The following Fedora 19 Security updates need testing: Age URL 55 https://admin.fedoraproject.org/updates/FEDORA-2013-14029/zabbix-2.0.6-3.fc19 42 https://admin.fedoraproject.org/updates/FEDORA-2013-14814/python-glanceclient-0.9.0-3.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-17121/vino-3.8.1-3.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-17109/spice-gtk-0.20-6.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2013-17373/seamonkey-2.21-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-17397/xpdf-3.03-8.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17475/glibc-2.17-18.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-17449/ReviewBoard-1.7.14-1.fc19,python-djblets-0.7.18-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17618/libvirt-1.0.5.6-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17661/wireshark-1.10.2-6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17662/rubygems-2.0.10-106.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 28 https://admin.fedoraproject.org/updates/FEDORA-2013-15459/kbd-1.15.5-7.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2013-16926/langtable-0.0.14-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-17035/device-mapper-persistent-data-0.2.7-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-16994/langtable-0.0.15-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2013-17357/ibus-1.5.4-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17640/cronie-1.4.10-6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17650/tigervnc-1.3.0-7.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17669/man-db-2.6.3-7.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-17625/NetworkManager-0.9.8.2-9.git20130709.fc19 The following builds have been pushed to Fedora 19 updates-testing NetworkManager-0.9.8.2-9.git20130709.fc19 cronie-1.4.10-6.fc19 git-cola-1.8.5-1.fc19 glm-0.9.4.6-2.fc19 graphite-web-0.9.12-3.fc19 jetring-0.20-3.fc19 keyrings-filesystem-1-1.fc19 libuv-0.10.17-1.fc19 libvirt-1.0.5.6-2.fc19 man-db-2.6.3-7.fc19 mfiler4-1.2.6-1.fc19 munin-2.0.17-6.fc19 nemo-extensions-1.8.0-0.3.git3e366de.fc19 nfs-utils-1.2.8-6.0.fc19 nodejs-0.10.19-1.fc19 opensips-1.10.0-1.fc19 pspp-0.8.1-1.fc19 python-apsw-3.8.0.r2-1.fc19 python-bucky-0.2.6-3.fc19 python-carbon-0.9.12-2.fc19 python-llfuse-0.39-1.fc19 qemu-1.4.2-10.fc19 qt5-qtbase-5.1.1-5.fc19 rubygems-2.0.10-106.fc19 shotwell-0.14.1-1.fc19.1 tigervnc-1.3.0-7.fc19 virt-manager-0.10.0-2.fc19 virt-manager-0.10.0-3.fc19 vpnc-0.5.3-18.svn457.fc19 wireshark-1.10.2-6.fc19 xyzsh-1.5.1-1.fc19 youtube-dl-2013.09.24.2-1.fc19 yum-langpacks-0.4.1-2.fc19 Details about builds: ================================================================================ NetworkManager-0.9.8.2-9.git20130709.fc19 (FEDORA-2013-17625) Network connection manager and user applications -------------------------------------------------------------------------------- Update Information: Re-enables NetworkManager-dispatcher, which the F18->F19 update accidentally disabled -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Dan Winship <danw@xxxxxxxxxx> - 0.9.8.2-9.git20130709 - workaround for dispatcher getting disabled on upgrade (#974811) -------------------------------------------------------------------------------- References: [ 1 ] Bug #974811 - NetworkManager dispatchers dbus services misconfiguration https://bugzilla.redhat.com/show_bug.cgi?id=974811 -------------------------------------------------------------------------------- ================================================================================ cronie-1.4.10-6.fc19 (FEDORA-2013-17640) Cron daemon for executing programs at set times -------------------------------------------------------------------------------- Update Information: Cron jobs sometimes don't run e.g. when environment is using XDG_RUNTIME_DIR. Cron daemon unit file should use KillMode=process to kill dependent processes. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Marcela Mašláňová <mmaslano@xxxxxxxxxx> - 1.4.10-6 - some jobs are not executed because not all environment variables are set. rhbz#995590 - cronies systemd script use KillMode=process. rhbz#919290 -------------------------------------------------------------------------------- References: [ 1 ] Bug #919290 - should cronie's systemd script use "KillMode=process"? https://bugzilla.redhat.com/show_bug.cgi?id=919290 [ 2 ] Bug #995590 - Cron job runs, but doesn't do anything https://bugzilla.redhat.com/show_bug.cgi?id=995590 -------------------------------------------------------------------------------- ================================================================================ git-cola-1.8.5-1.fc19 (FEDORA-2013-17638) A sleek and powerful git GUI -------------------------------------------------------------------------------- Update Information: Let's terminate bugs. