.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1049101 - Package out of date https://bugzilla.redhat.com/show_bug.cgi?id=1049101 -------------------------------------------------------------------------------- ================================================================================ ssldump-0.9-0.9.b3.fc20 (FEDORA-2014-6296) An SSLv3/TLS network protocol analyzer -------------------------------------------------------------------------------- Update Information: - Added a patch which adds further link layer offsets - Added patch to include traffic with(out) the 802.1Q VLAN header - Added patch for TLSv1.1/TLSv1.2 application data decrypt support - Added a patch to update known cipher suites according to IANA - Added patch with new cipher suites for application data decoding -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Robert Scheck <[email protected]> 0.9-0.9.b3 - Added a patch which adds further link layer offsets - Added patch to include traffic with(out) the 802.1Q VLAN header - Added patch for TLSv1.1/TLSv1.2 application data decrypt support - Added a patch to update known cipher suites according to IANA - Added patch with new cipher suites for application data decoding -------------------------------------------------------------------------------- ================================================================================ system-config-kdump-2.0.15-1.fc20 (FEDORA-2014-6328) A graphical interface for configuring kernel crash dumping -------------------------------------------------------------------------------- Update Information: This release contains a couple of bugfixes. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Martin Milata <[email protected]> - 2.0.15-1 - Update to 2.0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1083007 - Allow setting dump path even if no partition is chosen https://bugzilla.redhat.com/show_bug.cgi?id=1083007 -------------------------------------------------------------------------------- ================================================================================ systemtap-2.5-2.fc20 (FEDORA-2014-6297) Programmable system-wide instrumentation system -------------------------------------------------------------------------------- Update Information: Upstream release, notes at https://sourceware.org/ml/systemtap/2014-q2/msg00103.html -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 Frank Ch. Eigler <[email protected]> - 2.5-2 - Include fix for upstream http://sourceware.org/PR16894 * Wed Apr 30 2014 Jonathan Lebon <[email protected]> - 2.5-1 - Upstream release. See wiki page below for detailed notes. http://sourceware.org/systemtap/wiki/SystemTapReleases -------------------------------------------------------------------------------- ================================================================================ taskcoach-1.3.38-2.fc20 (FEDORA-2014-6326) Your friendly task manager -------------------------------------------------------------------------------- Update Information: Updated to the latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Šimon Lukašík <[email protected]> - 1.3.38-2 - remove duplicate sources * Mon May 12 2014 Šimon Lukašík <[email protected]> - 1.3.38-1 - Updated to the latest upstream version -------------------------------------------------------------------------------- ================================================================================ telepathy-qt4-0.9.3.1-0.1.20140403git0191a6dd.fc20 (FEDORA-2014-6310) High-level bindings for Telepathy -------------------------------------------------------------------------------- Update Information: Pull in latest batch of upstream bugfixes, in particular includes a fix to limit local avatar cache growth/size. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 29 2014 Rex Dieter <[email protected]> 0.9.3.1-0.1.20140403git0191a6dd - 0.9.3.1 snapshot, fixes FTBFS -------------------------------------------------------------------------------- ================================================================================ tito-0.5.4-1.fc20 (FEDORA-2014-6324) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: Support older versions of git-annex. Fix a getcwd error in releaser. Fix silently failing commands. Allow builders to run on untagged projects if --test is specified. Added scl builder option. Cleanup builders/releasers when interrupted. Removed dep on gitpython. Added rpmbuild output to error message. Significant improvements, new builders/releasers, removal of dead code and refactoring. Significant improvements, new builders/releasers, removal of dead code and refactoring. New support for writing out a templated version file during tagging. New Copr build system and OBS releasers. Fixed bug with old versions of packages still being left in the yum repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Significant improvements, new builders/releasers, removal of dead code and refactoring. New support for writing out a templated version file during tagging. New Copr build system and OBS releasers. Fixed bug with old versions of packages still being left in the yum repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Significant improvements, new builders/releasers, removal of dead code and refactoring. New support for writing out a templated version file during tagging. New Copr build system and OBS releasers. Fixed bug with old versions of packages still being left in the yum repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Devan Goodwin <[email protected]> 0.5.4-1 - make version comparison compat with python2 and python3 ([email protected]) * Mon May 12 2014 Devan Goodwin <[email protected]> 0.5.3-1 - avoid syntax error on el5 ([email protected]) - Support pre-5.20131213 versions of git-annex for EL6 ([email protected]) - Add version comparison utility ([email protected]) * Fri May 9 2014 Devan Goodwin <[email protected]> 0.5.2-1 - Fix releaser getcwd error. ([email