The following Fedora 19 Security updates need testing: Age URL 57 https://admin.fedoraproject.org/updates/FEDORA-2013-14814/python-glanceclient-0.9.0-3.fc19 22 https://admin.fedoraproject.org/updates/FEDORA-2013-17121/vino-3.8.1-3.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2013-17836/davfs2-1.4.7-3.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2013-17925/fedmsg-0.7.1-2.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-18228/polarssl-1.2.9-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-18404/elinks-0.12-0.35.pre6.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-18378/xen-4.2.3-3.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-18351/zabbix-2.0.8-3.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-18493/qemu-1.4.2-12.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-18593/dropbear-2013.59-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-18638/mod_fcgid-2.3.9-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18794/phpMyAdmin-3.5.8.2-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18807/gnupg2-2.0.22-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18808/libtar-1.2.11-26.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18771/icu-50.1.2-9.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18931/ReviewBoard-1.7.15-1.fc19,python-djblets-0.7.20-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 9 https://admin.fedoraproject.org/updates/FEDORA-2013-18128/createrepo-0.9.9-23.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-18369/keyutils-1.5.8-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-18357/ibus-1.5.4-2.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-18603/libxklavier-5.4-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-18619/cpio-2.11-21.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-18639/python-2.7.5-8.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-18677/gnome-online-accounts-3.8.4.1-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2013-18596/langtable-0.0.16-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18935/gtk2-2.24.22-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18936/curl-7.29.0-12.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18910/cups-1.6.4-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18924/gnome-abrt-0.3.2-1.fc19,abrt-2.1.8-1.fc19,libreport-2.1.8-1.fc19,satyr-0.10-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18906/gtk3-3.8.5-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18797/usbmuxd-1.0.8-10.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18808/libtar-1.2.11-26.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18807/gnupg2-2.0.22-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-18771/icu-50.1.2-9.fc19 The following builds have been pushed to Fedora 19 updates-testing 389-ds-base-1.3.1.12-1.fc19 Judy-1.0.5-7.fc19 ReviewBoard-1.7.15-1.fc19 abrt-2.1.8-1.fc19 cifs-utils-6.2-3.fc19 cups-1.6.4-2.fc19 curl-7.29.0-12.fc19 derby-10.9.1.0-5.fc19 dwm-6.0-7.fc19 eclipse-mylyn-3.9.1-3.fc19 firmware-tools-2.1.15-1.fc19.6 geary-0.4.0-1.fc19 gnome-abrt-0.3.2-1.fc19 gtk2-2.24.22-1.fc19 gtk3-3.8.5-1.fc19 guacamole-client-0.8.3-4.fc19 ibus-typing-booster-1.2.5-1.fc19 kate-plugin-cpphelper-0.9.6-1.fc19 libreport-2.1.8-1.fc19 nodejs-node-static-0.7.1-2.fc19 perl-PAR-Packer-1.015-1.fc19 perl-Term-ShellUI-0.92-2.fc19 python-djblets-0.7.20-1.fc19 python-flask-restless-0.12.0-1.fc19 rubygem-capillary-1.0.3-3.fc19 satyr-0.10-1.fc19 timeline-0.20.0-3.fc19 trafficserver-3.2.5-4.fc19 transifex-client-0.9-4.fc19 Details about builds: ================================================================================ 389-ds-base-1.3.1.12-1.fc19 (FEDORA-2013-18914) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: 389-ds-base-1.3.1.12 release - several bug fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 10 2013 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.1.12-1 - release 1.3.1.12 - Ticket 47513 - tmpfiles.d references /var/lock when they should reference /run/loc - Ticket 47551 - logconv: -V does not produce unindexed search report - Ticket 53 - Need to update supported locales - Ticket 47517 - memory leak in range searches and other various leaks - Ticket 53 - Need to update supported locales Cleaning up typos and format. - Ticket 53 - Need to update supported locales - Ticket 47522 - Password adminstrators should be able to voilate password policy - Ticket 54 - locale "nl" not supported by collation plugin - Ticket 47543 - Mozldap - fix compiler warnings - Coverity fixes - 12023, 12024, and 12025 - Ticket 47533 - logconv: some stats do not work across server restarts - Ticket 47501 - logconv.pl uses /var/tmp for BDB temp files - Ticket 47520 - Fix various issues with logconv.pl - Ticket 47387 - improve logconv.pl performance with large access logs - Ticket 47387 - improve logconv.pl performance with large access