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Christopher Meng <rpm@xxxxxxxx> - 1.8.5-1 - Update to 1.8.5(BZ#1011796) with fix for BZ#886826. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1011796 - git-cola-1.8.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1011796 [ 2 ] Bug #886826 - [abrt] git-cola-1.8.0-1.fc18: decorators.py:84:interruptable:OSError: [Errno 2] No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=886826 -------------------------------------------------------------------------------- ================================================================================ glm-0.9.4.6-2.fc19 (FEDORA-2013-17664) C++ mathematics library for graphics programming -------------------------------------------------------------------------------- Update Information: This update fixes bugs that were fixed upstream -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Joonas Sarajärvi <muep@xxxxxx> - 0.9.4.6-2 - Fix building on ARM * Tue Sep 24 2013 Joonas Sarajärvi <muep@xxxxxx> - 0.9.4.6-1 - Update to upstream GLM version 0.9.4.6 - Bug fixes * Tue Aug 20 2013 Joonas Sarajärvi <muep@xxxxxx> - 0.9.4.5-1 - Update to upstream GLM version 0.9.4.5 - Bug fixes * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.4.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sat Jul 6 2013 Joonas Sarajärvi <muep@xxxxxx> - 0.9.4.4-1 - Update to upstream GLM version 0.9.4.4 - Bug fixes -------------------------------------------------------------------------------- ================================================================================ graphite-web-0.9.12-3.fc19 (FEDORA-2013-17632) A Django webapp for enterprise scalable realtime graphing -------------------------------------------------------------------------------- Update Information: Tested against ami-05355a6c. Don't ship js/ext/resources/*.swf (RHBZ#1000253) Don't ship js/ext/resources/*.swf (RHBZ#1000253) Don't ship js/ext/resources/*.swf (RHBZ#1000253) Don't ship js/ext/resources/*.swf (RHBZ#1000253) -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.9.12-3 - Reorder Requires conditionals to fix amzn1 issues (RHBZ#1007300) - Ensure python-whisper is also updated * Tue Sep 17 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.9.12-2 - Don't ship js/ext/resources/*.swf (RHBZ#1000253) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007300 - Installation on AWS (CentOS) fails https://bugzilla.redhat.com/show_bug.cgi?id=1007300 [ 2 ] Bug #1000253 - graphite-web contains bundled Flash files https://bugzilla.redhat.com/show_bug.cgi?id=1000253 -------------------------------------------------------------------------------- ================================================================================ jetring-0.20-3.fc19 (FEDORA-2013-17598) GPG keyring maintenance using changesets -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009996 - Review Request: jetring - GPG keyring maintenance using changesets https://bugzilla.redhat.com/show_bug.cgi?id=1009996 -------------------------------------------------------------------------------- ================================================================================ keyrings-filesystem-1-1.fc19 (FEDORA-2013-17600) Keyrings filesystem layout -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1010857 - Review Request: keyrings-filesystem - Keyrings filesystem layout https://bugzilla.redhat.com/show_bug.cgi?id=1010857 -------------------------------------------------------------------------------- ================================================================================ libuv-0.10.17-1.fc19 (FEDORA-2013-17619) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: 2013.09.24, node.js Version 0.10.19 (Stable) * readline: handle input starting with control chars (Eric Schrock) * configure: add mips-float-abi (soft, hard) option (Andrei Sedoi) * stream: objectMode transforms allow falsey values (isaacs) * tls: prevent duplicate values returned from read (Nathan Rajlich) * tls: NPN protocols are now local to connections (Fedor Indutny) 2013.09.25, libuv Version 0.10.17 (Stable) * build: remove GCC_WARN_ABOUT_MISSING_NEWLINE (Ben Noordhuis) * darwin: fix 10.6 build error in fsevents.c (Ben Noordhuis) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:0.10.17-1 - new upstream release 0.10.17 https://github.com/joyent/libuv/blob/v0.10.17/ChangeLog -------------------------------------------------------------------------------- ================================================================================ libvirt-1.0.5.6-2.fc19 (FEDORA-2013-17618) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Fix snapshot restore when VM has disabled usb support (bz #1011520) * Rebased to version 1.0.5.6 * Fix blockjobinfo python API (bz #999077) * CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332) * CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667) * CVE-2013-4291: Supplementary groups handling (bz #1006509, bz #1006511) * CVE-2013-5651: virBitmapParse out-of-bounds (bz #1006493) * Fix virsh change-media with block disk type (bz #951192) * Fix changing VNC listen address (bz #1006697) -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 1.0.5.6-2 - Fix snapshot restore when VM has disabled usb support (bz #1011520) * Fri Sep 20 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 1.0.5.6-1 - Rebased to version 1.0.5.6 - Fix blockjobinfo python API (bz #999077) - CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332) - CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667) - CVE-2013-4291: Supplementary groups handling (bz #1006509, bz #1006511) - CVE-2013-5651: virBitmapParse out-of-bounds (bz #1006493) - Fix virsh change-media with block disk type (bz #951192) - Fix changing VNC listen address (bz #1006697) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1005332 - CVE-2013-4311 libvirt: insecure calling of polkit https://bugzilla.redhat.com/show_bug.cgi?id=1005332 [ 2 ] Bug #1006173 - CVE-2013-4296 libvirt: invalid free in remoteDispatchDomainMemoryStats https://bugzilla.redhat.com/show_bug.cgi?id=1006173 [ 3 ] Bug #1006509 - CVE-2013-4291 libvirt: supplementary groups not adjusted correctly when parsing label https://bugzilla.redhat.com/show_bug.cgi?id=1006509 [ 4 ] Bug #1006493 - CVE-2013-5651 libvirt: virBitmapParse out-of-bounds read access https://bugzilla.redhat.com/show_bug.cgi?id=1006493 -------------------------------------------------------------------------------- ================================================================================ man-db-2.6.3-7.fc19 (FEDORA-2013-17669) Tools for searching and reading man pages -------------------------------------------------------------------------------- Update Information: This update fixes man crash when running with '-M' option. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Peter Schiffer <pschiffe@xxxxxxxxxx> - 2.6.3-7 - resolves: #986085 fixed crash when running man with -M option -------------------------------------------------------------------------------- References: [ 1 ] Bug #986085 - [abrt] man-db-2.6.3-6.fc19: main: Process /usr/bin/man was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=986085 -------------------------------------------------------------------------------- ================================================================================ mfiler4-1.2.6-1.fc19 (FEDORA-2013-17631) 2 pane file manager with a embedded shell -------------------------------------------------------------------------------- Update Information: New version 1.2.6 is released. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.6-1 - 1.2.6 -------------------------------------------------------------------------------- ================================================================================ munin-2.0.17-6.fc19 (FEDORA-2013-17596) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information: BZ# 989080 Add a missing requirement on crontabs to spec file BZ# 993985: munin possibly affected by F-20 unversioned docdir change Move Net::IP plugins to a subpackage for dep handling -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 D. Johnson <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.17-6 - Move Net::IP plugins to a subpackage for dep handling * Fri Aug 16 2013 D. Johnson <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.17-5 - BZ# 993985: munin possibly affected by F-20 unversioned docdir change * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.17-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Aug 1 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 2.0.17-3 - Perl 5.18 rebuild * Sat Jul 27 2013 Jóhann B. Guðmundsson <johannbg@xxxxxxxxxxxxxxxxx> - 2.0.17-2 - BZ# 989080 Add a missing requirement on crontabs to spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #989080 - Add a missing requirement on crontabs for the cron job to the spec file https://bugzilla.redhat.com/show_bug.cgi?id=989080 [ 2 ] Bug #993985 - munin possibly affected by F-20 unversioned docdir change https://bugzilla.redhat.com/show_bug.cgi?id=993985 -------------------------------------------------------------------------------- ================================================================================ nemo-extensions-1.8.0-0.3.git3e366de.fc19 (FEDORA-2013-17614) Extensions for Nemo -------------------------------------------------------------------------------- Update Information: new -------------------------------------------------------------------------------- ================================================================================ nfs-utils-1.2.8-6.0.fc19 (FEDORA-2013-17196) NFS utilities and supporting clients and daemons for the kernel NFS server -------------------------------------------------------------------------------- Update Information: Updated to latest upstream RC release: nfs-utils-1-2-9-rc6 * Make mountstats Python 3 compatible * Make nfsiostat Python 3 compatible * exportfs: test_export shouldn't use invalid uid/gid * exportfs: Fix the default authentication flavour setting * gssd: don't use tgtname to find our keytab * gssd: fix strncmp bug causing client removals -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Steve Dickson <steved@xxxxxxxxxx> 1.2.8-6.0 - Updated to latest upstream RC release: nfs-utils-1-2-9-rc6 * Wed Sep 18 2013 Steve Dickson <steved@xxxxxxxxxx> 1.2.8-5.0 - Updated to latest upstream RC release: nfs-utils-1-2-9-rc5 * Thu Aug 22 2013 Steve Dickson <steved@xxxxxxxxxx> 1.2.8-4.1 - nfs-utils: fix a number of specfile problems -------------------------------------------------------------------------------- References: [ 1 ] Bug #985325 - Making nfs-utils Python 3 compatible https://bugzilla.redhat.com/show_bug.cgi?id=985325 -------------------------------------------------------------------------------- ================================================================================ nodejs-0.10.19-1.fc19 (FEDORA-2013-17619) JavaScript runtime -------------------------------------------------------------------------------- Update Information: 2013.09.24, node.js Version 0.10.19 (Stable) * readline: handle input starting with control chars (Eric Schrock) * configure: add mips-float-abi (soft, hard) option (Andrei Sedoi) * stream: objectMode transforms allow falsey values (isaacs) * tls: prevent duplicate values returned from read (Nathan Rajlich) * tls: NPN protocols are now local to connections (Fedor Indutny) 2013.09.25, libuv Version 0.10.17 (Stable) * build: remove GCC_WARN_ABOUT_MISSING_NEWLINE (Ben Noordhuis) * darwin: fix 10.6 build error in fsevents.c (Ben Noordhuis) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.19-1 - new upstream release 0.10.19 http://blog.nodejs.org/2013/09/24/node-v0-10-19-stable/ -------------------------------------------------------------------------------- ================================================================================ opensips-1.10.0-1.fc19 (FEDORA-2013-17607) Open Source SIP Server -------------------------------------------------------------------------------- Update Information: - Ver. 1.10.0 - Drop support for Fedora 17 and earlier (still maintain support for EL5) - New external module - rest_client - New external module - xmlrpc_ng (contains mi_xmlrpc_ng) - New internal module - db_cachedb - New internal module - mathops - Disabled new external module - sngtc (requires a proprietary library) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10.0-1 - Ver. 1.10.0 - Drop support for Fedora 17 and earlier (still maintain support for EL5) - New external module - rest_client - New external module - xmlrpc_ng (contains mi_xmlrpc_ng) - New internal module - db_cachedb - New internal module - mathops - Disabled new external module - sngtc (requires a proprietary library) * Fri Sep 6 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.9.1-2 - Proper directory for storing tmpfile -------------------------------------------------------------------------------- ================================================================================ pspp-0.8.1-1.fc19 (FEDORA-2013-17594) A program for statistical analysis of sampled data -------------------------------------------------------------------------------- Update Information: * Ver. 0.8.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 0.8.1-1 - Ver. 0.8.1 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1011394 - pspp-0.