protected]) * Fri May 9 2014 Devan Goodwin <[email protected]> 0.5.1-1 - Raise error on failed run_command. ([email protected]) - Allow builder to run in test mode on untagged project ([email protected]) - Add 'scl' builder option for software collection name ([email protected]) - added rpmbuild output to an error raised by tito to easier the error's cause analysis ([email protected]) - propagate docs to docker public registry ([email protected]) - spec: remove dependency on GitPython ([email protected]) - Update tito.8.asciidoc ([email protected]) - Cleanup releasers + builders when interrupted ([email protected]) - make run_command_print() compatible with python3 ([email protected]) - remove unused import "commands" ([email protected]) - Change package-specific config message to debug ([email protected]) * Mon Mar 24 2014 Devan Goodwin <[email protected]> 0.5.0-1 - Prep for python3. ([email protected]) - Print output live for longer running rpmbuild commands. ([email protected]) - Add GitAnnexBuilder, using git-annex to store blobs ([email protected]) - Remove legacy CvsBuilder and CvsReleaser. ([email protected]) - Stop writing temp file to load tito.props from past tag. ([email protected]) - Remove deprecated support for build.py.props config filename. ([email protected]) - Remove a very old hack for assuming config from Makefiles. ([email protected]) - Refactor config overriding. ([email protected]) - Move taggers to sub-directory. ([email protected]) - Move releasers to sub-directory. ([email protected]) - Improved docs for [version_template] section of tito.props ([email protected]) - allow empty dist tag in functional tests ([email protected]) - docs: createrepo is needed for functional tests ([email protected]) - provide config for editorconfig plugins ([email protected]) - Add more missing documentation to MANIFEST.in. ([email protected]) - Assume a default fetch strategy. ([email protected]) - Add markdown docs for FetchBuilder instead of manpage. ([email protected]) - Fix releasers and respect offline flag. ([email protected]) - Support release with fetch builder. ([email protected]) - Add support for passing builder args through a releaser. ([email protected]) - MANIFEST.in: include README.mkd and asciidoc files ([email protected]) - Rename --builder-arg to just --arg in build command. ([email protected]) - Fix issue with releaser temp dir. ([email protected]) - Refactor to just one config object. ([email protected]) - Make external source builder fetch strategy configurable. ([email protected]) - Fix buildroot using ~/rpmbuild/BUILDROOT. ([email protected]) - Refactor builders to allow separate modules. ([email protected]) - Restore building of specific tags. ([email protected]) - Start building with external sources and no tag. ([email protected]) - Allow possibility of building without a pre-existing tag. ([email protected]) - Print koji/brew task ID and URL during release. ([email protected]) * Thu Nov 14 2013 Devan Goodwin <[email protected]> 0.4.18-1 - Merge the FiledVersionTagger into the base VersionTagger. ([email protected]) - add Copr releaser ([email protected]) - Fix broken asciidoc. ([email protected]) - Fix old versions in yum repodata. ([email protected]) - adding the FiledVersionTagger class that we are using internally ([email protected]) - tito report man page missing options ([email protected]) - Implement OBS releaser ([email protected]) -------------------------------------------------------------------------------- ================================================================================ trinity-1.4-1.fc20 (FEDORA-2014-6317) System call fuzz tester -------------------------------------------------------------------------------- Update Information: Upstream notes on this release: - Big changes since 1.3 include some more targeted fuzzing of VM related syscalls, which judging from the fallout over the last six months, seems to be working quite well. - Trinity should now also scale up a lot better on bigger machines with lots of cores. It should pick a reasonable default number of child processes, but you can override with -C as you could before, but now without any restrictions other than available memory. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Jerry James <[email protected]> - 1.4-1 - New upstream version -------------------------------------------------------------------------------- ================================================================================ xmobar-0.20.1-1.fc20 (FEDORA-2014-6327) A minimalistic text-based status bar -------------------------------------------------------------------------------- Update Information: * New features - Back to picking by default the first available screen, with a new configuration option, pickBroadest, for choosing the broadest (see issue #158). - Mouse actions now support multiple buttons, by Marcin Mikołajczyk. - Non supported monitors are ignored in configuration files (see issue #139), by Adam Vogt. * Bug fixes - Disk monitor now ignores non-existent devices (Reto Hablützel). - Weather is now non-blocking and doesn't use curl (Ben Boeckel). - Fix for Memory monitor in 3.14 kernels (Ben Boeckel). - Fix for infinite loops in AutoMPD (issue #76, issue #111). - More robust AC readings in BatteryP. - Fix for Top monitor's readings for processes whose name contains blanks. - Fixes for geometry computation on multihead (Dmitry Malikov). - Fixes for missing XDG configuration (Thiago Negri and James McCoy, see issue #133). -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2014 Ben Boeckel <[email protected]> - 0.20.1-1 - Update to 0.20.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1075010 - xmobar-0.20.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1075010 -------------------------------------------------------------------------------- -- test mailing list [email protected] To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