logs - Ticket 47354 - Indexed search are logged with 'notes=U' in the access logs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1008306 - tmpfiles.d references /var/lock when they should reference /run/lock https://bugzilla.redhat.com/show_bug.cgi?id=1008306 -------------------------------------------------------------------------------- ================================================================================ Judy-1.0.5-7.fc19 (FEDORA-2013-18927) General purpose dynamic array -------------------------------------------------------------------------------- Update Information: This package is rebuilt with a working gcc; the previous version could segfault as a result of a bug in the compiler it was built with. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1017338 - Segfault in large bitset array https://bugzilla.redhat.com/show_bug.cgi?id=1017338 -------------------------------------------------------------------------------- ================================================================================ ReviewBoard-1.7.15-1.fc19 (FEDORA-2013-18931) Web-based code review tool -------------------------------------------------------------------------------- Update Information: Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible). These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase. There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 10 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.7.15-1 - New upstream security release 1.7.15 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15/ - Resolves: CVE-2013-4410 - Fixes access-control problems with REST API - Resolves: CVE-2013-4411 - Fixes URL processing allowing unauthorized users to view review lists -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with REST API https://bugzilla.redhat.com/show_bug.cgi?id=1016596 [ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows unauthorized users to view review lists https://bugzilla.redhat.com/show_bug.cgi?id=1016599 [ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1016601 -------------------------------------------------------------------------------- ================================================================================ abrt-2.1.8-1.fc19 (FEDORA-2013-18924) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: This update includes a new upstream release which fixes the bugs listed. You can find other changes in the upstream description at: - https://github.com/abrt/satyr/blob/master/NEWS - https://github.com/abrt/abrt/commit/7dcfd2a024d2d65695e20d0cefd257d091272f66#diff-1e807c90d5bf1222db586f4a8f0a6de1R804 - https://github.com/abrt/libreport/commit/a75dcd1d30c99b751ba38eed1714d89053595687#diff-71a31a3e297ea003eaf1b3a5ac3e9457R575 - https://github.com/abrt/gnome-abrt/commit/7280edf171e1952132ba91e12f6f3f3030de9e85#diff-c3189e78ca44c8f42b1bd5a965e340c2R103 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Jakub Filak <jfilak@xxxxxxxxxx> 2.1.8-1 - Disassemble only instruction rage memory if backtrace is too big - Include floating-point registers in the backtrace - spec: make addon-ccpp dependent on libreport-python - polkit: replace deprecated functions with their subtitues - retrace-client: query CCpp exploitable information from Retrace server; closes #703 - GUI config: add support for Private ticket option - a-a-ureport: handle os errors gracefully rhbz#998428 rhbz#998197 - add prefix from configure to the path of debuginfo installer - closes #701 - spec: added deps on abrt-python - closes rhbz#1008182 - spec: remove abrt-dedup-client; closes #702 - remove abrt-dedup-client; related to #702 - abrt-*-client: simplify formatting of locale-related headers - Resolves: #998197, #1008125 -------------------------------------------------------------------------------- References: [ 1 ] Bug #998197 - [abrt] abrt-2.1.6-3.fc19: os.py:531:_spawnvef:OSError: [Errno 11] Risorsa temporaneamente non disponibile https://bugzilla.redhat.com/show_bug.cgi?id=998197 [ 2 ] Bug #1008125 - Review highlighted tabs for sensitive information : highlight can't be seen. https://bugzilla.redhat.com/show_bug.cgi?id=1008125 [ 3 ] Bug #1014085 - 100% cpu use while generating backtrace on retrace server https://bugzilla.redhat.com/show_bug.cgi?id=1014085 -------------------------------------------------------------------------------- ================================================================================ cifs-utils-6.2-3.fc19 (FEDORA-2013-18506) Utilities for mounting and managing CIFS mounts -------------------------------------------------------------------------------- Update Information: This updates the cifs-utils package to the latest upstream release and fixes a number of bugs reported by Coverity scans. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Jeff Layton <jlayton@xxxxxxxxxx> 6.2-3 - fixes for bugs reported by coverity: - update bad bit shift patch with one that patches getcifsacl.c too - remove some dead code from getcifsacl.c, asn1.c, and data_blob.c - fix bad handling of allocated memory in del_mtab in mount.cifs.c * Wed Oct 9 2013 Jeff Layton <jlayton@xxxxxxxxxx> 6.2-2 - fix bad bit shift in setcifsacl.c * Fri Oct 4 2013 Jeff Layton <jlayton@xxxxxxxxxx> 6.2-1 - update to 6.2 release * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 6.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ cups-1.6.4-2.fc19 (FEDORA-2013-18910) CUPS printing system -------------------------------------------------------------------------------- Update Information: Several bugs have been fixed including one that prevented remote printing from working correctly. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 27 2013 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.6.4-2 - Reverted upstream change to FINAL_CONTENT_TYPE in order to fix printing to remote CUPS servers (bug #1010580). * Wed Sep 25 2013 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.6.4-1 - 1.6.4. * Wed Aug 21 2013 Jaromír Končický <jkoncick@xxxxxxxxxx> - 1:1.6.3-8 - Add SyncOnClose option (bug #984883). * Fri Aug 16 2013 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.6.3-7 - Increase web interface get-devices timeout to 10s (bug #996664). * Thu Aug 15 2013 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.6.3-6 - Build with full read-only relocations (bug #996740). * Tue Aug 6 2013 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.6.3-5 - Fixes for jobs with multiple files and multiple formats. -------------------------------------------------------------------------------- References: [ 1 ] Bug #996740 - no Full RELRO https://bugzilla.redhat.com/show_bug.cgi?id=996740 [ 2 ] Bug #996664 - web interface for 'add printer' does not allow backend enough time for discovery https://bugzilla.redhat.com/show_bug.cgi?id=996664 [ 3 ] Bug #984883 - printers.conf frequently gets truncated to zero length after unclean shutdowns https://bugzilla.redhat.com/show_bug.cgi?id=984883 [ 4 ] Bug #1010580 - Remote printing doesn't work - prnt/hpcups/HPCupsFilter.cpp 542: cupsRasterOpen failed, fd = 6 https://bugzilla.redhat.com/show_bug.cgi?id=1010580 -------------------------------------------------------------------------------- ================================================================================ curl-7.29.0-12.fc19 (FEDORA-2013-18936) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - do not limit the speed of SCP upload on a fast connection -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Kamil Dudka <kdudka@xxxxxxxxxx> 7.29.0-12 - do not limit the speed of SCP upload on a fast connection -------------------------------------------------------------------------------- ================================================================================ derby-10.9.1.0-5.fc19 (FEDORA-2013-18922) Relational database implemented entirely in Java -------------------------------------------------------------------------------- Update Information: Add more classes to derbynet.jar (#830661) -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Michal Srb <msrb@xxxxxxxxxx> - 10.9.1.0-5 - Add more classes to derbynet.jar (related to #830661) - Create and own derby home dir - Simplify systemd service file a bit * Mon Aug 12 2013 Mat Booth <fedora@xxxxxxxxxxxxxx> - 10.9.1.0-4 - Fix FTBFS rhbz #992123 - Update servlet BR - Add missing BR on systemd-units - Drop versioned jars - Remove use of deprecated add_to_maven_depmap macro * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 10.9.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #830661 - derby network server fails to load: main class not found https://bugzilla.redhat.com/show_bug.cgi?id=830661 -------------------------------------------------------------------------------- ================================================================================ dwm-6.0-7.fc19 (FEDORA-2013-18915) Dynamic window manager for X -------------------------------------------------------------------------------- Update Information: Apply custom patches in the right order. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Petr Šabata <contyk@xxxxxxxxxx> - 6.0-7 - Sort the discovered patches before applying (#1017774) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 6.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1017774 - Order in which patches are applied https://bugzilla.redhat.com/show_bug.cgi?id=1017774 -------------------------------------------------------------------------------- ================================================================================ eclipse-mylyn-3.9.1-3.fc19 (FEDORA-2013-18913) Eclipse Mylyn main feature. -------------------------------------------------------------------------------- Update Information: Fix Red Hat bugzilla edition. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Krzysztof Daniel <kdaniel@xxxxxxxxxx> 3.9.1-3 - Include fix for Eclipse bug 419133. -------------------------------------------------------------------------------- ================================================================================ firmware-tools-2.1.15-1.fc19.6 (FEDORA-2013-18921) Scripts and tools to manage firmware and BIOS updates -------------------------------------------------------------------------------- Update Information: Commented out the import of gnome.ui module, which is resulting in crashes. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 10 2013 Praveen K Paladugu <praveen_paladugu@xxxxxxxx> - 2.1.15-1.6 - Removed the gnome-python2-gnome dependency - Commented out the import of gnome.ui module as it is not used. -------------------------------------------------------------------------------- References: [ 1 ] Bug #997577 - [abrt] firmware-tools-2.1.15-1.fc19.4: inventory_firmware_gui:22:<module>:ImportError: No module named gnome.ui https://bugzilla.redhat.com/show_bug.cgi?id=997577 -------------------------------------------------------------------------------- ================================================================================ geary-0.4.0-1.fc19 (FEDORA-2013-18925) A lightweight email program designed around conversations -------------------------------------------------------------------------------- Update Information: Update to the latest stable release of Geary: This release includes many enhancements: * Per-account full text search * Automatic save to draft * Refreshed user interface * Per-folder unread email count * Experimental support for Outlook.com * Enhanced “show external images” preference * Find bar for locating text within a conversation (Ctrl+F) * Improved handling of attachments * Malicious link checker * Passwords stored with libsecret instead of GNOME Keyring * Hundreds of bugs fixed and small improvements -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 9 2013 Thomas Moschny <thomas.moschny@xxxxxx> - 0.4.0-1 - Update to 0.4.0. - Drop patch applied upstream. - Update build requirements. - Include appdata file. * Sat Aug 17 2013 Thomas Moschny <thomas.moschny@xxxxxx> - 0.3.1-3 - Fix FTBFS with WebKitGTK+ 2.1 (rhbz#992326). * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ gnome-abrt-0.3.2-1.fc19 (FEDORA-2013-18924) A utility for viewing problems that have occurred with the system -------------------------------------------------------------------------------- Update Information: This update includes a new upstream release which fixes the bugs listed. You can find other changes in the upstream description at: - https://github.com/abrt/satyr/blob/master/NEWS - https://github.com/abrt/abrt/commit/7dcfd2a024d2d65695e20d0cefd257d091272f66#diff-1e807c90d5bf1222db586f4a8f0a6de1R804 - https://github.com/abrt/libreport/commit/a75dcd1d30c99b751ba38eed1714d89053595687#diff-71a31a3e297ea003eaf1b3a5ac3e9457R575 - https://github.com/abrt/gnome-abrt/commit/7280edf171e1952132ba91e12f6f3f3030de9e85#diff-c3189e78ca44c8f42b1bd5a965e340c2R103 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Jakub Filak <jfilak@xxxxxxxxxx> 0.3.2-1 - Fix a bug in SIGCHLD handler causing 100% CPU usage - Show "yes" in Reported field only if no URL is available - Load only the most recent reported to value - Check if Application has valid name in filter fn - Fix issues found by new pylint - Resolves: #1014085 -------------------------------------------------------------------------------- References: [ 1 ] Bug #998197 - [abrt] abrt-2.1.6-3.fc19: os.py:531:_spawnvef:OSError: [Errno 11] Risorsa temporaneamente non disponibile https://bugzilla.redhat.com/show_bug.cgi?id=998197 [ 2 ] Bug #1008125 - Review highlighted tabs for sensitive information : highlight can't be seen. https://bugzilla.redhat.com/show_bug.cgi?id=1008125 [ 3 ] Bug #1014085 - 100% cpu use while generating backtrace on retrace server https://bugzilla.redhat.com/show_bug.cgi?id=1014085 -------------------------------------------------------------------------------- ================================================================================ gtk2-2.24.22-1.fc19 (FEDORA-2013-18935) The GIMP ToolKit (GTK+), a library for creating GUIs for X -------------------------------------------------------------------------------- Update Information: This is a bug-fix release in the 2.24 series. It fixes a number of bugs, but most notably, this update changes the handling of the immodule cache to be in sync with GTK+ 3. The cache file is no longer in /etc, but instead gets written to libdir. This solves multilib complications, and has already been tested in F20 and rawhide, but since it represents a considerable change, careful testing is advised, in particular if you are using input methods with GTK+ 2 applications. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Matthias Clasen <mclasen@xxxxxxxxxx> - 2.24.22-1 - Update to 2.24.22 - Make immodule cache handling the same as in gtk3. The cache file is now in $libdir, no longer in /etc -------------------------------------------------------------------------------- ================================================================================ gtk3-3.8.5-1.fc19 (FEDORA-2013-18906) The GIMP ToolKit (GTK+), a library for creating GUIs for X -------------------------------------------------------------------------------- Update Information: A bug-fix release in the 3.8 series. From the upstream announcement: * 339539 Ctrl-C, Ctrl-V changes tags * 341146 reorder lines in configure.in for a better display * 513812 Optimize gdk_cairo_set_source_pixbuf() alpha multipli... * 586107 gtkprintbackendpapi.c does not compile on Solaris 10 * 696756 x11: gdk_device_get_source : assertion `GDK_IS_DEVICE... * 703062 GtkTreeViewColumn returns negative size request on em... * 706269 Clarify GtkBox, GtkHBox, and GtkVBox documentation * 706345 GtkExpander's click-and-drag behavior should match th... * 707872 GtkSwitch shouldn't have a default name * 707926 GtkSwitch shouldn't have a default accessible description * 708414 entrycompletion: set the GtkWindow as attached to the... * 709056 icontheme: use g_file_load_contents() for symbolic icons * 709264 Fix memory leaks in icons handling -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 10 2013 Matthias Clasen <mclasen@xxxxxxxxxx> - 3.8.5-1 - Update to 3.8.5 -------------------------------------------------------------------------------- ================================================================================ guacamole-client-0.8.3-4.fc19 (FEDORA-2013-18917) Server-side Java components that form the Guacamole application -------------------------------------------------------------------------------- Update Information: Put more strict permissions on config files. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Simone Caronni <negativo17@xxxxxxxxx> - 0.8.3-4 - Tighten permissions on user-mapping.xml. -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-1.2.5-1.fc19 (FEDORA-2013-18907) A typing booster engine for the IBus platform -------------------------------------------------------------------------------- Update Information: Add an option to display help for input methods; Some code cleanup -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.2.5-1 - Add feature to display input method description to setup tool (Resolves: rhbz#1001581) - Remove the options “m17n_mim_name” and “other_ime” from the .conf files - remove tab_enable option from config files * Tue Oct 1 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.2.4-3 - Resolves: rhbz#1013992 ibus-typing-booster needs to have ibus write-cache --system in %post and %postun * Mon Sep 30 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.2.4-2 - remove superfluous line break in changelog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1001581 - Help text not available https://bugzilla.redhat.com/show_bug.cgi?id=1001581 -------------------------------------------------------------------------------- ================================================================================ kate-plugin-cpphelper-0.9.6-1.fc19 (FEDORA-2013-18926) Plugin for Kate to simplify C/C++ programming -------------------------------------------------------------------------------- Update Information: New upstream version, fix for bug #1017355 (Segmentation fault on opening configuration) -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 10 2013 Mario Blättermann <mariobl@xxxxxxxxxxxxxxxxx> - 0.9.6-1 - New upstream version, fixes bug #1017355 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1017355 - Segmentation fault on opening configuration https://bugzilla.redhat.com/show_bug.cgi?id=1017355 -------------------------------------------------------------------------------- ================================================================================ libreport-2.1.8-1.fc19 (FEDORA-2013-18924) Generic library for reporting various problems -------------------------------------------------------------------------------- Update Information: This update includes a new upstream release which fixes the bugs listed. You can find other changes in the upstream description at: - https://github.com/abrt/satyr/blob/master/NEWS - https://github.com/abrt/abrt/commit/7dcfd2a024d2d65695e20d0cefd257d091272f66#diff-1e807c90d5bf1222db586f4a8f0a6de1R804 - https://github.com/abrt/libreport/commit/a75dcd1d30c99b751ba38eed1714d89053595687#diff-71a31a3e297ea003eaf1b3a5ac3e9457R575 - https://github.com/abrt/gnome-abrt/commit/7280edf171e1952132ba91e12f6f3f3030de9e85#diff-c3189e78ca44c8f42b1bd5a965e340c2R103 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 4 2013 Jakub Filak <jfilak@xxxxxxxxxx> 2.1.8-1 - disable rhel/fedora workflows for anaconda - added whitelist for sensitive data - rhbz#1009730 rhbz#896246 - ureport: always add BTHASH link to a report - reprot-gtk: underline tab titles with sensitive information - introduce FILENAME_EXPLOITABLE; related to abrt/abrt#703 -------------------------------------------------------------------------------- References: [ 1 ] Bug #998197 - [abrt] abrt-2.1.6-3.fc19: os.py:531:_spawnvef:OSError: [Errno 11] Risorsa temporaneamente non disponibile https://bugzilla.redhat.com/show_bug.cgi?id=998197 [ 2 ] Bug #1008125 - Review highlighted tabs for sensitive information : highlight can't be seen. https://bugzilla.redhat.com/show_bug.cgi?id=1008125 [ 3 ] Bug #1014085 - 100% cpu use while generating backtrace on retrace server https://bugzilla.redhat.com/show_bug.cgi?id=1014085 -------------------------------------------------------------------------------- ================================================================================ nodejs-node-static-0.7.1-2.fc19 (FEDORA-2013-18918) Simple, compliant file streaming module for node -------------------------------------------------------------------------------- Update Information: Newpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #965895 - Review Request: nodejs-node-static - Simple, compliant file streaming module for node https://bugzilla.redhat.com/show_bug.cgi?id=965895 -------------------------------------------------------------------------------- ================================================================================ perl-PAR-Packer-1.015-1.fc19 (FEDORA-2013-18909) PAR Packager -------------------------------------------------------------------------------- Update Information: A new bugfix release of PAR::Packer is availeble. See upstream changelog for details -- http://cpansearch.perl.org/src/RSCHUPP/PAR-Packer-1.015/ChangeLog -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Petr Šabata <contyk@xxxxxxxxxx> - 1.015-1 - 1.015 bugfix bump * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.014-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri Aug 2 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1.014-3 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1017576 - perl-PAR-Packer-1.015 is available https://bugzilla.redhat.com/show_bug.cgi?id=1017576 -------------------------------------------------------------------------------- ================================================================================ perl-Term-ShellUI-0.92-2.fc19 (FEDORA-2013-18904) Perl module to implement a full-featured shell-like command line environment -------------------------------------------------------------------------------- Update Information: Initial push -------------------------------------------------------------------------------- References: [ 1 ] Bug #1002319 - Review Request: perl-Term-ShellUI - Fully-featured shell-like command line environment https://bugzilla.redhat.com/show_bug.cgi?id=1002319 -------------------------------------------------------------------------------- ================================================================================ python-djblets-0.7.20-1.fc19 (FEDORA-2013-18931) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information: Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible). These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase. There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.7.20-1 - New upstream bugfix release 0.7.20 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.20.NEWS - Fixed regression with pagination on the datagrid * Thu Oct 10 2013 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 0.7.19-1 - New upstream security release 0.7.19 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.19.NEWS - Resolves: CVE-2013-4409 - Resolves unsanitized eval() vulnerability -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016596 - CVE-2013-4410 ReviewBoard: access-control problems with REST API https://bugzilla.redhat.com/show_bug.cgi?id=1016596 [ 2 ] Bug #1016599 - CVE-2013-4411 ReviewBoard: URL processing allows unauthorized users to view review lists https://bugzilla.redhat.com/show_bug.cgi?id=1016599 [ 3 ] Bug #1016601 - CVE-2013-4409 python-djblets: unsanitized eval() vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1016601 -------------------------------------------------------------------------------- ================================================================================ python-flask-restless-0.12.0-1.fc19 (FEDORA-2013-18920) Flask-Restless provides simple generation of ReSTful APIs -------------------------------------------------------------------------------- Update Information: New release. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Yohan Graterol <yohangraterol92@xxxxxxxxx> - 0.12.0-1 - New release -------------------------------------------------------------------------------- References: [ 1 ] Bug #995283 - python-flask-restless - Provides simple generation of ReSTful APIs https://bugzilla.redhat.com/show_bug.cgi?id=995283 -------------------------------------------------------------------------------- ================================================================================ rubygem-capillary-1.0.3-3.fc19 (FEDORA-2013-18937) Generate a JSON payload from Git log output -------------------------------------------------------------------------------- Update Information: First Fedora release. Capillary generates a JSON payload from Git log output. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016370 - Review Request: rubygem-capillary - Generate a JSON payload from Git log output https://bugzilla.redhat.com/show_bug.cgi?id=1016370 -------------------------------------------------------------------------------- ================================================================================ satyr-0.10-1.fc19 (FEDORA-2013-18924) Tools to create anonymous, machine-friendly problem reports -------------------------------------------------------------------------------- Update Information: This update includes a new upstream release which fixes the bugs listed. You can find other changes in the upstream description at: - https://github.com/abrt/satyr/blob/master/NEWS - https://github.com/abrt/abrt/commit/7dcfd2a024d2d65695e20d0cefd257d091272f66#diff-1e807c90d5bf1222db586f4a8f0a6de1R804 - https://github.com/abrt/libreport/commit/a75dcd1d30c99b751ba38eed1714d89053595687#diff-71a31a3e297ea003eaf1b3a5ac3e9457R575 - https://github.com/abrt/gnome-abrt/commit/7280edf171e1952132ba91e12f6f3f3030de9e85#diff-c3189e78ca44c8f42b1bd5a965e340c2R103 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 3 2013 Jakub Filak <jfilak@xxxxxxxxxx> 0.10-1 - New upstream version - Fix a segmentation fault in sr_rpm_package_uniq() - Respect kernel flavor when parsing package name - Parse backtrace without Thread header - Fix koops json output if there are no modules - Add support for multiple koops stacks -------------------------------------------------------------------------------- References: [ 1 ] Bug #998197 - [abrt] abrt-2.1.6-3.fc19: os.py:531:_spawnvef:OSError: [Errno 11] Risorsa temporaneamente non disponibile https://bugzilla.redhat.com/show_bug.cgi?id=998197 [ 2 ] Bug #1008125 - Review highlighted tabs for sensitive information : highlight can't be seen. https://bugzilla.redhat.com/show_bug.cgi?id=1008125 [ 3 ] Bug #1014085 - 100% cpu use while generating backtrace on retrace server https://bugzilla.redhat.com/show_bug.cgi?id=1014085 -------------------------------------------------------------------------------- ================================================================================ timeline-0.20.0-3.fc19 (FEDORA-2013-18903) Displays and navigates events on a timeline -------------------------------------------------------------------------------- Update Information: Fix spec typo. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 0.20.0-3 - Fix typo, BZ 1018161. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.20.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1018161 - timeline: typo in spec file garbles %postun https://bugzilla.redhat.com/show_bug.cgi?id=1018161 -------------------------------------------------------------------------------- ================================================================================ trafficserver-3.2.5-4.fc19 (FEDORA-2013-18905) Fast, scalable and extensible HTTP/1.1 compliant caching proxy server -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2013 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 3.2.5-4 - Add BR: systemd for systemd.macros (RHBZ #1018080). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1018080 - unexpanded systemd-macros in rpm-scriptlets https://bugzilla.redhat.com/show_bug.cgi?id=1018080 -------------------------------------------------------------------------------- ================================================================================ transifex-client-0.9-4.fc19 (FEDORA-2013-18912) Command line tool for Transifex translation management -------------------------------------------------------------------------------- Update Information: Command line tool for Transifex translation management -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 10 2013 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 0.9-4 - Fix BZ#1002546 * Mon Aug 26 2013 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 0.9-3 - remove dependency -------------------------------------------------------------------------------- References: [ 1 ] Bug #1002546 - Missing Dependency: python-setuptools.noarch https://bugzilla.redhat.com/show_bug.cgi?id=1002546 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test