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1011394 -------------------------------------------------------------------------------- ================================================================================ python-apsw-3.8.0.r2-1.fc19 (FEDORA-2013-17655) Another Python SQLite Wrapper -------------------------------------------------------------------------------- Update Information: update to 3.8.0.r2 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Marcel Wysocki <maci@xxxxxxxxxx> - 3.8.0.r2-1 - update to 3.8.0-r2 -------------------------------------------------------------------------------- ================================================================================ python-bucky-0.2.6-3.fc19 (FEDORA-2013-17660) CollectD and StatsD adapter for Graphite -------------------------------------------------------------------------------- Update Information: Update requires (RHBZ#953834), adding python-setuptools Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Add dependency on collectd and update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. Update to 0.2.6. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.2.6-3 - Update requires (RHBZ#953834), adding python-setuptools * Thu Sep 19 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.2.6-2 - Update requires (RHBZ#953834) * Tue Sep 17 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.2.6-1 - Update to 0.2.6 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #953834 - missing dependencies python-setuptools collectd https://bugzilla.redhat.com/show_bug.cgi?id=953834 -------------------------------------------------------------------------------- ================================================================================ python-carbon-0.9.12-2.fc19 (FEDORA-2013-17653) Back-end data caching and persistence daemon for Graphite -------------------------------------------------------------------------------- Update Information: Add strict python-whisper Requires (RHBZ#1010432), Don't cleanup user and user data on package remove (RHBZ#1010430) -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Jonathan Steffan <jsteffan@xxxxxxxxxxxxxxxxx> - 0.9.12-2 - Add strict python-whisper Requires (RHBZ#1010432) - Don't cleanup user and user data on package remove (RHBZ#1010430) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1010432 - python-carbon-0.9.12 should require python-whisper >= 0.9.12 https://bugzilla.redhat.com/show_bug.cgi?id=1010432 [ 2 ] Bug #1010430 - python-carbon deletes user-created data on uninstall; shouldn't per packaging guidelines https://bugzilla.redhat.com/show_bug.cgi?id=1010430 -------------------------------------------------------------------------------- ================================================================================ python-llfuse-0.39-1.fc19 (FEDORA-2013-17593) Python Bindings for the low-level FUSE API -------------------------------------------------------------------------------- Update Information: update to version 0.39 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 maci <maci@xxxxxxxxxx> - 0.39-1 - update to 0.39 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.38-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ qemu-1.4.2-10.fc19 (FEDORA-2013-17591) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * Require newer ceph-libs to fix symbol error (bz #995883) -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 2:1.4.2-10 - Require newer ceph-libs to fix symbol error (bz #995883) -------------------------------------------------------------------------------- ================================================================================ qt5-qtbase-5.1.1-5.fc19 (FEDORA-2013-17615) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information: fix big endian builds -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2013 Dan Horák <dan[at]danny.cz> - 5.1.1-5 - fix big endian builds * Wed Sep 11 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.1.1-4 - macros.qt5: use newer location, use unexpanded macros * Sat Sep 7 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.1.1-3 - ExcludeArch: ppc64 ppc (#1005482) * Fri Sep 6 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.1.1-2 - BR: pkgconfig(libudev) pkgconfig(xkbcommon) pkgconfig(xcb-xkb) -------------------------------------------------------------------------------- ================================================================================ rubygems-2.0.10-106.fc19 (FEDORA-2013-17662) The Ruby standard for packaging ruby libraries -------------------------------------------------------------------------------- Update Information: Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as CVE-2013-4363. A packaging bug was found that a directory was not properly owned. This new rpm will fix this issue. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 2.0.10-106 - Update to 2.0.10 (fix for CVE-2013-4363 included) * Mon Sep 23 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 2.0.9-105 - Update to 2.0.9 - Fix %gem_dir/doc ownership (bug 1008866) - Patch for CVE-2013-4363 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1008866 - /usr/share/gems/doc ownership https://bugzilla.redhat.com/show_bug.cgi?id=1008866 -------------------------------------------------------------------------------- ================================================================================ shotwell-0.14.1-1.fc19.1 (FEDORA-2013-17613) A photo organizer for the GNOME desktop -------------------------------------------------------------------------------- Update Information: Add patch fixing the video-thumbnailer (rhbz#986574). Thanks to David Woodhouse. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Thomas Moschny <thomas.moschny@xxxxxx> - 0.14.1-1.1 - Add patch fixing the video-thumbnailer (rhbz#986574), thanks to David Woodhouse. - Fix bogus dates in the %changelog. -------------------------------------------------------------------------------- References: [ 1 ] Bug #986574 - shotwell-video-thumbnailer requests invalid output format; Imported video files have no thumbnail https://bugzilla.redhat.com/show_bug.cgi?id=986574 -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.3.0-7.fc19 (FEDORA-2013-17650) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: This update removes an incorrect patch that caused a modifier key state tracking bug, and also fixes some documentation issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Tim Waugh <twaugh@xxxxxxxxxx> 1.3.0-7 - Removed incorrect patch (for unexpected key_is_down). Fixes stuck keys bug (bug #989502). * Thu Sep 19 2013 Tim Waugh <twaugh@xxxxxxxxxx> 1.3.0-6 - Fixed typo in 10-libvnc.conf (bug #1009111). * Wed Sep 18 2013 Tim Waugh <twaugh@xxxxxxxxxx> 1.3.0-5 - Better fix for PIDFile problem (bug #983232). * Mon Aug 5 2013 Tim Waugh <twaugh@xxxxxxxxxx> 1.3.0-4 - Fixed doc-related build failure (bug #992790). -------------------------------------------------------------------------------- References: [ 1 ] Bug #980870 - Man pages and --help output out of sync https://bugzilla.redhat.com/show_bug.cgi?id=980870 [ 2 ] Bug #989502 - tigervnc 1.3.0-3 sort of freezes when typing a "/" slash key https://bugzilla.redhat.com/show_bug.cgi?id=989502 [ 3 ] Bug #1009111 - Error in config file https://bugzilla.redhat.com/show_bug.cgi?id=1009111 -------------------------------------------------------------------------------- ================================================================================ virt-manager-0.10.0-2.fc19 (FEDORA-2013-17656) Virtual Machine Manager -------------------------------------------------------------------------------- Update Information: * Fix parsing rawhide .treeinfo (bz #989162) * Fix spice with TLS (bz #904295) * Reduce impact of memory leak (bz #972371) -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 24 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 0.10.0-2 - Fix parsing rawhide .treeinfo (bz #989162) - Fix spice with TLS (bz #904295) - Reduce impact of memory leak (bz #972371) -------------------------------------------------------------------------------- References: [ 1 ] Bug #989162 - virt-install fails when pointed at rawhide tree (invalid literal for int() with base 10: 'rawhide') https://bugzilla.redhat.com/show_bug.cgi?id=989162 [ 2 ] Bug #904295 - virt-manager console doesn't connect to SPICE with TLS https://bugzilla.redhat.com/show_bug.cgi?id=904295 [ 3 ] Bug #972371 - f19 virt-manager consistently leaks memory ( > 1GB in 12 hours) https://bugzilla.redhat.com/show_bug.cgi?id=972371 -------------------------------------------------------------------------------- ================================================================================ virt-manager-0.10.0-3.fc19 (FEDORA-2013-17599) Virtual Machine Manager -------------------------------------------------------------------------------- Update Information: * Make cache=default when adding new disk to existing VM (bz #976925) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 0.10.0-3 - Make cache=default when adding new disk to existing VM (bz #976925) * Tue Sep 24 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 0.10.0-2 - Fix parsing rawhide .treeinfo (bz #989162) - Fix spice with TLS (bz #904295) - Reduce impact of memory leak (bz #972371) -------------------------------------------------------------------------------- References: [ 1 ] Bug #976925 - Guest cannot boot if an IDE CDROM device has cache mode set to 'none' https://bugzilla.redhat.com/show_bug.cgi?id=976925 -------------------------------------------------------------------------------- ================================================================================ vpnc-0.5.3-18.svn457.fc19 (FEDORA-2013-17610) IPSec VPN client compatible with Cisco equipment -------------------------------------------------------------------------------- Update Information: Added support for unbound -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 23 2013 Paul Wouters <pwouters@xxxxxxxxxx> - 0.5.3-18.svn457 - Add support for dynamically reconfiguring unbound DNS (rhbz#865092) -------------------------------------------------------------------------------- References: [ 1 ] Bug #865092 - Patch: Add support for unbound to vpnc-script https://bugzilla.redhat.com/show_bug.cgi?id=865092 -------------------------------------------------------------------------------- ================================================================================ wireshark-1.10.2-6.fc19 (FEDORA-2013-17661) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: dumpcap now stores temporary capture files in /var/tmp * Convert automake/pkgconfig files into patches (better upstream integration) * Restored category in the *.desktop file * Install another one necessary header file - frame_data_sequence.h * Add basic OpenFlow dissector * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Enhance desktop integration (*.desktop and MIME-related files) * Add basic OpenFlow dissector * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Enhance desktop integration (*.desktop and MIME-related files) * Add basic OpenFlow dissector * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Ver. 1.10.2 * Ver. 1.10.1 fix missing ws_symbol_export.h * Ver. 1.10.2 * Various security fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 17 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.2-6 - move default temporary directory to /var/tmp -------------------------------------------------------------------------------- References: [ 1 ] Bug #990155 - CVE-2013-4920 wireshark: DoS (application crash) in the P1 dissector (wnpa-sec-2013-42) https://bugzilla.redhat.com/show_bug.cgi?id=990155 [ 2 ] Bug #990156 - CVE-2013-4921 wireshark: Off-by-one (application crash) in the Radiotap dissector (wnpa-sec-2013-43) https://bugzilla.redhat.com/show_bug.cgi?id=990156 [ 3 ] Bug #990157 - CVE-2013-4922 wireshark: Double-free in the DCOM ISystemActivator dissector (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990157 [ 4 ] Bug #990160 - CVE-2013-4923 wireshark: Memory leak (DoS, memory consumption) in the DCOM ISystemActivator dissector (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990160 [ 5 ] Bug #990163 - CVE-2013-4924 wireshark: Assertion failure in the DCOM ISystemActivator dissector (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990163 [ 6 ] Bug #990164 - CVE-2013-4925 wireshark: Integer signedness error in the DCOM ISystemActivator dissector (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990164 [ 7 ] Bug #990165 - CVE-2013-4926 wireshark: DoS in the DCOM ISystemActivator dissector due improper remaining data to process presence check (wnpa-sec-2013-44) https://bugzilla.redhat.com/show_bug.cgi?id=990165 [ 8 ] Bug #990166 - CVE-2013-4927 wireshark: Integer signedness error in the Bluetooth SDP dissector (wnpa-sec-2013-45) https://bugzilla.redhat.com/show_bug.cgi?id=990166 [ 9 ] Bug #972679 - CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32) https://bugzilla.redhat.com/show_bug.cgi?id=972679 [ 10 ] Bug #972680 - CVE-2013-4075 wireshark: DoS (crash) in the GMR-1 BCCH dissector (wnpa-sec-2013-33) https://bugzilla.redhat.com/show_bug.cgi?id=972680 [ 11 ] Bug #972681 - CVE-2013-4076 wireshark: Invalid free in the PPP dissector (wnpa-sec-2013-34) https://bugzilla.redhat.com/show_bug.cgi?id=972681 [ 12 ] Bug #972682 - CVE-2013-4077 wireshark: Array index error in the NBAP dissector (wnpa-sec-2013-35) https://bugzilla.redhat.com/show_bug.cgi?id=972682 [ 13 ] Bug #972683 - CVE-2013-4078 wireshark: DoS (infinite loop) in the RDP dissector (wnpa-sec-2013-36) https://bugzilla.redhat.com/show_bug.cgi?id=972683 [ 14 ] Bug #972684 - CVE-2013-4079 wireshark: DoS (infinite loop, application hang) in the GSM CBCH dissector (wnpa-sec-2013-37) https://bugzilla.redhat.com/show_bug.cgi?id=972684 [ 15 ] Bug #972685 - CVE-2013-4080 wireshark: DoS (infinite loop, CPU & memory consumption) in the Assa Abloy R3 dissector (wnpa-sec-2013-38) https://bugzilla.redhat.com/show_bug.cgi?id=972685 [ 16 ] Bug #972686 - CVE-2013-4081 wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39) https://bugzilla.redhat.com/show_bug.cgi?id=972686 [ 17 ] Bug #972687 - CVE-2013-4082 wireshark: Heap-based buffer overflow in the Ixia IxVeriWave file parser (wnpa-sec-2013-40) https://bugzilla.redhat.com/show_bug.cgi?id=972687 [ 18 ] Bug #972688 - CVE-2013-4083 wireshark: Invalid free in the DCP ETSI dissector (wnpa-sec-2013-41) https://bugzilla.redhat.com/show_bug.cgi?id=972688 [ 19 ] Bug #990167 - CVE-2013-4928 wireshark: Integer signedness error in the Bluetooth OBEX dissector (wnpa-sec-2013-46) https://bugzilla.redhat.com/show_bug.cgi?id=990167 [ 20 ] Bug #990168 - CVE-2013-4929 wireshark: DoS (infinite loop) in the DIS dissector (wnpa-sec-2013-47) https://bugzilla.redhat.com/show_bug.cgi?id=990168 [ 21 ] Bug #990169 - CVE-2013-4930 wireshark: Assertion failure in the DVB-CI dissector (wnpa-sec-2013-48) https://bugzilla.redhat.com/show_bug.cgi?id=990169 [ 22 ] Bug #990170 - CVE-2013-4931 wireshark: DoS (infinite loop) in the GSM RR dissector (wnpa-sec-2013-49) https://bugzilla.redhat.com/show_bug.cgi?id=990170 [ 23 ] Bug #990172 - CVE-2013-4932 wireshark: Multiple array index errors in the GSM A Common dissector (wnpa-sec-2013-50) https://bugzilla.redhat.com/show_bug.cgi?id=990172 [ 24 ] Bug #990175 - CVE-2013-4933 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) https://bugzilla.redhat.com/show_bug.cgi?id=990175 [ 25 ] Bug #990178 - CVE-2013-4934 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) (A different flaw than CVE-2013-4933) https://bugzilla.redhat.com/show_bug.cgi?id=990178 [ 26 ] Bug #990179 - CVE-2013-4935 wireshark: DoS (application crash) in the ASN.1 PER dissector (wnpa-sec-2013-52) https://bugzilla.redhat.com/show_bug.cgi?id=990179 [ 27 ] Bug #965111 - wireshark: DoS (infinite loop) in the MySQL dissector (wnpa-sec-2013-30, upstream #8458) https://bugzilla.redhat.com/show_bug.cgi?id=965111 [ 28 ] Bug #965190 - CVE-2013-3559 wireshark: DoS (crash) in the DCP ETSI dissector (wnpa-sec-2013-27, upstream #8231, #8540, #8541) https://bugzilla.redhat.com/show_bug.cgi?id=965190 [ 29 ] Bug #965192 - CVE-2013-3558 wireshark: DoS (crash) in the PPP CCP dissector (wnpa-sec-2013-26, upstream #8638) https://bugzilla.redhat.com/show_bug.cgi?id=965192 [ 30 ] Bug #965193 - CVE-2013-3557 wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599) https://bugzilla.redhat.com/show_bug.cgi?id=965193 [ 31 ] Bug #965194 - CVE-2013-3555 wireshark: DoS (crash) in the GTPv2 dissector (wnpa-sec-2013-24, upstream #8493) https://bugzilla.redhat.com/show_bug.cgi?id=965194 [ 32 ] Bug #965195 - wireshark: DoS (excessive CPU consumption) in the RELOAD dissector (wnpa-sec-2013-23, upstream #8362, #8546) https://bugzilla.redhat.com/show_bug.cgi?id=965195 [ 33 ] Bug #965110 - wireshark: DoS (large loop) in the ETCH dissector (wnpa-sec-2013-31, upstream #8464) https://bugzilla.redhat.com/show_bug.cgi?id=965110 [ 34 ] Bug #965112 - CVE-2013-3562 wireshark: DoS (stack overflow, crash) in the Websocket dissector (wnpa-sec-2013-29, upstream #8448, #8499) https://bugzilla.redhat.com/show_bug.cgi?id=965112 [ 35 ] Bug #965186 - CVE-2013-3560 wireshark: DoS (crash) in the MPEG DSM-CC dissector (wnpa-sec-2013-28, upstream #8481) https://bugzilla.redhat.com/show_bug.cgi?id=965186 -------------------------------------------------------------------------------- ================================================================================ xyzsh-1.5.1-1.fc19 (FEDORA-2013-17623) Interactive shell and text processing tool -------------------------------------------------------------------------------- Update Information: New version 1.5.1 is released. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.5.1-1 - 1.5.1 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2013.09.24.2-1.fc19 (FEDORA-2013-17663) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: New version. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.09.24.2-1 - Update to new release(BZ#1011845). * Sat Sep 21 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.09.20.1-1 - Update to new release(BZ#1009593). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1011845 - youtube-dl-2013.09.24.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1011845 -------------------------------------------------------------------------------- ================================================================================ yum-langpacks-0.4.1-2.fc19 (FEDORA-2013-17633) Langpacks plugin for yum -------------------------------------------------------------------------------- Update Information: Fix issue of yum-langpacks commands that slows down yum runs -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2013 Parag Nemade <pnemade AT redhat DOT com> - 0.4.1-2 - Fix issue of yum-langpacks commands that slows down yum runs (rh#1011670) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1011670 - [PATCH] yum-langpackages slows down yum runs a lot, due to langtable and loading groups. https://bugzilla.redhat.com/show_bug.cgi?id=1011670 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
